The interesting thing IMO is they claim to just be some random college student. Which seems believable because if they were a real secret squirrel I guess they wouldn’t ask reddit about it, haha.
I wonder if the hackers are targeting people based on phone numbers or something. (I could imagine a college student recently getting a new number and ending up with one that’d been associated with a target—I guess? Although you’d hope there’d be a way to retire numbers that are known to be targets).
I think there's a misunderstanding on what constitutes a valid or ideal target for state sponsored (or "mercenary") attackers. Simply working at a research lab, industrial manufacturer, power station, tech company or knowing a certain professor can put you on a target list.
Well dang I work in a research lab and I didn’t get an email.
I’m just going to assume my research is so interesting that they sent the real badasses after me, somebody that Apple can’t catch. The truth is too ego-shattering.
The first day at university in the 80s, Computer Science, the head of faculty told us that stats were that only 30% made it to graduation and started walking in front of the first row of the hall. “You will graduate, you won't, you won't. You will graduate, you won't, you won't." Motivational speech or not, at least half of the students dropped out in the first two years. The goal of those two years seemed to be right that: convincing people to leave. Then it got easier and more interesting.
Similar experience in EE, the first year requirements were full of "filter" or "weed-out" courses in math and physics.
The generous argument is that it's only fair to the student that they should know quickly whether they'll be able to get through the material. Failing fast can be merciful.
The truth is probably more complicated. Let's just say that the student population ended up looking a lot like the TA and professor population. Lather, rinse, repeat.
NSO was targeting something like 40k people just in mexico. It's entirely possible that this was an accidental targeting because they have a similar name or email to a target.
I found this email from Apple in my inbox too. At first I thought it was spam.
The only thing I can think why I could possibly be targeted is that I mentioned on a few Youtube channels about the clearly obvious IDF troll armies spamming the comments of any YT news stories which highlighted the atrocities (as well as mentioning when the troll armies seemed to stop their operations dramatically last week when the World Kitchen aid workers were killed and the news exploded around it).
It could also be an accidental misidentification - maybe OP has the same name as someone they actually wanted to target, or their phone number or email address is very similar to someone they wanted to target.
Or, it could be an intentional misidentification - maybe OP has a friend who was picked up by whatever east european security services, and provided OPs name as some kind of co-conspirator in something OP's friend was into.
Well the they might be just a college student, but they could have a relationship with the actual target in some way. And if it's part of a complex operation they could be trying some indirect approaches.
> Well the they might be just a college student, but they could have a relationship with the actual target in some way.
People who are "just" college students often are the sons and daughters of people who could be targeted. Not to mention people in their social circles.
Everyone's thinking academic secrets but have they engaged in activism in any way shape or form?
Being able to take activists and discredit them is an amazing ability. I would not at all be surprised if the xz compression backdoor was an attempt by a certain government to gain the ability to discredit anyone that is against them in anyway.
College students are a traditional target of oppressive or authoritarian regimes. Teaching young adults to view the world through different lenses and systems is an important part of most college programs, as is a significant amount of self-discovery, and both lend themselves very well to activism, especially since young adults are rarely so jaded as to feel like they "can't do anything about it"
Having wrote an article on XZ, I was half expecting to have this text popup, especially as I'm fairly certain i was targeted by a misinformation campaign already
Why would a college student be an interesting target simply for being a college student in an interesting field? If they work at an interesting company or something like that I would understand, but the knowledge that is accessible in colleges is not some super secret stuff or am I missing something?
The conversation here is focussing on industrial espionage, but that's only one use case for this kind of active measure. An association with an opposition political party could easily get one on a surveillance list.
Yep, imagine an international postgrad student from an NSO client-state who criticizes their home country's leadership online, or is perceived to be a political activist is likely to be targeted by their own government for additional on-device monitoring via spyware. This could provide a springboard into monitoring other groups the victim may be a member of.
Colleges are basically outsourced green field R&D setup through professors as well as Patent departments to monetize their internal/grant research spend.. Sampling in a large company what you would happen upon is mundane additions to complex solutions you would be unlikely to want to copy if you weren't along for the earlier parts of the ride.
It doesn't take much to be a target. CIA spy maybe not, but the net is wide when it comes to surveillance. Infrastructure providers, higher education, research labs are all common targets.
I wonder how to quantify this. Even folks in those industries listed while there may be reason we could imagine to target them... I would imagine lots of folks in those same industries are NOT targeted.
Of course we'd have to identify "targeted", personally I wouldn't include "your name ended up on a list after someone grepped a bunch of data". I would think of as targeted as a more curated type list / process / and then the call was made to "target" someone.
Otherwise, heck random scanning on the internet would be "targeted".
It could be that they’re related to a target. I’ve done a lot of hobby OSINT and sometimes finding a target is using off-center targeting to effectively triangulate or pivot.
There's some significant geopolitical intrigue surrounding Cyprus -- probably the most obvious are its partition between between Turkey and Greece and its use as a tax haven by Russian oligarchs.
A government that stoops to civil rights crimes but doesn't attach a good percentage of its fear to student movements is kind of oblivious to history as it pertains to its own miserable survival.
Between the Metaverse, "mercenary spyware", AI war targeting, and death drones, I keep wondering who it is that read Neuromancer and thought; "What a rosy picture! How can we realize this stunning vision of a future-to-be?"
To be fair, somebody will always decide what you wrote was a warning and they should fear it, even if you specifically intended a utopia, just as people insist on rooting for and even imitating the bad guys from stories because they misunderstood "cool" as "good".
Example: Some people think San Junipero, the one positive Black Mirror episode with an actual Happily Ever After romantic ending is a dystopian vision.
Some people think the Primer, the technological device at the heart of Diamond Age, is the problem, not the Neo-Victorian aristocrats like Elizabeth's parents with their pseudo-colonial control over part of China, not the huge corporations whose greed is tearing the world apart and their engineers like Fiona's father, nor the Cyberpunks left over from a previous era like Nell's father - no the problem is the machine.
In the Tweet framing it's easy, it's named a Torment Nexus and the book is literally titled "Don't Create The Torment Nexus" but what about the Horseless Carriage? The Novel? The Television? Are we creating the Urban Sprawl, the Wasted Youth, are we helping to Manufacture Consent ? Or maybe these are Freedom and Art for the Masses ? Framing.
> Some people think San Junipero, the one positive Black Mirror episode with an actual Happily Ever After romantic ending is a dystopian vision.
