Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Scott-Railton Profile picture
@jsrailton
Sep 14 8 tweets 3 min read Twitter logo Read on Twitter
Block ads on your networks now.

The system designed to follow us around the net with ads is now a blinking national security & human rights threat.

By @omerbenj
haaretz.com/israel-news/20…
Image
2/ Once the capability was limited to governments.

Now, in a predictable step, mercenary spyware companies are selling it.

Leveraging ads to remotely infect you with #Pegasus-like spyware.

Analogy: a devastating & unfixable backdoor chasing you device around the internet. Image
3/ The incentives are simple: ad companies will do everything they can to make sure you get tracked & shown ads.

So do their customers.

Even the newspapers that do good reporting on privacy.

All that effort has basically forced security vulnerabilities onto the entire world.
4/ Any network, government to corporate, university to nonprofit should BLOCK ALL ADS & TRACKING at the gateway.

We cannot expect users to individually fight trench warfare to protect their security against the ad industry colossus has been weaponized against them.
5/ Of course ads-that-hack-you have already made their way into the hands of dictatorships.

This is a terrifying zero-click frontier of compromise that we've largely sleepwalked into. Image
6/ "What can I do to stop this as an individual?"

Sure, you can use adblockers on your desktop browser, but that's a leaky band aid *at best.*

And Phones are a tricky place to do comprehensive ad-blocking.

The fact that so many apps incorporate ads makes it much, much worse.
7/ Here's one way you get hacked through ad networks

1️⃣I'm the bad guy, I find your phone using what ad networks know about you
2️⃣I send you an ad through their networks including malicious code

3️⃣ You scroll along & BOOM your phone = silently infected.

No action needed.
8/ Shoutout to @WydenPress @RonWyden who has been been tireless on malvertising.

Calling for the US to block the threat of malicious ads on sensitive networks.

*and*

Scrutinizing the ad-blocking industry for shady practices (e.g. taking cash to let certain ads through).
Image
Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Sep 9
Remember when we collectively identified #ZipTieGuy Eric Munchel?

He was just sentenced to 57 months in prison. 1/ Image
2/ We'll never know how much worse things could have gone without the speedy evacuation of the senators.

But the judge made it clear: the intention was to take hostages. Image
3/ Munchel brought weapons & tactical vests to the Capitol with his mom Lisa Eisenhart

She got a 30 month sentence.

Memory: I still remember shelling out to buy the license of a hires photograph of them together so i could tweet it one time (pic: different image pictured)

Image
Image
Image
Read 7 tweets
John Scott-Railton Profile picture
Sep 7
🚨 Update your @apple products immediately!

Last week we @citizenlab discovered a new #Pegasus zero-click exploit chain.

(No clicking required to infect latest iOS!)

Found while checking civil society.

Disclosed to Apple which rushed a patch 1/
citizenlab.ca/2023/09/blastp…
Image
2/ We found the #BLASTPASS exploit chain thanks to an unnamed victim.

Once more, civil society, is serving as the cybersecurity early warning system for... billions of devices around the world.

Including you, if you're reading this on your iPhone. Or Mac. Image
3/Update your #iPhone right away.

And then, if you are at risk because of who you are or what you do, enable #Lockdown mode.

As my colleague @billmarczak says "it's the one weird trick NSO hates" Image
Read 5 tweets
John Scott-Railton Profile picture
Sep 7
BREAKING: #Poland's Senate investigation into #Pegasus hacking released.

Found "gross violations of constitutional standards"

Says 2019 elections where #Pegasus was used against opposition leadership were not fair.

(Pics: Machine translated) Report: senat.gov.pl/aktualnoscilis…


Image
Image
Image
2/ #Poland's Senate Commission also concluded that the purchase of #Pegasus was illegal, and that the spyware cannot be legally used under Polish law. Image
3/ #Poland's #Pegasus Commission also notifies the Prosecutor's office of the possibility that current & former ministers may have been implicated in the criminal acquisition & use of the spyware.

Wow. Image
Read 4 tweets
John Scott-Railton Profile picture
Sep 4
Vivek Ramaswamy's team is crafting absurd tweets so you can dunk on them.

Your engagement is the goal.

You are being rage farmed.

All Twitter's algorithm sees when you quote tweet is a signal to further boost the content.

Quote tweet friends, screenshot enemies.
Vivek Ramaswamy has little substance.

His team knows it.

How do they center him in the conversation?

Plagiarize the Bobert, MTG, et. al. playbook: steady stream of outlandish statements people feel an irresistible need to disagree with & call out.
Politicians crafting stunts for attention is as old as time.

But, simplifying a bit, algorithmic feeds consistently reward content that generates engagement.

Doesn't have to be positive.

So 100 times out of 100 stunts get prioritized over substance.
Read 5 tweets
John Scott-Railton Profile picture
Aug 26
Hmm: sanctioned spyware maker NSO Group still lobbying in🇺🇸US.

Latest target: American Bar Association (@ABAesq)

Fact: NSO's claims to help US NatSec =contradicted by US Gov.

Maybe they're hoping American lawyers have been living under a rock?

#FARA
efile.fara.gov/docs/6743-Info…



Image
Image
Image
Image
My take: having epically struck out with the 🇺🇸US Government & gotten sanctioned...

NSO Group seeks to to discretely erode the US policy position about mercenary spyware by way of targeting conversations happening legal profession.

Why now? Well..
Governments have begun taking actions on spyware companies.

Next phase = crafting effective regulations.

Complex process with many stakeholders.

NSO wants to get in as early as possible to reduce the risk they get effectively regulated.
Read 5 tweets
John Scott-Railton Profile picture
Aug 22
The UK wants the ability to stop companies from patching vulnerabilities.

Catastrophically shortsighted.

Any tech product that stays will be suspect in the global marketplace.

The sector will flee.

Goodbye tech investment & jobs.

By @IoannisKouvakas
justsecurity.org/87615/changes-…
While the proposal does not specify what technical changes would require notification, these may include changes in the architecture of software that would interfere with the U.K.’s current surveillance powers. As a result, an operator of a messaging service wishing to introduce an advanced security feature would now have to first let the Home Office know in advance. Device manufacturers would likely also have to notify the government before making available important security updates that fix known vulnerabilities and keep devices secure. Accordingly, the Secretary of State, upon receiving...
You can't be globally competitive when you need a UK bureaucrat to OK emergency updates fixing an actively exploited flaw.

And you can't be trusted when the #UK Government can secretly stop you from securing your users.

Expect a #Techsit.
IPA Hypothetical:

Cybercriminals find iPhone vulnerability. Use it hack *any iphone.*

Apple discovers & fixes with a rush patch.

...but now they must ask UK!

After a bureaucratic delay UK decides patch might slow down spying.

Instructs Apple to not secure a billion users. Against this backdrop, the main issue Objectives 3 and 4 jointly pose is that the United Kingdom could breach international human rights law by, for example, preventing a communications services provider from either fixing security gaps in software through the provision of security updates or applying advanced protections such as end-to-end encryption to their services, at a global level. Specifically, these measures not only are unlikely to survive the necessity and proportionality test enshrined in Article 8 of the European Convention on Human Rights (ECHR), which guarantees the right to ...
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(