Friday Squid Blogging: Humbolt Squid in Mexico Are Getting Smaller

The Humbolt squid are getting smaller:

Rawley and the other researchers found a flurry of factors that drove the jumbo squid’s demise. The Gulf of California historically cycled between warm-water El Niño conditions and cool-water La Niña phases. The warm El Niño waters were inhospitable to jumbo squid­more specifically to the squid’s prey­but subsequent La Niñas would allow squid populations to recover. But recent years have seen a drought of La Niñas, resulting in increasingly and more consistently warm waters. Frawley calls it an “oceanographic drought,” and says that conditions like these will become more and more common with climate change. “But saying this specific instance is climate change is more than we can claim in the scope of our work,” he adds. “I’m not willing to make that connection absolutely.”

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on July 26, 2019 at 4:42 PM66 Comments


Clive Robinson July 26, 2019 7:25 PM

@ Anders,

Proton Mail gets a mention…

We just seem not to be able to get away from them 😉

Clive Robinson July 26, 2019 7:30 PM

@ Bruce,

The Humbolt squid are getting smaller

There will of course be a knock on effect… In a couple of years it will be,

    The Humbolt squid numbers are getting smaller

And the cause will probably be given as “over fishing” then. Thus covering up this rather more important research.

Ergo Sum July 27, 2019 6:24 AM

@Otter Siri….

For me, the news was:

The wake word is the phrase “hey Siri,” but the anonymous source said that it could be activated by similar-sounding words or with the noise of a zipper.

The noise of a zipper, really? That’s not unintentional, that’s the intentional work of the programmer(s). The chances are that in order for Siri to recognize the sound of the zipper, she has to have a sample file with the sound of a zipper. And that’s just sick…

Yes, one can request his/her data collected by Apple, here:

Since Siri is not explicitly linked to your Apple ID, technically you can’t check what audio Apple has recorded. Based on the data I’ve received from Apple for my Apple ID, it’s quite possible, that any other data collected is identified by my name and not by my Apple ID. That might be the reason why there was nothing in received data, other than the devices that I had or have.

I do have Apple devices, where Siri and “app telemetry” disabled. Now, I question if the devices actually honor these setting. Maybe Apple does the same as Microsoft and just collects the data anyway. In which case, “What happens on your iPhone…” no longer holds water…

Eagle20 July 27, 2019 6:39 AM

This might be old news. Given that Bruce often talks about voting I figured it would be of interest.

DARPA Is Building a $10 Million, Open Source, Secure Voting System
The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.


What are your thoughts on DARPA creating a voting machine?

name.withheld.for.obvious.reasons July 27, 2019 8:02 AM

The United States Justice Department has restored capital punishment allowing room for unspecified crimes and adding new sentences like those of the Philippines. Wait, doesn’t the use of the death penalty under Duterte obviate the need for a criminal procedure, due process, or and a finding of fact?

To my thinking, a final rivet is released from the hull of a boat named “Representative Democracy” sending her to the deep, to Davey Jones. Her keel, of a most sturdy steel–screams–a loud, high pitched ringing made by the shuttering superstructure.

The DC buffoon, hiding behind Barrs, never reversed position on five adolescents falsely charged, convicted, and later released as their charges were exonerated. Not good enough, though innocent of the crime for which having spent nearly twenty years in prison, the hoody in the White House continues to call for their execution. An unconstrained executive wielding one of the most powerful acts a state can take–finds all my blood spilt.

Can the US extradition order, and/or the prior extradition be challenged or set aside in the case of Assange? The UK is much off execution as a thing, might the UK reconsider the final order (said using an ironic tone) under these circumstances.

If this goes where I understand it to be going, it will become necessary to correct the government by every means, excluding any and all forms of violence.

27 July 2019 00:00:00 July 27, 2019 9:18 AM

“Marcus Hutchins just walked out of Milwaukee’s Federal Courthouse a free man. While he might have faced up to fourteen months in prison, Judge JP Stadtmueller sentenced Hutchins to time served and a year of probation.


After a half-hearted attempt from Proctor [Prosecuting attorney] to emphasize the theft enabled by Hutchins’ malware, Stadtmueller then started a long speech, one that started by noting that of the 2,200 defendants whose sentencing he had overseen in 32 years, Hutchins’ was unique because, “one might view ignoble conduct against backdrop as work a hero, a true hero. That is, at the end of the day, what gives this case it’s uniqueness.” He emphasized we need people like Hutchins to help secure the Internet. “It’s going to take individuals like yourself who have skillset to come up with solutions, bc that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for entire panoply of infotech systems.”

The judge them emphasized that, on top of everything else, Hutchins had been away from home for two years.

That’s when what every lawyer watching in the courtroom I spoke with called unprecedented. The Judge suggested Hutchins should get a pardon, which would enable him to come back to the US to work. “While court has no pardon power, matter reserved to the executive. Truly left for another day.”

Common Man, Fanfare for the July 27, 2019 3:35 PM

Maslow’s Heirarchy of Needs on Earth, starts with Earth:×300.png

from website:

Main idea: (in my own words:) Global security is easier without people making money off of our collective existential lethal risks!

P.S.-a nice way to reduce some internet BS is to restrict domains in search engine results. for example, if you don’t need anything from anything .net, .biz, .gov, .mil, .com, or .io, then why search inclusive of those domains? Maybe you don’t need those. If possible, filter out all unneeded domains and domain suffixes from your searches.

