This is not something I was tracking.
Source: 
BACKGROUND
Back in April, #Apple sent out a threat notification to a select group of users. Some got in touch with us to get analyzed.
WHAT WE FOUND
They'd been targeted with a sophisticated zero-click attack (think: no click, no attachment to open, no mistake needed...).
While my brilliant colleague Bill Marczak was working on the phone of a prominent European journalist, he made a smoking gun discovery:
Requests to server matching our P1 fingerprint for #Paragon's graphite.
Paragon's 'undetectable' Apple spyware had just been found... Just as we'd found their Android spyware some months ago.
The prominent European journalist had another spicy indicator on their iPhone logs:
An iMessage account belonging to a particular #Paragon customer...used to deploy this zero-click attack.
We call this account ATTACKER1. We'd find them again in short order...
Earlier this year we uncovered #Paragon's Android spyware after #WhatsApp notified a group of users they'd been targeted with Paragon.
One of the notification recipients? Journalist Francesco Cancellato
His outlet http://fanpage.it had done bombshell reporting that displeased the Italian government.
Then, in April, his colleague Ciro Pellegrino also gets a notification.
His is from Apple (Cannot overstate how helpful these notifications are)
We analyze Ciro's iPhone & forensically confirm he's a Paragon target.
And we find the ATTACKER1 iMessage account again!
ITALIAN DRAMA
This week #Paragon and #Italy have been locking horns over the case of Francesco Cancellato. Paragon doesn't want to be stuck w/unexplained abuses against journalists.
I think Paragon likely want to be able put to it on a customer & wash hands...
But when your customer is a government... they clap back. So Italy has been threatening to declassify things like Paragon's testimony to their intelligence oversight committee. Spicy.
BIG QUESTION
We're left with a big question: who's hacking European journalists with Paragon?
Who targeted Francesco & Ciro?
Right now they have no answers.
Bad look for Paragon. Bad look for Italy.
Curious what Paragon knows about that server...
BIG PICTURE
Paragon's marketing was the 'clean' & stealthy opposite of NSO Group.
Yet Paragon's Apple and Android tech got caught.
And they can't shake a spyware abuse scandal.
Conclusion: the problem isn't just a few bad apples, abuse is axiomatic.
And discovery is a matter of time.
APPLE USERS:
One bit of good news, Apple tells us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1.
That's #CVE-2025-43200 for the curious.
Make sure to keep your iPhones up to date. And get in touch if you get one of these advanced threat notifications.
OUR FULL REPORT: 
That's enough friction to keep the knowledge from most of the globe.
Every time I encounter knowledge gatekeeping in a health related journal I wince.
I wonder if the American Journal of Psychiatry has considered the costs to the field, and our global mental health, of staying closed?
The thing is, I can personally read these articles thanks to my institutional affiliation.
But the momentary friction as I cross through the paywall reminds me that most people can't.
The article: https://psychiatryonline.org/doi/10.1176/appi.ajp.20250289
Their website: 
Including severing Ledger founder David Balland's finger.
Authorities are probing possible links to additional cases.
This dynamic of remotely-masterminded attacks is terrifying. Nothing about these attacks requires super special skills, and the sheer ease of moving the assets once the wrench attack has happened is likely to attract more criminal groups.
I still think we're in the earliest days of these. Plenty of #OPSEC lessons and complexities to start thinking about here.
Also, almost certainly the case that post- #Coinbase breach we will see more of these attacks.
Read the news story: 
2- Audiences move from incumbent platforms following influential voices that they follow. Focus on onboarding these influential voices. This is more impactful than just trying to bring the whole audience first.
This dynamic can build contagion. Find ways to more publicly highlight when influential accounts join.
And make it super easy for Nostr users to use clients to reconstruct followees & social graphs from incumbent platform. Trick will be to do this in a privacy respecting way.
(sidenote: that's way the follow packs were such a good idea. But we need much more of this)
(note: influential voices may experience a period of 'where's my audience?' So it's key to find ways to get the transitioning user from that to the reconstruction of their network. )
3- Multiple peers transitioning is key. Having local clusters develop is important (& probably helps with the dry period before an audience is rebuilt.)
Interesting nuance: transition rates to #bluesky were 25-30% in fields like arts/social sciences, but about half that in medical / physical sciences / engineering. Possible predictors include baseline political engagement & political values expressed.
This has an implication for Nostr: focus messaging on Nostr features that may align with people in incumbent platforms. There has to be desire.
Paper "Why Academics Are Leaving Twitter for Bluesky" https://arxiv.org/pdf/2505.24801
But Wyden didn't stop there. 
He highlighted troubling evidence that when government-ordered surveillance of Senators took place, companies failed to notify Senators.
This is a bad, scary look for these companies. And it drives home the fact that Americans are often running blind when it comes to potential surveillance overreach.
Sources:
Wyden Letter to colleagues: https://www.wyden.senate.gov/imo/media/doc/wyden_dear_colleague_on_senate_cyber_and_surveillance_surveillancepdf.pdf
Wyden press release: 
It's the kind of 'turn this one thing on if you face elevated risk' that we've been asking for from Google.
And likely reflects some learning after Google watched #Apple's Lockdown Mode play out.
Here are some thoughts:
SOME FEATURES IM EXCITED FOR:
The Intrusion Logging feature is interesting & is going to impose substantial cost on attackers trying to hide evidence of exploitation. Logs get e2ee encrypted into the cloud. This one is spicy.
