[0x0v1] Newsletter | RightsCon, Meta's "Threat Ideation(??)" and democratizing spyware forensics
Yeah that's me, up there, on a stage. Beige all around me, repping McModernism.
Newsletter

[0x0v1] Newsletter | RightsCon, Meta's "Threat Ideation(??)" and democratizing spyware forensics

Ovi
Ovi
Yeah that's me, up there, on a stage. Beige all around me, repping McModernism.

As a conference speaker and attendee for the better part of a decade, I’ve learned to brace for the usual: soulless, windowless auditoriums and a thick fog of corporate greenwashing and rights-washing. Most convention centers aren't really built to represent such human rights conferences (we should probably just do it in a park or a forest or something – at least that's my preference) — they're built for shareholder updates, ironed supermarket shirts and product launches. They reek of McModernism – which I guess is Brutalism’s awkward cousin: boxy, beige, cost-optimized to the point of aesthetic bankruptcy. It’s architecture, sure, but with the soul of an expense report. So when I found myself at RightsCon this year, I was surprised. Not because the building had suddenly grown a conscience—but because even under those flickering fluorescents, the contradictions felt as sharp as ever. Like when Meta’s Head of “Threat Ideation” (yes, that’s a real title and no, I still don't know what it really means) took the stage to talk about counter-surveillance supply chains. It was like watching a fox deliver a TED Talk on henhouse ethics—surreal, clinical, and somehow... perfectly on brand.

The shilling of corporate social responsibility reaches peak irony when not only is the fox giving the TED Talk on henhouse ethics—but the fox also designed the henhouse, laid the foundation, and owns the deed. And when hens start turning up headless, it’s the same fox stepping up to the podium, feathers still stuck to its teeth, to present a deck on “innovative ideations in poultry security.” But I’m ranting without giving the context. Meta’s Head of “Threat Ideation” (lol, I keep repeating it because it is funny) hosted a talk on the counter-surveillance supply chain. Ironic, eh? Surveillance capitalism at its absolute finest: build the problem, brand the solution, and book the keynote.

And yet, my time in Taipei was in fact more soulful than soulless. And that's because there are true activists at RightsCon that genuinely are doing incredible things. I met with my new team SecurityMatters, all of which are changing the landscape of digital security for human rights defenders in Asia. And gave a talk with PSCORE on digital threats from North Korea targeting civil society, activists, and journalists. PSCORE also launched their 2025 report, Decoding Crimes: Unveiling North Korea's Cyber Threats.

Decoding Crimes-Unveiling North Korea’s Cyber Threats_PDF.pdf
Google Docs

In addition, we also discussed my most recent report:

Targeted Threats Research - South & North Korea (a breakdown of 3 years of civil society threat research in Korea)
This research will be discussed at RightsCon 2025: Unveiling North Korea’s cyber threats: safeguarding human rights Sections: 1. Executive Summary 2. Introduction 3. Methodology 1. Sample submission 2. Auditing 3. Malware analysis 4. Email Content analysis 5. Passive DNS & open-source threat intelligence 4. Data Overview 1. Cluster analysis 2.
[0x0v1]Ovi

Taipei also brought fresh momentum for my project, BARGHEST. In conversations with fellow spyware researchers, funders, and open-source advocates, I felt genuinely inspired—and found a lot of sparks of interest. I’m aiming to officially launch it in the coming months.

Spyware research in civil society is still largely occupied by a small group of organizations with access to closed-source tools and siloed methods. That’s a problem. Kinda like what happens in the private sector, right? Because if the goal is to protect everyone we can, bottlenecks like these slow us down – and in fact, sometimes they feel enforced. They centralize the work and limit how quickly civil society can identify and respond to emerging threats.

BARGHEST is about breaking that model. We’re building open-source, community-driven tools that lower the barrier to entry for forensic analysis and threat research—especially in regions like East and Southeast Asia, where Android dominates mobile usage but remains critically underserved in spyware research and tooling.

Our focus is on democratizing threat intelligence in civil society by building everything in-house, with full provenance, transparency, and zero reliance on third-party vendors. The goal is simple but urgent: to empower public interest technologists to conduct their own security research and spyware analysis.

We want to decolonize spyware research and radically expand accessibility. By lowering the barriers to forensic investigation, we aim to ensure that no journalist, activist, or human rights defender is left without the technical support they need to protect themselves.

If you're interested in supporting this work—as a funder, collaborator, or just someone curious—get in touch.