Former CIA spy: agency's tools can takeover your phone, TV, and even your car

How did they discover it and what was the actual bug? Are you aware of Purism Anti-Interdiction service?

Link if anyone is curious: https://puri.sm/posts/anti-interdiction-services/

>FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.

Don't Airtags now notify the nearby user if they are being tracked? I have heard of airtags getting modded to remove the speaker but Apple bypassed this with software updates that alert you out of band(as far as I know). Your assertion would require government to have special Airtags that iOS ignores no?

>>If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.

> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.

E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.

> same goes with bus/trains tickets

I pay cash for these and use them short term so little tracking value here.

> our home internet can be logged one way or another too, at router level (think of the many exploits against that).

I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.

> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.

I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/ firmware.

As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.

https://trove.distrust.co

> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?

If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.

> What about personal connections like friends and family or work that could be a weak link?

I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.

> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.

My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.

My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.

On some older Thinkpads you can install Coreboot/Libreboot. Or even buy them with that, if flashing the firmware seems to complicated/risky, or necessitating buying equipment one does not have at the ready. Same goes at least for some routers, with OpenWRT, or the likes, or depending on the used connection technology going 'full personal computer' with some Linux/BSD again, with even more options regarding Core-/Librebroot/Dasharo underneath. There are always some paths for at least some aspects of that stuff. Most funny thing, if you don't trust your switches is something like https://www.apalrd.net/posts/2025/network_smartsfp/ <-that's not the only one. Imagine a cluster of firewalls in your ports!1!!

The question is if it's worth it? Or maybe more like a hobby with the benefit of staying technologically fit, but at the end of the day more like LARPing 'prepping'?

> In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks, and in February 2024 sentenced to 40 years' imprisonment.

https://en.wikipedia.org/wiki/Vault_7