Cell phones and the internet were supposed to make our lives easier, less complicated, and more efficient. It was supposed to usher in an era where our effectiveness was going to give us more free time and less stress.
Do you feel like that’s what happened?
With the prevalence of cell phones, “free” search services, “free” email, and social media, we are sharing far more information about ourselves than we ever actually consider. The services offer this to you “free” as a convenience to make your daily life easier, but in all reality, YOU are their product.
Surveillance capitalism is massive industry. We are allowing them to produce a product without the need to pay for the raw materials, because our movements and activity are the product.
Businesses sell the information on your movements and that’s where your ads turn up on your phone. More nefariously, information aggregators compile incredibly detailed reports on your activity that certain groups can buy (like police, private investigators, and corporate security).
We’re going to talk about a few of these systems, but first, let’s do what we should always do and check the Ultimate Tactical Handbook for Guidance:
Whoever guards his mouth preserves his life;
He who opens wide his lips comes to ruin.
Who cares? Why should I care? Many people say “If I’m not doing anything wrong, why should I care?”. January 6th and it’s aftermath is why you should care.
Before I move forward, to my assigned FBI/NSA surveillance specialist: You already know I wasn’t anywhere near there, and I completely disagree with those who breached the building. We cool? Cool.
However, in the aftermath of the January 6th event, we are finding that cell phone companies, social media companies, banks, hotels, and airlines are all turning over data on the movements of ANYONE who was in the Capitol Region on that day. That’s right, EVERYONE. The FBI is then sifting through that data and deciding who to pursue.
Again, I know what you’re thinking….”But, so what? If I was in town and didn’t do anything, I’ll just tell them that”. People who weren’t involved in any way are being stopped at security checkpoints at airports and borders, just because they were in the Washington DC area that day.
The point is that in the United States, you aren’t required to explain your movements to the government. These records that they are getting “voluntarily handed over” from banks should require a search warrant and notification to you that the data has been handed over, except in highly unusual cases.
So, how do you protect your information?
Understand that the only way to completely eliminate the gathering of information is to not have a cell phone at all. Let’s dispel a few myths, before moving on to countermeasures.
First, turning off location tracking or putting your phone in “airplane mode” doesn’t stop location reporting. The phone still tracks it’s physical location and reports that data as soon as the phone is reconnected. As long as the antenna can make contact with the sky, it will gather and report location data as soon as it can, no matter what settings you have. You just might not see the data, but I assure you it’s still tracked.
Using a “burner phone” does NOT help. Unless you’re willing to commit a federal crime by lying when you sign the phone up for service, you’re not doing yourself any favors. The PATRIOT Act requires you to enter ID data to get any phone service. Additionally, regardless of how low-tech a phone appears, under the guise of “safety”, even burner phones have location tracking.
Let’s say you succeed in entering false information. That burner phone will still be tracking location information EVEN WHEN TURNED OFF. That phone will be reporting it’s location at least part of the day at the same location as your regular phone. Also, anyone you contact with the phone probably has your burner number stored under your real name on their phone. Great work, James Bond.
Next, Signal is NOT secure, as the Oath Keepers are learning to their dismay. The Israelis announced months ago that they could read Signal messages, and if Israel can, you know the US Government can.
Lastly, your phone is always listening. So is your Alexa or Google Home device. I know, I know, “but they said that’s untrue”, right? Ask yourself this…How does it know when you say “Hey Google/Siri/Alexa”? Because it’s always listening. There are multiple criminal cases where the recordings have been used, despite the device allegedly having not been listening.
So, what can we do?
First, stop being instantly available. If you are going somewhere you don’t want to be tracked, leave the phone at home. You can put it inside a faraday cage in your car, but understand that it will record the exact location where it lost the signal, so a better choice is to just leave it at home.
Next, Don’t over-share on social media. So many people are eager to narrate their lives, and that’s fine if that’s your thing, but understand that the data is used to sell information on your travels, and you don’t know who it’s sold to. Also, in our current political climate, people are being targeted and arrested for social media posts.
Did you now that the Bible predicted the Twitter Censorship? Check this out from the Ultimate Tactical Handbook:
Do not curse the King, even in your thought;
Do not curse the rich, even in your bedroom;
For a bird of the air may carry your voice,
And a bird in flight may tell the matter.