IIRC, after the couple prances away hand-in-hand into the sunset, the camera pulls back through the fourth wall to reveal the darkened server room in which their minds are being emulated, blinkenlights glittering in the darkness among the monotone drone of case fans, zooming out to reveal an endless row of servers receding into the distant blackness in a scene reminiscent of The Matrix. If the showrunners intended it to be unambiguously happy, I feel like they would have omitted that part... Or maybe I'm hallucinating, because I found the implications utterly horrifying, much to my partner's consternation.
Not to mention that Black Mirror's entire agenda is near-Sci-Fi horror.
The episode is specifically about getting trapped in nostalgia, a non-existent past. Yes, love is found in this pursuit, but so it death. All the music in the show is about living in a box and forgetting about the real world. Other characters talk about forgetting they're in the simulation and they talk about how they live in a graveyard. There's that hole conversation with Greg about how the timelimit exists so people don't kill themselves to permanently leave the world behind and "live" in San Junipero forever.
And I'd expect of all people HN people (computer people) would understand that uploading into a simulated reality is not the same as you entering that reality. Remember, once "you" are data, you can be copied. Then who is the real you. If you can be uploaded without being killed in the process then certainly that entity is not "you," but rather a different entity who has all your memories and is not able to distinguish itself from you. But you are still experiencing your experiences and not their experiences, so you are different entities. It is just an AI double. The promise of an afterlife is no different than the promises of old. A story to help you move on, to help you find comfort in the end. But this story is just more tangible for those who are left. San Junipero is not much different from many of the other stories who approach this topic. Even the happier Upload is quite dystopian between the lines of being a rom-com. It is that happiness that is the dystopia itself, the lure of false promises. The poisoned desert so sweet and tempting it is impossible to not take a bite.
> Remember, once "you" are data, you can be copied.
If you're copied that's what "Hang the DJ" is about, and more darkly the short story "Lena". But San Junipero deliberately doesn't do that.
Alas, the thing you claim isn't the same as being is in fact exactly how you work today. Is this an existential nightmare? I got used to it pretty quickly, and in San Junipero you'd have a lot longer to get used to it. Greg Egan posits that, to the extent consciousness is anything it's somehow a consequence of patterns of computation. That is, if somehow the same patterns that you represent came into existence again they'd "be" you in every sense that matters. The "Lena" scenario remains horrifying, all those copies are the same person, instantiated over, and over, and over again to do menial tasks. But San Junipero is just life after death.
The Permutation City reference is irrelevant to San Junipero. I never made the claim that the entities in the simulation were not sentient. I made the claim that they aren't "you." These are very different things.
I haven't seen the newer seasons. But looking at the synopsis on wiki (Beyond the Sea?), this is a very different scenario. Permutation City might be a better one to look at for what I'm getting at. Remember in that story that you are essentially making a copy of yourself and putting it into that universe. That entity is not you, but it is sentient, conscious, and it's own thing. But you aren't in that simulation with it unless you virtually go in (and in their scenario you need to deal with the time differential).
San Junipero is a corporation promising you life after death. The same way Amazon Prime's Upload does. But San Junipero in Black Mirror itself made no claim, and the writers place a lot of not so subtle hints as to the idea that it isn't. Not only by nature of being a Black Mirror episode, but I suggest you look closer at the soundtrack of the episode and how its used in context.
> I made the claim that they aren't "you." These are very different things.
I understand what you're claiming, as I pointed out under this understanding your current existence is already terrifying. Not just when you fall asleep, but even moment by moment the underpinning compute substrate is repaired and replaced and yet it feels as though this is an ongoing experience, there's no reason Yorkie experiences this any differently even though intellectually she knows the transformation was more... substantial.
It's just Trigger's Broom / the Ship of Theseus, this isn't even a new idea.
> the writers place a lot of not so subtle hints as to the idea that it isn't.
Like the hint where Charlie Brooker specifically said that no it's the Happily Ever After ending ? Maybe he wasn't patting his head like you knew he would be if he was addressing True Fans like you ? Didn't give the secret sign ?
I thought I already spelled this out well enough, that somebody will insist that the heroes are villains, that the bad guys are the good guys and so on. Sometimes they have a point, but more often they just didn't see what was in front of them. I am kinda tangentially interested in the Slash scene (e.g. I know people involved in AO3) and the Slash communities are the same - sometimes you're like sure, this was barely subtext in the movie/ TV show/ novel, in a braver world the writers would have had them kiss on camera, but other times it's like "Where did this even come from? Were you watching the same show?" - and sometimes that's deliberate contrariness but other times it really isn't.
It's not as though I don't have my own divergences from what writers believe about their own works - for example in my opinion Firefly was a TV show about the bad guys (people who lost a civil war and just decide that doesn't count) written by someone who doesn't understand that they're the bad guys. Obvious Whedon doesn't agree and I don't expect him to. Or for example Vinge insisted he doesn't know who/what Rabbit is in "Rainbows End" and in my opinion there's only one option which makes any sense.
But I guess I kinda asked for people to insist their wrong interpretations of San Junipero are the only correct one when I gave the example.
That was not clear from the prior conversation. Lost in translation I guess.
Sure, we can go into sleep and is reality even real. But it's a bit different when we're talking about a specific reality we know is not real and the point I'm getting at is that we know that version of you is for sure 100% with no uncertainty not you. Since both entities can exist simultaneously and independently. Which is an entirely different construct than say dying in your sleep and being replaced because there's not multiple entities with shared experiences existing at the same time. What I'm pointing to is this so yeah there's clearly miscommunication when you're talking about an even more abstract concept.
> If the showrunners intended it to be unambiguously happy, I feel like they would have omitted that part...
I think this has the same direct purpose as my favourite modern Doctor Who scene but with different larger strategy. To tell the audience something explicitly, because it's not necessarily obvious and otherwise not everybody will have guessed. Often the Doctor understands what's going on and the audience are learning as they go, but in "The Girl In The Fireplace" the Doctor never actually knows why this spaceship chose this girl, in this time. The audience does at the end though, because we pull out to show the spaceship's name.
Both the women know exactly what we're shown at the end of San Junipero. That "Heaven is a place on Earth" in a very literal sense, but while it's explained somewhat, the details aren't mentioned because they'd be clunky as exposition - hence the explicit visualization of the data centre where they're running.
You aren't alone in finding this horrifying, but for Charlie Brooker, myself and a large number of people this is the best case scenario - and since Charlie wrote the show...
Same goes for certain types of lead characters in things like American Psycho, Fight Club, Mad Men and Wolf of Wall St. These are seen as aspirational instead of cautionary tales.
