April 16 2025, MENA Meetup

From TCU Wiki

The MENA Regional Meetups are bimonthly video calling gatherings that bring together folks from the MENA region to share, connect, seek help, and release stress by celebrating each other. In addition, it's a time for us to find ways to support each other, and help us understand what is happening in our part of the world. If you cannot attend the monthly meetups, we are taking notes of each gathering and linking to them below.

The MENA community is connected during the week in different ways. Either through various MENA-focused channels on the TCU Mattermost or via different events organized on various topics during the year.

Date: Wednesday, April 16 2025

Time: 9am EDT / 1pm UTC  (What time is it in my city?)

Who: Facilitated by Mardiya

Where: Google Meet.

👉🏾 Collective notes: https://pad.riseup.net/p/tcu-mena-bimonthly-meetups-keep

RSVP now is closed

Tech, Policy & Support: SMEX's Work in Action

Join us on the 16 April, where SMEX’s team will be:

  • Introducing a quick look at SMEX’s mission in the MENA region
  • Sharing tech and policy work at SMEX
  • The result of Tech and policy work on analyzing and reviewing applications

Featured Guests:

  • Metehan is a policy analyst in SMEX specialized in tech, cybersecurity, AI and data protection. Promoting ethical tech, keeping up with the tech advancements and new tech regulations around the world are his main endeavors.
  • Madleine is a Cyber security Analyst and project officer in SMEX, specialized in computer engineering, cyber security and data protection.

Notes

MENA Meetups

Policy and Advocacy

  • Analysing Totok’s connection to G42 and its roles in mass surveillance by the UAE government. It's a messaging application that was developed by the government for voice and messaging.
  • While their privacy policy is almost perfect on paper, Totok collects a lot of camera, voice, and personal data. After the assessment by Smex and the new york times, they realized that Totok serves as a surveillance tool
  • There are other apps we have assessed, with ones that are also used for health education. Yet they collect data sensitive according to the GDPR, including Health Information, or sexuality information
  • Samsung has a pre-installed app called AppCloud on the A and M series. One cannot easily delete the information. The team discovered that the app is linked to an Israeli intelligence company that collects data, and some of the pre-installed apps have trackers that share data collected with asking to third parties that people may not know or what the data is being used for.
  • In some countries Israeli companies, and apps are banned. But in those countries, there are people using the A series, and the apps being linked to Israeli surveillance companies makes those actions illegal
  • Smex has been a part of engagements with Meta’s oversight board to advocate to keep key slogans like from the river to sea, and Shaheed, being banned from Meta’s platform.

Smex’s Threat Lab

The threat lab is built on four different pillars to protect and ensures security of different sections

  • Digital safety help desk: take their incidents. A lot of people from Gaza reach out and others support them because they were suspended or censored or hacked in their accounts. Facing doxxing. We talk to tech companies directly to ensure these users get the fair treatment, giving evidence of a use that doesn’t violate their guidelines. We offer security tips and best practices to users to help prevent issues in the future.
  • Digital forensic lab:
    • Digital forensic check of devices, software and hardware and check for indicators of malware or spyware. We offer for human rights defenders, journalists.
    • Application analysis: what proves that this app can be used, which app is safe which not. Way of analysis application with the idea of using the static application analysis: checking the framework of the libraries used by the applications. Checking the code available on the app store. Reverse engineering of these applications. We mix this and check the cybersecurity laws they are following.
    • Malware analysis: suspicious files, phishing cases, through users or other organizations. We start to investigate.
  • Digital Security Risk Assessment:
    • Holistic approach with organizations to check their overall digital security hygiene. How they treat their data and how they communicate. We advise them and may provide tools.
    • Support orgs in their digisec practices directly. Check evidence and why it happened, so we help them avoid it in the future.
  • Digital Security Training: we train groups of human rights defenders and journalists. Depending on the topic, like the use of AI, personal security. It is not about having the best tools, it is more the responsibility of our security as individuals.

Q&A Section

What did SMEX do to participate in the Oversight Board decisions?

Answer: Submitting cases to the oversight board is open to the public, organizations can send their cases online and then advocate through this channel.

When you find out about the data these apps are collecting, and who they are linked, what happens from there after writing the report? Does this inform your help desk support as well, i.e. your subsequent recommendations on what people should do? Do you offer any legal services to provide legal assistance? Or are you connected with legal authorities?

Answer: We are inter in the company or journalists ask us about them. It is now in our vision to start talking with private entities to navigate these regulations regarding digital rights, especially data protection laws. They want to go to Europe and the US but we want them to come to the MENA region. We don't have connections with legal authorities, we press them to take legal decisions regarding digital rights in the regions.

Are these services, under each of these pillars, like consultancy work paid for by the organization coming to you (esp Pillars 2 - 4)?

Answer: We are not paid by the organization coming to us.

Can you please specify if you do survey based research while conducting the application analysis? Have a group of people reached out with their experience with the application that's being presented here ?

Answer: We don’t have survey based research. People reach us regarding applications and different issues that happen in the app, or something we saw in the news. We test these applications.

How does SMEX collaborate with organizations in the space while doing consultancy work?

Answer: If we are going to have a collective strategy, we do this monthly checkins where we talk about this subject (boycott something), this is a collective decision we take together. We connect through events as well, an example is A19 establishing a helpdesk in Turkey with a collaboration call. We connect through advocacy, freedom of expression, or other similar work we share with the organizations. We try to share the work we are doing and they are doing to see if we can do something collective.

Do you host any regular, public training on digital security?

Answer: We don’t do this right now. We do our best to share our findings and actions on instagram: https://www.instagram.com/smexorg/. We share a lot of content through our social media and newsletter.  We also provide training in the academia in Beirut.

Is the help desk open to everyone?

Answer: It is open to people everywhere, yes. We need people to be present for forensic analysis but we usually find a way to do it remotely.

Resources from the meetup

Contact

  • You are always welcome to ask questions and contact us for collaboration: metehan@smex.org and madleine@smex.org
  • Our you can reach us using helpdesk@smex.org in case you need it
Retrieved from "https://wiki.digitalrights.community/index.php?title=April_16_2025,_MENA_Meetup&oldid=52933"