NC Scout Profile picture
Sep 7, 2023 24 tweets 6 min read Read on X
Let's talk about some of the reasons your metadata, and specifically what's tied to your phone, is a big problem. (thread)
So the question surrounding messaging apps, encryption, security, device tradecraft, legalities, so on an so forth. We can distill this down to a simple concept: if you're at all involved in anything political, consider yourself a target of interest.
But let's say for the sake of argument that you're not and simply wish to obscure yourself from potential prying eyes. Let's take a look at some of the tools not just available to big gov, but to literally anyone.
Meet Maltego. Maltego is just one OSINT data scraping tool, albeit an incredibly powerful one, that allows anyone to source a mountain of data on a target of interest.…
Let's take a look at Maltego's capabilities to track your geolocation based on a single piece of data - your phone number. Again, this is not big scary .gov, this is available to literally anyone:
Alright, so don't give out your phone number you say. That's fine, we'll snag it up another way with the same tool:
Why's this important? That should be obvious, and since communications security is the game, every effort needs to be made to shield that phone number. This calls messaging apps into question which require it, which in and of itself is a known vulnerability.
From Signal's own site concerning the Twilio incident that leaked user's data (but not the messages):…
Another vulnerability, and one that's even more concerning, is the hosting of data. If a messaging app relies upon a central location, let's say Signal, that aspect is also a vulnerability. Signal is hosted by Amazon web services and Microsoft Azure:…
Now, those are two companies well known for securing the rights of their customers, right? RIGHT? Come on, trust you trust Liberty Safes.

They wouldn't lie to you. They said so.
No? Oh. That's right. And they're also hosted within the domain of Five Eyes. So, in case you didn't know, a little light reading on Five Eyes:
By the way, since I know someone will chime in here, what can be collected on you and what's legally admissible as evidence are not the same. That said, sources and methods are rarely disclosed concerning electronic eavesdropping.
So now that we've discussed the why, let's revisit the what. There's three pieces of data at a minimum you're blasting out with a cell phone at any given time (IMSI, IMEI, carrier number). This is regardless of any operating system you're using.
For those of you living in 2003, you might advocate a "burner phone". Yeah, sure. The problem with this (there's multiple) is that you are not changing your PATTERNS OF LIFE:…
So no matter how hard you're contorting your brain, I can save you the time - there's no such thing as a 'burner phone.' Its a lot of expense to essentially be wasting your money and time. WiFi tablets make a lot more sense.
There's also absolutely zero point in hardening an OS on a phone if you're a idiot in how you use it. You absolutely *should* be hardening your attack surface from all threats. GraphineOS is a great way to do it. But this does not resolve those three pieces of metadata.
As I've pointed out, the only way to do that is through configuring a wifi-only tablet, so that you have complete control over where it accesses a network and when its shut off. I've discussed this ad nauseam in the past.
Github is your go-to source for the individual apk files we're discussing below. You're sideloading these apps - not getting them from any in-device downloading service (like google play, for example).
Messaging apps themselves... decentralization and networked through TOR are the two watchwords here. Session, Briar, Cwtch, SimpleX, Element, all solid options in this regard and were developed in large part out of the metadata concerns regarding Signal.…
Another consideration is that each of these have the capability to be installed on a laptop. So if tablets aren't your thing or maybe you want a greater level of administrative control, put it on a laptop. Functionally it works the same.
When you're configuring devices, make sure everything is routed through TOR. Yeah, it has some security concerns of its own - it was developed by the Office of Naval Research, after all - but this is about putting as many smoke screens up as possible masking your metadata.
One apk that is an absolute must have is Orbot. What its doing is pipelining your network access through a TOR proxy from the time it starts up, masking your IP address of the device itself.…
IP address is only part of the story. We want to change the MAC address of the device too. Here's a primer on how:…
It goes without saying to not allow anyone to touch your devices - for any reason. And you may also use the common cope of "but I'm doing nothing illegal"...yeah, until someone who happens to not like you deems it so.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with NC Scout

NC Scout Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Brushbeater

Nov 7, 2023
A short thread on training tips & lessons learned from the Signals Intelligence Course last weekend in southern MO.

