As if their government couldn't just track the smartphone or them via social media already.
https://www.lighthousereports.com/methodology/surveillance-s...
> Phone networks need to know where users are in order to route text messages and phone calls. Operators exchange signalling messages to request, and respond with, user location information. The existence of these signalling messages is not in itself a vulnerability. The issue is rather that networks process commands, such as location requests, from other networks, without being able to verify who is actually sending them and for what purpose.
> These signalling messages are never seen on a user’s phone. They are sent and received by “Global Titles” (GTs), phone numbers that represent nodes in a network but are not assigned to subscribers.
'Fun' fact: "other networks" includes all foreign networks with a roaming partnership. It's possible to abuse SS7 to track people across borders, from half the world away.
Political figures being there I somewhat understand, but a Netflix producer? Why would anyone need to track a Netflix producer?
netflix is a crucial tool of narrative control...
they are nowhere near "just producers"...
But it is highly ironic that these companies specialize in surveillance, tracking, and security, and then have a tendency to leave the data that they steal from others open to the Internet in a very amateurish security lapse that in turn leads to everyone stealing from them.
the group:
- dragged its feet on resolving SS7 security vulnerabilities
- repeatedly ignored input from DHS technical experts
- [identified] best practices.. using different filtering systems
- [but] pushed.. to rely on voluntary complianceI recently completed Barack Obama’s A Promised Land (a partial account of his presidency), and he mentions in his book that although he wanted to reform mass surveillance, it looked a little different once he was actually responsible for people’s safety. I often think about this when I drive past Flock cameras or walk into grocery stores; our leaders seem more enticed by the power of this technology than they are afraid of vague abuses happening in _not here_. It seems like no one sees a cost to just not addressing the issue.
By analogy, I feel that reporting on the dangers of fire isn’t really as effective as reporting on why we don’t have arson laws and fire alarms and social norms that make our society more robust to abuse of a useful capability. People who like cooked food aren’t going to engage with anti-fire positions if they just talk about people occasionally burning each other alive. We need to know more about what can be done to protect the average person from downsides of fire, as well as who is responsible for regulating fire and what their agenda for addressing it is. I’d love to see an article identifying who is responsible for installing these Flock cameras in my area, why they did so, and how we can achieve the positive outcomes desired from them (e.g. find car thieves) without the negatives (profiling, stalking, tracking non-criminals, etc).
If the police need your google search history thats ok as long as they can get a warrant showing they have justification and then perhaps at a delayed time, the account owner should be notified that this happened.
If they need access to your phone, rather than hacking it they should just take it off you and get the password from you.
This limits tracking since this is a fairly disruptive and visible thing and prevents just passive tracking of everyone all the time.
Businesses who use facial recognition for loss prevention should be legally required to only use their data for this purpose and never for marketing and analytics. They must not ever sell the data and delete it within a reasonable time.
1) It does not _prevent_ the most serious crimes. People who are going to murder or rape someone are often not mentally capable or understanding how likely they are to get caught or caring about it in the moment. It might help solve it but there's usually more than enough conventional evidence. And these crimes are typically not what people coordinate with others so surveilling communication does not help much.
2) Stealing? Maybe. I can imagine cameras dissuade some opportunists but then again, shoplifting is reportedly high with self-checkouts and those are packed with cameras. Other kinds like burglars will probably just learn to be more careful with gloves and masks. And surveilling communication does not help unless we're talking organized crime and those people should be competent enough to use encrypted comms even if the major platforms are backdoored.
3) Crimes of opportunity like vandalism. Again, cameras are enough, if they work at all. The extra fraction of idiots who would be caught because they brag only about setting a trash can on fire it negligible compared to the downsides.
---
What surveillance absolutely could deter and help catch is organized resistance like staging a protest/riot/insurrection or individuals doing research before an assassination.
And that's why politicians, who are the most likely victims of these crimes, want surveillance. And you might genuinely believe that no current politician in your country deserves to be shot or that the current government should not be overthrown.
But we have to keep in mind that the next government will inherit these systems. Nothing is permanent, no democracy will last forever.
