Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
NC Scout Profile picture
NC Scout
@Brushbeater
HMFIC, Brushbeater Training and Consulting. Bestselling author - Guerrilla's Guide to the Baofeng. https://t.co/yITJ3nEWjQ https://t.co/5pDwGmBbDH https://t.co/0jMZ7BW2fv

Sep 7, 2023, 24 tweets

Let's talk about some of the reasons your metadata, and specifically what's tied to your phone, is a big problem. (thread)

So the question surrounding messaging apps, encryption, security, device tradecraft, legalities, so on an so forth. We can distill this down to a simple concept: if you're at all involved in anything political, consider yourself a target of interest.

But let's say for the sake of argument that you're not and simply wish to obscure yourself from potential prying eyes. Let's take a look at some of the tools not just available to big gov, but to literally anyone.

Meet Maltego. Maltego is just one OSINT data scraping tool, albeit an incredibly powerful one, that allows anyone to source a mountain of data on a target of interest.
maltego.com/solutions/inci…

Let's take a look at Maltego's capabilities to track your geolocation based on a single piece of data - your phone number. Again, this is not big scary .gov, this is available to literally anyone:

Alright, so don't give out your phone number you say. That's fine, we'll snag it up another way with the same tool:

Why's this important? That should be obvious, and since communications security is the game, every effort needs to be made to shield that phone number. This calls messaging apps into question which require it, which in and of itself is a known vulnerability.

From Signal's own site concerning the Twilio incident that leaked user's data (but not the messages):
support.signal.org/hc/en-us/artic…

Another vulnerability, and one that's even more concerning, is the hosting of data. If a messaging app relies upon a central location, let's say Signal, that aspect is also a vulnerability. Signal is hosted by Amazon web services and Microsoft Azure:
datacenterdynamics.com/en/news/encryp…

Now, those are two companies well known for securing the rights of their customers, right? RIGHT? Come on, trust em...like you trust Liberty Safes.

They wouldn't lie to you. They said so.

No? Oh. That's right. And they're also hosted within the domain of Five Eyes. So, in case you didn't know, a little light reading on Five Eyes:
en.wikipedia.org/wiki/Five_Eyes

By the way, since I know someone will chime in here, what can be collected on you and what's legally admissible as evidence are not the same. That said, sources and methods are rarely disclosed concerning electronic eavesdropping.

So now that we've discussed the why, let's revisit the what. There's three pieces of data at a minimum you're blasting out with a cell phone at any given time (IMSI, IMEI, carrier number). This is regardless of any operating system you're using.

For those of you living in 2003, you might advocate a "burner phone". Yeah, sure. The problem with this (there's multiple) is that you are not changing your PATTERNS OF LIFE:
cambridge-intelligence.com/pattern-of-lif…

So no matter how hard you're contorting your brain, I can save you the time - there's no such thing as a 'burner phone.' Its a lot of expense to essentially be wasting your money and time. WiFi tablets make a lot more sense.

There's also absolutely zero point in hardening an OS on a phone if you're a idiot in how you use it. You absolutely *should* be hardening your attack surface from all threats. GraphineOS is a great way to do it. But this does not resolve those three pieces of metadata.

As I've pointed out, the only way to do that is through configuring a wifi-only tablet, so that you have complete control over where it accesses a network and when its shut off. I've discussed this ad nauseam in the past.

Github is your go-to source for the individual apk files we're discussing below. You're sideloading these apps - not getting them from any in-device downloading service (like google play, for example).
github.com

Messaging apps themselves... decentralization and networked through TOR are the two watchwords here. Session, Briar, Cwtch, SimpleX, Element, all solid options in this regard and were developed in large part out of the metadata concerns regarding Signal.
forum.xda-developers.com/t/top-5-decent…

Another consideration is that each of these have the capability to be installed on a laptop. So if tablets aren't your thing or maybe you want a greater level of administrative control, put it on a laptop. Functionally it works the same.

When you're configuring devices, make sure everything is routed through TOR. Yeah, it has some security concerns of its own - it was developed by the Office of Naval Research, after all - but this is about putting as many smoke screens up as possible masking your metadata.

One apk that is an absolute must have is Orbot. What its doing is pipelining your network access through a TOR proxy from the time it starts up, masking your IP address of the device itself.
guardianproject.info/apps/org.torpr…

IP address is only part of the story. We want to change the MAC address of the device too. Here's a primer on how:
alphr.com/change-mac-add…

It goes without saying to not allow anyone to touch your devices - for any reason. And you may also use the common cope of "but I'm doing nothing illegal"...yeah, until someone who happens to not like you deems it so.
@RevolverNewsUSA
@GenFlynn
@BreitbartNews
@Snakeeater36

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling