Alessio Stefan : 18 March 2025 18:24
Politics, information technology, and privacy. A triad continually seeking balance with a history of conflict that originates from the introduction of personal computers at the consumer level. Attempts by the U.S. government in preventing access to “strong enough” cryptography for foreign nationals and states were numerous from 1990 onward. Dubbed as the “Crypto Wars,” such attempts were aimed at maintaining an acceptable level to warrant potential decryption by government agencies for public security reasons.
Out of this context came the Pretty Good Privacy (PGP) software that allowed authentication and private communications. The use of PGP was widely adopted by a large segment of users from around the world, from chiperpunks to political dissidents. Creator Phil Zimmermann was placed under investigation by the U.S. government in February 1993 for “exporting ammunition without a license,” where “ammunition” was defined as any cryptographic scheme containing keys more than 40 bits in size (PGP used no less than 128 bits). The charges were muted in the following years ending in nothing but demonstrating how innovations aimed at achieving secure, private communications are judged differently by public agencies.
Further scandals in 2010 with the leaks of former NSA agent Snowden where among other documents were leaked documents regarding Operation Bullrun that had the sole purpose of allowing the agency to crack several encryption algorithms used in online communications (infiltration of computer systems was among the permitted approaches). Among the uses of breaking encryption would be real-time monitoring of VPN connections, reading protected files, and intercepting E2EE communications. To date, NSA efforts [1] would allow U.S. government forces to be able to decrypt massive online trades[2] putting communications even outside U.S. borders at high risk.
Vorresti toccare con mano la Cybersecurity e la tecnologia? Iscriviti GRATIS ai WorkShop Hands-On della RHC Conference 2025 (Giovedì 8 maggio 2025)
Se sei un ragazzo delle scuole medie, superiori o frequenti l'università, oppure se solamente un curioso, il giorno giovedì 8 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terranno i workshop "hands-on", creati per far avvicinare i ragazzi alla sicurezza informatica e alla tecnologia. Questo anno i workshop saranno:
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
Certainly taking what the United States of America has done is for illustrative purposes only given the high capabilities and achievements of its intelligence services, there have been many other states acting with the same interests as the US. Currently the UK is pressuring Apple to gain access to their customers’ iCloud data, Russia is gradually trying to prevent Tor access within its borders, China is forcing its citizens to use applications containing backdoors to read communications, and, as we will see in this article, Italian government clients of the company Paragon are using Graphite spyware against journalists and activists.
Many were surprised by the news regarding the termination of the contract between Paragon and the Italian government when the latter allegedly, according to the Israeli company, violated the terms of service by using their spyware on unauthorized targets including the editor of Fanpage. Reality and events since the 1990s, on the other hand, show us that we should not be so surprised by such an operation, obviously it is a violation to the detriment of civil rights that democratic governments should defend but it is undeniable how such news is just a link in a long series.
When we talk about privacy in the West there is a tendency to downplay the domestic phenomenon (in our case in Europe) and to compare the slice of the world to the west with what happens in states like Iran, China, Russia or even North Korea. Obviously we are in different contexts but this cannot (and should not) automatically end in a false sense of security supported only by comparisons with worse (or rather, more obvious) situations than our own. Precisely because we recognize the lack of respect for privacy in other regions of the world leads to our governments not behaving in the same ways by acting differently and allowing it to take a back seat by achieving the same results. Privacy, like security, is not a matter of laws or regulations but rather a matter of approach and proper recognition of threats.
An attempt will be made here to make an analysis of the Paragon case in italy starting with the facts that have happened and then expanding the discussion to facts that have happened in the past. The goal is to pose reflections on the role of government agencies towards privacy going beyond the mere outrage that has prevailed from such news in recent days.
Given the nature of the subjects in question, it is important to emphasize the approach taken while writing this article. There is no political motivation in addressing the subjects in question, all the events posed are addressed regardless of political or governmental position based on what is publicly accessible with an objective and super-partisan view. There is no interest other than to describe situations and events for what they are (or have been) leaving the reader freedom of analysis and interpretation.
