NSO, Yuli Novak

My younger son and his fiancée came over from TA and I brought D’s mom over from her retirement home. We kept her away from my daughter and her kids because they were exposed to someone who has been sick with the Omicron, lately. The weather started to clear up, though it remains cold.

NSO

There was an item in the TV news about NSO; an interview with one of the founders, and the CEO, Shalev Hulio. He doesn’t cut a very impressive figure and seemed nervous and evasive when asked key questions. A family man, maybe a little naive or unused to journalists. The TV news channel spent 2 days in the NSO headquarters in Herzlia and interviewed a few others there too. One guy demonstrated how what the company does is not simple interception of phones; it helps the clients to interpret the information collected and to construct an elaborate porfolio of the target and their network of connections. Sounds familiar from the descriptions of intelligence firm operations found in Cory Doctorow’s novel, “Attack Surface”.

The NYT story on NSO that I read yesterday had lots of new information. If it can be relied upon, it shows, in a more detailed way than known previously, how the sale of Pegasus went hand in hand with Israeli diplomacy and created friends among client countries who voted for Israel and against Palestinian interests in discussions at the UN. It also clearly states that India and Djibouti among others purchased Pegasus, despite denials or refusals to comment.

In the news item, Hulio is given the opportunity to make the case for the need for cyberweapons when facing sophisticated criminal or terrorist organizations. This is overshadowed by the fact that most of the countries to which the system was sold ended up using it against political opponents, critical journalists, ordinary citizens or diplomats of other countries. In this way, cyberweapons are not like other weapons. They are ideally constructed to undermine democracy wherever they land; even in supposedly democratic countries.

Yuli Novak

Haaretz runs stories in its English edition that have often appeared a few days earlier in its Hebrew edition. So today they have the story about Yuli Novak, a previous director of the Breaking the Silence organization. When the NGO and its members began to be hounded by rightwing groups, the media and politicians, and the group’s members began to receive death threats, she stepped down and away from Breaking the Silence and fled overseas for a time. Now she is reassessing her relationship with her country and with Zionism.

Breaking the Silence is an organization that publishes testimony of former soldiers as a means to help Israeli society reevaluate the meaning of its military occupation of Palestinian territories. It is not the radical political organization that it is made out to be in the Israeli media. It actually stays clear of direct criticism of Israel. It simply tries to show people the consequences of what the army is doing in the Occupied Territories; to “break the silence” about what is being done by the military. Like Edward Snowden and other whistleblowers, it spreads awareness of activities that are normally kept out of sight and removed from the consciousness of ordinary citizens.

As such, it does not need to take a political stance and it is actually better for its work if it stays out of politics. The organization is made up of former soldiers who, when they signed up, believed in the army’s mission, but got freaked out by what they saw happening on the ground. Whatever political conclusions they came to as a result are personal, and do not necessarily represent the organization itself. The point is to gather the soldiers’ testimony and to present it as part of a public education campaign, so that citizens can form their own opinions. At least that is what I understood after going on a tour of Hebron with one of the organization’s founders and listening to him at other times.

Choosing to target Breaking the Silence, and other organizations that are within the fold of the Zionist left, such as Betselem and the New Israel Fund, seems to have been a conscious choice of the Right. They obviously see them as more of a threat than truly anti-Zionist groups, whose numbers and resources are even more scant.

Yuli Novak – feminist, LGBT person and leftist as she is – seems to have taken quite a long time to question the narratives she grew up with and only recently has been coming around to opinions that many Israelis reached long ago. But eventually it dawned upon her:

“What sort of coexistence are you proposing here?” she asks rhetorically during our conversation, aiming the question at the Zionist left. “A coexistence that favors only you? That simply will not work. The moment we recognize that we are not living in a democracy in the deepest and most basic way, it suddenly becomes a lot easier to understand what is going on here. And it’s no longer chaotic.”

