What do hacktivist campaigns look like in 2025? To answer this question, we analyzed more than 11,000 posts produced by over 120 hacktivist groups circulating across both the surface web and the dark web, with a particular focus on groups targeting MENA countries. The primary goal of our research is to highlight patterns in hacktivist operations, including attack methods, public warnings, and stated intent. The analysis is undertaken exclusively from a cybersecurity perspective and anchored in the principle of neutrality.

Hacktivists are politically motivated threat actors who typically value visibility over sophistication. Their tactics are designed for maximum visibility, reach, and ease of execution, rather than stealth or technical complexity. The term “hacktivist” may refer to either the administrator of a community who initiates the attack or an ordinary subscriber who simply participates in the campaign.

Key findings

While it may be assumed that most operations unfold on hidden forums, in fact, most hacktivist planning and mobilization happens in the open. Telegram has become the command center for today’s hacktivist groups, hosting the highest density of attack planning and calls to action. The second place is occupied by X (ex-Twitter).

Distribution of social media references in posts published in 2025

Although we focused on hacktivists operating in MENA, the targeting of the groups under review is global, extending well beyond the region. There are victims throughout Europe and Middle East, as well as Argentina, the United States, Indonesia, India, Vietnam, Thailand, Cambodia, Türkiye, and others.

Hashtags as the connective tissue of hacktivist operations

One notable feature of hacktivist posts and messages on dark web sites is the frequent use of hashtags (#words). Used in their posts constantly, hashtags often serve as political slogans, amplifying messages, coordinating activity or claiming credit for attacks. The most common themes are political statements and hacktivist groups names, though hashtags sometimes reference geographical locations, such as specific countries or cities.

Hashtags also map alliances and momentum. We have identified 2063 unique tags in 2025: 1484 appearing for the first time, and many tied directly to specific groups or joint campaigns. Most tags are short-lived, lasting about two months, with “popular” ones persisting longer when amplified by alliances; channel bans contribute to attrition.

Operationally, reports of completed attacks dominate hashtagged content (58%), and within those, DDoS is the workhorse (61%). Spikes in threatening rhetoric do not by themselves predict more attacks, but timing matters: when threats are published, they typically refer to actions in the near term, i.e. the same week or month, making early warning from open-channel monitoring materially useful.

The full version of the report details the following findings:

• How long it typically takes for an attack to be reported after an initial threat post
• How hashtags are used to coordinate attacks or claim credit
• Patterns across campaigns and regions
• The types of cyberattacks being promoted or celebrated

Practical takeaways and recommendations

For defenders and corporate leaders, we recommend the following:

• Prioritize scalable DDoS mitigation and proactive security measures.
• Treat public threats as short-horizon indicators rather than long-range forecasts.
• Invest in continuous monitoring across Telegram and related ecosystems to discover alliance announcements, threat posts, and cross-posted “proof” rapidly.

Even organizations outside geopolitical conflict zones should assume exposure: hacktivist campaigns seek reach and spectacle, not narrow geography, and hashtags remain a practical lens for separating noise from signals that demand action.

To download the full report, please fill in the form below.

(function (w, d, u) { var s = d.createElement("script"); s.async = true; s.src = u + "?" + ((Date.now() / 180000) | 0); var h = d.getElementsByTagName("script")[0]; h.parentNode.insertBefore(s, h); })(window, document, "https://cdn.bitrix24.eu/b30707545/crm/form/loader_1808.js");

initBxFormValidator({ formId: "inline/1808/7dlezh", emailFieldName: "CONTACT_EMAIL", redirectUrl: "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2025/10/13172551/Hacktivist_report-DFI-META.pdf", naturalFieldNames: ["CONTACT_UF_CRM_NODES"], lengthRestrictedFieldNames: { CONTACT_EMAIL: 250, CONTACT_POST: 128, CONTACT_NAME: 50, CONTACT_UF_CRM_COMPANY: 255, CONTACT_UF_CRM_COMPANY_TAX_ID: 50, CONTACT_UF_CRM_PRODUCT_INTEREST: 255, CONTACT_UF_CRM_FORM_QUESTION_2: 255, CONTACT_UF_CRM_FORM_QUESTION_3: 255, CONTACT_UF_CRM_FORM_QUESTION_5: 255, }, });

securelist.com/dfi-meta-hackti…

Introduction

Windows 11 was released a few years ago, yet it has seen relatively weak enterprise adoption. According to statistics from our Global Emergency Response Team (GERT) investigations, as recently as early 2025, we found that Windows 7, which reached end of support in 2020, was encountered only slightly less often than the newest operating system. Most systems still run Windows 10.

