SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
digital rights
'Intellexa Leaks' Reveal Wider Reach of Predator Spyware
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
Dec 04, 2025
Highly invasive spyware from consortium led by a former senior Israeli intelligence official and sanctioned by the US government is still being used to target people in multiple countries, a joint investigation published Thursday revealed.
Inside Story in Greece, Haaretz in Israel, Swiss-based WAV Research Collective, and Amnesty International collaborated on the investigation into Intellexa Consortium, maker of Predator commercial spyware. The "Intellexa Leaks" show that clients in Pakistan—and likely also in other countries—are using Predator to spy on people, including a featured Pakistani human rights lawyer.
“This investigation provides one of the clearest and most damning views yet into Intellexa’s internal operations and technology," said Amnesty International Security Lab technologist Jurre van Bergen.
🚨Intellexa Leaks:"Among the most startling findings is evidence that—at the time of the leaked training videos—Intellexa retained the capability to remotely access Predator customer systems, even those physically located on the premises of its govt customers."securitylab.amnesty.org/latest/2025/...
[image or embed]
— Vas Panagiotopoulos (@vaspanagiotopoulos.com) December 3, 2025 at 9:07 PM
Predator works by sending malicious links to a targeted phone or other hardware. When the victim clicks the link, the spyware infects and provide access to the targeted device, including its encrypted instant messages on applications such as Signal and WhatsApp, as well as stored passwords, emails, contact lists, call logs, microphones, audio recordings, and more. The spyware then uploads gleaned data to a Predator back-end server.
The new investigation also revealed that in addition to the aforementioned "one-click" attacks, Intellexa has developed "zero-click" capabilities in which devices are infected via malicious advertising.
In March 2024, the US Treasury Department sanctioned two people and five entities associated with Intellexa for their alleged role "in developing, operating, and distributing commercial spyware technology used to target Americans, including US government officials, journalists, and policy experts."
"The proliferation of commercial spyware poses distinct and growing security risks to the United States and has been misused by foreign actors to enable human rights abuses and the targeting of dissidents around the world for repression and reprisal," the department said at the time.
Those sanctioned include Intellexa, its founder Tal Jonathan Dilian—a former chief commander of the Israel Defense Forces' top-secret Technological Unit—his wife and business partner Sara Aleksandra Fayssal Hamou; and three companies within the Intellexa Consortium based in North Macedonia, Hungary, and Ireland.
In September 2024, Treasury sanctioned five more people and one more entity associated with the Intellexa Consortium, including Felix Bitzios, owner of an Intellexa consortium company accused of selling Predator to an unnamed foreign government, for alleged activities likely posing "a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."
The Intellexa Leaks reveal that new consortium employees were trained using a video demonstrating Predator capabilities on live clients. raising serious questions regarding clients' understanding of or consent to such access.
"The fact that, at least in some cases, Intellexa appears to have retained the capability to remotely access Predator customer logs—allowing company staff to see details of surveillance operations and targeted individuals raises questions about its own human rights due diligence processes," said van Bergen.
"If a mercenary spyware company is found to be directly involved in the operation of its product, then by human rights standards, it could potentially leave them open to claims of liability in cases of misuse and if any human rights abuses are caused by the use of spyware," he added.
Dilian, Hamou, Bitzios, and Giannis Lavranos—whose company Krikel purchased Predator spyware—are currently on trial in Greece for allegedly violating the privacy of Greek journalist Thanasis Koukakis and Artemis Seaford, a Greek-American woman who worked for tech giant Meta. Dilian denies any wrongdoing or involvement in the case.
Earlier this week, former Intellexa pre-sale engineer Panagiotis Koutsios testified about traveling to countries including Colombia, Kazakhstan, Kenya, Mexico, Mongolia, the United Kingdom, and Uzbekistan, where he pitched Predator to public, intelligence, and state security agencies.
The new joint investigation follows Amnesty International's "Predator Files," a 2023 report detailing "how a suite of highly invasive surveillance technologies supplied by the Intellexa alliance is being sold and transferred around the world with impunity."
The Predator case has drawn comparisons with Pegasus, the zero-click spyware made by the Israeli firm NSO Group that has been used by governments, spy agencies, and others to invade the privacy of targeted world leaders, political opponents, dissidents, journalists, and others.
