Privacy (UK: /ˈprɪvəsɪ/, US: /ˈpraɪ-/)^[1][2] is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively.

When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps with security, which can include the concepts of appropriate use and protection of information. Privacy may also take the form of bodily integrity. The right not to be subjected to unsanctioned invasions of privacy by the government, corporations, or individuals is part of many countries’ privacy laws, and in some cases, constitutions.

In the field of business, a person may volunteer personal details, including for advertising, in order to receive some kinds of benefit. Public figures may be subject to rules on the public interest. Personal information which is voluntarily shared but subsequently stolen or misused can lead to identity theft.

The concept of universal individual privacy is a modern concept primarily associated with Western culture, particularly British and North American, and remained virtually unknown in some cultures until recent times. Most cultures, however, recognize the ability of individuals to withhold certain parts of their personal information from wider society, such as closing the door to one’s home.

Source: Privacy, https://en.wikipedia.org/w/index.php?title=Privacy&oldid=1053140270 (last visited Nov. 4, 2021).

Right to Privacy

The right to privacy is an element of various legal traditions that intends to restrain governmental and private actions that threaten the privacy of individuals.^[1][2] Over 150 national constitutions mention the right to privacy.^[3]

10 December 1948 the United Nations General Assembly adopted the Universal Declaration of Human Rights (UDHR) originally written to guarantee individual rights of everyone everywhere. The words Right to Privacy is not written in the document however, many interpret this by reading Article 12,^[4] which states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Since the global surveillance disclosures of 2013, initiated by ex-NSA employee Edward Snowden, the right to privacy has been a subject of international debate. Government agencies, such as the NSA, CIA, R&AW and GCHQ, have engaged in mass, global surveillance.

Some current debates around the right to privacy include whether privacy can co-exist with the current capabilities of intelligence agencies to access and analyze many details of an individual’s life; whether or not the right to privacy is forfeited as part of the social contract to bolster defense against supposed terrorist threats; and whether threats of terrorism are a valid excuse to spy on the general population.

Private sector actors can also threaten the right to privacy—particularly technology companies, such as Amazon, Apple, Facebook, Google, and Yahoo that use and collect personal data. These concerns have been strengthened by scandals, including the Facebook–Cambridge Analytica data scandal, which focused on psychographic company Cambridge Analytica which used personal data from Facebook to influence large groups of people.^[5]

Source: Right to privacy, https://en.wikipedia.org/w/index.php?title=Right_to_privacy&oldid=1053389245 (last visited Nov. 5, 2021).

Universal Declaration of Human Rights

The Universal Declaration of Human Rights (UDHR) is a milestone document in the history of human rights. Drafted by representatives with different legal and cultural backgrounds from all regions of the world, the Declaration was proclaimed by the United Nations General Assembly in Paris on 10 December 1948 (General Assembly resolution 217 A) as a common standard of achievements for all peoples and all nations. It sets out, for the first time, fundamental human rights to be universally protected and it has been translated into over 500 languages. The UDHR is widely recognized as having inspired, and paved the way for, the adoption of more than seventy human rights treaties, applied today on a permanent basis at global and regional levels (all containing references to it in their preambles). 

Preamble

Whereas recognition of the inherent dignity and of the equal and inalienable rights of all members of the human family is the foundation of freedom, justice and peace in the world,

Whereas disregard and contempt for human rights have resulted in barbarous acts which have outraged the conscience of mankind, and the advent of a world in which human beings shall enjoy freedom of speech and belief and freedom from fear and want has been proclaimed as the highest aspiration of the common people,

Whereas it is essential, if man is not to be compelled to have recourse, as a last resort, to rebellion against tyranny and oppression, that human rights should be protected by the rule of law,

Whereas it is essential to promote the development of friendly relations between nations,

Whereas the peoples of the United Nations have in the Charter reaffirmed their faith in fundamental human rights, in the dignity and worth of the human person and in the equal rights of men and women and have determined to promote social progress and better standards of life in larger freedom,

Whereas Member States have pledged themselves to achieve, in co-operation with the United Nations, the promotion of universal respect for and observance of human rights and fundamental freedoms,

Whereas a common understanding of these rights and freedoms is of the greatest importance for the full realization of this pledge,

Now, therefore,

The General Assembly,

Proclaims this Universal Declaration of Human Rights as a common standard of achievement for all peoples and all nations, to the end that every individual and every organ of society, keeping this Declaration constantly in mind, shall strive by teaching and education to promote respect for these rights and freedoms and by progressive measures, national and international, to secure their universal and effective recognition and observance, both among the peoples of Member States themselves and among the peoples of territories under their jurisdiction. 

Article 1

All human beings are born free and equal in dignity and rights. They are endowed with reason and conscience and should act towards one another in a spirit of brotherhood.

Article 2

Everyone is entitled to all the rights and freedoms set forth in this Declaration, without distinction of any kind, such as race, colour, sex, language, religion, political or other opinion, national or social origin, property, birth or other status. Furthermore, no distinction shall be made on the basis of the political, jurisdictional or international status of the country or territory to which a person belongs, whether it be independent, trust, non-self-governing or under any other limitation of sovereignty.

Article 3

Everyone has the right to life, liberty and security of person.

Article 4

No one shall be held in slavery or servitude; slavery and the slave trade shall be prohibited in all their forms.

Article 5

No one shall be subjected to torture or to cruel, inhuman or degrading treatment or punishment.

Article 6

Everyone has the right to recognition everywhere as a person before the law.

Article 7

All are equal before the law and are entitled without any discrimination to equal protection of the law. All are entitled to equal protection against any discrimination in violation of this Declaration and against any incitement to such discrimination.

Article 8

Everyone has the right to an effective remedy by the competent national tribunals for acts violating the fundamental rights granted him by the constitution or by law.

Article 9

No one shall be subjected to arbitrary arrest, detention or exile.

Article 10

Everyone is entitled in full equality to a fair and public hearing by an independent and impartial tribunal, in the determination of his rights and obligations and of any criminal charge against him.

Article 11

1. Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence.
2. No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

Article 12

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Article 13

1. Everyone has the right to freedom of movement and residence within the borders of each state.
2. Everyone has the right to leave any country, including his own, and to return to his country.

Article 14

1. Everyone has the right to seek and to enjoy in other countries asylum from persecution.
2. This right may not be invoked in the case of prosecutions genuinely arising from non-political crimes or from acts contrary to the purposes and principles of the United Nations.

Article 15

1. Everyone has the right to a nationality.
2. No one shall be arbitrarily deprived of his nationality nor denied the right to change his nationality.

Article 16

1. Men and women of full age, without any limitation due to race, nationality or religion, have the right to marry and to found a family. They are entitled to equal rights as to marriage, during marriage and at its dissolution.
2. Marriage shall be entered into only with the free and full consent of the intending spouses.
3. The family is the natural and fundamental group unit of society and is entitled to protection by society and the State.

Article 17

1. Everyone has the right to own property alone as well as in association with others.
2. No one shall be arbitrarily deprived of his property.