Distribution of Windows versions in organizations’ infrastructure. The statistics are based on the Global Emergency Response Team (GERT) data (download)

The most widely used operating system was released more than a decade ago, and Microsoft discontinues its support on October 14, 2025. This means we are certainly going to see an increase in the number of Windows 11 systems in organizations where we provide incident response services. This is why we decided to offer a brief overview of changes to forensic artifacts in this operating system. The information should be helpful to our colleagues in the field. The artifacts described here are relevant for Windows 11 24H2, which is the latest OS version at the time of writing this.

What is new in Windows 11

Recall

The Recall feature was first introduced in May 2024. It allows the computer to remember everything a user has done on the device over the past few months. It works by taking screenshots of the entire display every few seconds. A local AI engine then analyzes these screenshots in the background, extracting all useful information, which is subsequently saved to a database. This database is then used for intelligent searching. Since May 2025, Recall has been broadly available on computers equipped with an NPU, a dedicated chip for AI computations, which is currently compatible only with ARM CPUs.

Microsoft Recall is certainly one of the most highly publicized and controversial features announced for Windows 11. Since its initial reveal, it has been the subject of criticism within the cybersecurity community because of the potential threat it poses to data privacy. Microsoft refined Recall before its release, yet certain concerns remain. Because of its controversial nature, the option is disabled by default in corporate builds of Windows 11. However, examining the artifacts it creates is worthwhile, just in case an attacker or malicious software activates it. In theory, an organization’s IT department could enable Recall using Group Policies, but we consider that scenario unlikely.

As previously mentioned, Recall takes screenshots, which naturally requires temporary storage before analysis. The raw JPEG images can be found at %AppData%\Local\CoreAIPlatform.00\UKP\{GUID}\ImageStore\*. The filenames themselves are the screenshot identifiers (more on those later).

Along with the screenshots, their metadata is stored within the standard Exif.Photo.MakerNote (0x927c) tag. This tag holds a significant amount of interesting data, such as the boundaries of the foreground window, the capture timestamp, the window title, the window identifier, and the full path of the process that launched the window. Furthermore, if a browser is in use during the screenshot capture, the URI and domain may be preserved, among other details.

Recall is activated on a per-user basis. A key in the user’s registry hive, specifically Software\Policies\Microsoft\Windows\WindowsAI\, is responsible for enabling and disabling the saving of these screenshots. Microsoft has also introduced several new registry keys associated with Recall management in the latest Windows 11 builds.

It is important to note that the version of the feature refined following public controversy includes a specific filter intended to prevent the saving of screenshots and text when potentially sensitive information is on the screen. This includes, for example, an incognito browser window, a payment data input field, or a password manager. However, researchers have indicated that this filter may not always engage reliably.

To enable fast searches across all data captured from screenshots, the system uses two DiskANN vector databases (SemanticTextStore.sidb and SemanticImageStore.sidb). However, the standard SQLite database is the most interesting one for investigation: %AppData%\Local\CoreAIPlatform.00\UKP\{GUID}\ukg.db, which consists of 20 tables. In the latest release, it is accessible without administrative privileges, yet it is encrypted. At the time of writing this post, there are no publicly known methods to decrypt the database directly. Therefore, we will examine the most relevant tables from the 2024 Windows 11 beta release with Recall.

• The App table holds data about the process that launched the application’s graphical user interface window.
• The AppDwellTime table contains information such as the full path of the process that initiated the application GUI window (WindowsAppId column), the date and time it was launched (HourOfDay, DayOfWeek, HourStartTimestamp), and the duration the window’s display (DwellTime).
• The WindowCapture table records the type of event (Name column):
  
  • WindowCreatedEvent indicates the creation of the first instance of the application window. It can be correlated with the process that created the window.
  • WindowChangedEvent tracks changes to the window instance. It allows monitoring movements or size changes of the window instance with the help of the WindowId column, which contains the window’s identifier.
  • WindowCaptureEvent signifies the creation of a screen snapshot that includes the application window. Besides the window identifier, it contains an image identifier (ImageToken). The value of this token can later be used to retrieve the JPEG snapshot file from the aforementioned ImageStore directory, as the filename corresponds to the image identifier.
  • WindowDestroyedEvent signals the closing of the application window.
  • ForegroundChangedEvent does not contain useful data from a forensics perspective.

