| ▲ | The US is now the largest investor in commercial spyware(arstechnica.com) |
| 180 points by furcyd a day ago | 74 comments |
| |
|
| ▲ | dadrian a day ago | parent | next [-] |
| This is an unserious article. 1) If you're counting investment, you should count it in dollars, not number of investors or corporate entity locations. 2) This is missing at least two extremely well-known CNE vendors, which makes me doubt its accuracy. 3) The takeaway from the graph on Mythical Beasts [1] should be that the industry is _very small_, not that it's very big. 4) Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? Get a warrant -> own a phone is a very straightforward process that fits into existing models of civil liberties in the US. [1]: https://mythicalbeasts.atlanticcouncil.org/ |
| |
| ▲ | 1vuio0pswjnm7 a day ago | parent | next [-] | | "Would you prefer to have China or Russia or the Middle East be the biggest player?" To be fair, an objective person might prefer to have _no_ "big players" Whether a biased or self-interested commenter on the subject believes this is possible or not doesn't eliminate the possibilty of this preference It is like asking whether a voter would prefer to have the "biggest players" giving funds to X candidate or Y candidate, ignoring whether the voter would actually prefer campaign finance reform instead | | |
| ▲ | a day ago | parent | next [-] | | [deleted] | |
| ▲ | halJordan a day ago | parent | prev [-] | | You're not wrong, but youre showing an unserious idealism yourself. Your scenario is more akin to "i dont think there should be a biggest nuke owner, so we're going to pass laws banning nukes" While the USSR simply proceeds with making nukes. | | |
| ▲ | ASalazarMX 5 hours ago | parent [-] | | At least there should be no government-sanctioned backdoors, let the attackers try to find zero-days on their own. |
|
| |
| ▲ | potato-peeler 17 hours ago | parent | prev | next [-] | | > Americans should be happy that the US government is the biggest player. Would you prefer to have China or Russia or the Middle East be the biggest player? People talk about US as if it’s some kind of lala land! Every country, every person should take active measures to protect itself from US influence. | | | |
| ▲ | dogleash a day ago | parent | prev | next [-] | | >Would you prefer to have China or Russia or the Middle East be the biggest player? If the absolute value of China + Russia + ME was the same, but US went down? Yeah, probably. Doubly so if sales going down meant less R&D investment and therefore lower quality software. | |
| ▲ | tptacek a day ago | parent | prev | next [-] | | It also assumes we'd have records of investments outside the US/EU market to begin with. | |
| ▲ | a day ago | parent | prev | next [-] | | [deleted] | |
| ▲ | lazyeye a day ago | parent | prev [-] | | We also dont know how much money China is investing in govt spyware either. I dont really trust the intent of any information I read online. This article could well be part of a influence campaign by a foreign power. "Because if you talk about something the most, this means you have it the most.." is how most people perceive things. Of course, the opposite is often true. |
|
|
| ▲ | tptacek a day ago | parent | prev | next [-] |
| This data set is missing even several pretty well-known CNE vendors. The bigger question is: why would you expect the US not to be the largest investor? CNE vendors are tech companies. The US is the largest investor in tech companies. |
| |
| ▲ | bigyabai a day ago | parent [-] | | > why would you expect the US not to be the largest investor? Mostly because $FAV_TECH_COMPANY constantly tells me they love privacy. They fight backdoors in court, they rush out security patches and closely coordinate with the government to ensure I'm safe. Every advertisement seems to reinforce the idea that they cared about my security, I guess I put too much faith in the principles of private enterprise. | | |
| ▲ | tptacek a day ago | parent [-] | | What would that have to do with anything I just said? | | |
| ▲ | simoncion a day ago | parent | next [-] | | > What would that have to do with anything I just said? It's a direct answer to the question you posed, which was email-quoted in the first line of the comment. It relates the point of view of someone who's substantially tech-ignorant and -in part because they simply don't have time or energy to think much on the topic- entirely unaware of how the intelligence and infosec world works. People like that make up a somewhat-surprising fraction of the US population. Sometimes folks who work in computers are a member of this subset of the population! | |