Also, this concept can be extended to file types. If you know you do not need any animated GIF’s, or videos, why search inclusive of them? You may not need to at all.

Reducing bandwidth usage can help everyone.

Also, if you find yourself experiencing nystagmus, that is, your eyes moving back and forth to see what’s on your screen, maybe your screen size or monitor size is excessive. If you really don’t need that much space, reduce the display resolution until you obtain a smaller monitor or that matches the geometry of your eyes! Really, I’m not kidding. If you happen to have a monitor that’s too big, now you can trade it for something else.

Happy Solstice 2024 in advance. The world did NOT end in 2012. A fact a day keeps the eschatologists away.

Sherman Jay July 27, 2019 3:55 PM

I am concerned that the promise of ‘increasing coverage in underserved and rural areas and improving speed’ of phone and internet connectivity used to justify the following disaster is just more of the years-long deceit of the ISPs.

The reduced competition will likely reduce the motivation to protect customers privacy and security by the few remaining behemoth ISPs.

Also, please understand that I’m not trying to push a political agenda, but there seems to be some significant corrupt influence by the ISPs and our ‘buddy’ ajit piehole.

As have others, I’ve ‘fractured’ the URL to reduce non-human intrusion (I don’t know how or if it helps, but it can’t hurt).

ht tps://


ht tp://

27 July 2019 00:00:00 July 27, 2019 4:08 PM

Neither a ‘feel good’ story nor a story President Trump is likely to address.

“JUAN GONZÁLEZ: We turn now to the climate crisis. July is slated to become the hottest month in recorded history, as extreme weather fueled by global warming wreaks havoc across the globe, from extreme heat waves in Europe and the United States to deadly monsoon flooding in South Asia. Severe rains have killed at least 660 people across India, Nepal, Bangladesh and Pakistan in a monsoon that is expected to continue throughout the week. The flooding has displaced millions of people, including Rohingya Muslim refugees in Cox’s Bazar, the largest refugee camp in the world. This comes as a record heat wave is hitting Europe for the second time this summer, with Paris, Brussels and Amsterdam all at risk of hitting all-time high temperatures, and Spain facing the threat of severe fires.


AMY GOODMAN: Last month was the hottest June ever recorded. In the U.S., the number of days with a heat index of more than 100 degrees Fahrenheit will more than double by 2050 due to the climate crisis, this according to the Union of Concerned Scientists.


AMY GOODMAN: For more, we go to Penn State, where we’re joined by professor Michael Mann. He’s the director of the Earth System Science Center at Penn State University. His latest book, co-authored with political cartoonist Tom Toles, is titled The Madhouse Effect: How Climate Change Denial Is Threatening Our Planet, Destroying Our Politics, and Driving Us Crazy.

On Sunday, Michael Mann tweeted at The New York Times urging the paper to change the headline to its story, “What a Heat Wave Looks Like.” Mann said it should have read “What Climate Change Looks Like.”

Michael Mann, welcome back to Democracy Now! It’s great to have you with us. Let’s start there. This is how people learn about the climate crisis—the connections of the disparate weather events, from the meteorologists on television, every 10 minutes or so, to headlines like that, “heat wave” versus “climate crisis.” Can you talk about what the media needs to do to make these connections?”

27 July 2109 00:00:00 July 27, 2019 4:53 PM

Is there clear and convincing evidence that Russia meddled, successfully, in Brexit? Perhaps thru Aaron Banks .

Readers may find the following piece on Boris Johnson interesting.

Boris Johnson was sworn in as the new British prime minister Wednesday, pledging to deliver a swift Brexit and spending his first full day in office Thursday packing his Cabinet with hard-line Brexiteers. His election was the first time that a party’s membership directly chose the prime minister. The membership of the Conservative Party who voted for Johnson represents less than 1% of the British population. Johnson, who previously served as mayor of London and foreign secretary, replaces outgoing Prime Minister Theresa May. Boris Johnson is a highly contentious figure in the United Kingdom who has built his career on controversy. He is known for outrageous political gaffes and is a close ally of President Donald Trump. He has vowed to cut taxes for the rich, and positioned himself as a friend to big banks. Thousands of protesters marched through Central London to protest the new prime minister Wednesday. We speak with Ash Sarkar, senior editor of Novara Media, who says Johnson has crafted a public persona for himself as “bumbling, ineffectual, posh but benign,” but says this facade conceals “someone who has always been a very ambitious man.”

From the New Yorker: 7/24/19 7/8/19
“Boris Johnson, who has been proclaiming that every Brexit obstacle will vanish if people just “Believe in Britain,” would fit in well in John le Carré’s novel “The Looking Glass War.”

Brexit is the great distraction in British politics; it even complicates the reading of spy novels. And yet John le Carré’s “The Looking Glass War,” published in 1965, seems particularly revealing of the peculiar dynamics behind the United Kingdom’s self-defeating attempts to leave the European Union. The novel centers on “the Department,” an agency that is vaguely focussed on military intelligence and intently preoccupied with its own bureaucratic marginalization—it is being pushed out of the game by “the Circus,” an agency that employs George Smiley, one of le Carré’s great spying creations. The action is set in motion by what is probably fake news planted by the Russians. In response, the Department constructs an utter shambles of an operation, built on little more than memories of imperial glory, Oxford connections, a resolute indifference to the customs of other countries, and a faith in the infallible effect of muddling. The Department is, in effect, stacked with proto-Brexiteers.”

also a relaetively long read

AL July 27, 2019 8:15 PM

The FTC announced a proposed settlement with Equifax over a data breach.
People affected by the breach can opt for 4 years of 3-bureau credit monitoring by Experian, or, if already getting credit monitoring, opt for a payment of up to $125. Payments are also available for reimbursement of certain expenses to remedy an identity theft situation.