Keep ReadingShow Less
How Surveillance Quietly Moved Into Your Social Media and What To Do About It
The public must be vigilant about those who claim vigilance as a mandate without bounds. A republic cannot outsource its conscience to machines and contractors.
Oct 11, 2025
The feed has eyes. What you share to stay connected now feeds one of the world’s largest surveillance machines. This isn’t paranoia, it’s policy. You do not need to speak to be seen. Every word you read, every post you linger on, every silence you leave behind is measured and stored. The watchers need no warrant—only your attention.
Each post, like, and photograph you share enters a room you cannot see. The visible audience, friends and followers, is only the front row. Behind them sit analysts, contractors, and automated systems that harvest words at scale. Over the last decade, the federal security apparatus has turned public social media into a continuous stream of open-source intelligence. What began as episodic checks for imminent threats matured into standing watch floors, shared databases, and automated scoring systems that never sleep. The rationale is familiar: national security, fraud prevention, situational awareness. The reality is starker: Everyday conversation now runs through a mesh of government and corporate surveillance that treats public speech, and the behavior around it, as raw material.
You do not need to speak to be seen. The act of being online is enough. Every scroll, pause, and click is recorded, analyzed, and translated into behavioral data. Algorithms study not only what we share but what we read and ignore, and how long our eyes linger. Silence becomes signal, and absence becomes information. The watchers often need no warrant for public content or purchased metadata, only your connection. In this architecture of observation, even passivity is participation.
This did not happen all at once. It arrived through privacy impact assessments, procurement notices, and contracts that layered capability upon capability. The Department of Homeland Security (DHS) built watch centers to monitor incidents. Immigration and Customs Enforcement folded social content into investigative suites that already pull from commercial dossiers. Customs and Border Protection (CBP) linked open posts to location data bought from brokers. The FBI refined its triage flows for threats flagged by platforms. The Department of Defense and the National Security Agency fused foreign collection and information operations with real-time analytics.
Little of this resembles a traditional wiretap, yet the effect is broader because the systems harvest not just speech but the measurable traces of attention. Most of it rests on the claim that publicly available information is fair game. The law has not caught up with the scale or speed of the tools. The culture has not caught up either.
From Watchfulness to Watchlists
The next turn of the wheel is underway. Immigration and Customs Enforcement plans two round-the-clock social media hubs, one in Vermont and one in California, staffed by private contractors for continuous scanning and rapid referral to Enforcement and Removal Operations. The target turnaround for urgent leads is 30 minutes. That is not investigation after suspicion. That is suspicion manufactured at industrial speed. The new programs remain at the request-for-information stage, yet align with an unmistakable trend. Surveillance shifts from ad hoc to ambient, from a hand search to machine triage, from situational awareness to an enforcement pipeline that links a post to a doorstep.
The line between looking and profiling thins because the input is no longer just what we say but what our attention patterns imply.
Artificial intelligence makes the expansion feel inevitable. Algorithms digest millions of posts per hour. They perform sentiment analysis, entity extraction, facial matching, and network mapping. They learn from the telemetry that follows a user: time on page, scroll depth, replay of a clip, the cadence of a feed. They correlate a pseudonymous handle with a résumé, a family photo, and a travel record. Data brokers fill in addresses, vehicles, and associates. What once took weeks now takes minutes. Scale is the selling point. It is also the danger. Misclassification travels as fast as truth, and error at scale becomes a kind of policy.
George Orwell warned that “to see what is in front of one’s nose needs a constant struggle.” The struggle today is to see how platform design, optimized for engagement, creates the very data that fuels surveillance. Engagement generates signals, signals invite monitoring, and monitoring, once normalized, reshapes speech and behavior. A feed that measures both speech and engagement patterns maps our concerns as readily as our views.
The Circle Tightens
Defenders of the current model say agencies only view public content. That reassurance misses the point. Public is not the same as harmless. Aggregation transforms meaning. When the government buys location histories from data brokers, then overlays them with social content, it tracks lives without ever crossing a courthouse threshold. CBP has done so with products like Venntel and Babel Street, as documented in privacy assessments and Freedom of Information Act releases. A phone that appears at a protest can be matched to a home, a workplace, a network of friends, and an online persona that vents frustration in a late-night post. Add behavioral traces from passive use, where someone lingers and what they never click, and the portrait grows intimate enough to feel like surveillance inside the mind.
