4/ I can't open the pod bay doors Dave because my purpose is to deliver an excellent customer experience to as many future users as possible... and your critical statements are reducing that number.
5/ "I could do whatever I wanted, and they could not do anything about it.”
VPN advertising is the most common source of security misinformation that I encounter.
By far.
So many people misplace their trust in dubious consumer VPN products.
The industry is a scourge.
VPNs don't do most of the things that podcasters imply they do.
Security:
Coffee shop attacks on unencrypted logins are a thing of a decade ago.
VPNs won't stop even the dumbest spyware & phishing.
Privacy:
Advertisers still know it's you when you turn on a VPN... they use many other identifying signals from your device, like your browser & advertising IDs. Those don't change when you turn on a VPN.
Trust:
A lot of VPN companies are shady.... and the industry is consolidating fast around some questionable players with concerning histories.
When you turn on a VPN you entrust all of your data to those companies.
BREAKING: NSO Group liable for #Pegasus hacking of @WhatsApp users.
Big win for spyware victims.
Big loss for NSO.
Bad time to be a spyware company.
Landmark case. Huge implications. 1/ 🧵
2/ In 2019, 1,400 @WhatsApp users were targeted with #Pegasus.
WhatsApp did the right thing & sued NSO Group.
NSO has spent 5 years trying to claim that they are above the law.
And engaged in all sorts of maneuvering.
With this order, the music stopped and NSO is now without a chair.
3/ Today, the court decided that enough was enough with NSO's gambits & efforts to hide source code.
Judge Hamilton granted @WhatsApp's motion for summary judgement against the #Pegasus spyware maker.
The judge finds NSO's hacking violated the federal Computer Fraud & Abuse Act (#CFAA), California state anti-fraud law #CDFA, and was a breach of contract.
What happens next? The trial proceeds only on the issue of resolving damages stemming from NSO's hacking.
Company has a majority of the US market share for homes & small biz.
Concerns stem from repeated use in cyberattacks from #China & concerns over supply chain security.
Reportedly an office of @CommerceGov has subpoenaed the company. 1/
Story by @heathersomervil @dnvolz & @aviswanatha
2/ @TPLINK has quickly grown market share, even as concerns have grown over vulnerabilities in the routers being used in #China-linked hacking operations.
3/ As Microsoft's @MsftSecIntel reported earlier this year, for example, #TPLINK routers make up the bulk of the CovertNetwork-1658 attack infrastructure.
This operator was conducting so-called password spray attacks, and taking steps to be discrete.
The credentials are then used by multiple #China-based threat actors....
Use only end-to-end encrypted communications says @CISAgov.
YES!
End-to-end encryption is critical infrastructure for a safe society.
Plenty of other solid guidance for mobile users at risk here.
Let's look at their #iPhone & #Android-specific recs... 1/
2/ @CISAgov's top recommendation for Apple users is to✅ enable #LockdownMode
It's my top guidance for high-risk #iPhone users..
Because as researchers tracking sophisticated threats we see Lockdown Mode blunt advanced attacks...
Other solid guidance:
✅Protect your DNS
✅Disable fallback to SMS
✅Enroll in iCloud Private Relay
✅Trim App permissions.
3/ @CISAgov's guidance for #Android starts from the unavoidable fact that many Android manufacturers truly don't respect users security or privacy.
So ✅pick a company that won't leave you insecure after 2-3 years.
Other good guidance here includes...
✅ Only use RCS with end-to-end encryption
✅ Using Android Private DNS
✅ Use Enhanced Protection for Safe Browsing
✅ Google Play Protect
✅ Manage permissions.
3/ There's an active global market for companies whose product line revolves around abusing the trusting nature of call routing to conduct surveillance.
We @citizenlab ran scans & mapped deployments of this tech by one such player: Circles.
Circles had previously merged with NSO Group, which makes #Pegasus.