These are solid & reflect reality that spyware is a global problem & doesn't always begin or end within EU borders.
Also, a joint EU-US strategy! Interesting recognition of the major strides made by US #spyware.
This is the big takeaway: the @pega report provides a basis of action, and a clear sign that something is very wrong with #spyware abuses like #Pegasus within the EU.
Now it's time for the rest of the mechanisms to do their work. We'll all be watching.
3/ We got a tip about a single bit of #Paragon infrastructure & my brilliant colleague @billmarczak developed a technique to fingerprint some of the mercenary spyware infrastructure (both victim-facing & customer side) globally.
#Paragon's carefully constructed image of being a clean mercenary spyware company that wasn't susceptible to abuses has been replaced by a more familiar tale of...
Abuses...
And #Italy is now saddled with an unfolding crisis around spyware abuse.
VPN advertising is the most common source of security misinformation that I encounter.
By far.
So many people misplace their trust in dubious consumer VPN products.
The industry is a scourge.
VPNs don't do most of the things that podcasters imply they do.
Security:
Coffee shop attacks on unencrypted logins are a thing of a decade ago.
VPNs won't stop even the dumbest spyware & phishing.
Privacy:
Advertisers still know it's you when you turn on a VPN... they use many other identifying signals from your device, like your browser & advertising IDs. Those don't change when you turn on a VPN.
Trust:
A lot of VPN companies are shady.... and the industry is consolidating fast around some questionable players with concerning histories.
When you turn on a VPN you entrust all of your data to those companies.