Upgrade your Online Security!!
Protect What Matters Most
You may have seen recent media reports of secure messengers being compromised. Signal, Telegram and Whatsapp might be encrypted, but there are leaks reported that can wreck the security in what was believed to be the most secure messenger (Signal) that were reported HERE, HERE and HERE. This is a warning to everyone to be more vigilant about your personal online security.
Convenience is the enemy of privacy and security.
If you have something worth protecting, continue reading…What is worth protecting? Money, knowledge, your whereabouts or conversations best left private. Maybe you just want to maintain a private side to your life, or you have valuable information you must protect.
Losing privacy can come at a steep price. Think of privacy as a valuable asset you inherently own. Businesses are willing to pay for your data, proving your privacy has a measurable value!! Security agencies spend a fortune collecting high value, actionable information. It’s a key part of your private property. Why give it away casually and allow others to steal this valuable asset from you? We’ll use the model of a water system to show how you can safeguard your privacy “property” and identity and prevent leaks. The alternative is to own nothing and be happy — which literally means you won’t own your own body, your thoughts or expressions of ideas. My readers are not going that direction.
Data, like water, leaks out in a number of ways. With water, you can have a leak in a pipe, someone can tap the line and take your water, stealing or buying it from you or perhaps you willingly give it away. It can evaporate, if left out in the open and water can freeze…preventing it’s use. Here are places data leaks occur:
-Devices. This includes hardware, OS, apps and malware are capable of collecting and sharing your data.
-Networks. Internet, phone network, any place where your data is carried to another place, or web sites you visit — data can be intercepted and collected. Your messages can also be blocked and this is the frozen water I referred to.
-Surroundings. The walls have ears and eyes. People, their electronic devices, security cameras and Internet of Things devices and appliances can all eavesdrop. Satellites can also collect information.
A safe and protected digital bubble is a good place to communicate with trusted colleagues and friends. Private networks, end-to-end encryption and privacy centric hardware and apps are required to reach this level of privacy.
It’s Time to Replace Signal, Telegram and Whatsapp for Secure Comms
Many of you have been using Signal, Telegram or Whatsapp. It’s now time to move your important comms to other platforms — we warned you about Signal last May and about Telegram last September. They have been officially announced as being compromised even by mainstream media. We saw this coming, we told you and you ignored the warnings. Today, a friend told me “Signal can be hacked in five minutes” and this person used to work for an agency and was a heavy user of Signal. LOL. These apps were created and funded by the data collectors and those aligned with them. They are all ops of one group or another and you shouldn’t use them for anything important, as they give people a false sense of security and even if you know they are watching, it’s easy to make a mistake and accidentally leak data while using them. It’s time to get serious because a lot of money and lives are at stake if you are involved in important projects. Assume everything that requires a phone number or email is compromised, that is a good “rule of thumb”.
There is one fine point. Someone I suspected to be an agent once told me “if you find a listening device bug, leave it, know it’s there and feed it disinformation”. If your network is using a major platform, don’t stop using it for general comms. You have already been tagged as being associated with your contacts. Move your important comms to a different platform (more about this later).
Basic Ground Rules.
Agency operators, high level bankers and politicos have access to the follow secure comms:
-Secure computing and phone equipment such as an “agency phone”
-Advanced encryption not available to the public
-SCIF rooms (SCIF = Sensitive compartmented information facility) for dedicated security free of extraneous electronic devices.
-Private networks used by governments and large corporations
For operatives and agents within banking, government or security….even you can benefit from having an outside comm system and a small private network of people you can rely upon. You know you are compartmentalized and have limited knowledge. This blog can provide valuable information openly shared by others outside your networks. We share openly here. Maybe you are now independent or an ordinary person working on an important project. How will your projects be affected if your funding gets blocked, your partners get turned away or you get “frontrun” on a trade by someone you casually gave private information to?? The good news is there are things you can actively do to improve your privacy and security and they aren’t that difficult to do.
LOOSE LIPS SINK SHIPS, WRECK DEALS and PEOPLE CAN DIE!! (NOT A JOKE!!!!)
