Forwarded from NoGoolag
UK Government Issues Draft Strategic Priorities for Online “Safety,” Pressuring Ofcom to Enforce Censorship, Surveillance, and Age Verification Under Online Safety Act
https://ift.tt/qDEdYrn - FOLLOW: @reclaimthenet
https://ift.tt/qDEdYrn - FOLLOW: @reclaimthenet
Reclaim The Net
UK Government Issues Draft Strategic Priorities for Online "Safety," Pressuring Ofcom to Enforce Censorship, Surveillance, and…
Ofcom is nudged toward algorithmic policing and AI gatekeeping in a sweeping vision that blurs child protection with national security.
Forwarded from NoGoolag
Meta Reportedly Developing Facial Recognition for Ray-Ban Smart Glasses and Camera-Equipped Earphones, Enabling Scanning of Nearby Faces Without Consent
https://ift.tt/52GrzPU - FOLLOW: @reclaimthenet
https://ift.tt/52GrzPU - FOLLOW: @reclaimthenet
Reclaim The Net
Meta May Add Facial Recognition to Ray-Ban Smart Glasses
Meta explores facial recognition for Ray-Ban smart glasses amid privacy concerns and evolving AI training policies.
Forwarded from NoGoolag
Nintendo Can Now Remotely Shut Down Your Switch If You Try to Modify Your Own Device
https://ift.tt/fJwxVYK - FOLLOW: @reclaimthenet
https://ift.tt/fJwxVYK - FOLLOW: @reclaimthenet
Reclaim The Net
Nintendo Can Now Remotely Shut Down Your Switch If You Break Its Rules
Installing homebrew or backing up your own games can now turn your Switch into a $300 souvenir.
Forwarded from NoGoolag
A well written look at the pros and cons of #systemd
https://www.howtogeek.com/675569/why-linuxs-systemd-is-still-divisive-after-all-these-years/
@BonesTechGarage
https://www.howtogeek.com/675569/why-linuxs-systemd-is-still-divisive-after-all-these-years/
@BonesTechGarage
How-To Geek
Why Linux’s systemd Is Still Divisive After All These Years
systemd is 10 years old, but feelings about it in the Linux community haven’t mellowed—it’s as divisive now as it ever was. Although it’s used by many major Linux distributions, the hardcore opposition hasn’t relented.
Forwarded from NoGoolag
ETH Zurich
ETH Zurich researchers discover new security vulnerability in Intel processors
Computer scientists at ETH Zurich discover new class of vulnerabilities in Intel processors, allowing them to break down barriers between different users of a processor using carefully crafted instruction sequences. Entire processor memory can be read by…
Forwarded from NoGoolag
Media is too big
VIEW IN TELEGRAM
Forwarded from NoGoolag
This media is not supported in your browser
VIEW IN TELEGRAM
In the US, an AI has been invented that pinpoints exactly where a photo was taken and shows that location in 3D. GeoSpy AI will help police and journalists.
Forwarded from NoGoolag
Ireland Moves to Legalize Retrospective Facial Recognition
https://ift.tt/c1kQ2RI - FOLLOW: @reclaimthenet
https://ift.tt/c1kQ2RI - FOLLOW: @reclaimthenet
Reclaim The Net
Ireland Moves to Legalize Retrospective Facial Recognition
O'Callaghan’s push for facial recognition arrives as surveillance slips from science fiction into the scaffolding of daily life.
Forwarded from NoGoolag
The EU’s New “Democracy” Shield Looks a Lot Like a Speech Muzzle
https://ift.tt/5IVN8Hx - FOLLOW: @reclaimthenet
https://ift.tt/5IVN8Hx - FOLLOW: @reclaimthenet
Reclaim The Net
The EU’s New "Democracy" Shield Looks a Lot Like a Speech Muzzle
A censorship law dressed as a safeguard, the Shield quietly turns EU-funded fact-checkers into the arbiters of acceptable opinion.
Forwarded from The Cradle
❗️Iran to sue Google over “Persian Gulf” distortion
Iran’s National Virtual Space Center announced plans to pursue legal action against Google and other platforms for replacing the term “Persian Gulf” with fabricated alternatives. The center’s spokesman, Hossein Dalirian, condemned the move as a deliberate falsification of a historically recognized name and a violation of Iran’s national identity.