And, famously, Michael Lewis's first book, "Liar's Poker":
> Despite the book's quite unflattering depiction of Wall Street firms and many of the people who worked there, many younger readers were fascinated by the life depicted. Many read it as a "how-to manual" and asked the author for additional "secrets" that he might care to share.
I go to a restaurant where the owner has recently hung a sign reading “The World is Yours” as though Tony Montana from Scarface should be regarded a fount of wisdom.
If you want to deify Tony Montana, there is one quote that is the John 3:16 of his proselytizing, and the world is yours is not that quote. I guess you can't put it in a restaurant.
There was a recent article in NYT about Grand Theft Auto and the author mentions that their friends became a little more racist after playing it as kids. My takeaway was that these forms of media aren't for children because they probably won't understand that it's satire. Then I realized that many adults don't understand that it's satire either.
The framing and cut scenes in GTA may be satire but the gameplay where you actually immerse yourself in the game in get into the character's shoes mostly aren't. Those parts are largely just shooting people.
I guess you could argue that it's some other kind of satire than being anti violence.
The tech company is right since this appears to be a reference to the Total Perspective Vortex from Hitchhiker's Guide, which notably didn't do anything bad when it was turned on.
> "What a rosy picture! How can we realize this stunning vision of a future-to-be?"
The people who said
Don't worry about doing it right, just do it fast, we'll fix it later
And it was never fixed. It seems we keep pushing to go faster and faster, and for cheaper. If you continually are cutting weight pretty soon you're gonna have to cut off your limbs. Any successful bureaucrat/manager who cut fat before you is not going to leave much fat left for you to cut. Besides, some fat is actually good.
Don't worry, reality and time will find a way to make reality worse than anything a fiction writer could've conceived in the past. Even Brave New World seems quaint now.
There will never be a shortage of people who read dystopia and think "That would be awful, I should oppress the entire world as it's rightful, righteous god king and make sure things go well (specifically how my extremely small perspective understands right and wrong)"
We see on this very board a huge segment of people who believe "tech" for "tech's sake" is a good thing, or that any "tech" is inherently an advancement of society, and that advancement === good
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” it wrote in the warning to affected customers."
I would assume it's fake, part of some phishing scam. How can we know something like this is real? I'd be even more likely to think it's fake if it looks different than all the other messages I get.
Edited to add: As a comment below pointed out if you "sign in to appleid.apple.com" it'll confirm, which even I would trust! Thanks to quitit for pointing that out.
"To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in."
As long as it doesn't have any links to click or try to force you to login to something, it just sounds like information to me.
If my bank sent me something about Credit Card fraud I would be very skeptical if it had a big "CLICK HERE TO LOGIN" type of thing.
But if it was just info, and maybe ended with "Contact your local branch to learn more", but no links, no phone numbers, etc. I would be less skeptical.
This is, I think, a valuable heuristic. Anything but the most complex and long-term scam always includes some call to action, nearly always URGENT and IMMEDIATE (so as not to give you a chance to think about it or research it).
A notification that is ONLY a notification about something is very unlikely to be malicious (though could certainly be erroneous). My bank will send me a concerning email or SMS about suspicious activity that needs to be reviewed or confirmed, but because they know it's a vector for attack their specifically ask you to call them at their published number listed on your card.
But if the phishing scam manages to display such a message in a different way on your phone, you can’t trust the phone anymore as it has likely been hacked.
In the screenshot it says the threat notification was sent "via email and iMessage", so it would not be displayed in any different way on your phone, which I also find surprising. I definitely wouldn't expect to receive something like this as an Email, and I have turned off iMessage.
iMessage has been one of the most successful delivery vector for these spyware attacks.
So, if you think you are a likely target of a state sponsored attack, best thing you can do on an Apple device is to turn on lockdown mode, turn off iCloud and iMessage, stop using keychain, use only a yubikey for all authentication, and restrict yourself to a limited number of essential apps on your primary device and use a dedicated burner device for all your throwaway browsing and communications, and erase/reset that device after every session. And still, assume everything you say and do online is fully compromised, because there are always system vulnerabilities that haven't been made known yet ('zero-day' attacks) and are being used to compromise highly targeted individuals. In the end, it is a very convoluted cat and mouse game.
Unless things have changed since I last looked, if those you talk to aren't also on iMessage, it feels like a net negative to use as you get inconsistent/negative behavior between contacts. From that end, it becomes sort of a moral issue with the clearly arbitrarily locked gates and poor experiences. So you disable and use a non-malicious and cross platform solution.
> Apple is malicious, but Facebook is totally okay?
This is such a bizarre comment to make, because OP never suggested that Facebook is "totally okay". You replied to them after their edit window passed, so they didn't say that and then edit it out either.
I'm in Europe, I haven't encountered anyone in my life who has used iMessage (everyone uses WhatsApp, now also Telegram/Signal), so I don't really have a use for it, when I wanted to try the weird AR emoji / heartbeat reaction message things with my partner we noticed we both had iMessage turned off, I guess it's like a setting that maybe we skipped during the phone setup? Not sure if it's on by default for some people.
imessage and rcs (and arguably mms, although that started as cost cutting) are backdoors for the legal protections on mining telephony provider metadata for marketing. with those two "opt in" (lol) techs, all safeguards are off.
Several CVEs in the past related to iMessage. And it has surprisingly high privilege. Since I seldom need it, turning it off is better for my security.
iMessage histories are backed up in the nightly automatic non-e2ee iCloud Backup, effectively backdooring iMessage’s “end to end encryption” by escrowing the plaintext to a not-endpoint.
Apple can read approximately everyone’s iMessages out of their backups. It’s not private or secure, and claiming it is end to end encrypted is misleading almost to the point of being actually false.
This is the same behavior as SMS if you have enabled “Messages backup.” If backup is not enabled you will not have a copy of iMessages stored in iCloud (though all compatible and configured devices will still receive messages).
This can be changed by opting in to the e2ee iCloud data service “Advanced Data Protection.”
Nope. Even opting into ADP, your iMessage conversations will still be backed up to Apple without e2ee - just from the non-ADP phones of all the people you iMessage with instead of your own phone.
iMessages are backed up in duplicate - once on the sender and once on the receiver. You can only control e2ee for half of it, so your conversations are still under surveillance unless everyone you message with has also turned on ADP.
Is there any E2EE messaging service, or network protocol of any sort, that doesn't suffer from this? If an endpoint is compromised in whatever way, it doesn't matter how encrypted the data is in transit.
