Adam

A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers By plugging tens of billions of phone numbers into WhatsApp’s contact discovery tool, researchers found “the most extensive exposure of phone numbers” ever—along with profile photos and more.

Researchers tried plugging every possible phone number into WhatsApp's web app. They found they could collect 3.5 billion users' phone numbers, plus photos for half and profile text for more than a third, the biggest personal data exposure ever by some measures. www.wired.com/story/a-simp...

Law enforcement: we need to break encryption to get access to Signal to protect the children!!

Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking

A chart showing how well 13 different Android AV apps detect 17 stalkerware products.

EFF teamed up with AV Comparatives to see how well anti-virus apps detect stalkerware on Android phones.

www.eff.org/deeplinks/20...

Practical Defenses Against Technofascism I gave the Saturday morning keynote at BSidesPDX! I spoke honestly and frankly about the terrifying reality that Americans are facing under Trump's fascist regime, alongside practical advise for commu...

Watch my BSidesPDX keynote where I spoke honestly and frankly about the terrifying reality that Americans are facing under Trump's fascist regime, alongside practical advise for communities to defend themselves micahflee.com/practical-de...

I presume someone just told Trump the Blue Jays are in the world series.

No doubt many of those landlords who "dont have confidence" feel that way because of the backlog at the LTB, something Ford still hasn't fixed.

Not to mention 100+ bike share bike docks within a block of the stadium

We Say You Want a Revolution: PRISONBREAK - An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime - The Citizen Lab We investigate a coordinated network of inauthentic X accounts that is spreading AI-generated content to induce revolt in Iran. The network has been active since 2023, but increased activity during th...

NEW REPORT: We uncovered a coordinated network of fake X profiles that is spreading AI-generated content to induce revolt in #Iran. We call this network “PRISONBREAK”.

Read the report 👉 citizenlab.ca/2025/10/ai-e...

Researchers say Israeli government likely behind AI-generated disinfo campaign in Iran The group leveraged dozens of social media accounts and “routinely used” AI-generated imagery and video to stoke unrest among Iran’s population, according to Citizen Lab.

The group leveraged dozens of social media accounts and “routinely used” AI-generated imagery and video to stoke unrest among Iran’s population, according to Citizen Lab. via @derekbjohnson.bsky.social cyberscoop.com/citizen-lab-...

We Say You Want a Revolution: PRISONBREAK - An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime - The Citizen Lab We investigate a coordinated network of inauthentic X accounts that is spreading AI-generated content to induce revolt in Iran. The network has been active since 2023, but increased activity during th...

1/ NEW REPORT: “We Say You Want a Revolution” - An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime. We call it PRISONBREAK. Keep reading to find out why.

THREAD 🧵

1/Citizen Lab’s new report on PRISONBREAK is a must-read. It exposes an AI-enabled influence operation targeting Iran with deceptive media, from the infamous Evin Prison gates video to deepfake music.

The Golden Age of Transnational Repression | Journal of Democracy Authoritarian regimes are targeting exiles and diaspora communities in more places than ever before. Activists, journalists, and regular people living abroad must watch their backs…

New today: my essay in @jodemocracy.bsky.social on The Golden Age of Transnational Repression: www.journalofdemocracy.org/articles/the...

here we stand and here we fight

Digital transnational repression and the limits of international human rights law in a ‘post-territorial’ world Traditional models of jurisdiction fail dissidents in an ever more connected world

A few (early) thoughts on digital transnational repression and extraterritorial human rights obligations over at @bindinghook.bsky.social. Thanks for the opportunity to share my research (again!).

To state the obvious, I was not paid by the Ford Foundation or Open Society to write the column, which is what Vance is alleging and he's saying he is going after those groups. Not the first time he's spouted conspiracy theories involving the Soroses to deflect criticism: apnews.com/article/jd-v...

Researchers find spyware on phones belonging to Kenyan filmmakers FlexiSPY, which is commercially available, can be more easily detected than far more expensive mercenary spyware available to nation states but has similar capabilities once installed, said John Scott...

Forensic researchers @citizenlab.ca today confirmed FlexiSPY spyware was found on 2 Kenyan filmmakers' phones. Victims helped produce a documentary about youth uprisings in the increasingly autocratic country. Spyware was installed while phones were in police custody. therecord.media/researchers-...

Spyware installed on Kenyan filmmakers' phones in police custody - Committee to Protect Journalists New York, September 10, 2025—The Committee to Protect Journalists is gravely alarmed by the installation of spyware on two Kenyan filmmakers’ phones while the devices were in police custody, and calls...