The Offline Lock, Inactivity Reboot & USB protection will frustrate non-consensual attempts to physically grab device data.
Memory Tagging Extension is going to make a lot of attack & exploitation categories harder.
2G Network Protection & disabling Auto-connect to insecure networks are going to address categories of threat from things like IMSI catchers & hostile WiFi.
FEATURES IM ..MORE CAUTIOUSLY CURIOUS ABOUT
Spam & Scam detection: Google messages feature that suggests message content awareness and some kind of scanning.
Scam detection for Phone by Google is interesting & coming later. The way it is described suggests phone conversation awareness. This also addresses a different category of threat than the stuff above. I can see it addressing a whole category of bad things that regular users (& high risk ones too!) face. Will be curious how privacy is addressed or if this done purely locally.
FRICTION POINTS?
I see Google thinking some of thisC through, but I'm going to add a potential concern: what will users do when they encounter friction? Will they turn this off & forget to re-enable?
We've seen users turn off iOS Lockdown Mode when they run into friction for specific websites or, say, legacy WiFi.
They then forget to turn it back on. And stay vulnerable.
Bottom line: users disabling Apple's Lockdown Mode for a temporary thing & leaving it off because they forget to turn it on happens a lot. This is a serious % of users in my experience... And should be factored into design decisions for similar modes.
GIVE US A SNOOZE BUTTON
I feel like a good balance is a 'snooze button' or equivalent so that users can disable all/some features for a brief few minute period to do something they need to do, and then auto re-enable.
Yes, during that brief period there is vulnerability (and a potential social engineering target), but if the trade off is that the user likely just turns the whole thing off and forgets it..that is worse.
HIGH SECURITY & HIGH PARANOIA USERS
Some users, esp. those that migrated to security & privacy-focused Android distros because of because of the absence of such a feature are clear candidates for it...
But they may also voice privacy concerns around some of the screening features. And about the fact that the phone would need to be re-googled (think:Graphene which confers a lot of privacy by stripping out most google features)
Clear communication from the Google Security / Android team will be key here.
TAKEAWAYS
I'm excited to see how #Android Advanced Protection plays with high risk users' experiences.
I'm also super curious whether the spam/scam detection features may also be helpful to more vulnerable users (think: aging seniors)...
Google's blog: 
It turns out that the regular people on a jury think it is evil when you help dictators hack dissidents.
After years of every trick & delay tactic it only took a California jury ONE DAY of deliberation to get this Monsanto-scale verdict. Precedent-setting win against notorious #Pegasus spyware maker.
BACKSTORY:
Rewind to 2019. About this time (April-May) #WhatsApp catches NSO Group hacking its users with #Pegasus.
They investigated.
We at Citizen Lab helped to investigate the targets & get in touch with the activists journalists & civil society members that were targeted
We identified at least 100. And got in touch. It was a tremendous push of sleepless days. But it made it so clear just how much harm was being done.
Then, In October 2019 WhatsApp sued.
Prior to the lawsuit, NSO had acted the playground bully.
Targeting victims that dared speak up & researchers like us.
Suddenly, the bully wasn't so surefooted. Like the scene in a high school movie where the cousin shows up in the beat up car & collars the bully.
You might not remember, but in 2019 no country had sanctioned NSO Group... No parliamentary hearings, no hearings in congress, no serious investigations.
For years, WhatsApp's lawsuit helped carry momentum & showed governments that their tech sectors were in the crosshairs from mercenary spyware too...
Credit due to Meta & WhatsApp leadership on this one, they stuck the fight out & carried it across the finish line.
NOTIFICATIONS MATTER
WhatsApp's choice to notify targets was also hugely consequential.
A lot of cases were first surfaced from these notifications.
With dissidents around the world suddenly learning that dictators were snooping in their phones...with NSO Group's help.
A SIDEBAR: HARASSING RESEARCHERS
One of NSO's many tactics was to leverage the case to badger me & us Citizen Lab researchers to try and extract information.
It never worked, but it laid bare the tactics that these firms prefer...instead of coming clean.
ROLE OF CIVIL SOCIETY
Ultimately, we wouldn't be here without civil society investigations of mercenary spyware... and alarm raising.
And victims choosing to come forwads.
Thankfully today there's a whole accountability ecosystem growing around this work.
Dozens of orgs engaging.
Numbers are growing.
IS THERE GONNA BE IMPACT? YES
NSO Group emerges from the trial severely damaged.
The damages ($167,254,000 punitive, $440K+ compensatory) is big enough to make your eyes water.
NSO'S BUSINESS IS NOW ALL OVER THE NET
The case is also a blow to NSO's secrecy, with their business splashed all over a courtroom.
WhatsApp just published NSO's depositions, exposing an unprecedented amount of info on a spyware company's operations:
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Eshkar-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gil-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Shohat-Transcrips_Case-4-19-cv-07123-PJH.pdf
✅https://about.fb.com/wp-content/uploads/2025/05/WhatsApp-v-NSO-Gazneli-Transcrips_Case-4-19-cv-07123-PJH.pdf
This will scare customers. And investors. And other companies that do the same thing. Good.
MY VIEW:
Watching a jury of regular citizens see right through NSO's mendacity & hypocrisy...and to the need to protect privacy is amazing.
Gives me hope.
Despite all the fancy lawyering & lobbying, people know that this kind of privacy invasion is wrong.
Read more:
They Exposed an Israeli Spyware Firm. Now the Company Is Badgering Them in Court. 
