"Tens of millions" for controlling stake in NSO is like an order of magnitude less than what I'd imagine in todays environment. Comes off as cheap.
Have their capabilities been overplayed? Is selling done under pressure? Are they not actually sitting on big bank and procurement network of valuable 0days?
I think the issue is more there is a cloud over their future. There is much more scrutiny on them and who they are selling to, whether they will be able to continue as they have been doesn’t seem so certain.
Why? Do you think zero-click exploits that can hack every phone in existence are expensive or rare?
They only cost a few million dollars to find or just buy and last I checked, a few years ago, there are multiple brokers each with tens in stock.
With that much prevailing stock, you do not run the risk of suddenly not having a supply, so you do not even need to keep a material hoard for yourself. They probably just had like 3-5 at any one time with a in-house team only requiring a few million a year in funding to keep up with the expected churn. If they got more churn than expected, then they buy them retail to keep their product working.
So even if we go with 9 M$ per 0-day (which is a multiple of actual cost), we would only expect them to have like 50 M$ in “assets” and a “procurement network/exploit factory” capable of keeping up with “depreciation” on-average.
Seems pretty reasonable to be under 100 M$. If we went with more reasonable numbers, it would not even be that weird if it was less than 20 M$ for over 50% even at their peak.
I think we imagine them to sell mostly consulting and re-using those 0-days on thousands of unconnected victoms bringing in many millions for a billion dollar valuation. This is somewhat in jest, but goes to show that the value of the zero days themselves doesn’t necessarily impact valuation much. That’s just an asset. It’s the business they have on top of that and the value it extracts that determines the free cash flow that an investor would hit with a multiple.
Huh? Given their valuation, their business is barely worth more than their zero-days which are just not very expensive.
People have the mistaken belief that total security compromises are challenging or expensive leading them to the mistaken belief that these companies must be valuable with valuable assets and high revenue.
Hacking-for-hire is barely more than a commodity, like aluminum smelting. There are capital costs, you need technology and expertise, but it is highly fungible leading to lots of suppliers competing on cost and quality of service (turn key, white-glove, etc.) Hell, it is even cheaper to get into and stay on top than aluminum smelting since the capital costs are so much lower.
Its more beneficial to report the amount for taxes, how much you wind up paying is a separate matter, but you need to report it to create the deductions
Do you think they report income on when Saudi Arabia pays them for Apple 0-days every time someone pisses of MBS there? I bet they filed taxes on what they or others like them got for Jamal Khashoggi or other journalists they helped take out.
Apple pays 2m for 0-days now, but I bet kings pay better yet.
History has documented what sort of player they are, I suppose it says something of the times that they still operate/proliferate with impunity.
Software exploits are not munitions and are not controlled, they are not illegal to find, they are illegal to use, hence why there is a market for selling them to sovereigns who have immunity from criminal liability
Shifting liability until it reaches the end user who has no liability or takes the risk
I honestly don’t think that companies working at that are involved so deeply in military/security follow the same logic and patterns of regular ones.
Under the hood there could be anything, we only know just the surface of information that they purposefully let reach the surface. If there was a valid motivation to make it appear as a billion dollar acquisition, I’m sure there’d have been a way to make it appear as such.
I always wondered how the software people who work in places like this live with themselves. Is it some sort of “enough money can make me forget and look myself in the mirror” situation?
Very few countries have dedicated offensive cyber units. Even fewer have dedicated offensive military cyber units. Of those that do, almost none are peers to unit 8200.
You can say this about most of tech. Sure, we agree spying is bad.
But, is it worse than ad tech at large? Is it worse than companies addicting people to their phones via psychological tricks at alarming rates? Or siphoning money from kids via freemium models? Or working on a chatbot that helps kids kill themselves? Or the gazillion payday loan apps? Or the gazillion prediction market/sports betting avenues?
I'm sure some work for more ethical companies, and I like to think I do.. But let's not pretend the vast majority of big money and biggest employers are doing any good in the world.
Given the choice between said evils, I'd probably rather work for a company that is at least honest about what they do.
“Is spyware that causes torture and death in oppressive regimes worse than freemium apps?” is almost a comical take on the situation. I agree that many tech out there is useless or detrimental to society, but spyware must rank very close to the top. Adware a close competitor.
