Etienne's Website

5 Years Against Tech Abuse

Wed, 17 Dec 2025 20:00:00 +0000

Note: these are my personal thoughts about a collective work over several years that continues without me, so it only represents my subjective views and not Echap or other Echap members’ view or opinions. This article openly talks about intimate partner violence and tech abuse.

Six years ago, we gathered with a few friends after a tech conference and talked once again about the fact that some forms of digital surveillance and tech abuse were rarely addressed in hacker and tech activist circles. While state and corporate surveillance have been at the center of discussions for a long time, it took years of online harassment against women and LGBTQI+ people to start seeing a few discussions about these issues in tech activist groups. Don’t get me wrong, state and corporate surveillances are legitimate issues that deserve research, reporting and actions against them. But some other tech-enabled social issues are also worthy of consideration and action. Three out of five young activists face online harassment for posting about human rights, in France 82% of women survivors of intimate-partner violence have faced online harassment, 93% of them have faced some form of online control.

2025 - Week 50

Wed, 17 Dec 2025 12:52:42 +0200

What happened in the world

The US government has published a new National Security Strategy that espouses the racist great replacement theory and supports European far-right parties.
The Burkina Faso Junta has restored the death penalty
U.S. authorities announced that they plan to look at the past five year history of social media for foreign tourists.
Amnesty International has published a report on the October 7th attacks concluding that the Hamas and other Palestinian armed groups conducted war crimes and crimes against humanity.
Clashes between Thailand and Cambodia continue.
The Bulgarian government has resigned after mass anti-corruption protests.
The atrocities continue in Sudan with thousands kept hostage for ransom by the Rapid Support Forces

Technology - for good and for bad

Several women have raised suspicions of sexist bias in the LinkedIn algorithm. While the company indicated that their algorithm doesn’t use demographic information, there are clear risks of unconscious biases in the criteria the algorithm uses (and as usual such biases are very challenging to measure).
Jamal Kashoggi’s wife, Hanan Elatr, filed a legal complaint in France for the compromise of her smartphone with Pegasus.
One of the most shocking reads of the week was clearly the publication of this testimony of Michael Geoffrey Asia, who was hired as chat moderator and actually played fake personas having intimate or even sexual conversations for unknown platforms.
Australia has banned access to social media apps for children below 16
“Age Verification Is Locking Trans People Out of the Internet”.
Amazon’s Ring rolled out facial recognition in their product.
In its latest Adversarial Threat Report, Meta has attributed a long-going disinformation operation to the Iranian International Union of Virtual Media. I crossed paths with this operation in 2018/2019 when we published the Endless Mayfly report with the Citizen Lab. This attribution doesn’t surprise me; at that time, we looked at media republishing fake content published by the network and found 57 articles by IUVM Press that linked to fake websites from the operation (such as this one, a number way too high to be a coincidence.
Let’s Encrypt is already 10 years old, and they published a retrospective of their past 10 years of work.
This depressing article is coming back on the fight against disinformation and how institutions playing this role are being dismantled.
The US military has deployed a generative AI platform called GenAI.mil based on Google Gemini.
Wired published a good article on doxers impersonating cops to get private data from tech companies.

Digital investigations:

Amnesty Algorithmic Accountability Lab published a really interesting Algorithmic Accountability Toolkit to encourage other NGOs and journalists to investigate algorithmic systems.
An interesting article by Witness: AI is undermining OSINT’s core assumptions. Here’s how journalists should adapt.

What I did

I had a refresher day on trauma first aid, I honestly feel everyone should have a refresher every 2/3 years.
I attended a Bellingcat training session on flight tracking, and it was great!

Silhouette of Airplane Under Cloudy Sky by Nur Andi Ravsanjani Gusma

Reading & listening

Zack Whittaker wrote about his work covering stalkerware and related abuse.
I discovered that Kenyans have a very classic English writing training in schools and as such their writing is often flagged as being AI generated. Marcus Olang describes what makes Kenyan writing specific. Someone indicated to me that it was also because of the important number of Kenyan workers used to train AI, but I haven’t been able to confirm the correlation between both (I am definitely interested if someone knows more about that).

This week in music

I loved the 2023 album Atlas by Laurel Halo.

2025 - Week 48 & 49

Sat, 13 Dec 2025 12:52:42 +0200

There is a lot going on these days, so here are my notes for both weeks 48 & 49.

What happened in the world

The situation is still horrible in Palestine, Amnesty International said that Israel is still committing genocide in Gaza, this Forensic Architecture visualization shows the current situation with the new yellow line in the middle of the Gaza Strip. In the meantime, Israeli soldiers killed two Palestinians after they surrendered (be careful, the video shown on social media and most articles is hard to watch).
Amnesty International has published two important reports on anti-union abuse in the garment industry.
The situation continues to get worse in Tunisia, with the arrest of opposition figure in a widening crackdown.

Technology - for good and for bad

Reporters Without Borders was targeted by the Russian state-sponsored group Calisto in a phishing campaign.
A new series of publications about the Predator spyware provided more details on the infection techniques, corporate structure and identified potential customers in Bostwana, Pakistan and Philippines, see the articles from Amnesty International, Haaretz, Google and Recorded Future.
Apple and Google sent a new round of cyber threat notifications to users around the world.
X added a new feature showing locations of accounts without details on how this location is estimated. Quickly, this has exposed unexpected locations for major US political accounts but it is also a danger for people whose safety depends on their anonymity.
An interesting open letter by many cybersecurity professionals on outdated digital security advices (such as changing passwords regularly). While I like the idea and the debate, I feel some advices lacked nuances on threat scenarios and privacy questions.
The European Commission fined X 120 million euros for a deceptive blue check verification system and Elon Musk decided to ban the EC X account from making ads.
An interesting history of Paulina Borsook, who published a book in 2000 called Cyberselfish that criticized already the Silicon Valley and its libertarianism.
As new age verification laws are passed in many US states, some activists are trying to push back against it.
A court filing shows that Meta halted internal research suggesting that Facebook was leading to depression and anxiety.
Another dystopian story: a US company has been training an AI model on prison phone calls in order to identify planned crimes.
Many AI workers are raising the alarms about the risk of AI models while more than a 100 Amazon workers signed an open letter about AI risks, especially on climate change (the letter is available here).
An article showing that 13 new countries accepted to open their market to Starlink while Elon Musk was part of the Trump administration and 13 more since.
The New York Times is suing Perplexity for copyright infringement.

