banner
LightNews
jsrailton.bsky.social
John Scott-Railton
@jsrailton.bsky.social
26K followers 460 following 560 posts
Chasing digital badness. Senior Researcher at Citizen Lab, but words here are mine.
Posts Media Videos Starter Packs
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
Now we're seeing confirmation of the NSO acquisition.

Mark my words, this is the path through which Pegasus gets put on Americans iPhones & Androids.

This dictatorship-in-a-box belongs nowhere near our constitutional rights.
lorenzofb.bsky.social
Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · 2d
SCOOP: Spyware maker NSO Group confirmed to us that the company has been acquired by a U.S. investment group.

NSO's spokesperson said the group "has invested tens of millions of dollars in the company and has acquired controlling ownership," but declined to say who is behind the investment.
Spyware maker NSO Group confirms acquisition by US investors | TechCrunch
NSO Group confirmed to TechCrunch that an unnamed group of American investors has taken “controlling ownership” of the surveillance tech maker.
techcrunch.com
13 190 440
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
2/ Apple is introducing Target Flags which speeds the process of getting exploits found & submitters rewarded.

This faster tempo is also a strike against the mercenary spyware ecosystem.

And the expanded categories also hit more widely against commercial surveillance vendors.
1 3 14
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
NEW: fresh trouble for mercenary spyware companies like NSO.

#Apple is launching fat bounties on the zero-click exploits that feed the supply chain behind products like Pegasus & Paragon's Graphite.

With bonuses, exploit developers can land $5 million payouts.

security.apple.com/blog/apple-s...
3 21 47
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
5/ I believe NSO's goal has always been to bring Pegasus spyware to Americans phones.

NSO even set up a company to push spyware to police departments around the 🇺🇸country.

Their rep gave city cops demos hacking phones with American numbers...
storage.courtlistener.com/recap/gov.us...
1 7 10
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
4/ Despite profiting from helping foreign governments hack US officials...

NSO has been constantly deploying shady, failed gambits to get the US to drop sanctions.

As recently as May they seem to have tried to finesse the WhiteHouse.

Who weren't having it...👇

bsky.app/profile/jsra...
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · May 20
Pegasus spyware maker NSO Group just got publicly rebuffed by the US.

They came to DC to get off the US blacklist.

It did not work out.

You know about the human rights abuses, but let me tell you why NSO is no friend to the United States. 1/

www.washingtonpost.com/national-sec...
1 4 8
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
3/ NSO Group is blacklisted by the Commerce Dept.

A good part of why it has stayed there is that Pegasus was extensively used to hack US officials...

The company has been a clear national security threat...

By @ellenwapo.bsky.social & @timstarks.bsky.social
www.washingtonpost.com/national-sec...
1 4 12
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
2/ Back in 2023 it wasn't clear to me where the money backing Robert Simonds' Big #Pegasus Plans came from.

It still isn't.

So, whose money will actually be buying Pegasus?

And what is the end goal? I think Americans should be very worried.
www.youtube.com/watch?v=HA4v...
Robert Simonds STX CEO on Golden Globes Red Carpet
YouTube video by Robert Simonds
www.youtube.com
1 4 8
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
NEW: Pegasus spyware coming to America?

An ex-Adam Sandler producer with ties to China is trying to acquire NSO Group.

Again.

Simonds fronted this before in 2023 & failed. But the backers haven't given up. Why?

Where is the money coming from? 1/

www.globes.co.il/news/article...
6 42 70
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
3/ Still very early days in understanding the tectonic underpinnings of security in model training / adversarial models.

But with the scale of AI rollout & integration, the prizes available to bad actors are likely to be enormous.

Assume that there's tremendous adversarial R&D happening.
3 14
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
2/ In LLM training set land, dilution isn't the solution to pollution.

Just about the same size of poisoned training data that works on a 1B model could also work on a 1T model.

I feel like this is something that cybersecurity folks would find intuitive: lots of attacks scale. Most defenses don't.
4 4 21
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 3d
NEW: cost to 'poison' an LLM and insert backdoors is relatively constant. Even as models grow.

Implication: security doesn't scale with LLMs.

Super interesting: Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison. 1/
arxiv.org/pdf/2510.07192
1 25 60
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 4d
The efforts to subvert chat privacy & undermine encryption are perennial.

A constant undertow against privacy, pulling towards surveillance.

That's why it is so important for governments to draw a line, make a statement, and connect the issue to their values.
1 5 21
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 4d
NEW: Germany opposes mass scanning of private messages.

"must be taboo in a constitutional state"

"even the worst crimes don't justify giving up basic civil rights"

Well said Minister Stefanie Hubig!