Article 18

Everyone has the right to freedom of thought, conscience and religion; this right includes freedom to change his religion or belief, and freedom, either alone or in community with others and in public or private, to manifest his religion or belief in teaching, practice, worship and observance.

Article 19

Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.

Article 20

1. Everyone has the right to freedom of peaceful assembly and association.
2. No one may be compelled to belong to an association.

Article 21

1. Everyone has the right to take part in the government of his country, directly or through freely chosen representatives.
2. Everyone has the right of equal access to public service in his country.
3. The will of the people shall be the basis of the authority of government; this will shall be expressed in periodic and genuine elections which shall be by universal and equal suffrage and shall be held by secret vote or by equivalent free voting procedures.

Article 22

Everyone, as a member of society, has the right to social security and is entitled to realization, through national effort and international co-operation and in accordance with the organization and resources of each State, of the economic, social and cultural rights indispensable for his dignity and the free development of his personality.

Article 23

1. Everyone has the right to work, to free choice of employment, to just and favourable conditions of work and to protection against unemployment.
2. Everyone, without any discrimination, has the right to equal pay for equal work.
3. Everyone who works has the right to just and favourable remuneration ensuring for himself and his family an existence worthy of human dignity, and supplemented, if necessary, by other means of social protection.
4. Everyone has the right to form and to join trade unions for the protection of his interests.

Article 24

Everyone has the right to rest and leisure, including reasonable limitation of working hours and periodic holidays with pay.

Article 25

1. Everyone has the right to a standard of living adequate for the health and well-being of himself and of his family, including food, clothing, housing and medical care and necessary social services, and the right to security in the event of unemployment, sickness, disability, widowhood, old age or other lack of livelihood in circumstances beyond his control.
2. Motherhood and childhood are entitled to special care and assistance. All children, whether born in or out of wedlock, shall enjoy the same social protection.

Article 26

1. Everyone has the right to education. Education shall be free, at least in the elementary and fundamental stages. Elementary education shall be compulsory. Technical and professional education shall be made generally available and higher education shall be equally accessible to all on the basis of merit.
2. Education shall be directed to the full development of the human personality and to the strengthening of respect for human rights and fundamental freedoms. It shall promote understanding, tolerance and friendship among all nations, racial or religious groups, and shall further the activities of the United Nations for the maintenance of peace.
3. Parents have a prior right to choose the kind of education that shall be given to their children.

Article 27

1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.
2. Everyone has the right to the protection of the moral and material interests resulting from any scientific, literary or artistic production of which he is the author.

Article 28

Everyone is entitled to a social and international order in which the rights and freedoms set forth in this Declaration can be fully realized.

Article 29

1. Everyone has duties to the community in which alone the free and full development of his personality is possible.
2. In the exercise of his rights and freedoms, everyone shall be subject only to such limitations as are determined by law solely for the purpose of securing due recognition and respect for the rights and freedoms of others and of meeting the just requirements of morality, public order and the general welfare in a democratic society.
3. These rights and freedoms may in no case be exercised contrary to the purposes and principles of the United Nations.

Article 30

Nothing in this Declaration may be interpreted as implying for any State, group or person any right to engage in any activity or to perform any act aimed at the destruction of any of the rights and freedoms set forth herein.

Source: https://www.un.org/en/about-us/universal-declaration-of-human-rights loaded 05.11.2021

The guide to restoring your online privacy.

Massive organizations are monitoring your online activities. Privacy Guides is your central privacy and security resource to protect yourself online.

Why should I care?

“I have nothing to hide. Why should I care about my privacy?”

Much like the right to interracial marriage, woman’s suffrage, freedom of speech, and many others, we didn’t always have the right to privacy. In several dictatorships, many still don’t. Generations before ours fought for our right to privacy. Privacy is a human right inherent to all of us, that we are entitled to without discrimination.

You shouldn’t confuse privacy with secrecy. We know what happens in the bathroom, but you still close the door. That’s because you want privacy, not secrecy. Everyone has something to hide, privacy is something that makes you human.

What should I do?

First, you need to make a plan.

Trying to protect all your data from everyone all the time is impractical, expensive, and exhausting. But, don’t worry! Security is a process, and by thinking ahead you can put together a plan that’s right for you. Security isn’t just about the tools you use or the software you download. Rather, it begins with understanding the unique threats you face, and how you can counter them.

This process of identifying threats and defining countermeasures is called threat modeling, and it forms the basis of every good security and privacy plan.

What are threat models?

Balancing security, privacy, and usability is one of the first and most difficult tasks you’ll face on your privacy journey. Everything is a trade-off: The more secure something is, the more restricting or inconvenient it generally is, et cetera. Often people find that the problem with the tools they see recommended is they’re just too hard to start using!

If you wanted to use the most secure tools available, you’d have to sacrifice a lot of usability. And even then, nothing is ever fully secure. There’s high security, but never full security. That’s why threat models are important.

So, what are these threat models anyways?

A threat model is a list of the most probable threats to your security/privacy endeavors. Since it’s impossible to protect yourself against every attack(er), you should focus on the most probable threats. In computer security, a threat is a potential event that could undermine your efforts to stay private and secure.

By focusing on the threats that matter to you, this narrows down your thinking about the protection you need, so you can choose the tools that are right for the job.

Examples of threat models

• An investigative journalist’s threat model might be (protecting themselves against) a foreign government.
• A company’s manager’s threat model might be (protecting themselves against) a hacker hired by competition to do corporate espionage.
• The average citizen’s threat model might be (hiding their data from) large tech corporations.

Creating your threat model

To identify what could happen to the things you value and determine from whom you need to protect them, you want to answer these five questions:

1. What do I want to protect?
2. Who do I want to protect it from?
3. How likely is it that I will need to protect it?
4. How bad are the consequences if I fail?
5. How much trouble am I willing to go through to try to prevent potential consequences?

Example: Protecting your belongings

• To demonstrate how these questions work, let’s build a plan to keep your house and possessions safe.

What do you want to protect? (Or, what do you have that is worth protecting?)

• Your assets might include jewelry, electronics, important documents, or photos.

Who do you want to protect it from?

• Your adversaries might include burglars, roommates, or guests.

How likely is it that you will need to protect it?

• Does your neighborhood have a history of burglaries? How trustworthy are your roommates/guests? What are the capabilities of your adversaries? What are the risks you should consider?

How bad are the consequences if you fail?

• Do you have anything in your house that you cannot replace? Do you have the time or money to replace these things? Do you have insurance that covers goods stolen from your home?

How much trouble are you willing to go through to prevent these consequences?

• Are you willing to buy a safe for sensitive documents? Can you afford to buy a high-quality lock? Do you have time to open a security box at your local bank and keep your valuables there?

Only once you have asked yourself these questions will you be in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you’ll want to get the best lock on the market, and consider adding a security system.

Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries’ capabilities, along with the likelihood of risks you face.

Now, let’s take a closer look at the questions in our list:

What do I want to protect?

An “asset” is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices themselves may also be assets.

Make a list of your assets: data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.

Who do I want to protect it from?

To answer this question, it’s important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an “adversary.” Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.

Make a list of your adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations.

Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you’re done security planning.

How likely is it that I will need to protect it?

Risk is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.

