Surveillance Watch – the hidden connections within the surveillance industry(surveillancewatch.io)
surveillancewatch.io
Surveillance Watch – the hidden connections within the surveillance industry
https://www.surveillancewatch.io
48 comments
The globe doesn't appear on Firefox. Just a black background and a lot of warnings on the console about textures not loading correctly ("renderbufferStorage(Multisample)?: Width or height exceeds maximum renderbuffer size") and then framebuffer not being complete because of the lack of width or height.
It works fine for me in a clean profile, not using my normal one.
I think it's using some kind of feature I've got disabled, or resistFingerprinting is interfering, or maybe an addon or whatnot, but this is definitely a client side issue.
I think it's using some kind of feature I've got disabled, or resistFingerprinting is interfering, or maybe an addon or whatnot, but this is definitely a client side issue.
" or resistFingerprinting is interfering"
How ironic
How ironic
TBH, besides displaying connections its not really interactive. No click, no scroll.
[deleted]
Firefox on Android mobile works! With unlock origin also which is nice
[deleted]
It does for me, no issues.
is this available in a sqlite format† or does anybody know what open dataset supports this? i'd like to explore the connections, but the visualization is both slow on my machine, doesn't quite work on firefox, and is perhaps not in a way i would personally find useful.
†machine parsable format
†machine parsable format
“Not yet, but it's on the roadmap for sure.” — https://mastodon.social/@alshafei/112974828655984716
Pegasus was sold to more countries than they list. It's a good start though. Future improvements could include ability to click on the globe and see what companies are located in the area.
Great website, but I’d recommend making the globe in the background optional or suppressing it on mobile devices or connections. Is the site itself open source? I’d love to help out with this particular thing as I’ve made many a 3d globe on the web and have some experience optimizing this for different end clients
I did not open the site, but unless there's a list of names, preferrably with portraits & clear captions (e.g. "FName Lname, X billions made, from Y definition surveillance / other evils of Z humans") no blame campaign will be effective.
In fact, I would laugh at my (hypothetical) company ending up in list like this; now the blame will be targeted at a non-natural person completely under control (muhahaha).
It'd be cool to make a bunch of algorithm of how much sins publicly known humans have committed.
It would work like this:
Select EG (1) Sharia law (2) Bible (3) Human rights (4) Pain experienced, shimp-saver style.
Then you get at how much sin they've caused!
One could probably even use Wikipedia as source, and get rather far with this.
There's overall absolutely unreasonably little blame of rich humans: how much is the amount of serial killers times their average victim count divided by amount of deaths caused by averaged indirect killings of polluting investors? How come you only know the names of the killers?
Spoiler:
Because humans are evolved to react to violence but not paper leading to violence & Because no established political systems disconnects wealth from political power.
In fact, I would laugh at my (hypothetical) company ending up in list like this; now the blame will be targeted at a non-natural person completely under control (muhahaha).
It'd be cool to make a bunch of algorithm of how much sins publicly known humans have committed.
It would work like this:
Select EG (1) Sharia law (2) Bible (3) Human rights (4) Pain experienced, shimp-saver style.
Then you get at how much sin they've caused!
One could probably even use Wikipedia as source, and get rather far with this.
There's overall absolutely unreasonably little blame of rich humans: how much is the amount of serial killers times their average victim count divided by amount of deaths caused by averaged indirect killings of polluting investors? How come you only know the names of the killers?
Spoiler:
Because humans are evolved to react to violence but not paper leading to violence & Because no established political systems disconnects wealth from political power.
These people seem to be missing.
https://www.jsitelecom.com/
https://www.jsitelecom.com/
Resource hungry website.
Why are Meta and Alphabet, the top spyware companies on the planet, not on here?
Couldn’t agree more tbh. I am currently in the process of cutting ties to all Meta and Alphabet products.
I am documenting my steps/actions here: https://barac.at/essays/on-trying-to-escape-the-surveillance...
