All my phone has is on it is an absolutely embarrassing amount of memes and pictures of my cat. There aren’t even any nudes on it, although maybe I should take some to traumatize any government agent who goes digging through it. Would serve them right.
My understanding is they may be able to but to do so risks publicizing secret exploits, which could then be fixed. So they usually save these for very high profile targets to make sure it’s worth it.
Exactly. If they want my erotic Pokemon fanfic, they’re going to have to earn it…
Shut up, they don’t even need to say “please” for you to start sharing. Last night, your grandmother asked you to pass the salt, and you instead explained to her why a Pokeball is technically international waters, therefore removing all questions of legality in your stories. She still hasn’t stopped crying!
Look, if Nana didn’t want to hear about my creative writing, she shouldn’t have expressed interest and encouraged me!
Which is why people just use Cellebrite, or however those Israeli cunt muffins spell it, as the benchmark.
GraoheneOS FTW
you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods
To add to this, there’s the cost trade. To use one of these 0days as a resource means the result needs to be equal to or more than the cost of using this. If it cost my opponent $3 to cause a problem, and it costs me $6 to fix it, my opponent effectively profited off of that exchange. I can’t think of a single journalist since Watergate that could cost the government enough money to be worth paying for this kind of removal when it’s far cheaper to
have them murderedlet them die peacefully in their sleep from bullet inhalation. Not to mention that it shows their hand if they so it publicly and makes future targets harder to hit.You and I will never be worth the kind of money that currently takes, but if they get an official back door installed the cost goes down so far that it would literally never be a loss.
The only way to be safe from your computer being wiretapped is to not use a computer.
Have it airgapped.
true
When I served on jury duty duty, we heard how the cops used some type of software to try to get the messages off two phones but there was a speacial way that they needed to turn on the phone to prevent it from booting the OS. Someone screwed that part up with one of the phones, and the messages got wiped when it turned on.
There is no doubt governments hoard 0-day vulnerabilities. We saw that with the Shadow Brokers and Eternal Blue.
When a government says they can’t break into a system, what they are really saying is we don’t want to tell the court how we did this in order to establish the chain of custody for evidence also , we don’t want the vendor to fix it.
With all that said there are limits. Like being able to listen to your phone when it’s off, or turn it on remotely is just wrong
In 2020, the European Court of Justice declared the Privacy Shield agreement, an agreement on data exchange with the US, incompatible with European law and thus effectively terminated it, not because of the activities of any corporations, but because data stored on US servers is not sufficiently protected from access by the US government (Schrems II ruling). The reason for this is the absurd legislation in the US, such as the Patriot Act, which, although it has been weakened, still allows the state to force any company or private individual to hand over all data processed on servers physically located on US soil, even without any suspicion or a court order.
As a result, all US companies doing business in the EU were forced to operate servers on European soil in order to continue their activities legally. European companies that used US providers that did not comply had to switch to providers that do not operate servers in the US.
Unfortunately, it took only 21 months for US lobbying to undermine the European Court of Justice’s decision: in 2022, a follow-up agreement was adopted, the “EU-U.S. Data Privacy Framework,” which is no different from its predecessor at all. The legal situation remains the same in the US, and once again there is no protection of data from the US government.
In short, anyone who uses services that are processed on US servers is not protected from arbitrary access by the US - and this also applies to EU citizens.
You’re forgetting about the Cloud Act which allows the US government to get data from cloud providers even if it isn’t stored in the US.
Thanks for pointing that out. I’ll definitely take a look at that. It’s remarkable how the US has managed to maintain an image of “freedom” for years, even though it uses autocratic surveillance methods not only only on any other country but on its own citizens - and also for years and years. You almost have to be grateful to Trump for revealing all this in such an incredibly stupid way, just to enrich himself.
Feeling? Have you seen Snowden’s leaks? It’s a fact.
It’s probably not possible to break into them for regular law enforcement.
Give Trumps phone to the Chinese or vice versa and they will probably manage something.
I’ve been certain of it for years. I’ve assumed the NSA can access any american made technology since the Patriot act, IDF any Israeli made piece of technology, CCP any Chinese made…
CCP any Chinese made
NSA can access any american made technology since the Patriot asct
Behold:
a “Google Play Certified” phone that is probably gonna be in made in China
the double whammy
With an Israeli made VPN client on it.
It’s a big club.
There was a story from the podcast ‘Darknet Dairies’ where it was discovered that a journalist’s phone had tracking software uploaded to their phone in a zero click text. The target’s phone received a text in the middle of the night that uploaded the software and then deleted any history of the text being received. I think this is one of features of the Pegasus software sold by the NSO Group. And that was 5 or 6 years ago.
Many years ago go I worked for a company as their BlackBerry admin. I also managed their other smartphones. They started an office in Russia.
The Russian government wouldn’t let you use a BlackBerry server, they only let you turn over your creds to a server managed by the phone operator.
I assumed this was because they wanted to see those emails.
They didn’t need to do this for ActiveSync or imap devices like iPhone Android or windows phones.
Probably. It is known the the FBI got a number of keys from Apple to open some phones.
Known? Source?
Has been in the news a few weeks ago.
You aren’t that important.
It is a facade, but once a method is used it shows their hand, so they save exploits and zero days for high profile targets.
