This script also pushed ads for a fake AdBlock app that was a dropper for banking trojan apps.

Amazon refused to do anything about it.

More info:

https://forum.xda-developers.com/t/massive-mobile-advertisin...

At a minimum we should demand transparency and accountability from all of these scale-enabling organizations.

Making takedowns automatic on any user report means the dictators take down the apps of the dissidents.

In the absence of AI that would necessarily have to be good enough to also radically change society and the economy, the only solution I can even think of is a big increase in funding for the policing of apps. Who exactly would fund that? Governments would want to use such powers to pursue their own agendas, while Big Tech taking a proportion of App Store income is already being called “[Apple|Google] tax”.

I mean — why is this not obvious? Force these companies to adhere to certain regulatory standards - the minimum of which is transparency and accountability.

Also, while we are on this subject, your language has some pretty orientalist vibes to it. I wonder who you think created these problems and who feeds them today?

Voting with the dollar doesn’t work anymore.

In the olden days of the internet, ISPs that ignored abuse complaints would be blocked by their peers. Now that Gmail and AWS are too big to block, they act with impunity.

How did we get to equating selling tools for murdering journalists to spam in just three comments?

Amazon (and others') pervasive shitty handling of non-DMCA abuse reports seems relevant, however.

Does anyone here know what an individual reporter should do? Is there an escalation ramp that exists but was so poorly marked that neither sloshnmosh nor Amazon support was able to find it? Does the ramp go through other organizations (e.g. report to CERT or some other org first and come back with a case ID)? Does the ramp not exist and need to be built?

Ex A: https://signal.org/blog/looking-back-on-the-front/

The CEO publicly broke their policy on this on two occasions: the neo-Nazi website The Daily Stormer, and 8chan. In each case, only after a long saga played out.

For The Daily Stormer: after they mocked the deceased victim of the Charlottesville rally, Cloudflare received public pressure to boot them but refused, and then the owner subsequently tried to troll them/the public by claiming Cloudflare executives secretly supported their ideology, causing them to finally be removed. (https://blog.cloudflare.com/why-we-terminated-daily-stormer/ )

For 8chan: Cloudflare received a lot of heat for not removing them after the first and second incidents of posters becoming mass shooters, eventually removing them after the third mass shooting. (https://blog.cloudflare.com/terminating-service-for-8chan/)

I forget the term/aphorism for this (like "double-bind", sort of), but they put themselves in an awkward position because they're probably one of the most neutral service providers out there - still far more than probably anyone else to this day - but by marketing themselves as 100% neutral, being only 99.99999% neutral created lots of lasting negative PR that people still regularly bring up.

Any other company would've kicked those people off way sooner and there would've been little to no publicity, because they routinely do such things, but now Cloudflare is hated by both the pro-censorship and the anti-censorship crowd. (See: https://en.wikipedia.org/wiki/Cloudflare#Mass_Shootings and everything below. It's quite a rollercoaster.)

They are known for protecting DDoS-for-hire and Cryptolocker services.

Anything that's actively serving malware or phishing pages is removed.

Link to relative info is posted on another comment (https://news.ycombinator.com/item?id=27884821) - but for those who have not read it, here is an excerpt from a 2019 cloudflare post/statement:

"...what we have done to try and solve the Internet’s deeper problem is engage with law enforcement and civil society organizations to try and find solutions. Among other things, that resulted in us cooperating around monitoring potential hate sites on our network and notifying law enforcement when there was content that contained..."

So I stand by the statement, I can't see any other way to read it.

funny how fast things can change.

I believe many of cloudflare's early customers especially felt protected and safe because of the stances - and I bet most don't know about the 180..

I also think most average web people would think if you set 'whatever' for your DNS - that the dns routing is basically a dumb pipe - it's not spying on you and sending copies of your data to gun agencies.

Just as I think most people would not expect their cell phone company or internet provider to spy on data and send snippets of your communications to agents. I would not expect my web server co to deep packet inspect all comms looking for bad things. (not without a warrant and being directed to look at a specific line, now a whole data center / cell co, etc.)

I think it was a terrible choice to make for cloudflare, but I know not an easy one either way.

So 'pipe' is a term that has been used in this way for a while now in similar fashion I thought - and it's not meant literally like a copper water line.

Also in some ways cloudflare has been a pipe - a pipe for flowing data that would be choked by ddos attack if were to try to send/receive across the net in most other ways kinda of.