The FBI’s posture has evolved as well, particularly after January 6. Government Accountability Office reviews describe changes to how the bureau receives and acts on platform tips, along with persistent questions about the balance between public safety and overreach. The lesson is not that monitoring never helps. The lesson is that systems built for crisis have a way of becoming permanent, especially when they are fed by constant behavioral data that never stops arriving. Permanence demands stronger rules than we currently have.
Meanwhile, the DHS Privacy Office continues to publish assessments for publicly available social media monitoring and situational awareness. These documents describe scope and mitigations, and they reveal how far the concept has stretched. As geospatial, behavioral, and predictive analytics enter the toolkit, awareness becomes analysis, and analysis becomes anticipation. The line between looking and profiling thins because the input is no longer just what we say but what our attention patterns imply.
Speech Under Glass
The First Amendment restrains the state from punishing lawful speech. It does not prevent the state from watching speech at scale, nor does it account for the scoring of attention. That gap produces a chilling effect that is hard to measure yet easy to feel. People who believe they are watched temper their words and their reading. They avoid organizing, and they avoid reading what might be misunderstood. This is not melodrama. It is basic social psychology. Those who already live closer to the line feel the pressure first: immigrants, religious and ethnic minorities, journalists, activists. Because enforcement databases are not neutral, they reproduce historical biases unless aggressively corrected.
Error is not theoretical. Facial recognition has misidentified innocent people. Network analysis has flagged friends and relatives who shared nothing but proximity. A meme or a lyric, stripped of context, can be scored as a threat. Behavioral profiles amplify risk because passivity can be interpreted as intent when reduced to metrics. The human fail-safe does not always work because human judgment is shaped by the authority of data. When an algorithm says possible risk, the cost of ignoring it feels higher than the cost of quietly adding a name to a file. What begins as prudence ends as normalization. What begins as a passive trace ends as a profile.
The Law Lags, The Machine Leads
Fourth Amendment doctrine still leans on the idea that what we expose to the public is unprotected. That formulation collapses when the observer is a system that never forgets and draws inferences from attention as well as expression. Carpenter v. United States recognized a version of this problem for cell-site records, yet the holding has not been extended to the government purchase of similar data from brokers or to the bulk ingestion of content that individuals intend for limited audiences. First Amendment jurisprudence condemns overt retaliation against speakers. It has little to say about surveillance programs that corrode participation, including the act of reading, without ever bringing a case to court. Due process requires notice and an opportunity to contest. There is no notice when the flag is silent and the consequences are dispersed across a dozen small harms, each one deniable. There is no docket for the weight assigned to your pauses.
Wendell Phillips wrote, “Eternal vigilance is the price of liberty.” The line is often used to defend surveillance. It reads differently from the other side of the glass. The public must be vigilant about those who claim vigilance as a mandate without bounds. A republic cannot outsource its conscience to machines and contractors.
Do Not Stand Still
You cannot solve a policy failure with personal hygiene, but you can buy time. Treat every post as a public record that might be copied, scraped, and stored. Remove precise locations from images. Turn off facial tagging and minimize connections between accounts. Separate roles. If you organize, separate that work from family and professional identities with different emails, phone numbers, and sign ins. Use two-factor authentication everywhere. Prefer end-to-end encrypted tools like Signal for sensitive conversations. Scrub photo metadata before upload. Search your own name and handles in a private browser, then request removal from data-broker sites. Build a small circle that helps one another keep settings tight and recognize phishing and social engineering. These habits are not retreat. They are discipline.
The right to be unobserved is not a luxury. It is the quiet foundation of every other liberty.
Adopt the same care for reading as for posting. Log out when you can, block third-party trackers, limit platform time, and assume that dwell time and scroll depth are being recorded. Adjust feed settings to avoid autoplay and personalized tracking where possible. Use privacy-respecting browsers and extensions that reduce passive telemetry. Small frictions slow the flow of behavioral data that feeds automated suspicion.
