Pegasus and /e/


Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone


Forensic Methodology Report: How to catch NSO Group’s Pegasus :

1 Like

I find this depressing. All of us /e/ users are trying to keep a little privacy. Working very hard, trying to avoid having our personal information bought and sold, maybe eventually to someone who will hurt us. Pegasus, firmware, google, whatsapp, other big tech - what’s next for us, the Matrix films?

I think The Matrix was a metaphor for what has actually happened with Google, Facebook et al. Like so many other examples of dystopian fiction, intended as a warning but interpreted as a blueprint.


I know it is kinda offtopic but in Satanism, one is allowed to do whatever makes him feel good, no matter what the effect on others is. The only thing is that things must be announced before taking actual action.
This is why the CIA and Disney built Hollywood.

Really? Where did you hear that? Are you sure you’re not thinking of Bond villains? :rofl:

A firewall like Little Snitch on the Mac might be able to catch and warn about suspicious connection attempts.

Having the firewall built-in on the system level (as opposed to a local VPN loopthrough like NoRoot Firewall and NetGuard) would allow for using a regular VPN alongside the firewall (either to a home network or a commercial one like Mullvad). A VPN would make it more difficult for attackers to inject malicious stuff into the network traffic, as they seem to have been doing during targeted attacks with counterfeit mobile base stations. Same with not using any random DNS server some public WiFi or phone carrier wants to send you to.

A firewall could also include a routine to detect if a process suddenly sends an unusual amount of data over the network. It could then inform the user of such activity.

Moreover, the firewall could contain a blacklist of known spyware endpoints or IP ranges and instantly disconnect all networks and issue a warning if a connection attempt is made. Same with process names. If a process named “bh” is encountered, take action.

The system could also monitor all processes that are usually active by collecting statistics and notify the user of any unusual changes, or new background processes that were not there before.

It could also monitor certain sensitive files (message databases etc.) for access. If, say, anything other than the Signal app accesses the Signal database, it could issue a warning.

Ultimately though, there is very little you can do to prevent a real targeted attack. Features like these might, however, help expose and thwart an initial infiltration attempt so the user has enough time to consult a security expert to avert further damage. Especially if the adversary deploys some off-the-shelf spyware that targets generic Android and does not account for special precautions that only /e/ might have, simple measures like these might work.

These are just a few ideas though, I’m not a security expert.


Good info dear.

it’s often media decoding that is exploitable (qualcomm also has many DSP vulnerabilities disclosed in 2020 that must be unpatched in old androids). Utility can be traded for security in hardening devices, as @nanabanaman writes, process/network hygenie is one instrument.

The system could also monitor all processes that are usually active by collecting statistics and notify the user of any unusual changes, or new background processes that were not there before.

An important section in the report is focusing on this. In 10. Mobile devices, security and auditability forensics is asking for manufacturers/vendors to provide better auditability.

Much of the targeting outlined in this report involves Pegasus attacks targeting iOS devices. It is important to note that this does not necessarily reflect the relative security of iOS devices compared to Android devices […]. In Amnesty International’s experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices […]. While iOS devices provide at least some useful diagnostics, historical records are scarce and easily tampered with. Other devices provide little to no help conducting consensual forensics analysis.

comparing mvt/ios/modules/fs to mvt/android/modules/adb it seems iOS has the benefit of recording net/data usage stats that rouge processes leave traces in (easily tampered with still, but…). For android it seems only battery stats can be combed for usage artifacts. So Android could help with more internal usage recording?

The Graphene people offer for hw backed (if supported) integrity checks of the OS itself.


How about using LokiNet, the free decentralised VPN service by

The makers of Session Private Messenger

This topic was automatically closed after 30 days. New replies are no longer allowed.