Paragon: Specialized Software Revealed

April 14, 2025

It can be difficult to get information about spyware and the firms that produce it. That is why we welcome the report, “Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations” from University of Toronto’s Citizen Lab. The detailed report gives a brief background on the company and a thorough map of its spyware infrastructure. Eye-opening. We learn about the effort by Meta and WhatsApp to thwart a Paragon zero-click exploit. The lab also shares details from its investigations into links between Paragon and the Italian and Canadian governments. See the article for all the details.

The report’s conclusion? “You Can’t Abuse-Proof Mercenary Spyware.” The authors emphasize:

“Paragon specifically courts media attention with claims that by only selling to a select group of governments, they can avoid the abuse scandals plaguing their peers. The implicit message: if you do not sell to autocrats, your product will not be used recklessly and in anti-democratic ways. History, however, shows us that this is not always the case. Many democratic states have histories of using secret surveillance powers and technologies against journalists and members of civil society. Mercenary spyware is no exception, with multiple democracies deploying spyware against journalists, human rights defenders, and other members of civil society. Indeed, organizations working against the proliferation and abuse of spyware, including the Citizen Lab, have warned that the temptation to use this technology in a rights-abusing way is so great that, even in democracies, it will be abused. Overall, the cases described in this report suggest that Paragon’s claims of having found an abuse-proof business model may not hold up to scrutiny. We acknowledge that this report does not seek to cover the totality of Paragon cases, but rather a set of cases where targets have chosen to come forward at this time and in our report. However, the pattern in these cases challenges Paragon’s marketing approach which has claimed that the company would only sell to clients that ‘abide by international norms and respect fundamental rights and freedoms.’”

Quite a surprise. The researchers are not stopping here. On the contrary, they describe this report as a first step. We look forward to hearing what they find next.

Cynthia Murrell, April 14, 2025

Written by Stephen E. Arnold · Filed Under Business intelligence, intelware, News

Comments

Got something to say?

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.