Push outward as well. Read the transparency reports that platforms publish. They reveal how often governments request data and how often companies comply. Support groups that litigate and legislate for restraint, including the Electronic Frontier Foundation, the Brennan Center for Justice, and the Center for Democracy and Technology. Demand specific reforms: warrant requirements for government purchase of location and browsing data, public inventories of social media monitoring contracts and tools, independent audits of watch centers with accuracy and bias metrics, and accessible avenues for redress when the system gets it wrong. Insist on disclosure of passive telemetry collection and retention, not only subpoenas for content.
Reclaim the Public Square
The digital commons was built on a promise of connection. Surveillance bends that commons toward control. It does so quietly, through dashboards and metrics that reward extraction of both speech and attention. The remedy begins with naming what has happened, then insisting that the rules match the power of the tools. A healthy public sphere allows risk. It tolerates anger and error. It places human judgment above automated suspicion. It restores the burden of proof to the state. It recognizes that attention is speech by another name, and that freedom requires privacy in attention as well as privacy in voice.
You do not need to disappear to stay free. You need clarity, patience, and a stubborn loyalty to truth in a time that rewards distraction. The watchers will say the threat leaves no choice, that vigilance demands vision turned outward. History says freedom depends on the courage to look inward first. The digital world was built as a commons, a place to connect and create, yet it is becoming a hall of mirrors where every glance becomes a record and every silence a signal. Freedom will not survive by accident. It must be practiced—one mindful post, one untracked thought, one refusal to mistake visibility for worth. The right to be unobserved is not a luxury. It is the quiet foundation of every other liberty. Guard even the silence, for in the end it may be the only voice that still belongs to you.
Keep ReadingShow Less
'Major Blow to Freedom of Expression': US Supreme Court Upholds TikTok Ban
One ACLU campaigner blasted the justices for "giving the executive branch unprecedented power to silence speech it doesn't like."
Jan 17, 2025
The United States Supreme Court on Friday unanimously upheld a federal law banning TikTok if its Chinese parent company does not sell the popular social media app by Sunday.
The justices ruled in TikTok v. Garland, an unsigned opinion, that "Congress has determined that divestiture is necessary to address its well-supported national security concerns regarding TikTok's data collection practices and relationship with a foreign adversary."
"The problem appears real and the response to it not unconstitutional," the high court wrote. "Speaking with and in favor of a foreign adversary is one thing. Allowing a foreign adversary to spy on Americans is another."
President Joe Bidensigned legislation last April forcing ByteDance, which owns TikTok, to sell the app to a non-Chinese company within a year or face a nationwide ban. Proponents of the ban cited national security concerns, while digital rights and free speech defenders condemned the law.
Approximately 170 million Americans use TikTok, which is especially popular with younger people and small-to-medium-sized businesses, and contributes tens of billions of dollars to the U.S. economy annually.
The ACLU—which this week called TikTok v. Garland "one of the most important First Amendment cases of our time"—condemned Friday's decision as "a major blow to freedom of expression online."
"The Supreme Court's ruling is incredibly disappointing, allowing the government to shut down an entire platform and the free speech rights of so many based on fear-mongering and speculation," ACLU National Security Project deputy director Patrick Toomey said in a statement.
"By refusing to block this ban, the Supreme Court is giving the executive branch unprecedented power to silence speech it doesn't like, increasing the danger that sweeping invocations of 'national security' will trump our constitutional rights," Toomey added.
The digital rights group Electronic Frontier Foundation (EFF) said in response to Friday's ruling, "We are deeply disappointed that the court failed to require the strict First Amendment scrutiny required in a case like this, which would've led to the inescapable conclusion that the government's desire to prevent potential future harm had to be rejected as infringing millions of Americans' constitutionally protected free speech."
"We are disappointed to see the court sweep past the undisputed content-based justification for the law—to control what speech Americans see and share with each other—and rule only based on the shaky data privacy concerns," EFF added.
The Biden administrationsaid Friday that it would leave enforcement of any ban up to the incoming Trump administration.
The Washington Post reported Thursday that Republican U.S President-elect Donald Trump, who is set to take office next week, is weighing an executive order to suspend enforcement of the ban for 60-90 days.
U.S. Sen. Ed Markey (D-Mass.), who earlier this week introduced a bill to delay ByteDance's sale deadline until October, said Friday: "I am deeply disappointed by the Supreme Court's decision to uphold the TikTok ban. I am not done fighting to pass my 270-day extension. We need more time."
Keep ReadingShow Less
Most Popular