Oddbean new post about | logout
 Fun episode!

nostr:note1a3plpwe7e2qddwaln4rtdhzzsf0u3fdlgs4qlyvrujysywp38vqsys2phj  
 Best part is the Clearpill about Pegasus / Celebrite / Zerodays 
 What is the clear pill on Pegasus? Could you summarize it for me? 
 The clearpill I took away is: 

Most 'highly sophisticated and unrealistic' attack vectors will be weaponized by companies & made usable to highly incompetent government employees with the click of a button. No computer is absolutely secure, especially not complex ones, as zero-days are found, exploited & sold to private firms or stockpiled by 3-letter agencies without you nor the manufacturer ever learning about them.

Anything to add? @NVK 
 The State is commoditizing exploits and has been for a long time. They have special contract vehicles for buying the tech from private sector to be tailor made for specific use cases. The State will also purchase entire "companies" to be honeypots for bad actors to target. Or to obfuscate their involvement.  
 As seen with ANOM

DON'T USE SOMETHING THAT MARKETS ITSELF OPENLY TO CRIMINALS 
 If you can't self host it, you can't know it's not a honeypot.  
 Is GrapheneOS legit? How about their auditor server? 
 Good question.  
 The clearpill I took away is: 

Most 'highly sophisticated and unrealistic' attack vectors will be weaponized by companies & made usable to highly incompetent government employees with the click of a button. No computer is absolutely secure, especially not complex ones, as zero-days are found, exploited & sold to private firms or stockpiled by 3-letter agencies without you nor the manufacturer ever learning about them.

Anything to add? @NVK 
 Perfect.  Bed time