| ▲ | bigyabai a day ago | parent | prev [-] | | It might help inform you, if you're unfamiliar with the sentiment Americans hold towards security? Don't take my word for it, though. Scroll through the rest of the comments in this thread, I counted all of three unique users that took this article at face-value. The fact that we see this cognitive dissonance on HN should really reinforce how unimportant online security is to Silicon Valley. |
|
|
|
|
| ▲ | nycdatasci a day ago | parent | prev | next [-] |
| You can find a graph showing the relationships between investors and entities here:
https://staging--atlantic-council-spyware.netlify.app/ The headline can't be taken at face value. "Largest" is based on the number of investing entities (including individuals), not something more objective like dollars invested. Also, the US is not making these decisions as the headline implies. |
|
| ▲ | hparadiz a day ago | parent | prev | next [-] |
| Aka enterprise security solutions |
| |
| ▲ | tptacek a day ago | parent | next [-] | | Enterprises are generally not customers of serious CNE vendors. | |
| ▲ | ta12653421 a day ago | parent | prev | next [-] | | Cloud-based Enterprise Security Solution, thats important! ;-) | | |
| ▲ | reactordev a day ago | parent [-] | | Centralized, Single-pane-of-glass, Cloud-based Enterprise Security Solution. | | |
| |
| ▲ | evanjrowley a day ago | parent | prev | next [-] | | This is a big step beyond just enterprise EDR/MDM | |
| ▲ | OutOfHere a day ago | parent | prev [-] | | Hacking personal devices goes way beyond enterprise security. It is cybercriminal behavior. |
|
|
| ▲ | esalman a day ago | parent | prev | next [-] |
| The former number one, and current number two, is anyone's guess. My home country does not have formal diplomatic ties with them, yet we purchased and deployed surveillance tech from this country. We live in a truly dystopian nightmare. |
|
| ▲ | cramcgrab a day ago | parent | prev | next [-] |
| According to ars. |
|
| ▲ | mensetmanusman a day ago | parent | prev | next [-] |
| Google and FB are commercial spyware. |
| |
|
| ▲ | OutOfHere a day ago | parent | prev | next [-] |
| I see multiple ex-employers listed at https://staging--atlantic-council-spyware.netlify.app/ | https://mythicalbeasts.dfrlab.org/. I strongly advise avoiding all prospective employers that use these services as they're practically guaranteed to hack your phone. Report: https://www.atlanticcouncil.org/in-depth-research-reports/re... Dataset: https://github.com/ac-csi/mythical-beasts |
| |
| ▲ | dadrian a day ago | parent [-] | | It is illegal for an employer to hack your phone. | | |
| ▲ | OutOfHere a day ago | parent [-] | | It is why the employer contracts the hacking firm to do it all for them. Meanwhile, the employer has deniability. The employer receives reports of your data and activities as accessed by the firm. That is the whole point. It's a legal gray area. Being naive about it doesn't help. | | |
|
|
|
| ▲ | bamboozled a day ago | parent | prev | next [-] |
| “Freedomware” |
|
| ▲ | RianAtheer a day ago | parent | prev | next [-] |
| [flagged] |
| |
| ▲ | linkregister a day ago | parent | next [-] | | Investment in these firms does not equate to improved national security. Existing US government programs exceed the capabilities of these firms. A purpose for contracting with these firms is to evade the significant legal oversight present in the NSA, CIA, and FBI computer network exploitation programs. | |
| ▲ | OutOfHere a day ago | parent | prev [-] | | US and Israel are the the global cyber threat. | | |
| ▲ | SilverElfin a day ago | parent | next [-] | | What about China? Salt typhoon was just one among many actual attacks, not just threats, connected back to the Chinese state. | | |
| ▲ | soperj a day ago | parent | next [-] | | What attacks from the US have you heard of? | | |
