I am a security researcher and three letter agencies have talked to me more than a couple times about their interest in my work.
I got a used manual transmission easy to repair vehicle with no internet, no cell phone, I only use cash IRL, and the only device I travel with is a QubesOS laptop.
If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
A former NSA guy worked with me seventeen years ago. He had been retired for five years from the agency at that point we worked together.
He did not own a mobile phone or any internet connected device. Was staunchly against it. This attitude was based on what he knew were the surveillance capabilities in 2003. Ended up retiring to a mountain cabin that was off grid.
Maybe he was crazy, but he never seemed like the prepper type. Just very very sober and serious about avoiding electronic communications.
Well, these measures are a bit outdated. To be tracked now you don't need to access someone's personal devices. You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too. Your home address is also logged through many ways but primarily your tax filing and driver's license. Your home internet can be logged one way or another too, at router level (think of the many exploits against that). What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle. And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you? FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely. What about personal connections like friends and family or work that could be a weak link? and many ways without going into further details. So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't. If they want to track you, they have all the resources (technical, legal, etc.) needed to do so.
>FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.
Don't Airtags now notify the nearby user if they are being tracked? I have heard of airtags getting modded to remove the speaker but Apple bypassed this with software updates that alert you out of band(as far as I know). Your assertion would require government to have special Airtags that iOS ignores no?
> What about your laptop hardware? Definitely it isn't open source.
On some older Thinkpads you can install Coreboot/Libreboot. Or even buy them with that, if flashing the firmware seems to complicated/risky, or necessitating buying equipment one does not have at the ready. Same goes at least for some routers, with OpenWRT, or the likes, or depending on the used connection technology going 'full personal computer' with some Linux/BSD again, with even more options regarding Core-/Librebroot/Dasharo underneath. There are always some paths for at least some aspects of that stuff. Most funny thing, if you don't trust your switches is something like https://www.apalrd.net/posts/2025/network_smartsfp/ <-that's not the only one. Imagine a cluster of firewalls in your ports!1!!
The question is if it's worth it? Or maybe more like a hobby with the benefit of staying technologically fit, but at the end of the day more like LARPing 'prepping'?
Privacy is like diet, it is not a zero sum game. The less data we give to advertisers and governments the better. The point is to increase the expense of tracking and create as many holes in their databases as possible.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/
firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.
I am a nobody who had a mental health breakdown following an ugly divorce and even though I settled my case - 380 days in solitary, Plea Bargain for Class A Misdemeanor - last month I was cuffed and interrogated in one county simply because I visited downtown and my plates were picked up in a different county when I was trying to navigate family law related obligations.
To put it another way, I'm on a legal-to-harass-list probably for the rest of my life and likely can't do a damn thing about it...beyond the obvious, which I've chosen, which is to enjoy a low-key, crime free, introspective creative sabbatical as much as possible on the fringes of society. Last thing I'm interested in is...whatever they accused me of this time...
(And not those stupid “Honda Civic is the most stolen car” publications that fail to control for popularity. When you do, Civics are middle of the pack).
Of course the industry only published the frequency rates for a few years because it probably didn’t instil the fear factor that journalists failed to point out in their slop.
In one interview he says that after being surveilled overseas for a while by an obvious amateur, he told the station chief who then gave him the OK to kill the guy.
Surely they would try evasion, counter-surveillance, or maybe even sending a team to grab the guy off the street to figure out who he is?
He claims the only reason he didn't kill the guy is because for some reason he randomly decided to mention it to a general in the local intelligence service, and then suddenly the tail vanished.
2. While I don't even dislike the guy, let alone hate him, Kiriakou tends to make grandiose and controversial claims that get discredited.
3. Kiriakou hasn't been privvy to CIA tech since roughly 2004. Yes, before the era of modern smartphones, all devices were pwned. He's been doing the rounds on any podcast that will take him where he elaborates on these claims further and it's pretty clear that he doesn't have decent subject matter knowledge.
Can a lot of phones and TVs and cars be exploited? Yes. Keep your devices patched. And, don't do things that attract the CIA's attention enough that they're putting in the significant effort it takes to pwn your TV or car.
tl;dr: If you're in a position where the CIA is targeting you, worry.
> Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux.
> In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks, and in February 2024 sentenced to 40 years' imprisonment.