  The WindowCapture table also includes a flag indicating whether the application window was in the foreground (IsForeground column), the window boundaries as screen coordinates (WindowBounds), the window title (WindowTitle), a service field for properties (Properties), and the event timestamp (TimeStamp).

• WindowCaptureTextIndex_content contains the text extracted with Optical Character Recognition (OCR) from the snapshot (c2 column), the window title (WindowTitle), the application path (App.Path), the snapshot timestamp (TimeStamp), and the name (Name). This table can be used in conjunction with the WindowCapture (the c0 and Id columns hold identical data, which can be used for joining the tables) and App tables (identical data resides in the AppId and Id columns).

Recall artifacts (if the feature was enabled on the system prior to the incident) represent a “goldmine” for the incident responder. They allow for a detailed reconstruction of the attacker’s activity within the compromised system. Conversely, this same functionality can be weaponized: as mentioned previously, the private information filter in Recall does not work flawlessly. Consequently, attackers and malware can exploit it to locate credentials and other sensitive information.

Updated standard applications

Standard applications in Windows 11 have also undergone updates, and for some, this involved changes to both the interface and functionality. Specifically, applications such as Notepad, File Explorer, and the Command Prompt in this version of the OS now support multi-tab mode. Notably, Notepad retains the state of these tabs even after the process terminates. Therefore, Windows 11 now has new artifacts associated with the usage of this application. Our colleague, AbdulRhman Alfaifi, researched these in detail; his work is available here.

The main directory for Notepad artifacts in Windows 11 is located at %LOCALAPPDATA%\Packages\Microsoft.WindowsNotepad_8wekyb3d8bbwe\LocalState\.
This directory contains two subdirectories:

• TabState stores a {GUID}.bin state file for each Notepad tab. This file contains the tab’s contents if the user did not save it to a file. For saved tabs, the file contains the full path to the saved content, the SHA-256 hash of the content, the content itself, the last write time to the file, and other details.
• WindowsState stores information about the application window state. This includes the total number of tabs, their order, the currently active tab, and the size and position of the application window on the screen. The state file is named either *.0.bin or *.1.bin.

The structure of {GUID}.bin for saved tabs is as follows:

Example content of the {GUID.bin} file for a Notepad tab that was saved to a file and then modified with new data which was not written to the file

For tabs that were never saved, the {GUID}.bin file structure in the TabState directory is shorter:

Example content of the {GUID.bin} file for a Notepad tab that has not been saved to a file

Note that the saving of tabs may be disabled in the Notepad settings. If this is the case, the TabState and WindowState artifacts will be unavailable for analysis.

If these artifacts are available, however, you can use the notepad_parser tool, developed by our colleague Abdulrhman Alfaifi, to automate working with them.

This particular artifact may assist in recovering the contents of malicious scripts and batch files. Furthermore, it may contain the results and logs from network scanners, credential extraction utilities, and other executables used by threat actors, assuming any unsaved modifications were inadvertently made to them.

Changes to familiar artifacts in Windows 11

In addition to the new artifacts, Windows 11 introduced several noteworthy changes to existing ones that investigators should be aware of when analyzing incidents.

Changes to NTFS attribute behavior

The behavior of NTFS attributes was changed between Windows 10 and Windows 11 in two $MFT structures: $STANDARD_INFORMATION and $FILE_NAME.

The changes to the behavior of the $STANDARD_INFORMATION attributes are presented in the table below:

Behavior of the $FILENAME attributes was changed as follows:

Analysts should consider these changes when examining the service files of the NTFS file system.

Program Compatibility Assistant

Program Compatibility Assistant (PCA) first appeared way back in 2006 with the release of Windows Vista. Its purpose is to run applications designed for older operating system versions, thus being a relevant artifact for identifying evidence of program execution.