It's a choice. I make a lot less money than I could because I refuse to work in ad tech, etc. If I'm spending a third of my time putting energy into a business, it's not acceptable for me if that business is evil. I want that effort going to something that's a net positive for the world.
That being said, I also don't have a family to support - it's just me - which makes the calculus easier. It's still a choice, and everyone should try to face the reality of "what effect is the 8 hours a day I work having on the world?", but I know life-shit can be complicated and stressful and most people are just trying their best.
What is concerning is the willingness of companies to do these things.
Take Epic for example, on one hand they're heavy in Marketing/PR about user freedom, but in practice they deliberately targeted children for harm with their Fortnite game, while also looking the other way when it came to issues of sexual predation and bullying. Their behaviours led to a settlement with the FTC for over half a billion USD.
I briefly worked in offensive security at somewhere you may consider to fit the bill of “places like this” - people do it because it’s fun interesting and rewarding work. The pay is good too, but the fact that you just develop the exploits and don’t Push The Button(tm) really provides more mental space than you’d think.
I asked this (in a less accusatory tone) of an NSO employee once and he said something about how the big tech companies also spy on people and do unethical things.
Anyone that works at FAANG or "big"/mobile game studios, anything to do with advertising, banking, natural resources extraction/processing, non-sustansible farming, etc, etc.
In my opinion there are not many constructive things you can work with that really improve society or peoples lives.
But then again I'm in a quite dark place this year.
The morals and values are very different in different cultures. For those hacking foreigners is not ethically questionable, because foreigners are below a dog in their hierarchy, local leaders agree on this and shield these companies from classified as crime.
> “This investment does not mean that the company is moving out of Israeli regulatory or operational control,” said Hershowitz. “The company’s headquarters and core operations remain in Israel. It continues to be fully supervised and regulated by the relevant Israeli authorities, including the Ministry of Defense and the Israeli regulatory framework.”
The usual story they tell themselves is that the software is used against criminals and child pornography and terrorism. Which is not wrong, the majority of the use cases are probably that, in the majority of jurisdictions.
The mission: Enabled dictators to cling on to power against the will of the people. Help suppress the civil society and the rule of law. Endanger shaky democracies by helping authoritarian leaders and wannabe dictators to get rid of journalists, lawyers and the political opposition.
There are lots of justifications. It's the same as why people can be soldiers or build missiles and still sleep at night: you believe (or at least tell yourself) that you're stopping bad people.
There are good applications of these tools. If you can hack the phones of a terrorist organization, you can find out about attacks before they happen and stop them. If you can extract data off of locked computers, you can help win convictions that wouldn't otherwise be possible against people who do truly awful things.
The question, of course, is whether these good applications outweigh the misuse, but that's where it gets murky in a hurry. Individual researchers at these privately owned "boutique" exploit companies (to my knowledge) tend not to know the nitty gritty details of how their work is used out in the world unless it gets caught and dissected online. The more reputable western companies sell only to "democratic" governments which are political allies, but that only goes so far as misuse and abuse is always a risk (not to mention the shaky nature of...certain... western democracies).
At the end of the day, you really just have to hope your work is being used to target terrorists and not journalists. The money obviously makes it easier, but it's not completely disingenuous of the people who work there to believe they're doing good.
> "The money obviously makes it easier, but [...]"
But, but, but.
> "[...] it's not completely disingenuous of the people who work there to believe they're doing good."
Given how well and widely NSO and their merchandise were reported on, including the dissection of various associated scandals in the mainstream media, I beg to differ. These people are not dumb, they know exactly what they do, and who their clients are. Your good-faith assumptions with regards to these players come across as extremely naive, to put it mildly.
Outcasts. You know, some people aren’t gratified by society. Even well-inserted people.
I’ve always wondered why people had ethical questions as soldiers dropping Little Boy. Imagine being a soldier at war, of course you hate your enemies. Now imagine being bullied at school and later. Some criminals even literally do crime for the thrills.
Life isn’t generally rewarding, except for a few lucky with a nice social fabric.
I guess it is like the scammers working in call centers and building RAT:s. They surely must have a level of sociopathy greater than the average person.
