Comments

finagle April 9, 2025 8:04 AM

TL;DR the author likes Signal. However he does mention The Guardian’s how to contact us securely help page which gives lots of options and their pros and cons which are generally applicable, and make it far more useful in my eyes than the linked article.

Clive Robinson April 9, 2025 10:38 AM

@ ALL

No method currently available to ordinary individuals is secure not even close.

This is due to the simple fact that what is available technology wise is “consumer/commercial” and none of it has been designed to be even remotely secure.

Secondly because all the technology is like a “fish trap” designed to funnel every electronic communication into a single net.

There are two solutions to this,

1, Don’t put your toe in the water.
2, Ensure the stream you swim in is not the one that ends in the net.

As those who want to communicate with journalists are putting their toe in the water then that leaves only the second option to them.

There are two types of communication “half duplex” and “full duplex” the first is unidirectional and more secure than the bidirectional second.

Journalist almost always betray their sources because they want to ask questions first of which is almost always “verify who you are”…

This means that journalists will almost always want “full duplex” bidirectional communications and will do just about everything they can to force a source into it and in effect betraying themselves.

I’m not saying “don’t communicate with journalists” I’m saying that the process is always risky and relinquishing control of it is very very unlikely to reduce your risk, in fact the very opposite.

So if you are going to maintain control you have to be responsible for not just yourself, but all others directly or indirectly involved, including the journalist and all at their organisation, and those you work(ed) with and your friends and family.

It’s safe to assume that all communications you do not 100% control will get you caught. So all modern consumer or commercial electronic communications are unwise to use, unless you really understand the technology to the lowest levels.

Likewise all commercial post and package services will be risky to use because everything gets tracked these days one way or another. Primarily for “accounting and auditing” reasons which means they are “third party business records” that have no legal protection from inquisitive authorities.

Thus unless you are a technologist of wide scope you are better considering “Old School Field Craft”. But due to modern technology like wireless CCTV units that can fit in a cube the size of a games dice your golden rule has to be “never the same place or way twice.”

Unless of course you know how to lay a false scent that leads the blood hounds away. However that usually means giving them a sacrificial goat or more to rip the belly out of…

You might think that you can “start safe” unfortunately you can not and this is often the most dangerous step. History shows that during the cold war anyone working in a diplomatic mission was watched around the clock 24×365. But also anyone who approached or entered a diplomatic building or even NGO with foreign funding was photographed and where possible identified and checked.

It’s safe to assume with the paranoia about journalists that some are clearly displaying, and the unlimited resources they effectively command, that journalists today have the same level of surveillance or worse on them that cold war diplomats had.

Why worse?..

Well because technology is at least 20 generations advanced on the cold war thus the human resources needed are almost vanishing in comparison. Also they give a “time machine effect”. Think about CCTV tapes from cameras in a shopping center car park or cafe etc etc. As long as the exist, an investigator can “flip back in time” through the glass eye of the camera recording. They don’t need a human every place they only need one to go through the hundreds or thousands of tapes “facial identification software” pulls up as “possibles”.

None of this is SciFi it’s all very mundane today.

Oh and don’t forget all those “lets make history” devices you have on you like your Smart Devices such as fitness and medical devices, mobile phones, and just about anything with electronics in it these days even toys those in your family have even your pacemaker or other implanted medical electronics.

Bluetooth Low Energy is ubiquitous in “System On a Chip”(SoC) microcontrollers these days. Such microcontrollers are in so many products that avoiding them is at best difficult, at worst impossible. Those “air tags and tiles” luggage tags that people got briefly paranoid about are many times bigger than they need to be for just the electronics because batteries have a lousy power density. If you can find an alternative power source then think a fat grain of rice…

It’s what RFIDs became before we forgot about them. We know some RFIDs can be scanned from outside a shipping container they are in, or from the “bumper badge” to toll gate gantry 20ft up as you drive under it.