I always get a laugh out of the people who claim “I don’t have anything to hide”. I’d say the majority of people are like this; they might not own much property or money or work on important projects, but even they can benefit from knowing what is happening. Ignorance is not bliss. Maybe you believe you don’t have anything of value and you don’t care, but the Evil Eye is always watching and listening. What you don’t think is of any value might be of value to someone now or in the future; perhaps an authority, an advertiser/spammer or potential competitor (industrial spying) or another curious person who uses information like a currency to cause harm. Be aware!
If you are connected to the internet, you can be hacked. This is a FACT and the first consideration of Computer Security. The internet is a PUBLIC network and accessible to nearly everyone. There is NO EXPECTATION OF PRIVACY IN PUBLIC by law and even if your messages are encrypted, your meta-data can be collected!
If you are connected to the telephone network, your location data, calling data and who you are connected to is recorded by the telephone network, by Big Tech, by various security agencies and potentially by apps. That cell phone you carry is basically the same as a GPS shackle worn by criminals. Everything within range of camera or mic is being captured and your location can be phoned home every 15 mins. This goes for burners, too!
Any app that requires an email address or phone number is NOT private. Your email and phone are the “Unique ID” for all the data collected on you and it goes into your file. Why do you think REAL ID in California now requires a validated phone number and email address? When I recently re-entered the US from a trip abroad, Customs and border protection now required valid email and phone number. Every human on Earth has a file — there is no escape from that, but you don’t have to put your entire life in there.
“Secure Messenger” services have been demonstrated to be built by state agencies and are compromised. You could say the same for VPN’s, where exit points are tightly monitored and many are owned by foreign entities (companies based in Israel, etc) and controlled by foreign agents who collect your data. The same is true for many so-called “secure” email services. Most operating systems and many apps had backdoors intentionally designed into them by US security services and those secrets are now known by many other countries and even criminals who bought these secrets.
Your Public vs Private Life
Unless you want to literally live in a cave completely away from society, friends, family, etc. you will need to maintain a public facing side. This side will always be monitored — there is no practical escape for anything done in public (web browsing, email, messengers, etc). This is counter-intuitive. You must maintain a public face if you are in public and if you disappear from the public, that’s actually a big red flag and you will get even more scrutiny. Keep your Alibi Phone, but always be aware of what it is doing. I do not recommend completely disconnecting from the internet yet and I do recommend keeping an active public side. 400m people in China had dumb phones before the pandemic and 400m people in China were killed during the pandemic. Non-conformers will be wiped out first, if China is any indicator.
You will need to maintain a public side as long as you still live in public. If you want to completely unplug and “head for the hills”, once you make that choice you won’t be needing your Alibi Phone there. The rest of us will keep our regular phone, snooping and all. For our private side, we’ll get dedicated secure devices that have secure OS and apps that have never touched the internet, don’t have a SIM card and run on a private network. Or you can just “drop out” and lock the gate behind you.
How and Where Devices Leak
One of the worst privacy busting devices is your cell phone, but tablets, laptops and desktops all can do the same things. There are also TV sets, appliances and security cameras in addition to dedicated surveillance devices that can be placed in your surroundings have features you enjoy, but which track and record you. It will only get worse when virtual assistants and AI are built into every operating system, always listening.
An example you can find on the internet of a “light bulb” with noise detection recording capability. It looks like an ordinary light bulb, but has a microphone inside. Many regular appliances have the same built in mics.
Cell phones consist of the following components:
-Hardware. Most cell phones are built in China, though a few are now built in India, Vietnam and a few other countries. No cell phone with major distribution is built in the USA to my knowledge. Even Japan, Korea and Brazil production moved to China years ago. Many important components are also sourced in China. Why is China a problem? Because they are notorious for installing back doors for spying. Devices inside a cell phone include:
-Cameras/Lidar/IR. Resolution is always increasing and now with face time video calling, cameras are on front and rear for facial recognition of you and anyone around the camera. IR is used because in the dark your eyes can’t see your face is being scanned. Visual cams can judge distance, motion and of course facial recognition. These cameras are extremely sophisticated, especially on the latest phone models.
-Microphones. They have been so sensitive they can hear ten offices away for several decades. Turning on the faucet, a radio or other noisemakers do nothing in the face of Digital Signal Processing, which can strip everything that interferes with the conversation away with the touch of a button. Combined with AI voice recognition, say just a few words and they will know where you are, no matter which device your voice was captured from (even burners!!).
