// Comparison
Hacks, Leaks, and Revelations vs Pegasus: Which Should You Read?
Two cybersecurity books on Privacy, compared honestly: who each is for, what each does best, and which to read first.
Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.
How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy
Laurent Richard, Sandrine Rigaud
The inside story of the Forbidden Stories investigation into NSO Group's Pegasus spyware, told by the journalists who ran it. The best narrative account of what commercial zero-click surveillance actually does to its targets.
Read this if
Skip this if
Key takeaways
- Verification is half the work; the book's framing of authentication-by-cross-reference and provenance-by-metadata is the cleanest in print.
- Source OPSEC is structural, not personal; the book's chapters on SecureDrop, Tails, and Tor align with current practitioner standards.
- Python plus Aleph plus DataSette plus a few small custom scripts is enough to handle most real-world leaks; the book's pragmatic tooling choices avoid academic over-engineering.
- Zero-click exploitation removes the user from the security model entirely; there is no link not to tap and no mistake to avoid.
- A commercial vendor selling to governments launders state surveillance through a layer of plausible deniability that NSO exploits relentlessly.
- The targets were not just terrorists and criminals as advertised, but journalists, lawyers, activists, and heads of state.
How they compare
Hacks, Leaks, and Revelations and Pegasus are both rated 4/5 in our catalog. Pick by topic preference and reading style rather than by rating.
Both books target beginner-level readers, so the choice is about topic, not difficulty.
Hacks, Leaks, and Revelations and Pegasus both cover Privacy, so reading them in sequence reinforces the same material from different angles.