Dalirian cited international recognition of the term, including by the UN Group of Experts on Geographical Names, and warned that tampering with such nomenclature breaches international law, including Article 19(3) of the ICCPR. Legal consultations are underway.
Iran’s National Virtual Space Center announced plans to pursue legal action against Google and other platforms for replacing the term “Persian Gulf” with fabricated alternatives. The center’s spokesman, Hossein Dalirian, condemned the move as a deliberate falsification of a historically recognized name and a violation of Iran’s national identity.
Dalirian cited international recognition of the term, including by the UN Group of Experts on Geographical Names, and warned that tampering with such nomenclature breaches international law, including Article 19(3) of the ICCPR. Legal consultations are underway.
Forwarded from NoGoolag
â– â– â– â– â–ˇ Seven things we learned from #WhatsApp vs. #NSO Group #pegasus spyware lawsuit.
https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
TechCrunch
Eight things we learned from WhatsApp vs. NSO Group spyware lawsuit | TechCrunch
The landmark trial between WhatsApp and NSO Group unearthed several new revelations.
Forwarded from NoGoolag
NoGoolag
â– â– â– â– â–ˇ Seven things we learned from #WhatsApp vs. #NSO Group #pegasus spyware lawsuit. https://techcrunch.com/2025/05/13/seven-things-we-learned-from-whatsapp-vs-nso-group-spyware-lawsuit/
â– â– â– â– â–ˇ Jewish NSO group Fallout.
NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp's infrastructure, mimicking legitimate traffic. These messages exploited vulnerabilities in WhatsApp's code, causing target devices to reach out to NSO-controlled servers and install the spyware—all without user interaction.
To achieve this, NSO reverse-engineered WhatsApp, extracting and decompiling its code to craft messages that a standard client couldn't send. These techniques violated WhatsApp's Terms of Service and applicable laws.
NSO admitted to developing multiple exploit vectors, including Eden and Erised, which were part of a suite called Hummingbird. Notably, Erised was developed and used even after WhatsApp filed its lawsuit in 2019, continuing until WhatsApp implemented server-side patches in May 2020.
Additionally, NSO leased infrastructure from Amazon Web Services (AWS) starting in December 2018 to support its operations. AWS terminated these services in 2021 after being alerted to their misuse.
This case underscores the sophisticated methods employed by NSO to exploit communication platforms and the challenges in defending against such advanced threats.
Forwarded from NoGoolag
NoGoolag
■■■■□ Jewish NSO group Fallout. NSO Group developed a specialized system called the WhatsApp Installation Server (WIS) to deploy its Pegasus spyware. This server sent malformed messages through WhatsApp's infrastructure, mimicking legitimate traffic. These…
â– â– â– â– â–ˇ NSO Fallout

Between April and May 2019, NSO Group's Pegasus spyware targeted 1,223 WhatsApp users across 51 countries. The distribution of victims by country is as follows:
Country Number of Victims
Mexico 456
India 100
Bahrain 82
Morocco 69
Pakistan 58
Indonesia 54
Israel 51
Spain 12
Netherlands 11
Hungary 8
France 7
United Kingdom 2
United States 1
The majority of these victims were journalists, human rights defenders, and members of civil society. Notably, 456 victims were in Mexico, highlighting the extensive reach of the spyware.
A visual map detailing the global distribution of these victims was published by Amnesty International and other research groups.
This data underscores the widespread misuse of Pegasus spyware against individuals in numerous countries.

Forwarded from NoGoolag
NoGoolag
■■■■□ NSO Fallout Between April and May 2019, NSO Group's Pegasus spyware targeted 1,223 WhatsApp users across 51 countries. The distribution of victims by country is as follows: Country Number of Victims Mexico 456 India 100 Bahrain 82 Morocco 69 Pakistan…
■■■■■Here's a full technical rewrite of the WhatsApp vs. NSO Group spyware case, focusing on CVE-2019-3568, its exploitation logic, and WhatsApp’s patch implementation:
âžżâžż
Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent during a WhatsApp voice call
Remote Code Execution (RCE) in WhatsApp process without user interaction (zero-click)
Android and iOS WhatsApp clients
âžżâžż
1. Target Surface
Exploit leverages the libSRTP-based VoIP stack, which handles RTCP packets used for session feedback and control in encrypted voice calls.
RTCP parsing logic failed to sanitize certain control fields, especially those related to extended report block lengths and payload types.