Pricing for various microphones in large volume. When you can buy a mic for 12 cents, it will find its way inside anything with electricity as a “feature”. (Source: ChatGPT).
-Wifi/Bluetooth. Local networks and devices attached to those networks can be scanned and “Phoned Home”, building a map to your networks, triangulating with GPS or cell tower location. Local routers can track and scan your device without your consent, reporting back your location. If you maintain a secure network at home, you’ll need to keep it away from all but the devices you must attach to. Your friend visits and now all these networks will leak out over their device. Assume your home Wifi is a public network.
A screen capture of local wifi base stations at an apartment building in Kingston, Jamaica. Note “Tavistock” and “CIA” Wifi (the names might be a joke or not). (Author screen grab)
-GPS/Cell Tower/Wifi Network Location/NFC Chip. Google, among others, maintains a vast database of networks and their locations collected from your devices and Google’s fleet of Google Street photo cars capture Wifi and other network ID/signatures as it drives by. Cell towers can determine your location within 50m if multiple towers are available. Newest GPS on phones even 4 years old is within 1m. They know the location of your cell phone.
-Magnetometer/Accelerometer/Gyroscope/Barometer. Determines your direction, speed, motion and elevation.
-Battery. Removable batteries are no longer offered in any mainstream phones. They can be remotely turned on in stealth mode, even if you turn off the device via every hardware’s “management” admin layer they have full access to, but you don’t.
Even if you leave your phone behind, if someone in your proximity is carrying their phone, it’s as bad as if you brought your phone. All phones can be remotely accessed in real time like people in the film The Matrix. I have personally experienced this when entering a cafe for a meeting with friends who all left cell phones in our cars and all the cell phones in the cafe carried by others started making weird noises at once. LOL.
TV’s and other Hotel Room Devices have a camera facing the viewer as well as microphones in the set and remote control.
Hotels and Air-B-and-B’s are loaded with spying devices. You might also have similar devices in your home.
Home Appliances. Microwave ovens, ovens, refrigerators, irons, personal assistants (i.e. Alexa) now have wifi and many have microphones, since the cost to add a microphone is less than 20 cents. Most wifi routers can be remote accessed, since they rely on a small handful of chipsets and opensource code used by nearly all of them. Many connect via IoT networks so they don’t rely on your Wifi, unless you add your network and password to the device.
Security cameras deserve a special shout-out. These are on public streets and roads with AI facial and license plate recognition that go to security agencies and law enforcement, but security cams in private residences can also be accessed. Ring doorbells and the private security cams are all hacked because of Chinese chipsets with backdoors. I’ve attended meetings in private residences that we found out later someone outside watched the meeting via in home security cams they hacked into. Microphones in the cams and AI lip reading can provide a transcript of what was said.
AI lip reading was shown in sci-fi classic 2001: A Space Odyssey where the HAL 9000 computer read the astronaut’s lips. This was in 1968!!!
Vehicles. Include IoT (Internet of Things - a separate internet for devices, not people that is 3-4x bigger than the internet) connections with location, cameras, remote driving and an OFF switch. Tire pressure sensors are serialized and wireless, so they can also be tracked and you should assume most modern electronics have these features. Cars made prior to 2004 have no remote driving capability, which is why I drive a 2003 truck with 250k miles. Onstar remote disconnect can be disabled by removing a fuse on early models. Newer cars have the OFF switch integrated with the CPU, so fuse removal will not work, it could brick the entire car if attempted.
AirTags. These trackers report location in many parts of the world using IoT. Put them in your checked airline luggage to track your luggage and know what happened to your bags if they go missing. If someone drops one in your car, they can follow you around.
Human Bodies. COVID shots had a special payload of self-assembling nano-particle Graphene. Each person who took the vaxx now has a MAC address for each dose and an LE-BT beacon, not to mention other features still being discovered. Patents exist for many of these technologies, it’s not a fantasy. This is the Internet of Bodies.
A scan with a special LE-BT software package can turn up vaccinated individuals. This Android software requires Developer Mode to see unregistered devices. At an airport or on a busy street, you will see hundreds of them. (Author screen grab)
All these devices that emit RF (Wifi/BT, etc) can likely be “seen” from space. Don’t believe the 100m limit for Wifi. Here’s what ChatGPT said about seeing these devices from space:
What About Highly Sensitive Military Sensors?