You’ll note that this is regularly and frequently used by the FBI against domestic users (such as BLM protesters). Apple processes these FISA demands on over 70,000 user accounts every year, and the number is increasing. (That’s just the count for the warrantless FISA stuff - search warrants are a different (larger) figure.)
They also expanded it to allow them to search Apple’s data on people entering the US as visitors.
> The House also passed several other significant amendments. They included allowing the Section 702 program to be used to gather intelligence on foreign narcotics trafficking organizations and to vet potential foreign visitors to the United States; empowering certain congressional leaders to observe classified hearings before a court that oversees national-security surveillance; and expanding the types of companies with access to foreign communications that can be required to participate in the program.
Nobody remotely versed in this stuff would expect SMS to be end-to-end encrypted, though to be honest the more notable fact to me here is that Apple can read any plaintext in your backups. iMessage is an over the top messaging service more akin to WhatsApp or Signal than it is to SMS, so that is a more relevant comparison. I don't know if any of the clients store plaintext messages that would be backed up to Apple in a similar manner or not, but I'd hope at least the more security focused ones do not.
Apple makes privacy claims about iMessage including 'Apple can’t decrypt the data.', which is notably false in this (common) scenario, and requires a large asterisk on those claims, IMO bordering on making them unethical, period.
Albeit recent and optional, isn’t that a hole specifically fixed by the Advanced Data Protection option[0]? Granted, it doesn’t do much if your recipients don’t also have it enabled.
How can Pegasus and NSO still be allowed to exist? I know they are an Israeli corporation, but even then has there been action against them from the Israeli government? This is basically rogue state behavior
PBS Frontline has a good documentary on the NSO Group. They are sanctioned by the government, and even used as political leverage - https://m.youtube.com/watch?v=6ZVj1_SE4Mo
But that's the thing. This is basically public knowledge at this point. I realize that almost every regional or super power has or tries to have this type of corporation for their own usage, but in this case it's public knowledge and it also openly targets Israel's allies. A good example is how France's president was targeted.
I'm not sure the US wouldn't at least pretend to shut down/restrain a corporation that's helping Israel's ennemies spy on Netanyahu for example.
The only one stirring up a regional war is Iran, arming terrorist groups around Israel as a proxy war. The fact they can act with impunity is a stain on the west just like the war in Ukraine that still rages on. This might not have been a bin laden level assassination but it was not that far and any other country that faces the same threat would do the same.
Israel has literally targeted Iranian territory. How is that better than arming Israel's opponents? And Israel is the country with not only a nuclear capability but also invented the "samson option", which is basically threatening the region to nuke everyone if they have to. Israel and Iran really deserve each other.
If you mean the "embassy" building it's not Iranian territory. They are not defined as such, it's false information from movies and did you forget the bombing of the Israeli embassy in Argentina? They sure didn't have an issue then.
If you mean assassinations of nuclear scientists in Iran then sure you are correct but then what do you expect when Iran's leaders again and again say they are going to wipe Israel off the map?
"How is that better than arming Israel's opponents?" - Got me there buddy, how is it better than targeting military targets who fund and direct terror vs aiming blindly 100k rockets into population centers.. gee they are so equivalent
When all your neighbors wants to murder you and throw you to the sea you tend to be a bit overly defensive, why is it any different than the US/Russia/China nuclear arsenal as a deterrent?
The difference is that China or Russia or the US have a mutual destruction doctrine. Russia or the US won't nuke every country on earth that they can reach if they get nuked by China for example. According to that logic since Israel clearly wants to destroy Iran, it should be able to nuke Israel as a last act even if Israel didn't initiate a nuclear attack.
As to your first point, I'm talking about decades of Israeli operations, not just what happened recently. But I guess Israeli embassies are ok to attack now, since they aren't in Israeli territory.
You keep saying that they are just trying to not get wiped out, but they are the only people that are actively and openly wiping out another group. Like, multiple Israeli officials have stated they want to level Gaza to the ground. Is the Westbank colonization also just a way for poor Israelis to not get wiped by neighbors or?
They also killed more than 30 000 civilians in the past few months. So the narrative that they are just trying to not get pushed back to the sea doesn't work very well here. Especially coming from a colonizing state that is actively expanding in territory that isn't theirs the moment that said territory stopped armed combat against them.
Where did you come up with "Israel clearly wants to destroy Iran"? Did you forget that before the Iranian Islamic revolution they were best buddies? You might say that Israel wants to see the Iranian dictatorship fall (and that's only because of their action against Israel, Israel couldn't care less what they do in house to their own people) but it's a far cry from wiping Iran unlike Iran stance to kill all the jews in Israel (and beyond).
Iran would have bombed Israeli embassies if they could (not like they don't try), they don't need an excuses because they already did that to Israel AND the USA (or did you forget about that too).
"they are the only people that are actively and openly wiping out another group" - Sure, they cried genocide for 75 years about since then they more than doubled, worst genocide ever. Unlike the 500k dead Syrians or the 250k killed in Yemen and that's just in the last 10 years or all current African conflicts, but when its not Jews it's not interesting right?
I'm not here to support or defend the occupation but from a security stand point yes it was/is necessary if you look at the region/border geographically
from a military defensive stand point, you can just look at all the previous wars/clashes/terror attacks from that region pre 67. Reminder that the PLO (the good, "peaceful" terror group) was founded in 1964.
30k people, a number made up by and inflated by a terrorist run organization, very reliable[1] (they even admit its based on social media posts), in that case take into account the 10k dead combatants. 2:1 ration is one of the lowest if not the lowest in urban combat in recent memory just look what it took to wipe Isis in Mosul but I bet you didn't cry genocide then right?
There is always someone on each of N sides of these longstanding conflicts in the region saying "Y is really the problem (because I support X; all who support X know Y is the real problem)."
That foreign powers abuse that to their own advantage worse than even the local factions do is the true stain on humanity. Why support this?
Yeah the issue with "Netanyahu is the problem" is that most of the Knesset is full of even worse folks. And the Israelis who elect them.
The country is drunk with US money and arms and hasn't had to really consider rational approaches to anything since big daddy US always funds them regardless of their actions.
> I'm seriously considering changing to Apple after this.
Ironically that may be worse for you. iMessage is probably a critical step in 60% (or more) of these exploits, and the various unicode/pdf etc rendering engines are responsible in many exploits. Android's open-source nature likely means that a lot of these things are found by security researchers first. Don't forget that zerodium still pays more for an android 0-day than an iOS 0-day.