Let’s start with recent events, the Paragon scandal in Italy. Events began on January 31 when the WhatsApp team (Meta) identified with “high confidence” that 90 users were subject to a “possible” cyber attack distributed via sharing attachments within the messaging app. It was not stated how Meta detected such a campaign (this is a zero-click vulnerability that does not require interaction on the part of the victim) nor the identity of the victims by merely contacting them directly on WhatsApp with their official WhatsApp Support profile. As stated by Fanpage.it editor Francesco Cancellato who proceeded to publish the screen of the message complete with advice on contacting Citizen Labs, an independent study center responsible for the discovery of the campaign.
The Guardian was among the first to publish the news confirming that the software used is spyware developed by Paragon Solutions. Also according to Cancellato‘s statements, 7 individuals including journalists and activists (without explicitly naming them) were identified in Italy, leaving more than 80 people not publicly acknowledged as victims. In the following days the following individuals targeted by Paragon’s malware were confirmed :
Before we learn about Paragon and its origins, we must cover the public responses given by the government and the entities in question. From the outset, the Italian government denied, via an official note from Palazzo Chigi (Feb. 5, 2025), that it had subjected Italian information workers to espionage activities and stated that the Agency for National Cybersecurity (ACN) had contacted WhatsApp, which confirmed as many as 7 Italian individuals as victims of the spyware campaign. Also ACN confirmed that Meta would identify other countries (only in the EU) in which spyware would be used : Belgium, Greece, Latvia, Lithuania, Austria, Cyprus, Czech Republic, Denmark, Germany, Netherlands, Portugal, Spain, Sweden and, of course, Italy.
The following day (Feb. 6, 2025) again The Guardian thanks to anonymous sources inside Paragon Solutions, refuted the statements of Palazzo Chigi revealing that the producer of Graphite spyware would terminate the contract for violation of the code of ethics that would explicitly limit non-use on journalists and social activists. This news was confirmed shortly thereafter by Israeli newspaper Haaretz, which reportedly confirmed not only the presence of a contract between Paragon and the Italian government but further specified that the entities that would have had access to the software were a law enforcement entity and an Italian intelligence corps. TechCrunch finally stated that it had requested comments from both ACN and the Prime Minister’s Office but had not received a response regarding the situation.
Unfortunately, there is, as of the writing of this article, no information on additional victims thus having to rely only on the 5 individuals who have been publicly exposed. Leaving aside Francesco Cancellato it is impossible not to notice a congruence regarding individuals involved in migrant smuggling, in particular the case of El Gomati and Yambio could be related to a further scandal regarding Osama Elmasry Njeem (known through the press as “Elmasri”) who was extradited from Italy to Libya despite the international arrest warrant issued by the International Criminal Court (ICC). This case is still being investigated with ongoing developments that will not be covered here but it should be noted, however, that the spyware victims and Elmasri’s case have in common the Africa-Italy migrant smuggling.
Paragon Solutions is the other major player in these events, a developer of tools for countering threats that offers its solutions only to 32 states including the U.S. and its allies (though without better specifying who is included in the definition of “allies”). Just in the U.S. in 2024 a $2MLN contract was signed between the company and ICE (Immigration and Customs Enforcement), the contract includes one year of training, hardware and access to Graphite commercial spyware. Paragon made no secret of the fact that it has the U.S. government on its client list, further specifying that it has selection criteria on the sale of their products including “being a democratic state.”
The origins of the company began in 2019 when it began its journey in the Israeli digital industry as a startup and competitor of NSO also a developer of spyware and other offensive solutions available to Western governments. Not much is known about the internal structure of the company (typical of “stealth companies”) but there are some well-known names in the Israeli intelligence industry among the founders[5].
The founding in 2019 does not seem to be coincidental, the “WhatsApp Snooping” scandal regarding the WhatsApp application and the company NSO (developer of Pegasus Spyware) again began in October 2019 after software developed by NSO was used on journalists, politicians, and Indian judiciary bodies within weeks of the elections.
