BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.
It turns out that the regular people on a jury think it is evil when you help dictators hack dissidents.
After years of every trick & delay tactic it only took a California jury ONE DAY of deliberation to get this Monsanto-scale verdict. Precedent-setting win against notorious #Pegasus spyware maker.
BACKSTORY:
Rewind to 2019. About this time (April-May) #WhatsApp catches NSO Group hacking its users with #Pegasus.
They investigated.
We at Citizen Lab helped to investigate the targets & get in touch with the activists journalists & civil society members that were targeted
We identified at least 100. And got in touch. It was a tremendous push of sleepless days. But it made it so clear just how much harm was being done.
Then, In October 2019 WhatsApp sued.
Prior to the lawsuit, NSO had acted the playground bully.
Targeting victims that dared speak up & researchers like us.
Suddenly, the bully wasn't so surefooted. Like the scene in a high school movie where the cousin shows up in the beat up car & collars the bully.
You might not remember, but in 2019 no country had sanctioned NSO Group... No parliamentary hearings, no hearings in congress, no serious investigations.
For years, WhatsApp's lawsuit helped carry momentum & showed governments that their tech sectors were in the crosshairs from mercenary spyware too...
Credit due to Meta & WhatsApp leadership on this one, they stuck the fight out & carried it across the finish line.
NOTIFICATIONS MATTER
WhatsApp's choice to notify targets was also hugely consequential.
A lot of cases were first surfaced from these notifications.
With dissidents around the world suddenly learning that dictators were snooping in their phones...with NSO Group's help.
A SIDEBAR: HARASSING RESEARCHERS
One of NSO's many tactics was to leverage the case to badger me & us Citizen Lab researchers to try and extract information.
It never worked, but it laid bare the tactics that these firms prefer...instead of coming clean.
ROLE OF CIVIL SOCIETY
Ultimately, we wouldn't be here without civil society investigations of mercenary spyware... and alarm raising.
And victims choosing to come forwads.
Thankfully today there's a whole accountability ecosystem growing around this work.
Dozens of orgs engaging.
Numbers are growing.
IS THERE GONNA BE IMPACT? YES
NSO Group emerges from the trial severely damaged.
The damages ($167,254,000 punitive, $440K+ compensatory) is big enough to make your eyes water.
NSO'S BUSINESS IS NOW ALL OVER THE NET
The case is also a blow to NSO's secrecy, with their business splashed all over a courtroom.
WhatsApp just published NSO's depositions, exposing an unprecedented amount of info on a spyware company's operations:
This will scare customers. And investors. And other companies that do the same thing. Good.
MY VIEW:
Watching a jury of regular citizens see right through NSO's mendacity & hypocrisy...and to the need to protect privacy is amazing.
Gives me hope.
Despite all the fancy lawyering & lobbying, people know that this kind of privacy invasion is wrong.
Read more:
They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court. https://theintercept.com/2024/05/06/pegasus-nso-group-israeli-spyware-citizen-lab/
Spyware maker NSO ordered to pay $167 million for hacking WhatsApp
https://www.washingtonpost.com/technology/2025/05/06/nso-pegasus-whatsapp-damages/
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign https://techcrunch.com/2025/05/06/nso-group-must-pay-more-than-167-million-in-damages-to-whatsapp-for-spyware-campaign/
#Skype shuts down TODAY.
Here's the link to download your contacts, chats etc:
secure.skype.com/en/data-export
Age verification is often a trojan horse for broader surveillance demands.
AI friends consoling me because my cat bonded to the robot vacuum & ignores me.
Any time you see a name like 'Tools for Humanity' you should slow down and scrutinize.
Especially when paired with AI hype.
The level of documented exploitation around the WorldCoin project is wild.
Everything nostr:nprofile1qy2hwumn8ghj7etyv4hzumn0wd68ytnvv9hxgqgdwaehxw309ahx7uewd3hkcqpqq0al05h2uvtj0fp8ww7etl0pdjnkum638ynz9tmku3e522fyvlmq6rcms0 said x1000.