It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).

Assessing risks is both a personal and a subjective process. Many people find certain threats unacceptable no matter the likelihood they will occur because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don’t view the threat as a problem.

Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.

How bad are the consequences if I fail?

There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.

The motives of adversaries differ widely, as do their tactics. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.

Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.

Write down what your adversary might want to do with your private data.

How much trouble am I willing to go through to try to prevent potential consequences?

There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.

For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a mother who regularly emails her daughter funny cat videos.

Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.

Source: https://www.privacyguides.org/threat-modeling loaded 04.11.2021

How to Create an Anonymous Email Account

It’s not easy to be anonymous on the internet. Here’s how you can stay hidden even on email. By Eric Griffith Updated April 9, 2021

How do you set up a secret, nameless email address that contains no obvious connection to you, without the hassle of setting up your own servers?

This goes beyond encryption. Anyone can do that with web-based email like Gmail by using a browser extension like Mailvelope. For desktop email clients, either GnuPG (Privacy Guard) or EnigMail is a must. Web-based ProtonMail promises end-to-end encryption with zero access to the data by the company behind it, plus it has apps for iOS and Android.

But those tools don’t necessarily hide who sent the message. Secure email services will. Here are the services you should use to create that truly nameless, unidentifiable email address.

---

First Step: Browse Anonymously

Your web browser is tracking you. It’s that simple. Cookies may not know your name, but they know where you’ve been and what you’ve done and they’re willing to share. It’s mostly about serving you targeted ads, but that’s not much consolation for those looking to surf in private.

Your browser’s incognito/private mode can only do so much—sites are still going to record your IP address, for example. And incognito mode doesn’t matter if you sign into online accounts.

If you want to browse the web anonymously (and use that private time to set up an email), you need a VPN service and the Tor Browser, a security-laden, Mozilla-based browser from the Tor Project. It’s all about keeping you anonymous by making all the traffic you send on the internet jump through so many servers that those who would track you can’t figure out where you really are. It’ll take longer to load a website using Tor, but that’s the price of vigilance.

The free Tor Browser is available in multiple languages for Windows, macOS, Linux, and Android. It’s self-contained and portable, meaning on a desktop it will run off a USB flash drive if you don’t want to install it directly. Even Facebook has a Tor-secure address to protect users’ locations, which allows them access in places where the social network is illegal or blocked.

Tor is not perfect and won’t keep you 100% anonymous. The criminals behind the Silk Road, among others, believed that and got caught. However, it’s a lot more secure than openly surfing.

---

Second Step: Anonymous Email

You can set up a relatively anonymous Gmail account, provided you don’t give Google your real name, location, birthday, or anything else the search giant asks for when you sign up (while using a VPN and the Tor Browser, naturally).

You will eventually have to provide Google some other identifying method of contact, such as a third-party email address or a phone number. With a phone, you could use a burner or temporary number. An app like Hushed or Burner works, or buy a pre-paid cell phone and fib throughly when asked for any personal info. (Just know that even the most “secure” burner has its limits when it comes to keeping you truly anonymous.) https://www.youtube.com/embed/kLCVFpjSLsQ

There are anonymous email services you can use, so why use Gmail at all? The Electronic Frontier Foundation (EFF) says it’s smart to use a different email provider from your personal account if you crave anonymity. That way you’re less likely to get complacent and make a mistake.

Note that you also should use an email service that supports secure sockets layer (SSL) encryption. That’s the basic encryption used on a web connection to prevent casual snooping, like when you’re shopping at Amazon. You’ll know it’s encrypted when you see HTTPS in the URL (instead of just HTTP) and a lock symbol in the address or status bar.

Gmail, Yahoo Mail, and Outlook.com all support HTTPS; Google’s Chrome browser flags all non-HTTPS sites as insecure. The HTTPS Everywhere extension for Firefox, Chrome, Opera, and Android also ensures that websites default to using the protocol. (It’s built into the Tor Browser.)

That’s great for web surfing, but neither HTTPS nor VPN keeps you hidden when emailing. You know that. Pseudonyms in email (like anonguy55@gmail.com) aren’t enough, either. Just one login without using Tor means your real IP address is recorded. That’s enough for you to be found; just ask General Petraeus.

The point is, once you’ve gone this far, there’s no reason to go back. Utilize a truly anonymous web-based mail service. Here are some to try.

---

Anonymous Email Alias Generators

Guerrilla Mail

Guerrilla Mail provides ephemeral messaging—disposable, temporary email you can send and receive—and it’s all free. Technically, the address you create will exist forever, even if you never use it again. Any messages received, accessible at guerrillamail.com, only last one hour. You get a totally scrambled email address that’s easily copied to the clipboard. You can attach a file if it’s less than 150MB in size, or use it to send someone your excess Bitcoin. There’s an option to use your own domain name as well, but that’s not really keeping you under the radar. Coupled with the Tor browser, Guerilla Mail makes you practically invisible.

---

TrashMail.com

TrashMail.com isn’t just a site, it’s also a browser extension for Google Chrome and Firefox, so you don’t even have to visit the site. Create a new, disposable email from a number of domain options, and TrashMail.com will forward messages to your regular email address for the lifespan of the new TrashMail address, as determined by you. The only limit is how many forwards you get; to go unlimited, pay $20.99 a year. The site provides a full address manager interface so create as many addresses as you like.

---

AnonAddy

An open-source tool for creating unlimited email aliases, AnonAddy doesn’t store any messages. It lets you make as many as 20 shared domain alias (like @johndoe.anonaddy.com), or an unlimited amount of standard aliases using “anonaddy.com” for the address. But you get a lot more if you pay for the plans that start at $1 per month, like support for your own custom domain name. It also offers extensions for Firefox, Chrome, Brave, and Vivaldi browsers.

---

MailDrop

To get a MailDrop address, you don’t need to sign up, create a password, or pay a dime. The messages it accepts are limited: text or HTML that’s less than 500KB in size; only 10 at a time; and messages are cleared our regularly. But it supports extra aliases using a period in the name, so MyGreatAddress.SiteA@maildrop.cc can be used at one site while MyGreatAddress.AppA@maildrop.cc works on another, both using the same account. But it’s not that secure. Remember, you don’t even need a password, so neither does anyone else who wants to sign into your MailDrop. And all connections are logged.

---

Fully Private Email Services

ProtonMail

With servers in Switzerland (a country that appreciates secrecy), ProtonMail provides fully encrypted messages. Anyone can get a free account that holds 500MB of data and up to 150 messages per day, or pay 4 Euros per month to get advanced features like five addresses each with 5GB storage for up to 1,000 messages per day, and support for ephemeral messages that disappear after a set time period.

Encryption is one thing, but anonymity comes via ProtonMail’s specific support for Tor via an onion site it set up at protonirockerxow.onion. It provides full instructions on how to set up Tor on your desktop or mobile phone. Having anonymous users is so important to ProtonMail, it doesn’t require any personal info when you sign up. It even supports two-factor authentication and doesn’t make logs of IP addresses used for access.