Windows 11 introduced new files associated with this feature that are relevant for forensic analysis of application executions. These files are located in the directory C:\Windows\appcompat\pca\:

• PcaAppLaunchDic.txt: each line in this file contains data on the most recent launch of a specific executable file. This information includes the time of the last launch formatted as YYYY-MM-DD HH:MM:SS.f (UTC) and the full path to the file. A pipe character (|) separates the data elements. When the file is run again, the information in the corresponding line is updated. The file uses ANSI (CP-1252) encoding, so executing files with Unicode in their names “breaks” it: new entries (including the entry for running a file with Unicode) stop appearing, only old ones get updated.

• PcaGeneralDb0.txt and PcaGeneralDb1.txt alternate during data logging: new records are saved to the primary file until its size reaches two megabytes. Once that limit is reached, the secondary file is cleared and becomes the new primary file, and the full primary file is then designated as the secondary. This cycle repeats indefinitely. The data fields are delimited with a pipe (|). The file uses UTF-16LE encoding and contains the following fields:
  
  • Executable launch time (YYYY-MM-DD HH:MM:SS.f (UTC))
  • Record type (0–4):
    
    • 0 = installation error
    • 1 = driver blocked
    • 2 = abnormal process exit
    • 3 = PCA Resolve call (component responsible for fixing compatibility issues when running older programs)
    • 4 = value not set

    
    

  • Path to executable file. This path omits the volume letter and frequently uses environment variables (%USERPROFILE%, %systemroot%, %programfiles%, and others).
  • Product name (from the PE header, lowercase)
  • Company name (from the PE header, lowercase)
  • Product version (from the PE header)
  • Windows application ID (format matches that used in AmCache)
  • Message

  
  

Note that these text files only record data related to program launches executed through Windows File Explorer. They do not log launches of executable files initiated from the console.

Windows Search

Windows Search is the built-in indexing and file search mechanism within Windows. Initially, it combed through files directly, resulting in sluggish and inefficient searches. Later, a separate application emerged that created a fast file index. It was not until 2006’s Windows Vista that a search feature was fully integrated into the operating system, with file indexing moved to a background process.

From Windows Vista up to and including Windows 10, the file index was stored in an Extensible Storage Engine (ESE) database:
%PROGRAMDATA%\Microsoft\Search\Data\Applications\Windows\Windows.edb.

Windows 11 breaks this storage down into three SQLite databases:

• %PROGRAMDATA%\Microsoft\Search\Data\Applications\Windows\Windows-gather.db contains general information about indexed files and folders. The most interesting element is the SystemIndex_Gthr table, which stores data such as the name of the indexed file or directory (FileName column), the last modification of the indexed file or directory (LastModified), an identifier used to link to the parent object (ScopeID), and a unique identifier for the file or directory itself (DocumentID). Using the ScopeID and the SystemIndex_GthrPth table, investigators can reconstruct the full path to a file on the system. The SystemIndex_GthrPth table contains the folder name (Name column), the directory identifier (Scope), and the parent directory identifier (Parent). By matching the file’s ScopeID with the directory’s Scope, one can determine the parent directory of the file.
• %PROGRAMDATA%\Microsoft\Search\Data\Applications\Windows\Windows.db stores information about the metadata of indexed files. The SystemIndex_1_PropertyStore table is of interest for analysis; it holds the unique identifier of the indexed object (WorkId column), the metadata type (ColumnId), and the metadata itself. Metadata types are described in the SystemIndex_1_PropertyStore_Metadata table (where the content of the Id column corresponds to the ColumnId content from SystemIndex_1_PropertyStore) and are specified in the UniqueKey column.
• %PROGRAMDATA%\Microsoft\Search\Data\Applications\Windows\Windows-usn.db does not contain useful information for forensic analysis.

As depicted in the image below, analyzing the Windows-gather.db file using DB Browser for SQLite can provide us evidence of the presence of certain files (e.g., malware files, configuration files, files created and left by attackers, and others).

It is worth noting that the LastModified column is stored in the Windows FILETIME format, which holds an unsigned 64-bit date and time value, representing the number of 100-nanosecond units since the start of January 1, 1601. Using a utility such as DCode, we can see this value in UTC, as shown in the image below.