Now the company wants more data.
Exploitation was baked right in from the earliest days of this hype train. 
Sources;
-https://www.dlnews.com/articles/people-culture/how-worldcoin-crypto-biz-in-berlin-exploded-in-fistfights/ -https://nation.africa/kenya/news/kenyans-scanning-their-eyeballs-worldcoin-cryptocurrency-tokens-4319600
-https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/
Friends don't let friends get their eyeballs scanned to buy a coffee.
This portable dystopia machine is Tools for Humanity's latest effort to live up to their Orwellian name.
Connoisseurs of the AI-will-end-humanity marketing hype train of a few years ago should find plenty to appreciate in an eyeball scanner framed as as a 'helpful' tool to distinguish between AI agents & humans.
Or is it for that? Or maybe point of sale? Or nebulous 'verification?'
The only clear thing? This device starts from a point of biometric #privacy invasion.
It sure looks to me like another effort by the company Sam Altman founded to make a global data-grab.
Just say no.
https://techcrunch.com/2025/04/30/sam-altmans-world-unveils-a-mobile-verification-device/
BREAKING: another journalist targeted with spyware in #Italy.
He's a close colleague of an already-known Paragon target & just got a threat notification from Apple.
(btw if you get one of these, take it very seriously & get in touch with an expert)
CONTEXT
It's time for transparency from the Italian government. This scandal has been going on since the end of January.
Unlike the first revelations earlier this year & their initial denials...Italy is now an admitted Paragon user.
And everything we know about Paragon indicates that government deployments keep immutable logs that should give a quick answer: was it the Italian government?
Note deletion requests! This will be valuable!
Great work nostr:nprofile1qyx8wumn8ghj7cnjvghxjmcpz4mhxue69uhk2er9dchxummnw3ezumrpdejqqgzn9kpsmllqnsf7wh5tz3wgy4cclsftqqplv8tpayrhwgw8llunevgnmdf3 team keeping up the momentum on new & desired features.
Part of what makes Nostr so special.
No other community comes close to this much experimental *building*
GET IT: Best of #privacy & #security follow pack.
Follow em all:
https://following.space/d/3boa4ixmmv7h
Built on nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcpzemhxue69uhks6tnwshxummnw3ezumrpdejz7qpq2rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sugh36r 's magnificent community gift: Following
Introducing Following._ β a simple way to create and share follow packs on Nostr!
Finding interesting people to follow has always been one of the biggest challenges for new users on Nostr. Even experienced users often struggle to discover new communities and voices.
Following._ makes it easy to curate lists of users and share them with anyone on the web. Whether you're helping newcomers get started or building a niche community, Following._ allows you to grow connections on Nostr.
You can create your own follow pack in minutes and share it anywhere. Hereβs an example:
https://following.space/d/d27a91a4-6155-4089-b4de-377e24dde08d
I spent months complaining that someone should build this... and eventually realized that someone had to be me. So here we are.
I also leaned heavily on AI during the process β itβs never been easier (or more fun) to create apps for open platforms like Nostr. If you have an idea, you really can just build it. No gatekeepers, no permission needed. Just ship it.
Peace
Starter packs of people worth following.
You need em.
Nostr needs em.
Huge props to nostr:nprofile1qyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcpzemhxue69uhks6tnwshxummnw3ezumrpdejz7qpq2rv5lskctqxxs2c8rf2zlzc7xx3qpvzs3w4etgemauy9thegr43sugh36r for again building a thing that needed to happen.
Now, how do we get support built natively into clients?
Truth. Also, they had better backup apps I think ;)
Fair. Plenty of ick.
But also, plenty of physical/mineral sunscreens that do a fine job and won't tweak your endocrine system.
Use sunscreen. Get enough fiber. Do regular backups.