Little did we know that the bird was a little blue Twitter bird. Isn’t that a completely prophetic piece of wisdom?
Don’t invite technological spying into every aspect of your life. It’s frustrating when I hear people who claim to be into preparedness talk about their Alexa or Google Home, or their Ring cameras. We’ve already discussed the risk with the first two, but when you agree to hook up your Ring cameras to their servers, you no longer have exclusive rights to your security video.
If you doubt me, check out the app NextDoor. They regularly post about their “partnerships” with Ring and local police departments to “make your neighborhood safe”. Additionally, Ring allows the police access to your cameras recordings, for “on-going investigations”.
Again, I’m sure people will say, “but I’m not doing anything wrong”. Well, in our current environment, where police are getting no-knock warrants based on anonymous complaints, do you want to risk the police being able to watch two weeks worth of activity on your camera system, documenting the comings and goings at your house? Why not secure the data by just keeping your security system local? Yes, it’s convenient to check your cameras from home, but you could do that on your own home network by setting up private & secure remote access rather than signing over your right to privacy.
Stop using “free” services that sell your data. As an example, Duck Duck Go is supported by advertising and doesn’t sell or track your search data.
Have you opened up your mail client like Gmail and had it have a list of “suggested responses” to an email? Ask yourself why. Because they’re reading your emails and using that data to sell targeted ads. Because of my line of work, I get a lot of email that is confidential, so I don’t want Google reading it.
Rather than using a service like Gmail, I use ProtonMail, who encrypts all mail and is subject to Swiss privacy laws, doesn’t read it, and doesn’t store any of your mail. Only you have your encryption key. There are other services similar out there, check out mail clients before installing them. I know ProtonMail is secure, so that’s why I use it.
Don’t use “free” mapping services like Google Maps and Apple Maps, either. I purchased and installed Sygic GPS, which allows me to download entire state maps to the phone and update them regularly, allowing my searches to be done “offline” and only on my local device. As a side note, if the communications grid is down, this will allow me to still use my phone as a GPS since the satellites are in space and the map data is completely on my phone already.
Opt out of all “data sharing” and “error reporting” services on your phone. Resist the temptation to allow your phone to always to be searching for free wifi. These services all are part of the surveillance capitalism, and they can say that you “opted in” to sharing your data.
To recap, guard your information and be very selective about what data you share. Understand that the majority of modern search warrants rely on social media postings that people thought were innocuous, such as location tagging or old photos. Don’t take advantage of every single convenience, because they come at a price.
Be very careful of what you say online, as our once revered First Amendment freedoms are becoming more and more eroded every day.
Book Update: We are halfway through the first Training Manual, the Base Line Training Manual. If you’d like to help us continue to produce this kind of content, consider making a small donation.
Donation – March 2021
Donation to help produce content.
5 thoughts on “Personal Security in the Digital Age”
Got a bit of pushnabased
I don’t know what that means.
I really appreciate your blog – thanks for all that you do! I’ve learned a lot.
I have a bone to pick though: Your article here is misleading people about Signal and Proton Mail.
1. The Israelis (Cellebrite) did not “hack” Signal – this has been widely debunked, they never even claimed they did. Nor did the FBI (a more recent example.)
In both cases: The attackers had PHYSICAL access to the device. In both cases they exploited HARDWARE flaws on the device to access the Signal Messages.
If your attacker has physical access to your device, you have already lost. Period.
I think it is misleading because for avoiding the dragnet, Signal (or Matrix) is still the best, most secure, messaging platform for most people.
Encouraging the community to avoid Signal is going to make us less secure because all the alternatives (Telegram, Discord, etc) are much much less secure.
Better to encourage: “Don’t say anything important on a digital device. Use Signal for avoid the Dragnet but do not rely on it for life or death communications”.
2. If you are willing to discard Signal for the Cellebrite or FBI exploits, that is fine, but Protonmail is even less secure in that regard and pretending that Proton is “known secure” is just wrong.
So the opposite side of the coin applie – encouraging the community that Proton is “known secure” is also a recipe for problems.
So all-in-all. Both are good tools for avoiding the dragnet. Neither is “100% secure”. Don’t rely on anything digital. If you are being individually targeted for compromise you will lose.
However, Cellebrite does indicate that they can indeed exploit it.
This post is great! Keep up the good work!