Military and intelligence satellites have:
Cryogenically-cooled receivers
Large antennas or array systems
Advanced signal processing
Machine learning pattern recognition
Possibly space-based SIGINT platforms optimized for low-probability-of-intercept (LPI) signals
So, could they theoretically pick up BLE?
✅ Yes, if:
The satellite is directly overhead
The BLE device is in the open (e.g., desert, ocean, tundra)
There's minimal interference
The target is continuously emitting (e.g., advertising beacons, persistent transmissions)
Multiple satellites cooperate to triangulate or correlate signal patterns
Rendering of Starlink sats in orbit. Each Starlink is like an orbiting AWACS plane and there are over 7,000 operational Starlink satellites in orbit at the time of writing. Assume Starlink satellites have this level of MILSPEC equipment on board. Credit: Starlink.
Networks
Your information needs to travel over networks to get where it’s needed. These can include:
-Public Networks like the Internet. Wired (ethernet) or wireless (wifi) to get on. This is considered to be a public place with no expectation of privacy and there is no vetting of routers and relay servers along the way. Assume anything can be legally collected from the open internet.
-IoT (Internet of Things). This is one of the largest networks with 3-4x more devices attached (vehicles, appliances, trackers, etc.). It uses the same LTE wireless cell networks, but different and separate bands from your voice and data wireless connections.
-Satellite Networks. Starlink and HughesNET are examples. These offer the high ground, away from terrestrial threats, and the could form the basis of a true private network, but they are owned, controlled or accessed at the highest levels by the same groups that controls banking, media and communications. Nothing can be launched into orbit without approval.
-Cellular Networks. All carriers support LTE data pretty much worldwide. Agency tracking is built into the JASPER back end, where meta data and the calls themselves are collected and routed between the carriers. It’s like the Bank of International Settlements for phones.
-Private Networks. Banks and corporations use these. Examples include Chevron gas stations that do credit card processing via a satellite network (dish on the roof of every station goes directly to the data center in Concord, CA) and this is highly secure. Many governments and military rely on private networks. Private networks protect you from threats of the internet and phone networks. These are the future for real security and the reason we built privateLINE on a private network.
-Physical Networks (aka Sneaker Net). USB sticks can carry a lot of data, but are not real time delivery. They are, however, offline and by definition “air gapped”, so they are much more difficult to disrupt and harder to find. In the panopticon, these networks will become very valuable.
What can be gathered on a public network?
-Metadata including web site visits, sender/recipient info from email and some messaging apps, who is connected when on a secure messenger. When enough data is collected, they will know who is on at the same time, based on the volume of information packets.
-Data itself. Encryption that’s publicly available is all broken. Storage is now basically free and all messages are being kept for future decryption, if needed.
-Location. Many apps ask for your location and this data can be collected every 15 minutes. It is sold to data brokers who resell to just about anyone including your ex-spouse, their private investigator, governments, etc.
One other thing we have noticed is that as traffic goes through the internet, your “packets” (the bits of information that make up your comms) can be blocked, copied and rerouted and I believe even modified. Here’s an example of a Zoom call I was on that couldn’t get through:
Note the packets at Host 11 and 12. These are Hurricane Electric routers, a known CCP China front company with many locations in the USA. My ISP tested the same route at the same time and it was OK, so it was my device being targeted to have the packets dropped. Connection was not possible.
One other important point: anti-censorship can be just as valuable as privacy and security. Even if someone is watching, you might still need to get your message through to the recipient.
Video conference services like Zoom are data collectors for the CCP. Here’s an article on Brietbart detailing how they routed video calls through China. When the packets go through CCP agent Hurricane Electric, Zoom doesn’t need to reroute anything, it’s could be automatically sent to China, where AI creates transcripts. It’s shocking how many important calls like patent discovery calls with attorneys, important political calls, etc. people make with a service like Zoom. Many are now connecting AI to summarize the call for “convenience”. That’s another potential leak for your data through the AI backend. AVOID.