Meta subsequently investigated, finding more than 1,400 infected devices [6] and suing the company. From then on a series of further scandals[7][8][9] regarding the illicit use of Pegasus (“illicit” is defined as any target not related to crime or national security risks). In 2021, the Biden administration blacklisted Pegasus Spyware banning its use by U.S. entities[10] and about a month after implementing the ban against NSO the same spyware was used on U.S. diplomats who were outside U.S. borders.
In a previous article we covered the statements of the CEO of NSO who after the Oct. 7, 2023, terrorist attack by Hamas on Israeli soil, released a transparency report regarding Pegasus spyware. CEO Yaron Shoat stated that such attacks are facilitated by E2E technology and solutions such as Pegasus should be used with an ironclad ethical framework to protect the protection of civilians and their civil rights.
In late 2024 there were multiple reports of the purchase of Paragon Solutons by the American company AE Industrial Partners for $900MLN, a purchase that was confirmed in 2025 by pointing out that it was concluded without waiting for the approval of the U.S. Defense Minister who was reviewing the contract between the 2 parties. Despite the purchase by the U.S. it was decided that the company will continue to operate entirely from Israel under the supervision of the Israeli government.
The company currently has Graphite Spyware (the same one used in the attack campaign identified by Meta) as its flagship product, which, according to experts, can be used on WhatsApp, Telegram, and Signal. There is no way to access the code of ethics cited by the company that goes into discriminating which individuals can be affected by Graphite nor any other terms of the contracts other than Paragon’s commitment to have zero tolerance to customers who do not comply with the terms of use. According to Forbes sources, the spyware would not give complete control to the victims’ devices but only to the messaging application with which the malware is delivered, managing to bypass E2E, there is no confirmation or denial regarding the spyware’s capabilities once installed on the devices.
Meta has moved its legal team against Paragon Solutions by sending a cease and desist notice to the Israeli company. Again Meta stated its commitment to safeguarding user communications on its platform omitting details of how the spyware campaign was identified, how Paragon’s software was recognized, and how it was able to identify individual users affected by Graphite.
Unfortunately, as mentioned in the introduction, there is no surprise about the events that occurred in early February. As shown there have been multiple illicit uses of tools that, on paper, should serve to counter crime and terrorism for the security of states (specifically, given the requirements, those considered democratic).
Staying within European borders there have been other recent cases again concerning the use of spyware on civilians and politicians, the biggest example being PredatorGate also nicknamed the Greek WaterGate. Cytrox is another government spyware vendor based in North Macedonia and part of a cluster for the production of this type of malware with offices and R&D in Europe born to compete with the giant NSO[11]. Cytrox was founded by a former member of Israeli intelligence named Tal Dilian.
In 2022, Predator spyware (equivalent to Graphite and Pegasus) was used for a mass infestation on Greek political figures (particularly opposition) and journalists. In addition to spyware, the Greek intelligence service EYP, which was put under direct control of Prime Minister Kyriakos Mitsotakis following his election victory in 2019 (Law 4622/2019), played an active role.
To give the proper political context, it is important to report that in the wake of the Greek economic crisis of 2010, one of the problems of the Greek government was corruption within institutions, and Mitsotakis has always made it explicit, especially in the election campaign, that he wanted to defeat both the corruption and elitism present in the halls of power in Greece.
Prominent among the devices monitored is that of the government’s main opponent Nikos Androulakis and 91 other people including government agencies, the military and journalists via Predator. The case was brought into the public eye when journalists Stavros Michaloudis and Thanassis Koukakis in 2022 accused the government of wiretapping their communications leading politician Androulakis to go public with the same accusations. The EYP later confirmed that it had wiretapped Koukakis’ communications but denied using Predator; moreover, no evidence was made available to offer to confirm or deny the allegations of using Cytrox spyware.
Panagiotis Kontoleon, director of EYP, signed his resignation in August 2022, and in Septemberan independent investigation found Predator installed on his smartphone, thus taking the case to the Greek Supreme Court[12]. Greek intelligence actions extended beyond national borders going after Artemis Seaford, security policy manager of Meta with dual Greek-US citizenship, in an unspecified period between 2020 and 2022. Citizen Labs later confirmed that it was subjected to interception via spyware for at least two months in 2021.
