35 comments

[ 3.0 ms ] story [ 42.4 ms ] thread
Anything Meta should be binned if you care about yourself.
> publishing information deemed harmful to state interests

Is the charge, which I think kind of speaks for itself. Full on: "You embarrassed us, straight to jail."

In most of the world such photos would be deemed of public interest and shared by the media then we'd reflect on if our routing is safe/correct and make proportional changes for safety. Not a big deal, nobody is fired, life moves on.

I feel like actions like this are going to hurt the UAE themselves, because how can you improve if there is no dialog? No information to even start a dialog? A lot of hard conversations are NOT going to be had because I guess it is a state secret?

You are providing confirmation of a hit to the enemy as well as the state of the area after the explosion. This is valuable intelligence used for target lists on future strikes. Such information is also used for determining air defense coverage and estimating hit rates.

Open source intelligence is a very high priority in modern war. Social media provides massive amounts of free intelligence. For instance, a few secret US bases in Afghanistan were mapped using Strava data from runners.

https://www.wired.com/story/strava-heat-map-military-bases-f...

This defensiveness just makes the situation worse. If they came across as at a disadvantage and doing their best that could attract help and admiration. Trying to cover things up while being hostile just makes them look like reactionary creeps with too much power. An unfortunate turn of events in any case.
The headline makes it sound as if it could have been useful for terrorism or something. Like "how bombs affect airplanes".

But the actual article is much more haunting.

> Radha Stirling, chief executive of London-based advocacy group Detained in Dubai, said Dubai police had "explicitly confirmed they are conducting electronic surveillance operations capable of detecting private WhatsApp messages."

Whoa.

> Radha Stirling, chief executive of London-based advocacy group Detained in Dubai, said Dubai police had "explicitly confirmed they are conducting electronic surveillance operations capable of detecting private WhatsApp messages."

And later it mentions that they "also" use the Pegasus spyware. Although I'm not sure I'd trust that as actual confirmation that this was a separate attack vector. Even if "someone in the chat leaked it" is AIUI the most common way something like this would happen.

Not like I like the UAE (I don't), but during this war they made it plenty clear that it is illegal to record and share any videos or pictures of the damage that was caused by the Iranian attacks. Everyone in the country knows this, and I'm sure airlines have procedures to familiarize staff with the laws of the country they're flying to. If they don't, still not the UAE's problem. Don't like the law? Go somewhere else.

(inb4 any arm chair analyst decides this law is a bad law. That's not the point. The police only apply the law and not write it)

Secondly, I doubt this was some sort of high tech operation. More likely someone just snitched and/or some sort of meta data snooping.

The article's frame is concerning, but is it right to attribute the arrest to zero-click spyware? How is the process of the police's discovery known?
And people wonder why I refuse to connect through Dubai.
The irony is this arrest is most probably the first most people have heard of them getting flattened.
If you think WhatsApp is encrypted, I have a handful of magic beans to sell you.
...in Dubai
What people do not know or understand about the Arabian Peninsula is that you have essentially zero rights.

People think, "It cannot be that bad" because a lot of money is spent on good PR for the region, and also because they never find themselves in situations where they get to see how little their lives are worth in those places.

You go to a hotel for a week or take a business trip, everyone smiles, the food is good, whatever. You are not going to trigger any of the bad stuff that way. Before you say, "Well, yeah, if you do something egregious...", nope. Something as innocuous as disagreeing with a superior at work could land you in jail. You are 100% at the whim of people who have more power than you over there.

I'm of two minds on this. In peacetime, I'd consider something like that to be unreasonable and harmful, not that I'd ever even consider setting foot anywhere on the Arabian Peninsula. But, if anyone has noticed, World War III is raging all around us, and when an enemy who wants to kill you is backing that up with explosive payloads, you really don't want to be handing them battle damage assessments.
Its called free BDA, straight up aiding the enemy by correcting his fire.
The article claims the photo was shared in a private group chat. I think the image only became public because of the arrest and subsequent media interest. BDA from social media posts is a very real risk, but that is not what happened here.
Do we really want to dwell on sharing stuff in private group chats? cough alcoholic idiot cough Yemen
These ME countries are authoritarian hellholes with a thin veneer of civility and modernity. Think I'm exaggerating? How about being randomly dragged off your flight to have your vagina inspected: https://www.arabnews.jp/en/middle-east/article_30004/

Being thrown in jail arbitrarily without much recourse is such a common occurrence it's spawned its won business category: https://www.detainedindubai.org/

I personally would not step foot in any of these places. This article is not news, it's par for the course.

> The UAE government owns majority holdings in telecom companies Etisalat and Du. This gives security services the power to observe all communications on their networks.

> The Arab state has also used the Israeli-developed software Pegasus which allows agents to listen into private calls and read messages, even if they are shared on encrypted apps like WhatsApp,.

This seems to be the key part from a tech standpoint. Notice that it doesn't come out and say whether Pegasus played a part in this particular arrest, or the telecoms, or both, but it seems to be implied.

Also, I'm intrigued by the punctuation error at the end: "...like WhatsApp,." Did an earlier draft go on to list others? Does Pegasus help governments read messages from Telegram? Signal? It would be interesting to know more.

Could the weak spot with WhatsApp be that images are saved to a persons device? Also the metadata is not encrypted.
After Whatsapp was bought by Facebook why would anyone assume it is still private?
The “nothing to hide” people need to be real quiet about now.
The "tech solution can't fix a human problem" people on the other hand...
If you have a private conversation to have that would risk you getting arrested, you shouldn't be using WhatsApp or Signal for it. Consider something more obscure, not connected to your phone number or name, and make messages disappear after 24h. Consider SimpleX, Briar, etc. Obviously don't leave any trail or photos on your device either. Moreover, the device shouldn't be reachable via WhatsApp, Signal, SMS, or even a phone number, as these are common vectors for attackers. Your mobile device should probably be using hardened GrapheneOS or something else with sufficient obscurity. Do not make the mistake of activating a SIM or installing any Google app on the device. As a legal disclaimer, do not break the law.