Just finished reading pegasus today. Fascinating how this will keep evolving, keep getting worse and we might as well act as if we are getting surveilled. Too much incentive to not have adversarial actors. Link for the lazy - not an affiliate link - https://www.amazon.com/Pegasus-Threatens-Privacy-Dignity-Dem...
The fact that you've heard about it --- heck, the fact that there's a book about it --- should tip you off to the idea that Pegasus is not the SOTA implant. There's a whole marketplace of companies providing these services, both exploit chains and implant stacks, and most of then are firms you've never heard of before.
An "implant" is like a rootkit; it's all the things you do with a compromise once your exploit chain pays off, and threat actors generally have standardized implant stacks.
"SOTA" is just an abbreviation for "state of the art".
“Implant” would be like any remotely installable persistent exploit that grants access to an attacker over a period of time.
Also, I’m pretty luddite when it comes to highly-hyped AI stuff, (in spite of my income being heavily tied to developing AI models) but I have found ChatGPT to be shockingly good at explaining super niche terminology and even jokes. So I do recommend people feel comfortable turning to that if they ever feel uncomfortable asking “dumb” questions publicly.
Google has been going down hill for many years but since the December update a few weeks ago it has genuinely become atrocious.
In their quest to combat AI slop (good idea), they've gone and made domain authority so much more important than the content, that now when you search for A B C, you get 20 pages from very "authoritive" sites that are about A, are slighyly about B and don't even mention C. This is despite plenty of great pages about A B C existing and serving the content we're looking for - we just never get to see them because the places they're hosted on aren't "authoritive" enough. Before, you'd get 5 pages, 1 of which likely had what you were looking for, and maybe 1-2 were AI slop. Now zero of them are what you're looking for, but at least we no longer have the (generally very obvious) slop? Brilliant improvement for the users..
The reason behind this is pretty obvious: most AI slop that had been ranking well likely had 0 ad spend, meanwhile the "authoritive" sites tend to have high ad spend. Ads was seeing numbers go down and unhappy customers, and they run the company.
When possible, sure, but this is often not viable. Just to give an example, looking for information on a local performance or exhibition. I can go and dubquote the name of it, but that still gives me 20 "authoritive" websites with vague info on last year's edition, not the few smaller local blogs that have info on this year's edition. Even if I add e.g. "2024". This got far worse since the December update, and many times there's no reasonable way to craft an arcane search query that fixes it.
I see. There’s also “after:2023”, but that only works if the pages with last year’s info don’t appear newer to Google. Personally I haven’t run into the issue you describe yet to a degree that I would have noticed, but we also may have different use cases for googling. Conversely I rather have the issue for certain search terms that Google shows me a page of shopping results before getting to the “authoritive” websites.
I'm sure locale matters. If you're in NYC, there's bound to be authoritive websites with the content you're looking for about almost anything you could possibly want. But the further away you get from the US, the less this is the case.
Though even in the US it largely holds for niche things. It's been a topic on HN for years, how Google has just stopped surfacing small websites with high quality information on a niche topic that can't be found elsewhere, but it's been greatly accelerated since last month.
Are the shopping results you're seeing ranked higher not from authoritive websites (Amazon, Walmart et al)?
So it's either because you, too, have never heard of them, or because you're obliged not to. Which one is it? Are you making an educated guess about their presence?
My questions were rhetorical ;) I've commented on his "patterns" previously, in particular whenever Signal's lack of anonymity is the topic. Apparently it's an offense so one must watch the way they phrase their responses to such statements.
I have no idea how to parse this, but if you thought I was going to give you a list of all the CNE vendors I'm aware of on an HN thread, obviously, no. Why would you care anyways? I know enough to know that I'm speaking factually about the state of the market, but I don't work in it or interact with it in any meaningful way, so you could just as easily say "if you know about that vendor, that means they're not a SOTA CNE vendor either". You might be right!
On this leg of the thread, we're considering basically one issue: is NSO Group one of the {only,most} {important,impactful,sophisticated,whatever} CNE vendors. Is someone seriously arguing that's the case? I'd assume the idea that there are lots of vendors more impactful would be pretty banal, but maybe there really are people on this thread whose understanding of CNE comes entirely from that book linked upthread?
What is the purpose of your original comment? Do you disagree with one of the parent's assertions that (this will keep evolving) (keep getting worse) (we might as well act as if we are getting surveilled) (Too much incentive to not have adversarial actors)? It doesn't seem as if you do, yet some would interpret your tone as argumentative, or unsubstantiated alarmism
I would sum my original comment up as "NSO doesn't matter". It's an interesting CCC talk. It's worth digging into what NSO implants do. There's not much bigger-picture stuff to pull out of it.
By all means, sue them, sanction them, proscribe them, whatever it is you want to do to make NSO less profitable, I'm fine with it. But don't pretend that's solving the broad social problem of CNE operations. Everybody does it, and most people don't need NSO to do it; they have other, better vendors to work with.
It depends on where you are, but generally being a CNE vendor isn't, so long as you're not selling to criminal organizations. If you're doing enough KYC to be reasonably sure you're selling exclusively to agencies of governments your home state doesn't have export controls for, you're probably fine.
Actually conducting operations, totally different story.
Hearsay Systems | Data Science, Engineering | San Francisco, Seattle | https://hearsaysystems.com/ | Full Time | ONSITE
We have been in the news recently because of our acquisition of Mast Mobile (https://techcrunch.com/2017/10/23/hearsay-acquires-mast-mobi...). We are Sequoia and NEA funded, headquartered out of San Francisco (China Basin, right off of the Caltrain station at 4th and King). Our vision for financial services makes it more human, personal and effective. The Mast acquisition helps us get further on that journey through text messages and voice calls. If you are interested come look at our careers page (https://hearsaysystems.com/company/careers/) or drop me a line (email in my profile)