Plus, the huge variability between Samsung/Google/Moto/Huawei etc makes it triply hard for a single exploit to be successful.
Apple specifically acknowledges this and has Lockdown Mode to address it. If you care about security you should enable it. Of course you’ll not be able to watch YouTube videos, but you’ll be safer.
whats the point of carrying phone that doesn't even play youtube videos? If security is so important then they should probably carry nokia style 2000's phone where there is no chance of malaware?
I don’t think Lockdown Mode actually prevents you from watching YouTube videos. Some googling suggests that there might be issues when using the YouTube website in Safari – which makes sense, since Lockdown Mode disables a bunch of Safari features. But the YouTube app probably still works. (I haven’t tried though.)
> Plus, the huge variability between Samsung/Google/Moto/Huawei etc makes it triply hard for a single exploit to be successful.
That variability is a double-edged sword. Manufacturer-added Android bundleware is notorious for being shoddily built and could easily represent added points of ingress.
Which is why I wish it were practical to replace OEM Android versions with GrapheneOS/CalyxOS or similar on the latest devices, similar to how a cutting edge PC can run one’s choice of Linux. As long as more secure or at least more standardized Android distributions can only run on devices with some age on them, their popularity will be limited even among the technically inclined.
I do not believe the android Messages application is open source. I believe AOSP contains something very barebones. It has been a lot of years, am I incorrect?
That's a half truth as well because the APIs that Message is using are open source and documented. You can recreate a third-party Message app and that's what is used in some of the android distributions.
I believe it is relevant, at least till recently Apple developed a “blastdoor” to keep iMessage safer against such attacks. While other apps have been used in attacks (eg WhatsApp/Jeff Bezos iirc) iMessage seems to have more permissions than an average user app.
Ok, but you still haven’t explained how this means it is any less secure. Can you point to exploits that take advantage of the system integration it has?
I've read (I have no sources) that while the "zerodium still pays more for an android 0-day" thing can be true, the conditions on the "top" payout are pretty strict, due to the same aforementioned variability between vendors. To get that payout you'd have to find something exploitable on nearly all vendors version of android along with working on 2-3 versions. In reality an iMessage exploit is going to pay out a lot more because it would be exploitable on nearly all iPhones running x version of iOS, for example. Finding an exploit in say "Samsung messenger" (I don't know if that even exists) would pay less than an equivalent iMessage one.
If we’re talking about having the microphone tapped etc, I don’t think anyone would still be developing 0-days for such old phones. If you want to be safer (assuming fear of old software having unpatched vulnerabilities) Nokia launched a dumb phone not too long ago.
However… GSM networks and cell tower level tracking is much harder/almost impossible to escape short of throwing away your phone. SMSes can be hijacked, hostile agents can force downgrade the connection to 3G/2g to break encryption (iirc, please correct me if wrong), and your location is generally known to your service provider and Uncle Sam.
Plus… the SIM card is its own mini computer, and lots of the firmware between that and the telephony modules is proprietary and closed source. If you’re familiar with intel ME you have an idea of what I’m talking about.
Honestly, if you’re not a journalist going after big names, or a top CEO/president etc you likely don’t need to worry about any of these. But if you are, or just want to be privacy conscious, your best bet is to never use cell towers and only use Wi-Fi/internet from public or untraceable places; along with Wi-Fi calling for telephony. Btw I’m not sure but I think Google fi and a few carriers/MVNOs offer virtual numbers, which can be a good first step for privacy.
Reading between the lines, one thing that I expect Apple has but may not be discussing -- root-cause replayability post-infection, across all Apple devices.
I.e. infection is eventually discovered, Apple isolates the vulnerability's entry point, then Apple has some ability to re-scan all devices to detect which may have also had the attack targeted against them
Hashing some data that can serve as a fingerprint makes sense from a herd standpoint (hell, even something as simple as call stack after iMessage received)
Far worse with Android users? In general, sure. Google Pixel phones however nowadays comparable to Apple in terms of security. Some argue more secure. And as others have noted Google has notified people about similar before.
Plus, I don't think the onus is on Google to monitor and alert for other OEM phones ala Samsung, Motorola, etc.
You don't need to be a journalist. I think many tech workers are oblivious to how juicy and obvious a target we are. Most of us publish a detailed target on our own back via LinkedIn, or our company's website About Us and Clients pages.
Long ago, I co-founded a tiny startup. We had some high profile clients. I was dumb enough to put those clients on our site. I also used to be dumb enough to have a public social media profile, in my name.
I was already somewhat security aware, but one day I almost fell for a spear phishing email. Someone created a gmail account 1 character different from my gf's gmail. They sent me a well worded, but simple email along the lines of "Hey baby, check this out!" and URL shortened link. She happened to be next to me, and I said to her "Hey, what's this?" "What? I didn't send that!" I then opened it in a VM and saw that it resolved to something.ru.
It was a combo of identifying the juicy client of ours, seeing my name as co-founder, finding me on FB, finding my gf in my profile, getting her email, etc.
I then got to learn fun new terms like threat modeling.
Is it possible that someone might think that you have ssh access to a server on an interesting network? You are a target.
Or if you are adjacent to a high profile target, working in the same company as a high profile target, working at a company that is contracted to a high profile target, friend of a friend of a high profile target.... And so on.
Sure, the average person probably doesn't need this (although as another comment pointed out, HN isn't quite representative of the average)... But the net is a hell of a lot wider than just journalists.
Years ago I worked for a non-profit in an office building in San Francisco. My office neighbors were Google, the US Secret Service and, I shit you not, China Daily (a major news outlet run by the Chinese Communist party).
Wait... Apple has the worst security record of any of the FAANG companies and you are switching to them because they admitted a security issue after the fact?
"Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware"
So, maybe even provoking an Apple warning to those targets could also be part of a sophisticated operation.
These targets react or have to react in a certain way. Instigate to lure people out of hiding and entice them to react, even if only to observe their behavior.
What do these targeted people do then? Switching phones? Accessing certain digital services, warning their network via conventional lines?
From an observer's perspective, this is pretty thrilling.
Apple advise whom to contact on their website for guidance, but they are of course not alone in dispensing this and similar advice.
Apple:
"If you have received an Apple threat notification
We strongly suggest you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website. Outside organizations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice."
"The Access Now Helpline and other Security Lab civil society partners are also equipped to support individuals who have received these Apple notifications."