Other minor changes in Windows 11

It is also worth mentioning a few small but important changes in Windows 11 that do not require a detailed analysis:

• A complete discontinuation of NTLMv1 means that pass-the-hash attacks are gradually becoming a thing of the past.
• Removal of the well-known Windows 10 Timeline activity artifact. Although it is no longer being actively maintained, its database remains for now in the files containing user activity information, located at: %userprofile%\AppData\Local\ConnectedDevicesPlatform\ActivitiesCache.db.
• Similarly, Windows 11 removed Cortana and Internet Explorer, but the artifacts of these can still be found in the operating system. This may be useful for investigations conducted in machines that were updated from Windows 10 to the newer version.
• Previous research also showed that Event ID 4624, which logs successful logon attempts in Windows, remained largely consistent across versions until a notable update appeared in Windows 11 Pro (22H2). This version introduces a new field, called Remote Credential Guard, marking a subtle but potentially important change in forensic analysis. While its real-world use and forensic significance remain to be observed, its presence suggests Microsoft’s ongoing efforts to enhance authentication-related telemetry.
• Expanded support for the ReFS file system. The latest Windows 11 update preview made it possible to install the operating system directly onto a ReFS volume, and BitLocker support was also introduced. This file system has several key differences from the familiar NTFS:
  
  • ReFS does not have the $MFT (Master File Table) that forensics specialists rely on, which contains all current file records on the disk.
  • It does not generate short file names, as NTFS does for DOS compatibility.
  • It does not support hard links or extended object attributes.
  • It offers increased maximum volume and single-file sizes (35 PB compared to 256 TB in NTFS).

  
  

Conclusion

This post provided a brief overview of key changes to Windows 11 artifacts that are relevant to forensic analysis – most notably, the changes of PCA and modifications to Windows Search mechanism. The ultimate utility of these artifacts in investigations remains to be seen. Nevertheless, we recommend you immediately incorporate the aforementioned files into the scope of your triage collection tool.

securelist.com/forensic-artifa…

Those of us ancient enough to remember the time, or even having grown up during the heyday of the 8-bit home computer, may recall the pain of trying to make your latest creation work on another brand of computer. They all spoke some variant of BASIC, yet were wildly incompatible with each other regardless. BASICODE was a neat solution to this, acting as an early compatibility standard and abstraction layer. It was essentially a standardized BASIC subset with a few extra routines specialized per platform.

But that’s only part of the story. The BASICODE standard program was invented by Dutch radio engineer Hessel de Vries, who worked for the Dutch national radio broadcaster Nederlandse Omroep Stichting (NOS). It was designed to be broadcast over FM radio! The idea of standardization and free national deployment was brilliant and lasted until 1992, when corporate changes and technological advancements ultimately led to its decline.

The way this was achieved was to firstly use only the hardware instructions that were common among all the computers, which meant BASICODE applications couldn’t utilize graphics, sound, or even local storage. This may seem very limiting, but there’s still a lot you can do with that, especially if you don’t have to write it yourself, pay for it, or even leave the room! First, the BASICODE program needed to be loaded from local storage, which, when started, allowed the import of the BASICODE application that you previously recorded off the radio. It’s kind of like a manually loaded bootloader, except it includes an additional software library that the application can use.

Later versions of the standard included storage handling (or an emulation of it), basic monochrome graphics, and eventually sound support. The linked Wikipedia article mentions a list of about 23 BASICODE platforms; however, since there is a standard, you could easily create your own with some effort. In addition to allowing users to send application programs, BASICODE also enabled the reading of FM-broadcast ‘journals,’ which were transmissions of news, programming tutorials, and other documents that might interest BASICODE users. It was an interesting concept that this writer had never encountered at the time, but that’s not surprising since only one country adopted it.

If this has got you hankering for the good old days, before the internet, when it was just you, your trusty machine and your own imagination, then we think the ten-line BASIC competition might be of interest. Don’t have such a machine, but have a web browser? (we know you do), then check this out. Finally, if you want to see something really crazy (for a BASIC program), then we’ve got that covered as well.

Thanks to [Suren Y] for sending this in!

hackaday.com/2025/10/14/basico…

[CreativeLab] bought a cheap arbitrary waveform generator and noted that it only had a two-pin power cord. That has its ups and downs. We feel certain the intent was to isolate the internal switching power supply to prevent ground loops through the scope probes or the USB connector. However, it is nice to have all your equipment referencing the same ground. [CreativeLab] agrees, so he decided to do something about it.

