Daniel March 31, 2017 2:46 PM

It is not really an anonymous twitter account when Comey is blathering metadata about it to the press. To me, the real lesson here isn’t the detective work of the writer, the real lesson is that…once again… metadata kills. It doesn’t even take much metadata.

As they said during WWII–loose lips sink ships. Comey lips were lose and his ship got sunk. Not surprising.

reader March 31, 2017 3:18 PM

Maybe I miss something – what is the story? So far it does not seem that he uses his account for clandestine or illegal work. So what is the purpose other than to show how good a detective the reporter is? Necessary and deserved anonymity broken, bragging rights earned. As long as there are no work related evil things to uncover why neglecting him the right for privacy and having anonymus twitter contact in the family? But again, maybe I miss something central to the story.

John Thurston March 31, 2017 3:25 PM

“Maybe I miss something – what is the story? ”

To me, the story is ‘meta-data is useful stuff, regardless of what some folks would like you to believe’.

“Don’t worry, we aren’t listening to your phone calls. We’re just collecting meta-data about all your activity. That’s harmless.”

Dimíssis peccátis suckus priestus March 31, 2017 3:44 PM

Gizmodo’s next project is to find Comey’s Playpen account.

Bruce Schneier March 31, 2017 4:06 PM

” So what is the purpose other than to show how good a detective the reporter is? Necessary and deserved anonymity broken, bragging rights earned.”

You’re missing nothing. That’s the whole story.

For me, it’s interesting because it demonstrates how easy it is to do this sort of thing with even a little bit of ancillary data.

Ragen March 31, 2017 9:42 PM

@John Thurston

It’s a useful example to bring up when people (such as the head of the FBI) says metadata is not sensitive information and shouldn’t deserve any legal protections from the FBI.

Jesse Monroy Jr April 1, 2017 5:10 AM

I call BS.

This story popped on twitter a few day ago. I immediately went to read it.
After a while reading it, I realized I was reading Gizmodo.
Gizmodo has zero reliability for accurate reporting.
By in large, it is a click-bait factory.

Think I’m kidding.

Here are two (2) of three (3) top stories – above the fold.

Cops Just Got One Step Closer to Killing Americans by Drone

Finally, an Answer to Why You Keep Getting UTIs After Sex

NOTE: on the second story, no where does it say what a UTI is. It is Urinary Tract Infections. I had to google. Does this organization have an editor?

So how am I supposed to take this nonsense seriously.

Come on Bruce. This is not telnet.

Clive Robinson April 1, 2017 5:28 AM

@ Jesse Monroy Jr,

I call BS.

On reading it I had to check to see if somewhere it was “Gone Midnight” when Bruce posted, just incase it was an April Fool’s day post (I believe Bruce does have a rye sense of humour and thus appreciates a little irony now and again 😉

However as Bruce later noted, it’s the “how easy it is to do this sort of thing” aspect, that sadly can so often be used as the first stage of doxing, and no major “surveillance architecture” required, so even your “teenage sister” could if she so wished achive similar results…

Eyepoison April 1, 2017 1:39 PM

‘yes you miss’ and ‘wah wah’ comments are the sort that make me stop reading comments here :/ please guys, cool it with rage and conspiracy theories.

All same, thanks for this awesome blog.

Anon April 1, 2017 7:19 PM

Looks like a good demonstration that you shouldn’t use anything that could be linked. He used his thesis subject and his project to name his account. There are several different ways this account could have been identified.

what's the problem Apple? April 3, 2017 12:57 AM

@reader @Daniel

I agree that better stories are out there.

Regardless, general petraeus and his mistress forgot to include the military-industrial-congressional-spook-law_enforcement complex, presumably, in their threat model. I am referring to their use of saved drafts in a shared gmail account. Perhaps now, if not then, they realize, obviously, that their threat model was much greater than their respective spouses.

Regardless I enjoyed reading the Gizmodo story and perhaps director comey should now include Gizmodo and its story author, Ashley Feinberg, in his threat model.

Perhaps if director comey read some more on this blog he could improve his opsec; or was his babbling intentional to get him more press coverage? He could start with:
At least on this blog somewhere he might learn that putting backdoors in corporate products is of limited use to talented adversaries, if he doesn’t know that already.

Other stories with the fbi in the news include:

Democracy Now
from the latter:

“AMY GOODMAN: I wanted to ask you about this other concern of a group of Democrats, the leadership on the House committee probing Russia’s efforts to interfere with the U.S. election. People like Adam Schiff, the Senator Feinstein of California are saying that the FBI is refusing to cooperate in handing information over—very willing to talk about investigating Hillary Clinton and then saying, a few days before the election, no, they weren’t. But when it comes to this, what about this, Marcy Wheeler, the clash of an intelligence agency with Congress?

MARCY WHEELER: You know, I’m a little bit less worried about this than those Democratic leaders are. And that’s partly because I’ve covered Jim Comey for years, and he’s very self-righteous. He likes to think of himself as this great crusader. Not necessarily a good thing as FBI director. I said that when he was confirmed under the Obama administration. But Democrats, at that point, thought he was—you know, he was pure and great. The Hillary investigation was public. Congress was involved in it. Yes, it was leaking like a sieve. And I do—you know, what Jim Comey did last July, and follow-up in October, was completely inappropriate. You know, don’t get me wrong. That was the unusual thing. But it was—I think it should be treated differently from an ongoing counterintelligence investigation. I mean, there are people who, for example, might be sources named in the dossier that Christopher Steele, a former MI6 agent who this dossier got leaked by BuzzFeed in January—there are people who might be sources in that who have have since died, in suspect circumstances. Several—four, actually—Russians have been charged with treason, with allegations that they’re tied to this investigation. The reason you don’t want a counterintelligence investigation to be shared with a Congress that is obviously leaking is because stuff like that—I mean, not only can the targets in the investigation find out and work to undercut the investigation, but people can get killed or charged with treason. And that’s not going to help us get to the bottom of this. So, you know, Pelosi, Schiff are absolutely right to be furious at Comey for what he did against Hillary Clinton last year. I’m not excusing that at all. But they should at least take a step back and think about whether they want the FBI investigation to be successful or whether they want it to be politically damaging, because those may be two different things.”

I assume it was director comey’s blathering that tipped the election to president trump. If true, I wonder if he is happy with it’s consequences.


the first link there provides some background

Ollie Jones April 3, 2017 4:51 AM

So, he uses Reinhold Niebuhr as a pseudonym? Ah, the irony of american history.

rlodbrok April 10, 2017 6:24 AM

The use of the term “ancillary data” is an interesting choice. I thought: “Maybe something Bruce did choose to sneak in and try it’s application in the Infosec world?” but it seems it has been in use before.

Ancillary: support, subsidiary, supplementary, .. “Ancillary data”, known as ANC data in the context of television systems. In Linux ancillary data may be send to file descriptors for more efficient processing or storage. The term “Ancillary data” also seems to be used in cryptographic context, like IKE; but also in Identity Management. And finally in the context of data privacy.

So… is Ancillary data used as an alternative term to meta-data; i guess i am asking (being, not native English): is there a better description to make the distinction between the two?

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.