---

Tutanota

Germany-based Tutanota is so secure, it even encrypts subject lines and contacts. A free plan for private use comes with 1GB of storage, but you can upgrade for 12 to 60 Euros per year, depending on your needs. Premium features include aliases, inbox rules, support, more storage, custom domains, logos (on the high-end version), and more. It’s limited to the Tutanota domain, but there are apps for iOS and Android.

---

Hushmail

Recommended by the EFF and others, Hushmail’s entire claim to fame is that it’s easy to use, doesn’t include advertising, and has built-in encryption between members.

Of course, to get all that, you have to pay, starting at $49.98 per year for 10GB of online storage; there’s a free 14-day trial for personal use. Access it on the web or iOS. Businesses can use Hushmail starting at $3.99 per user per month for nonprofits, going up to $5.99 for small businesses and $9.99 for legal and HIPAA-compliant healthcare entities. There’s a one-time $9.99 setup fee for everyone.

Note that Hushmail has turned over records to the feds before, well over a decade ago, and its terms of service state you can’t use it for “illegal activity,” so it’s not going to fight court orders. But at least it’s upfront about it.

---

PrivateMail

TorGuard is a global VPN service, which goes for around $9.99 per month to start. The service provides a separate PrivateMail service, which is $8.95 per month with 10GB of encrypted storage. All accounts get secure OpenPGP encryption of mail, no ads, and 24/7 help; try it free for seven days. There’s also an Android and iOS app for mobile users, but all the data is synced across devices. The anonymous part not only keeps your identity secret, it also supports anonymous payments with cryptocurrency, some of which can be used to pay for your PrivateMail account.

---

Mailfence

Belgium-based Mailfence started as a collaboration suite for organizations in 1999, and it still offers a 500MB free plan to anyone who needs it, complete with encrypted email and two-factor authentication logins. You can jump up to 5GB storage with 10 aliases for 2.50 Euros per month, or go Pro for €7.50 and get 20GB, 50 aliases, and more—like full mobile and Exchange support. Businesses and nonprofits can get a customized interface.

---

Abine Blur

For $39, Blur provides a service unlike anything else. This browser add-on is a password manager that lets you go about your online business without revealing anything about yourself. While almost every site/service online needs your email address to function—most use it as a username—Blur lets you create an unlimited number of anonymous, masked email addresses (and one anonymous phone number and masked credit card). Use them anywhere and everywhere. All the messages sent to the various anon emails will funnel to your regular email address. The only company in the know about who you are, really, is Abine. Read our full review.

Source: https://www.pcmag.com/news/how-to-create-an-anonymous-email-account loaded 04.11.2021

Edward Snowden Reveilings

Edward Joseph Snowden (born June 21, 1983) is an American former computer intelligence consultant who leaked highly classified information from the National Security Agency (NSA) in 2013, when he was an employee and subcontractor. His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments, and prompted a cultural discussion about national security and individual privacy.

In 2013, Snowden was hired by an NSA contractor, Booz Allen Hamilton, after previous employment with Dell and the CIA.^[1] Snowden says he gradually became disillusioned with the programs with which he was involved, and that he tried to raise his ethical concerns through internal channels but was ignored. On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in Hawaii, and in early June he revealed thousands of classified NSA documents to journalists Glenn Greenwald, Laura Poitras, Barton Gellman, and Ewen MacAskill. Snowden came to international attention after stories based on the material appeared in The Guardian, The Washington Post, and other publications. Snowden also made extensive allegations against the GCSB, blowing the whistle of their domestic surveillance of New Zealanders and acts of espionage under John Key‘s government.^[2][3]

On June 21, 2013, the United States Department of Justice unsealed charges against Snowden of two counts of violating the Espionage Act of 1917 and theft of government property,^[4] following which the Department of State revoked his passport.^[5] Two days later, he flew into Moscow’s Sheremetyevo International Airport, where Russian authorities observed the canceled passport, and he was restricted to the airport terminal for over one month. Russia later granted Snowden the right of asylum with an initial visa for residence for one year, which was subsequently repeatedly extended. In October 2020, he was granted permanent residency in Russia.^[6]

A subject of controversy, Snowden has been variously called a traitor,^[7] a hero,^[8] a whistleblower,^[9] a dissident,^[10] a coward,^[11] and a patriot.^[12] U.S. officials condemned his actions as having done “grave damage” to the U.S. intelligence capabilities.^[13] Snowden has defended his leaks as an effort “to inform the public as to that which is done in their name and that which is done against them.”^[14] His disclosures have fueled debates over mass surveillance, government secrecy, and the balance between national security and information privacy, something that he has said he intended to do in retrospective interviews.^[15]

In early 2016, Snowden became the president of the Freedom of the Press Foundation, a San Francisco–based nonprofit organization that aims to protect journalists from hacking and government surveillance.^[16] He also has a job at an unnamed Russian IT company.^[17] In 2017, he married Lindsay Mills. On September 17, 2019, his memoir Permanent Record was published.^[18] On September 2, 2020, a U.S. federal court ruled in United States v. Moalin that the U.S. intelligence‘s mass surveillance program exposed by Snowden was illegal and possibly unconstitutional.

Source: Edward Snowden, https://en.wikipedia.org/w/index.php?title=Edward_Snowden&oldid=1080528689 (last visited Apr. 2, 2022).

Global surveillance disclosures (2013–present)

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies’ global surveillance^[1] of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States.^[2] In addition to a trove of U.S. federal documents, Snowden’s cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive “Five Eyes” network.^[2][3] In June 2013, the first of Snowden’s documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention.^[4] The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times (United States), the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L’espresso (Italy), NRC Handelsblad (the Netherlands), Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).^[5]

These media reports have shed light on the implications of several secret treaties signed by members of the UKUSA community in their efforts to implement global surveillance. For example, Der Spiegel revealed how the German Federal Intelligence Service (German: Bundesnachrichtendienst; BND) transfers “massive amounts of intercepted data to the NSA”,^[6] while Swedish Television revealed the National Defence Radio Establishment (FRA) provided the NSA with data from its cable collection, under a secret treaty signed in 1954 for bilateral cooperation on surveillance.^[7] Other security and intelligence agencies involved in the practice of global surveillance include those in Australia (ASD), Britain (GCHQ), Canada (CSE), Denmark (PET), France (DGSE), Germany (BND), Italy (AISE), the Netherlands (AIVD), Norway (NIS), Spain (CNI), Switzerland (NDB), Singapore (SID) as well as Israel (ISNU), which receives raw, unfiltered data of U.S. citizens that is shared by the NSA.^{[8][9][10][11][12][13][14][15]}

On June 14, 2013, United States prosecutors charged Edward Snowden with espionage and theft of government property. In late July 2013, he was granted a one-year temporary asylum by the Russian government,^[16] contributing to a deterioration of Russia–United States relations.^[17][18] Towards the end of October 2013, the British Prime Minister David Cameron warned The Guardian not to publish any more leaks, or it will receive a DA-Notice.^[19] In November 2013, a criminal investigation of the disclosure was being undertaken by Britain’s Metropolitan Police Service.^[20] In December 2013, The Guardian editor Alan Rusbridger said: “We have published I think 26 documents so far out of the 58,000 we’ve seen.”^[21]

The extent to which the media reports have responsibly informed the public is disputed. In January 2014, Obama said that “the sensational way in which these disclosures have come out has often shed more heat than light”^[22] and critics such as Sean Wilentz have noted that many of the Snowden documents released do not concern domestic surveillance.^[23] The US & British Defense establishment weigh the strategic harm in the period following the disclosures more heavily than their civic public benefit. In its first assessment of these disclosures, the Pentagon concluded that Snowden committed the biggest “theft” of U.S. secrets in the history of the United States.^[24] Sir David Omand, a former director of GCHQ, described Snowden’s disclosure as the “most catastrophic loss to British intelligence ever”.