The site operated by the settlement administrator is
I recommend carefully reading the frequently asked questions.

Jon July 28, 2019 1:36 AM

@vas pup :

Please add to your list the following:

(3) Oppose death penalty because it is far more expensive to execute someone than keeping a person for life in prison; there’s better things to spend our limited funds upon, and

(4) Oppose death penalty because if you get it wrong, it cannot be undone.

Thank you, J.

Gerard van Vooren July 28, 2019 4:06 AM

“Neither a ‘feel good’ story nor a story President Trump is likely to address.”

That is not a subject that anyone would like to address and the result of serious deliberate neglect. But last week was unbearable here in the Netherlands. Record after record was set! It was hot! Thanks Trump for being part of that!

Alejandro July 28, 2019 6:00 AM

The War for Your Face, the Future is Here

Another interesting read in the New York Times:

In Hong Kong Protests, Faces Become Weapons

A suspected protester was arrested by four plain clothes police who had waited for him to unlock his phone and then jumped him, trying to pry it out of his hands. The officers tried to use his face to unlock the phone but, their target hit the emergency button to prevent it being opened. Later, officers went to his home and used a USB drive loaded with hacking software to break into his computer. (all kinds of legal question here)

Apparently protesters are using masks to cover their faces, the city is being blanketed with face ID cams, and the police are not wearing name tags or going plain clothes altogether.

The report is a compliment to the phone maker’s security features (sounds like Apple) but also another predictable knock on bio-metric identification: “THEY” can force you to give it up. Not so much with an ordinary password.

I would think the police and corporations are falling over themselves to install face ID everywhere. And of course, legislatures everywhere are totally oblivious if not supportive of this brave new world intrusion.

Alejandro July 28, 2019 6:20 AM

Re: DARPA open source voting machine?…hmmmm.

First I have to ask, can DARPA be trusted? After all, it’s a military agency. I have my doubts.

Also, I wonder if anyone, who is any good at it, ever really audits and verifies open source code. I have doubts there, too.

Last, should the military get involved in the election process in any way? I have doubts there, too.

Let me revise that: Absolutely NOT!!!

Laying doubts and politics aside for a moment however, it would certainly be a good thing if they could deliver a trustworthy, reliable, triple whammy audited voting machine.

But, I have doubts.

I guess I mentioned that already.

VinnyG July 28, 2019 7:29 AM

re: social media eavesdropping (spying) I expect that sooner or later (probably the former) here will be at least one court case to decide whether or not hosts in a residence that has Siri, Alexa, etc. active have a legal obligation to inform their guests of that fact.

VinnyG July 28, 2019 7:37 AM

@moderator – As someone who has had posts removed from this blog because those posts lacked sufficient IT security content, I must ask where that content is to be found in the post by “name.withheld.for.obvious.reasons” on the subject of the death penalty and the post by “27 July 2019 00:00:00” on the subject of the recent hot weather. While this blog is your property, and you obviously have the right to do with it whatever you please, I would hope that the reason those posts remain is the result of attention diverted elsewhere, and not some variable standard…

JonKnowsNothing July 28, 2019 8:12 AM

re: US Federal Death Penalty reinstatement
re: Marcus Hutchins release from US custody
addon: Julian Assange/Wikileaks exradition to USA

addon: US Espionage Charges with Death Penalty
addon: UK (last government) secret message to USA that they would not challenge the extradition or the death penalty clause.

It is going to be very interesting what happens to Assange now that the US has re-enabled the Federal Death Penalty.

It will also be interesting to see how the new UK Boris Government is going to handle the extradition request now that the death penalty is back in force.

It will also be interesting to see how the US Government is going to apply this to whistleblowers and other persons like E Snowden.

Given the US already has ex-parte judicial systems and ex-parte executions (normally carried out in other countries), it will be interesting to see who else these re-acted laws will apply to.

Josef Hediger July 28, 2019 10:58 AM

@Clive Robinson, @Anders: Sorry, I didn’t really read the article whose URL had been posted by Anders. Seemed to me again some fruitcake Russian consipracy stuff.

@Clive Robinson: “Proton Mail gets a mention… We just seem not to be able to get away from them ;-)”

Yup, you’re right. A pity you “forgot” to post the corresponding link. I’ll do it on behalf of you (incl. the archived article [I know, archiving is r… as the lady from the “Verge” told me]).

Whilst Mr Steiger is not the sharpest tool in the shed, we really have to give him credit for this article. I was quite astonished anyway, since in the past Mr Steiger has been rather tame towards the national carrier and the government.

Still, I would like to take credit for calling PM snake oil some four (or even more) years ago (and getting insulted for that). Finally, I can feel vindicated.

PM has promised to take Mr Steiger to court (which court anyway, first you have to go the the “Friedensrichter”) for slander but obviously, up until now, nothing has happened.

As I have noticed, PM carefully monitors Plebbit but also (no joke) /g/!

Just some “fun” facts about PM:

(1) “We have our servers in Switzerland because of muuuh data protection”. Switzerland does not have a data protection law enshrined in the C.A. (in German “OR”). Whether the servers are in Switzerland or not does not really matter. Just look at what happened to the national carrier Swisscom (

(2) PM partly is financed by the EU (can google that yourself). Probably also a “Russian collusion”.