Leadership we need from Europe's democracies.
www.bmjv.de/SharedDocs/Z...
Dr. Stefanie Hubig, Federal Minister of Justice and Consumer Protection, on the occasion of political discussions about privacy in the digital space and about a proposal for an EU regulation to prevent and combat sexual abuse „Unreasonable chat control must be taboo in a constitutional state. Private communication must never be under general suspicion.“ 08. October 2025 „Unreasonable chat control must be taboo in a constitutional state. Private communication must never be under general suspicion. The state must also not force messengers to scan messages en masse for suspicious content before sending them. Germany will not agree to such proposals at EU level. We must also make progress in the fight against child pornography at EU level. That's what I'm committed to. But even the worst crimes do not justify giving up basic civil rights. The federal government's votes have insisted on this for months. And it will stay that way.“
2 40 130
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
You don't even need to read the article to know this is a durian.
4 4 87
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 7d
Thats fascinating...

I've always wondered about this...
1 2
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 7d
I hear you. Sadly the reason is because, as age verification mandates grow...people have no choice if they want to use a key service.
1 36
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 7d
3/ With every fresh breach there's the inevitable guidance on what to do next.

And @happygeek.bsky.social has a nice piece here.

But it should bother you that the technology promised to make us all safer, is quickly making us less so.

www.forbes.com/sites/daveyw...
Discord Confirms Users Hacked — Photos And Messages Accessed
Discord has sent users an email confirmation of a hack attack that has leaked personal and payment data, along with some photo and message content.
www.forbes.com
2 35 150
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 7d
Proponents say age verification = showing your ID at the door to a bar.

But the analogy is often wrong.

It's more like: bouncer photocopies some IDs, & keeps them in a shed around back.

There will be more breaches.

By @jaypeters.net
www.theverge.com/news/792032/...
Discord customer service data breach leaks user info and scanned photo IDs
An “unauthorized party” may have accessed the names of users, the last four digits of credit card numbers, and more.
www.theverge.com
4 140 370
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 7d
NEW: breach of Discord age verification data.

Including some users passports & DLs

Age verification is a badly implemented data grab wrapped in a moral panic.

Mark my words, as age verification mandates expand, we'll end up more surveilled and less secure. 1/
25 670 1.5K
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 11d
2/ Backdoors are not the way to make us safer.

They insert vulnerable bad things right at the place where we need the strongest protections.

This latest attempt to demand access is *yet another* unreasonable, secret demand on Apple (a TCN) from the Home Office....
6 16
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 11d
NEW: UK asked Apple to backdoor iCloud encryption.

Backdoors create a massive target for hackers & criminal groups.

Dictators will inevitably demand that Apple do the same for them. 1/

www.ft.com/content/d101...
2 41 49
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 12d
3/ This is your reminder that the EU continues to be a hotbed of spyware scandals & hypocrisy from lawmakers.

Great to see these MEPs & political groups bucking the trend & leaning in to call for change.

bsky.app/profile/sask...
saskiabricmont.bsky.social
Saskia Bricmont @saskiabricmont.bsky.social · 12d
Public money is funding spyware!

With 39 MEPs from 4 political groups, we are writing to the @ec.europa.eu to express deep concerns following @ftm.eu revelations that EU financed spyware companies!

This must stop! We call on full transparency and follow up on the PEGA committee recommendations!
2 11
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 12d
2/ The mercenary spyware crisis is fueled by your pensions & tax dollars.

Whether it's Oregon public employees or Alaskans, Europeans or folks in South Yorkshire...

The Fund managers stewarding your cash bear a heavy ethical responsibility for the harms they turbocharged.
bsky.app/profile/vasp...
vaspanagiotopoulos.com
Vas Panagiotopoulos @vaspanagiotopoulos.com · 12d
🚨 The 🇪🇺 European Investment Fund (EIF), provided venture capital for Israeli #spyware firm Paragon Solutions, confirmed a spokesperson for the European Investment Bank Group, to which the EIF belongs, @apache.be is reporting.

apache.be/2025/10/01/e...
European Investment Fund financed Israeli spyware company Paragon
Paragon's spyware has been used against activists by multiple governments.
apache.be
1 3 17
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 12d
NEW: turns out the EU helped finance a bunch of spyware companies with..public money.

Extremely bad look.

Group of MEPs calls for action.👇

apache.be/2025/10/01/e...
1 65 93
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 12
Friend,

Does scrolling leave you hollowed?

Is anger frictionless...but thinking like swimming against the current?

You're in an algorithmic rip tide.

Your mental clarity is the target.

Take a beat and step out

Connect with your own thoughts.

It's what designers of these algorithms fear most.
8 23 90