banner
jsrailton.bsky.social
John Scott-Railton
@jsrailton.bsky.social
26K followers 460 following 550 posts
Chasing digital badness. Senior Researcher at Citizen Lab, but words here are mine.
Posts Media Videos Starter Packs
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 1d
You don't even need to read the article to know this is a durian.
4 4 87
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
Thats fascinating...

I've always wondered about this...
1 2
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
I hear you. Sadly the reason is because, as age verification mandates grow...people have no choice if they want to use a key service.
1 30
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
3/ With every fresh breach there's the inevitable guidance on what to do next.

And @happygeek.bsky.social has a nice piece here.

But it should bother you that the technology promised to make us all safer, is quickly making us less so.

www.forbes.com/sites/daveyw...
Discord Confirms Users Hacked — Photos And Messages Accessed
Discord has sent users an email confirmation of a hack attack that has leaked personal and payment data, along with some photo and message content.
www.forbes.com
2 33 140
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
Proponents say age verification = showing your ID at the door to a bar.

But the analogy is often wrong.

It's more like: bouncer photocopies some IDs, & keeps them in a shed around back.

There will be more breaches.

By @jaypeters.net
www.theverge.com/news/792032/...
Discord customer service data breach leaks user info and scanned photo IDs
An “unauthorized party” may have accessed the names of users, the last four digits of credit card numbers, and more.
www.theverge.com
4 130 350
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 2d
NEW: breach of Discord age verification data.

Including some users passports & DLs

Age verification is a badly implemented data grab wrapped in a moral panic.

Mark my words, as age verification mandates expand, we'll end up more surveilled and less secure. 1/
24 650 1.4K
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
2/ Backdoors are not the way to make us safer.

They insert vulnerable bad things right at the place where we need the strongest protections.

This latest attempt to demand access is *yet another* unreasonable, secret demand on Apple (a TCN) from the Home Office....
6 16
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
NEW: UK asked Apple to backdoor iCloud encryption.

Backdoors create a massive target for hackers & criminal groups.

Dictators will inevitably demand that Apple do the same for them. 1/

www.ft.com/content/d101...
2 41 49
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
3/ This is your reminder that the EU continues to be a hotbed of spyware scandals & hypocrisy from lawmakers.

Great to see these MEPs & political groups bucking the trend & leaning in to call for change.

bsky.app/profile/sask...
saskiabricmont.bsky.social
Saskia Bricmont @saskiabricmont.bsky.social · 7d
Public money is funding spyware!

With 39 MEPs from 4 political groups, we are writing to the @ec.europa.eu to express deep concerns following @ftm.eu revelations that EU financed spyware companies!

This must stop! We call on full transparency and follow up on the PEGA committee recommendations!
2 11
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
2/ The mercenary spyware crisis is fueled by your pensions & tax dollars.

Whether it's Oregon public employees or Alaskans, Europeans or folks in South Yorkshire...

The Fund managers stewarding your cash bear a heavy ethical responsibility for the harms they turbocharged.
bsky.app/profile/vasp...
vaspanagiotopoulos.com
Vas Panagiotopoulos @vaspanagiotopoulos.com · 7d
🚨 The 🇪🇺 European Investment Fund (EIF), provided venture capital for Israeli #spyware firm Paragon Solutions, confirmed a spokesperson for the European Investment Bank Group, to which the EIF belongs, @apache.be is reporting.

apache.be/2025/10/01/e...
European Investment Fund financed Israeli spyware company Paragon
Paragon's spyware has been used against activists by multiple governments.
apache.be
1 3 17
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 6d
NEW: turns out the EU helped finance a bunch of spyware companies with..public money.

Extremely bad look.

Group of MEPs calls for action.👇

apache.be/2025/10/01/e...
1 65 94
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 25d
Friend,

Does scrolling leave you hollowed?

Is anger frictionless...but thinking like swimming against the current?

You're in an algorithmic rip tide.

Your mental clarity is the target.

Take a beat and step out

Connect with your own thoughts.

It's what designers of these algorithms fear most.
8 23 90
Reposted by John Scott-Railton
rondeibert.bsky.social
Ron Deibert @rondeibert.bsky.social · 27d
NEW: Spyware installed on Kenyan filmmakers' phones in police custody @citizenlab.ca confirms cpj.org?p=516177
Spyware installed on Kenyan filmmakers' phones in police custody - Committee to Protect Journalists
New York, September 10, 2025—The Committee to Protect Journalists is gravely alarmed by the installation of spyware on two Kenyan filmmakers’ phones while the devices were in police custody, and calls...
cpj.org
1 30 33
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 27d
Amazing. Essential question here.
1
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 27d
THANK YOU FOR YOUR ATTENTION TO THIS MATTER
1 2
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · 27d
Powerful interests are trying to change the internet.

It's worse than you know.

Your safety and freedoms are on the line.

Thank you for your attention to this matter.

www.youtube.com/watch?v=iz_8...
Exposing Pegasus: How the State Spies on You | John Scott-Railton
YouTube video by What Bitcoin Did
www.youtube.com
2 16 37
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
13/ The US uses also Paragon's tech at their counterintelligence peril.

Past analyses by the US highlighted how foreign spyware acquisition introduce national security & counterintelligence downsides when the company's technology is developed by foreign companies & foreign gov adjacent individuals.
1 13 54
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
12/ Finally & unfortunately: as of right now I am pretty confident that no publicly available / commercially developed third party tool can reliably detect Paragon spyware.

Beware a false sense of security.
5 21 64
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
11/ What can you do? Go call your member of Congress. Ask them to get briefed. Ask for oversight.

And on a personal level? Apple's Lockdown Mode & Android Advanced Protection both offer some serious security benefits but neither is a silver bullet..
3 31 110
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
10/ After 14 years of working on this topic, I tell you this with confidence:

Highly invasive mercenary spyware is a power abuse machine.

It's incompatible with Americans constitutional rights and freedoms.

And our legal system and civil society is not prepared for the next chapter.
3 61 190
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
9/ Fast forwards to last weekend and the US government abruptly reopened the door for the spyware company:

"This contract is for a fully configured proprietary solution including license, hardware, warranty, maintenance, and training. This modification is to lift the stop work order."
2 21 81
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
8/ The Italian scandal didn't finish cleanly.

While the Italian authorities admitted to targeting activists, they didn't take responsibility for hacking the journalists.

Meaning that some of the most troubling Paragon victims are still seeking answers.
1 15 90
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
7/ Cases kept coming & after initial denials.. Italy had a major national scandal about surveillance overreach & spyware abuses.

Ultimately the dust & a parliamentary intelligence oversight committee investigation led #Paragon & Italy parting ways...

www.reuters.com/sustainabili...
Italy and Israeli Paragon part ways after spyware affair
Italy and Israeli spyware maker Paragon said they have ended contracts following allegations that the Italian government used the company's technology to hack the phones of critics, according to a parliamentary report on Monday and the company.
www.reuters.com
1 21 93
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
6/ Almost immediately after the WhatsApp notifications, we started learning about the targets.

They weren't the supposed serious criminals...

They were Journalists... human rights defenders...groups working on sea rescue of migrants.. etc

[email protected]
www.theguardian.com/technology/2...
2 33 110
jsrailton.bsky.social
John Scott-Railton @jsrailton.bsky.social · Sep 2
5/ Then in early 2025 #Paragon's rosy image met reality.

#WhatsApp caught the company hacking people across their networks & notified targets.

We worked with several & did a forensic analysis of their devices.

Cases started coming out fast...

By @raphae.li
www.reuters.com/technology/c...
2 21 93