2. Exploit Algorithm Flow
1. Attacker initiates WhatsApp voice call to target (call never needs to be answered).
2. During SIP/VoIP session setup, attacker injects a malformed RTCP packet:
- Payload includes an extended report (XR) with a length field that causes heap corruption.
- The data pointer is shifted to point into a controlled heap region.
3. Heap spray is used prior to the call to fill memory with ROP gadgets or shellcode.
4. WhatsApp’s VoIP thread parses the corrupted RTCP payload:
- Triggers a buffer overflow
- Hijacks return address via overwritten heap metadata
5. Final stage loader downloads and injects the Pegasus spyware binary into user space.
âžżâžż
A lack of proper bounds checking in srtp_unprotect() when handling compound RTCP packet lengths.
Specifically, incorrect handling of:
block_length in XR headers
packet size mismatch vs actual read buffer
ASLR and DEP were bypassed using dynamic heap shaping and ROP chains tailored to the victim’s device/OS version.
âžżâžż
Patch Details (May 2019)
WhatsApp Patch Analysis
Introduced stricter validation in the VoIP media engine:
Validated block_length and total_length fields in RTCP/XR headers
Rejected malformed RTCP packets that exceeded expected control sizes
Recompiled the VoIP library with stack canaries, PIE, RELRO, and hardened malloc on Android and iOS
Moved critical parsing logic out of untrusted network threads into a sandboxed process (in newer versions)
Net Result
Fully blocked the RTCP overflow path
Rendered Pegasus’s existing payload delivery channel ineffective
Led NSO to shift to other attack chains (like the “Heaven” WhatsApp impersonation method)
âžżâžż
Tool Purpose
🤍WIS WhatsApp impersonator client (Heaven)
🤍Q&Q Toolset RTCP generator and packet modifier
🤍Pegasus Final payload with device takeover
🤍TraceStitch Heap layout prediction & ROP generator
âžżâžż
âžżâžż
CVE-2019-3568 – WhatsApp VoIP Stack RCEExploit Summary
CVE-ID: CVE-2019-3568
Vulnerability Type: Memory corruption – heap-based buffer overflow
Attack Vector:
Remote, via malformed RTCP (Real-time Transport Control Protocol) packets sent during a WhatsApp voice call
Impact:
Remote Code Execution (RCE) in WhatsApp process without user interaction (zero-click)
Platform:
Android and iOS WhatsApp clients
Patched:WhatsApp v2.19.134 (Android) and v2.19.51 (iOS), May 2019.
âžżâžż
Exploitation Logic
1. Target Surface
Exploit leverages the libSRTP-based VoIP stack, which handles RTCP packets used for session feedback and control in encrypted voice calls.
RTCP parsing logic failed to sanitize certain control fields, especially those related to extended report block lengths and payload types.
2. Exploit Algorithm Flow
1. Attacker initiates WhatsApp voice call to target (call never needs to be answered).
2. During SIP/VoIP session setup, attacker injects a malformed RTCP packet:
- Payload includes an extended report (XR) with a length field that causes heap corruption.
- The data pointer is shifted to point into a controlled heap region.
3. Heap spray is used prior to the call to fill memory with ROP gadgets or shellcode.
4. WhatsApp’s VoIP thread parses the corrupted RTCP payload:
- Triggers a buffer overflow
- Hijacks return address via overwritten heap metadata
5. Final stage loader downloads and injects the Pegasus spyware binary into user space.
âžżâžż
Vulnerability Root Cause
A lack of proper bounds checking in srtp_unprotect() when handling compound RTCP packet lengths.
Specifically, incorrect handling of:
block_length in XR headers
packet size mismatch vs actual read buffer
ASLR and DEP were bypassed using dynamic heap shaping and ROP chains tailored to the victim’s device/OS version.
