Yeah, I pretty much assume that targeted attacks will always succeed when a well-funded state actor is involved.
For me, I look at encryption as a mitigation for surveillance. Anything that increases the marginal cost to monitor an individual makes broad surveillance less economic.
Signal will always have the edge for surveillance due to the relative difficulty of hiding a back door. Whatsapp will always be suspect in that they could easily be forwarding everyone’s messages to third parties.
How many people actually worry about these spy agencies? If a state actor wants you or your information they'll just pull up in a black van and take you and use a $5 wrench to beat it out of you.
Much of what NSO Group does is sell to smaller despotic regimes who then use them to spy on dissidents who live abroad and would be quite hard (and embarrassing) to black-bag. Not everyone can send a murder team to Stockholm (or wherever).
Some despotic regimes do have large kidnap-and-murder programs (ex Rwanda) but if you just want to keep tabs on exiled dissidents and learn exactly who they're talking with back home, NSO Group has a product for you.
I get the implication but America isn't Russia and they just don't do it, too big of a headache, too easy to blowback into political realm. Officers hate when clandestine work erupts into public political drama.
Plus, why would you hire a team of people to kidnap a citizen and beat them when you can assign a ticket to a government blackhat at the NSA who will run the commands against your devices and take what they need without you ever knowing.
Even then, there is substantial risk of whistleblowing for illegal data collection against citizens (Snowden et al) so they would instead in a clandestine manner ask a fellow member of the Five Eyes to perform the surveillance "legally".
Our society has known about Five Eye roundabout spy agreements for a long time and has largely shrugged, so the risk of public political blowback doing this would be minimal.
> How many people actually worry about these spy agencies?
I don't really worry about the spy agencies themselves -- I am not of any interest to them.
However, I worry a lot about the likes of NSO and the tools they produce. They are likely to end up being used, in one form or another, by criminals and corporations.
These tools keep authoritarians in power and indirectly impact hundres of millions of people. It's like saying you don't care about pacific ocean plastic because you live on the east coast.
I get your point that a highly-motivated attacker has other, less sophisticated, ways of getting to your data.
However, if we're playing poker and I learn your tell, it's in my best interest that you are naive to that fact. While not the best analogy, I would think that the same concept would apply to state actors.
