you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods
To add to this, there’s the cost trade. To use one of these 0days as a resource means the result needs to be equal to or more than the cost of using this. If it cost my opponent $3 to cause a problem, and it costs me $6 to fix it, my opponent effectively profited off of that exchange. I can’t think of a single journalist since Watergate that could cost the government enough money to be worth paying for this kind of removal when it’s far cheaper to have them murdered let them die peacefully in their sleep from bullet inhalation. Not to mention that it shows their hand if they so it publicly and makes future targets harder to hit.
You and I will never be worth the kind of money that currently takes, but if they get an official back door installed the cost goes down so far that it would literally never be a loss.
you’re not wrong, and it’s not really a conspiracy, it’s fairly well-documented at this point
there’s a whole industry of companies called ‘exploit brokers’ and surveillance vendors that sell smartphone compromise capabilities to governments. the most famous is NSO Group, an Israeli firm whose product Pegasus was used by governments worldwide to silently compromise iPhones and Android devices, including targeting journalists, activists, and political opponents. Amnesty International and Citizen Lab have forensically confirmed infections on real devices. this isn’t speculation; it’s documented in court filings and peer-reviewed technical research
the way it works is through what are called zero-days: software vulnerabilities that even the phone manufacturers don’t know about yet. these can be worth millions of dollars on the open market. governments and their contractors hoard them, sometimes for years, to maintain access capabilities. Apple and Google are constantly patching these when they discover them, which is why you see urgent security updates
so the ‘we can’t break into it’ statements from agencies like the FBI are more nuanced than they appear. what they often mean is they can’t break into it cheaply, at scale, without vendor cooperation, not that it’s impossible. they’re usually pushing for backdoors built into the software so they don’t have to rely on expensive zero-days or third-party vendors like Cellebrite
the problem is that any backdoor you build for the “good guys” is also a vulnerability that adversaries can find and exploit. security researchers largely agree you can’t have a backdoor only the right people can use, it doesn’t work that way technically
so your instinct is right. the public debate is somewhat theater. the real capabilities exist, they’re just expensive, targeted, and something governments don’t want to fully disclose because it would reveal sources and methods
To add to this, there’s the cost trade. To use one of these 0days as a resource means the result needs to be equal to or more than the cost of using this. If it cost my opponent $3 to cause a problem, and it costs me $6 to fix it, my opponent effectively profited off of that exchange. I can’t think of a single journalist since Watergate that could cost the government enough money to be worth paying for this kind of removal when it’s far cheaper to
have them murderedlet them die peacefully in their sleep from bullet inhalation. Not to mention that it shows their hand if they so it publicly and makes future targets harder to hit.You and I will never be worth the kind of money that currently takes, but if they get an official back door installed the cost goes down so far that it would literally never be a loss.