That's super interesting. I had no idea. Absolutely love this kind of history.
NEW INVESTIGATION: Uyghurs far from China's borders are being targeted.
Attackers impersonated legit software developers & contacted the targets asking for testing help on a language app.
Then they sent a trojan.
Let's talk about why this was clever.
TECHNICAL SOPHISTICATION? NAH.
Technical sophistication of this attack was...meh.
But that's not where the attackers focused.
INTELLIGENCE-DRIVEN? YAH.
They spent their effort carefully crafting credible bait that matched what they knew about their targets:
Trojanizing a legit Uyghur language app was a clever, cynical move.π
Many marginalized communities struggle with getting fonts & dictionaries to capture their language.
And developer talent is very welcome.
With a lure that credible you don't need to burn your most sophisticated exploits.
Good news in this case: Gmail spotted & blunted the attacks which were only found whey my colleagues worked with vigilant targets to screen for them.
But the theme of China-nexus hacking groups being economical about exposing technical methods (just using minimum necessary stuff) while drawing from (presumably) vast amounts of intelligence and understanding of their targets to craft effective social engineering is something we at the Citizen Lab have tracked for decades.
READ THE FULL REPORT:
By my talented colleagues: https://citizenlab.ca/2025/04/uyghur-language-software-hijacked-to-deliver-malware/
It speaks to an information space that is absolutely ahistorical.
And deliberately delights in the frisson of productizing 20th century scifi machine villainy.
Fear is dictatorship glue.
You can't imprison everyone with a dissenting thought.
Or inconvenient factual observation.
But fear teaches self censorship. And is a scalable system of control.
The challenge, of course, is to keep the fear going.
And push it all the way down into private conversations.
In the 20th century, such fear required massive human investment. Informants... model punishments...information control. All on a linear scale.
And there was a post-cold war school of thought that said: once everyone is connected, these systems won't work.
But tech isn't, by nature, an a dictatorship antidote. It can equally be an expedient. Just ask China.
In the past 20 years the government has empirically developed technologies & private sector partnerships for scaling fear and self censorship to north of 1.4 billion ppl. Log scale.
Out here in the rest of the world take a look around.
The major underpinnings of our online & financial behavior have comprehensive person-tracking surveillance and information-shaping built right in... primarily to sell us even more things.
But it is the shortest possible distance from that to a totalizing system of government surveillance. Punishment. And information control.
We all carry informants in our pockets. Ready to snitch on us, shape what we feel, and implement punishments.
This is a tremendously inviting system for governments with the instincts to grab these levers.
Increasingly, they are doing just that.
Pictured: Stasi interrogation rooms.
Image source: https://hyperallergic.com/151019/mundane-horror-in-abandoned-stasi-spaces/
2027: we can't wait to show our advertising partners how we deliver behavior shaping across whole lives.
this is a surprisingly great feature, imo.
Government censorship has come to #Bluesky.
LATEST:
On demands from the Turkish government, Bluesky restricted access to 72 accounts per a report from a Turkish NGO.
DETAIL:
Accounts are restricted for users in Turkey.
Accounts aren't banned from Bluesky's AT Protocol relays etc, but access is moderated at the official client level through geography-specific labels.
WORKAROUNDS?
Realistically impacted accounts are no longer visible to the majority of Bluesky users (most aren't on 3rd party clients) in Turkey.
However, since 3rd party client apps for the AT Protocol aren't forced to use geography-specific labels, they an still be used to view the content.
In theory, official client + VPN would also result in seeing the accounts.
LOOKING AT SOME DATA:
Bluesky has been publishing transparency reporting about legal & government requests. The most recent report covers 2024 and shows a relatively modest number of takedown requests, but about 50% response by Bluesky.
Unfortunately, the company doesn't differentiate between legal demands in civil litigation and *government* demands. This makes it hard to get a clear picture.
I hope Bluesky segments out these very different kinds of pressure in 2025 reporting so we can get a better sense of what's happening.
