According to Motherboard, Facebook approached the NSO Group to try and buy a tool that would let them better spy on a specific subset of their users. Because of course they did.
This all from court documents revealed as part of Facebook’s ongoing lawsuit against NSO for helping governments hack WhatsApp, which Facebook owns.
Facebook, as everyone knows, is the behemoth social network that’s been accused of a series of reprehensible privacy and decency violations against its users.
The NSO Group is the hugely controversial supplier of spyware like Pegasus and hacking tools to nation-states, among others.
The subset of users Facebook reportedly wanted to target was us, iPhone users.
Now, Facebook apparently didn’t actually want Pegasus proper, which is used to remotely infect and spy on phones. They wanted Pegasus technology to make their own, existing Facebook spyware better.
See, in a previous scandal — it’s legit hard to keep up — Facebook was accused of pushing a VPN app named Onavo Protect on their users without properly disclosing that Facebook owned it and was using it to harvest our behavioral data to monetize, and to target competition.
You know that old cliche that big internet companies don’t sell our data because it’s too valuable? Yeah, Cambridge Analytica proved they do indeed sell our data because metastasizing is even more valuable.
Now, Facebook was eventually forced to pull the VPN from the App Store and Google Play Store, and sunset it.
But, like any vampire, it’s blood sucking continued. Techcrunch reported that Facebook had rebranded Onavo Protect as Research, used its massive advertising engine to target desirable demographics, including teen agers, offered them $20 for participating, and then abused Apple’s enterprise distribution system to infect their iPhones with it.
And yeah, that’s how valuable our data is to them. Block them from offering free services to get it and they’ll become desperate enough to pay for it. Topic for a future video.
But, according to Motherboard’s report, even after all that, Facebook still couldn’t harvest as much data from iPhone users as they could from Android users, and so wanted the Pegasus parts to make sure we were all being equally violated.
Now, Facebook says NSO is misrepresenting all this to try and distract from the lawsuit. But, Facebook doesn’t refute the claim in any other way. No denial, no context, no explanation.
And here’s a little secret decoder ring for corporate PR: If a company is in the right, they’ll usually hold their ground and say so in simple, plain language. If they’re on shaky ground, they’ll try to angle and change the point of discussion. If they done wrong, they’ll flail about in a desperate attempt to distract from the topic.
NSO Group just said they only sell to government agencies and law enforcement, so they talk-to-the-handed Facebook and wouldn’t comment further.
In terms of reactions so far, there haven’t been many. At least not that I can find. It’s up on TechMeme but, Apple site’s aside, almost none of the major tech sites have covered it, and I haven’t seen it talked about in my Twitter feed either.
The big exception is John Gruber from Daring Fireball, who repeated what he’s said before:
Facebook is a criminal enterprise.
Ryan Mac from Buzzfeed tweeted a reminder to whatever the NSO says with 10 lbs of salt, but that it was an incredible accusation in a formal court filing.
A New York Times reported tweeted that it was very disturbing if true, but that tweet seems to have been deleted.
So, it’s possible that reporters just don’t think there’s any there here, that commenters see it as two controversial companies just going at it, or that people are just busy with other stuff during all this shelter-in-place.
It’s the latter possibility that concerns me, though.
We’ve seen with Zoom, which has become massively popular thanks to social distancing, that people have been willing to put longer range concerns about privacy and security on hold for the immediate convenience of social connection.
Zoom has a history of, at best, playing fast and loose with security and privacy, and at worst having a reckless, borderline malicious disregard for it. Everything from secretly installing servers on the Mac to secretly channeling data to Facebook to secretly routing data through China, to failing to provide basic safeguards for users.
It’s a chilling mess that I would never use or recommend using during normal times, but that the people I care about and want to stay connected with are using right now.
Facebook is the same. I deleted almost all my data and stopped logging into the blue app following Cambridge Analytica, but now I’m worried about family and friends for whom Facebook is effectively the Internet. And, of course, I never stopped using Instagram, because Insta.
Walt Mossberg, who pretty much invented personal technology journalism, expressed just exactly that a couple weeks ago.
The deal with the devil that I’ve made for myself is that I won’t actively use Zoom or Facebook but if the people I care about reach out to connect through them, I’ll respond.
But I'm terrified that if I sacrifice privacy and security in the name of convenience and connection, I'll end up with none of it.