Careless Whisper: Moving Off Signal?
Did you protect your carrier phone number? That's just a start.
There is a serious problem with the underlying technologies in use by both Signal and WhatsApp.
This video does a much better job of explaining it than I could, it really is worth eight and a half minutes of your time.
Interpretation:
What does this really mean? I donāt think so much for me, because ā¦
My Signal number(s) are Google Voice numbers.
My Signal accounts have names, I never give out even the GV digits.
My phone(s) are turned off unless thereās a good reason for them to be on.
My carrier numbers, such as I allow, change regularly.
My communications are all VPN by default.
There are situations where non-phone chat apps are required.
But in general, as Iāve been saying all along, if you treat a post paid carrier assigned number as part of your identity, you are exposing yourself to a range of hazards, starting with ID theft oriented moves like SIM swap attacks. If youāre using a stable prepaid number thatās somewhat better, but if itās known, youāre giving up your location.
Remediation:
We had an extensive article entitled Secure iPhone as part of last fallās mostly abortive #OpPillowFort. I showed some proper (read: paranoid) SIM handling in Becoming Unpalatable and then went a bit further in SLNT, wherein I got the first Faraday bag Iāve admitted to having.
Despite Google being part of the machine, if you are still giving out a carrier number you are the worst sort of muggle. Do whatever it takes to conceal those carrier digits from the world and get to work on ensuring your family/friends donāt know them either. If youāre a fan of Denis Villeneuve I want you to go re-watch the scene in Sicario where Josh Brolin tells Emily Bluntās character to not go into the bank.
Because if your carrier number is known, youāre marching into that bank, like we still have a rules based system in place. We do not.
Burners:
Canāt I just buy a burner?
Purchasing a burner does not make you safe operator, any more than purchasing a ghillie suit makes you a sniper. Years ago I talked to a fellow who crossed international borders and had reason to be worried about people on either side of the line. He came to me, we talked a bit, then he got a couple new devices, SIMs, and plans, of his own accord, coming back after growing confused.
How did you pay for them?
** ponderously pregnant pause **
With ā¦ my debit card ā¦ why?
And thusly did a couple high end used phones get sold at a loss, and the SIMs/plans were disposed of as well. What might have hunted him could have cut through that purchase chain, had things gone badly. He lost a couple hundred dollars getting an education.
You really do need to read What Hunts You? Until you know what your problem is, you can not begin to craft a solution. If you own a ghillie suit (I do not) and you wear it on your train ride into the city, you will perhaps be noticed, should someone manage to pry their eyes from the screen of their cyberleash.
The goal here is what the Japanese call ęøćæ - it would do you good to Google that and read a bit.
Personal:
Am I throwing away Signal? Nope, itās still the nexus for a lot of stuff I do. I think most people I deal with already have symbolic names. Getting the ones who really need to start moving phone numbers to actually do so is a thankless chore. I have resigned myself to comforting survivors, should worst case estimates come to pass.
There have always been other chat apps. FSM boil me alive, I even recently reinstalled Slack(!) because itās the best thing going for AI integration. Other things live(d) in VMs here and there. Telegram, Threema, Viber: all have their place in the scheme of things.
Since I wrote What Hunts You?, and Iām always looking for new tradecraft, I pick up stuff. Articles like Donāt Be So Slutty and Not Even Human are the shallow end of bad actors that cross my field of view. There are other things that tickle my spidey sense, which I do not share here. Some of that is part of Paranoia: Pathological or Professional? Some of it is being certain thereās an issue, but not wanting to let on that I noticed. How else would you game such a problem?
Conclusion:
My life has changed steadily over the last twelve months. Red Sparrow Reality keeps unwinding in unexpected ways. This uncoiling can never be described in detail, but it IS happening, and it pleases me to no end to have ācompleted the setā. My Brand Defense Strategist tasks with Cicada 3301 are a curious thing, there is an unwinding there as well, so much so that I didnāt feel I was shirking my duties when I resumed work on Shall We Play A Game?
When Itās Too Late is among the final fitful gasps of the many years I spent (wasted?) trying to prevent us from experiencing Life In Interesting Times. I recently had another cyborg approach akin to what happened in Not Even Human, which Iāll write up before too long. I was initially on high alert, because of course Iām on high alert, but after watching and waiting, itās just an interesting new flavor of scammer.
As my personal exposure diminishes, my attentiveness ā¦ is different. Not lesser, but less reactive. I still think every single one of you should be doing something to make yourselves harder targets. Even if the birthing of a third republic involves only trouble for the MAGA world, the scammers are now armed with AI and theyāre only going to accelerate.
So youāre on notice ā¦ what are you going to do to make sure youāre howling with laughter, rather than bellowing in pain, when that AI enabled fraudster comes calling?