For ppl interested in understanding why surveillance is prevailing on the Internet, I highly recommend https://secushare.org/broken-internet
I am documenting my steps/actions here: https://barac.at/essays/on-trying-to-escape-the-surveillance...
For ppl interested in understanding why surveillance is prevailing on the Internet, I highly recommend https://secushare.org/broken-internet
Re: the last link: this is not why surveillance prevails on the Internet.
It’s an economic problem not a technological problem. Surveillance driven advertising became the business model of the net because people don’t pay for content online. That left advertisers as the only true customers, and companies and ecosystems grow toward and around their customers the way plants bend and stretch toward light.
Making the Internet more secure would not have changed this. Surveillance is built into consumer technology directly because advertisers pay more for access to people than people pay directly.
Advertising is the primary force behind this. Government driven surveillance is secondary and really just piggybacks on systems created and sustained by the ad and PR industries.
One of the things you learn as an older engineer is that a lot of stubborn technology problems are stubborn because they are not technology problems. They are socioeconomic or political problems. Privacy online is one of these.
The only way I see this changing is if people change their buying behavior and start demanding privacy, avoiding insecure products, and being willing to pay for it.
It’s an economic problem not a technological problem. Surveillance driven advertising became the business model of the net because people don’t pay for content online. That left advertisers as the only true customers, and companies and ecosystems grow toward and around their customers the way plants bend and stretch toward light.
Making the Internet more secure would not have changed this. Surveillance is built into consumer technology directly because advertisers pay more for access to people than people pay directly.
Advertising is the primary force behind this. Government driven surveillance is secondary and really just piggybacks on systems created and sustained by the ad and PR industries.
One of the things you learn as an older engineer is that a lot of stubborn technology problems are stubborn because they are not technology problems. They are socioeconomic or political problems. Privacy online is one of these.
The only way I see this changing is if people change their buying behavior and start demanding privacy, avoiding insecure products, and being willing to pay for it.
I agree that a big part of the problem is human behavior and how ppl are not willing to change their buying behavior to buy more privacy preserving products or demand the creation of such products or stop using the ones that are “clearly” harming them.
That said, the Internet in terms of privacy and surveillance is broken by design. Here is a relevant quote from the website I shared and you referred to:
“ According to Washington Post's "Net of Insecurity" series the inventors of TCP/IP originally wanted to build basic end-to-end cryptography directly into the protocols, thus guaranteeing at least the authenticity of transmissions if not the content, within the possibilities of the late '70s. By impeding any public use of cryptography, the National Security Agency fundamentally broke the Internet early on. Since then we not only have an Internet which is unencrypted by default, it is also insecure as the provenience of any IP packet can be spoofed at will.”
That said, the Internet in terms of privacy and surveillance is broken by design. Here is a relevant quote from the website I shared and you referred to:
“ According to Washington Post's "Net of Insecurity" series the inventors of TCP/IP originally wanted to build basic end-to-end cryptography directly into the protocols, thus guaranteeing at least the authenticity of transmissions if not the content, within the possibilities of the late '70s. By impeding any public use of cryptography, the National Security Agency fundamentally broke the Internet early on. Since then we not only have an Internet which is unencrypted by default, it is also insecure as the provenience of any IP packet can be spoofed at will.”
I tend to think that the idea of surveillance driven advertising as a model is itself an excuse or justification for intrusion and eradication of personal privacy. I'm saying the whole of that industry was all about spying from the beginning, subsidised by the governance structure, and that the idea that there is actually much of an industry there at all, is am excuse to provide plausible deniability. I don't think online advertising works at anything like the scales we are told.
Look into how much money there actually is in surveillance driven advertising. It's more than you'd imagine.
A good place to start is social media companies' revenue per user. A few years ago Facebook's was about $40/month/user globally, which means users would have to pay $40/month to outbid advertisers.
It's definitely financially motivated. Governments surely piggyback on it and encourage it, but the main driver was and is money.
A good place to start is social media companies' revenue per user. A few years ago Facebook's was about $40/month/user globally, which means users would have to pay $40/month to outbid advertisers.