Those two things are actually the same thing, both are wilfully ignoring situations like this.

Hanlon's Razor is a good first approximation or initial approach to a situation, not the end of the discussion. There are many situations where incompetence may appear to be an explanation, but is in fact not the root cause, and may even be being actively used as a cover for malicious actions.

The point of the razor is that it is up to us to sort out the difference, not to just jump to a conclusion that it is malice, or that it is incompetence.

In this case, Amazon has had plenty of time, resources, and skilled people to see the need and implement an escalation & resolution pathway. That they have so persistently failed to do so for so long indicates a cause beyond mere incompetence. Even if they are not being as actively malicious as the malware distributors, they clearly and actively DGAF.

So you are claiming that they have had so many opportunities to do the right thing, that they aren't merely incompetent, but are in bed with the evil doers? That would be a huge claim, to say the least.

The first example is that it's simply more profitable for them to turn a blind eye unless one of the relationships becomes a public problem. They wouldn't be actively aiding and abetting the crime, but neither are they stepping up to ensure that it isn't happening on their systems. It's being complicit several steps beyond incompetence, but not the same level as active cooperation.

And, considering that Amazon has no shortage whatsoever of funds and skilled people to prioritize anything they want to prioritize, I'd say more than sufficient time has passed that they're at least at something resembling this sort of willfully ignorant stage.

Also, would you take that job?

Some poor support person probably got this and punted because they couldn't pattern match to something in their handbook.

For every thoughtful, detailed security report there are about 500 others that involve voices from appliances, self-xss, csrf on logout and 5G coronavirus. It is extremely difficult for L1 support to make sense of these. Having a support contract or attracting attention on the forums are decent ways to pop out from the background noise.

Poor communication channels happen even when folks don't want it to. Humans are bad at doing such things.

No response is a response and in this kind of situation it is explicit "I will not do anything and I'm dishonest enough to not acknowledge that.".

I call it a “constructive refusal”.

Wonder if they are even helping to hack US government employees through China, etc. (besides just helping to torture dissidents).

If you look at the list of customers, it quickly becomes clear that they are the same organizations that make the laws.

More importantly, they are the ones that decide what laws are enforced.

What is sad is that in America, the law around surveillance and security is largely a nice marketing campaign. Sure, you have rights that protect you from the government.

But practically speaking the government won't enforce them, doesn't stop its employees from abusing them even for personal drama, undermines or stops dead any lawsuits by saying the discovery is impossible due to "national security", or will invent terms like "enemy combatant" and then apply them to its own citizens to bypass even the constitution. It will setup "oversight courts" that rubberstamp everything and have no real power or regulatory function/safeguard.

The result of this is that each presidential election is becoming truly dangerous to the opposition. If a McCarthyism movement takes over either party that's in power with the modern surveillance infrastructure, legal "precedents" established by Bush in the war on terror, the confirmation of those powers by the Obama administration holding onto them and continuing funding of infrastructure, undermining of judicial powers, rote acceptance by the people at large, and propaganda outlets available to push messaging, and huge amounts of institutional mores and standards thrown out in the Trump administration, the opposition has real motivation to feel an existential threat.

Sometimes I avoid listing directors of a new corporation by forming an LLC and privately filing with the IRS to treat it as a C-Corp

Doesn't mean the regulations were tough, but still burdensome in some small way

Israel's unicameral, sovereign, supreme state body, the Knesset [1]?

[1] https://en.wikipedia.org/wiki/Knesset

edit: the tone is lost via internet; my own opinion on this: yes, it is.

This statement needs the "we" defined to be meaningful.

If it is the U.S., then obviously no, the NSA is an arm of the state. If "we"` is e.g. China, probably no, because words have meanings and the arms of recognized foreign states don't conduct terrorism, they do espionage and they do war. If "we" is a freshman dorm room, then, of course, the NSA is a terrorist organization alongside the student government.

> If it is the U.S., then obviously no, the NSA is an arm of the state.

Its perhaps worth noting that “terrorism” originally exclusively denoted action by the State against its own subjects, though it was within a few years expanded to include other activities.

Correct, in the French Revolution, I believe. There are a variety of definitions of terrorism. The common elements seem to be the (a) peacetime use (b) of violence (c) against non-combatants (d) as a political tool. There also seems to be an unspoken requirement that it occurred after the formation of modern states (otherwise almost all of the preceding human history was terrorism and the word gets normalized); the French Revolution is a useful line.