The scammers I can imagine. They’re more in the “thieves” category. Some break into houses, others trick people virtually. It’s not cool but I can imagine their motivation.
The “develops weaponised software exploits” is not clear for me. Maybe it’s the same kind of mindset that lets people design and build weapons and bombs and such?
It really feels quite divorced. Workers in those roles don’t always even know what the exploits will be used for, and the technical aspects are really interesting.
The company exists to fight illegal activities. Maybe there are governments that abuse this service, but it's not NSO's job to fight this. They're a company and they want to make money. How are they different from Google or other companies? When Google wants to keep you on your phone it becomes OK? When food industries make sugar-full beverages it's OK?
There are also many governments that use this tool to combat terror or drug dealers and more.
Everyone is responsible for the complete consequences of his action and inaction.
"In October 2018, Citizen Lab reported on the use of NSO software to spy on the inner circle of Jamal Khashoggi just before his murder."
If your work indirectly kills people you can't say that it's not your job not to fight this. You are if that is the case among the causes, so you are responsible.
The first statement is exactly what most investors (of any kind) say. The second is what many investors (especially professionals) are perfectly willing to do.
They know they're bad at their jobs which is why so many of them are running towards the DoD (DoW) Infinite Money Glitch Genocide/Fascism Industrial Complex teat.
The reason this acquisition is happening is to enable ICE to enforce NSPM-7.
America is no longer a free state. You cannot be free in a panopticon.
> After sending the messages, Hershowitz declared his comments “off the record,” which requires both parties to agree to the terms in advance. TechCrunch is publishing the responses as there was no agreement made
More like a failure on TechCrunch. There is an implied agreement and violating it will result in a flat refusal to talk outside of prepared press releases.
This isn't good journalism and should not be celebrated.
That's not how that works. You don't get to decide statements are off the record after you realize you said something that would look bad. Every interview would be a puff piece if that was how things worked.
This will just stop people from talking to journos, like many have done. This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements. If it's live, it's practically not possible so it's fine, but for articles I think that journos should respect retractions, regardless of whether it is post-hoc or pre-decided.
Now, the "victim" here is NSO, so not expecting any sympathy, but journos do this to everyone, even normal people.
> Puff pieces
But with the aforementioned rhetoric in vogue these days, every piece of journo is a forced "scoop", leading to most of modern media(social and mainstream, the incentives are the same) being misconstrued non-factual brain damage. Even press conferences, most questions are just loaded and very bad-faith, basically trying to get you to say something they can quote out of context, or use for a misconstrued "non-truth", or a false equivalence. Or sometimes they just make things up! Retarded scoop-bait headlines as well.
The root cause for all this is that adversarial rhetoric.
Before you say "but the press is an adversary against the government", they do this to sportspersons, and a variety of other normal people too. If they only did this to the designated government spokesperson, it would be OK.
Now, this rhetoric itself is a result of "news"[1] companies competing for audiences. A fairly obvious incentive there. On socials too. Engagement is rewarded, leading to the same thing.
Furthermore, LLMs if used for content generation, will compete for audience, and even inference-time feedback driven optimisation leads to it giving the same reality-bending outputs. It's been simulated and shown in this stanford paper already: https://arxiv.org/abs/2510.06105
> This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements.
It's quite the opposite, actually. As Katherine Graham, the former publisher of the Washington Post, used to say: News is what someone wants suppressed. Everything else is just advertising.
TechCrunch is not obligated to let NSO's mouthpiece advertise on their pages.
"Tens of millions" for controlling stake in NSO is like an order of magnitude less than what I'd imagine in todays environment. Comes off as cheap.
Have their capabilities been overplayed? Is selling done under pressure? Are they not actually sitting on big bank and procurement network of valuable 0days?
I think the issue is more there is a cloud over their future. There is much more scrutiny on them and who they are selling to, whether they will be able to continue as they have been doesn’t seem so certain.
Why? Do you think zero-click exploits that can hack every phone in existence are expensive or rare?
They only cost a few million dollars to find or just buy and last I checked, a few years ago, there are multiple brokers each with tens in stock.
