Big Tech’s big spyware fight
Photo: Amir Levy/Getty Images

Big Tech’s big spyware fight

Source Code

Good morning! This Wednesday, the global tech industry is taking on spyware, Epic bought the maker of Guitar Hero, ConstitutionDAO is dead, and a smart oven might be here to save Thanksgiving.

Also, we're off for the rest of the week, as the Protocol team takes a few days to celebrate Thanksgiving and be with loved ones. We hope you get to do the same! If you're looking for something to read between courses, check out our Shopping Week series on all the ways tech is changing how we buy and sell.

Have a great long weekend, and we'll see you here on Monday morning.

Taking down Pegasus

NSO Group is more than a decade old, and has been under scrutiny for at least the last several years. But now it looks increasingly like the pressure on the Israel-based company may be too much to overcome.

Apple sued NSO yesterday, alleging that the company uses state-sponsored spyware and surveillance tech to spy on iPhone users. Its Pegasus software is the most prominent example. "State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," Apple's Craig Federighi said in a statement. "That needs to change."

  • Quick background: Pegasus allows users to access basically everything on a target's phone, including the camera and microphone. It works on both iPhones and Android devices, and researchers have found it can be used without targets ever noticing. Here's a good rundown of how it works.
  • Apple's allegation names a specific NSO exploit Apple later named FORCEDENTRY, which Apple said was used to "attack a small number of Apple users worldwide with dangerous malware and spyware" by installing Pegasus on the device. Apple wants to ban NSO Group from using Apple services or devices, which would pretty seriously crush NSO's business.
  • Here's a weird wrinkle: Apple says that it can sue NSO, even though it's an Israeli company, because NSO staff agreed to iCloud's terms and conditions and therefore it's a California case.

And Apple's not the only one taking on NSO. WhatsApp sued NSO in 2019 for allegedly using Pegasus to hack its users. Here's how Will Cathcart described the exploit at the time: "A user would receive what appeared to be a video call, but this was not a normal call. After the phone rang, the attacker secretly transmitted malicious code in an effort to infect the victim's phone with spyware. The person did not even have to answer the call."

NSO isn't some fly-by-night hacker exploiting people for bitcoin and lulz. It's a well-known company with significant resources and high-level connections. It was even planning to IPO, though that seems … unlikely now. The tech is not a secret, but how it's used often has been; NSO says it works with governments to stop terrorists, but it has allegedly also been used to track journalists, human rights activists and politicians.

This is really a Rorschach test for privacy: Is it more important to keep users and their data private, or to give governments and law enforcement tools to stop bad guys in an increasingly digital, increasingly encrypted world?

  • Apple and other tech companies have taken an increasingly hard line in favor of user privacy. "In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place," Apple's Ivan Krstić said.
  • But whether it's messaging encryption or child sexual abuse material, there are many who think that safety and criminal concerns can sometimes outweigh users' rights to privacy. For them, Pegasus and similar tools can be crucial and useful.
  • "Pedophiles and terrorists can freely operate in technological safe-havens," NSO said in a statement, "and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth."
  • But even that raises questions about what counts as valid uses of the technology, how disclosure should be handled, and who's really in control of someone's digital life. And we haven't really sorted any of that out yet.

This story is far from over. NSO now has some seriously powerful opposition, and this may quickly become a global reckoning over state-sponsored hacking and all the ways governments, tech companies and users interact. This stuff is complicated, and it was always going to need a high-profile test case. NSO may be it.

— David Pierce (email | twitter)


Happy National Gratitude Month! Saying thank you isn't just reserved for Thanksgiving - in fact, showing gratitude in the workplace builds culture and leads to people finding meaning and purpose in their work. To learn more about operationalizing gratitude on a daily basis, click the link below, and make sure you say thank you to a colleague today!

Learn more

People are talking

Nintendo's Doug Bowser said he's among those who are concerned about what's happening at Activision Blizzard:

  • "I find these accounts distressing and disturbing. They run counter to my values as well as Nintendo's beliefs, values and policies."

Here's what Jeff Bezos said when he offered Andy Jassy the job as Amazon CEO, according to Jassy:

  • "I'm contemplating stepping away from the CEO role at Amazon. I'm happy to keep doing the role, but I'll only stop doing it if you're excited about being the next CEO and my successor."

