Margaret talks with Elle, an anarchist and security professional, about different threat modeling approaches and analyzing different kinds of threats. They explore physical threats, digital security, communications, surveillance,and general OpSec mentalities for how to navigate the panopticon and do stuff in the world without people knowing about it…if you’re in Czarist Russia of course.
Elle can be found on twitter @ellearmageddon.
Host and Publisher
The host Margaret Killjoy can be found on twitter @magpiekilljoy or instagram at @margaretkilljoy.
This show is published by Strangers in A Tangled Wilderness. We can be found at www.tangledwilderness.org, or on Twitter @TangledWild and Instagram @Tangled_Wilderness. You can support the show on Patreon at www.patreon.com/strangersinatangledwilderness.
Live Like the World is Dying: Elle on Threat Modeling
Hello, and welcome to Live Like The World Is Dying, your podcast for what feels like the end times. I’m your host, Margaret killjoy. And with me at the exact moment is my dog, who has just jumped up to try and talk into the microphone and bite my arm. And, I use ‘she’ and ‘they’ pronouns. And this week, I’m going to be talking to my friend Elle, who is a, an anarchist security professional. And we’re going to be talking about threat modeling. And we’re going to be talking about how to figure out what people are trying to do to you and who’s trying to do it and how to deal with different people trying to do different things. Like, what is the threat model around the fact that while I’m trying to record a podcast, my dog is biting my arm? And I am currently choosing to respond by trying to play it for humor and leaving it in rather than cutting it out and re recording. This podcast is a proud member of the Channel Zero network of anarchists podcasts. And here’s a jingle from another show on the network.
Okay, if you could introduce yourself, I guess, with your name and your pronouns, and then maybe what you do as relates to the stuff that we’re going to be talking about today.
Yeah, cool. Hi, I’m Elle. My pronouns are they/them. I am a queer, autistic, anarchist security practitioner. I do security for a living now that I’ve spent over the last decade, working with activist groups and NGOs, just kind of anybody who’s got an interesting threat model to help them figure out what they can do to make themselves a little a little safer and a little more secure.
So that word threat model. That’s actually kind of what I want to have you on today to talk about is, it’s this word that we we hear a lot, and sometimes we throw into sentences when we want to sound really smart, or maybe I do that. But what does it mean, what is threat modeling? And why is it relevant?
Yeah, I actually, I really love that question. Because I think that we a lot of people do use the term threat modeling without really knowing what they mean by it. And so to me, threat modeling is having an understanding of your own life in your own context, and who poses a realistic risk to you, and what you can do to keep yourself safe from them. So whether that’s, you know, protecting communications that you have from, you know, state surveillance, or whether it’s keeping yourself safe from an abusive ex, your threat model is going to vary based on your own life experiences and what you need to protect yourself from and who those people actually are and what they’re capable of doing.
Are you trying to say there’s not like one solution to all problems that we would just apply?
You know, I love…
I don’t understand.
I know that everybody really, really loves the phrase “Use signal. Use TOR,” and you know, thinks that that is the solution to all of life’s problems. But it actually turns out that, no, you do have to have both an idea of what it is that you’re trying to protect, whether it’s yourself or something like your communications and who you’re trying to protect it from, and how they can how they can actually start working towards gaining access to whatever it is that you’re trying to defend.
One of the things that when I think about threat modeling that I think about is this idea of…because the levels of security that you take for something often limit your ability to accomplish different things. Like in Dungeons and Dragons, if you were plate armor, you’re less able to be a dexterous rogue and stealth around. And so I think about threat modeling, maybe as like learning to balance….I’m kind of asking this, am I correct in this? Balancing what you’re trying to accomplish with who’s trying to stop you? Because like, you could just use TOR, for everything. And then also like use links the little like Lynx [misspoke “Tails”] USB keychain and never use a regular computer and never communicate with anyone and then never accomplish anything. But, it seems like that might not work.