Historically, most countries have periods of freedom and authoritarianism, separated by collapse or revolt. At some point, in your country too, people will need to rise up to reassert their rights again.
It's a matter of when, not if.
---
I see where you are coming from and there were times in my life where more surveillance would have helped my side but ultimately, it's a balancing act and surveillance tips the scale in favor of people who already have a lot of power.
An ideal government with total surveillance is the best case. You get the benefits of low crime without the drawback of corruption and ideology. The problem is in practice:
- Large institutions aren’t good at exercising fine control: even if the leaders have truly good intentions, corrupt mid-level employees and inaccurate data lead to bad outcomes.
- Good leaders seem to often pick bad successors, and unless they frequently pick better successors, someone will eventually pick a corrupt one.
- Corrupt leaders seem to be good at ousting or sidelining good leaders, more than vice versa, perhaps because good leaders are less passionate about gaining and keeping power.
Perhaps there are other reasons. Not just ideal governments, but even self-preserving governments don’t tend to last. Hence, although decentralization and privacy are never ideal, they should exist at least for backup, “just in case” (inevitably in practice) the centralized surveillance system goes rouge.
Since governments and laws exist to ensure justice, freedom will always be the price we pay.
Governments mostly exist to coordinate resource usage to out compete other societies.
Some amount of justice and welfare and roads, or whatever other things (varied by society and time period), are what they pay us so that our compliance is mostly voluntary and is therefore substantially more efficient.
You can bicker over exact word choice and the minute, but this general form is how it's always been from the present all the way back into the ancient world.
This whole way of thinking makes my skin crawl.
Just like sex, any kind of power exchange needs consent.
This whole idea that people are led or need to be led is wrong. Perhaps some people do but that's their problem, it shouldn't be mine. What politicians are is decision makers, not leaders.
We don't have time to vote on every single law personally, so we appoint temporary assistants who do it for us, based on our preferences. That's how it should work.
These assistants should work for us, not lead us. We should always have the power to override their decisions and to remove and replace them at any time. Of course, making this work in a practical manner, while satisfying constraints such as secrecy of votes, is difficult. I don't dispute that but we should be striving to find ways to get as close to this ideal as possible, not making politics into a career or treating it as a reality show.
And most certainly, these assistants ("leaders" as you call them) should not be picking their successors without our consent.
And there are a lot of really weird discussions to be had about "consent," too. If we allow unlimited speech, that means that we're all subject to marketing and propaganda, and that's another thing that people are quite vulnerable to. Being convinced to vote via propaganda isn't really a great example of consent. But banning any speech that resembles propaganda is rife with problems.
Anyway, my point is that democracy/voting and free speech isn't necessarily the most free/consented-to form of government. I'm not sure what would take its place, though. I certainly wish I knew.
Whether they pick them or you pick them, you still have the same problem.
Bad people often get into office. Politicians lie, major parties both run bad candidates, sometimes voters are of the inclination to just elect whoever they think will mount the strongest assault on the status quo.
Expecting that never to happen is a lot less pragmatic than setting things up ahead of time to mitigate the damage when it does.
It also helps make the point of what it means to say “society breaks down” or “democracy is at stake” or “faith in our institutions is flagging.” What it really means is that those whom were thought of as leaders no longer have the consent of the followers, who are making their own decisions now- often to ill effect of any strangers around them
"Citizens will be on their best behavior because we are constantly recording and reporting everything that’s going on." -- Larry Ellison (who should not be anthropomorphized)
And Ellison is not even a politician, he doesn't even has any kind of immunity. Meanwhile, EU politicians want to impose Chat Control on everyone except them.
The core issue is that they see themselves as different from us.
Politics should not be a career. It should be something a person does for 5, at most 10 years max and after that they are back to being like everyone else, with 0 benefits (and with potentially more surveillance, I think politicians' finances should be under extra scrutiny for the rest of their lives).
That seems highly disingenuous or just ignorant. We publicly had this problem starting in the 1990s. The NSA used to have a program that would capture data but then encrypt it and protect it from random access. They discontinued that program and instituted a new one that had zero privacy protections in it.