Digital investigations:

Some news in the certificate transparency world, with a new platform called CertKit allowing to search in CT logs (I added to my list available here), and a new promising python library to monitor CT logs by the Polish CERT.
A useful tool to help build Google Dorks: FilePhish
My OSINT training recently published a really useful list of bookmarklets for Social Media websites (it definitely deserve a blog post to look into this in depth).
As mentioned above, many people started to use X new location feature to understand who was behind some big X accounts.
OONI made an interesting presentation on their work to measure ECH deployment at IETF 124.
A command-line tool to download IPA files from the Play Store.
Maltego transforms to query the platform pappers.fr (that contains data on French companies) made by Reflets.

What I did

I attended the November Indicator workshop that mostly addressed their recent guide to hunting for documents and files in open buckets, servers, and directories.
I used the Black Friday discounts to get access to the Let’s Defend learning platform. I like these learning platforms that run VMs in the browser for exercises, but I am a bit afraid finding too much beginner-level content.
I attended the yearly general assembly of OpenFacto.
I attended workshops on researching corporations and how to write concisely.

Running giraffe by Tambako The Jaguar (CC BY-ND)

Reading & listening

I continued listening to the great Lawpod series on preserving evidences with the episode 4 with the Reckoning Project and episode 5 with Amnesty International.
I am listening to the podcast series on WWII by The Rest Is History and it is really good.
A fascinating article on sperm whale clicks to communicate and how dangerous it can be.
Interesting reflections by Alexis on AI and development.
I found this recent xkcd very touching.
A good article on the need to have alt text in images.
The fascinating story of Marge and Jerry Selbee who made 3.5 millions by playing a lottery with a mathematical flaw.

This week in music

I discovered the great Turkish pianist Büşra Kayıkçı in Arte concert:

2025 - Week 47

Thu, 27 Nov 2025 12:52:42 +0200

What happened in the world

Shamefully, Trump received Saudi Arabia’s Mohammed bin Salman at the White House. He even criticized Jamal Khashoggi and said that MBS knew nothing of his killing, contradicting his own intelligence agencies.
Israel kills top Hezbollah official in first attack on Beirut in months.
Human Rights Watch published a report on Israel’s forced displacements of Palestinians in the West Bank that amount to war crimes and crimes against humanity.
In a weird turn of events, it seems that Trump was really seduced by Zohran Mamdani after meeting him at the White House. Seeing Trump really liking Mamdani and Mamdani answering questions about Trump being a fascist was… awkward and hard to understand. This picture that will likely stay in history:

Source: Reddit

In France, the Insee has published an analysis of the evolution of ultra-rich income, it shows that the 0.1 richest people had an income increase of 119% over the last 20 years (in French):

Source: Le Monde based on Inseee data

And finally, this really interesting interview with the French ICC judge Nicolas Guillou about what it means to live under US sanctions, including not being able to have a credit card or use any US online platform (in French).

Technology - for good and for bad

A solid report by OONI on throttling of social media in Turkey during protests since March this year. The methodology they developed to identify data throttling is interesting.
NSO is trying to overturn the WhatsApp case, saying it is ‘catastrophic’ for the spyware maker.
It seems that for years, WhatsApp hasn’t limited at all the discovery of accounts, which allowed researchers to identify 3.5 billion accounts. The article also mentions some interesting parts about the profile messages and public keys (also well covered by Wired).
The surveillance tech company Protei was hacked, its data stolen, and its website defaced.
Another week, another massive outage in a too centralized web, this time with a Cloudflare outage on November 18. It seems that even some downtime detectors are relying on Cloudflare and were out, which led to this hilarious https://downdetectorsdowndetectorsdowndetector.com/.
Mastodon announced a transition in leadership and presented the new structure and team.
Border Patrol is monitoring US drivers and detaining those with ‘suspicious’ travel patterns.
Apparently, poetry is a solid jailbreak mechanism for LLMs.
OnlyFans will start checking criminal records and it is a terrible idea.
Pornhub is trying to have Apple and Google develop Device-Based age verification.

Digital investigations

I discovered the great JuxtaposeJS framework to juxtapose two images.
Google has introduced an image AI detection in Gemini called SynthID.
I have been following the release of the Epstein file, besides the political analysis of Epstein political role and potential involvement of politicians in sex trafficking, it is also an interesting case of data analysis and different people are using different tools for that. Zeteo for instance has released some of a Google Pinpoint project, while DDoS Secrets keeps adding to their Aleph instance. In the meantime, some people are developing creative tools like this amazing copy of Gmail interface.
MacWhisper looks like a great local implementation of OpenAI Whisper on MacOS.

Toronto by Rick Harris (CC BY-SA)

Reading & listening

This amazing podcast on the history of Franco and the Spanish dictatorship (in French).
“I Tried the First Humanoid Home Robot. It Got Weird”.
Weekly notes of Alexis, Julie and Benjamin.

This week in music

I really enjoyed this adaptation of Bach’s Goldberg Variations for two guitars by Thibaut Garcia & Antoine Morinière.

2025 - Week 46

Wed, 19 Nov 2025 12:52:42 +0200

What happened in the world

Oxfam has published a piece about the awful consequences of the cut of US Aid.
As expected, the Trump administration is cutting taxes to wealthy people. I saw this really good meme turning on Mastodon:

Source: @redsad@ohai.social on Mastodon

This good analysis on France Inter (in French) raised the point that the war in Sudan wouldn’t stop without stopping foreign interferences.
The Syrian President Ahmed al-Shara met with Trump at White House for the first time, something quite incredible for someone considered a terrorist a few years ago.
Attacks against refugees and migrants are continuing in Tunisia fueled by racist rhetoric from officials.
Attacks by Israeli settlers against Palestinian are continuing in the West Bank.
BBC is the new target of Trump after several US media backed down from a fight with the bullying US president, but it seems that BBC will fight.