Source: Global surveillance disclosures (2013–present), https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=1076797677 (last visited Apr. 2, 2022).

Pegasus (spyware)

Developer(s)	NSO Group
Operating system	iOS, Android
Type	Spyware
Website	nsogroup.com

Pegasus is spyware developed by the Israeli cyber-arms company NSO Group that can be covertly installed on mobile phones (and other devices) running most^[1] versions of iOS and Android.^[2] Pegasus is able to exploit iOS versions up to 14.6, through a zero-click exploit.^[1] As of 2022, Pegasus was capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the target device’s microphone and camera, and harvesting information from apps.^[3][4] The spyware is named after Pegasus, the winged horse of Greek mythology. It is a Trojan horse computer virus that can be sent “flying through the air” to infect cell phones.^[5]

Pegasus was discovered in August 2016 after a failed installation attempt on the iPhone of a human rights activist led to an investigation revealing details about the spyware, its abilities, and the security vulnerabilities it exploited. News of the spyware caused significant media coverage. It was called the “most sophisticated” smartphone attack ever, and was the first time that a malicious remote exploit used jailbreaking to gain unrestricted access to an iPhone.^[6]

The spyware has been used for surveillance of anti-regime activists, journalists, and political leaders from several nations around the world.^[7] In July 2021, the investigation initiative Pegasus Project, along with an in-depth analysis by human rights group Amnesty International, reported that Pegasus was still being widely used against high-profile targets.^[1]

Use by country

Although Pegasus is stated as intended to be used against criminals and terrorists,^[9] it has also been used by both authoritarian and democratic governments to spy on critics and opponents.^[39] A UN special rapporteur on freedom of opinion found that the use of the spyware by abusive governments could “facilitate extrajudicial, summary or arbitrary executions and killings, or enforced disappearance of persons.”^[40]

Armenia

About twenty Armenian citizens were spied on via Pegasus spyware. Media expert Arthur Papyan said it targeted the key figures of the opposition and the government – current and past government employees who knew valuable state secrets and have political influence, including the former director of the National Security Service and current chairman of the center-right Homeland Party. The local experts suspected that they were targeted either by the government of Armenia or Azerbaijan, or perhaps both. Papyan said that NSO group appears to be jailbreaking a phone and provides interface for viewing the obtained data. Minister of high-tech industry Vahagn Khachaturyan also received a warning letter from Apple, he rejected the theory that the spying party could be the current Armenian government.^[41]

Azerbaijan

The list of spied-upon citizens included dozens of journalists and activists from Azerbaijan. It was alleged that their mobile phones were tapped.^[42] The head of Azerbaijani service of Radio Liberty/Radio Free Europe (Azadliq) Jamie Fly expressed his anger when it was revealed that the phones of his five current and former employees were tapped with Pegasus.^[43]

Bahrain

Citizen Lab revealed the government of Bahrain used the NSO Group‘s Pegasus to hack activists, bloggers, members of Waad (a secular Bahraini political society), a member of Al Wefaq (a Shiite Bahraini political society), and members of the Bahrain Center for Human Rights. Bahrain reportedly acquired access to spyware in 2017. As per the report, the mobile phones of a total of nine rights activists were “successfully hacked” between June 2020 and February 2021. Those hacked included three members of Waad, three of the BCHR, one of Al Wefaq, and two of the exiled dissidents who reside in London. The Citizen Lab attributed “with high confidence” that a Pegasus operator, LULU, was used by the Bahraini government to breach the phones of at least four of the nine activists.^[44][45]

In January 2022, Bahrain was accused of using the Pegasus spyware to hack a human rights defender, Ebtisam al-Saegh. The prominent activist’s phone was hacked at least eight times between August and November 2019. As per the Citizen Lab, following the hacking attempt, al-Saegh faced incidents where she was harassed by the Bahrain authorities. It included being summoned to a police station, interrogation, rape threats, and physical and sexual assault. The attack left the rights defender in a state of “daily fear and terror”.^[46]

In February 2022, an investigation by Citizen Lab and Amnesty International revealed that the Pegasus spyware was used to infect the devices of a lawyer, an online journalist, and a mental health counsellor in Bahrain. All of the three activists were critical of the Bahraini authorities and were targeted with Pegasus between June and September 2021. One of the three activists remained anonymous, while the other two were Mohammed al-Tajer and Sharifa Swar (mental health counselor).^[47]

El Salvador

In January 2022, El Faro, a prominent Salvadoran news outlet, revealed that a majority of its staff had their phones infiltrated using Pegasus. The targeting was uncovered in an investigation conducted by Citizen Lab, and Access Now; the investigation revealed that the journalists of another 13 Salvadoran news organisations were targeted as well. Between July 2020 and November 2021, Pegasus was deployed on the phones of 22 employees of El Faro, including reporters, editors, and other staff. At the time of the targeting, the El Faro was looking into governmental corruption scandals, and the government’s clandestine dealings with the country’s gangs. The Salvadoran government denied responsibility for the espionage, and NSO Group declined to reveal whether the Salvadoran government was a client.^[48]

Estonia

Estonia entered negotiations to procure Pegasus in 2018, and had made a $30 million down payment for the tool. Estonia hoped to use the tool against Russian phones (presumably for gathering intelligence). Israel initially approved the export of Pegasus to Estonia, but after a senior Russian defense official approached the Israeli defense agencies and revealed that Russia had learned of Estonia’s intentions to obtain Pegasus, Israel decided to disallow Estonia from using Pegasus against any Russian phone number (following a heated debate among Israeli officials) so as to avoid damaging Israeli relations with Russia.^[49]

Finland

In January 2022 Finnish foreign ministry reported that several phones of Finnish diplomats have been infected with the Pegasus spyware.^[50]

Germany

Pegasus is in use by German Federal Criminal Police Office (BKA). BKA acquired Pegasus in 2019 with “utmost secrecy”, and despite hesitations from its legal council. The use of Pegasus by BKA was later revealed by German media.^[51]

Hungary

The government of Viktor Orbán authorized the use of Pegasus by Hungarian intelligence and law enforcement services to target the government’s political opponents.^[49] The Orbán government has been accused of using it to spy on members of media as well as on Hungarian opposition.^[52] According to the findings released in July 2021, journalists and managers of media holdings appear to have been spied on by the Hungarian government with Pegasus.^[53] Phone numbers of at least 10 lawyers, at least 5 journalists, and an opposition politician were included on a leaked list of potential Pegasus surveillance targets.^[54]