The NSA targets non-combatants (c) in peacetime (a). It does not use violence (b), though it does enable it (⅓b). It does not do so for domestic political aims (to any proven degree); the degree to which it does so abroad depends on where one draws the line between politics and geopolitics. (The CIA, in contrast, engages in all four overseas.)

When an organization that has done terrorism becomes a terrorist organization is another question.

Some here in the states don't exactly feel like the people running the USG have the people's best interests at heart. Common folk across countries probably have more in common with each other than with the ruling elite.

State-sponsored terrorism is a thing - and has been for a LONG time. And US citizens are targets as well as non-citizens.

Nothing about US foreign policy suggests that. Very little about the Federal government’s domestic policy does.

Some will never leave the Matrix.

[0] https://en.wikipedia.org/wiki/ECHELON#Examples_of_industrial...

"NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers."

If this is true, how do we have a singular list of all phone numbers penetrated? If there was this type of "segmentation" or firewall between NSO and its clients, why was there this huge central data leak?

NSO is tracking what its clients are doing. It may not be telling its clients it is also tracking them. I wouldn't be surprised if NSO could also access every one of those penetrated devices as well independently of its clients.

And that's totally bullshit.

Quoted at https://blog.codinghorror.com/your-favorite-programming-quot...

Something isn't adding up.

It's bullshit at best.

If we assume they aren't lying, which is generous given their track record, it could be that they provide the tools and infrastructure to collect the data, but don't instruct the software to collect the data. Sort of like if I had a loaded gun and told you I would point and shoot it where you told me to, and then argued that I didn't technically make the decision. It's technically true and complete bullshit.

NSO seems to be trying to distance themselves from how its software is used by its "clients," but that seems undercut by the plausible supposition that NSO knows exactly who its clients' targets are.

> The Amnesty report said NSO is also using services from other companies such as Digital Ocean, OVH, and Linode ...

We've been using Digital Ocean for a few years now (sqlitebrowser.org), and they've been really good. Hopefully they look into this and take some useful action. :)

Want to run a service with few problems? Here are the 6 companies you better run it through otherwise you can’t guarantee anything.

Everyone at my company loves your tool. Please keep up the great work!

As lokedhs alluded, it clearly breaks established typographic rules.

Also, wasn't that a bit of a fad back in the late 90s early 00s? I know my wee business followed the path of concatenating words for brand ...something... , but I honestly couldn't care less how other people deploy it in their own space, as long as they remember the name.

I could have as easily said "I see you were involved in.." or whatever and that would not have sounded snarky.

Honestly though, I didn't think it through that much, I just literally quoted what I saw. Just in case you thought that was where I was coming from!

</reddit>

Ironically, I'm the same way with "PostgreSQL". There used to be _so_ many weird mis-spellings of it. eg "postGreSQL" seemed to be popular for some unknown reason

Some languages tend to be more strict about this. I think it's particularly common to see English play fast and loose with the language compared to other languages.

In Sweden, for example you will see media write Iphone, because it's a name, and names are capitalised.

The same goes for Digital Ocean, or Digitalocean if you prefer. It can definitely be argued fairly that the writer does not have to break language conventions just because a company says they have to.

Moreover, this can be a big problem for the corps, and it is up to the Corp to protect their trademark and prevent everyone from doing quite as much as they please.

If people start using a trademark as a generic term too much, the trademark can be lost. There are legions of examples, starting with aspirin, escalator, dumpster, etc. [1]. So, they try to insist that it be used only the (TM) or as "Acme Brand widgets". It would not surprise me to see Google end with the same fate.

[1] Lexology: Death of a Trademark: Genericide. https://www.lexology.com/library/detail.aspx?g=5027217f-1db2...

What a weird take on why you should spell a company name correctly.

Correct, nobody is going to put you in jail for misspelling Digital Ocean. You can do as you please. But everyone else is going to think you don't know what you're talking about if you can't even get their name correct.

Seriously, bub, my problem isn't the hyperbole. It's that you're universalizing your personal preference as a way to try to dominate people. It might work on others, but you won't find an old software developer who minds being called "weird". We were all thought weird.

Now you get it! It's kinda awesome I got to teach you a rhetorical device and you picked up on it so quickly.

> It's that you're universalizing your personal preference as a way to try to dominate people

My comment was dominating to you? Damn, I'm sorry.

> It might work on others, but you won't find an old software developer who minds being called "weird". We were all thought weird.