Opening the box revealed that there was hardly anything inside. The main board was behind the front panel. There was also the power supply and a USB board. Plus lots of empty space. Some argue the case is made too large to be deceptive, but we prefer to think it was to give you a generous front panel to use. Maybe.

It was a simple matter to ground everything to a new three-pin connector, but that left the problem of the USB port. Luckily, since it was already out on its own board, it was easy to wire in an isolator.

Honestly? We’d have hesitated to do this unless we had made absolutely sure it didn’t pose some safety hazard to “jump over” the switching power supply. They are often isolated for some reason. However, the likelihood is that it is just fine. What do you think? Let us know in the comments.

A similar unit had a reverse engineering project featured on Hackaday many years ago. While these used to be exotic gear, if you don’t mind some limitations, it is very easy to roll your own these days.

youtube.com/embed/ng-5dhYI9-0?…

hackaday.com/2025/10/14/they-d…

Anyone into retro Macintosh machines has probably heard of BlueSCSI: an RP2040-based adapter that lets solid state flash memory sit on the SCSI bus and pretend to contain hard drives. You might have seen it on an Amiga or an Atari as well, but what about a PC? Once upon a time, higher end PCs did use SCSI, and [TME Retro] happened to have one such. Not a fan of spinning platters of rust, he takes us through using BlueSCSI with a big-blue-based-box.

Naturally if you wish to replicate this, you should check the BlueSCSI docs to see if the SCSI controller in your PC is on their supported hardware list; otherwise, your life is going to be a lot more difficult than what is depicted on [TME Retro]. As is, it’s pretty much the same drop-in experience anyone who has used BlueSCSI on a vintage Macintosh might expect. Since the retro-PC world might not be as familiar with that, [TME Retro] gives a great step-by-step, showing how to set up hard disk image files and an iso to emulate a SCSI CD drive on the SD card that goes into the BlueSCSIv2.

This may not be news to some of you, but as the title of this video suggests, not everyone knows that BlueSCSI works with PCs now, even if it has been in the docs for a while. Of course PCs owners are more likely to be replacing an IDE drive; if you’d rather use a true SSD on that bus, we’ve got you covered.

youtube.com/embed/m1URGRm1Gd0?…

hackaday.com/2025/10/13/bluesc…

EDRi and 40 civil society organisations urge the European Commission to assess the independence of Ireland’s newly appointed Data Protection Commissioner (DPC), who previously held a senior public affairs role at Meta. The appointment raises serious concerns about impartiality and the credibility of data protection enforcement in the EU.

The post Open letter: The EU must safeguard the independence of data protection authorities appeared first on European Digital Rights (EDRi).

Quello che interessa alle forze politiche che organizzano le masse è molto spesso un riconoscimento identitario. Il tentativo, riuscito, di solleticare il narcisismo degli individui che hanno bisogno di rappresentarsi in uno spettacolo che li faccia sentire migliori, aderenti al proprio sè ideale, purtroppo piuttosto distante da quello impersonato durante la settimana lavorativa e nel tempo libero. Da questo orizzonte pre-politico di mobilitazione popolare le destre non hanno nessuna intenzione di uscire, perchè gli interessi che vanno a rappresentare sono soltanto quelli delle élites, e Trump negli USA lo ha mostrato senza dubbio. Il rilancio del nazionalismo sciovinista serve solo a vincere le elezioni e indirizzare i disoccupati verso l'arruolamento militare. Per le forze socialiste, invece, la sfida è proprio quella di canalizzare l'indignazione in protesta, governandola, per arrivare a costruire forme di organizzazione trasformativa su obiettivi condivisi. Continua a leggere→

rizomatica

2025-10-12 08:56:40

Nuova destra, vecchio nazionalismo.

di M. Minetti

L’articolo è stato pubblicato su Transform Italia il giorno 1 ottobre 2025.