Technology - for good and for bad

Google is reversing its decision and will let ‘experienced users’ keep sideloading Android apps, the question after many people criticized that move is how this is going to be implemented.
The AI company Anthropic published a report on how a Chinese state-sponsored group used AI agents for targeted attacks. Anthropic noted that Claude regularly fabricated data and claimed to have discovered credentials for targets that didn’t, but many experts still don’t believe Anthropic analysis and how useful the report describes Claude agents.
After it was revealed that the FBI opened an investigation into the archive.today archiving platform, another weird story emerged of a French non-profit trying to get the platform blocked. Many weird elements in that story.
A new disinformation campaign has been trying to create trouble between France and Armenia.
An interesting threat report on recent Iranian state-sponsored phishing and malware attacks
After a lot of advocacy by digital rights NGO to push back against Chat Control at the EU, it seems that the bill may come back in closed-door negotiations.
The International Criminal Court is migrating from Microsoft to the Open Desk open-source software after being sanctioned by the US.

Digital Investigations

Johanna Wild published an interesting blog post on lessons learned from building the Bellingcat Online Toolkit.
DefCon recently published videos from DefCon 33, including this interesting talk on detecting deepfake images and video.
A new fascinating investigation on identifying the three identical offices Putin is using to hide his location.

Hoi an Vietnam by Rod Long

Reading & listening

Tech Won’t Save Us has another great episode on the war on Cars with the authors of the new book Life After Cars.
An article on the rapprochement between Syria and Russia.
A list of failed opsec stories.
A website compiling deaths attributed to LLM.

This week in music

I am discovering Grand River aka Aimée Portioli and her amazing album All Above (ambient/experimental - 2023).

2025 - Week 45

Tue, 11 Nov 2025 12:52:42 +0200

What happened in the world

The big news of the week is the election of Zohran Mamdani as Mayor of New York City. Beyond his socialist politics going back to economic issues rarely addressed in large cities, seeing someone so bold and following the campaign has been fascinating (not even mentioning his hip-hop songs).
The Sudanese RSF militia agrees to a ceasefire.
Two events showing China’s ability to shut down people researching and talking about human rights issues in the country: UK university halted human rights research after pressure from China and Chinese Authorities Shut Down Film Festival in New York.
UN Security Council lifts sanctions on Syrian President Ahmad Al-Sharaa.
Pentagon names new press corps from far-right outlets after reporter walkout.

Technology - for good and for bad

The Italian spyware scandal continues with a political consultant targeted with Paragon spyware.
In the meantime, legal groups are suing Trump administration over use of Israeli spyware on immigrant communities, while NSO Group is getting a new US leadership close to the authorities.
Palo Alto found a commercial spyware targeting Samsung Android phones with 0-days that they attribute to Protected AE, a successor of the UAE company Dark Matter.
The bubble is growing: OpenAI Signs $38 Billion Deal With Amazon.
Some more information about the L3Harris Trenchant boss who sold cyber exploits to Russia, he apparently sold 8 exploits over several years for only $1.3 million.
Quote posts are finally in Mastodon.
FBI Tries to Unmask Owner of Infamous Archive.is Site.
A.I. Is Making Death Threats Way More Realistic.
EFF Teams Up With AV Comparatives to Test Android Stalkerware Detection by Major Antivirus Apps.

Digital Investigations

An online search form in BreachForum data
New Bellingcat investigation: Geolocating Darfur Killings of Those Escaping Al Fashir

Snow by Cristiana Bardeanu (CC-BY)

What I did

I attended a Bellingcat talk on Mapping military power.
I am continuing to update my selected bibliography on technology used in Intimate Partner Violence.

Reading & listening

Hidden in Plain Bytes: Investigating Interpersonal Account Compromise with Data Exports.
I listened to all three episodes of this great series from Lawpod: Can the Record be Trusted? Prospects and Challenges of Human Rights Documentation and Archiving in the Digital Age . I highly recommend it!
An episode of Curious Canadian History: Internment to Exile: The Japanese-Canadian War Experience.
GIJN published a great blog post of publications that benefited from the training sessions we did on digital threats: How Digital Threats Training Has Powered Innovative Cyber Investigations Around the World.
10 things everyone really ought to know about the AI Bubble.

This week in music

I am a big fan of this cover of the song l’affiche rouge by Feu Chaterton, a cover from Léo Ferré song that put music over Aragon’s poem of the same name. The song talk about the WWII propaganda after the arrest of 23 communist resistants (most of them Jewish) from the Manouchian group.

2025 - Week 44

Mon, 03 Nov 2025 12:52:42 +0200

So much is happening these days, the world is burning and tech companies are throwing oil on it, which means that these weekly notes are getting longer and longer.

What happened in the world

Despite the ceasefire, Israel continues attacks around the region while NGOs are demanding Israel to allow aid into Gaza.
This week has seen a dramatic escalation in Sudan with the capture of el-Fasher by RSF militia. Yale’s Humanitarian Research Lab has found evidence of mass killings while thousands of people are feeling the city.
Surprisingly, Javier Milei’s party won Argentina’s midterm elections.
A US colonel went public on the fact that the US misrepresented evidence on Israel military responsibility in the killing of the Palestinian journalist Shireen Abu Akleh.
More than 300 writers, scholars and public figures have decided to refuse to write for the New York Times’s Opinion section until they change their coverage of Palestine.
In Canada, governments are increasingly using old laws to quash strikes, such as the recent back-to-work bill in Alberta.