I guess by “chaotic” she means the dissonance between her received understanding of reality based on what she has been told, and what she actually sees. I’m not sure that she’s entirely out of it herself, just like all of us. A certain part of us always wants to believe that we are living in a fine sort of country that will basically be OK if we can only fix a few things. But that’s not true in any of the liberal (and increasingly less liberal) democracies. It certainly isn’t true of a society that is based on myths about selective group identity.

Nations, if we need them at all, should exist for the welfare of the totality of their citizens, not just for their elites, for particular ethnicities, castes, religious or ideological communities. They should provide us with a comfortable framework in which to live and maintain a peaceful relationship with other nations and the biosphere. The details may be difficult to work out but at least the mission statement should be clear.

Moxie & Ceglowski

I found this Twitter interchange regarding Telegram, between Moxie Marlinspike and Maciej Ceglowski, interesting. It is from December 2021. I had somehow seen the Moxie tweets earlier, but hadn’t seen Ceglowski’s, who brought the practical example of Telegram’s use during the Hong Kong protests.

Marlinspike is the man behind the Signal messenger. Ceglowski is the man behind the social bookmarking service Pinboard.in and an interesting writer on society, politics and the internet.

I have pulled their tweets out of Twitter and connected them.

Moxie Marlinspike:

It’s amazing to me that after all this time, almost all media coverage of Telegram still refers to it as an “encrypted messenger.”

Telegram has a lot of compelling features, but in terms of privacy and data collection, there is no worse choice. Here’s how it actually works:

Telegram stores all your contacts, groups, media, and every message you’ve ever sent or received in plaintext on their servers. The app on your phone is just a “view” onto their servers, where the data actually lives.

Almost everything you see in the app, Telegram also sees

Here’s a simple test: delete Telegram, install it on a brand new phone, and register with your number. You will immediately see all your conversation history, all of your contacts, all the media you’ve shared, all of your groups. How? It was all on their servers, in plaintext.

The confusion is that Telegram does allow you to create very limited “secret chats” (no groups, synchronous, no sync) that nominally do use e2ee, even if the security of the e2ee protocol they use is dubious.

There’s no e2ee by default, but they talk about it like there is

FB Messenger also has an e2ee “secret chat” mode that is actually much less limited than Telegram’s (and also uses a better e2ee protocol), but nobody would consider Messenger to be an “encrypted messenger.”

FB Messenger and Telegram are built almost exactly the same way.

Some may feel okay letting Telegram have access to all of their data, msgs, images, contacts, groups, etc. because they “trust Telegram.”

However, the point of an “encrypted messenger” should be that you don’t have to trust anyone other than the ppl you’re communicating with.

Actual privacy tech is not about trusting someone else w/ your data. It’s about not having to. A msg you send should only be visible to you & recipient. A group’s details should only be vis to the other members. Looking up your contacts should not reveal them to anyone else.

Privacy tech is really about making the tech consistent with the UI. But if Telegram’s UI were consistent with the way the tech worked, every chat would be a group chat with everyone that works at Telegram + everyone that hacks Telegram + every gov that accesses Telegram, etc

For the folks writing about this space, my request is that when you write “encrypted messenger,” it should at minimum mean an app where all messages are e2ee by default. Telegram and FB Messenger are built exactly the same way. Neither are “encrypted messengers.”

Maciej Ceglowski

There’s a disconnect between critiques of Telegram and its practical use that have made me uneasy about joining technical pile-ons around how it’s not really encrypted messaging. Let me use the example of Telegram use in the Hong Kong protests.

1/I arrived in Hong Kong with each hair standing individually on end because everyone was using Telegram, which of course stores every group chat server-side like Moxie says. It took me a while to understand why it was so popular despite this shortcoming.

One reason was the ability to have three scales of chat in one app—really enormous (tens of thousands) of groups where you didn’t have to share your identity, regular group chat, and one-on-one chats with people.

The one-on-one chats were popular because they could be set to an ephemeral mode, so that if a cop caught you and made you unlock your phone, you wouldn’t get them in trouble. The huge supergroups were useful for organizing protest events and broadcasting information.