What does you being socially awkward have to do with this? You still need to spell company names correctly, regardless of whatever behavioral issues you have.

If you go to https://sv.wikipedia.org/wiki/Ikea the first sentence can be translated to English as: "Ikea Group, written by the company as IKEA Group, is a multi-national furniture company founded in 1943 by Ingvar Kamprad"

Words such as TV started out in upper case because it's an acronym, but once it becomes a normal word, it's written in lower case.

A bit of a meta discussion in a thread totally unrelated to this, sorry about that.

But, I do find the topic of Swedish writing standard to be interesting, so I'll be happy to do my best in responding to your questions, even though I'm not formally a linguist (although I was raised among them)

With regards to your question, I'd write Ios, because it's not an acronym and I do believe that I'm not alone in this. About the version number, I find at least one case of the use of Ios 10 at Svenska Dagbladet: https://www.svd.se/apple-har-atgardat-problem-med-ios-10/om/...

However, it seems to be highly inconsistent, and this is probably caused by these organisations saving money on proof readers.

Why do you keep repeating this? You say you were raised among linguists, but you're getting the most basic tenant of linguistics wrong. There is no such thing as "correct" language.

But more to the point, language allows you to write proper names as though they are registered or defined. It is not incorrect to spell it DigitalOcean, because that's the registered name.

If my name was JoeBob, you don't get to split up my name just because you think English requires it.

There is no such thing as correct use of language. That being said, you should spell proper names as they are registered. It's iPhone, not Iphone.

> It can definitely be argued fairly that the writer does not have to break language conventions just because a company says they have to.

Language convention is to spell the name as the company as it is registered. You wouldn't change someone's last name because it didn't follow some other, slightly related convention...

https://english.stackexchange.com/questions/38827/how-to-wri...

Also, Marty McFly is not Marty Mc Fly or McFly. Internal capital letters are OK.

If someone were to use it against US government entities, maybe the NSA/CIA/etc might decide enough is enough, no matter what country they are in. So far at least publicly it seems like a non-event. But once the phone numbers are identified from that leaked list, things might become more serious for NSO.

People used to fight real wars against adversaries who targeted their country in some way, why should commercial entities supporting such attacks not be treated the same, except via non military action? Spying has always been done, but it can lead to serious consequences.

That's not why Apple is skittish about this. Any action from them would invite the question "What about China?". And Apple loves China('s money).

Also, they could increase the payout for their bug bounty. Why report to apple for a 0-day when you can make $1 million from these guys? It's not like Apple doesn't have the cash.

That statement doesn't mean much. How do you know they're not taking it seriously enough and still struggling with the enormity of the problem regardless? You could always claim any entity isn't taking security serious enough.

The alternative explanation makes a lot more sense: security is extremely difficult at Apple's scale, serving a billion consumers with complex and essentially always-connected electronic devices (not to mention their huge services business now). Devices that also happen to be one of the single most important attack points that there is.

If you’re gonna say there will be a flood of zero days that the cost will add up that also doesn’t support their security seriousness.

They aren't above criticism. They do some things well that Google doesn't do as well, and vice versa; it would be good if everyone could level up to highest standards set by any in the club. It's totally fine to point these things out.

As for the bounty payout thing, I highly recommend you track down a talk from someone that has run a vulnerability/exploit market; there are a couple. The economics of selling vulnerabilities to the grey market are nowhere nearly as simple as they appear in ordinary message board threads. In particular: Apple offers a fixed, lump sum payment, where every market I'm aware of offers tranched payments that end when a vulnerability is burned.

I guess the customer is always right up until the point the widow of your murdered employee goes to the press.

Bezos' phone probably wasn't hacked.

https://www.bloomberg.com/news/features/2021-05-05/how-jeff-...

I haven't seen anyone mention what news source meets the standard of never having published an article with insufficient evidence according to one or more people on the internet.

I mean, obviously not the NY Times, for instance, right?

I don’t think it ruined Bloomberg’s reputation entirely (I still love and frequently read Money Stuff), but it did eviscerate any credibility they had in highly technical, investigative technology reporting. And the refusal to admit the failures publicly definitely calls into question their editorial process and organizational culture.

Also, the idea that ‘thing x’ shouldn’t be criticized because ‘thing y’ is also bad is pretty clear “whataboutism” and an unhelpful way to address valid criticism.

The affair and all those things are probably true, but that doesn't really negate the fact that he was most likely also hacked by MBS.

