• rottingleaf@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    18 days ago

    How do spyware services used by nation-state customers, like Pegasus, work?

    They use backdoors in commonly used platforms on an industrial scale.

    Maybe some of them are vulnerabilities due to honest mistakes, the problem is - the majority of vulnerabilities due to honest mistakes also carry denial of service risks in widespread usage. Which means they get found quickly enough.

    • mosiacmango@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      18 days ago

      So your stance is that Google is applying self designed malware to its own services to violate its own policies to harvest data that could bring intense legal, financial and reputational harm to it as an org it was ever discovered?

      Seems far fetched.

      • rottingleaf@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        18 days ago

        Legal and financial - doubt it. Reputational - counter-propaganda is a thing.

        I think your worldview lags behind our current reality. I mean, even in 30-years old reality it would seem a bit naive.

        Also you’ve ignored me mentioning things like Pegasus, from our current, not hypothetical, reality.

        • mosiacmango@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          18 days ago

          So yes.

          You think a nearly trillion dollar public company has an internal division that writes malware against flaws in its own software in order to harvest data from its own apps. It does this to gain just a bit more data about people it already has a lot of data on, because why not purposely leave active zero days in your own software, right?

          That is wildly conspiratorial thinking, and honestly plain FUD. It undermines serious, actual privacy issues the company has when you make up wild cabals that are running double secret malware attacks against themselves inside Google.

          • rottingleaf@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            18 days ago

            You think a nearly trillion dollar public company has an internal division that writes malware against flaws in its own software in order to harvest data from its own apps. It does this to gain just a bit more data about people it already has a lot of data on, because why not purposely leave active zero days in your own software, right?

            You think you are being the smart one here?

            No, that’s not what I said. Also cypherpunks and other hobbyists are not that much smarter than corporations and nation-states, to be the only ones to think about plausible deniability.

            For example, the whole Windows sources have been given officially for various 3-letter agencies of various countries (Russia included) to study, and of course there are vulnerabilities with the size of such codebase. MS might not have left obvious backdoors and informed FSB of them, but it has given interested parties the ability to find those themselves, which is only a question of work, or maybe make tampered versions of DLLs and what not easier.

            Also they are legally obligated to silently comply with a lot of things.

            That is wildly conspiratorial thinking, and honestly plain FUD.

            WhatsApp and Facebook (before it bought WhatsApp) have both done this, Telegram has done this, MS has done this, even Apple has done this.

            when you make up wild cabals that are running double secret malware attacks against themselves inside Google.

            You made that up, not me. Should have tried to read what you are being told first.