In November 2021, Lajos Kósa, head of a parliamentary defense and law enforcement committee, was the first Hungarian senior official who acknowledged that the country’s Interior Ministry purchased and used Pegasus.^[55] Kósa admitted that Hungary had indeed purchased and used Pegasus, stating “I don’t see anything objectionable in it […] large tech companies carry out much broader monitoring of citizens than the Hungarian state does.”^[52]

India

Main articles: Pegasus Project revelations in India and WhatsApp snooping scandal

In late 2019, Facebook initiated a suit against NSO, claiming that Pegasus had been used to intercept the WhatsApp communications of a number of activists, journalists, and bureaucrats in India, leading to accusations that the Indian government was involved.^[56][57][58] 17 individuals including human rights activists, scholars, and journalists confirmed to an Indian publication they had been targeted.^[59]

Phone numbers of Indian ministers, opposition leaders, ex-election commissioners and journalists were allegedly found on a database of NSO hacking targets by Pegasus Project in 2021.^[60][61][62] Phone numbers of Koregaon Bhima activists who had compromising data implanted on their computers through a hack found on a Pegasus surveillance phone number list.^[63]

Independent digital forensic analysis conducted on 10 Indian phones whose numbers were present in the data showed signs of either an attempted or successful Pegasus hack. The results of the forensic analysis threw up shows sequential correlations between the time and date a phone number is entered in the list and the beginning of surveillance. The gap usually ranges between a few minutes and a couple of hours.^[64]

11 phone numbers associated with a female employee of the Supreme Court of India and her immediate family, who accused the former Chief Justice of India, Ranjan Gogoi, of sexual harassment, are also allegedly found on a database indicating possibility of their phones being snooped.^[65][66]

Records also indicate that phone numbers of some of the key political players in Karnataka appear to have been selected around the time when an intense power struggle was taking place between the Bharatiya Janata Party and the Janata Dal (Secular)-Congress-led state government in 2019.^[67][68]

Israel

Israeli police use

In January 2022, it was reported that Pegasus was unlawfully used by the Israeli Police to monitor citizens as well as foreign nationals who were accidentally or intentionally infected by the software.^[69] The surveillance was ordered by high-ranking police officers, and was carried out without warrants or judicial supervision.^[70] The legal basis for use of spyware against citizens is disputed.^[71][72] The police had allegedly targeted civilians not suspected of any crime, including organisers of antigovernmental protesters, mayors, anti-LBGT parade activists, employees of government-owned companies, an associated of a senior politician,^[71] and former government employees.^[70] In one case, it was alleged that police targeted an activist who was not suspected of a crime, allegedly to gather information about the activist’s extra-marital affairs and use it as leverage.^[71]

In some cases, Pegasus was used to obtain information unrelated to an ongoing investigation to be used later to pressure the subject of an investigation. In some cases, police used Pegasus to obtain incriminating information from suspects’ devices, and then concealed the source of the incriminating information claiming it would expose intelligence assets.^[73] While the Israeli Police formally denied the allegations in the report, some senior police officials have hinted that the claims were true.^[74] The report led to the announcement of a number of parallel investigations into the police’s conduct,^[75] with some officials demanding a Commission of inquiry.^[76] Although the Attorney General launched an internal probe into the allegations,^[77] the Privacy Protection Council (which advises the Minister of Justice),^[78] demanded that a state commission of inquiry be created.^[76]

On February 1, the police admitted that there was, in fact, misuse of the software.^[79] On February 7, the widespread extent of the warrantless surveillance was further revealed to have included politicians and government officials, heads of corporations, journalists, activists, and even Avner Netanyahu [he], the son of then-Prime Minister, Benjamin Netanyahu. This has led to renewed calls for a public inquiry, including from the current police commissioner Kobi Shabtai himself (appointed January 2021), as well as from the Minister of the Interior, Ayelet Shaked and others.^[80]

Later in the day, the Minister of Public Security (the minister responsible for the police), Omer Bar-Lev, announced that he will be forming a commission of inquiry, to be chaired by a retired judge. Bar-Lev stressed that this commission will essentially be granted all the powers of a state commission (whose formation requires full cabinet support), including having the authority to subpoena witnesses, “regardless of seniority,” whose testimony may be used in future prosecutions.^[81] Despite this, calls for a state commission persisted from several ex-ministry heads who were targeted. The next day, the State Comptroller Matanyahu Englman, calling the crisis a “trampling on the values of democracy and privacy,” said that the investigation launched by his office will also be extensive, adding that it will not only include the police, but also the Ministry of Justice and the State Attorney’s Office.^[82]

Jordan

In January 2022, lawyer and activist Hala Ahed Deeb’s phone was targeted.^[83]

Kazakhstan

Activists in Kazakhstan were targeted,^[84] in addition to top-level officials, like Kassym-Jomart Tokayev, Askar Mamin and Bakytzhan Sagintayev. Among the 2000 targeted Kazak numbers were government critic Bakhytzhan Toregozhina, as well as journalists Serikzhan Mauletbay and Bigeldy Gabdullin.^[85][86] Most of these victims were involved in a civic youth movement Oyan, Qazaqstan.^[87]

Mexico

Mexico was the first country to purchase Pegasus.^[88] Early versions of Pegasus were used to surveil the phone of Joaquín Guzmán, known as El Chapo. In 2011, Mexican President Felipe Calderón reportedly called NSO to thank the company for its role in Guzmán’s capture.^[89][90] When a list of 50,000 phone numbers of potential Pegasus surveillance targets (selected by individual client governments) was leaked in 2021, a third of them were Mexican.^[88]

Targeting of scientists and health campaigners

In 2017, Citizen Lab researchers revealed that NSO exploit links may have been sent to Mexican scientists and public health campaigners.^[91] The targets supported measures to reduce childhood obesity, including Mexico’s “Soda Tax.”^[92]

2014 Iguala mass kidnapping

In July 2017, the international team assembled to investigate the 2014 Iguala mass kidnapping publicly complained they thought they were being surveilled by the Mexican government.^[93] They stated that the Mexican government used Pegasus to send them messages about funeral homes containing links which, when clicked, allowed the government to surreptitiously listen to the investigators.^[93] The Mexican government has repeatedly denied any unauthorized hacking.^[93]

Assassination of journalist Cecilio Pineda Birto

Cecilio Pineda Birto, a Mexican freelance journalist was assassinated by hitmen while resting in a hammock by a carwash. Brito had been reporting on the ties between local politicians and criminal organizations, and had received anonymous death threats during the weeks preceding the assassination; at about the same time, his phone number was selected as a possible target for Pegasus surveillance by a Mexican Pegasus client. Pegasus spyware may have been used to ascertain Brito’s location to carry out the hit by geolocating his phone; the deployment of Pegasus on his phone could however not be confirmed as his phone disappeared from the scene of the murder.^[94]

Use by Mexican drug cartels

Pegasus has been used by drug cartels and cartel-entwined government actors to target and intimidate Mexican journalists.^[95]

Other

A widow of slain renowned Mexican journalist was a target of an attempted Pegasus attack 10 days after her husband was assassinated.^[96]