Technology - for good and for bad

After years, it turns out that Memento Labs (the new name of the infamous Hacking Team spyware company) is still active and selling Windows spyware exploiting Chrome 0-days to target organizations and individuals in Russia and Belarus. Surprisingly, the Memento Labs CEO, Paolo Lezzi, answered questions from TechCrunch to confirm that the spyware caught by Kaspersky was from them, but indicated that it was an old agent and that they are now only developing malware for mobile platforms.
Following last week’s revelations, Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to a Russian broker, he allegedly made $1.3 million for the sale of exploits to a Russian exploit broker.
Based on federal procurement records, the Lever has revealed that ICE bought access to a social media monitoring platform called Zignal Labs, while ICE and CBP agents are apparently relying on a facial recognition app to verify people’s citizenship in the street.
Noyb launched a criminal complaint against Clearview AI in Austria for GDPR breaches in collecting billions of photos and videos to build their database.
Internet disrupted in Tanzania on election day as the ruling party seeks to extend decades in power.
A wild story: Israel demanded Google and Amazon use secret ‘wink’ to sidestep legal orders.
Some recent information on the forensic capabilities of Cellebrite on Android shows that GrapheneOS is more secure than Android on Pixel phones (see 404media article here too).
Japanese convenience stores are hiring robots run by workers in the Philippines.

The Problem with Censorship is XXXXXXXXX, Budapest, Hungary by Cory Doctorow (CC-BY-SA)

Digital Investigations

The Indicator has published a guide on investigating digital ad libraries.

What I did

It seems that Telegram has finally started to update their transparency numbers for Q3, so I have started to crowdsource Telegram transparency data again, here is what I have so far:

Country	#Requests	#Users
India	8867	9820
Germany	1165	2533
Spain	601	1480
France	513	1171
United States	339	863
Italy	139	312
Romania	22	51
Argentina	21	42
Lithuania	19	35
Cyprus	2	16

I made some updates to pycrtsh that allows to query the certificate transparency database https://crt.sh/.
I am slowly working through my backlog of research papers to update my bibliography of Selected Research Papers on Technology used in Intimate Partner Violence.
I attended an interesting workshop by the Indicator on ad transparency platforms.
I saw Cory Doctorow present his new book Enshittification.
I spent some time playing with RayHunter, an EFF tool to attempt to detect IMSI catchers.

Reading & listening

On tech abuse: “Tech Abuse Personas: Exploring Help-Seeking Behaviours and Support Needs of Victim/Survivors of Technology-Facilitated Abuse”
In French, two new episodes of the great antifascist podcast Minuit dans le siècle on the situation in Italy under Giorgia Meloni (Episode 1 and Episode 2)

This week in music

I loved the album Living Torch by Kali Malone.

2025 - Week 43

Mon, 27 Oct 2025 12:52:42 +0200

What happened in the world

Another week and the ceasefire in Gaza seems to hold, but in the meantime, the Israeli parliament pushed a law to annex the West Bank while violence by settlers against Palestinians is increasing.
In a grand media show where we saw people crying for him, Nicolas Sarkozy became the first president of the 5th Republic to be jailed for corruption.
After several weeks of protests, Moroccan authorities have started to heavily repress GenZ212 activists.

Technology - for good and for bad

Last week, we saw a rare AWS outage that, for once, was indeed due to DNS. Once again, this raises the question of the centralization of the internet with countless anecdotes of critical apps down during that outage, from connected clocks to cat food distribution systems. An issue perfectly summarized by a drawing from Design Thinking from 2001:

Internet centralization by Design Thinking

This has also restarted the discussion about the centralization of Signal, which is a good discussion to have to build more resilient technologies, not to encourage people to migrate while these technologies are not mature yet.
An interesting story in the vulnerability market: the US government accuses a manager of the US vulnerability company L3Harris of selling secrets to Russia, and we learn in the same week that Apple alerted an exploit developer at this same firm that his iPhone was targeted with government spyware before he was fired earlier this year.
An interesting article on NGO usage of AI: AI-generated ‘poverty porn’ fake images being used by aid agencies.
How ICE Spies On WhatsApp.
Cameroon’s Internet access was disrupted during election protests even if I haven’t read any clear evidence that this is linked to a government request.
And it seems we are into a new browser war: OpenAI launched the Atlas AI browser while Microsoft relaunched Copilot in Edge. Considering how complex and critical browsers are, I really don’t think it is a good idea to integrate immature technologies like LLMs. It is like giving the keys to your house to an 8-year-old during the holidays and hoping that everything will be fine. Zack Whittaker has a good summary of the security issues.
We can’t trust technology, even vacuums: Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House.

Assorted Guitar Amplifier Lot by Expect Best

Reading & listening

I read about how inflatable tanks and flat-pack guns used in the Ukraine/Russia war.
I listened to this great podcast about Robert Mugabe and Zimbabwe decolonization (in French).
I started reading Cory Doctorow’s new book: Enshittification ahead of his quick tour to present it in his home-town of Toronto next week.
I liked the conclusion of this “We are heading toward a post-literacy society” video by Cole Hastings: “You have to find time to deeply engage with long and difficult forms of reading and writing”.

This week in music

Last week was the final week of the International Fryderyk Chopin Piano Competition that saw the victory of the US pianist Eric Lu. His interpretation of the Piano Concerto n°2 was excellent but I was personally more touched by Tianyao Lyu’s interpretation of the Piano Concerto n°1 (largely based on the fact that I find the 1st piano concerto way more touching).

2025 - Week 42

Tue, 21 Oct 2025 12:52:42 +0200

What happened in the world

For now, the ceasefire in Gaza seems to hold even with multiple deadly strikes by IDF.
Following Gen-Z protests in Madagascar, an army colonel led a coup and is the new Madagascar’s president.
Support to Palestine has been criminalized in many countries, especially Germany and now UN experts urge Germany to halt criminalization and police violence against Palestinian solidarity activism.

Technology - for good and for bad

A group of media published several stories on the SS7 geolocation company called First Wap. First Wap offers geolocation of smartphones by exploiting flaws in the SS7 network, which is not new. A few years ago, Circles was leading that market. The interesting part is that they had access to a set of data on people targeted which allowed them to retrace stories of person surveilled, from journalists investigating the Vatican to startup CEO and women who rejected a man who had access to this technology. The Lighthouse Reports article is really good, Mother Jones also has a solid report.
A fascinating work by research teams at the University of Maryland and San Diego: they eavesdropped satellite communications from several satellites for three years with cheap commercial hardware and found way more unencrypted data than expected (Wired has a good piece covering this research).
A US court orders spyware company NSO to stop targeting WhatsApp, which is a very positive development following last week’s announcement that NSO was purchased by a US based investor. I hope that will prevent NSO Group from re-entering the US market.
After Anthropic agreed to pay 1.5 billion in a class action lawsuit for training AI on pirated books, the Anthropic Settlement website for copyright owners is online.