(3) The company is preparing for an IPO. There is not much left of CERN. If you look at the trade register, you’ll see that PM basically belongs to an Italian. That much for “Swiss privacy”. An Italian for God’s sake…! Topkek!

I guess, as we say, “it has been eaten”, i.e. PM finally has discredited it itself. Also, the company is totally clueless about the Swiss legal system (“our legal counsel”, “we work with biglaw in Zurich”, the courts, Swiss data protection law) and their “transparency report” is a joke. Why? Because most queries by law enforcement in Switzerland are made informally…

Don’t believe me? Here the proof: Yep, the man behind the “Hacking Team” disaster himself.

About encryption: I have repeated it for many, many years: In Germany, backdoors for encryption software are mandatory. That is why there are no encryption firms in Germany, except our blue boxer’s outfit. In the 80s, the last really solid German encryption firm was forced by the BND (the German secret service) to close shop.

What remains are Mounir’s (nomen est omen) “Veracrypt” and the firm the man called “an obscure company”. And a few more not worth mentioning.

The “obscure company” actually is the most solid one but then again, as it is bordering Russia it probably also forms part of the Russian collusion.

About Bojo: It seems some ppl here believe Bojo is a clown or an unknown entity (or, sigh… a Russian agent). In the U.K., he’s actually quite well-known. He even was the editor of the world’s oldest magazine, the “Spectator”, or the “Speccie”, as we call it. I only hope Johnson eventually manages the hard Brexit and that the cancerous, German dominated EU will fall apart. Just like red China. Which both eventually will.

Good night. t. Swiss

Anders July 28, 2019 11:38 AM

@Josef Hediger

“About encryption: I have repeated it for many, many years: In Germany, backdoors for encryption software are mandatory.”

Kind of similar thing here. Estonia is under strong US influence
and you can’t develop solid international level software without
backdoors/weakening in favor of NSA. Seek information online what
they did with Skype (=project Chess).

In Finland there’s F-Secure, that detects government malware (Finfisher etc).
Here similar thing would be just impossible – in fact our LEA-s had
procured Finfisher and uses it very actively.

Josef Hediger July 28, 2019 12:05 PM

@Anders: Estonia is the great role model of Swiss politicians. We first had the SuisseID, which was a great failure. One software company in Eastern Switzerland (Abacus), a wine shop and the Post Office did accept it. Therefore, it failed. Now, they try again with the SwissID. Everything digital, just like Estonia. I remember the picture a few years ago: All those people with their supermarket bags queuing for new IDs because their old ones have been hacked.

“In Finland there’s F-Secure, that detects government malware (Finfisher etc)”. I purchased F-Secure some 25 years ago… Sounds very interesting.

Here in Switzerland, law enforcement uses more or less everything. The “Hacking Team” / “Galileo” issue of the Cantonal Police Zurich even made it to WikiLeaks. (“What a hack – government Trojan Galileo, costing almost half a million francs, rendered useless after attack on Hacking Team”,

No checks, no balances. Just the taxpayer…

vas pup July 28, 2019 1:28 PM

@Jon • July 28, 2019 1:36 AM
Thank you for your input, but unfortunately without providing any reason my post you were answering for was deleted by moderator. Not good practice in open discussion I guess.

See also related post by @VinnyG • July 28, 2019 7:37 AM:
“While this blog is your property, and you obviously have the right to do with it whatever you please, I would hope that the reason those posts remain is the result of attention diverted elsewhere, and not some variable standard…”

Thank you @VinnyG!!! Many years ago the idea was like this: “I don’t share your views, but I’ll die for your right to saying them.” As in ‘1984’ was pointed out, “Freedom is to say to the people what their actually do not want to hear.”

Now, on the subject of death penalty. Any penalty in criminal justice has four components:

Safety for others meaning to isolate person out of the other rest of society to prevent committing other criminal acts. You know, when IT related criminal is banned of using smart phones, computers, access to the web, etc. even after being release from prison.

Without general understanding of purposes of penalty in criminal justice system
you can’t understand purpose of death penalty in particular.
So, in those cases I stated in my deleted by moderator post under group (1),
correction is not possible, safety should be provided (if you substitute death penalty by life in prison) not only to general population outside the prison wall, but INSIDE as well to other inmates and prison personnel. If criminal get life in prison, he could kill those folks without any remedy to prevent it. One life sentence will cover all such criminal activity.

Regarding (2), I was always curious why the same level of humanity should be denied to the victims of the crime and their families.

A Brazilian Guy July 28, 2019 2:29 PM

I know people here probably don’t care a lot about Brazil, but something interesting happened there these days.

For the most part, I am referencing what is described on this news page:
which is only in PT-BR, but I imagine it would be easy to translate into english.