âžżâžż
Patch Details (May 2019)
WhatsApp Patch Analysis
Introduced stricter validation in the VoIP media engine:
Validated block_length and total_length fields in RTCP/XR headers
Rejected malformed RTCP packets that exceeded expected control sizes
Recompiled the VoIP library with stack canaries, PIE, RELRO, and hardened malloc on Android and iOS
Moved critical parsing logic out of untrusted network threads into a sandboxed process (in newer versions)
Net Result
Fully blocked the RTCP overflow path
Rendered Pegasus’s existing payload delivery channel ineffective
Led NSO to shift to other attack chains (like the “Heaven” WhatsApp impersonation method)
âžżâžż
Notable Tools Used by NSO Group
Tool Purpose
🤍WIS WhatsApp impersonator client (Heaven)
🤍Q&Q Toolset RTCP generator and packet modifier
🤍Pegasus Final payload with device takeover
🤍TraceStitch Heap layout prediction & ROP generator
âžżâžż
Forensics Indicators
Malformed rtcp packets seen in logs: unusual XR block types and lengths.WhatsApp crash logs showing access violation in libwhatsapp.so VoIP thread.Outbound connections to AWS/Vultr endpoints post-exploitation.Forwarded from NoGoolag
Introducing oniux: Kernel-level Tor isolation for any Linux app
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/
https://blog.torproject.org/introducing-oniux-tor-isolation-using-linux-namespaces/
blog.torproject.org
Introducing oniux: Kernel-level Tor isolation for any Linux app | Tor Project
Introducing oniux: Kernel-level Tor isolation for any Linux app. This torsocks alternative uses namespaces to isolate Linux applications over the Tor network and eliminate data leaks.
Forwarded from Derrick Broze's Daily News
Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
At Odysee, we’ve always believed in giving creators the tools to control their own destinies. That’s why we’re thrilled to announce that the Independent Media Alliance (IMA) - a coalition led by Whitney Webb, Derrick Broze, and Ryan Cristián - will soon be launching its own Portal within our emerging Decentralized Media Ecosystem (DME).
This is more than just a new partnership. It’s a powerful demonstration of what’s possible when independent voices are equipped with the right tools to protect their editorial integrity and speak directly to their communities - without relying on the whims of centralized platforms or algorithmic gatekeepers.
https://odysee.com/@Odysee:8/welcomestheindependentmediaalliancetoportal:b
At Odysee, we’ve always believed in giving creators the tools to control their own destinies. That’s why we’re thrilled to announce that the Independent Media Alliance (IMA) - a coalition led by Whitney Webb, Derrick Broze, and Ryan Cristián - will soon be launching its own Portal within our emerging Decentralized Media Ecosystem (DME).
This is more than just a new partnership. It’s a powerful demonstration of what’s possible when independent voices are equipped with the right tools to protect their editorial integrity and speak directly to their communities - without relying on the whims of centralized platforms or algorithmic gatekeepers.
https://odysee.com/@Odysee:8/welcomestheindependentmediaalliancetoportal:b
Odysee
Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
View on Odysee: Decentralization in Action: Odysee Welcomes the Independent Media Alliance to Portal
Forwarded from NoGoolag
IMA: Artificial Intelligence And Its Influence On Research/Investigation
Today the Independent Media Alliance (#IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as the world at large. There are many powerful benefits that can come from utilizing #AI in research and very serious concerns many of us share about the potential downsides to its use as well. We will be taking an objective look at both the concerns and benefits.
Far too many seem to be taking the responses of AI chat bots at face value, with little or no interrogation, due to those behind their creation. Others will outright dismiss a data point due to its AI origin with no further investigation.
Today we will discuss how this tool is being used, how it may be influencing those who use it, and whether this AI future is indeed inevitable.
https://odysee.com/@theconsciousresistance:7/IMA-Artificial-Intelligence:0
https://www.bitchute.com/video/Hi1jwqw48zns
https://www.youtube.com/watch?v=GlzcEH4xJvs
Today the Independent Media Alliance (#IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as the world at large. There are many powerful benefits that can come from utilizing #AI in research and very serious concerns many of us share about the potential downsides to its use as well. We will be taking an objective look at both the concerns and benefits.
Far too many seem to be taking the responses of AI chat bots at face value, with little or no interrogation, due to those behind their creation. Others will outright dismiss a data point due to its AI origin with no further investigation.
Today we will discuss how this tool is being used, how it may be influencing those who use it, and whether this AI future is indeed inevitable.
https://odysee.com/@theconsciousresistance:7/IMA-Artificial-Intelligence:0
https://www.bitchute.com/video/Hi1jwqw48zns
https://www.youtube.com/watch?v=GlzcEH4xJvs
Odysee
IMA: Artificial Intelligence And Its Influence On Research/Investigation
Today the Independent Media Alliance (IMA) brings you a panel focusing on artificial intelligence and the many ways that it is influencing or entirely changing research and investigation, as well as t...