Real World Examples
Example 1: I’ll buy a secure privacy phone, connect to the phone system and all my calls are encrypted and secure. LOL. That’s a joke. You will put yourself on the list for more scrutiny because you just opted in to the “Secure” phone. You are connected to the phone network and everything is monitored. If you buy a secure phone, make sure it doesn’t have a phone number and won’t call a phone number. Pay cash or crypto in a location without security cams. They know exactly who you are calling when, where and for how long. AI voice recognition is so good now that in a few seconds, they have you ID’d, even if you use someone else’s phone. Many of the “security phones” have been designed and built by agency operatives (CIA, NSA, FBI, Mossad, Unit 8200, etc). They are mainly honey pots.
Example 2: I’ll use a burner phone, or someone else’s phone and hide that way. Burners offer a way to access the phone system without any ID requirement, like a cell phone equivalent to an anonymous pay phone on the street (which have nearly all been removed). Sadly, if you’ve ever used a regular phone, your voice is tagged by the AI and after several seconds on the phone network, so you are already voice ID’d and your location is known.
Example 3: I’ll move my email to a privacy email service and it’ll be safe there. LOL. Email is fundamentally insecure, it is like sending a postcard out in the open over the internet. Services like Hushmail, Protonmail are popular with privacy buffs, but are they really secure? Here’s what WIRED magazine reported:
Encrypted E-Mail Company Hushmail Spills to Feds
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." But it turns out that statement seems not to apply to individuals targeted by government agencies […]
You can encrypt the contents of the email, but how secure is that? Depends what you use, but the stuff you can find on the internet is, as you would expect, not that great. Best practice, if you must use services like this, are to send and receive the same message on the same server, like Protonmail. Keep in mind just because a server is hosted in a certain place it’s secure. You might want to keep everything inside the borders of your country, which local laws might offer privacy protections. As soon your data crosses a border, you are guaranteed it’s getting vacuumed up by someone.
Protonmail has your recovery email address and they’ve handed it over to the police (which is a legal requirement). From Protonmail’s X/Twitter account:
Proton handed over the real email address to Apple, who handed over the physical address. Why even collect an email address in the first place? Best practice is to never collect an email or phone number or any personally identifiable information but to prevent abuse, the service provider must charge a fee using . Keep in mind, if a service is run as a business to be sustainable in the long run, it must cooperate with law enforcement — and no one legit wants to protect people harming others.
What You Need to Know About Encryption
We were informed (threatened) a few years ago about the four types of encryption:
Toy - used by kids to send notes
Public - the stuff they say is “Military Grade”. That means the military can get into it. Includes SSL (broken in real time), AES (broken), RSA (broken), EC (broken, including EC25519 used on 98% of the most popular cryptocurrencies…meaning there is now an off switch on crypto). If they give it to you, “they” can get into it.
Banking - Stronger than public, but they can still get into it.
WEAPON - the no go zone. They can’t break into this and it concerns them to the point you will become a targeted individual. You’ll get every device in your home hacked with forced “updates” and a black SUV parked outside your house. I’m speaking from experience.
The bottom line is all publicly available encryption can be broken by the top agencies. These secrets leak out and many different groups now have access to these tools.
I know some of you will want to know about Tor. I avoid Tor because the funding sources are not ideal (50% was provided by the US gov, the rest from Open Society Foundation (Soros) and the like). I’ll leave it at that.
The Safest Place to Talk
There is only one absolutely safe way to communicate that’s almost guaranteed safe and requires no special tech. Go outside away from all microphones and electronics…far away from anything with electricity running through it. You leave every device behind and take a walk out in a remote woods at least 500m away from another person. Speak quietly or write on a piece of paper and pass the note, then destroy it. Best practice is in person away from everything, including other people and having the conversation with ONE trusted person. Large groups are a waste of time, the bigger the group, the higher the chance of leaks.
What if you can’t meet face to face?
Avoid nearby people and devices that can eavesdrop (other cell phones, security cameras, fitness watches, etc.). Do not use your “daily driver” phone. You’ve been visiting lots of web sites with it and there is no telling what privacy settings were changed to access a feature and then there is also malware, which can be pushed onto your device without your knowledge. Use a private network and secure apps that have been opensource audited. Opensource is no guarantee of security, it needs to be audited, but the development team and independently. Use a dedicated device that has never been on the internet or phone network and is stored powered down in a Faraday bag when not in use. It’s very difficult to attack a device that is powered down and air-gapped from everything.