Le recenti manifestazioni anti-immmigrazione che si sono svolte nel Regno Unito evidenziano una crescente organizzazione delle forze di destra che si sono raccolte intorno alla Brexit prima, contro le restrizioni per arginare la pandemia di COVID19 e attualmente contro gli immigrati. Soprattutto a causa del suo passato imperiale, il Regno Unito è stato caratterizzato da almeno un secolo di immigrazione legale da parte dei cittadini delle ex-colonie, diffuse in tutti i continenti. Il colonialismo inglese, differentemente da quello spagnolo e portoghese, non ha perseguito convintamente il meticciato e l’assimilazione, mantenendo la separazione tra i cittadini britannici resisdenti nelle colonie e gli abitanti autoctoni. Questa segregazione e oppressione razziale, arrivata nel Nord America al genocidio dei nativi, è stata una conseguenza della cultura religiosa protestante, della applicazione delle leggi e dalle modalità del governo dell’Impero coloniale britannico ben documentate anche dalla Prof.ssa Caroline Elkins, premio Pulizer nel 2006. Anche oggi rimane traccia di quella separazione tra coloni e colonizzati nella forma multietnica della città di Londra che mantiene le diverse comunità di origine suddivise nei vari quartieri.

L’idea di una originaria omogeneità razziale è ormai decaduta dalla retorica anti-immigrati degli ultimi decenni, mentre emerge un suprematismo di tipo culturale e religioso, prevalentemente anti-islamico, nel momento in cui nei quartieri popolari gli abitanti di origine britannica sono immersi nel melting pot multietnico, senza alcun privilegio speciale. A quei cittadini, poco istruiti e riottosi, si rivolgono i politici della destra indicando negli immigrati recenti un pericolo per la sicurezza e la identità culturale britannica. Ecco formata l’alleanza tra i milionari della finanza e del commercio internazionale, che hanno supportato la Brexit per evadere dalle stringenti regole e dalla tassazione imposte dal mercato comune europeo, e il proletariato urbano nazionalista, il cui unico motivo di orgoglio è l’origine autoctona.

A fine luglio del 2024 erano scoppiati disordini in varie città del Regno Unito, fomentati dalla estrema destra, a seguito del triplice omicidio e ferimento di varie bambine, attuato da un ragazzo diciassettenne, cittadino inglese nero e radicalizzato islamico. Gli scontri nelle strade, con incendi e saccheggi di attività commerciali di immigrati, prevalentemente musulmani, mostrava una rabbia che covava da tempo e che probabilmente originava dalla stessa esclusione sociale di cui erano vittime gli immigrati da loro presi di mira. La classica guerra fra poveri fomentata negli Usa dai MAGA, in Italia dalla Lega, in Francia dal Rassemblement National e in germania da Alternative fur Deutchland.

La stessa dinamica di convogliamento della frustrazione popolare e dei sentimenti xenofobi, in una forma molto più accettabile socialmente e mirata alla integrazione istituzionale è emersa nella più imponente protesta organizzata in UK dalla estrema destra contro l’immigrazione e le politiche di accoglienza. Il 13 settembre si sono riunite nel centro di Londra più di centomila persone, gridando slogan nazionalisti e lanciando oggetti e lattine di birra verso la polizia. Oltre a mettere in difficoltà l’esecutivo laburista, queste manifestazioni forniscono l’area di espansione degli attivisti per il nuovo partito populista di destra di Niegel Farage, ReformUK. Questa nuova formazione, originata dal Partito per la Brexit e dall’UKIP, si pone alla destra dei Tories e intende usare l’arma del coinvolgimento popolare e della democrazia diretta mediata da piattaforma, che era stata finora una caratteristica dei partiti di sinistra. Solo, con una marcia in più: l’appoggio mediatico, tecnologico ed economico dei miliardari come Elon Musk, che ha arringato la folla dei partecipanti alla manifestazione di Londra, invitandoli alla rivolta citando nientemeno che l’anarchico George Orwell di 1984.

Come accade ormai in ogni paese democratico, l’informazione-spettacolo alla ricerca di voci “scomode”, lascia ampio spazio alla tribuna di Trump, Musk e Farage, che non esita ad appoggiare la guerra di Israele contro Gaza e l’Iran, attaccare il movimento LGTBQ+ e accusare gli stranieri di qualunque nefandezza. La macchina della propaganda di destra attua incessantemente le strategie trumpiane inaugurate da Steve Bannon, che hanno dimostrato di essere risibili ad un esame razionale, ma tremendamente efficaci nel meccanismo virale e truccato della visibilità sui social network.

La mobilitazione di piazza nel Regno Unito si sta dunque polarizzando fra la sinistra laburista o radicale, che porta in piazza i manifestanti a sostegno di Gaza e dei militanti di Palestine Action, subendo centinaia di arresti, e la destra nazionalista che cavalca l’odio per gli immigrati e per i cittadini musulmani, con un supporto discreto per il sionismo.