With that much prevailing stock, you do not run the risk of suddenly not having a supply, so you do not even need to keep a material hoard for yourself. They probably just had like 3-5 at any one time with a in-house team only requiring a few million a year in funding to keep up with the expected churn. If they got more churn than expected, then they buy them retail to keep their product working.
So even if we go with 9 M$ per 0-day (which is a multiple of actual cost), we would only expect them to have like 50 M$ in “assets” and a “procurement network/exploit factory” capable of keeping up with “depreciation” on-average.
Seems pretty reasonable to be under 100 M$. If we went with more reasonable numbers, it would not even be that weird if it was less than 20 M$ for over 50% even at their peak.
I think we imagine them to sell mostly consulting and re-using those 0-days on thousands of unconnected victoms bringing in many millions for a billion dollar valuation. This is somewhat in jest, but goes to show that the value of the zero days themselves doesn’t necessarily impact valuation much. That’s just an asset. It’s the business they have on top of that and the value it extracts that determines the free cash flow that an investor would hit with a multiple.
Huh? Given their valuation, their business is barely worth more than their zero-days which are just not very expensive.
People have the mistaken belief that total security compromises are challenging or expensive leading them to the mistaken belief that these companies must be valuable with valuable assets and high revenue.
Hacking-for-hire is barely more than a commodity, like aluminum smelting. There are capital costs, you need technology and expertise, but it is highly fungible leading to lots of suppliers competing on cost and quality of service (turn key, white-glove, etc.) Hell, it is even cheaper to get into and stay on top than aluminum smelting since the capital costs are so much lower.
Have their capabilities been overplayed?
I think so, but also while they're known as creating 0days, I think they do much more than that, and a lot of it is mundane in comparison.
Probably a big departure from their glory days anyway.
Maybe gory days. How many people did they help kill or harass/imprison?
https://www.amnesty.org.uk/meet-nso-group-go-company-human-r...
Oh they're a changed company since then, they have a humans right policy: https://www.nsogroup.com/wp-content/uploads/2019/09/NSO-Huma...
But on a more serious note, I'm sure a Hollywood producer will bring much needed change to the company.
If you sell something for 1 billion, would you tell gov/IRS you got paid that ammount?
You think they're downplaying the value? Why, if it actually lowers the perceived capabilities of NSO?
Yes?
Its more beneficial to report the amount for taxes, how much you wind up paying is a separate matter, but you need to report it to create the deductions
Do you think they report income on when Saudi Arabia pays them for Apple 0-days every time someone pisses of MBS there? I bet they filed taxes on what they or others like them got for Jamal Khashoggi or other journalists they helped take out.
Apple pays 2m for 0-days now, but I bet kings pay better yet.
History has documented what sort of player they are, I suppose it says something of the times that they still operate/proliferate with impunity.
Yes I believe they report and pay their taxes
Software exploits are not munitions and are not controlled, they are not illegal to find, they are illegal to use, hence why there is a market for selling them to sovereigns who have immunity from criminal liability
Shifting liability until it reaches the end user who has no liability or takes the risk
when your software is highly illegal, i doubt you can find many investors
“Highly illegal” Sells directly to government agencies…
because they are the only ones who can make it legal
> The company is actually on the US Department of Commerce's sanctions list, which prohibits American companies from trading with the spyware
I honestly don’t think that companies working at that are involved so deeply in military/security follow the same logic and patterns of regular ones.
Under the hood there could be anything, we only know just the surface of information that they purposefully let reach the surface. If there was a valid motivation to make it appear as a billion dollar acquisition, I’m sure there’d have been a way to make it appear as such.
I always wondered how the software people who work in places like this live with themselves. Is it some sort of “enough money can make me forget and look myself in the mirror” situation?
It’s an Israeli company - they probably consider their work a matter of national security and get along just fine with that
Yeah vast majority likely come from Unit 8200 which already commits a large amount of cybercrime
Well I’m sure the equivalent exists in most nations
Not really.
Oh my sweet summer child..
Very few countries have dedicated offensive cyber units. Even fewer have dedicated offensive military cyber units. Of those that do, almost none are peers to unit 8200.
You can say this about most of tech. Sure, we agree spying is bad.
