NEW: Meet the folks at AccessNow's Digital Security Helpline, who have been investigating government spyware for more than a decade, helping journalists and dissidents all over the world.
I spoke to Hassen Selmi, who heads the incident response team, to learn how his team fights spyware abuses.
And people say targeted advertising doesn’t work
California winters are really something else (Half Moon Bay)
It’s fog season again in San Francisco!
10/ This is our first attempt at expanding the aperture of threats we report on - we would welcome your feedback as we want this to be a valuable tool for the security community. Read more here: transparency.meta.com/sr/Q2-Q3-202...
9/ Threat actors also target AI systems - in the report, we talk through how we approach securing model inputs and design.
8/ The good news - AI tools also hold some promise for building more effective defenses. We've piloted using AI to identify potential scam archetypes in Messenger conversations to warn people against engaging with a potential scam.
7/ Finally - AI continues to evolve and we've seen threat actors attempt to leverage AI tools for everything from content and image creation to more sophisticated social engineering to enable scams.
6/ Fourth: Russian operations continue a trend we've reported before of co-opting third parties in other countries to run their covert influence operations. We share two examples, both targeting Africa. This trend is particularly pernicious as it make it more difficult to hold them accountable
5/ read more about Endless Mayfly here from the people who originally named it: bsky.app/profile/rond...
4/ Third: We are able to attribute a long-running operation known as "Endless Mayfly" (H/T @citizenlab.ca) to Iran's International Union of Virtual Media. This operation spanned networks we disrupted from 2018 through 2024 and was active across numerous online platforms.
3/ Second: Ever since COVID, online fraud and scam activity has exploded. We walk through the internal Fraud Attack Chain taxonomy we use to map out scams and we also share an investigation into a scam center in Cambodia we disrupted 
Table of contents for the linked report
2/ First off - go read more here: transparency.meta.com/sr/Q2-Q3-202...
We just launched our new and expanded Adversarial Threat Report! We've been reporting on online threats like foreign interference for 7 years, but today's report expands our work to cover fraud, scams, and AI security threats. There's a ton in the report, I'll try to break it down in this thread. 1/
View from an airplane of the California coast and bring yellow mustard fields
View from an airplane of the California coast
It’s green season in the Bay! And the mustard is flowering in Half Moon Bay. Sometimes when world events have you down it’s good to get above it for a bit.
Holy shit sayyadina neuberger
How dare you
For those unfamiliar with the US intelligence community, this is the Discount Intelligence Agency
Huge improvement over how I used to get the homies to their Newark United connection
Getting ready to take my new couch from Hoboken to Brooklyn
In this episode of Zoom In Zoom Out on TaiwanPlus, The Citizen Lab’s senior researcher Rebekah Brown talks about the commercial spyware industry, its misuse by governments, and the urgent need for regulation.
#spyware
Watch it here: www.taiwanplus.com/news/shows/z...
Wrote a piece in @techpolicypress.bsky.social on some of the lessons that Meta’s Q3 threat report brings back to the surface in online IO:
1. Tension between virality & opsec
2. Experimentation is ongoing
3. Variation in defenses creates arbitrage dynamics
4. Line btwn overt & covert is blurry
Text and images from Meta's quarterly Adversarial Threat Report discussing "peculiar croissant-obsessed attempts to iterate and probe our ad defenses"
To quote @hayesbrown.bsky.social, "this is going to be [is already] the dumbest dystopia
6/ You might not normally notice satellites streaking by, star link microsats trailing in a line, or starlight twinkling through an inversion layer - but you definitely will when all your neighbors think the Iranians are invading with help from ET. And it wouldn’t be the first time:
5/ people notice things more when they’re pointed out. You might live your whole life in NJ without appreciating just how much helicopter, airplane, and other air traffic exists.
4.5/ The position of the lights can create confusing visual illusions when the aircraft passes or turns, and can look like they’re moving erratically or impossibly.
4/ people (even pilots) are pretty bad at identifying lights in the sky at night. Airplanes that would be 20-30 miles away and invisible during the day are easy to see at night, especially below 10k ft where their landing lights are on.
3.5/ It’s a mass hysteria self-licking ice cream cone. I wouldn’t be surprised if some people with hobby drones are flying around at night in NJ just to mess with people at this point
3/ maybe something weird was going on in NJ when this kicked off. But at this point you’ve WSJ and NYPost reporters posting videos of MD-80s and C17s flying over as if they’re alien spacecraft and hobbyists launching drones in NJ to try to take pics, causing more people to see real drones and panic
2.5/ and they are often flown by some guy that just bought a DJIPhantom at Walmart and has no idea what he’s doing. IG is full of videos by drone owners flagrantly violating these rules