People were trying to avoid getting recognized in the moment, caught in the moment, or having to broadcast their identity to a huge group of strangers (HELLO I AM INTERESTED IN ATTENDING YOUR PROTEST), although this later turned out to be a huge hole in Telegram and caused a fuss

So the tradeoff was a mix of the app being usable and useful, safety in numbers, basic anonymity features in large groups, the ability to have massive supergroups, and disappearing chat. Compare this to Signal, where you saw everyone’s phone number and it was buggy as hell

If the Chinese government wanted to come after you individually, you were screwed no matter what app you used. People brought phones to protests and that cell tower data was stored somewhere much easier for the PRC to obtain than even hacking Telegram.

The whole thing left me feeling far more confused about the role of E2E than I had been going in. Even today, if a state actor is seriously interested in you specifically, it’s game over. Signal can keep your messages triple secret all it wants, but it doesn’t really matter.

Either your device will be compromised, or the person you are having the triple-secret conversation is a government agent to begin with and even wearing a secret decoder ring on each finger is going to help.

So I think the right way to think of Telegram is an “encrypted enough” messenger, and for E2E purists to take a more careful look at why it is so widely used in protests movements, and why people find using “real” encrypted apps like Signal such a pain in the ass

The broader problem of ephemeral or spur of the moment protest activity leaving a permanent data trail that can be forensically analyzed and target individuals many years after the fact is unsolved and poses a serious risk to dissent. But E2E is not the solution to it.

I feel like Moxie and a lot of end-to-end encryption purists fall into the same intellectual tarpit as the cryptocurrency people, which is that it should be possible to design technical systems that require zero trust, and that the benefits of these designs are self-evident

But a truly trustless system is inhuman, and you’re going to get monstrous results if you try to impose it on human behavior. Homo encrypticus doesn’t exist any more than homo economicus. We need to think more deeply about how to make these technologies serve people as they are

The most dangerous thing about social software systems today is that they impose consequences on everyday actions that are unbounded in severity and time. You can be fired today for a social media comment you made as a kid, you can have $100M stolen by plugging in a USB device.

Reducing the blast radius of normal human mistakes, dismantling the permanent record part of the surveillance economy, and not forcing people to make irrevocable lifetime decisions every time they use a phone are the only way out of this mess. That’s not solvable with software.

Moxie (response):

Hey what do I know, maybe sending all of our plaintext data to a Russian oligarch & his associates to indelibly manage is the solution to online privacy.

I’m just saying that we shouldn’t call it an “encrypted messenger,” because it simply isn’t – any more than FB Messenger is.

Plain text, Nations

I think the tiredness and weirdness I feel today may be a result of the 2nd booster shot that I had yesterday. It just occurred to me that that may be the cause. I hope it’s the vaccination and not the virus itself.

Yesterday evening the storm struck out power to the village – they only fixed it at around 10:00 this morning. I watched an episode of The Expanse and went to bed.

Plain Text

A couple of days ago I read through the entire blog (or the parts that I understood) of Bastian Bechtold – I had it via his RSS feed, which was easier to go through than the blog itself. (As is often the case.) This got me thinking once again about the relative virtues of plain text. Really, I think we should be doing everything in plain text. However secure our CMS systems, the text is only as secure as the system. For non-programmers like me, at least, it’s really hard to retrieve the text from a CMS system. I recently tried a WordPress plugin that produces static files from the blog and it ended up producing about 6,000 files. It’s possible to extract a newsfeed but I wasn’t able, on my last attempt, to get all the posts at once. (I think that was in WordPress.com – I’ve since found out how to do it in self-hosted WP) Plain text is surely the most future-proof of any format.

The value of a system like Bechtold’s org-static-blog is that every post is a simple org-mode plain text file. Many static blogs create for every post a separate folder, of which the post is the index.html. I prefer the product of org-static-blog; a directory with org files and another one with the posts. The method of creating and publishing files is easy, and the code itself is as easy as it could be. It doesn’t have a templating system; just an ordinary CSS file.