[1] https://www.pbs.org/wgbh/frontline/article/how-nso-group-peg...

> De Becker then commissioned an examination of Bezos’s iPhone X. The eventual report by Anthony Ferrante, a longtime colleague of de Becker’s and the former director for cyber incident response for the U.S. National Security Council, concluded that the promotional video about broadband prices that MBS had sent Bezos the previous year likely contained a copy of Pegasus, a piece of nearly invisible malware created by an Israeli company called NSO Group. Once the program was activated, Ferrante found, the volume of data leaving Bezos’s smartphone increased by about 3,000 percent.

Key word in that sentence: "likely." AFAIK, nothing has been proven beyond rumor and conjecture, which isn't proof of anything at all.

Did they find the Pegasus or related code on the phone, or not? That is a yes or no answer. Likely?

You can't really spin them up with any significant quota on short notice (ask me how I know, AWS service team) so having established ones with workable limits in advance across multiple cloud providers would be table stakes for any competent spying organization.

I've no problem with AWS or anyone playing whack-a-mole and giving them the run around in the meantime ...

It kinda describes how NGO operated and it's great infographic!

Who is spying on “CEOs, politicians, religious leaders, union bosses”? And once these people are compromised, what are they being asked to do?

The problem with this model is that NSO are, as with heat shields, replaceable. A new target will appear to take its place.

But that too will draw attention, it will have to assemble talent (leadership, engineering, sales, operations), and will itself have vulnerabilities. As I suggested in a thread yesterday, playing in the field of dirty ops raises prospects for piercing the corporate shield of liability for all those involved: the firm, its personnel, investors, creditors, suppliers, and where identifiable, clients.

NSO is used to keep those with money and access to NSO in power undermine their legitimate rivals. It can be used to plant evidence on their devices as well as monitor everything they do.

If so, I'm not sure I buy what you seem to be arguing, that "NSO case in India" and "It can be used to plant evidence" makes it anywhere near as bad as what the NSA has done/does. In my opinion this is exactly how a "poor-man's NSA" would look: What your money can buy from greedy corporations protected by nasty governments.

>legitimate opposition

Who decides what is legitimate though? It sounds like weasel words to me, just like "terrorists" (that get defined by those in power and then maybe later becomes revolutionists and heroes if they actually win). Going after Snowden, torture in Guantanamo, and using three letter agencies for industrial espionage is also "legitimate".

I'm not the OP, but maybe a way to put it is that impacts are more variable or chaotic?

Generally speaking, the "impact" of a US government entity is reasonably predictable based on US policy and interests. Something like NSO, where tools are sold on the market to many entities are probably less predictable and thus more impactful. I'd expect a lower level of operational discipline from <random mideast state> than from the US military.

The other factor is who are NSO Group's masters, and what do they know? If <random mideast state 1> compromises <random mideast state 2>, does <third party> get intel?

NSO was used to tap the democratically elected leader of opposition in India. Doesn't get any clearer than that. [1]

I don't know how to compare between hot pan and the fire on who is worse

[1] with Watergate and more recent (unproven) accusations on wiretapping of politicians, the US is no stranger do this type of monitoring either

No, definitely not.

Only if someone was one of the many people who don't understand what Free Speech is or incorrectly think of rights only in terms of themselves and people they like, not for those who they don't. In this case, Amazon is exercising their own Free Speech rights. Free speech necessarily (and as a matter of law) means the freedom to not speak and to not associate with other people. If I want to lend my support to a specific candidate with a sign in my field, I necessarily must have the right to refuse signs by everyone else. If the government puts a gun to my head and forces me to let every single candidate put a sign in my field, then the effect is no special endorsement for anyone and a flagrant violation of my free speech rights.

Someone denying another person the use of their own private property because of disapproval over their behavior doesn't generally mean any free speech issues, quite the contrary. As always there are certainly very rare edge cases, but none of them apply to a situation like this. Amazon refusing business to someone due to their race or gender or the like would be a problem, but "spies working with authoritarians" is not a Protected Class.

>What jurisdiction’s laws were broken by this company?

Why would that matter? Amazon isn't the government. They aren't threatening with force/arresting/jailing/killing the NSO Group, just refusing to continue their business relationship. So they aren't restricted to caring about only illegal behavior. In fact a core part of the whole point of free speech is to move consequences into the realms of social and economic, rather then force, not to eliminate all consequences entirely. There are a few limited legal instances they can't discriminate over. Otherwise they can deal with whomever the hell they want.