If it required the wrench, it was at least un-hackable enough. Part of the reason for remote hacking is to avoid alerting the hacked party to what's going on, which is obviously failed by the time you're hitting them with a wrench.
At the end of the day, you want the data. Sure, it's much more convenient to get the data from a device, but if you had to get it somewhere else, the data is obtainable.
It looks like the message encourages users to update "to the latest software version, iOS 16.6." I wonder if their message is different to users on devices which no longer can be updated beyond iOS 15, like iPhone 7, 7 Plus, SE and so on.
Pretty much every computer virus, worm, etc ever has been due to engineering flaws in software products. All software ever made has bugs in it, including whatever you're using right now.
Could this be illegal in some countries to notify users like this? I could see how revealing to some one they were the subject of a gov't targeting would be illegal in some countries.
Note that "mercenary spyware" is the politically correct term Apple chose for "state-sponsored attacker" because Modi complained that Apple was exposing them for using illegal NSO Group spyware.
Well "mercenary" do sound weasel term but calling it "state sponsored" with releasing details for others to research and prove/disprove isn't doing much apart from agitating supposed states.
Any government has to take Apple's word seriously it is not like an individual or small time company claiming that government illegally tapped their phones or hacked computer and government doesn't even bother to respond because its not worth their time.
Technically speaking, Apple placing iCloud services for users in China on CCP-controlled hardware (as required for their continued operation in China) is also a “state-sponsored attack”.
Not that they have a choice, given that their most profitable product lines are all basically 95%+ manufactured in China by Chinese nationals working for Chinese companies.
Yes. We’re well past “following local law” and into “active cooperation” territory. Apple by nature can’t have adversarial relationships with the US or Chinese governments or they’d get squashed like a bug.
One might even argue they have a fiduciary duty to not pick fights with city hall.
The wording is technically correct since these attacks are often facilitated by private for-profit companies. It just glosses over who is paying them (state actors).
That was my first thought as well, though on further consideration I assumed that it was some kind of paid/for-profit criminal organization performing these attacks on behalf of a nation-state.
The power of language, where "state-sponsored" too accurately directs the population's attention to their government but where mercenary is vague and non-aiming - where a simple change in language is enough to quell that ire and attention of authoritarians; or should I say authoritarian behaviour to not out them directly as authoritarians?
Apple needs to work with authoritarian governments, or nobody is going to build our iPhones.
I would guess it’s obvious for everyone who gets the message that they are political targets. However it is also important to call out abuse of power, like is in the case of India, Spain, Poland, where the governing party is spying the opposition in order to find ways to get rid of them.
There are definitely more countries where Intelligence Services spy on not only the opposition but members of congress. The FBI admitted to spying on members of the US senate as well as an adversarial candidate to the US presidency.
As a bridge perhaps, and not all authoritarians are equal - of course, so being rational is fine - aligning with a less worse, less captured society is a reasonable stepping stone; and a maneuver can be to pit one tyrant against another, where India-China relations aren't good - however that could be useful to both tyrants towards manufacturing consent to send all of their young military aged men - who would be the strongest, most capable to go up against the tyrants - instead sending them to a meat grinder of a potential WW3 that the military industrial complex is also likely drooling over in their fascist wet dreams; the two sides of the fascist coin being authoritarian politicians and industrial complexes.
However the longer we allow revenues to be generated in relationships with authoritarian economies-states, the more we're empowering them.
That in a way is also a carrot - at least until a certain point of no return - where in America there's an effort to collapse the USD, and they might succeed - and then where BRICS will have buying power to influence the rest of the world to align with bad actors in each countries who aren't yet toeing the tyrannical line - and help them navigate towards a totalitarian state.
Knowing who is your ally in each nation is important, and keeping communication lines open is the bare minimum - and tyrant wannabes in different nations, except in places like China where they already are locked down in their systems, still need to creep forward in as incognito method as possible until they've captured all of the various positions necessary before they can recruit and grow their Gestapo.
Most people are unaware that Canada is about to be captured by fascists, and where laws and mandates have already passed that could allow those politicians to pretend they won the next election (multiple people in our intelligence agency CSIS already whistleblowing that China, the CCP is confirmed to have interfered in at least our last 2 elections which kept Trudeau-NDP in power) - and then pump that out and control the narratives in our state-funded media channels like CBC; mainstream news - including the biggest dissident media company called Rebel News - aren't shown on Facebook, for vector example, another vector being an arguably manufactured false flag 3-day outage of Rogers Telecommunications - where this fascist government immediately afterward mandated all telecommunications companies cross-integrate their services "to act as a backup" for other companies - which conveniently creates-allows for a centralized system for monitoring, etc.
I think as of right now, it's nearly impossible to buy a guilt-free computer of any kind. It's a spectrum, obviously, but I think if you were to audit every component of any computer you buy from basically any company, you'd eventually get something kind of depressing.
A relative of mine in the defense industry has told me that, generally speaking, the DoD requires that none of the components in missiles have parts manufactured by potential adversaries, which makes enough sense but is also extremely difficult now.
When I have to point to something when I say I doubt manufacturing will ever come back to the west, I point to the fact we can't manufacture the simplest of things ourselves anymore.
Thanks Delta Airlines, whose metal nametags are literally just cut sheets of aluminum with some paint on them and are still Made in China. Someone seriously wants to tell me we can manufacture bleeding edge tech when we can't even cut and paint our own fucking sheet metal?
That's just weird. the US is definitely a lower cost country than Norway yet my youngest son works for a company here in Norway that does quite a lot of business making metal and plastic tags of various kinds with text engraved, printed, or laser cut.
As far as I know most of the machinery is made in Europe, mostly Germany, again generally higher cost than the US. So I find it difficult to believe that it can't be done in the US.
Cost cutting seems to be done much more deeply in the US than in Europe. For example, economy class on all North American airlines is rather miserable, while most European non budget carriers have a better experience in economy.
I feel like, for better or worse, the US is sort of obsessed with figuring out how to drive costs down as low as possible, at least historically. So much early American industry was based around making mass-production more and more efficient, e.g. early assembly lines for the Ford company being an obvious case.
In a lot of ways, this is obviously good, most people benefit from lower prices, more value being created, etc, but I think it's also made it so that cheap-but-ethically-dubious manufacturing from other countries becomes increasingly appealing, especially since it's abstracted enough from the end-user to where they can comfortably say "out of site out of mind".
I'm no better; I know very well the conditions of some other countries, and think they're very bad. I also think it's bad that America fought a whole war to end slavery, and instead we just launder it through other countries. Still, despite me thinking all of this, I still generally shop for reasonable prices instead of trying to focus on ethical stuff.