I used org-static-blog previously, but was lured back to the comforts of CMS posting. I’m not very good at remembering the codes found in emacs, and every time I go back to it, I find that I’ve forgotten them again. Maybe age plays a role, since I used to be very good at remembering WordPerfect codes, for the DOS versions of that word processor. As a word processor, WordPerfect and others of that era weren’t so far removed from emacs

Anyway, I think I will give org-static-blog another spin. One of my good sides of my tech-fickleness is that I’m never intimidated by learning something new, or re-learning something that I’ve forgotten.

Nations

Nations are crap; pretty well all of them. Since nations seem to be the inevitable reflection of the individuals that make them, I suppose that means that we are crap too. At least, nations reflect the worst part of ourselves. Today I was reading the Guardian story about the death of the 78-year old Palestinian at the hands of the IDF (as if there was any doubt, his death was found to have resulted from “external violence”). There are many, many such stories about Israel’s total disregard for Palestinian lives. But without the least attempt to excuse this country for its crimes, my problem is that all the other countries that I know are culpable too. Visiting or going to live in another country can provide a breather from the concern or disgust we might feel for our domicile – the problems of “foreign” countries are less within the sphere of our interest, after all. But it isn’t necessary to dig far under the surface to find the same phenomena, on a greater or a lesser scale.

Sometimes we have the luxury of feeling that there has been progress. Britain is no longer the imperialist power that it was when it oppressed half the world. Germany is no longer the Germany of the third reich. But in the timeline of human history, 1939 or 1858 are just a second away and nothing much has been learned. When I look at the growing crisis in Ukraine, that seems obvious. It would be so easy for the parties of that conflict to reach a solution. Why do we need a Europe where nuclear-enabled forces of two hostile parties face off along a narrow divide. Demilitarize the whole area; move forces and missiles away from the borders on both sides.

All conflicts based on the perception of “us” and “them” are problems only of perception, and the larger the group identities become, the larger the potential for destruction. Wars between huge nations are obviously more dangerous than squabbles between clans. The dynamics are similar but the consequences are influenced by scale.

Let nations exist as convenient groupings to organize social services for the good of citizens. They are not worthy of our loyalty or patriotism. In an ideal world, individuals would be able to flow freely between nations. Their loyalty would be towards humanity as a whole and towards the welfare of all beings.

I rather liked the insult hurled by the Turkish journalist, which Erdogan said “would not go unpunished”:

‘The alleged insult was a proverb that translates as: “When the ox comes to the palace, he does not become a king. But the palace becomes a barn.”’

Software

As I grow older, I seem to forget projects that I had gotten into a while back. In 2020 I discovered org-static-blog and apparently forgot all about it in a few months. I remember having tried various static blogging systems, and recently read about Barry Kauler’s static blogging system, and was thinking to try that, due to its simplicity. But this is even simpler, therefore better, if simplicity is what I’m looking for. I’m just afraid that one of these days I will lose even more of my marbles and be left blogless and helpless. Hubzilla is great, and WordPress has many advantages, but both of them require a complicated setup (if they are on a home server), including php and mysql (or MariaDB). I may decide to go back to this, and, if I require something beyond a blogging system, to use ordinary html in SeaMonkey or Bluefish.

Pegasus, COVID

The main story today was the news that according to a report in Calcalist, the Israeli police is using NSO’s Pegasus spyware against Israeli citizens. Apparently it takes advantage of a very large loophole in the legal system: while there are very strict regulations regarding “wire-tapping” there is no specific law that makes it illegal to break into a citizen’s phone to harvest information or, at least, the Israeli police made their own interpretation of the laws in determining what was permitted. In the case that a surveilled person was charged, the information they gathered through Pegasus was not used directly as evidence. Etc. According to the article, Pegasus is being used in a very similar way to that discovered in many non-democratic regimes around the world. Haaretz, in its own analysis, concludes that NSO is an arm of the state.