The story is that a group of “hackers” managed to steal Telegram chat messages from several important people in Brazil, such as the economy minister, justice minister, some of the supreme courte judges and some procecutors. And, eventually, gave some of the messages to Glenn Greenwald to report on several dubious things that were happening (which I will not cover in this post, just look at The Intercep Brazil)

What I find interesting was the method that these people used to access the information. Aparently all they did was:

1) Make several simultaneous phone calls to the target person, to ensure that the phone line was busy
2) Try accessing Telegram Web, which requires an authorization token from the cellphone Telegram App
3) Request the token to be delivered by a phone call
4) Since the phone was busy due to step 1, the token was sent to the voice mail
5) Use Caller-Id spoofing to mask you phone number to be the target phone, and call the target phone number. This gives access to your voice mail(!)
6) Get the Telegram Web token and insert into the Telegram Web program
7) Have access to all messages

Aparently it was that easy to do this, although for some of the targets this didn’t work because on on step 5 you would reach the target phone instead of the voice mail. Some of them recall receiving phone calls from themselves

Apparently Telegram (company) noticed this pattern happening and informed the supreme courte president that something was up, according to this other news article:

So yeah, apparently this is a possible way to “hack” telegram and have access to past messages.

JonKnowsNothing July 28, 2019 2:58 PM

re: data harvesting and source tracking

While most of the data harvesting and source tracking is done against individual persons, places, things and animals there is the reverse tracking that comes into play.

Like deanonymizing data to ID the source, the same process happens when systems, governments, individuals try to hide their actions. In the past it was much easier to hide The Who and The Where, today it is not so easy to hide things.

Of course, the very attack on encryption will mean it is so much easier to find out things that “the metaphysical and all mighty they” would rather remain hidden.

In current weeks there have been more stories that indicate how reverse tracking might be in play.

  • An alleged informant member of the IRA alleged to be actual a UK Operative at the highest level of both the IRA and UK. The actions took place a number of decades ago but “somehow” the dots got connected even when they were not intended to ever be seen
  • The sourcing of death penalty drugs in the USA. Due to pressures globally the previous manufactures declined to continue. In those states where they do continue to practice and enforce the death penalty, finding a source is difficult. The “dots” are easier to connect because there are only a N-Finite number of possible components and tracking them is easy even when the intention is that “they are not traceable.”
  • The continuous “leakage” of sensitive materials around the globe. Especially those items governments are most determined to hide. It is easier to trace the source of the leaks but the true-source is that the information is archived to begin with. It demonstrates that the sword cuts both ways, they may ID a leaker but the information itself has to have come from “somewhere” and the nature of the leak gives a pretty decent clue as to which sort of company, government or organization has such an archive. The alleged audio recordings of the demise of Khashoggi are one example. The findings of pinhole cameras and recorders placed in hotels, travel holiday bookings, bathrooms, showers, MD offices all backtrack not just to an individual group or person but expose the archive itself is another.
  • Another back tracking to the source are the extremely detailed chat logs that are produced by “osmosis” of conversations that took place years and years ago are another OH!?! in the list. Not too many folks have the ability to archive this volume of data.
  • In the USA we are now embarking on REALID. Yet another data stack of already available information. This is required if you plan to fly internally in the USA. It requires SSN, Birth Certificate and at least 2 forms of current residency documentation (or more). Nearly all of that is already available and available for the intended use parties. But this stack will be marked or tagged REALID. The trace back will be trivial but the holding archive will be revealed extensively.

  • The on-going process in the UK where MET Officers in an undercover unit, engaged in targeted sexual relations (some resulting in children) to target Non-Violent protest groups and persons of interest. The MET was able to keep this covered up for a long time. Slowly reverse data tracking is exposing the methods means names and targets of the officers and their victims. The Officers never ever expected to be unmasked. Reverse data tracking is making this less and less likely and the aftermath of the program will affect a lot of people.

Data can flow both ways and details or the omission of details (black outs) can say a lot more than what is intended. And this turn around may yet be more significant than what is actually stored.

Reverse data tracking analysis may be the ultimate gateway to encryption.

Wael July 28, 2019 3:38 PM

@A Brazilian Guy,

Steps 1 & 5 are clever. But this method seems to have been enabled by a lack of voice mail password protection. I particularly like step 1!

Thanks for sharing!

Josef Hediger July 28, 2019 4:14 PM

@vas pup: Yeah, some of my posts also have been Clintoned. The jannies are in a bad mood it seems.

Anders July 28, 2019 5:22 PM

@Josef Hediger

“Estonia is the great role model of Swiss politicians”

Too bad. This road leads to problems sooner or later. Connecting all
the govt databases together is seriously A Bad Idea.

During the WW2 Netherlands had a database of disabled peoples.
When Germany occupied Netherlands, they took over the database
and had perfect kill list of those who didn’t match to the Arian ideal.

But i understand why other govt’s are interested in Estonian model.
This gives them total control over all the people. All the databases
are connected via one unique ID – just one query and you know ALL
about that person.

gordo July 28, 2019 7:31 PM

More on that ‘Ring’ thing:

Here’s The Most Complete Map So Far Of Amazon’s Ring Camera Surveillance Partnerships With Local Police
Dozens of U.S. cities are working with the doorbell camera company, according to Fight for the Future.

Digital rights group Fight for the Future has compiled a map that shows the breadth of Amazon Ring partnerships with local police for the first time. The interactive map reveals dozens of cities that have formed partnerships with the doorbell camera company across the United States — and there may be other partnerships in the works.

To narrow down the map to show where local law enforcement works with Ring, users can filter the map for “Police” (local and state) and search for the word “Ring.”

Alejandro July 28, 2019 9:03 PM

Meanwhile, on a lighter note:

Hackers breach FSB contractor, expose Tor deanonymization project and more

“Hackers have breached SyTech, a contractor for FSB, Russia’s national intelligence service, from where they stole information about internal projects the company was working on behalf of the agency — including one for deanonymizing Tor traffic.”