The Greek WaterGate situation has caused the positions of journalists within the European Union to be greatly reevaluated, putting it in last place among member countries (until 2023) for its treatment of freedom of the press and circulation of information. A similar case to Italy and one that does not seem to have abated given the presence of Greek targets within the recent Graphite campaign[13].
Predator has a curious sharing with Pegasus (NSO) when an additional opposition politician Ayman Nouregiziano was infected with both spyware operating from two different national entities at the same time[14]. In addition, Cytrox licensed Predator to the Sudanese paramilitary Rapid Supported Forces (RSF)[15] accused of human rights crimes such as torture and murder of protesters.
The Italian public should not worry about the single spyware event this February but rather concern should be placed on the trend that has long been imprinted on the borders of our country. When we talk about privacy violations, FBI, NSA, GRU, FSB and other intelligence agencies outside the beautiful country immediately come to mind while ignoring how the same attitudes are present in Italy.
HackingTeam is the Milan-based NSO Made in Italy that can afford to display an extremely good track record having had dealings in 2013 with Saudi Arabia regarding its capabilities to block a nuclear power plant in Iran (a description very similar to Stuxnet). With Saudi Arabia there is known to have been a purchase negotiation by the latter ending in a deadlock due to lack of agreement between the two parties regarding dividends[16].
HackingTeam offered their software to Italian and other government agencies, the most famous being Remote Control System (RCS)[17]. During the Yara Gambirasio crime case, HackingTeam obtained access of Bossetti’s computer with their “Galileo” system[18].
Judgments about HackingTeam changed drastically when Phineas Fishers managed to penetrate the company’s internal network by releasing confidential documents on WikiLeaks and BitTorrent (2105). For the more curious, know that there is an actual walkthrough documented by Fishers himself on his activities within the HackingTeam network with exhaustive documentation on the illicit activities of the Milan-based company.
Inside malware makers "Hacking Team": hundreds of Gb of e-mails, files, and source code https://t.co/WVdlKPb2Rb https://t.co/IEJYK94zva
— WikiLeaks (@wikileaks) July 6, 2015
In the leaked 400GB there was clear evidence of the sale of their products to authoritarian regimes such as Egypt, Sudan and Saudi Arabia managing to bypass EU impositions regarding the export of this type of software[19][20][21][22].
Lighthouse Reports in 2022 uncovered another Pandora’s box by uncovering the activities of another spyware company called Tykelab where it tracked targets both outside and inside Italy by exploiting vulnerabilities in mobile device networks. Tykelab’s parent company is called RCS responsible for creating the “Hermit” spyware discovered in 2022 by Google. Hermit’s capabilities are similar to those of Pegasus allowing access for Android and iOS devices.
According to Google’s report[23],it showed collaboration between ISPs and attackers particularly pronounced in operations within Italian borders. According to a 2021 Chamber report, the spyware in question was allegedly used illicitly by law enforcement agencies during anti-corruption operations and heavily in the Kazakhstan region. RCS has had collaborations with HackingTeam again according to internal emails leaked by Fishers[24]. Tra le vittime di Hermit abbiamo nuovamente giornalisti, politici ed accademici nelle diverse regioni nella quale è stato adoperato da parte di forze governative.
Even more recent case (2024) that of the company Equalize accused of working in collaboration with the Vatican and Israeli state services by stealing information of several people including politicians, musicians, athletes (including recently published Marcell Jacobs) and Italian businessmen[25]. Carmine Gallo (ex-police officer) and Enrico Pazzali(manager of Fieramilano and associate of Equalize) were alleged to be the arm of Equalize, both Gallo and Pazzali had access to state databases containing data of companies and citizens.
The service offered by Equalize had several clients including the Italian state-owned ENI oil-company which was frequently mentioned in investigative documents regarding illicit database access[26]. Heineken Italy also allegedly relied on the company making use of spyware on two of its employees. Among the victims of the scandal are names such as Sergio Mattarella (current President of the Republic) and former Prime Minister Matteo Renzi[27].