But, is it worse than ad tech at large? Is it worse than companies addicting people to their phones via psychological tricks at alarming rates? Or siphoning money from kids via freemium models? Or working on a chatbot that helps kids kill themselves? Or the gazillion payday loan apps? Or the gazillion prediction market/sports betting avenues?
I'm sure some work for more ethical companies, and I like to think I do.. But let's not pretend the vast majority of big money and biggest employers are doing any good in the world.
Given the choice between said evils, I'd probably rather work for a company that is at least honest about what they do.
Enabling the state violence of authoritarian governments through surveillance software is unequivocally worse than the examples you listed.
“Is spyware that causes torture and death in oppressive regimes worse than freemium apps?” is almost a comical take on the situation. I agree that many tech out there is useless or detrimental to society, but spyware must rank very close to the top. Adware a close competitor.
It's a choice. I make a lot less money than I could because I refuse to work in ad tech, etc. If I'm spending a third of my time putting energy into a business, it's not acceptable for me if that business is evil. I want that effort going to something that's a net positive for the world.
That being said, I also don't have a family to support - it's just me - which makes the calculus easier. It's still a choice, and everyone should try to face the reality of "what effect is the 8 hours a day I work having on the world?", but I know life-shit can be complicated and stressful and most people are just trying their best.
What is concerning is the willingness of companies to do these things.
Take Epic for example, on one hand they're heavy in Marketing/PR about user freedom, but in practice they deliberately targeted children for harm with their Fortnite game, while also looking the other way when it came to issues of sexual predation and bullying. Their behaviours led to a settlement with the FTC for over half a billion USD.
https://www.ftc.gov/news-events/news/press-releases/2022/12/...
https://lawandcrime.com/technology/makers-of-fortnite-to-pay...
an excellent example of how these people justify their work to themselves.
yes it s worse, far worse
No, it's not. Is what the conpany doing ethical? No? Hard pass.
I briefly worked in offensive security at somewhere you may consider to fit the bill of “places like this” - people do it because it’s fun interesting and rewarding work. The pay is good too, but the fact that you just develop the exploits and don’t Push The Button(tm) really provides more mental space than you’d think.
The entire arms industry has this same ethical dilemma. Many many people are employed in that sector.
They tell themselves stories about "if free market did not want it it would not exist" or better us than them
This has nothing to do with free markets. This is a state controlled entity. A warfare tool for the brutes.
Like cancer or heroin addiction. If it exists, it's good and justified. We should really embrace everything <3
I asked this (in a less accusatory tone) of an NSO employee once and he said something about how the big tech companies also spy on people and do unethical things.
To me it looks very much like a scale...
Anyone that works at FAANG or "big"/mobile game studios, anything to do with advertising, banking, natural resources extraction/processing, non-sustansible farming, etc, etc.
In my opinion there are not many constructive things you can work with that really improve society or peoples lives.
But then again I'm in a quite dark place this year.
Public sector? In my country working for the energy grid operator feels like a constructive and positive contribution.
Sorry about your dark place. Keep looking for the light!
If everyone works for the public sector, who's gonna work in the "evil private sector" to make the tax money that funds the public sector?
Is that really true?
Isn't it the other way around: the public sector funds the private sector that allows people to amass their hoards?
No
The morals and values are very different in different cultures. For those hacking foreigners is not ethically questionable, because foreigners are below a dog in their hierarchy, local leaders agree on this and shield these companies from classified as crime.
As the article states:
> “This investment does not mean that the company is moving out of Israeli regulatory or operational control,” said Hershowitz. “The company’s headquarters and core operations remain in Israel. It continues to be fully supervised and regulated by the relevant Israeli authorities, including the Ministry of Defense and the Israeli regulatory framework.”
Word "regulation" makes it sound benign. It is not.
The usual story they tell themselves is that the software is used against criminals and child pornography and terrorism. Which is not wrong, the majority of the use cases are probably that, in the majority of jurisdictions.
The pay for this kind of work usually isn’t very good. People do it for the mission.
The mission: Enabled dictators to cling on to power against the will of the people. Help suppress the civil society and the rule of law. Endanger shaky democracies by helping authoritarian leaders and wannabe dictators to get rid of journalists, lawyers and the political opposition.
Depends on what you consider good.