It's definitely financially motivated. Governments surely piggyback on it and encourage it, but the main driver was and is money.
I'm sure it's about money, I don't think it's based on the market though.
I reckon it's based in indirect governance structure subsidies being sent to those companies that have been set up to harvest data.
The reason I think this, is I don't think I invest any of my resources according to what adverts are shown on a screen. Also, I don't think I know anyone that does spend according to advertising.
I realise companies' 'advertising spend' may also includes brand awareness and other non-sale elements... But you'd think that sometimes the spend would result in an actual sale to justify the spend.
I reckon it's based in indirect governance structure subsidies being sent to those companies that have been set up to harvest data.
The reason I think this, is I don't think I invest any of my resources according to what adverts are shown on a screen. Also, I don't think I know anyone that does spend according to advertising.
I realise companies' 'advertising spend' may also includes brand awareness and other non-sale elements... But you'd think that sometimes the spend would result in an actual sale to justify the spend.
> The only way I see this changing is if people change their buying behavior
Really ? I was born in a world without advertising. If you want my time you must ask for permission.
Really ? I was born in a world without advertising. If you want my time you must ask for permission.
Glad to see the proton mail endorsement! Reinforces my decision haha. I use their mail, cloud storage, and VPN. Been happy for 2 years now.
[deleted]
Because this is ACTUAL surveillance technology - as in vendors law enforcement and governments can directly contract with to tap, monitor, and trace a target.
An Alphabet or Meta only provides metadata, and they too after a court order.
Ok the other hand, these are companies that use said metadata to directly uncover a target.
Using a Gnu or FOSS stack wouldn't protect against the surveillance companies listed.
An Alphabet or Meta only provides metadata, and they too after a court order.
Ok the other hand, these are companies that use said metadata to directly uncover a target.
Using a Gnu or FOSS stack wouldn't protect against the surveillance companies listed.
Yes, well “actual” law-enforcement agencies “actually” use tons of data that originates with Meta and alphabet respectively - at a scale that literally no other organization has the ability to comply with
At that point you may as well implicate Apple, along with the rest of FAANG for being members of PRISM. According to their transparency reports, both Apple and Meta have an ~90% turnover rate for account details to US authorities. If you think it's "spyware" to comply with a legally valid subpeona then you're really not going to like your options.
https://transparency.meta.com/reports/government-data-reques...
https://www.apple.com/legal/transparency/us.html
Ironically, Google actually comes out on top in this respect for continuing to maintain an Open Source OS you can actually use. Neither Meta nor Apple provide ways for a user to avoid their first-party user profiling to the same extent.
https://transparency.meta.com/reports/government-data-reques...
https://www.apple.com/legal/transparency/us.html
Ironically, Google actually comes out on top in this respect for continuing to maintain an Open Source OS you can actually use. Neither Meta nor Apple provide ways for a user to avoid their first-party user profiling to the same extent.
>At that point you may as well implicate Apple, along with the rest of FAANG for being members of PRISM.
Of course, as they should be.
lets not go so far ahead to call Android an "open" product, as flashing a custom rom is severely limited(both flashing, and your capabilities afterwards - for example you might run into issues with banking apps) - but at least you can read the source(without any guarantees that rom contents match it)
Of course, as they should be.
lets not go so far ahead to call Android an "open" product, as flashing a custom rom is severely limited(both flashing, and your capabilities afterwards - for example you might run into issues with banking apps) - but at least you can read the source(without any guarantees that rom contents match it)
> lets not go so far ahead to call Android an "open" product
Why not? When you use Android without Google services it makes perfect sense that some features break. The Play Store services won't work, which is bad but not critical for a smartphone. Pretty much every local feature Android has isn't broken by using a third-party ROM without Google services. I think it's perfectly fair to call Android an Open product, no less than Ubuntu is an Open product despite selling services to their users.