Just a reminder they can car accident anyone anywhere from anywhere and having an old car will not save anyone when a Tesla with AI enabled cloud cameras is approaching head on.
that's like the every 6 months proposed new revelation that everyone around cats is supposedly schizophrenic from toxoplasmosis gondii, which a day or two later is debunked. then "goto 10" and the cycle starts anew.
i am glad you responded, because i just went looking anew and could not find it being debunked...and don't remember what i had seen last time around.
evidently not debunked, as i just (first time in months) went re-reading CDC etc...but the punchlines i remembered from months ago include the only reservoir being cats, who clear the infections themselves, and healthy immune system humans generally have no symptoms.
"Cats can only release the infectious oocytes for between one and three weeks after they become infected, after which they can no longer spread the parasites."
what's interesting, and to your point, is the lack of insight as to why some people have side effects like bipolar and schizophrenia.
These three agencies are opposed to the public having access to appropriate cybersecurity: NSA, NIST, CIA. The goal of government should have been to boost the citizen's cybersecurity, but it is the opposite. Americans are worse off as a result.
I am a security researcher and three letter agencies have talked to me more than a couple times about their interest in my work.
I got a used manual transmission easy to repair vehicle with no internet, no cell phone, I only use cash IRL, and the only device I travel with is a QubesOS laptop.
If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
A former NSA guy worked with me seventeen years ago. He had been retired for five years from the agency at that point we worked together.
He did not own a mobile phone or any internet connected device. Was staunchly against it. This attitude was based on what he knew were the surveillance capabilities in 2003. Ended up retiring to a mountain cabin that was off grid.
Maybe he was crazy, but he never seemed like the prepper type. Just very very sober and serious about avoiding electronic communications.
lol do you have a face?
Well, these measures are a bit outdated. To be tracked now you don't need to access someone's personal devices. You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too. Your home address is also logged through many ways but primarily your tax filing and driver's license. Your home internet can be logged one way or another too, at router level (think of the many exploits against that). What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle. And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you? FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely. What about personal connections like friends and family or work that could be a weak link? and many ways without going into further details. So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't. If they want to track you, they have all the resources (technical, legal, etc.) needed to do so.
>I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered.
How did they discover it and what was the actual bug? Are you aware of Purism Anti-Interdiction service?
Link if anyone is curious: https://puri.sm/posts/anti-interdiction-services/
>FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.
Don't Airtags now notify the nearby user if they are being tracked? I have heard of airtags getting modded to remove the speaker but Apple bypassed this with software updates that alert you out of band(as far as I know). Your assertion would require government to have special Airtags that iOS ignores no?
The protocol is known, creating a tag that rotates IDs every hour should be trivial.
I am aware of large manufacturers that have agreements with the NSA to share source code, presumably so they can compile customized firmware.
I would not be surprised if Apple does this.
> FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.
well they did say
>>If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
> What about your laptop hardware? Definitely it isn't open source.
On some older Thinkpads you can install Coreboot/Libreboot. Or even buy them with that, if flashing the firmware seems to complicated/risky, or necessitating buying equipment one does not have at the ready. Same goes at least for some routers, with OpenWRT, or the likes, or depending on the used connection technology going 'full personal computer' with some Linux/BSD again, with even more options regarding Core-/Librebroot/Dasharo underneath. There are always some paths for at least some aspects of that stuff. Most funny thing, if you don't trust your switches is something like https://www.apalrd.net/posts/2025/network_smartsfp/ <-that's not the only one. Imagine a cluster of firewalls in your ports!1!!
The question is if it's worth it? Or maybe more like a hobby with the benefit of staying technologically fit, but at the end of the day more like LARPing 'prepping'?
https://en.wikipedia.org/wiki/The_Anderson_Tapes <- 1971! Very prescient nonetheless.
Privacy is like diet, it is not a zero sum game. The less data we give to advertisers and governments the better. The point is to increase the expense of tracking and create as many holes in their databases as possible.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/ firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
https://trove.distrust.co
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.
I am a nobody who had a mental health breakdown following an ugly divorce and even though I settled my case - 380 days in solitary, Plea Bargain for Class A Misdemeanor - last month I was cuffed and interrogated in one county simply because I visited downtown and my plates were picked up in a different county when I was trying to navigate family law related obligations.
To put it another way, I'm on a legal-to-harass-list probably for the rest of my life and likely can't do a damn thing about it...beyond the obvious, which I've chosen, which is to enjoy a low-key, crime free, introspective creative sabbatical as much as possible on the fringes of society. Last thing I'm interested in is...whatever they accused me of this time...
I also want to takeover my phone, TV, and even my car.
Just buy a range rover. Nobody can operate it. Not even the mechanic who is currently looking into it, again.
I've also been told the key difference between a Land Rover, and a door-to-door salesman is you can close the door on the latter.
I get the joke, but LRs/RRs had the top theft rates in Canada, for shipping overseas.