Morocco

In 2019, two Moroccan pro-democracy campaigners were notified by WhatsApp that their phones had been compromised with Pegasus.^[59]

In June 2020, an investigation by Amnesty International alleged that Moroccan journalist Omar Radi was targeted by the Moroccan government using the Israeli spyware Pegasus. The rights group claimed that the journalist was targeted three times and spied on after his device was infected with an NSO tool. Meanwhile, Amnesty also claimed that the attack came after the NSO group updated their policy in September 2019.^[97]

In July 2021, Morocco had targeted more than 6,000 Algerian phones, including those of politicians and high-ranking military officials, with the spyware.^[98][99]

Panama

President of Panama Ricardo Martinelli personally sought to obtain cyberespionage tools after his election in 2009. After a rebuff by the U.S. in 2009, Martinelli successfully sought such tools from Israeli vendors, expressing an interest in acquiring a tool capable of hacking into mobile phones in a 2010 private meeting with Israeli PM Netanyahu. In 2012, NSO systems were installed in Panama City. The equipment was subsequently widely used for illicti domestic and foreign spying, including for spying on political opponents, magistrates, union leaders, and business competitors, with Martinelli allegedly going so far as to order the surveillance of his mistress using Pegasus.^[4]

Palestine

The mobile phones of six Palestinian activists were hacked using Pegasus with some of the attacks reportedly occurring as far back as July 2020, according to a report from Front Line Defenders.^[100]

Poland

Pegasus licenses were agreed on between Benjamin Netanyahu and Beata Szydło in July 2017.^[101] Citizen Lab revealed that several members of political opposition groups in Poland were hacked by Pegasus spyware, raising alarming questions about the Polish government’s use of the software. A lawyer representing Polish opposition groups and a prosecutor involved in a case against the ruling Law and Justice party were also compromised.^[102]

In December 2021, Citizen Lab announced that Pegasus was used against lawyer Roman Giertych and prosecutor Ewa Wrzosek, both critical of the ruling Law and Justice (PiS) government, with Giertych’s phone suffering 18 intrusions.^[103] 33 hacks to the phone of Krzysztof Brejza, a senator from the opposition Civic Platform (PO) were uncovered,^[104] and confirmed by Amnesty International.^[105] Leading to the 2019 European and Polish parliamentary elections, Brejza’s text messages were stolen as he was leading the opposition parties’ campaign. The texts were doctored by state-run media, notably TVP, and used in a smear campaign against the opposition.^{[105][106][107]} This prompted the Polish Senate to begin an inquiry into the deployment of the spyware.^[108]

On January 25, 2022, more victims were confirmed by Citizen Lab, including Michał Kołodziejczak of the agrarian movement Agrounia, and Tomasz Szwejgiert, a journalist and alleged former associate of the CBA.^[109][110]

According to the Supreme Audit Office (NIK), 544 of its employees’ devices were under surveillance over 7,300 times, some could be infected with Pegasus.^[111]

Rwanda

A joint investigation by The Guardian and Le Monde alleged political activists in Rwanda were targeted with Pegasus.^[112]

Saudi Arabia

In December 2020, it was reported that Saudi Arabia and the United Arab Emirates deployed a zero-click iMessage Pegasus exploit against two London-based reporters and 36 journalists at the Al Jazeera television network in Qatar.^[35][36]

Jamal Khashoggi

Pegasus was used by Saudi Arabia to spy on Jamal Kashoggi,^[113] who was later killed in Turkey. In October 2018, Citizen Lab reported on the use of NSO software to spy on the inner circle of Jamal Khashoggi just before his murder. Citizen Lab’s October report^[114] stated with high confidence that NSO’s Pegasus had been placed on the iPhone of Saudi dissident Omar Abdulaziz, one of Khashoggi’s confidantes, months before. Abdulaziz stated that the software revealed Khashoggi’s “private criticisms of the Saudi royal family,” which according to Abdulaziz “played a major role” in Khashoggi’s death.^[115]

In December 2018, a New York Times investigation concluded that Pegasus software played a role in the Khashoggi’s murder, with a friend of Khashoggi stating in a filing that Saudi authorities had used the Israeli-made software to spy on the dissident.^[116] NSO CEO Shalev Hulio stated that the company had not been involved in the “terrible murder”, but declined to comment on reports that he had personally traveled to the Saudi capital Riyadh for a $55 million Pegasus sale.^[117]

In 2021, allegations arose that the software may also have been used to spy on members of Kashoggi‘s family.^[118]

Targeting of Jeff Bezos

Pegasus was also used to spy on Jeff Bezos after Mohammed bin Salman, the crown-prince of Saudi Arabia, exchanged messages with him that exploited then-unknown vulnerabilities in WhatsApp.^[119][120]

Targeting of journalist Ben Hubbard

A New York Times correspondent covering the Middle East, Ben Hubbard revealed in October 2021 that Saudi Arabia used the NSO Group’s Pegasus software to hack into his phone. Hubbard was targeted repeatedly over a three-year period between June 2018 to June 2021 while he was reporting on Saudi Arabia, and writing a book about the Saudi Crown Prince Mohammed bin Salman. Hubbard was possibly targeted for writing the book about the Crown Prince, and for his involvement in revealing the UAE’s hacking and surveillance attempt of Project Raven. Saudis attempted to peek into Hubbard’s personal information twice in 2018, one through a suspicious text message and the other through an Arabic WhatsApp message inviting him to a protest at a Saudi embassy in Washington.

Two other attacks were launched against him in 2020 and 2021 using the zero-click hacking capabilities. Lastly, on June 13, 2021, an iPhone belonging to Hubbard was successfully hacked using the FORCEDENTRY exploit. Citizen Lab said in “high confidence” that the four attacks were attempted using Pegasus.^[121][122]

Other targets

Another Saudi exile Omar Abdulaziz in Canada was identified by McKinsey & Company as being an influential dissident, and hence had two brothers imprisoned by the Saudi authorities, and his cell phone hacked by Pegasus.^[113][123]

Spain

According to an investigation by The Guardian and El País, Pegasus software was used by the government of Spain to compromise the phones of several politicians active in the Catalan independence movement, including President of the Parliament of Catalonia Roger Torrent, and former member of the Parliament of Catalonia Anna Gabriel i Sabaté.^[124]

The scandal resurfaced in April 2022 following the publication of a report of a CitizenLab investigation that revealed widespread use of Pegasus against Catalan politicians and citizens, as well as Basque politician Arnaldo Otegi and MP Jon Iñarritu.^[125][126] A total of 63 victims was identified,^[127] with targets including elected officials (including high-ranking ones) and civil society members (including activists, journalists, lawyers, and computer scientists).^[128] The true extent of the targeting was potentially far larger as Android devices are far more common in Spain while CitizenLab tools are specialised to uncover infiltration of Apple devices. CitizenLab did not attribute the responsibility for the attacks to any perpetrators, but did note that circumstantial evidence strongly suggests the attacks were perpetrated by the Spanish Government.^[127]

On May the 2nd 2022 the Spanish Government revealed that the smartphones of Prime Minister Pedro Sánchez and Defense Minister Margarita Robles had been targeted by Pegasus during May 2021 ^[129]. The Trojan obtained 2.7 GB from the Prime Minister while only 9 MB were uploaded from the Defense Minister.^[130]