Make the world a worse place?
There’s a spectrum between true believers and blissfully ignorant.
There are lots of justifications. It's the same as why people can be soldiers or build missiles and still sleep at night: you believe (or at least tell yourself) that you're stopping bad people.
There are good applications of these tools. If you can hack the phones of a terrorist organization, you can find out about attacks before they happen and stop them. If you can extract data off of locked computers, you can help win convictions that wouldn't otherwise be possible against people who do truly awful things.
The question, of course, is whether these good applications outweigh the misuse, but that's where it gets murky in a hurry. Individual researchers at these privately owned "boutique" exploit companies (to my knowledge) tend not to know the nitty gritty details of how their work is used out in the world unless it gets caught and dissected online. The more reputable western companies sell only to "democratic" governments which are political allies, but that only goes so far as misuse and abuse is always a risk (not to mention the shaky nature of...certain... western democracies).
At the end of the day, you really just have to hope your work is being used to target terrorists and not journalists. The money obviously makes it easier, but it's not completely disingenuous of the people who work there to believe they're doing good.
> "The money obviously makes it easier, but [...]"
But, but, but.
> "[...] it's not completely disingenuous of the people who work there to believe they're doing good."
Given how well and widely NSO and their merchandise were reported on, including the dissection of various associated scandals in the mainstream media, I beg to differ. These people are not dumb, they know exactly what they do, and who their clients are. Your good-faith assumptions with regards to these players come across as extremely naive, to put it mildly.
The money all spends the same. It's not too hard to visualize the type of person who could be coerced into thinking they work for the greater good.
> look myself in the mirror
Outcasts. You know, some people aren’t gratified by society. Even well-inserted people.
I’ve always wondered why people had ethical questions as soldiers dropping Little Boy. Imagine being a soldier at war, of course you hate your enemies. Now imagine being bullied at school and later. Some criminals even literally do crime for the thrills.
Life isn’t generally rewarding, except for a few lucky with a nice social fabric.
I think you’re dramatically overstating the number of true misanthropes in the world
I guess it is like the scammers working in call centers and building RAT:s. They surely must have a level of sociopathy greater than the average person.
The scammers I can imagine. They’re more in the “thieves” category. Some break into houses, others trick people virtually. It’s not cool but I can imagine their motivation.
The “develops weaponised software exploits” is not clear for me. Maybe it’s the same kind of mindset that lets people design and build weapons and bombs and such?
It really feels quite divorced. Workers in those roles don’t always even know what the exploits will be used for, and the technical aspects are really interesting.
(I wrote a whole thing here, but I think I want to sleep on it before having more people read it.)
Not only that, but to do it for a genocidal apartheid state
The company exists to fight illegal activities. Maybe there are governments that abuse this service, but it's not NSO's job to fight this. They're a company and they want to make money. How are they different from Google or other companies? When Google wants to keep you on your phone it becomes OK? When food industries make sugar-full beverages it's OK?
There are also many governments that use this tool to combat terror or drug dealers and more.
Everyone is responsible for the complete consequences of his action and inaction.
"In October 2018, Citizen Lab reported on the use of NSO software to spy on the inner circle of Jamal Khashoggi just before his murder."
If your work indirectly kills people you can't say that it's not your job not to fight this. You are if that is the case among the causes, so you are responsible.
Nobody stipulated that working for an unethical company like FAANG was OK.
Investors: you must care of the planet, not emit any CO2 and not launder any money
Also investors: let's invest in hacker business and break into all phones in the world
Wait to see what the good guys are up to
The first statement doesn’t sound like anything a professional investor would ever say
The first statement is exactly what most investors (of any kind) say. The second is what many investors (especially professionals) are perfectly willing to do.
Nobody stated or implied that any of those statements were like anything a professional investor would say.
Are you sure?
I feel like ESG has been rammed in to every company i've worked at for a couple of decades now.
ESG is what I've been referring to. There are also perks of investing in ESG compliant companies and scolding if one does not comply
ESG there is just for pandering, optics and virtue signaling, but they don't actually believe any of that.
You’re being downvoted but in the end I don’t believe in altruistic investors: in the end it’s about money.
There’s a reason government need to hand out tax benefits for people to invest into eco-friendly companies.