בשירות משטרת ישראל: פריצות לטלפון של אזרחים ללא פיקוח או בקרה | כלכליסט https://www.calcalist.co.il/local_news/article/s1b1xwx6y

Israel’s COVID count seemed to be a bit optimistic during the last couple of days – thirty-some thousand per day – but it turned out that its computer system had simply collapsed under the flood of testing results and the actual number is at least double that appearing on the health ministry’s website. Not the 465,000 cases that France reported today, but still the highest ever total for this country.

Auroville, again

I managed to listen to the end of the 3 hour meeting in Auroville (see my blog post on WP yesterday). It was fascinating to hear the different arguments, for one side or the other, expressed so well; all convincing. (Usually in meetings I find myself agreeing to the last person who has spoken.) But in the end I think I remain on the side of those who say the work should be done quickly. I know the road in question quite well because I travel on it daily whenever I’m there.

There are strange phenomena that one witnesses that never make the news, but leave one feeling curious. When I go to a nearby shopping center, I take a semi-official shortcut on an “agricultural road” that twists and twines as it passes through fields. At one of these turns, was parked, precariously and a little dangerously, a new car with two big pink bows on it – decorated in a way that people often do for their weddings. J suggested that maybe it was a couple who had stopped to have wedding photos taken of them. But, at 7:30 AM on a particularly cold day? As it happened, the car remained all day in the same position. When I traveled back home in the late afternoon, it was still there, but now another car had stopped in front of it, and someone had put a triangle on the road to alert other drivers to it. So what is the answer to this mystery? I will never know. Perhaps the car was stolen and thieves had left it there as a kind of joke.

Links

Kashmir independent press club shut down in media crackdown

Two female activists in Bahrain and Jordan hacked with NSO spyware

Auroville

In the morning I came across a story about Auroville in the Guardian, Bulldozers, violence and politics crack an Indian dream of utopia

I wasn’t aware of what’s happening there – it’s a story that developed over the last month. It seems they that the Auroville Foundation (which is an arm of the state) sent a dynamic new secretary, who wants to get things done. Auroville is supposed to develop into a township of 50,000, but has actually been developing at a snails pace, despite enormous investment. The community members prefer to live in a forest setting and planted trees where, according to the approved town plan, there should be roads. It’s wonderful for the environment, in these times when trees in Tamil Nadu are few and far between, but it was not the original intention, and I think in this case the state’s position is somewhat justified and the tree huggers’ case more tenuous. Those who oppose development in the community will claim that they are not actually against development, and the Auroville Foundation will point out that they aren’t against the forests. Somehow they will need to meet in the middle. But having listened on YouTube to a part of the 3 hour assembly meeting from December, that’s going to be a challenge. Wow, it was strange this morning to find that Auroville had made the 3rd most popular article in the Guardian.

Residents’ Assembly meeting – Unity Pavilion, 20th Dec. 2021 by AurovilleRadio on YouTube

Early morning. Today is a continuation of the rainy weather we have been having. Yesterday I didn’t do very much. In the morning I was looking over the material I collected from interviewing my mother, several years ago, about her family and her reminiscences of childhood. I’m not sure what I will eventually do with this – there are about 9 pages.

In the afternoon I tried to watch the film Tenet, which I had known nothing about. It’s a science fiction action thriller; lots of style but no substance. I got about 2/3 through the movie before abandoning and deleting it. In the evening I watched part of an old Akira Kurosawa film, Throne of Blood, which is supposed to be based on Macbeth. I will continue it later.

Outside, the birds are up, chirping and singing in the cold and the rain. For them, the unexamined life is worth living, and they accept whatever comes to them. Life is to be lived.

Links

Texas scientists’ new Covid-19 vaccine is cheaper, easier to make and patent-free

“We need to break these paradigms that it’s only driven by economic impact factors or return of economic investment. We have to look at the return in public health.”