As pointed out elsewhere, this is a business relationship.

In any case, the grave human rights violations that are the result of the use of Pegasus - including loss of life and liberty - weigh much more than an abstract notion of a corporation's freedom to act and impose their will on other corporations.

NSO group seems to be a not-so-nice company. But why does what they do justify blackballing, while similar companies (say BlueCoat or any of a dozen companies that provide solutions to hack on behalf of the police) are ok?

You're going to have to be more specific than a handwave-y "lots of people" to have good online discussions. You also need to be specific in your terminology. You need to actually address the specific people and their arguments, or else do a much better job of phrasing an inquiry into theoretical tradeoffs. Ie., from your other reply:

>What I don't understand is why AWS is justified to shut them down; but Google or Facebook is not justified in preventing their platforms from being propaganda distribution channels?

So I do in fact think Google and Facebook at 100% "justified" to shut them down, and I think Amazon is too. I do have lines where I think morally, if not legally, a service can start to drift into quasi-governmental (or perhaps should be that way) territory. An example for me would be core physical infrastructure companies, not just at Tier 3 but also at Tiers 2 and 1. I think those should operate as common carriers. But I don't think social media fits. Not using it at all (as I don't) may have "costs" in terms of social opportunities but alternatives are trivial.

So for me there isn't any dissonance here, I generally support "Big Tech" (and everyone down the ladder) associating as they see fit when it comes to ongoing online service relationships within existing jurisprudence. The initial legal tweaks I'd like would be aimed at things like expanding user power in a purely additive way (like giving people the option to access root hardware/software key stores), or internalizing costs some companies are shifting onto the public, rather then beating down what some people don't like.

Hacker News (and every other forum) aren't hive mind and it's silly and tiresome to have them treated that way. What you did in your first post here was essentially throw up a big silly strawman.

Corporations aren't humans; they don't have free speech rights.

As a matter of law in the United States you are objectively wrong. This has been settled in a series of SCOTUS decisions starting with Buckley v. Valeo (1976). Corporations are legal persons, and further the individual humans that make them up do not somehow lose the free speech rights just because they decide to take collective action.

And in turn: as a matter of morality, common sense and the point of free speech you're also wrong. It's important that people be able to speak to power, and a core part of that for humanity is socializing, being able to form groups to support each other and pool ideas, skills and resources to have a greater effect than what any individual alone could accomplish. Seriously, you say "corporations don't have free speech rights"? Exactly what form of combined effort do you imagine most, say, NEWSPAPERS are organized under? So what, you think individuals should be able to investigate something all by themselves, but the government should be free to put the boot down on newspapers because they're corporations? You think that jives with free speech?

Oh maybe you only meant "the bad ones". That makes it very easy, but no reason to limit it to corps in this case, just stop "the bad humans" too and everything is great. Nothing could possibly go wrong with that plan, since everyone agrees who "the bad ones" are.....

The people in many corporations in fact lose their free speech rights and have to follow the company line. Granted, they agreed to that in their employment contract but this is in many cases a coercive relationship.

> Exactly what form of combined effort do you imagine most, say, NEWSPAPERS are organized under? So what, you think individuals should be able to investigate something all by themselves, but the government should be free to put the boot down on newspapers because they're corporations?

Well, the individual reporters could still be free to exercise their free speech rights without conferring any right on the newspaper itself.

You are quite correct, of course. I meant to write "shouldn't" instead of "don't".

> "So what, you think individuals should be able to investigate something all by themselves, but the government should be free to put the boot down on newspapers because they're corporations?"

I'll point out that there's an entirely separate and intentional carve-out for freedom of the press that is distinct from freedom of speech, so that's not a good justification for corporations to get freedom of speech as a right directly.

>I'll point out that there's an entirely separate and intentional carve-out for freedom of the press that is distinct from freedom of speech

Not really as a matter of law we're talking about here. "The press" isn't some special legal entity, there's no licensing for it or anything. Absolutely critical press victories like NYT v. Sullivan were based on freedom of speech protections.

But whatever, so you don't want Mozilla Corporation to be able to advocate for Firefox if the government doesn't want it to because Google managed to lobby successfully? No company can come out in favor gay rights or Pride Day if the government doesn't want them to? You're fine with with the government being able to punish companies for arguing against encryption backdoors? And what about the individuals at those companies, if the CEO speaks about those things is that the company speaking and punishable or is it ok if he says "this is my opinion" first every time? What about employees?