The downvotes aren't due to the existence of altruistic investors, they're about lack of reading comprehension.
They know they're bad at their jobs which is why so many of them are running towards the DoD (DoW) Infinite Money Glitch Genocide/Fascism Industrial Complex teat.
The reason this acquisition is happening is to enable ICE to enforce NSPM-7.
America is no longer a free state. You cannot be free in a panopticon.
Time to start turning your networks off when not in use
Time to get out of there, before they build walls to keep people inside.
The covid vaccination digital passports almost took off. People loved that it was in their smartphone.
> After sending the messages, Hershowitz declared his comments “off the record,” which requires both parties to agree to the terms in advance. TechCrunch is publishing the responses as there was no agreement made
What a failure for a spokesperson.
Haha, but it's crazy to go ahead and publish despite being told not to, by a company that can hack you with almost 100% certainty.
But hacking TechCrunch would be a major PR disaster for NSO (again), so maybe they would abstain.
fitting, considering his job is to spy without consent
More like a failure on TechCrunch. There is an implied agreement and violating it will result in a flat refusal to talk outside of prepared press releases.
This isn't good journalism and should not be celebrated.
That's not how that works. You don't get to decide statements are off the record after you realize you said something that would look bad. Every interview would be a puff piece if that was how things worked.
Well, that's how it works with the "Muckrakin's woke!1!!" crowd.
This will just stop people from talking to journos, like many have done. This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements. If it's live, it's practically not possible so it's fine, but for articles I think that journos should respect retractions, regardless of whether it is post-hoc or pre-decided.
Now, the "victim" here is NSO, so not expecting any sympathy, but journos do this to everyone, even normal people.
> Puff pieces
But with the aforementioned rhetoric in vogue these days, every piece of journo is a forced "scoop", leading to most of modern media(social and mainstream, the incentives are the same) being misconstrued non-factual brain damage. Even press conferences, most questions are just loaded and very bad-faith, basically trying to get you to say something they can quote out of context, or use for a misconstrued "non-truth", or a false equivalence. Or sometimes they just make things up! Retarded scoop-bait headlines as well.
The root cause for all this is that adversarial rhetoric.
Before you say "but the press is an adversary against the government", they do this to sportspersons, and a variety of other normal people too. If they only did this to the designated government spokesperson, it would be OK.
Now, this rhetoric itself is a result of "news"[1] companies competing for audiences. A fairly obvious incentive there. On socials too. Engagement is rewarded, leading to the same thing.
Furthermore, LLMs if used for content generation, will compete for audience, and even inference-time feedback driven optimisation leads to it giving the same reality-bending outputs. It's been simulated and shown in this stanford paper already: https://arxiv.org/abs/2510.06105
[1] they really deserve the quotes these days
> This whole rhetoric of the journalist being an "adversary" that is "outing" things is extremely problematic. You should be able to retract statements.
It's quite the opposite, actually. As Katherine Graham, the former publisher of the Washington Post, used to say: News is what someone wants suppressed. Everything else is just advertising.
TechCrunch is not obligated to let NSO's mouthpiece advertise on their pages.
> It's quite the opposite actually
Why are you simply repeating what GP said followed by a call to authority (a biased one at that)?
I explained why it is problematic in the 2nd part of my post.
> There is an implied agreement
The implied agreement is that everything is on the record unless explicitly agreed otherwise beforehand.
Retroactively accepting comments to be off-the-record as a favor to a subject would be considered very bad journalism.
This is not a new or unique circumstance.
Oh, did the poor spyware maker get their expectation of privacy violated?
NSO is on the US gov. Sanction list. How can it be acquired by a US entity or investors?
They are building the perfect surveillance state. In previous news: https://news.ycombinator.com/item?id=45441983
Americans, if you don't stand up now, you will have to relearn the lesson Germans had to learn eighty years ago.
Normalizing spyware, it's only ok because they're Israeli good guys, and obviously would never do anything bad (like genocide).
As another comment notes, "tens of millions" implies a maximum company value of ~$200 million.
Seems low. I wonder if it's because it being a foreign company was valuable because it wasn't subject to as many US laws.
"What belongs together, comes together."