This was right at the turn when the "war on terror" started. Which was the excuse then used to abandon the better program for the egregious one since it was projected to be better for this particular use case. It's debatable whether that was true or not.
> Flock cameras or walk into grocery stores
Record it if you want. Law enforcement, at any level, should require an actual warrant to access it in any form. This isn't a binary. You can enhance security and privacy at the same time.
It's the same "impose a small but poorly defined cost on everybody and act as though it's worth it because it maybe saves one defined life and therefore anyone who wants to call you out has an uphill battle" model you see used by bad people and dishonest comment section types the world over.
Society has no good way to reason about these "it's not much individually but when you do it to all of society it adds the F up" type downsides.
Like if you could save one life per year at the cost of making it take everyone an extra minute per day that's obviously not worth it at the scale of the united states because you're actually losing more life than you're saving.
But replace the "one minute" with something more subjective and nobody calls it out.
It boils down to one thing that allows these surveillance technologies to exist: public apathy.
Why not HIBP (Have I Been Pwned) style site to check against the database if your number is in?
SS7: Locate. Track. Manipulate. [2014] https://media.ccc.de/v/31c3_-_6249_-_en_-_saal_1_-_201412271...
https://media.ccc.de/v/25c3-2997-en-locating_mobile_phones_u...
For example, this post could have been a product of just probing a particular group of people to understand if they are interested in the subject and what they have to say about it.
That can be done indirectly, by suggesting someone (offering a link or planting an idea) that is already known to be interested in surveillance and prone to share interesting discoveries (in other words, the poster might not even be aware he could be an asset).
Think about the many ways someone could know your interests and how prone you are to react to something and how that could be used. If you are in tech, think about all the silly ways that kind of information can leak publicly.
People often disregard the possibility that they could be an active part of a surveillance network (as an unkowingly asset), instead focusing on more fantastical ideas such as technological hacks or coding wizardry.
https://www.giosec.uk/specialist-services---geo-location.htm...
If your device privacy is a mess, mobile ID links you to all the good and bad things you do on a phone.
Had no idea this was part of the tool options, but backbone cell network makes sense.
Other TTPs I’d read about was variations on geo-fenced adserving to phish a mobile ID basically via user interaction or scroll past the ad. Small enough geofence and do it a few times, one could safely figure out the user being the ID. Googling “RTB surveillance” or “DSP surveillance” are ways into the topic.
Scary stuff! Pair that with this tech has been working for years, and is international. Frames a bit differently every action by a public figure - also at risk via the same threat model.
Also long have wondered what data analysis like this is done on technical forums… ran by a VC firm… with a lot of insider context (product market fit?) in the comments.
aucisson_masque•3h ago
There is mention of fake antenna but I don't think they cover entire country with that, how do they do?
jonplackett•3h ago
This article answers none of my questions!
kipchak•3h ago
https://www.lighthousereports.com/methodology/surveillance-s...
CGMthrowaway•3h ago
The SMS are intercepted because thru SS7 by tricking the network into thinking the target phone is roaming (3).
(1)https://www.lighthousereports.com/methodology/surveillance-s...
(2)https://www.motherjones.com/politics/2025/10/firstwap-altami...
(3)https://www.fyno.io/blog/is-it-easy-to-intercept-sms-a-compl...
arkadiyt•3h ago
For anyone worried, this approach:
1) Breaks the existing phone from receiving WhatsApp messages, so you can notice that behavior
2) Can be prevented by setting up a WhatsApp pin in your settings
citizenpaul•3h ago
Horrifying that nearly banks still require you to use sms as a 2fa and do not offer any other alternative.
Did you really think the US Gov was OK with facebook running the biggest "encrypted" SMS system on earth. LOL of course they already had access to all the messages.
varenc•2h ago
bayindirh•2h ago
In my country banking applications are tied to your phone via IMEI, SIM and other hardware dependent information available.
Forget getting banking details and use another device without the user knowing, either.
If someone clones your SIM or gets a replacement in behalf of you, your all banking access is blocked until you enable them one by one with your ID card or other means.
One of the banks can use FaceID as a secondary factor, too.
So, other methods are possible. It's an "implementation detail" at this point.