"The cost of convenience is often paid in the currency of privacy." - Timsux Wales

Hi Reader,

🙏 It’s been one year since I launched this newsletter — one year of weekly emails without skipping a beat.
Some weeks I squeezed in a few words between meetings, deadlines and everyday chaos.
Today I wanted to pause and simply say: thank you.
Thank you for reading my book. Thank you for being here every week. Thank you for your replies — I read every one of them.

The story

Terry turned a corner and felt a chill run down her spine.
The black sedan with tinted windows was following her again. Outside her home. Parked near her office. Trailing her train-station commute.
She was a journalist working on a drug scandal involving powerful figures and had stirred the hornet’s nest.

She ducked into a quiet alley hoping to lose the car. A few metres in, she heard footsteps. She ran.
A hand clamped over her mouth. Her phone dropped.
Eyes wide, she heard the voice:
> “These devices are so useful – camera, tracking, personal mirror.”
Then a bag over her head. Darkness.

Why this matters

This week I want to talk about the major legal victory by Meta Platforms against NSO Group — the company behind the infamous Pegasus spyware.
A U.S. federal jury awarded Meta nearly $168 million in damages after finding NSO exploited a vulnerability in WhatsApp to seed Pegasus onto more than 1,400 phones in over 50 countries.

Pegasus isn’t your typical malware. It can sneak into phones via a missed call, read your messages, turn on the microphone and camera, send your location and images — all without your knowledge.
In Terry’s case it wasn’t just phones — surveillance tools extended to tracking devices, even everyday gear she relied on.

The ruling against NSO is significant — but it’s not a shield for you. It covers exploitation through certain apps (WhatsApp etc) but not the broader range of spyware that can land on your device through other means.
In other words: yes, it’s good news — but no, it does not guarantee your phone is safe.

And here’s the truth: if someone has physical access to your device, or uses a zero-click exploit, your device could still be compromised.
The march of technology is faster than the pace of regulation.

What you can do

• Use an iPhone if you’re not comfortable with tech tinkering; it still offers one of the stronger protections out of the box.
• If you’re more tech-savvy, consider a minimalist Android build (for example a Google Pixel running an alternate OS like GrapheneOS) for stronger privacy control.
• Watch for warning signs: unexpected battery drain, the phone running hot while idle, odd network behaviour.
• Don’t assume “no signs of trouble” means “no trouble”.

Thank you for being part of this journey. Your feedback keeps me on my toes. Here’s to another year of digging into what really matters in cyber-resilience.

Stay safe out there.
Mat C