Making Smart-RFIDs to work with BLE Beaconing is a trivial manufacturing job these days (though expensive per unit below the 100,000 unit volume).

Old school field craft will if both parties have good OpSec enable you to have diminished risk. But history shows all to often journalists don’t do good OpSec. In part this is because the editors under guidance from the legal people want “full verification” at all costs otherwise they wont touch a story.

mianosm April 9, 2025 12:40 PM

Using Signal, Telegram, WhatsApp, or any other ‘app’ is foolish, and it is a shame that GPG/PGP has been forgotten (even if Phil Zimmerman was quoted in your last post).

Much like the youth not knowing how to read an analog clock on the wall, we are losing our ability to maintain and provide confidence in the integrity of our communications.

Encryption isn’t that hard, and honestly, the juice is probably worth the squeeze if you’re delivering content you care about.

ResearcherZero April 10, 2025 1:45 AM

The government itself deliberately leaks information to journalists on a regular basis. It also withholds public information far to frequently. Public information that would allow people to better adapt to the circumstances and prepare for challenges.

Or instead, if some prefer, a few politicians can pad out their own personal investment portfolio at your expense, by selfishly exploiting information that was developed and compiled for public benefit – is not classified – and was funded by tax payer funds, yet the government has withheld from public release. The old revolving consultancy door.

Some members were consultants before they became part of a political party, and once your public funds have been allocated to benefit a corporate contract, a consultancy job awaits.

In the meantime, you are funding their property investments, which they selectively purchase based on information about future housing conditions – information that is withheld from publication – which again, is not classified information.

They are manipulating stock and investment conditions while harming your retirement.

ResearcherZero April 10, 2025 1:57 AM

Politicians and diapers have one thing in common: they should both be changed regularly… and for the same reason. Next time try the NSA, it is always listening to you.

ResearcherZero April 10, 2025 2:48 AM

here is a tip – Peeking at regulators emails from 100 banks.

A group had access to an administrative email account of the OCC which oversees US and foreign banks. Who is responsible and who leaked the story – no one really knows.

‘https://fortune.com/2025/04/09/hackers-bank-regulators-government-china-emails-spying-congress/

The OCC was tipped off and discovered some 150,000 emails were accessed from early 2023.
https://www.theregister.com/2025/04/09/occ_bank_email_hack/

@Clive Robinson, ALL

Journalists are definitely watched as well as by other governments. This is a fact. Any secure rooms or safes within in a news media building will be covertly accessed, and communications and discussions with or between journalists eavesdropped on. Moles will be placed within organizations, cleaners, lawyers, anyone who can be planted or used as a source. People will be blackmailed, paid off or induced through various means (info).

Use all of the techniques that governments themselves use to avoid blame and responsibility. Employ the techniques of trade craft to degrade adversarial advantages and disperse and degrade culpability. Learn from the techniques used to reduce attribution.

Expect to get f–ked, or if lucky, beaten. The road to hell is paved with good intentions, which makes for a far more livelier and interesting ride, due to all the bumps and cracks.

Madness will complicate credibility, for all parties, especially if you are mad.

ResearcherZero April 10, 2025 3:47 AM

position, threats and risk

Constraints on power are designed to prevent the executive from not just harming the people, but to also prevent the executive from abusing power and tempering its decisions.

Independence of agencies is crucial for the functioning of democracy and the safety of the public from national security threats and the threat of arbitrary and unreasonable arrest.

Agencies’ loyalties must lay with the public and the public interest, along with ensuring public safety and security above all else. They only function well when independent.

Agencies provide the same advice and range of options no matter what political party or ideology is in power. It is the politicians who choose which options are implemented.

Politicians are people. Legal constraints exist to protect them equally from themselves.