The entire scheme was allegedly headed by Nunzio Samuele Calamucci who was said to have received influences from foreign countries such Israel and Vatican which would have benefited from the illicit access by Equalize with the apparent motive of obtaining information on Russian assets. according to the investigations posed by the judiciary there would have been at least one meeting between the top management of Equalize and those of the Mossad and several “reports” sent to the Vatican state[28].
Confirming the entanglement between Equalize and part of Italian law enforcement has to do with Ignazio La Russa, current president of the Senate. In the spring of 2023, an investigation was initiated by the prosecutor’s office after an allegation of sexual harassment against the president’s son along with other people allegedly involved, this investigation was not yet public knowledge. According to recent developments in the Equalize investigation[29], La Russa allegedly contacted Enrico Pazzali directly and that the latter then began “verifying” the president’s family (unspecified which and how many members) through the Beyond trojan. In addition, Pazzali himself allegedly received a call from a carabiniere whose name is not yet public (nor the rank it held) who allegedly asked the Equalize partner for information about La Russa’s house (from the wiretaps heard by investigators both explicitly mention the name “Ignazio”). Also in another conversation Pazzali during the beginning of the audits allegedly said “Ignazio La Russa from 1953, no he is seventy-five years old” and “and also put another one, what is the name of the other son?”
For those more skeptical about the existence of this opaque landscape present in our country, we recommend reading Riccardo Coluccini’s report called Italian spyware on the international market [30] where he showed public budget investments in this sector explaining how every public safety agency has at least one reference contact to obtain spyware and every company in the sector has a satisfactory turnover making sure that the industry remains active within our country.
The same report mentions the case of Exodus spyware created by the company eSurv distributed on the google Play Store on behalf of Italian government agencies[31]. This type of campaign can potentially affect all Play Store users indiscriminately. The report also gives some interesting statistics showing that from 2010 to 2020 this type of operation quadrupled, and in 2021 alone there were 2896 authorizations (in Germany, in 2020 there are 48). Unexpectedly, the Italian spyware industry has a persistent presence in the international market competing with better known entities such as Paragon and NSO
As we have addressed in Italy, as throughout Europe, there is an ecosystem of government spyware not to be underestimated with operations both inside and outside Europe’s geopolitical borders. As shown, the misuse of these tools for purposes other than national security, countering terrorist threats or preventing drug trafficking is nothing new.
The word “privacy” has suffered the same treatment as “AI” or “CyberSecurity” gaining value more as a commercial buzzword than as a principle. Many will remember the “Chat Control” bill made in the EU that would have led to the total breakdown of E2E encryption within Europe in order to “protect children online” by indiscriminate scanning of messages to be able to identify child pornography. Leaving aside all the technicalities of the case (the EU would have accepted an error rate of 10% [32]) the point to be made was the various arguments from both politicians and citizens regarding this proposal.
The typical “I have nothing to hide” argument is prince when politicians try to increase their degree of surveillance on citizens by camouflaging it as an anti-crime solution (analogous to the spyware argument). Such an argument is fallacious on two basic points : total trust with respect to public/governmental entities and the “selfish” nature of the argument itself.
Addressing the bona fides of governments with respect to their digital surveillance measures requires care and sensitivity; it takes little to fall into anarchism for its own sake or to judge that those who address the discourse are crypto-anarchists with a hatred for government agencies regardless (always leading to “look to country X”). In order to address the discourse, it is important for all sides to shed their political beliefs based on facts and principles.
As mentioned in the introduction it has been for years that various states have tended to obtain backdoors (e.g. the UK-Apple case that became a reality recently[33]) or tools for unlimited active surveillance (government spyware) but despite this we tend to offer a veil of “good faith” in the choices of institutions taking away any critical spirit as citizens. Take as an example the GDPR that has been the talk of the town from its implementation until now both as a real effectiveness for privacy and as an economically cumbersome presence for European companies and consumer confidence in the handling of their data[34][35]. This legislation has been revered as an example demonstrating the protection of citizens by public bodies.