| ▲ | autoexec a day ago | parent | next [-] | | Does microsoft windows count? Honestly, I imagine that other nations should be very concerned about the small number of US based companies creating all the CPUs which could easily be backdoored. Same for the blackbox wireless chipsets our phones depend on too. That and so many of the companies that people depend on are in the US (Google, Amazon, social media, Apple, MS, etc) since you have to think that the US government is collecting massive amounts of data from those places. | |
| ▲ | saagarjha a day ago | parent | prev [-] | | Stuxnet? |
| |
| ▲ | OutOfHere a day ago | parent | prev [-] | | Yes, but with rare exceptions, China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. Meanwhile, the US and Israel are well known to target individuals both domestically and around the world irrespective of their affiliation. | | |
| ▲ | SilverElfin a day ago | parent | next [-] | | What is power? Like legally? China definitely has international policing outposts that are meant to cast their power outside their borders. https://www.nytimes.com/2023/01/12/world/europe/china-outpos... | |
| ▲ | hirvi74 a day ago | parent | prev | next [-] | | > China doesn't exercise much power to lock up someone, or to disempower someone, at least so long as you don't visit China. I am not certain that is necessarily true. At least, not if one is originally from China. https://www.publicsafety.gc.ca/cnt/trnsprnc/brfng-mtrls/prlm... | | |
| ▲ | lmz a day ago | parent | next [-] | | Telling someone their family is going to get it if they keep doing what they do is quite some distance away from... straight up bombing them. | | |
| ▲ | hirvi74 a day ago | parent | next [-] | | I am not sure I am following you. Who are you implying are the bombers and during what time period? As for China not bombing anyone, while true, I believe it's merely a matter of time. While I hope I am wrong, Taiwan seems awfully worried to be located about 80 miles away from their peaceful and loving neighbor for some reason. | |
| ▲ | corimaith a day ago | parent | prev | next [-] | | And you think China won't bomb foreign adversaries if they can? Or any country for that matter. The answer is don't place yourself in the crosshairs of great powers in the first place, which then puts into the degree you can align yourself with their interests. | |
| ▲ | pessimizer a day ago | parent | prev [-] | | And anybody who happens to be nearby. |
| |
| ▲ | pessimizer a day ago | parent | prev [-] | | It's also important to keep in mind that China has less than a quarter of the per capita prison population as the US. If you're talking about who's a police state, the US and China just aren't in the same universe. Or from another direction, China has 4x the population of the US, and still has fewer people in prison. | | |
| ▲ | hirvi74 a day ago | parent | next [-] | | 1. That is under the assumption that the Chinese government is releasing accurate data. I assume international entities are not granted access to Chinese prison facilities directly, but I could be wrong. 2. There are 'alternative' ways of dealing with suspects and criminals other than prison sentences. And on that note, if China has a lower per capita prison population than the US, then it makes China having the highest rate of capital punishments even worse. | |
| ▲ | corimaith a day ago | parent | prev [-] | | That's more on an indictment of multiculturalism as opposed to cultural homogenization though, which I imagine many here would furiously oppose the latter. |
|
| |
| ▲ | ImJamal a day ago | parent | prev [-] | | They have the power to arrest people in China. Any Chinese outside of China could have their family still in China arrested. |
|
| |
| ▲ | corimaith a day ago | parent | prev [-] | | According to https://www.ox.ac.uk/news/2024-04-10-world-first-cybercrime-..., Russia (58), Ukraine (36), China (27) and then USA (25) top the list, with Israel (2.51) at a measly rank 16. So no, and I'm not sure why OP decided to single out Israel here given it is a order of magnitude less than the others and there are so many other nations, unless if they have a specific agenda to push here. |
|
|
|
| ▲ | Group_B a day ago | parent | prev | next [-] |
| Gotta love the good old US of A. I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. An amazing world we live in. |
| |
| ▲ | generalizations a day ago | parent | next [-] | | I suspect that in the very near future, the latter will dramatically decrease and the former dramatically increase. I wonder how that tradeoff will be perceived. | | |
