This article is an opinion piece whose contents represent the standpoint of its author and not UPF Lund or The Perspective’s editorial board.
In 2024, Lebanon experienced a series of shocking attacks carried out through seemingly ordinary pagers, which were used to trigger explosions remotely. This brazen assault caused widespread fear and outrage globally, not only because of its brutal nature but also because it came from something as unsuspecting as a pager. This lends a scary message, about how Israel maimed and killed without traditional weaponry, and calls into question the safety of technology that we buy in view of the execution of this recent attack. For readers beyond Lebanon or the broader Middle East, the incident may feel remote, however, it underscores the growing potential for digital technologies to be weaponized in ways that could affect anyone, anywhere. This begs the question, should we be looking at our own tech with concern?
The case of Pegasus spyware illustrates how modern technology can be used to monitor and influence people in increasingly sophisticated ways. Pegasus is a spyware company owned by Israeli NSO Group, that develops technology to help governments fight terrorism and crime. The company has been under scrutiny for allowing the surveillance of unsuspecting individuals, including politicians, activists, and many journalists. It has helped governments hunt ‘dissidents’ and even target members of the LGBTQ+ community. Countries such as Bahrain, Hungary, India, Mexico, Rwanda, Saudi Arabia and the United Arab Emirates have all been linked to Pegasus. However, what makes the technology most frightening is its ‘zero-click’ attack, meaning that you don’t have to click on a link to be infected with the spyware. The result is an extraction of data including, but not limited to, text messages and photos. It can also activate your camera and microphone.
NSO isn’t the only company that has been selling spyware, Israeli companies such as Black Cube, Cyberbit and Elbit System, to name only a few, are also on that list. What Pegasus and these companies have in common is that they have been trained by the Israeli military. The majority of their founders and personnel are graduates of Unit 8200, an IDF unit responsible for clandestine operation, collecting signal intelligence, code decryption, counterintelligence, cyberwarfare and surveillance. A state using this form of spyware can limit the freedom of its citizens, creating an intrusive environment where power can be abused and the safety of people can be at stake.
On a level closer to the everyday person, we can look at VPNs as a gold mine of personal data that can be exploited. VPNs are known for their ability to encrypt our data, mask our IP address and enhance our internet privacy. However, VPN companies access our metadata – data about our data. This is sellable and therefore potentially vulnerable. VPN logs, even if not containing content, can reveal things such as connection timings, duration of sessions and server and device information.
This information can potentially be sold to and/or used by third parties, some of which may be linked back to Israel, whose Unit 8200 pioneered techniques for analysing digital data. VPN providers such as ExpressVPN, CyberGhost, Private Internet Access, ZenMate, and Intego are owned by cybersecurity firm Kape Technologies. This firm also has ties to Israel through its Israeli billionaire founder Teddy Sagi. There isn’t evidence linking Sagi to direct involvement with Israeli intelligence agencies, though CEO Ido Erlichman is a veteran of Unit 217, an IDF commando unit focused on intelligence operations. What’s more, Koby Menachemi, a co-founder, served in Unit 8200.
Though we know that our personal data is consistently being bartered for and sold to the highest bidder, we cannot confirm who the buyers are exactly. However, the buyer can use our data for their own personal gain, and seeing the strong connections between Israeli intelligence services and VPNs, our data could very well be going to their research. Witnessing their actions in Lebanon as an example could their access to our data have potential harmful future consequences?
Many companies profit from selling data, and there is a hidden underbelly to what happens with our personal data. Unfortunately, to gain access to digital tools that are necessary to our modern lives, sharing our data seems to be the trade-off, despite the security implications of this. For example, nowadays many websites make visitors either accept their website cookies or pay a subscription fee. Presumably, most accept the cookies rather than pay an exorbitant fee. In the current climate where digital tools are woven into nearly every aspect of our lives, the line between convenience and vulnerability is increasingly blurred. We must be aware of the digital tools we are interacting with and lift the veil to peer at the underworld in order to better understand the full extent of what we are interacting with digitally and its real-world implications. Though it may not concern us now, our willingness to share our information could have potentially profound repercussions regarding our welfare in the future.
From the weaponization of everyday devices in Lebanon, to the hidden networks of spyware and the metadata collected by VPNs, it is clear that our personal information is not always as private as we think it is. We still do not know the full extent of how agencies use our data, but we are beginning to see how and who the digital can potentially reach beyond the screen, affecting our privacy, security, and safety. When our data is the price of using technology, is it still a price we are willing to pay?
By Carmen Elizabeth Kardan Calvo
October 28, 2025