They “stole 7.5TB of data from the contractor’s network, and they defaced the company’s website with a “yoba face,” an emoji popular with Russian users that stands for “trolling.”

If the NSA and FSB can’t protect their stuff, who can? Not us peasants, for sure.

lurker July 29, 2019 12:31 AM

@ Alejandro

… but can DARPA be trusted?

Well, after all they invented the internet. Oh, didn’t that work out OK?

1&1~=Umm July 29, 2019 2:16 AM

@ Lurker,

Well, after all they invented the internet.

Actually they did not “invent” it they mearly provided the finance to develop it…

As far as we can tell the original idea came from work done at Bletchly Park during WWII which followed on from work into traffic analysis.

One of the geniuses at BP who you rarely hear about was Gordon Welchman. He “invented” traffic analysis and it appears that thinking aboit it gave rise to thoughts not just on digital networks but how to make them robust, not just from traffic analysis but Kinetic and later other attacks.

After WWII Gordon Welchman stayed in Britain designing cipher systems etc but it quickly became clear he was going to go no where with his ideas. Because as he and two others at BP had realised during WWII whilst Britain had the brains, organisational and other skills other than the geography and manpower of Empire it lacked resources. Hence they pushed whilst they still had a significant crypto advantage for a political agreament to keep Britain in the Surveillance game. Which resulted in the so called “Special Relationship” that the BRUSA later UKUSA agreement that founded the Five-Eyes[1].

However as Gordon found out after the actual war the bureaucratic or turff war took over. So he upped sticks and became a US citizen and went to work for MITRE. It was there he got his digital communications ideas backing thus funding from DARPA. There were several projects one of which spun out to what we now call the Internet, others are closer still to his vision for a secure data and meta data tactical communication system. One of which is the Joint Tactical Information Distribution System (JTIDS), which is still a primary military system[2]. Part of Gordon Welchman’s design was geo-location which predated the ideas of GPS and is as acurate as GPS.

In essence he also invented the modern mobile phone as it was the early MIRE JTIDS work that also gave the basic design of Civilian Digital Mobile Communications that has given us not just the Internet but GSM mobile phones for voice and more importantly data.

[1] In essence Britain would provide the brains, the empire later Comonwealth would provide the geographic communications choke points and manpower, with the US providing the manufacturing capabilities. For what would become a global surveillance network.


Ismar July 29, 2019 2:56 AM

@ Josef Hediger
Since ProtonMail uses client side encryption and does not store any emails in plain text on their servers would you care to elaborate how they can be volunteers for assistance in providing access to the information they don’t have access to in the first place?

Rachel July 29, 2019 4:07 AM

Josef Hediger

your post has a general mood of slandering protonmail and all manner of accusations and innuendo without anything to substantiate it. just a general, slightly illiterate, illegible gathering of words and more than a suggestion of your dysfunctional dare I say toxic mental state.
This blog deserves better. And no, mouthing off at me is not an adequate or mature response. You opt for hotmail and google mail over PM, then?

Alejandro July 29, 2019 6:44 AM


Re: “For what would become a global surveillance network.”

True is.

And, a basis for establishing the trustworthiness of DARPA.

To be fair, many great ideas by brilliant men have been corrupted by money and power.

dosch July 29, 2019 9:05 AM

Hey, I am not sure, but you seem not to have covered this opinion piece:

Curious to learn what you think of this line of thought.

“Putting this all together, the sad reality of the encryption debate is that after 30 years it is finally over: dead at the hands of Facebook. If the company’s new on-device content moderation succeeds it will usher in the end of consumer end-to-end encryption and create a framework for governments to outsource their mass surveillance directly to social media companies, completely bypassing encryption.”

Gerard van Vooren July 29, 2019 2:59 PM

“EVERYTHING is climate change.”

It is true. Just look at all the temperature records that were placed last week. Call it a myth, call it whatever you like but it happened, and it will happen again as long as the guy in the White House is in charge, and decades after that as well.

lurker July 29, 2019 4:32 PM

@ dosch


so I establish a https connection to a local e-retailer and purchase a part for my bike. Retailer sends an acknowledgement email to my gmail account. The big G’s bots scan the mail for keywords, and the next day in casual browsing I am bombarded with ads for the part I have already bought. G’s AI doesn’t have the intelligence to read the whole email and parse that the desire to purchase has been fulfilled.

Can you trust the internet? By definition a network of networks, with many nodes, and nodes within nodes. How many of those nodes can you trust? I thought not… I am already under surveillance because I don’t do FB. I can’t imagine Mr Z’s AI being any more intelligent than big G’s, so it’s just another reason to avoid a business model based on a frat prank.

SpaceLifeForm July 29, 2019 4:47 PM


Even if the voicemailbox had a pin or even if the token was sent via ss7, note that this particular attack is trivial from the telco end.

It may just be a cover story. It may be true.

Weird, I was comtemplating a voice mail setup as I read about this.

Here is what I was thinking as to be the voicemail greeting message:

“for security reasons this voicemail box will never be checked, so do not waste your time leaving a message. It is for your security. Just hang up now”

It really is for the callers security because they are not leaving a recording, and more importantly, not leaving a voiceprint.

Forget the metadata part. People use other peoples phones. Voiceprints are important.

But it actually is better to just say no to voicemail anyway. Waste of time, spam, etc.

So maybe this attack would be almost impossible (excepting from telco end), if the end user did not have voicemail set up at all.

