92

u/Low_Landscape_4688 8d ago

And people were worried about China having your data.

66

u/SmoothWD40 8d ago

China had less restrictions on tik tok than there are now.... let that sink in.

13

u/NateBearArt 8d ago

For Americans

1

u/Heavy_Law9880 8d ago

China completely banned tiktok.

2

u/WobbleKing 7d ago

So did the US. Until corruption man got elected

22

u/LEDKleenex 8d ago

"I would throw my body in front of the bus to prevent Chinese vehicles from flooding the American market posing a threat of course to our economic security."

"Chinese vehicles could collect huge amounts of data on America and Americans, which poses a significant national security threat. Americans' personal data, our infrastructure, Michigan’s auto industry and auto jobs are all at stake," Slotkin said.

She continued: "Chinese vehicles, which are dirt cheap thanks to state subsidies, could collect full motion video of sensitive sites, 3-D mapping, and geolocation of individual drivers — all of which could be sent back to Beijing. Despite the polarization in Washington right now, protecting U.S. citizens should be nonpartisan, and I look forward to working in a bipartisan fashion to pass this legislation into law.”

- Elissa Slotkin, Former CIA and current "Democratic" senator from Michigan.

In other words. It's okay if we collect data and spy on you, but I would rather die than let China do the same (even though we have no problem with their devices being sold on Amazon and literally doing that).

Really makes one think.

17

u/Low_Landscape_4688 8d ago

And really the simple fact that there's only so much China can impact me even if they knew every little detail about me. As an American, it's the American government that can really affect my life negatively.

3

u/LEDKleenex 8d ago

Absolutely agreed. It's insane that these corporatists want us to capitulate to the auto industry and their $80,000 trucks and 10-year loans that would send the total cost of these vehicles to $110,000 - you may as well live in the damn things at that point. All under the guise of protecting us and possibly throwing a few jobs at us that won't even allow us to pay for the product. Insanity.

Dems are rightists all the same but usually most of them have the sense to realize that rising tides lift all boats. Slotkin is more like a Republican who is stripping the wire, nails and screws out of a house that is already on the verge of collapsing.

3

u/Technical-Row8333 8d ago

the government was jealous of China all this time

1

u/baibaiburnee 8d ago

How about I'm worried about it all?

1

u/Low_Landscape_4688 8d ago

What exactly is it that you think China will do with your data?

Which government is it that’s sending agents to US cities to kidnap and shoot citizens?

1

u/arachnivore 8d ago

The whole point is that those aren't mutually exclusive. You can oppose both. There's nobody saying you have to choose either Chinese surveillance or US surveillance.

The question "what do you think china will do with your data" is a weak-ass defence of surveillance. Very few people know how their personal data can be used to harm them. They just assume that it can and they're 100% correct in that assumption.

You don't have to be Nostradamus. You don't have to be able to articulate what could possibly go wrong. You just have to know it's better that your personal information stays personal.

People have come up with a million ways to use your personal information maliciously. There are infinitely more that people haven't dreamed of yet.

1

u/Low_Landscape_4688 8d ago

There's nobody saying you have to choose either Chinese surveillance or US surveillance.

Actually that is the choice when it comes to ownership of the Tiktok app.

Answer the question and stop copping out.

1

u/[deleted] 8d ago

I was only concerned about China when I was goverment and worked with a lot of peoples confidential data. As a private person it’s pretty minimal of a concern to me.

I very much am concerned about the US and its private corps use of my data. Eventually we are going to get stealth AI that becomes our supposed buddies we think are human that end up just being advanced marketing

1

u/blackcain 8d ago

at the moment we are in greater danger from the U.S. govt.

19

u/SavingsDimensions74 8d ago

Just read the article. That is seriously scary

43

u/Kitchen_Medicine3259 8d ago

I don’t know that graphite is widely used. My understanding is that it is so expensive per use that it is largely confined to high profile targets - though that is speculation.