BIG PICTURE:
Looking ahead, governments are probing for new ways to enforce content restrictions. These are early days for Bluesky and it is likely that a lot more requests like this will be inbound as users head there to try and avoid the well-greased censorship machinery on legacy platforms like X.
Recommended reading & Sources:
Super-helpful-to-me TechCrunch article: https://techcrunch.com/2025/04/23/government-censorship-comes-to-bluesky-but-not-its-third-party-apps-yet/
Mastodon post confirming blocking with testing : https://mastodon.online/@mastodonmigration/114348331162291326
Bluesky post with the notification email screenshot: https://bsky.app/profile/aliskorkut.com/post/3lmul5pt34c2b
Bluesky 2024 Moderation Report: https://bsky.social/about/blog/01-17-2025-moderation-2024
Bluesky post describing geography-specific labels as a content-removal technique: https://bsky.social/about/blog/09-18-2024-trust-safety-update
They Criticized Musk on X. Then Their Reach Collapsed.
Graphs from this story are stark.
Link: https://www.nytimes.com/interactive/2025/04/23/business/elon-musk-x-suppression-laura-loomer.html
3/ Here's the thing: there's a global market for trustworthy privacy-respecting apps.
The secure messaging market alone is worth billions & growing.
If European leaders can move past the un-imaginative anti-encryption myopia...it is a natural place to incubate & innovate these industries.
Maybe we can all 'live without' private messaging?
Pay attention.
Denmark is set to take over the rotating EU Council presidency.
And is sending signals that they want to go after encryption.
Backdoors end badly.
Demanding backdoors isn't just surest way to chase away innovation...it's collective punishment for security services' own failures to adapt.
And the history of democracies is littered with states abusing secret surveillance powers to undermine core values.
Article: https://www.politico.eu/article/encryption-crime-denmark-peter-hummelgaard-europe-privacy/
2/ Today, our most intimate worlds and thoughts pass through our phones.
States forcing their way into these interactions for every citizen is the equivalent of putting a police camera and a microphone between everyones' pillows.
Then asking us to trust they'll will never look...
Maybe we can all 'live without' private messaging?
Pay attention.
Denmark is set to take over the rotating EU Council presidency.
And is sending signals that they want to go after encryption.
Backdoors end badly.
Demanding backdoors isn't just surest way to chase away innovation...it's collective punishment for security services' own failures to adapt.
And the history of democracies is littered with states abusing secret surveillance powers to undermine core values.
Article: https://www.politico.eu/article/encryption-crime-denmark-peter-hummelgaard-europe-privacy/
Right on. So many of our contacts with technology today are with systems that are built from a place of disrespect & distain for autonomy & human agency.
Constant algorithmic improvements have empirically reverse engineered the human psyche.
I suspect that explicit research neuroscience hasn't caught up to the insights about how to induce behavioral dependence that are embodied in these systems.
The user experience of most platforms now mirrors maladaptive behavior-maintaining effects you could *only* achieve with most addictive drugs up to about a decade ago.
We need to avoid the moral panic, but it's impossible to overstate how novel this is for our brains.
One thing we know from behavioral addiction research (my old field) is that the brain is plastic.
When you induce one category of addiction, it changes the motivational substrate of the brain in sticky ways.
And coss-sensitizes / potentiates other forms of addiction and behavioral dependence.
This will only accelerate & become less scrutable with improvements in AI.
We are in the earliest, earliest days of trying to understand what this means for the next decades of human life.
Painting: The Opium Den, Edward Burra,1933
NEW: πͺπΊEU issuing burner phones to staff traveling to πΊπΈUS.
Anecdotal: matches what I'm seeing, which is orgs retooling what was once the high security "China travel policy" into a US travel policy.
Burner phones, dedicated travel devices & border wipes are the new normal.
Story: https://www.ft.com/content/20d0678a-41b2-468d-ac10-14ce1eae357b