Packed house and a very diverse set of experience among the students ranging from having never touched a radio to a retired SOT-A instructor.
I brought the gamut of equipment ranging from scanners (uniden SDS-100) & communications receivers (AOR DV-10) to supplying the class with TinySA Ultras spectrum analyzers. The winning combo for targeting the broadest range of signals is the TinySA and the AOR DV-10, hands down.
Scanners are fine for situational awareness (SA) of emergency services, but little else. The TinySA not only captures literally everything in real time, but the waterfall displays the nature of the traffic when we're doing data analysis.…
Read 9 tweets
Oct 19, 2023
(THREAD) Had a mountain of good feedback after last night's quick thread on HF. Had a few questions on resources / references also.

BLUF, HF has a very steep learning curve and can be a major source of frustration without solid help. So let's dive in. Image
As I pointed out last night, antenna is everything. Just like with rifles, brands and features are meaningless if your fundamentals suck. Think of your antenna as the barrel of your weapon - nothing makes up for a shitty barrel.
So with that said, the first reference you should go for is the Special Forces Antenna Handbook from 1974. It was written in plain English and keep the tech end stuff to a minimum, but has some really well drawn diagrams explaining theory:…
Read 9 tweets
Oct 19, 2023
(THREAD) Let's talk a little HF and antennas. What's HF? High Frequency (3-30mHz) that allows for regional and even global communications. HF is extremely important for long-distance regional, off-grid communications. Image
This evening I was contacted by a friend and retired Marine Officer with questions regarding one of his local guy's HF struggles. The learning curve is steep, even more so when you're not in a class with a competent instructor to break down the complex into the simple.
Guy was hearing everything (and everyone) on a statewide EMCOMM net, but not being heard. The "law of reciprocity" in radio is a myth.

Their solution was more power - his Xiegu G90 with 20w of power didn't seem to be cutting it. But the answer was NOT more power. Image
Read 10 tweets
Sep 24, 2023
(thread) Let's talk a little communications tradecraft; Backchannels.

Back channels are, in short, a compartmentalized method of communications that isolated one covert from another, overt, method of communicating which is likely under surveillance. Image
Back channels are created with contacts for clandestine purposes. You may or may not have an overt connection to these persons (whether that's in person or digitally) but the requirement for clandestine communication exists.
I've written in the past regarding compartmentalization of contacts in the form of white (overt), red (tactical), and black side (clandestine).

On the Black side, I may very well be communicating with those that I've had a previous relation mapping. Image
Read 13 tweets
Sep 12, 2023
THREAD: So, since someone just asked about Single Side Band (SSB), let's dive into it. There's a few different ways RF is modulated by a radio: Frequency Modulation (FM), Continuous Wave (CW), Phase Modulation and finally, Amplitude Modulation (AM). SSB is part of AM.
Anyone who's worked HF knows that voice (AKA phone) is done via SSB, either lower (LSB) or upper (USB). What this means in layman's terms is that an AM signal is split in half for efficiency's sake. Image
Short history lesson - Art Collins was close friends with Gen. Curtis LeMay and invented a filter to divide an AM signal into sidebands. LeMay was so impressed, knowing the communications difficulties bomber crews had in WWII, that he made USB the DOD standard on HF. Image
Read 10 tweets
Sep 12, 2023
A short thread on radio references, since a BUNCH of you are asking...

Here's what's on my bookshelf and why.
I wrote the antenna chapter in my book intended to be an easy to follow, step by step instruction manual to build a few very basic utility antennas. The SF Antenna Handbook from 1974 goes deep into it in a simple to read way:
The ARRL puts out probably the best professional references of anyone out there. While they're obviously written from the ham radio perspective, its great knowledge. All three of their Wire Antenna classics books are must reads:
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!


0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy


3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!