Togo

A joint investigation by The Guardian and Le Monde alleged that Pegasus software was used to spy on six critics of the government in Togo.^[112]

Uganda

It has been reported that Muhoozi Kainerugaba brokered a deal to use Pegasus in Uganda, paying between $10 and $20 million in 2019. The software was later used to hack the phones of 11 US diplomats and employees of the US embassy in Uganda some time during 2021.^[131]

Ukraine

At least since 2019, Ukraine had sought to obtain Pegasus in its effort to counter what it saw as an increasing threat of Russian aggression and espionage, however, Israel had imposed a near-total ban on weapons sales to Ukraine (which also encompassed cyberespionage tools), wary of selling Pegasus to states that would use the tool against Russia so as not to damage relations with Russia. In August 2021, at a time when Russian troops were amassing on the Ukrainian border, Israel again rebuffed a request from a Ukrainian delegation asking to obtain Pegasus; according to a Ukrainian official familiar with the matter, Pegasus could have provided critical support in Ukraine’s effort to monitor Russian military activity. In the wake of the 2022 Russian invasion of Ukraine, Ukrainian officials rebuked Israel’s tepid support of Ukraine and Israeli efforts to maintain amicable relations with Russia.^[49]

United Arab Emirates

In December 2020, it was reported that Saudi Arabia and the United Arab Emirates deployed a zero-click iMessage Pegasus exploit against two London-based reporters and 36 journalists at the Al Jazeera television network in Qatar.^[35][36]

The United Arab Emirates used Pegasus to spy on the members of Saudi-backed Yemeni government according to an investigation published in July 2021. The UAE used the spyware to monitor and spy on the ministers of the internationally recognized government of President Abdrabbuh Mansur Hadi, including Yemeni president and his family members, former Prime Minister Ahmed Obaid Bin Dagher, former Foreign Minister Abdulmalik Al-Mekhlafi, and current Minister of Youth and Sports, Nayef al-Bakri.^[132]

On 24 September 2021, The Guardian reported that the telephone of Alaa al-Siddiq, executive director of ALQST, who died in a car accident in London on 20 June 2021, was infected with the Pegasus spyware for 5 years until 2020. Citizen Lab confirmed that the Emirati activist was hacked by a government client of Israel’s NSO Group. The case represented a worrying trend for activists and dissidents, who escaped the UAE to live in the relative safety, but were never out of the reach of Pegasus.^[133]

In October 2021, the British High Court ruled that agents of Mohammed bin Rashid Al Maktoum used Pegasus to hack the phones of his (ex)-wife, Princess Haya bint Hussein, her solicitors (including baroness Fiona Shackleton), a personal assistant and two members of her security team in the summer of 2020. The court ruled that the agents acted “with the express or implied authority” of the sheikh; he denied knowledge of the hacking. The judgment referred to the hacking as “serial breaches of (UK) domestic criminal law”, “in violation of fundamental common law and ECHR rights”, “interference with the process of this court and the mother’s access to justice” and “abuse of power” by a head of state. NSO had contacted an intermediary in August 2020 to inform Princess Haya of the hack and is believed to have terminated its contract with the UAE.^[134]

On 7 October 2021, the NSO Group stated that it had terminated its contract with the UAE to use its Pegasus spyware tool after the ruling by UK’s High Court that Dubai’s ruler misused the firm’s Pegasus software to spy on his ex-wife and her legal advisers.^[135]

In 2022, sources revealed that a unit of Abu Dhabi’s Mubadala Investment Company, Mubadala Capital was one of the largest investors in €1 billion Novalpina Capital private equity fund, which bought the NSO Group in 2019. Since then, Mubadala has been an investor in the firm with its commitment of €50 million, acquiring a seat on the committee of largest investors of the equity fund. Journalists, human rights defenders and the women of Dubai’s royal family were traced to have been hacked using the Pegasus spyware during the same time.^[136]

A report by the Citizen Lab revealed that Pegasus spyware linked to an Emirati operative was used to hack into the phones at the Downing Street and the Foreign Office. One of the spyware attack on No 10 was on 7 July 2020, which was asserted to have infected the phone of British Prime Minister Boris Johnson. Besides, at least five attacks were identified on Foreign Office phones by UK allies, including the UAE, between July 2020 and June 2021.^[137] The UAE was also alleged of hiring a firm to “monitor” Jeremy Corbyn.^[138]

United Kingdom

In April 2022, Citizen Lab released a report stating that 10 Downing Street staff had been targeted by Pegasus, and that the United Arab Emirates was suspected of originating the attacks in 2020 and 2021.^[139]

United States

NSO Group pitched its spyware to the Drug Enforcement Administration (DEA), which declined to purchase it due to its high cost.^[140]

In August 2016, NSO Group (through its U.S. subsidiary Westbridge) pitched its U.S. version of Pegasus to the San Diego Police Department (SDPD). In the marketing material, Westbridge emphasized that the company is U.S.-based and majority-owned by a U.S. parent company. An SDPD Sergeant responded to the sales pitch with “sounds awesome”. The SDPD declined to purchase the spyware as it was too expensive.^[34]

Pegasus spyware was found in 2021 on the iPhones of at least nine U.S. State Department employees.^[141] The US government blacklisted the NSO Group to stop what it called “transnational repression“.^[142]

In December 2021, AP reported that 11 U.S. State Department employees stationed in Uganda had their iPhones hacked with Pegasus.^[143]

In January 2022 it was reported that the Federal Bureau of Investigation (FBI) had secretly bought the Pegasus spyware in 2019 and was also given a demonstration of Phantom, a newer tool that could hack American phone numbers. They considered using both tools for domestic surveillance in the U.S., which reportedly led to discussions between the FBI and United States Department of Justice which ultimately lead to the FBI deciding against using it and all NSO spyware in 2021. However, despite ruling against using it, Pegasus equipment is still in the FBI’s possession at a New Jersey facility.^[144][145]

Yemen

The forensic analysis of UN independent investigator Kamel Jendoubi’s mobile phone revealed on 20 December 2021 that he was targeted using spyware while probing war crimes of Yemen. Jendoubi was targeted while he was examining possible war crimes in Yemen. Jendoubi’s mobile number was also found in the leaked database of the Pegasus Project. According to the data, Jendoubi was one of the potential targets of one of NSO Group’s long-time clients, Saudi Arabia. However, NSO spokesperson denied Kamel Jendoubi as any of its client’s targets.^[146]

International organizations

European Union

In April 2022, according to two EU officials and documentation obtained by Reuters, the European Justice Commissioner Didier Reynders and other European Commission officials had been targeted by NSO’s software. The commision learned of this after Apple notified thousands of iPhone users in November 2021 that they were targeted by state-sponsored hackers. According to the same two sources, IT experts examined some of the smartphones, but the results were inconclusive.^[147]

Source: Pegasus (spyware), https://en.wikipedia.org/w/index.php?title=Pegasus_(spyware)&oldid=1087424965 (last visited May 16, 2022).