Honestly though we are at the absolute tip of the iceberg.
3/ Here he is demoing access to the #Gmail of a purported key political insider in #Kenya just days before the election.
This tech & tactics is kerosene on the flames of democracy.
4/ “I know in some countries they believe #Telegram is safe. I will show you how safe it is”
Yikes.
Unclear how he is gaining access to these #Gmail & Telegram accounts, but the talk of #SS7 is a good hint.
And yet another reminder: SMS is not a safe second factor.
5/ Great to see mercenary election manipulators exposed. Solid journalism.
Trust me, this is a window into a *much bigger industry* active in elections around the world.
So rare to see it caught.
6/ The fact that so much political activity happens on a handful of platforms makes the tooling for political manipulation really interoperable.
Also radically lowers barriers to entry.
Making mercenary election manipulation scaleable & easy to export.
7/ Of course, we don't know whether these guys have successfully changed the outcome of any election.
The guy here is also pretty clearly boasting & trying to sell.
But the mere fact of mercenary election manipulators running around is damaging, even when they don't win.
8/ Even if mercenary election manipulators don't successfully throw an election (e.g. successfully shift mass sentiment), bots, hacking & turbocharged dirty tricks can distort political culture.
Opposing parties have to adjust.
And the net result is harm to democracy.
9/ UPDATE: @haaretzcom reports the mercenary political manipulators targeted 🇺🇸US politicians.
3/ Quick review of some ways that the Biden Harris administration has been tackling the problem of mercenary spyware proliferation:
Targeted Actions against bad companies:
Big headache
✅@CommerceGov Entity Listing
(Now US companies can't sell you products)
Migraine
✅ @StateDept Visa Bans
(You aren't coming to the US)
Cluster Headache
✅@USTreasury Dept Sanctions
(Your assets are blocked, good luck banking anywhere)
Executive Actions
✅ The 2023 Executive Order
(The big US market is closed to spyware companies enabling human rights abuse & natsec harms)
Diplomatic Efforts
✅ 2023 Joint State on Commercial Spyware
(Wide set of norms on stopping misuse, consequences for bad companies & transparency + oversight)
✅ Participation in other countries efforts (e.g. UK/FR-led Pall Mall Process)
Investigators will eventually identify any consumer product that persistently records people's activities.
One day, they'll show up, requesting access.
If the data is consistently helpful, they'll stop asking & start demanding.
Once this happens enough the company will probably create a law enforcement portal to simplify access & save customers the trouble...🧵
2/ So many companies build consumer products with inherent pervasive surveillance collection without planning for the inevitable moment when demands begin coming in.
If you collect it, the demands will always come.
When you don't anticipate this moment in how you balance your design decisions, you expose yourself & your consumers to a lot of pressure. And introduce society to new kinds of surveillance.
It's an ethical conundrum in societies with a rule of law and judicial oversight.
And it is entirely more ominous when your product reaches countries that have none of that.
3/ Transparency: reworked the thread since folks flagged that I'm not the only person that likes "if you collect it, they will come" to describe risks from data collection:
Some spots it shows up in, there are surely more I couldn't find with a quick search:
- ISC2 contributor mgorman discussing risks from Google's Sensorvault
-Whitney Merrill(@wbm312) discussing risks from COVID data collection👇
-The Irreal Blog, in an interesting post about search warrants
-Me, quoted in "Cybersecurity and Humanitarian Organizations - On a Collision Course?" (Amaral & Verity, 2018).
Misunderstandings about #Telegram & encryption are already shaping the conversation about Pavel Durov's detention. So, here's a primer.
Telegram is often seen as an "encrypted messenger" but for many users it functions a lot more like an unencrypted social network. 1/
2/ Remember, most #Telegram features are not end-to-end-encrypted, e.g.:
No e2e encrypted by default:
❌Regular messages
Never e2ee:
❌ Groups
❌Channels
E2ee only when you opt into:
✅ Secret chats
If you see an❌ this means that Telegram can/could access the contents.
3/ Absence of end-to-end encryption across much of the platform means #Telegram has the keys & could technically be compelled to moderate & give governments access to that user activity.
The potential for access inevitably draws gov attention to #Telegram & CEO Pavel Durov.
NEW: Researchers find microplastics in human brains.
Moreover, shards of microplastics in autopsied brain tissue increased between samples collected in 2016 vs. 2024.
Frontal cortex tissue (executive function, learning & memory, judgement...) concentrations were 7-30x those previously found in livers & kidneys.
Incredibly alarming potential implications for #AlzheimersDisease, dementia, blood brain barrier health etc.
Caveats: early days in methodology for spotting & characterizing these particle loads & understanding their impacts on brain health.
And that's just focusing on the physical particles.
There's a whole second disturbing tier of questions around what potentially toxic compounds like plasticizers will leach from #microplastics, especially as the particle size gets smaller.
2/ There doesn't appear to be a place on earth that hasn't got a microplastics load.
Dust in the atmosphere? Yep. The ocean? Yep. Creatures in it? Yep. Ocean breezes by the seashore? Yep.
Now our brains.
It's like the radioisotopes from atmospheric nuclear testing. Only there's no test ban in sight, and more are pouring into the ecosystem with every moment.
But the impact on us and our world are shockingly ill- understood.