Negli ultimi due anni i conflitti sociali si sono acutizzati per l’attualità delle guerre in corso, per le ripercussioni negative sull’economia britannica dovute alla brexit e alla fuga di capitali russi o comunque stranieri, nonchè per i tagli lineari allo stato sociale operati dai governi conservatori ma aggravati recentemente dall’esecutivo laburista guidato da Starmer.

L’impressione è che questo clima di scontro polarizzato, focalizzato su temi bandiera, che poco hanno a che vedere con la vita quotidiana dei cittadini comuni ma risultano sovraesposti nei media e nella propaganda social, si stia estendendo in tutto l’occidente democratico. L’impotenza accumulata in questi anni di retrocessione della prartecipazione democratica e di crisi della rappresentanza vanno a ritrovare modalità di espressione della volontà popolare che cercano immediate identificazioni in schieramenti semplificati. E’ quello che sempre accade di fronte alle guerre, ci si allinea con uno o l’altro degli opponenti e qualsiasi incertezza viene bandita, inseguendo una risoluzione netta del conflitto.

E’ evidente che non possono che rimanere frustrate le pretese dei nazionalisti di tornare a comunità culturalmente omogenee, bloccando le migrazioni, espellendo gli stranieri e ostacolando religioni e usanze non autoctone, magari resuscitando la grandezza dell’Impero. La condivisione, la ragionevolezza o la raggiungibilità delle aspirazioni non è considerata necessaria. Quello che interessa alle forze politiche che organizzano le masse è molto spesso una identificazione viscerale, un riconoscimento identitario. Volendo azzardare una spiegazione psicosociale suppongo sia il tentativo, riuscito, di solleticare il narcisismo degli individui che hanno bisogno di rappresentarsi in uno spettacolo che li faccia sentire migliori, aderenti al proprio sè ideale, purtroppo piuttosto distante da quello impersonato durante la settimana lavorativa e nel tempo libero.

Da questo orizzonte pre-politico di mobilitazione popolare le destre non hanno nessuna intenzione di uscire, perchè gli interessi che vanno a rappresentare sono soltanto quelli delle élites, e Trump negli USA lo ha mostrato senza dubbio. Il rilancio del nazionalismo sciovinista serve solo a vincere le elezioni e indirizzare i disoccupati verso l’arruolamento militare. Per le forze socialiste, invece, la sfida è proprio quella di canalizzare l’indignazione in protesta, governandola, per arrivare a costruire forme di organizzazione trasformativa su obiettivi condivisi. La ricercatrice e influencer politica di area liberal Sarah Stein Lubrano, nel suo recente libro Don’t talk about politics, cita le ricerche sociali di Vincent Pons, secondo cui le manifestazioni non hanno quasi nessun effetto sull’orientamento dell’opinione pubblica (Lubrano 2025, p 128), per arrivare ad affermare che comunque “funzionano perché spesso rappresentano la droga di passaggio tra la partecipazione occasionale e l’attivismo duraturo”(p. 134). Sono quindi ottimi modi per reclutare nuovi militanti, e questo vale sia a sinistra che, purtroppo, a destra.

#destra #Farage #immigrazione #inghilterra #inglese #islam #Londra #manifestazione #Musk #nazionalismo #reformUK #regnoUnito #sionismo #tories #UK

Why Protests Work

It sometimes takes decades to find out.

^{Zeynep Tufekci (The Atlantic)}

every now and then I return here on friendica to try and see if I like it as much as sharkey, not feeling any particular difference.
i'm realising the question is wrong-worded: basically the contents are the same, as long as I can follow the same ppl in both (or all three, if we want to add my Mastodon profile currently in standby), so it's only a matter of ui/ux and features on my end? Probably I think. And this is pretty much the good thing of the Fediverse, in theory; the bad thing is that the way this is delivered AND communicated outside of the fedi clique is not always the best imho

Couple days ago a friend managed to (MAYBE) comprehensibly explain me how federation btw instances works, and it kinda doesn't feel that optimal, or basically good. And, notwithstanding all the hashtags, antennas, or any other stuff, I still can't find a quick, simple way to tailor my feed; I understand the control etc but there must be a way to keep control of my presence while not having to spend a week to set it up -and see it doesn't work-.