Josef Hediger July 29, 2019 5:48 PM

@Anders: “But i understand why other govt’s are interested in Estonian model.
This gives them total control over all the people.” There, you nailed it. We already have got the “Swisspass”, a credit card size card with NFC that you need for travelling at half price with any public transport. Now, wherever you are in Switzerland, every single ticket machine located at tramway and bus stops will record that you have been there and send that data to a centralized location. When you are in a train, you must present the ticket plus that Swisspass. The train conductor will then hold your Swisspass near his smartphone and off your data goes. Also, the various canton police forces try to build databases; since we are decentralised / federalistic, obviously every canton’s police force gets their own system. We got already systems from Atos Origin and Thales. However, they have not yet managed to build up a comprehensive database. In the States, they are a bit more advanced. It seems, that Palantir performs highly sophisticated analyses from the various data lakes. Here the link to an interesting article: “Revealed: This Is Palantir’s Top-Secret User Manual (Gotham) For Cops”,

Obviously, something like this would be a wet dream for our police forces and the increasingly fascist European Union. On the other side, if you ride in the 62 bus from Annemasse (France) to Geneva (Suisse), you can easily spot the North African drug smugglers / dealers. They know that there are no police controls.

So, at least, the taxpayer can be monitored by the ruling elite.

“During the WW2 Netherlands had a database of disabled peoples.” Good point. Guess the name of the company that was producing the computers… And guess who worked at that company… Pure coincidence, of course.

In Switzerland, politicians already discuss whether e-mail accounts should have to be registered by presenting an official document, i.e. ID card or passport. And I just wait until they will render illegal the use of certain encryption algorithms.

@Ismar: “would you care to elaborate how they can be volunteers for assistance in providing access to the information they don’t have access to in the first place?” No, I won’t. You can do that yourself by using google. I’m not your servant. Waste someone else’s time.

@Rachel: I have again analysed your posting. Just as I did some time ago (one or two years), when you used a different name. This time, I used GenderAnalyzer_v5. Result: Male, 54 %; Female: 46 %. Hmmm.

EvilKiru July 29, 2019 5:59 PM

@Ergo Sum: The sound of a zipper matching Hello Siri doesn’t require the deliberate programming of the sound of a zipper into the Hello Siri match algorithm. The waveform match for Hello Siri requires a large amount of tolerance in order to detect a wide variety of speech. That the sound of some zippers can come close enough to initiate a match under some circumstances shouldn’t come as much of a surprise. After all, Siri has been known to respond to a cough or a long sigh or random sounds from a television, radio, or YouTube personality.

Wael July 29, 2019 7:44 PM


It may just be a cover story.

May very well be. A parallel construction story to cover a telco insider or a phone manufacturer.

“for security reasons this voicemail box will never be checked, so do not waste your time leaving a message. It is for your security. Just hang up now”

Problem is: the entity that leaves the OTP is typically automated.

Speaking of voice mail setup: one of my colleagues has this message: “you almost reached Joe Blo”. I often leave the message: “Hey, it’s me! I almost left you a detailed voice mail”.

MrC July 29, 2019 11:00 PM

@ Ismar

Since ProtonMail uses client side encryption and does not store any emails in plain text on their servers would you care to elaborate how they can be volunteers for assistance in providing access to the information they don’t have access to in the first place?

Since they run the keyserver, and the counterparty’s key isn’t surfaced anywhere in the UI, in most cases all they need to do is feed you a MitM key when your client requests the counterparty’s key.

There is a pretty well buried feature to tell the client to only trust one specific key for a given counterparty, but (1) it’s buried well enough that few people will use it, and (2) it still doesn’t help because of the next issue:

The entire client is javascript served to you at runtime, by ProtonMail, over TLS. That means ProtonMail — or anyone in a position to MitM your TLS connection — can serve you a poisoned variant of the client. Since browsers honor the cache control header, and also don’t cache https content by default, your only shot at spotting the poisoned variant is during the session it’s deployed. The poisoned variant could (1) ignore your “trust only this key” setting for given counterparties, revitalizing the attack described above; or (2) just yoink your plaintext messages; or, scariest of all, (3) yoink the symmetric key used to encrypt your asymmetric keys. If executed by ProtonMail, #3 is a “pwn once, pwn forever” attack because they hold all of the encrypted data, past and future.

You can get around the “poisoned client” problem by using ElectronMail, which will use a clean, persistent, verifiable copy of the ProtonMail client off github. (To be precise, you must use ElectronMail exclusively, from account creation onward, without ever once using the webmail client. Remember that the “poisoned client” attack can be “pwn once, pwn forever.”) The only problem with ElectronMail is that it’s built on — you guessed it — Electron, so you solve the “poisoned client” problem in exchange for accepting all the awful “poisoned dependency” problems baked into NPM’s stupid design.

Ismar July 29, 2019 11:04 PM

I was asking for the benefit of all the readers of this blog but now it is obvious that you’re not interested in constructive discussion and may have some vested interest in bad mouthing Proton Mail. As for me I am happy to keep using Proton Mail for my communication until I hear better arguments against it.
In addition, I would advise you see a psychiatrist as you seem to be too stressed or even better go for a long hike in the beautiful Alps the country is famous for.

Michael July 30, 2019 4:14 AM


The current trend appears to be selling services that can only be exploited by the service provider itself. This is where the money is going, so I’m not surprised that its headed towards an IPO. As we know, surveillance works the best when the surveilled is placed into a false sense of secrity under which they freely elaborate. Follow the trail of money… and see where it ends up.