| ▲ | bregma a day ago | parent | next [-] | | As surveillance increases the definition of crime will expand. Consider the incentives. Surveillance is costly. The only way to justify increasing surveillance costs is to demonstrate increasing intervention in criminal activity. If traditional crime is reduced, new crimes need to be introduced. Once all the enemies of the state have been eliminated, it becomes mandatory to introduce new enemies of the state so they, too, can be rounded up. Eventually there will be no one left to come for and the surveillance technology will go unmonitored. | | |
| ▲ | generalizations 8 hours ago | parent [-] | | You may very well be right about the outcome, though I doubt the government cares enough about justifying expenditures to make money the rationale. In my experience, it's social crises that tend to be used to justify authoritarian power grabs - whether that's a political killing or a worldwide contagion. |
| |
| ▲ | jrochkind1 a day ago | parent | prev | next [-] | | Don't worry, the crime wont' actually decrease either. | |
| ▲ | hansvm a day ago | parent | prev | next [-] | | Maybe. If we use our powers too capriciously then they'll deter behaviors other than criminal behaviors. Like that boat of alleged drug traffickers we recently blew up -- that looks more likely to discourage boating within 1000 miles of the US than any particular crime. | |
| ▲ | falcor84 a day ago | parent | prev | next [-] | | What do you mean? What would lead to government surveillance decreasing? | | |
| ▲ | wil421 a day ago | parent [-] | | No he means crime will dramatically decrease and surveillance will increase. I’d be inclined to agree. | | |
| ▲ | falcor84 18 hours ago | parent [-] | | D'oh, I suppose I just have some default mental schema that processed the sentence assuming "former" before "latter". | | |
| ▲ | generalizations 8 hours ago | parent [-] | | Yeah, figured that making it hard to parse would make it more likely people were thoughtful about their replies. In this climate, it's likely to attract a flamewar if I just spell it out. |
|
|
| |
| ▲ | a day ago | parent | prev | next [-] | | [deleted] | |
| ▲ | corimaith a day ago | parent | prev [-] | | The increase in crime is purely political problem emerging from the demands of a certain segment of middle and upper middle classes, not the government or working class. |
| |
| ▲ | roughly a day ago | parent | prev | next [-] | | > I feel like we have the worst of both worlds; dystopian surveillance, yet massive crime issues still. One might be tempted towards the conclusion that dystopian surveillance doesn't materially impact crime rates and that if we want to solve the latter, we need a different solution than the former. | |
| ▲ | mrtesthah a day ago | parent | prev | next [-] | | The problem is that when laws no longer apply to certain individuals in our government, we no longer have rule of law at all, because a law is inherently universal. The US is rotting from the head. | |
| ▲ | kubb a day ago | parent | prev | next [-] | | At least you have freedom… in some sense. | | | |
| ▲ | decremental a day ago | parent | prev [-] | | [dead] |
|
|
| ▲ | howmayiannoyyou a day ago | parent | prev [-] |
| Good. I want my tax dollars allocated to penetrating every and any system my country's adversaries may use to undermine our interests or threaten our people. And, I want maximum penalties, civil and criminal, for any person or company who misuses these systems for personal or political gain. Also, I'd like to see mandatory statutory civil damages for any vendor creating and/or selling/providing these systems who does so in a negligent or malicious manner, same as we provide for other high risk products and services. |
| |
| ▲ | vkou a day ago | parent [-] | | Well, you're definitely not going to get the latter two, and the only guarantee about the first one is that they will definitely be used against enemies of the state. Whether there's any overlap between them and enemies of the people will heavily depend on the latter's ability to steer towards good governance. The track record for the past few decades hasn't been great. | | |
| ▲ | ChainnChompp a day ago | parent [-] | | Nailed it - well said. Going to take some serious work for the populace to start steering the ship again, unfortunately. |
|
|