‘https://abcnews.go.com/Politics/protecting-us-government-leaders-security-analysis/story?id=66258938

Recently, protections have had to be put in place to ensure the safety of the judiciary.
https://judicature.duke.edu/articles/states-move-to-protect-judges-safety/

People who work in the security services are human. Constraints on the executive ensure everyone’s safety, as the intelligence services are sworn to protect the public.

https://harvardnsj.org/2025/01/12/protecting-the-u-s-national-security-state-from-a-rogue-president/

Congress is also afforded protections, as they must ensure legal protections are upheld.
https://www.nbcnews.com/politics/congress/here-s-how-congress-protected-n772296

Anon April 10, 2025 6:44 PM

For those wishing to communicate with journalists, the zodiac killer and Ted Kaczynski offer some insights. I recommend mastering spell check before trying encryption.

ResearcherZero April 11, 2025 12:02 AM

@Bob

It was squarely directed at the hateful lad who’s comment has since been deleted so that they might stop and think, which is highly unlikely, about their own misdirected anger. Of course the kind of rhetoric he was sprouting did remind me of the Stalinist mantra that one most not spread rumors or behave in a manner perceived to be disloyal to the dear leader.

Often people who type things like that are themselves afraid and angry. They are looking for someone to blame for their own insecurity and feelings of alienation.

What was typed was something NKVD police chief, Lavrentiy Beria might say to someone as
a pair large thugs bundled them into a vehicle before they were disappeared. But Beria himself was always worried about the day it would be him that was taken out and shot.

The most the difficult task for a dictator is discovering who has been thinking disloyal thoughts, and this becomes more difficult as their behaviour becomes more authoritarian.

‘https://www.hoover.org/research/what-do-secret-policemen-really-do-insights-history-and-social-science

“Knock knock. That is a nice shirt you are wearing. Would you like a trip to the Gulag?”

KGB records shown that Americans were among many tortured and executed for wearing American clothes or talking about the West. The secret police fabricated evidence against people then tortured them to obtain “confessions” about their “subversive” activities.
https://www.latimes.com/archives/la-xpm-1997-nov-09-mn-51910-story.html

Komitet Gosudarstvennoy Bezopasnosti
https://feefhs.org/resource/russia-blitz-kgb-records

ResearcherZero April 11, 2025 12:25 AM

@Clive, ALL

Yes the evidence, they like to have the evidence on official paper documents, and they like it straight away. Journalists do not like to figure things out for themselves and further investigate, they want the entire package and with the right marketable appearance.

Some stories do not sell well or bring lots of heat that doesn’t go away. Legal heat.

Facts and statistics. Boring stuff. People love that s–t, and it is important.

Other matters may just be embarrassing, but those stories sell too in tabloids and news.

A mic and a recording device will provide a long lasting record of what is really said by politicians, providing insight into the real intent and motivations behind actions.

‘https://nit.com.au/09-04-2025/17314/water-lapping-at-our-door-is-our-reality-palau-president-with-thinly-veiled-attack-on-peter-dutton

ResearcherZero April 11, 2025 1:38 AM

@Bob

That kind of behaviour from people like the one who posted that post, is indicative of the kind of blame shifting used to direct frustrations away from the executive branch. As the tariffs begin to have an impact, it will be agricultural areas and small business which takes the brunt, as they cannot shift around investment and move operations.

Exports are purchased by individuals in other countries and the tariffs cannot be negotiated to shift what people buy themselves. As prices go up, purchase instead will decline, reducing exports from American farmers and manufacturers with higher input costs.

This is all taking place as services are cut and many people who were fired are either no longer spending as much in their communities or looking for employment elsewhere. This will reduce economic activity in many areas, similar to when cuts were made to military programs and facilities in regional areas when the Cold War ended and community programs were ended.

The end of that Cold War spending had a huge impact on the local economies in many states.

It takes time for many of those changes to affect people and businesses in ways no-one ever imagined, and that in itself has similar knock-on effects. The United States supply chain is highly integrated and far more complex than can be understood. Even data availability itself is obfuscated by the multiple layers and many different input sources, so where these changes may take place will be very difficult to assess in some cases.

We do know that they will not blame themselves. They will attempt to blame someone else.

