The Electronic Frontier Foundation’s Director of Activism Jason Kelley said Insanet’s use of advertising technology to infect devices and spy on clients’ targets makes it especially worrisome. Dodgy online ads don’t just provide a potential vehicle for delivering malware, such as via carefully crafted images or JavaScript in the ads that exploit vulnerabilities in browsers and OSes, they can be used to go after specific groups of people – such as those who are interested in open-source code, or who frequently travel to Asia – that someone might be interested in snooping on.
“This method of surveillance and targeting uses commercially available data that’s very difficult to erase from the internet,” Kelley told The Register. “Most people have no idea how much of their information has been compiled or shared by data brokers and ad tech companies, and have little ability to erase it.”
It’s an interesting twist. Sherlock seems designed to use legal data collection and digital advertising technologies — beloved by Big Tech and online media — to target people for government-level espionage.
“Since these ads are being served using known advertisement networks, anti-adware technologies such as not loading JavaScript, using ad blockers or privacy-aware browsers, and not clicking on advertisements should act as a guardrail against this attack,” Dani suggested.
I suppose this gives additional impetus for many wanting to block ads… But if this one was previously secret, how many more are there that no-one knows about? Supposedly, the Wester will use this to spy on the East? We actually don’t know what the East already has, because for some unknown reason we are always discovering what the West is up to in regard to alleged spying (even on their own allies). And as we saw this month, data privacy laws mean absolutely nothing to some major Western powers, as they just get a 3rd party country to do the spying on their behalf, and then pass the data back, or they buy the data from Facebook.
More and more, reading all of this, I can see why so many private citizens are insisting on having E2EE without any backdoors. Unfortunately, a citizen can no longer just trust their own government, and it is mostly lip service that is paid to privacy laws. So laws and political assurances mean very little in reality.