> but at least you can read the source(without any guarantees that rom contents match it)
There are multiple guarantees. You can build the ROM locally and flash it yourself if you're paranoid, the only parts you can't fully inspect is the firmware (which goes for most modern devices anyways). You can also match the official checksum provided by the ROM developer to verify that you're not being MITMed, decompress the ISO archive to inspect it before flashing, or use your Superuser privileges to inspect the root directory after installation.
Android is uniquely open, and I don't think the existence of consequences for gutting Google services changes anything (for me, at least).
Why not? When you use Android without Google services it makes perfect sense that some features break. The Play Store services won't work, which is bad but not critical for a smartphone. Pretty much every local feature Android has isn't broken by using a third-party ROM without Google services. I think it's perfectly fair to call Android an Open product, no less than Ubuntu is an Open product despite selling services to their users.
> but at least you can read the source(without any guarantees that rom contents match it)
There are multiple guarantees. You can build the ROM locally and flash it yourself if you're paranoid, the only parts you can't fully inspect is the firmware (which goes for most modern devices anyways). You can also match the official checksum provided by the ROM developer to verify that you're not being MITMed, decompress the ISO archive to inspect it before flashing, or use your Superuser privileges to inspect the root directory after installation.
Android is uniquely open, and I don't think the existence of consequences for gutting Google services changes anything (for me, at least).
Yea Apple, AT&T, Verizon, Oracle etc…
Once they are provided said data after litigation, what can they do with it? The data provided by these platforms is basically raw data that's useless alone.
They need a platform to attribute metadata to a person, store said metadata at scale, or target a user with said metadata directly.
This is where the surveillance players listed come in, and they don't ask for a warrant or subpoenas because they are vendors selling a platform.
Don't get me wrong - I agree with you that user data collection needs to be better regulated (GDPR and similar regulations like CCPA), but the companies listed are way more mercenary and are the companies that unmask users from the raw metadata provided, and can go well beyond the capabilities platforms like Meta or Google can provide.
Finally, it's safe to say that social media subpoenas are often used for parallel construction, when LE or Intelligence used one of the vendors listed.
ShdwDrgn is a good example of that.
Edit: After a bit of thinking, maybe this list needs much more nuance.
There are various types of surveillance tech, and used for different reasons/tasks.
For example, throwing Palantir in the same bucket at Candiru doesn't make sense, but both can be used in conjunction, and imo it doesn't feel right to put Meta in the same bucket as Candiru or Zerodium
I might be a bit pedantic, but I feel like that pedantry is needed in order to make a better case about how scary the entire surveillance/intel market can be.
That said, I still stand by my statement that a Gnu or FOSS stack wouldn't protect against a number of the vendors listed.
They need a platform to attribute metadata to a person, store said metadata at scale, or target a user with said metadata directly.
This is where the surveillance players listed come in, and they don't ask for a warrant or subpoenas because they are vendors selling a platform.
Don't get me wrong - I agree with you that user data collection needs to be better regulated (GDPR and similar regulations like CCPA), but the companies listed are way more mercenary and are the companies that unmask users from the raw metadata provided, and can go well beyond the capabilities platforms like Meta or Google can provide.
Finally, it's safe to say that social media subpoenas are often used for parallel construction, when LE or Intelligence used one of the vendors listed.
ShdwDrgn is a good example of that.
Edit: After a bit of thinking, maybe this list needs much more nuance.
There are various types of surveillance tech, and used for different reasons/tasks.
For example, throwing Palantir in the same bucket at Candiru doesn't make sense, but both can be used in conjunction, and imo it doesn't feel right to put Meta in the same bucket as Candiru or Zerodium
I might be a bit pedantic, but I feel like that pedantry is needed in order to make a better case about how scary the entire surveillance/intel market can be.
That said, I still stand by my statement that a Gnu or FOSS stack wouldn't protect against a number of the vendors listed.
You forgot Microsoft and Apple.
[deleted]
Why is Hungary not listed as an NSO client? The presentation is only as good as the data. Amateur vibes.
[deleted]
[deleted]
[deleted]
Browser not supported