ResearcherZero April 11, 2025 2:08 AM

As the Western World cuts foreign aid to countries struggling with the impacts of climate change and the changes to trade impact them they will look elsewhere for help. Not only this, but conflict will increase and people will flee elsewhere in search of employment and respite from fighting. This will further exasperate tensions, leading to more conflict.

There will be one nation in particular where those frustrations will be focused. Given the political environment and the cuts to federal agencies, exploiting those divisions and attitudes will be far easier. Infiltration needs only don a particular perspective to take advantage of the loyalty push and exploit the strains on government departments.

Given that enormous changes and confusion are taking place, intrusions have an enormous range of targets of opportunity to exploit, through a large and growing attack surface.

Tactically, the American government is now at a massive disadvantage. Identifying weakness in the system can only take place if those issues are brought to light. Many are not issues that can be reported through a vulnerability reporting program, and will require public disclosure and cooperation to address. This will require reporting by the free press.

Clive Robinson April 11, 2025 6:36 AM

@ ResearcherZero,

When you say,

“There will be one nation in particular where those frustrations will be focused. Given the political environment and the cuts to federal agencies, exploiting those divisions and attitudes will be far easier.”

You forget to mention just how fragile it is, due to it’s over reliance on technology.

I note from time to time,

“Technology is agnostic to use, so can be used equally in ways an observer can see as good or bad.”

We’ve recently seen the CALE Act 1994 interfaces being used by others to spy on not just Americans but many others. The fact the NSA et al lead the way on this behaviour type indicates there was more than opportunity involved.

The same is being seen with Signaling System Seven”(SS7) and will no doubt have it’s fifteen minutes in the NSM.

Both are exploits of poorly thought out technology at the standards level. The designers of which also failed to accept the reality of century old mathematical work that predicted such standards would be exploitable by all not just “a chosen few”.

But such failings are also in the very tangible world of physical objects. As I’ve indicated in the past 9/11 is a clear example of technology repurposing from passenger aircraft to guided missile.

But life is about trade, without it we would not be where we are. The problem is that trade used to be little more than barter assisted by metals considered of equivalent value to the labours involved with production and transportation. Yes it was subject to crime but it was discrete crime as isolated incidents. Now trade settlement is done not by tangible pieces of metal considered as valuable, but by intangible information impressed on sub atomic particles and corresponding movements of charge all interconnected and all vulnerable on mass.

Back when Obama sat in the oval office there was talk if a “big red button” to “kill the Internet”… But it was already too late, the Internet had become in the US the arteries through which trade happened… So kill the Internet, Kill American trade, Kill American existence as it’s citizens know and live it…

But it’s not just the Internet, it’s all consumer and most commercial communications that are fragile. So also are the water, gas, fuel, electricity infrastructure that are dependent on electronic comms. Worse they are so interlocked that when one goes down they all go down like dominoes. And once down they can not be brought back up because the others need to be already up and functioning. So specialist individuals have to go out and manually bring things up bit by bit at best. But due to “The American Dream” such people have been “out sourced for shareholder value” and scarcely exist now…

And I’ve no doubt some bright mutt of DOGiE pedigree already has plans to replace the last of specialist infrastructure workers with 100% power, water, and communications infrastructure dependent AI…

If people can not see where this is going to go, then perhaps they should send their C.V. to Hellon Rusk I gather he’s made email to him, his DOGiE Mutts, and their AI available, if not mandatory…

With regards “Move fast and break things”…

The result is the US has become a glass bauble moving at terminal velocity toward a hard ground state that will be more fractured than Humpty Dumpty.

Just don’t say you were not warned…

Rontea April 14, 2025 10:00 AM

Thank you for sharing this insightful information. It’s crucial to have secure methods for communication and data protection, especially in times of uncertainty. This guidance on using personal devices and seeking whistleblower support services is invaluable for those looking to safely share important information. I appreciate your efforts to keep us informed and secure.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.