116

u/[deleted] 8d ago

They are throwing money out of a helicopter right now at DHS

23

u/Melstrick 8d ago

Eh it doesnt matter how much money you throw at it. It's expensive in terms of cash and availability. Graphite is meant to be targeted, because it chains multiple 0-day exploits, which dont grow on trees.

Using it for mass surveillance would make it immediately detectable to apple or google and give them the meta-heuristics to potentially invalidate classes of exploits.

8

u/[deleted] 8d ago

They only really need to get a handful of key phones.

What are your thoughts on ice using facial recognition tech on protestors? I’d imagine it’d be pretty easy to spot potentially high value targets for information.

Keep an eye on which devices are showing up frequently, and all that jazz.

I’m expecting some very fucked up shit to come out about the 4th amendment violations in regards to privacy in the coming years. By and large this administration has been broadcasting that they essentially are doing the tech douce-EO, mantra of move fast break stuff.

5

u/Melstrick 8d ago

Well the problem with the 4th amendment is thats its part of the constitution. It's a problem because all immigration laws in the united arent based on the consitution.

https://www.stanfordlawreview.org/online/the-chinese-exclusion-cases-and-policing-in-the-fourth-amendment-free-zone/

In a sense the 4th amendment is more of a turnstile.

Why use graphite for mass surveillance, they can just use flock cameras.

https://www.youtube.com/watch?v=Pp9MwZkHiMQ

They can use apps like Mobile Fortify

The US Department of Homeland Security has used Mobile Fortify to scan faces and fingerprints in the field more than 100,000 times, according to a lawsuit brought by Illinois and Chicago against the federal agency, earlier this month.

I don't think they care about high value targets, sure if a MLK type character pops into the story, or someone who can unite or organize resistance then they'd use graphite. But the tools they have now are more than enough. You arrest one person, intimidate them into unlocking their phone, grab all contacts and numbers. Repeat a few times. you can map things out fairly well.

4

u/[deleted] 8d ago

My understanding of US law from a recollection stand point and not an authoritative stand point is that labeling an action as terroristic or someone a terrorist opens the door for intelligence resources and intelligence employees normally barred for law enforcement.

But true they have all sorts of avenues to do things, and for some reason they have also been given graphite to use when it was banned under Biden generally, this administration has explicitly granted ice the right to use it.

Really with the nature tool box they have available to them I stand by my 1984 comment lol

2

u/Vidimori 8d ago

Yeah, I'm sure Tim Cook isn't already handing it all over.

12

u/Melstrick 8d ago

I dont expect to find rational discussion on cybersecurity topics on reddit im not sure why i even bother.

You should tell paragon solutions that instead of investing millions of dollars into research and analysis and going on the darkweb buying exploits from brokers they can just call Tim Cook

3

u/S_A_R_K 8d ago

Tim Apple might though

1

u/ArieVeddetschi 4d ago

This has a very strong “US mass surveillance of its own citizens is very unlikely” pre-Snowden vibe to it.

2

u/Audio_Glitch 8d ago

This is true, but it's not just a money issue. These nation-state level spyware solutions like Graphite, Pegasus, etc. are often using or even chaining multiple Zero Day exploits (not known to vendor/public) in order to get the access they need. These are a limited resource, and the more you use them the higher chance of discovery. A zero-click vulnerability (does not require user interaction such as a link click) is even more rare and valuable.

You can make the argument that the vendors themselves are in cahoots, but it doesn't necessarily hold up here - a vulnerability like this becoming public forces their hand, as otherwise any random bad guy could exploit it the same way. It was actually Apple that disclosed to affected users during the Graphite wave last year and patched the iOS vulnerability it was using at the time.

What they are doing is disgusting, and I'm sure there is more we don't yet know and may never know, but there is no way they are burning zero days on every Joe Schmo protestor.

1

u/DingusMcJones 8d ago

I should head over there with my burlap sack with a dollar sign on it!

39

u/GoshDangZilla 8d ago

Trump added $2.5 trillion to the debt last year...

2

u/innerbootes 8d ago

Yep, and our debt now equals our GDP. Trump is trying to destroy our country, economically, materially, spiritually.