NEW: Spyware installed on Kenyan filmmakers' phones in police custody @citizenlab.ca confirms cpj.org?p=516177

last paragraph of testimony: "I urge this Committee to consider the real threat to Americans’ freedom of expression, the one here at home. I have noted a handful of areas where this administration is putting freedom of expression under direct attack. Where is the opposition, let alone outrage, given the attack not only on speakers – journalists, public media, professors, students, whistleblowers, civil servants – but on every American’s right of access to information about the issues important to our democracy and to our public’s health? That, I would respectfully submit, is the real threat to American speech and innovation, and I look forward to helping this Committee, in any way you see fit, work to address it."

👀 Jim Jordan held a House Judiciary Committee hearing on . . . how Europe censors Americans. Nigel Farage came along! Let's just say I have a slightly different view than them. My written and oral testimony are here: ijclinic.law.uci.edu/2025/09/03/h...

Here are my concluding paras:

⚖️ 🔍 My new op-ed for @justsecurity.org + @atlanticcouncil.bsky.social about the opportunities & dangers of discovery in U.S. spyware litigation

They are also currently clean on opsec

YouTube video by Micah Lee "We are currently clean on OPSEC": The Signalgate Saga (DEFCON 33)

Check out my #DEFCON33 talk about the Signalgate, full of unbelievable incompetence from the highest levels of the Trump administration www.youtube.com/watch?v=KFYy...

Citizen Lab director warns cyber industry about US authoritarian descent | TechCrunch Ron Deibert, the head of the prominent digital human rights groups Citizen Lab, sounds the alarm at the Black Hat security conference about the "dramatic descent into authoritarianism," but one that t...

NEW: I spoke to @rondeibert.bsky.social ahead of his keynote at Black Hat today.

Ron travelled to Vegas to warn the cybersec industry that perhaps it’s time to get political.

“They should be aware of what’s going on and hopefully they can not contribute to it, if not help reverse it,” he said.

The G7 condemned transnational repression, but will Canada meet its own commitments? A statement against this practice was a welcome sight, but will mean very little without concrete action

Canada 🇨🇦 makes many pledges re: regulating spyware, protecting victims of transnational repression, and protecting human rights.

But words must be followed by actions.

My latest @theglobeandmail.com on the G7 Leaders' Statement on Transnational Repression

www.theglobeandmail.com/gift/3d51c5f...

I Was Hacked Because I Work on Russia But the same clever new attack could be used against almost anyone.

I Was Hacked Because I Work on Russia foreignpolicy.com/2025/07/02/g...

Suspected Russian hackers used new tactic against UK researcher Suspected Russian hackers have deployed a new tactic to trick even wary targets into compromising their own accounts, a victim of the spy campaign and researchers said on Wednesday.

Keir Giles has been targeted *again* by allegedly Russian hackers — this time using a clever new trick intended to bypass 2-factor authentication.

Over the years I’ve written about Giles an unusual amount, and I have an idea about why.

First, the coverage:
www.reuters.com/technology/s...

Unspoken Implications: A Preliminary Analysis of Bill C-2 and Canada’s Potential Data-Sharing Obligations Towards the United States and Other Countries - The Citizen Lab On June 3, 2025, the federal government tabled Bill C-2, An Act respecting certain measures relating to the security of the border between Canada and the United States and respecting other related sec...

NEW today from myself @citizenlab.ca, on the unspoken implications of Canada's Bill C-2 for data-sharing with the United States and other foreign countries:

citizenlab.ca/2025/06/a-pr...

Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of the...

ICYMI, yesterday we released a report providing a first look at how we found traces of spyware on two journalists' iPhones, traces which we can attribute with high confidence to Paragon's Graphite spyware:

Researchers confirm two journalists were hacked with Paragon spyware | TechCrunch The confirmation of two hacked victims further deepens an ongoing spyware scandal that, for now, appears largely focused on the Italian government.

NEW: Citizen Lab have confirmed two journalists had their phones hacked with Paragon's Graphite spyware, likely by the same customer.

The now-confirmed infections call into question a report by Italian lawmakers, which didn't mention one of the hacked journalists.

@lorenzofb.bsky.social reports:

Researchers confirm two journalists were hacked with Paragon spyware | TechCrunch The confirmation of two hacked victims further deepens an ongoing spyware scandal that, for now, appears largely focused on the Italian government.

NEW: Researchers found forensic evidence of Paragon's spyware on the iPhones of two journalists.

One is Ciro Pellegrino, who works for @fanpage.it. The other is an unnamed prominent European journalist.

Looks like the spyware scandal that for now has focused on Italy may expand further in Europe.

So: the “Protect Bathurst / Dufferin” astroturf campaign run by Summerhill Market had videos of a guy talking about the neighborhood & RapidTO proposal. Real grassroots feel. Took a screenshot & put it into google image search. Guess what?