Can confirm just got back from Barcelona on an Iberia flight. Evonomy on this flight was hands down better than any flight I have taken in the US. Food, service, even baggage policy was just simply a better experience. Honestly my mind was blown / food multiple meals included in price of economy seat. Just less nickel and diming and overall better experience,
The metal nametags is a very poor example of the point being attempted since I would venture a guess that there are 1000s of companies or shops in the US that can make metal nametags.
I wholly admit it's a highly specific and probably poor example, but it helps to get my point across. Even US flags and US Olympic team uniforms were Made In China until there were rightful uproars to force the issue back to the homeland.
When we can't make our own fucking blue jeans we absolutely cannot try for a technology victory.
Well you can also try committing to new year resolutions and so many other things. But companies have bet on consumers value convenience over everything else. And so far they've been right in almost every instance.
Best to refer to them as the “Ministry of Truth”. We’ve always been at war with Eurasia.
I wonder if someone has made a “De-bullshitify English” Chrome add on to replace phrases like “mercenary hacker” and “officer-involved shooting” with more semantically correct phrases.
Aren’t its primary methods of deployment and utilization widely considered to violate domestic and international laws for unauthorized access to targets’ devices and/or data? I might be mistaken, I don’t know for sure how common such statutes are outside of the US, but I’m pretty sure it’s illegal in the United States, even for law enforcement (the likely unconstitutional extrajudicial activities of some unnamed alphabet agencies notwithstanding). If nothing else, there are documented cases where it’s been used to spy on journalists and activists in Saudi Arabia, including the widow of the assassinated American journalist Jamal Khashoggi.
The DMCA, in the US. Other statutes in other markets. Hacking computers is pretty prima facie criminal everywhere. It's true that there are inter-jurisdictional edge cases (cracking an iPhone in India via an attack from Israel probably isn't illegal in the USA,etc...) which allows NSO to operate more freely than we'd like. But no one seriously claims this is legal activity anywhere in particular, just that we can't catch them.
Basically the distinction is one of law enforcement authority, not legality.
The point I'm hearing in the parent post is more like that many of the state actors using such attacks against domestic targets actually may be legally allowed to do so, if they have passed laws which permit their own security services to use such software on their residents' phones.
Even in USA that likely could be legal with an appropriate court warrant, and many other countries have more permissive constitutions.
> Even in USA that likely could be legal with an appropriate court warrant
Can you expand upon this? I'm not particularly familiar but it doesn't seem right. Obviously LEO agencies are allowed to subpoena private information, but can they legally use exploits with a warrant? Are there recorded examples of this?
[Based on your reference to warrants, I guess I'm excluding the NSA or other supposed state-level spy agencies that supposedly secretively deploy such tactics]
I'm not a lawyer and the proper answer is likely state-dependent, but why not?
It's well established that with an appropriate warrant, LEO have always been able to come into your house without telling you and add hidden surveillance bugs to listen on your communications; they have always been allowed to physically modify or replace your phone (e.g. physical phone wiretaps a century ago); Electronic Communications Privacy Act reasserts that this applies also to electronic surveillance and digital communications; so (as a non-expert) I don't really see why that wouldn't apply to smartphone exploits as well. We do see exploits being applied to devices in LEO possession (e.g. https://www.theverge.com/2021/4/14/22383957/fbi-san-bernadin... for one random example) to recover evidence.
The main restriction is the constitutional limits of 4th amendment which requires specific warrants for each case - which is a significant practical obstacle, so the circumstances in which warrantless wiretapping is permitted (e.g. by PATRIOT act) is a contentious issue; however, it's not relevant if a proper warrant is obtained.
The CFAA is the broadest and most relevant US statute regarding computer hacking. But yes, international computer hackers typically operate outside of the jurisdictional reach of their targets.
NSO Group is sanctioned, so buying their spyware is probably illegal if you're an American. Furthermore, several tech companies have sued or are in the process of suing NSO Group for their hacking operations. Expect those lawsuits to involve every HN user's two least favorite laws: DMCA 1201 and CFAA.
I would describe this spyware's "illegal" status as colloquially true - despite the lack of a comprehensive, international, enforceable legal framework - at least in the USA [0]:
> As part of this effort, the End-User Review Committee of the BIS decided to add four foreign entities, among them two Israeli companies, NSO Group and Candiru, to the Entity List. The U.S. Export Administration Regulations (‘EAR’) impose additional license requirements for exports to listed entities, and limits the exceptions for exports, reexports, and transfers to such entities.
But they continue:
> The existing international and national frameworks regulating the export of sensitive spyware technologies lack the teeth necessary to deal with contemporary issues relating to the abuse of these technologies and the growing need for their enhanced supervision.
Well, supreme court ordered panel investigation into this spyware scandal didn't find any evidence of actual spyware. So there's that. Also, if government wants to investigate someone, they have so many powerful ways to do that (and they actually do that). So, it's not clear to me what need they have to go spy on people via NSO tools. And surely, if they were building large datacenters to do massive spying like some TLAs do in 5eyes countries, we would know about it. So, no, this isn't the local government but a foreign government (which doesn't have detention powers in another country) that's likely to use remote hacking methods to coerce people in another country. We saw this with leaked data dumps from recent hacks by the not so friendly neighbors on India's many citizen databases (like retirement provident fund systems etc).
I'm not sure exactly what part of it you're trying to refute since your comment is kind of all over the place, but GP comment is correct.
The reason it's called that is literally because of the Indian government.
> Apple's removal of the term "state-sponsored" from its description of threat notifications comes after it repeatedly faced pressure from the Indian government on linking such breaches to state actors, said a source with direct knowledge.
I'm clearly refuting this – "because Modi complained" in the GPs post.
And your linked article is making an unsubstantiated claim based on "source with direct knowledge". That's just not credible enough.
It would have made more sense if you have context on the local politics in India or followed the supreme court case on this matter.
> That’s not an unsubstantiated claim, that’s literally how you deal with sensitive contacts and information in journalism.
The way it works is if the writing has a byline of a credible investigative journalist. It doesn't work for an anonymous wire service article.
> You understand that nobody is going to speak on the record about this, right? What, exactly, do you expect in terms of substantiation?
Journalism used to have standards. If you didn't have multiple confirmations you wouldn't publish it. These days they publish anything. They have more better credibility than anonymous opinion posts on random internet forums.
