The Doctor

I never heard of SS7 and have actually no idea how the whole phone system communication works but that’s kinda scary…

SS7 and 1ESS are terribly insecure and were even before CALEA compliance was required. Folks compromising telephony routing systems was a thing back in the early 1990’s.

Story time. I worked as a telecom engineer for a while. One of ourasks was, whenever the telco would get a warrant a small team of us at the office were tasked with turning up the surveillance features of our infra (dupe all CDR logs off to another system for chain of custody, log all of the SIP traffic from the specified subscribers to a separate set of logs on the same box for the same reason, basically trap-and-trace and pen register functionality updated for the early 00’s (we had the capability of tapping and recording RTP traffic in realtime by abusing three way calling but were not asked to do it while I worked there)). About half the time we’d go into our back-end, and find taps already in place. A few times we took it to management, who kicked it up the food chain and were told flat out “Shut up, write up how you would have done it yourself, and just copy the data coming from what you found.” So, we did. Never did find out who did it and why.

OPM is already completely compromised, so it seems likely that they’re going through JPAS to find folks who came out during their background investigations. Expect another round of purges.

It will not hurt your chances.

Sure there is: Don’t store everything in a database.

AI acceleration ASICs are already in a lot of hardware these days. It doesn’t take a whole lot anymore for it to be both cheap and feasible.

It would be pretty easy to test, too.

Get a pre-paid phone. Set up a brand-new Google or Apple account. Activate phone using the new account. Put it through its paces for a few hours and note the ads you get.

Shoot the shit with your friends and family with the phone on the table for a few hours.

Put the phone through its paces again and note the ads you get.

They admitted it back then, too.

https://temp-mail.org/

https://harakirimail.com/

https://10minutemail.net/

https://www.startmail.com/ (7 day free accounts)

https://mailfence.com/ (free personal accounts)

Don’t pay for it, get a free account.

When you get right down to it, it’s all risk management.

https://elblogdelnarco.com/ is the one everybody seems to go to first. Be careful, there’s some pretty fucking horrifying stuff in there.

Look at how Mexican narcobloggers do it. Many of their sites are hosted at places like Blogger. They keep backups of everything they write (those sites let you download site archives from your control panel). They access everything over Tor using TAILS. They delay what they post compared to what happened, to make it more difficult to correlate who was within range of an event (i.e., witnesses) and when they posted it. They don’t post from home but go elsewhere.

They don’t tell anybody they’re narcobloggers. At all.

Thing is, then you stand out as one of the very few people using that alternative.

Probably. Very little will stop a mega from making money. Fines are budgeted as the cost of doing business.

The last time this happened, it took time to get those mines set up and operating. When it slowed down, they mothballed the mines, but they’re still there. It won’t take nearly as long to re-open them.

Earlier than expected. They’ve already kissed the ring, now they’re spreading the cheeks to get at the anus.

Supposedly. Whether or not it actually works is a different matter.

That’s Craig, all right. He’s a big believer in “If I do anything with enough confidence nobody will stop me.”

Yeah, that’s Craig. With a heaping side of spite for anything that breathes oxygen.

Depends on whether or not they have local phys.sec and how much of an asshole they want to be.