Like, 4% theft rate per year nationwide. 1 in every 25 jacked in a year: https://www.equiteassociation.com/top-10-archives/top-10-mos...
And pushed 7% in Ontario: https://www.equiteassociation.com/top-10-archives/top-10-mos...
(And not those stupid “Honda Civic is the most stolen car” publications that fail to control for popularity. When you do, Civics are middle of the pack).
Of course the industry only published the frequency rates for a few years because it probably didn’t instil the fear factor that journalists failed to point out in their slop.
https://www.equiteassociation.com/top-10-most-stolen-vehicle...
I'd be very interested to know what this community's view on Mr Kiriakou is
He shows up on Youtube a lot, and is always a great watch, but is he full of shit or what?
He has been invited to speak at HOPE and I'd like to think there is some level of standards applied to vetting talks there: https://www.youtube.com/watch?v=k3tKmaylRrY
He does repeat the same saga of his time in Pakistan a lot (or maybe im watching too many of his talks expecting something new).
I'm skeptical of some of this guy's stories.
In one interview he says that after being surveilled overseas for a while by an obvious amateur, he told the station chief who then gave him the OK to kill the guy.
Surely they would try evasion, counter-surveillance, or maybe even sending a team to grab the guy off the street to figure out who he is?
He claims the only reason he didn't kill the guy is because for some reason he randomly decided to mention it to a general in the local intelligence service, and then suddenly the tail vanished.
https://youtu.be/BXtDH2IXKY8?t=650
Does not strike me as outlandish for US covert operatives.
https://www.aljazeera.com/news/2025/9/6/us-navy-seals-killed...
My 1971 Ford truck accepts the challenge.
Wave at the Flock cameras as you drive by.
is this post trying to bait us? has anyone seen through the history of this guy s claims? have they been like debunked anywhere?
1. This news site is analogous to a tabloid. They're just rehashing info from K's appearance in a LADBible video: https://www.youtube.com/watch?v=BXtDH2IXKY8
2. While I don't even dislike the guy, let alone hate him, Kiriakou tends to make grandiose and controversial claims that get discredited.
3. Kiriakou hasn't been privvy to CIA tech since roughly 2004. Yes, before the era of modern smartphones, all devices were pwned. He's been doing the rounds on any podcast that will take him where he elaborates on these claims further and it's pretty clear that he doesn't have decent subject matter knowledge.
Can a lot of phones and TVs and cars be exploited? Yes. Keep your devices patched. And, don't do things that attract the CIA's attention enough that they're putting in the significant effort it takes to pwn your TV or car.
tl;dr: If you're in a position where the CIA is targeting you, worry.
Remember...sometimes the target doesn't have a smart phone or watch much TV so those people around a target become at risk. That could be YOU. https://theintercept.com/document/hunt-sys-admins/
[dead]
This was all released many years ago in the Vault 7 drop. What's new here?
Release thread https://news.ycombinator.com/item?id=13939422
Trial for leaker https://news.ycombinator.com/item?id=22226066
You mean for you, or the average reader saying “What’s a Vault 7 drop”?
> Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux.
> In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks, and in February 2024 sentenced to 40 years' imprisonment.
https://en.wikipedia.org/wiki/Vault_7
Just a reminder they can car accident anyone anywhere from anywhere and having an old car will not save anyone when a Tesla with AI enabled cloud cameras is approaching head on.
They're reminding you that they own you.
Probably nothing. Think of it as a PSA being re-run every X days.
that's like the every 6 months proposed new revelation that everyone around cats is supposedly schizophrenic from toxoplasmosis gondii, which a day or two later is debunked. then "goto 10" and the cycle starts anew.
Wait, when (and how) did toxoplasmosis and bartonella amongst cat owners get debunked?
i am glad you responded, because i just went looking anew and could not find it being debunked...and don't remember what i had seen last time around.
evidently not debunked, as i just (first time in months) went re-reading CDC etc...but the punchlines i remembered from months ago include the only reservoir being cats, who clear the infections themselves, and healthy immune system humans generally have no symptoms.
"Cats can only release the infectious oocytes for between one and three weeks after they become infected, after which they can no longer spread the parasites."
what's interesting, and to your point, is the lack of insight as to why some people have side effects like bipolar and schizophrenia.
PSA: healthy immune system humans are vastly over counted.
My taxes at work.
These three agencies are opposed to the public having access to appropriate cybersecurity: NSA, NIST, CIA. The goal of government should have been to boost the citizen's cybersecurity, but it is the opposite. Americans are worse off as a result.
[flagged]
[dead]