What I did

I met some people from the collective Science for the People at a book fair. They advocate for a radical transformation of science and society.

Reading, listening, watching

Another great episode from Minuit dans le siècle (a French antifascist podcast) on Trump, Big Tech and the libertarian counter-revolution with Sylvie Laurent (related to the publication of her new book). One interesting angle of this episode is to dismantle the narrative of progressive counter-culture in California : she comes back on the genocide of indigenous people during the gold rush in 1848, but also on the heavy WWII military investments at the core of the development of the current tech industry (Lockheed Martin was the first employer of California for a long time post WWII).
An interesting investigation into the shady funding behind the Canary Mission’s Operations
The State of the AI Industry is Freaking Me Out by Hank Green
An old episode from Working Class History on the history of Industrial Workers of the World in Canada

Fall Tree by Charles Knowles (CC-BY)

This week in music

not an elegy from Leila Bordreuil is excellent (experimental music from March 2021)

2025 - Week 41

Tue, 14 Oct 2025 00:00:00 +0200

Another week in the world and we are finally seeing a ceasefire in Gaza!

What happened in the world

Finally, finally, finally, there is a ceasefire in Gaza! It seems that the ceasefire agreement between Israel and the Hamas is going to hold under US pressure, and that hostages in Gaza and Palestinian prisoners and detainees in Israel are going to be released tomorrow. This is happening in a situation of complete devastation in Gaza and only the first steps of the ceasefire were agreed upon. There are many open questions on what the next steps will be, in terms of humanitarian aid, rebuilding of Gaza and who will govern the territory. After 2 years of horrors, let’s hope that we will finally see positive changes.
The Egyptian activist Alaa Abd el-Fattah was finally released from Egyptian jails after 12 years. His short interview with the Guardian is touching.
The UN Human Rights Council has decided to establish an independent investigative body on past and ongoing crimes in Afghanistan
Tunisia is getting every day more into an authoritarian country with now unprecedented sentences for peaceful expression on social media, a man was recently sentenced to death for his publications on Facebook.
The Nobel Peace Prize was awarded to Maria Corina Machado, a Venezuelan conservative leader and long-time opponent of Nicolás Maduro. She dedicated her prize to Donald Trump.

Technology - for good and for bad (mostly for bad)

This week, I spent some time reading about the danger of the AI bubble, including how circular deals are used to pump up market prices of companies and how the giant datacenter projects by OpenAI and others make no sense. You may have seen this fascinating diagram from Bloomberg on social media that explains the interconnected investments of OpenAI and Nvidia:
How Nvidia and OpenAI Fuel the AI Money Machine - Bloomberg News reporting

2025 - Week 40

Wed, 08 Oct 2025 12:00:00 +0200

Second week writing weekly notes, I find interesting to anticipate these notes as I see myself reflecting more on what is newsworthy among my readings during the week. I also really appreciated having some people I know reacting to them on Mastodon <3.

What happened in the world

Another week watching Genocide continue in Gaza. All the boats of the Global Sumud Flotilla were illegally arrested by the Israel authorities on their way to Gaza. In the meantime, the ceasefire negotiations are starting largely led by Israel and the US.
The Gen Z protests are happening all over the world, often under the One Piece banner. After Nepal, we are now seeing large protests in Madagascar or Morocco. I have been particularly interested in the protests in Morocco, where it seems that so far the targets have been the government and social issues and spared the King.
The Trump administration has escalated its attack against civil society and its political opponents in a new dangerous decree targeting specifically antifascist groups. Over 3000 non-profits have signed an open-letter calling this decree a violation of fundamental freedom in America.

What I did

I attended a meeting with the Canadian Tech Worker Coalition. This decentralized organization was founded in the Bay area to organize tech workers and has local chapters all over the world. In that meeting, I was shocked to discover that after workers unionized, Amazon decided to close its 7 facilities in Quebec, with thousands of employees out of work. It seems that we need unions now more than ever.
I was also invited to talk at a class for journalist master students at Science-Politique Paris. I talked about the usage of digital investigations by journalists and used the Endless Mayfly disinformation campaign as an example of using a mix of different techniques to track an infrastructure.
I also attended an interesting training session on how to write concisely where I discovered George Orwell’s six writing rules.

Reading & listening

Two important publications on disinformation : first, an update on the latest disinformation campaigns by the Russian group called CopyCop which notably played on French politics with a fake French Royalist party, and Canadian politics with a fake Alberta separatist website. Then, a new fascinating report from the Citizen Lab on a disinformation campaign they attribute to an agency linked with the Israeli government.
On digital investigations, I found this Open Source Munitions Portal very useful to compare traces of weapons in different contexts. Instagram also introduced a new Friends Map that allows to find geotagged stories or posts from people you follow.
This databroker database is a useful tool.
This blogpost by FDroid is really important: the recent policy changes by Google to require approval of side-loaded apps may have some positive benefit to fight against malware and spyware, but it is also going to jeopardize a whole ecosystem of free and open source apps available outside the play store. They are calling to put pressure on politicians (especially in Europe) to force Google to change their policy.
I was impressed by the likely geolocation of the Rubicon Russian headquarter based on very minor details in videos from inside the building. Solid journalist work!
I really enjoyed watching Maria Ressa speaking at the UN and The Daily Show (even if the ratio of serious discussion / jokes is a bit low for me)
Finally, a report by la Cour des Comptes in France has criticized the organization of the Paris 2024 Olympic Games with a budget underestimated by several billions and an estimation of economic benefits largely overestimated.

