Commercial infrastructure was built to push unwanted content through trusted channels. It’s no stretch to say a state can place an order. We sometimes nonetheless hear people talk about PSYOP as novel, as if it’s something more than a premium ad buy on a delivery system that was compromised the way these systems have always been compromised for propaganda.

The ad network operates as a primitive trust-laundering machine. It abuses a publisher’s credibility to drop a payload that a user would reject if it arrived under its own name. The ad buyer wants attention one day and the next day wants a political defection. Or maybe even the same day. The network bills the same way, either payload.

Compromise it once, reach every device that trusts it. This is what I was talking about in 2012 when I called it “Big Data’s Fourth V”.

By 2005 we were fighting supply chain risks from ads being injected. I remember it well. Malicious banner slots serving exploits through trusted publishers show up, and then landmark recognition events become the 2009 NYT malvertising incident, then the Angler-driven campaigns. Push content tampering was a big pain at the time, not to mention defacements.

By 2016 the security industry was talking malvertising as a constant threat. Pop the delivery platform, serve the payload through borrowed credibility. If you think this wasn’t being used in wars, well I have news to push to you.

When web push went mainstream, browsers had to bolt permission gates onto the Push API because sites were abusing it to deliver scareware and ad spam straight to the desktop. The “fix” was called a trust prompt, which is ridiculous when you think about it. Imagine having a banner on disinformation banners bombers as a trust prompt.

So all the BadeSaba hubub feels like rehashed malvertising with an obvious state as the buyer and defection as their creative intent. The prayer app is a very well-known publisher target surface for military intelligence.

The notification backend is the ad server. The weeks or months of pre-positioning is barely persistence in a delivery platform, and the ordinary lifecycle of an adware campaign. Establish access, stay quiet, wait for the flight date, serve.

Start at 2009 and we’re talking at least seventeen years of this stuff in disinformation study circles. The Iranian Green Movement was being called a Twitter Revolution in real time. Mobile and social platforms as the delivery layer for regime-change messaging was the defining argument of that period, Iran specifically. And that’s what I was talking about a lot in 2012.

For some reason today, however, I see “nobody had done it” claims like this.

Push notifications on a smartphone are a more effective delivery mechanism than leaflets dropped from aircraft. That much should be obvious, but nobody had done it in a real war until now. In my book PROPAGANDA (CRC Press, 2024) I predict and describe exactly this scenario.

A 2024 prediction about something decades old seems, awkward? I feel bad for the author. He clearly wants to report something new. But what’s new?

Russia was pushing mobile text (apps, if you will) on Ukrainian soldiers through cell site simulators by 2014, with surrender appeals, threats, and fake payment alerts. Raphael Satter alone documented forty-plus of these messages at the front in May 2017, where an IMSI-catcher pushed content directly to phones in a combat zone.

That truly feels like forever ago, so let’s talk about July 2021. Attackers took control of the official Formula One app during Austrian GP qualifying and pushed notifications to the userbase. F1 confirmed Push Notifications Service was the only thing in scope. A trusted app’s notification channel, seized, used to send content the operator never authorized. The backend being the target and the push being the delivery was no joke, although it’s common to frame it that way to avoid investigations. A push backend hijack is in fact still a growing problem, such that BadeSaba is the same attack, different day.

Here’s another way to look at it.

Obscene and racist notifications were pushed to Apple News subscribers by Fast Company in September 2022. It’s not rocket science. A default password is the exploit for an entire delivery system, that gives a ride on Apple News, to hit the whole subscriber base under the provider identity. That is the point.

And even if we talk about synchronization being novel at war, there’s plenty of priors there too. Kursk, 6 August 2024. “I Want to Live” pushed surrender messages to Russian soldiers’ phones the same day Ukraine opened the cross-border offensive. Content to enemy phones, timed to a kinetic operation, calling for defection.

And this is why you should invite an historian to your research instead of waiting for the book promotion novelty party.

A state-funded Berlin chorus says it will end its season at the Philharmonie with the soundtrack of the Nazi Third Reich, and introduce it in the regime’s own voice.

The Philharmonischer Chor Berlin sings what Goebbels called the standard for Nazi German music on 31 May, conducted by Florian Benfer, under the Berlin Senate cultural administration. Perhaps most interesting for Holocaust researchers is a state-funded program today promotes Goebbels’s “popularity” framing and even ends on Orff’s own letter to his publisher celebrating German works be “pulped” under Hitler’s orders. That disposal word is Orff giving a shout out to 1930s Nazi book purges, printed as if a charming verb in 2026, despite prefiguring the genocide.

Mit den ‚Carmina Burana’ beschließen wir unsere Saison. Die sehr weltlichen Gesänge aus Benediktbeuern zählen in der Vertonung von Carl Orff zu den populärsten Chorwerken des 20. Jahrhunderts. Sie entfachen die Lust am Leben, an Tanz und Genuss, und sind mit der Göttin Fortuna im Zentrum ein kraftvolles Sinnbild für die Veränderlichkeit und Unberechenbarkeit menschlichen Daseins. Nach der erfolgreichen Uraufführung im Jahre 1937 schrieb Orff an seinen Verleger: „Alles, was ich bisher geschrieben und was Sie leider gedruckt haben, können Sie nun einstampfen! Mit Carmina Burana beginnen meine gesammelten Werke.”

“Pulped” borrows the verb the regime was using on Mendelssohn, who held the Sommernachtstraum score in the repertoire; banned, Orff took the commission.

It borrows the vocabulary used on Kestenberg, who ran Prussian music education; exiled, the field he built was open for Orff to claim as his own.

It borrows the vocabulary used on Maria Leo and the Berlin pedagogy, and on Keetman’s authorship, all folded under Orff’s name with zero credit to the originators.

All the people Orff replaced as he took the honor of Nazi “success” were being erased by him, which gives his “pulped” letter its actual context. He literally refused to use his high status in the Nazi regime to help his friend, who was then executed, and then he stole that dead man’s valor after the war to preserve himself. Competition with Orff, meaning his route to recognition, was defined by his lies and Nazi persecution doctrine. He never apologized, and never in his life criticized Nazism, instead in the 1960s still calling “his” stolen works the “wildflower” among the pulp.

The persecution did not merely happen around his music. It is the condition his music’s “success” was built on, and the 2026 program celebrates that while disappearing the conditions of Nazi Germany.

Note how they print the year 1937 with zero context.

Uraufführung im Jahre 1937 schrieb Orff an seinen Verleger…

By then the camps were open, the Nuremberg Laws were two years in force stripping his Jewish colleagues of work and standing, and that same summer the regime mounted the Entartete Kunst exhibition in Munich, its public purge of the canon, weeks after the premiere. The program reaches back ninety years to declare 1937 a triumph for Orff and leaves out everything that made the year what it was for everyone else.

I’ve created this simple table for analysis of the Nazi rhetoric being promoted today by the German state.