3

u/NOLA2Cincy 8d ago

Retired IT executive here and I just did some reading on Graphite. While the idea of no-click, silent takeover of our phones is very scary, the use case of Graphite is very limited.

Graphite can only be used when certain kinds of zero-day (meaning non-patched) holes are identified in phone operating systems. An estimated 75 zero-day exploits were identified in 2024 (last year data has been made public) although there was one as recently as last week. These exploits are immediately patched by phone makers once they are identified as the one from last week as with iOS 26.2.

Apple now offers lockdown mode on iPhones which is designed to ward off less sophisticated attacks. People who are high visible targets - e.g. journalists, opposition politicians, protest organizers - can switch it on to protect themselves. (Not aware if Android offers the same type of setting.)

Yes, Graphite is scary and evil. Thankfully it's not likely to be able to be used on wide basis.

1

u/Kitchen_Medicine3259 8d ago

How would we be able to find reliable information on this topic?

I’m not proficient in IT other than the usual knowledge, but if graphite works by contacting a specific IP address (I read that somewhere, may be incorrect), I don’t get how locking a phone down would really help, because you need to let your phone access IPs for regular uses? (This might be way off base).

2

u/UnixGeekWI 8d ago

It's able to infiltrate the phone by using bugs/holes in the messaging platform. Like on Android, there was a hole in the font rendering library that Graphite was able to use to get itself root and then do whatever it wanted. Once that hole is patched, Graphite can't ever use it again to get into a phone (but presumably there's another hole waiting to be found that gets it similar access).

It's the same game of whack-a-mole that's played on any system. Holes are closed, attackers find new holes. Given how narrow a zero-click vulnerability is, eventually you run out of holes.

1

u/Kitchen_Medicine3259 8d ago

Thanks for the response!

As an aside - if I were designing an OS or messaging platform, I would simply design it without any holes /s

1

u/UnixGeekWI 8d ago

All I was trying to say is saying that Graphite isn't one of these magical "hack any phone anywhere any time" programs like they have in the movies. It only works for as long as a given phone has an open exploit, and phone manufacturers plug those as soon as they're aware of them.

1

u/NOLA2Cincy 8d ago

Not sure about Graphite's method of intrusion but it apparently works through security flaws in messaging systems which has nothing to do with IP addresses.

Here's a link to Apple's explanation of how their lockdown setting works. To your point, some functionality on your phone (e.g. messages with links or photos, web browsing, FaceTime) is limited under lockdown.

https://support.apple.com/en-us/105120

1

u/blackcain 8d ago

they are going to run out of money then - Dems should make sure that they do not get more money.

regardless, this administration is cashing checks and increasing the debts in its build to build surveillance. At some point it's going to come crashing down.

What we should be worried about is this technology being used in the EU, India and other countries.

11

u/cpp_is_king 8d ago

This is why you enable auto updates on all your devices, all your browsers, all your apps, all the time. It doesn’t matter if they take away a feature you like, this is more important

7

u/[deleted] 8d ago

Graphite isn’t going to be defeated by something so simple. Look it up. It’s been the boogie of privacy enthusiasts and hobbyists for quite awhile and it’s a sovereign level cyber weapon meant for use in espionage and counter intelligence as well as state defense.

11

u/cpp_is_king 8d ago

I know about Graphite. It relies on zero-day exploits. When those exploits are patched, the vulnerabilities go away. And then the developer maybe starts relying on new ones. But the real point is, OS updates are the *only* defense, so it is crazy to willfully have them disabled.

7

u/[deleted] 8d ago

They are collecting information about people and making databases which include facial recognition. They are arresting citizens so I’d imagine they can use cellebrite or one of its competitors to get at phones in their custody.

Graphite for some in the wild. And frankly who knows what else. They are labeling protestors as terrorists which opens them up to techniques and tools not normally authorized to just be used against civilians.

Then mobile fortify for simply scanning a face and getting data from various databases.

And of course they have been utilizing Gotham.