Michael July 30, 2019 4:37 AM

@Gerard van Vooren wrote, “It is true. Just look at all the temperature records that were placed last week. Call it a myth, call it whatever you like but it happened, and it will happen again as long as the guy in the White House is in charge, and decades after that as well.”

I don’t think we’ve seen the last of Paris Accord only because it is a very effective “money sink” designed to vaporize taxpayer money into propping up various new energy industries thru subsidies of various sorts. The re-shaping of our energey infrastructure has to occur somewhere down the road.

clunker July 30, 2019 9:49 AM

Since ProtonMail uses client side encryption and does not store any emails in plain text on their servers…

It would not be the first time where a service provider supposedly stores only encrypted data but yet is eventually found to have obtained clear text copies of it…

vas pup July 30, 2019 3:47 PM

I guess those quotes related to the subject of blog and want to share with you:

“Collective fear stimulates herd instinct, and tends to produce ferocity toward those who are not regarded as members of the herd.”

BERTRAND RUSSELL, Unpopular Essays

“If you think that your belief is based upon reason, you will support it by argument, rather then by persecution, and will abandon it if the argument goes against you. But if your belief is based on faith, you will realize that argument is useless, and will therefore resort to force either in the form of persecution or by stunting and distorting the minds of the young in what is called “education”. This last is particularly dastardly, since it takes advantage of the defenselessness of immature minds. Unfortunately it is practiced in greater or less degree in the schools of every civilized country.”

BERTRAND RUSSELL, Human Society in Ethics and Politics


Alyer Babtu July 31, 2019 6:39 AM

@vas pup


(As a mathematician) I used to be an enthusiast for Russell. Eventually it became apparent that he is essentially an idealogue for enlightenment progressivism, which rests on entirely unproved and actually incorrect starting points about human nature and knowing. He himself is an example of the things those quotes seem to inveigh against. Turtles all the way down.

I think it is much more helpful to study Aristotle (Ethics, Politics) on questions of human social nature, and so indirectly security.

VinnyG July 31, 2019 1:37 PM

@ Gerard van Vooren re: “EVERYTHING is climate change.” I won’t waste time on the literal parsing of that statement, but assuming it has some argumentative merit, here is my “multiple topping” contribution to “EVERYTHING.” I’m not a climate change denier, for several reasons. First, again literally, Earth’s climate has obviously been in continuous flux since it coalesced as a spinning ball of magma. More topically, I find it plausible that the general temperature trend over recent generational time spans is upward. I rely mainly on my own ad hoc observations, not any rigorous examination of the evidence. I also note that there is a defensible body of thought that Earth is still emerging from a cold period named the “Little Ice Age,” which, if true, would support a consequential warming trend. However, having mentioned rigor, I find that the governmental and quasi-governmental agencies responsible for collecting, organizing, and publishing such evidence, regularly indulge in conduct that tends to provoke suspicion that they are tainting or spinning the facts. That conduct is unfortunate whether or not their conclusions are correct. If the body of evidence supports one’s conclusions, it is ill-advised, and damned peculiar, to try to build consensus by altering a few conflicting data points. For one example: a very large number of the historical sea water temperature measurements were taken by (essentially) buckets dunked over the side of military and merchant ships, going back to the time of sail. It’s pretty obvious that there would inevitably be a considerable amount of variability in the procedure for taking such measurements, hence a significant error bar for the results. For the last couple of decades, the “authorities” have been smoothing those data points to the curve by irrevocably deleting “flyer” measurements from the archived data on the assumption that the data points off their curve must result from incorrect measuring procedures. That is a questionable assumption, and dubious practice, at best. A similar issue exists with the NOAA publication of “temperature records” that omit the best available measurements. The U.S. Climate Reference Network was established by NOAA expressly to eliminate known anomalies in the older COOP network. However, recent NOAA press releases citing high temperature records have completely ignored the fact that USCRN shows that, January through June, 2019 has actually been cooler than average.
Finally, an even more important question than whether temperature trends are rising, is what if any achievable measures could counteract it? I see very little in the way of proposals that are based on anything remotely resembling sound science, let alone equitable cost distribution. I have seen proposals to alter the reflectivity of the atmosphere that have apparent potential for the solution to be worse than the problem. If there is nothing that is reasonable and feasible to do about the alleged problem, what purpose is served by advancing solutions that will adversely impact the fortunes and lifestyles of millions of people, beyond satisfying some puerile, misbegotten, revenge fantasy?

Alyer Babtu July 31, 2019 4:20 PM

Re: climate change

If I’ve said it once, I’ve said it 2 or 3 times: what does this guy think about the question ?

Second, is all the climate data, including raw, available publicly, to anyone, and if not, why not ? Let’s use that great connected thing we’ve been hearing about recently called the internet to do some critical thinking.

passing through July 31, 2019 11:34 PM

Josef Hediger

running your name through my Wanker_Analyzer v.1.0 we arrived at a perfect score. having achieved this it was unnecessary to repeat using your post. this blog doesn’t need your ilk. go away and don’t come back

AtAStore August 2, 2019 3:27 PM

Has anyone had success activating the shared Hotspot WiFi on their iOS phone and then sharing it with a Linux computer?

For example, using TENS , when the Hotspot SSID is clicked the WiFi icon, in the lower right corner of the screen, disappears, before I can enter a password.

Using Network Connections on the Linux computer, I can then still click on the iOS shared Hotspot, but it won’t take the password and connect.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.