🚨🚨Spyware, Lawsuits & Code Exploits: The Digital War Over Privacy

Jerusalem, California, Silicon Valley — different locations. Same question: who owns your data?

On May 7, 2025, a California court ruled that NSO Group, the Israeli cybersecurity firm behind the infamous Pegasus spyware, must pay $170 million in damages to WhatsApp for unauthorized surveillance.

The backstory?

In 2019, WhatsApp (owned by Meta) discovered that 1,400 users’ phones were compromised through a sophisticated attack vector. Journalists, diplomats, and officials from Bahrain, Mexico, the UAE, and others were allegedly targeted. NSO had exploited vulnerabilities in WhatsApp’s code to push malicious payloads — directly through the app’s own servers.

The court found NSO violated both U.S. federal law (CFAA) and California’s data protection statutes. NSO argued that their clients — not the company itself — used Pegasus to monitor targets. But the court drew a clear line: building the weapon is inseparable from its deployment.

This raises deeper questions that reach far beyond the courtroom:

• What happens when surveillance becomes a service?

• Who bears responsibility — the builder or the buyer?

• Can centralized platforms ever truly defend users against exploits crafted by nation-grade actors?

In an age where blockchain preaches decentralization, privacy, and self-custody, stories like this are more than legal drama — they’re a warning.

To the #AMAGE community:

Are decentralized systems the only answer in a world where even trusted infrastructure can be hijacked?