Leaving aside how the EU itself has been found to be disregarding its own law within the institutions[36][37] (which should at least give the benefit of the doubt) how is it possible that an entity such as the European commission has not yet created a framework for the adoption of spyware (or similar operations) from member countries? Why total political reticence with respect to tools that have been on the ground for years with uses far removed from crime fighting?[38][39]
It is not asserting bad faith on the part of the body in question but more an inadequacy on the subject (whether intentional or not), what happened with Paragon is nothing new but more importantly it is one of the most serious attacks on the whole European territory (let us remember that there are 90 victims spread over 14 member states) and the commission refuses to investigate because “national authorities are responsible in such cases.” [40]
Moreover, this unbridled confidence also extends to national entities (law enforcements, local government, etc…) with the idea that encrypted data access on a small number of people is lawful notwithstanding. In reality any access (however restricted) to any data source is synonymous with “broken encryption” putting at risk communications that must by design be read only between the intended endpoints. The same concept applies to the use of spyware.
“Backdoor” is understood to be both the technical concept (which adds a serious layer of risk, see Salt Typhoon[41]) and legislative where government agencies push private companies to break encryption by offering data in the clear to authorities. The real problem lies in the lack of understanding of how (relatively) easy it is for criminals to create their own encrypted communications channel leaving room for much doubt as to the real effectiveness of such measures
Staying in our realities, let us not forget the numerous proposals (including by Italian politicians[42]) of the implementation of digital identities in social and pornographic platforms, ironically always marking how such measures serve the protection of minors. These (serious) proposals tend to undermine the anonymity and interest of some groups in enforcing their online activities over their real identities and this is where the selfish nature of “I have nothing to hide” is addressed because even if it were true this does not detract from the fact that other individuals need to keep their anonymity (or privacy) intact whether from private companies or public entities. Leaving aside the implications that a data breach might have if a platform had data on the real identity of its users the real issue is the knowledge of “who does what” online by public bodies. It is not difficult to speculate, given the high interest on journalists and activists, scenarios where such a practice would create irreversible damage : if a state wanted to profile all pro-abortion people, movements that go against the majority in parliament or or citizens who have precise political preferences could do so with direct knowledge of the inividuals in question.
Dati inconfutabili ci dimostrano che l’uso dei social network è pericoloso per la #privacy e la #salute mentale e fisica dei bambini. Esistono regole europee, primo su tutti il #GDPR, che limitano la possibilità di dare consenso al trattamento dei propri dati, e quindi… pic.twitter.com/xoHf3LWJlp
— Giulia Pastorella (@PastorellaGiu) June 8, 2023
In conclusion, not relying on a government with regard to the privacy of democratic societies does not automatically correspond in their negative judgment to theorize bad faith but also to the inadequacy of certain practices or proposals (eg:/ laws placed in good faith but with diametrically opposite consequences). The real point is that privacy does not come from above, is not established by individual laws and, most importantly, is not achieved by placing total trust in any entity. Privacy is a matter of individual choices, about what and what not to use and about proactive and critical approaches that go to benefit our privacy or the privacy of others. To continue to assert that privacy (like security and anonymity) is achieved through policy choices is an oxymoron; while the state of privacy must remain fixed over time that of policy is constantly changing.
Democracy is not something that once obtained persists forever but rather is something to which each of us, regardless of our position, must cover every day by our individual and collective choices. To claim that the state is an entity that we can totally rely on or disinterest in how our privacy is treated because we personally do not value it is to undermine democratic societies at their very foundation. We must understand that this “Paragon scandal” is not the eception but rather the confirmation of a trend that states all have since the 1990s. What is meant by zero-trust is also about the state itself and that affirming this is not meant to be classified as an enemy but rather to understand the role of politics and its limits by understanding that some values need only the collective. In democracy we cannot hope for radical changes unless we change the underlying society with information and understanding of problems with their consequences.
If today we see the principle of communications privacy as fundamental to the Fourth Amendment, we have postal policymakers to thank, for it was through the post office, not the Constitution or the Bill of Rights, that early Americans first established that principle.