Toronto by night by Chuck Lee CC-BY-NC-ND

This week in music

I really enjoyed this 2020 album “Aralkum” by Galya Bisengalieva who was inspired by the ecological disaster of the Aral Sea. Here is the description provided on the Bandcamp page:

2025 - Week 39

Thu, 25 Sep 2025 00:00:00 +0200

Here we are, 10 months after I mentioned wanting to write weekly notes, I am finally adding that section to my website. I have really enjoyed reading weekly notes from friends like Julie Brillet or people I find interesting like Alexis Métaireau or Molly White in a different format, so I am going to try to add that to my routine. For me, it seems complementary to my (rare) blogging and social media accounts, first it contributes to reclaim the web with self-hosted and decentralized websites. It also gives me a more structured way to do a weekly check-in with myself of the events that happened and what I found interesting or important. The format itself may evolve over time, and change depending on my weeks, but I will try to keep some world news, and a focus on tech, human rights and digital investigations.

Timestamps and LinkedIn

Sat, 02 Aug 2025 20:00:00 +0000

I recently attended an interesting talk about the challenge of identifying the timestamp of social media publications and this made me look more in depth at LinkedIn timestamps.

LinkedIn Timestamps

LinkedIn is quite frustrating in Open Source Investigations as it only provides a rough estimation of when a post or comment was published, like here just with a “1d” which means “1 day ago”:

That is of course not enough for investigations where the exact publication time is critical to establish a timeline of facts. Thankfully, Ollie Boyd made a really interesting discovery in the format of LinkedIn post’s URL.

Starting 2025 with a blog post and new resolutions

Thu, 16 Jan 2025 20:00:00 +0000

2025 is here and I have to acknowledge that this blog has been a bit abandoned lately. So now is a good time to bring some life back here and also a good time to reflect on 2024 and what’s next.

Reflecting on 2024

In many aspects, 2024 has been a rough year with so many crises in the world. Like many people, I have looked with horror at the genocide in Gaza and felt powerless to participate in anything that could prevent it. I have also seen so many people affected by the horrible attacks in Palestine and Lebanon. After many years working in Human Rights, it has been hard to look at how inefficient Human Rights and International Law has been to prevent these massacres. The war in Ukraine is continuing and is not showing any sign of positive resolution, and there have been major political crises with violence against the population in so many countries like Sudan, Kenya or Mozambique. The Trump election in the US and the growing far-right and neo-fascist movement in Europe, US and elsewhere is scary. Capitalism is pushing us slowly but surely into fascism, largely helped by far-right billionaires like Elon Musk, Vincent Boloré or Tobias Lütke, and it is hard to see any efficient strategy to counter it.

Restriction of European Visitors in US media - an update

Mon, 27 Feb 2023 01:00:00 +0100

In November 2021, I did some testing to see how many US media were blocking European visitors to avoid complying with GDPR. To my surprise, most of them actually used the HTTP 451 code that was created in reference of Ray Bradbury’s Fahrenheit 451 novel.

Example of page blocked with HTTP 451 (Source: Wikipedia)

I recently found a new list of over 5000 US media domains established in 2021 by Clemm von Hohenberg, B., Menchen-Trevino, E., Casas, A., Wojcieszak, M., so I decided to run a new series of test based on this list.

France and Controlling Access to Porn Websites

Thu, 16 Feb 2023 01:00:00 +0100

January 2023, and once again the question of limiting access to porn websites for people under the legal majority age is back in the media. It is a question as old as the World Wide Web that is coming back every year with a different angle. In 2020, the French Parliament even passed a law (article 227-24 of the criminal code) forcing pornography websites to use age filtering more efficient than a simple web form. The problem is that there is currently no reliable and privacy-preserving solution to do that (without even saying that these websites want to limit any friction for their users).

Analyzing US Media Blocking of EU Visitors

Wed, 24 Nov 2021 00:00:00 +0200

I have been working and studying technology for over 10 years now, and the one thing I really love is discovering weird technical quirks you can find on Internet, and what they tell us about society. Things like how bad geolocation of IP addresses turned the life of a Kansas family into hell or how to track dictator’s aircraft from open flight information.

Among them, I discovered last year that the HTTP code HTTP 451 Unavailable For Legal Reasons was actually used by some US media to block European visitors as they do not want to comply with GDPR regulation. The code 451 is actually a reference to Ray Bradbury’s book Fahrenheit 451.

How to Check if an Android Phone has a Stalkerware Installed?

Sat, 16 Jan 2021 00:00:00 +0100

Stalkerwares are malware used in abusive relationships to spy on someone’s partner. I have talked quite a bit about it already, see my previous blog posts for more background information on stalkerware.

There are different ways to check if a stalkerware is installed on a phone. At Echap, we have written a guide to check for configuration settings on an Android phone (in French). We think it is the easiest way for non-tech people and quite reliable. The Clinic to End Tech Abuse has developed a tool called ISDi to look for stalkerware based on package names on Android and iOS. More recently, Felix Aimé has released a tool called TinyCheck to analyze network traffic from a smartphone, which can be used to identify stalkerware traffic.

Analyzing Cobalt Strike for Fun and Profit

Sun, 20 Dec 2020 00:00:00 -0500

I am not sure what happened this year but it seems that Cobalt Strike is now the most used malware around the world, from APT41 to APT32, even the last SolarWinds supply chain attack involved Cobalt Strike. Without relaunching the heated debate on publishing offensive tools, this blog post intends to summarize what an analyst needs to know about Cobalt Strike to quickly identify and analyze it during incidents.

Finding Cobalt Strike Servers

A few months ago, the Salesforce security team published a new active fingerprint tool called JARM. It is the active equivalent to JA3 they published last year. It generates a fingerprint based on the TLS configuration of a remote server, such as the TLS version or the TLS extensions, without considering the certificate. It is especially useful to identify custom web servers used by some tools, and Cobalt Strike is one of them.

Investigating Infrastructure Links with Passive DNS and Whois Data

Sun, 30 Aug 2020 00:00:00 -0500

I am republishing here the guide on using passive DNS and Whois data in investigation that I published earlier this year on the Amnesty Citizen Evidence Lab website.

