Conversation

So … should reporters operate under the assumption that their iPhones have been compromised by Pegasus, Candiru, or something similar? And in the era of zero-click exploits, are there any practical steps a person can take to avoid them?

citizenlab.ca

CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru - The...

The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament,...

Casey Newton

@CaseyNewton

Apr 18

Recently I’ve gotten a lot of strange wrong-number texts, some with images attached, and having now read this

@RonanFarrow

story I’m basically sleeping with one eye open

newyorker.com

How Democracies Spy on Their Citizens

The inside story of the world’s most notorious commercial spyware and the big tech companies waging war against it.

Replying to

and

Have you considered switching to an Android phone running a hardened OS like CalyxOS?

Replying to

had not heard of this! is it good?

Replying to

I've been using it on my Pixel 5 for quite a while and it's based on AOSP with the open source reimplementation of Play Services called MicroG. It's maintained by the

@calyxinstitute

focused on privacy and security. I highly recommend checking it out. calyxos.org

Corin Faife / still in UK

Replying to

and

Do we know that Calyx protects against zero-click exploits? (Given that these exploits are incredibly sophisticated)

Replying to

and

I unfortunately don't know the answer but perhaps someone at the Calyx Institute or

@CalyxOS

team would know more about it.

Replying to

Note that despite their answer falsely claiming to ship patches quickly, they recently went almost 4 months without shipping the Chromium or Android security updates. CalyxOS has a history of covering up their own vulnerabilities and greatly misleading users about security.

Replying to

Multiple Chromium and Android vulnerabilities patched during that time were caught exploited in the wild. The patching continues to be unreliable, and they roll back the standard security model in AOSP. There's far more to security than fixing bugs one by one as they portray it.

8:45 PM · Apr 23, 2022Twitter Web App

Replying to

Did you seriously just search for any mention of CalyxOS to find this thread? Other than having to wait for the update from 11 to 12 updates have been quick and reliable and I think CalyxOS is the best for MOST users.

Replying to

There was almost a 4 month delay for security updates including browser updates. It wasn't only the major upgrade from 11 to 12 which was delayed. There are far more delays than that in practice too, and lots of security features rolled back or compromised in the OS.

Show replies