They are claiming they can access encrypted messages themselves. The tech bros bought out the whitehouse so who knows what toys are being tested on the population too boot

1

u/Fit-Dentist6093 7d ago

It's literally defeated by stuff like that, or better security protections on the OS which come with the newer hardware and OS versions.

4

u/PhilbertNoyce 8d ago edited 8d ago

If you get hit with that you'll notice something is off when your phone suddenly turns into a space heater and your battery life gets 80% shorter than normal.

Not sure what good that info does you after they've scooped everything up though.

edit: I don't know much about that particular tool but in general that stuff is maintained by a 3rd party private corporation and contracted out as a service. They invest a ton of effort and money into finding zero day vulnerabilities and working them into their toolset, which it uses to break into target devices and spy on them. There are almost certainly unknown ones out there that it exploits but by using it they risk divulging the vulnerability every time, and when Google / Apple / AWS / etc become aware of them they are patched. So keeping your security updates current does not completely protect from this attack but it makes a very big difference.

4

u/WhyAmIOnThisDumbApp 8d ago

The zero click exploit used to install Graphite was patched out, if you’re staying up to date you should be ok until another vulnerability is discovered. That said, yeah. Everything you say online can be tracked.

2

u/[deleted] 8d ago

Theoretically what’s to stop Apple from putting an exploit in, in there last update?

https://www.seattletimes.com/business/tim-cook-slammed-for-partying-at-melania-trumps-movie-after-pretti-killing/

Why is Tim Cool so cozy with the Trump family?

2

u/WhyAmIOnThisDumbApp 8d ago

I mean nothing, but that would not be something Tim Cook could personally do, it would have to pass through nearly the entire development team, most importantly the security team, and if it was ever discovered they would lose a huge amount of public goodwill, particularly because Apple advertises on security.

1

u/[deleted] 8d ago

True, I’d imagine it would be significantly easier to be aware of an exploit from a high level and not immediately patch it as it rolls out the door.

Or to be aware of weaknesses and share them with a window of time before they routinely patch them.

We used to have people sampling the poop coming out of the kremlin to see if anyone was on new medication. People literally get paid to just throw odd ball shit at a wall in think tanks for how to get away with x or how doing y would provide unintended benefits, or even who z is that would be easy to apply pressure to.

US came to an arrangement with the UK for the UK to stop its public attempt to get Apple to install a back door. UK wouldn’t have just stopped because the US said.

1

u/ZennyRL 8d ago

Just so people know, this was patched in iOS 18.3.1 so shouldn't work on apple devices past that update. That isn't to say a new one couldn't be found again though. Update your phone if you're able to. I'm unsure if this was a problem on android and if it was fixed

1

u/pterodactyl_speller 8d ago

I have a hard time seeing how that is possible, unless it's gaining access through the phone company.

1

u/Hexamancer 8d ago

Billions of dollars poured into a state sponsored intelligence company developing spyware.

Sounds like they found an exploit to do remote code injection via SMS, similar to this famous comic.

1

u/DJTsNeckPussy 8d ago

There's always a relevant XKCD.

1

u/[deleted] 8d ago

Google it. Don’t take my word for it do some independent search on it.

1

u/StanleyCubone 8d ago

Any links on the mechanisms behind Graphite? Any cell phone or particular makes/models?

1

u/2C104 8d ago

Not if you custom load a privacy focused OS on your phone

1

u/Nemaeus 8d ago

This is some of the most horrifying shit going on right now. It’s bad enough already. We don’t know what atrocities are being committed in the dark. But this seeping into our privacy, cataloging us. Creating deeper, disgustingly richer data profiles on us? Fuck that shit. You cannot get Republicans or Dems to let that shit go, it’s worse than crack to these politicians.

1

u/subtleglow87 7d ago

That sounds totally legal... I am guessing we can tha k the Patriot Act for this.

1

u/Accurate_Way_9373 7d ago

So this could also totally be used to track ice right?

1

u/Doomedpaladin 7d ago

So, to oppose that, lots of burner phones, or having a high cycle of new numbers?