Like, we can go through a million examples here if you want but I don't think it's that hard to see how maybe government might abuse that just a little bit.

This is one of those things that's plausible and common enough to read on the internet that it makes me worry about alternate universes intersecting.

If you type "credentialed members of the media" into Google, do you see any results, or is it just me?

Another key phrase I find is "reporter's privilege" relating to state laws to shield the press, which, as you might imagine, requires defining what a reporter is.

"Some privilege schemes are narrow and apply only to full-time employees of professional news outlets, while others are broad and extend to bloggers, filmmakers, freelancers, book authors, and student journalists. In other words, some are inclusive and others are exclusive."

https://www.cjr.org/united_states_project/journalists_privil...

That's besides the point. And BTW yes, distributing data can constitute speech.

Free speech has nothing to do with providing services to antidemocratic entities.

Most of it actually wasn't FWIW, hateful extremist content is generally perfectly legal free speech. "Incitement" gets used way, way too often on the internet, almost nothing that gets posted online is legal incitement. But neither "Big Tech" (such a dumb term) nor Hacker News nor a random forum on birds needs any violation of law or anything else to moderate what gets posted on their sites. It doesn't have to be "negative" or whatever at all even. There is nothing illegal or objectionable about someone who likes discussing trains for example. But if you post lots just about trains on a birder forum they may delete all your posts and ask you to stop because they want to focus on birds, and if you continue to do so they can delete everything and ban you. Why would there be anything wrong with that?

Private society looking at extremist content and saying "we're not going to shoot you over it but we do strongly object and we're going to socially ostracize you and deny you business and our support in any way we can" is free speech working as intended.

>Is "seems like" enough of a reason now for private companies to choose not to contract with other private companies?

Uh, yeah? People can refuse to do business with each other for nearly any reason at all, and definitely for anything other people merely say or do (at least, within the bounds defined by any existing contracts, but Amazon has covered its bases pretty well there to put it mildly).

Given that such logic was once used to attempt to deny service to and harass PoCs, religious, LGBTQ and other formerly "undesirable" classes, society clearly doesn't buy that logic and made them into protected classes and required businesses to serve them on an equal footing. It's not a valid argument unless you're arguing to roll back protected classes too, which I hope you're not.

(Note that I'm not defending NSO or Amazon here. I concur with others that NSO isn't engaging in speech, so while there may be a contract law issue between them and Amazon, there is no freedom of speech issue here.)

No, that was not the logic, businesses were not discriminating based purely on speech and choices of content. That's the point. I mentioned Protected Classes, but those are about entire classes of people and things that are innate to their personhood. Skin color and sex/gender being obvious ones, but disabilities either at birth or acquired later in life still are innate aspects. We've decided that public businesses as part of the privileges they have may not discriminate and rightly so.

But none of that has anything to do with actions and expression, and indeed a core part of the point is that all protected classes are in no way "inferior" or less capable of reason, argumentation, responsibility, social activities and so on! No one is born with some political alignment, as humans we all have to develop that ourselves.

>* It's not a valid argument unless you're arguing to roll back protected classes too*

No, because the worldview you've come to about given issues, morals and so on have nothing to do with protected classes.

I'm simply agreeing with the comment at the top of the thread - all the outcry we usually hear about private companies being too powerful should apply here too. (My opinion is there should be no outcry about either.)

I don't think anything is wrong with that.

What I don't understand is why AWS is justified to shut them down; but Google or Facebook is not justified in preventing their platforms from being propaganda distribution channels?

Specifically here on HN, people were outraged about Google's actions, but at the time I posted my original comment, nobody seemed to be upset about AWS's actions against NSO, at all.

For state actions, yes. For private actors, if I suspect someone is using my services to break the law or engage in terrorism, "but your honor, I didn't have a court order confirming they were terrorists" won't cut my liability.

Parler was a free speech question because it was almost purely speech. NSO Group isn't just speaking. It's doing, and it's doing things that will bring liability for people around it.

Why does that become the question? If I fire a customer, must I ask the police for permission first?

America isn't a police state. And we don't have general data retention laws. The First Amendment contains both the freedom of speech and freedom of assembly; there is a balance between Parler's freedom to spew rubbish and Amazon's freedom to not assemble with them. With NSO Group, the free speech question is sharply constrained; Amazon's rights are thus stronger.