The Bottom Line Best Practices for Privacy and Security
-Separate public and private devices. You must maintain a public “Alibi” device or everything you do will be suspected. You can have a certain level of privacy on stock devices with specialized apps, but best practice is a separate device, only used for the most private activities.
-Away from the internet, phone networks and AI. On a private network. Maximum privacy is out in the woods away from all electronics.
-Secure OS and firmware replacing stock OS in a secure device with all trackers and phone homes removed.
-Not made in China and older model hardware, current enough to run late version software, but old enough to not run the latest AI.
-Small groups less than five people. One to one is best. Large groups, especially when not properly vetted might as well be public groups.
-Hardware stored powered down and in Faraday bag when not in use. It can’t be attacked when powered down and protected from RF.
-Dedicated privacy apps for calling and chat. End to end encryption where you generate your own keys and keep them yourself
-Apps that leave no footprints behind. No recording, no metadata collected and zero persistent data when the call ends. Like any hardline pay phone in the 1950’s.
-Airgapped 2FA. This is the code generator for those 6 digit codes you need to access banking or important web sites. Running on a dedicated secure tablet or phone stored powered down in a Faraday Bag. Never have those 6 digit codes sent to your cell phone, as it can be SIM swapped by criminals working inside carriers. I personally know a person who lost $20m in crypto in this kind of attack. Avoid all password storage apps for this reason. Even 2FA apps like Authy or Google that offer to “backup” your secrets on their servers….you should avoid all of them.
-The “Black Book” paper notebook for accounts and passwords. Write them down, do not store on a computer or using a password program.
What Do I Use?
Because I’m still participating in public society, I carry an ATT network Google Pixel 7 model phone for my “daily driver”, I have accounts with Signal, Telegram and Whatsapp to stay in touch with contacts who are on those platforms and email and text messaging. I know those apps spy on me and probably go through my phone as well. I don’t store anything important on my phone. Those are my “Alibi” services and I assume everything I post or say will be made public.
Because I’ve been building private comms for going on 13 years now, a couple years ago I decided to get together with trusted friends to build the secure communications platform I wanted for myself. It had to be simple and effective and we call it privateLINE (privateline.io). As secure as we could make it with some modern features we couldn’t offer in the past. No email or phone number are required for service, but to prevent abuse, you will need either a code or pay to gain access. We store ZERO personal information about our users. Very few services can say that.
My readers can use this code DECODECOMP for a free year of service. Free accounts will also be available to those who help the network.
Here are the features:
-PL Connect. This connects you to our private network using a custom Wireguard client. We maintain two data centers, both bank grade with servers connected via fiber only in SCIF racks in Las Vegas and Atlanta). We expect to enable p2p service that will go from point to point with a secure tunnel and avoiding any centralization later this year. To use any of our apps, you must be running PL Connect to start the secure VPN tunnel. Everything is away from the internet and telephone networks.
-PL Meet. Our version of Jitsi, which is quite a good calling app. We did have to remove a number of trackers our security team found and this runs entirely on our servers inside the private network enclave.
-PL Comms. One to one and group chat and calls based on Element, a popular secure messenger. We removed some trackers and Facebook related libraries from this app, as well.
-PL Auth. This is our 2FA app, which I personally use daily. It works well and if you run it on the PL Batphone, it’s as secure as the public can get.
-PL Batphone. This is a reconditioned Google Pixel 6a phone wiped with the secure Graphene OS and our apps. It’s just the right size with good battery life. We provide a dedicated USB memory stick, wired earpieces and a Faraday bag. It’ll also support six different crypto wallets, so your hardware wallet never touches the internet. Bust out your Batphone for the important calls, connect to hotspot or Wifi and start the tunnel and PL Meet for calls with no footprints.
Whether you decide to try PL or not, that’s up to you. I’ve given you some pointers on how to upgrade your online privacy and security and I hope you put them into practice. Everything is a choice and you might have a very important call you must do on an open line. Everything is a compromise, after all.
Stay safe!
Great article.
It is worse than I thought, but not surprising.
Going back to my high school days to hide private conversations with notes and speaking pig Latin may become popular again ???
My mother always told us growing up, don’t air your dirty laundry in public.
Looks like that has become almost impossible not to do even if you are trying not to.