The IMF is pretty worried about the whole "El Salvador is trying to make bitcoin a national currency" thing:

  • "Key downside risks stem from a resurgence of the pandemic worldwide, further increases in borrowing costs due to the tightening of financial conditions, and unaddressed regulatory and supervisory gaps related to the use of Bitcoin."

Lush is bailing on Facebook, Snapchat and TikTok, and the beauty company's Chief Digital Officer Jack Constantine said it won't be back without better moderation:

  • "When it gets to a point that our customers' well-being is being put in jeopardy because of the channels on which we are trying to connect with them, then something doesn't sit right for us."

Waiting for that Stripe IPO? Don't hold your breath, John Collison said:

  • "We're very happy as a private company."

Making moves

Epic bought Harmonix. Harmonix will continue to work on Rock Band and its other games, but will also work on "musical journeys and gameplay for Fortnite." Guitar Hero in the metaverse, anybody?

Regal Cinemas will start accepting crypto. It's following AMC's lead, after AMC became a meme stock and a massive success by leaning into the crypto chaos of 2021.

Reddit is killing Dubsmash. After buying the company last year, and integrating a lot of its tech into Reddit, the app will stop working in February. Next up: Reddit takes on TikTok?

Michael Strahan is Blue Origin's next celebrity astronaut. He'll be one of six people heading to space Dec. 9, along with Voyager Space's Dylan Taylor, a couple of investors, and Laura Shepard Churchley (a daughter of Alan Shepard, the first American in space).

In other news

Russia told Big Tech to open offices or get out. Any foreign social media company with more than 500,000 users will have to have official presence in the country or face restrictions and bans. The deadline is the end of the year.

Elizabeth Holmes admitted she made mistakes. Sort of. She acknowledged adding Pfizer and Schering-Plough logos to a report without authorization, and said she wished she hadn't, but mostly chalked it up to a misunderstanding.

India may be cracking down on crypto. The government is reportedly planning to announce a new bill that would only allow certain crypto under certain conditions, as it continues to work on the government-backed currency that's coming next month.

Italy slapped Amazon and Apple with fines. Authorities imposed $225 million on the two companies following an investigation about collusion and price fixing regarding Beats headphones.

Apple's digital ID plans are delayed. The company is now saying the feature won't roll out until at least early next year.

An ex-PlayStation employee is suingthe company, alleging gender discrimination and wrongful termination. She hopes to turn her case into a class-action lawsuit.

Some Google employees are fighting the vaccine mandate. Hundreds of employees signed a manifesto opposing a rule that requires them to be vaccinated or regularly tested by Jan. 4.

Niantic's new game lets you earn bitcoin. It's called Fold AR, and it's kind of like if you combined Pokemon Go with r/WallStreetBets and a heaping spoonful of the meme economy. Because, you know, why not?

ConstitutionDAO is over, less than a week after raising more than $40 million to buy the U.S. Constitution and losing to Citadel CEO Ken Griffin. Issuing refunds and starting new projects launched the group into chaos over the weekend, and organizers now say that "this project has run its course."

All turkey, no stress?

Is Thanksgiving 2021 the holiday of the smart oven? Is this the year when, finally, you can stop spending your entire day babysitting your turkey because you know that the second you walk away it will immediately go from "basically still frozen" to "so overcooked nobody can eat it and your family will hold it against you forever"? GE sure hopes so. If you're one of the half-million people with a GE smart oven, there's a new Turkey Mode that supposedly has you covered. But that, of course, requires connecting your oven to the internet, and bearing all the high-stakes downsides that could come with it.

Some cooks told us smart ovens are vastly overrated in their automated abilities; others told us they're the beginning of something interesting and important. Either way, this all prompts an important question: What would you give to ditch the kitchen on Thanksgiving? And is it really a family meal if a robot cooked it? And, maybe most importantly, are you ready for all the political discussions you'll suddenly have time for? Wonder if GE has anything for that.


Happy National Gratitude Month! Saying thank you isn't just reserved for Thanksgiving - in fact, showing gratitude in the workplace builds culture and leads to people finding meaning and purpose in their work. To learn more about operationalizing gratitude on a daily basis, click the link below, and make sure you say thank you to a colleague today!

Learn more

Thoughts, questions, tips? Send them to, or our tips line, Enjoy your week, see you Monday.

Recent Issues

The best of Protocol

The confessions of SBF

Your holiday book list

A tale of two FTXs