Anuj C. Desai
After explaining the entire government digital espionage industry present in and outside Italy and how safeguarding the sale to democratic states only is not sufficent to protect citizens’ privacy, it is likely that skepticism will prevail and is understandable given the apparent complexity of the topic. Let us explicate 2 most popular clichés and try to address them by offering as objective a view as possible.
The word “privacy” (as mentioned in previous sections) has become a buzzword and several entities have used it for advertising for its own sake, very common to come across “privacy solutions” with aggressive and persistent marketing. Typically these are VPN services promising “no log policy,” “spyware protection,” and an immune defense against an extremely exaggerated threat profile regarding public networks. With the backing of influencers and discounts with an indefinite shelf life such solutions tend to bring to their side a clientele that is yes concerned about their privacy but from a failed threat model and a knowledge at the most superficial of the term “privacy.”
To be clear, there are no single solutions that offer privacy and anonymity but rather that support users in achieving these goals. Furthermore, many of these companies have been fined for aggressive or deceptive marketing[47][48], sharing data with third parties and/or law enforcement[49][50] or inadequate security in their software[51].
Unfortunately, some companies care more about the profit than the real service offered, with invasive and continuous advertising over time allowing them to get a good share of the market with false or misleading claims knowing full well how the public cannot distinguish terms such as “anonymity” or “privacy” used as synonyms/reinforcement in their advertisements.
Precisely because the topic is important, it is not advocating to abandon such products but rather to (1) evaluate one’s options outside of advertisements or recommendations from online public figures and (2) to inform oneself with one’s own research based on one’s needs keeping in mind that with a shift in trust does not increase one’s privacy. Critical viewing of this content with independent insights and from verifiable sources will lead you to have an expanded view from the mere advertising of different companies and products whether they are VPNs, hosting services, or e-mail. Regarding VPNs one source from which to start can be the VPN Relationships map where community members collaborate to file different services with sources attached.
If the Paragon case has stunned you but you want to go beyond mere outrage by taking action to start preserving your privacy whether you are a journalist, activist, or just someone who values their right to “privatus” it is important to understand that it is easier today than in the past. There are many sources from which to begin to understand the subject without necessarily having to be a computer scientist or cryptographic expert. The following list is not to be considered as sufficent nor necessary to be able to inform yourself on the topic of privacy, always start your own research and above all maintain a degree of tolerance before relying on product/service advice.
To get the most out of the various resources one has available, it is important to compare with one’s surroundings to understand how much the issue is felt or is changing in order to adapt appropriately. The important thing is not to persuade anyone to change their uses of online nor even to persuade the use of one platform over another, the real goal is to give knowledge, and thus awareness, of how different external stakeholders have an interest in obtaining data and their motivations. Be the first person to decide for yourself how to act on this.
The Paragon case has brought to light what has perhaps not been adequately understood in Europe, and in Italy. There are government agencies with an active interest in obtaining information about citizens and journalists without the latter having done acts to justify the use of spyware. It is important to relieve ourselves of indignation and inform ourselves about the environment that covers so-called “democratic nations” and how that label does not make them reductive of actions that are anything but democratic, this article aimed to (1) make it clear how there is a truly prolific industry for the sale of malware in ways not unlike those we encounter in the criminal world and (2) expand on the now overused term “privacy” (both in bad and good faith) and how events such as the one of the last month should lead us to reflect on what every citizen can and should do to protect the so-called “democratic society” in a digital and interconnected environment.
If we really want freedom of the press, politics and opinion to remain intact by making our contribution that not only helps ourselves but also supports those who need it most. You cannot demand respect for your privacy and at the same time use platforms that have long used user data without precautions or knowledge.
If you are a journalist, activist, or any other figure who needs protection from threats designed to undermine the privacy of others you need to seriously consider safeguards for you, those around you, and most importantly your business. You need to make this (umpteenth) spyware case in Europe lead to change and not mere complaints by demanding that someone else keep a sensitive side like privacy intact. If this is not the case, we will be faced with yet another scandal that is going to deflate over time without new protections or awareness on the part of end users.
Thanks to anyone who read the article in its entirety.