Many disinformation or malware campaigns rely on a computer architecture based on several servers and domains, and even if they often try to hide the infrastructure, it has to be accessible online. Investigating these infrastructure links is often a good way to get a broader view of the campaign. This is one of the tools we use in our investigations at Amnesty Tech.

Some Thoughts About Stalkerware and Technology in Intimate Partner Violence

Sun, 23 Aug 2020 00:00:00 -0500

A few years ago, I wrote about Flexispy after the company got hacked and some data was released. It was the first time I encountered stalkerware in my work. Since then, I have had many discussions about this creepy market and more generally technology used in intimate partner violence (IPV) with researchers and activists. I think it is the right time to reflect on what we know about stalkerware and what needs to be done on this topic.

Analyzing Shellcodes with Miasm for Fun and Profit

Sat, 04 Apr 2020 00:00:00 +0200

Shellcodes are an interesting piece of software because they have to run with unusual constraints. They are also small enough to be used to learn new tools. I have been wanting to learn to use miasm for a long time (since I saw the first presentation at SSTIC some years ago), I finally used a few nights of confinement to learn that, here is a short summary.

Linux shellcode

Let’s start with a Linux shellcode as they are less complex than Windows shellcodes.

Targeted Attacks Against Civil Society : What is New in 2019?

Mon, 02 Dec 2019 00:00:02 -0500

TL;DR

New trends in targeted attacks against civil society in 2019 :

More attacks against smartphones, some attacks are using 0-days and we don’t know how to be effectively protected against them, but many attacks are using exploits against fixed bugs in Android
Phishing attacks bypassing 2 Factor Authentication solutions other than hardware keys are common now. We have to consider that most attacks will support that in the future, and move to hardware tokens for 2FA
OAuth attacks are still there and will likely be there for some time. As they bypass many protections against phishing, people need to be aware of them and check their OAuth access regularly.

Targeted Attacks Against Civil Society : What is New in 2019?

10 years ago, the GhostNet report published by the Citizen Lab made quite a buzz; it described an important coordinated effort of compromising computers over the world, from the embassy of India in the US to PetroVietnam. It was one of the first times that an attack campaign of that scale was revealed, but what made it especially important is that this campaign was discovered when researchers identified attacks against the Tibetan community in exile, and more specifically against the Office of the Dalai Lama.

2019 OSINT Guide

Sat, 05 Jan 2019 00:00:00 +0200

I have been doing a lot of Open-Source Intelligence (OSINT) lately, so to celebrate 2019, I decided to summarize a lot of tips and tricks I have learned in this guide. Of course, it is not the perfect guide (no guide is), but I hope it will help beginners to learn, and experienced OSINT hackers to discover new tricks

Methodology

The classic OSINT methodology you will find everywhere is strait-forward:

Harpoon: an OSINT / Threat Intelligence tool

Fri, 23 Feb 2018 00:00:00 -0500

TL;DR

Harpoon is a tool to automate threat intelligence and open source intelligence tasks. It is written in Python 3 and organised in plugins so the idea is to have one plugin per platform or task. The code is on Github, feel free to open issues and propose Pull Requests.

Install and config:

pip install git+ssh://git@github.com/Te-k/harpoon  --process-dependency-links
npm install -g phantomjs
harpoon config -u
harpoon config

Then check how to use every module with harpoon help MODULE

Another PE tool

Sun, 04 Feb 2018 17:08:02 -0500

Analyzing PE files is a basic task in reverse engineering in order to understand their structure, look for anything interesting before going more in depth into the reverse engineering in itself. There are countless tools to do that, on Windows I use PeStudio, PEView and Resource Hacker. But most of the time I want to have a first view of the file before starting my Virtual Machine, so I was looking for a CLI tool on Linux. There is of course PEScanner published by Michael Ligh with the good Malware Analyst’s Cookbook but it is a bit outdated (python2 only) and I like to write my own tools to be sure I understand how they work and what are their limits.

Google Advanced Protection

Sun, 05 Nov 2017 00:00:42 -0400

Last week, Google has added a new set of security features in Gmail called “Advanced Protection”, specifically for high-risk users. It was widely covered the media (Wired, The Verge or Reuters) and quickly started a debate about whether Google is the most secure email provider on the planet or if ProtonMail can compete. The main point here to me (and it has been said by many other people everywhere) is whether you trust Google to keep your data or not, depending on your threat model and your opinion about privacy.

Let's Talk About FlexiSpy

Sun, 23 Apr 2017 22:00:00 +0000

Introduction: I started this blog post to explain the context of FlexiSpy leaks and show some information I have found during my analysis. This information is incomplete and there is still plenty analysis of source code or binaries to be done. I have uploaded the source code and binaries on github so that everyone can help with it. I will try to report in this articles the publications I have seen on it, but feel free to ping me on Twitter if you see new information or have any question.

#privacy

Mon, 15 Aug 2016 21:21:05 +0200

There are now more and more privacy abuse everywhere, so even though we feel it, it’s often hard to understand the daily privacy demolition. To help me, I started a list of privacy abuse cases here (likely out of date, I have considered only cases by commercial companies for now, if you see additional cases, poke me on Twitter)

2016

2016/08/06 The Internet of Dildos Is Watching You : Connected sextoys sending intensity settings and temperature to the manufacturer in real-time
2016/08/03 Comcast: ISPs should be able to sell your Web history to advertisers (Comcast only asked to the Federal Communications Commission, it’s apparently not done yet)
2016/08/02 Battery Status readout as a privacy risk
2016/07/21 France orders Microsoft to stop collecting excessive user data : MS started to process information an all the apps downloaded and installed by a user and the time spent on each one (linked to an email account now)
2016/05/04 Google given access to healthcare data of up to 1.6 million patients : DeepMind (a Google owned company) accessed patient information in an agreement with the Royal Free NHS trust to develop data analysis software

2015

2015/01/10 (at least) Metrics enabled by default in Github Atom editor : Atom sends metrics about the tool usage to Google Servers without user knowledge (it was apparently updated then to inform the user). The id per user chosen is a SHA-1 of the MAC address. Fixed the 9th of August 2016.
2015/02/13 Privacy fears over ‘smart’ Barbie that can listen to your kids : New connected barbies send recordings to manufacturer sender for voice-recognition, and can potentially sell recordings to third parties.