I spend way too much time on HN, and having seen how often flags are abused or simply used too liberally, I think they are way too over powered. A lot of good discussion gets killed by flags right it of the gate. Sometimes it gets vouched and redeemed, but the vast majority of the time the damage is done and that comment or story languishes in obscurity.
The comment doesn't really say anything and the commenter is not saying they edited the comment to make it just non-substantive rather than non-substantive and inflammatory.
I would hope people aren't using flags for low-value comments, but you make a great point that it could have been edited to remove something that was deserving of a flag.
They could, and if you ask me, they should. They gum up threads and often start meta discussions about exactly how low-value they are. Many are even explicitly listed in the guidelines - snark, tropes and memes, 'broke the back button', shallow putdowns, etc. Righteously flaggable, one and all.
I agree regarding snark, and pretty much anything that criticizes the person rather than the ideas. But one person's tropes and memes are often somebody else's current belief/position, especially if they are part of today's lucky 10,000[1].
What (in your opinion) is the purpose of the down-vote button?
But one person's tropes and memes are often somebody else's current belief/position
In a site with the ostensible goal of 'curious conversation', that's not really good enough - it's not the job of your potential interlocutors to figure out what sincere, reasoned beliefs and positions hide behind the throwaway trope line. If you want to have a conversation, it's on you to try to converse. There are lots of other places where the trope line is fine - from the group chat with friends or colleagues to twitter. But those places work in different ways.
What (in your opinion) is the purpose of the down-vote button?
It's a way to say 'this comment is misranked'. There are lots of reasons to feel a comment is misranked - including simple disagreement.
Saw it while it was flagged. There were two sentences. They removed the second one. Cant remember the exact wording, it was a short one, but it was basically saying: "Israel bad".
You're being downvoted because you made a three-word comment that adds nearly nothing to the discussion on a site that hopes to entice meaningful discourse. Trying to play the victim on top of that is just silly.
Maybe my thinking is a bit naive, but I would assume that the message signals that Apple found a new way to identify (and therefore maybe neutralize) Pegasus which is probably at least a medium annoyance to them.
If you were the hacker operating a remote command and control for such a targeted attack, you would immediately know if Apple or some other mechanism silently blocked your exploit kill chain. This notification to users tells you nothing new. If something doesn't work, you move on to the next exploit available to you. It's not likely that they would shut shop and go away just because apple notified users. Only thing this does is Apple gets more users to turn on their protection mechanisms like lockdown mode which makes it more valuable to find vulnerabilities in that (as that is the new baseline now). And so goes the tale. It's a never ending escalatory game.
That's not true, in the message they refer you to a web page with more details: About Apple threat notifications and protecting against mercenary spyware -https://support.apple.com/en-in/102174
I disagree: I'd expect they would have discovered the exploit and delivered and update to patch it, and lock down mode is not standard usage by normal users.
Here’s hoping that this isn’t any sort of psychological warfare tactic which Apple has been pressurised to sow into making groups of people assume blame at certain groups for the purpose of swaying elections in certain ways.
Because God knows how many times Five Eyes have tampered with elections across the Middle East in the past 50 years.
I wouldn’t be naive to believe everything totally and just putting another perspective out there which may be worth considering (even for just a few seconds).
Pricing of 0-days has very little correlation with the security of something, if any correlation.
I'm not sure what the "and for more" you are referencing. The site lists prices, an FAQ, and events. None of that supports the argument made by parent comment.
The number of public bounties for a system seems orthogonal to the number of actual vulnerabilities in a system. Of course, vulnerabilities exist independent of the existence of a bounty for them.
The bounties look like they have fairly comparable distribution, and just knowing the dollar figures doesn't really tell much about either supply or demand. Your inference requires that knowledge.
Pet peeve: This story alternates between "nations" and "countries" as if they were synonyms. A nation is a group of people sharing cultural, ethnic, and historical ties. There are many more nations than there are countries, especially within the US. A country has a political boundary, a flag and an anthem. It's one thing to use a word in the wrong way, because maybe you don't know the other word exists, and that's okay. But it's really annoying to hear both words being used in the same story but alternating them, without any explanation as to why. Is this an AI generated story?
Both “country” and “nation” have a wide variety of definitions, and several of them overlap.
The definition you give for “nation” is a particular technical one used in certain contexts, but the word used for the way you define “country” in the context where that kind of technical definition is being used for “nation” is “state”, not “country”. (And even “state” may be used with additional qualifiers to disambiguate the exact sense when used for that, because it is a heavily-overloaded term.)
Pet peeve: Not enough pedantry with language use in publications.
Nation and country are not interchangeable. Words have meaning. Good journalist choose their words deliberately and have a deeper understand of language than the average person.
Sure, words certainly have meaning, but that meaning is constantly evolving and even differs from person to person.
For the common person and the common definition and use of the two words, they are very much interchangeable. The common person might not even notice the change in words because the generally used definitions of both are common enough.
With all due respect, I’ve simply never heard anyone use these terms “correctly”. I live in an English-speaking country, and the closest thing I’ve seen to this is university signs that say things like “this is tiger nation” or something similar. But I’ve also seen people use “country” to express that too.
I assume they’re alternating not because it’s AI written but because the author considered them synonymous and wanted it to sound less repetitive.
These words are just so overloaded that I think this is a lost battle. People hike in the back-country, you can live in the city or the country. And frankly if you used “nation” to represent a cultural group of people in almost any context I think people would not understand or worse - assume you were stoking some racial angst or land-dispute.
It’s “true” if you, as the GP seems to intend to, define “country” to be “state that is sovereign in the sense of a principal subject of international law”.
This is, to say the least, not the only definition of a “country” (and is also among the definitions of “nation”.)
If you care, you definitely need to specify what you mean, e.g. the British gameshow "Pointless" has a catch phrase:
"And by 'country' we mean a sovereign state that is a member of the UN in its own right"
So if you're asked for "country names ending in land" on the show they'll invariably remind you of the definition and you ought to then know Scotland is plain wrong, whereas Ireland is a reasonable although obvious (so not "Pointless") attempt to answer.
https://old.reddit.com/r/iphone/comments/1c10jai/i_have_rece...
The interesting thing IMO is they claim to just be some random college student. Which seems believable because if they were a real secret squirrel I guess they wouldn’t ask reddit about it, haha.
I wonder if the hackers are targeting people based on phone numbers or something. (I could imagine a college student recently getting a new number and ending up with one that’d been associated with a target—I guess? Although you’d hope there’d be a way to retire numbers that are known to be targets).