2013

2013/08/07 AT&T Is Going To Start Selling Your Data
2013/06/24 Barclays to sell customer data : Barclays Bank start to sell spending habits about 13million customers
2013/05/22 Verizon Selling Customers’ Cell Phone Data
2013/04/05 SFR has a project of commercialising geographic data of its customers (French), use cases cited : understand the origin of people arriving in a supermarket, or understanding people travels in public transports.

2010

2010/04/01 Google Wi-Spy abuse case : Google cars collected Wifi data while driving (mostly illegally). The intercept has done an clear overview in this article

Openssh backdoor used on compromised Linux servers

Mon, 01 Aug 2016 14:53:42 +0200

Olà,

Some times ago, I have installed honeypot services on one of my servers, in order to see what happens in the real outside world. I especially installed the cowrie ssh honeypot which simulate a Linux shell and gather binaries that people want to install on the server (this tool is awesome, check here to install it).

Cowrie ssh

This honeypot is really fun, because it records everything done during an attack, and record the whole tty session which can be replayed. If the attacker tries to download a file, cowrie automatically downloads it and stores it in a dedicated directory. In my case, I have only allowed one correct password (but an easily one : root123), so most of my logs are failed authentications:

Machine learning for malware detection

Sat, 16 Jul 2016 12:52:42 +0200

Plop,

I have been reading many articles about Machine Learning recently, and it seems to be the new hype technology so I wanted to play a bit with these algorithms to better understand the principles behind it. If you don’t know machine learning, you should to read this awesome article or this one. This article was largely inspired by this one which analyze the Titanic data.

Machine Learning and Classification

So the idea of machine learning is to let the algorithm learn by itself the best parameters from data in order to make good predictions. There are many different applications, in our case we will consider using machine learning algorithm to classify binaries between legitimate and malicious binaries. This idea is not new and Adobe has even released a tool called Adobe Malware Classifier at Black Hat 2012 but it will be a nice exercice to see how to use machine learning.

Comparison of php scanners

Sat, 14 May 2016 17:44:19 +0200

Hi there!

I have recently looked different compromised websites on github, mostly using outdated Wordpress/Joomla/Drupal versions. In these cases, I often have to go through many different files to find the malicious one, whether added on the website or added to legitimate files. Here is a short summary of the different tools to detect them.

ClamAV

ClamAV is an open-source antivirus developed for different platform, but also one of the seldom antivirus used on Linux. It has a complex signature format with many open signature provided by the community (more than 3 700 000 according to wikipedia). And the good news, is that it supports Yara since last year!

#references

Thu, 05 May 2016 01:07:16 +0200

Here is a list of references regarding security topics and hacktivism:

Political Organizations

Here are several awesome organization regarding online freedom:

EFF : The Electronic Frontier Foundation fights for digital freedom in many different ways (legal fights, press review, development of technical tools…). See their website and their Twitter account. Here is a list of EFF projects I like:
- Let’s Encrypt is a free certificate authority
- Privacy badger is a Chrome/Firefox extension to block spying ads and invisible trackers
- HTTPs Everywhere is a browser extension to use HTTPs by default on main websites
Citizen Lab is a research group based in the University of Toronto which focus its researchs on human rights and digital surveillance. They have done amazing analysis of targeted attacks by governments on citizen (like this one or this one). See their website or twitter account.

Resources

Thu, 05 May 2016 01:07:16 +0200

This page gathers some useful guides and resources on digital security.

Drawing by Matt Dixon

General Digital Security Guides

The main resources on digital security are:

Surveillance Self-Defense by EFF is the main reference, it is available in 11 languages and well maintained.
Security Planner by Consumer Reports is an easy to use platform to get practical recommendations
Security In a Box is a very good resource, but not maintained anymore and many guides and articles are now outdated.
In French, le Guide d’autodéfense numérique is a good in-depth manual (that may not fit for people looking for quick answers)

On Phishing and Malware attacks

If you want to understand phishing and malware attacks more specifically:

About Me

Fri, 29 Apr 2016 14:51:26 +0200

I am Etienne “tek” Maynier, an activist, security analyst and researcher.

Drawing by _lila*

I am currently working as a Technologist in the infosec team of Human Rights Watch to protect the organization against digital threats.

Previously, I cofounded and was an active member of Echap, a non profit supporting women shelter on technology, from 2020 to 2025. I was a Mozilla Open Web Fellow in 2016 - 2017, a research fellow at the Citizen Lab from June 2017 to April 2021, and worked for Amnesty International from 2019 to 2023.

How to contact me?

Fri, 29 Apr 2016 14:51:26 +0200

You can contact me securely in the following ways:

Drawing by Matt Dixon

By email: you can contact me at etienne AT maynier DOT eu, if possible using this public GPG key (Fingerprint 6861 626E B4A8 74F5 D794 ED0C 5FC6 A564 4D8A E276) or a protonmail account.
On Wire: @tekk
On Signal/WhatsApp: the easiest way is likely to send me a DM on Mastodon (@tek@todon.eu) or an email, asking for my phone number and explaining briefly why

If you do not need a high level of security, you can still email me or send me a Mastodon DM.

Projects

Fri, 29 Apr 2016 14:51:26 +0200

Here are some personal projects I have been working on:

Drawing by Matt Dixon

Tools

I am one of the developer and maintainer of the MVT Toolkit that allows to forensically analyze smartphones.
A database of Telegram Transparency data crowdsourced from the community (see raw data here)
Harpoon is a python CLI tool to query OSINT and Threat Intelligence platforms (see this blog post about it)
I maintain (with other people) a list of indicators of stalkerware applications
Some CLI tools to analyze PE Files or APK files

Guides

I have written two chapters of the GIJN Reporter’s Guide to Investigating Digital Threats, one on the digital surveillance landscape and one on investigating digital infrastructures
I have helped write several security guides for women shelters with the Echap non-profit (in French)

Research

I maintain an online bibliography on technology used in intimate partner violence, called IPVTechBib