Yeah, I mean, the idea, the idea is to prevent whoever your adversaries are from keeping you from doing whatever you’re trying to accomplish. Right? So if the security precautions that you’re taking to prevent your adversaries from preventing you from doing a thing are also preventing you from doing the thing, then it doesn’t matter, because your adversaries have just won, right? So there, there definitely is a need, you know, to be aware of risks that you’re taking and decide which ones make sense, which ones don’t make sense. And kind of look at it from from a dynamic of “Okay, is this something that is in my, you know, acceptable risk model? Is this a risk I’m willing to take? Are there things that I can do to, you know, do harm reduction and minimize the risk? Or at least like, make it less? Where are those trade offs? What, what is the maximum amount of safety or security that I can do for myself, while still achieving whatever it is that I’m trying to achieve?”
Do you actually ever like, chart it out on like, an X,Y axis where you get like, this is the point where you start getting diminishing returns? I’m just imagining it. I’ve never done that.
In, in the abstract, yes, because that’s part of how autism brain works for me. But in a, like actually taking pen to paper context, not really. But that’s, you know, at least partially, because of that’s something that autism brain just does for me. So I think it could actually be a super reasonable thing to do, for people whose brains don’t auto filter that for them. But but I’m, I guess, lucky enough to be neurodivergent, and have like, you know, like, we always we joke in tech, “It’s not a bug, it’s a feature.” And I feel like, you know, autism is kind of both sometimes. In some cases, it’s totally a bug and and others, it’s absolutely a feature. And this is one of the areas where it happens to be a feature, at least for me.
That makes sense. I, I kind of view my ADHD as a feature, in that, it allows me to hyper focus on topics and then move on and then not come back to them. Or also, which is what I do now for work with podcasting, and a lot of my writing. It makes it hard to write long books, I gotta admit,
Yeah, I work with a bunch of people with varying neuro types. And it’s really interesting, like, at least at least in my own team, I think that you know, the, the folks who are more towards the autism spectrum disorder side of of the house are more focused on things like application security, and kind of things that require sort of sustained hyper focus. And then folks with ADHD make just absolutely amazing, like incident responders and do really, really well in interrupt driven are interrupts heavy contexts,
It’s wild to me, because I’m just like, yes, this makes perfect sense. And obviously, like, these different tasks are better suited to different neuro types. But I’ve also never worked with a manager who actually thought about things in that way before.
And so it’s actually kind of cool to be to be in a position where I can be like, “Hey, like, Does this sound interesting to you? Would you rather focus on this kind of work?” And kind of get that that with people.
That makes sense that’s…. i I’m glad that you’re able to do that. I’m glad that people that you work with are able to have that you know, experience because it is it’s hard to it’s hard to work within….obviously the topic of today is…to working in the workplace is a neurodivergent person, but it I mean it affects so many of us you know, like almost whatever you do for work the the different ways your brain work are always struggling against it. So.
Yeah, I don’t know. It just it makes sense to me to like do your best to structure your life in a way that is more conducive to your neurotype.
You know, if you can.
I don’t even realize exactly how age ADHD I was until I tried to work within a normal workforce. I built my entire life around, not needing to live in one place or do one thing for sustained periods of time. But okay, but back to the threat modeling.
The first time I heard of, I don’t know if it’s the first time I heard a threat modeling or not, I don’t actually know when I first started hearing that word. But the first time I heard about you, in the context of it was a couple years back, you had some kind of maybe it was tweets or something about how people were assuming that they should use, for example, the more activist focused email service Rise Up, versus whether they should just use Gmail. And I believe that you were making the case that for a lot of things, Gmail would actually be safer, because even though they don’t care about you, they have a lot more resources to throw at the problem of keeping governments from reading their emails. That might be a terrible paraphrasing of what you said. But this, this is how I was introduced to this concept of threat modeling. If you wanted to talk about that example, and tell me how I got it all wrong.
Yeah. Um, so you didn’t actually get it all wrong. And I think that the thing that I would add to that is that if you are engaging in some form of hypersensitive communication, email is not the mechanism that you want to do that. And so when I say things like, “Oh, you know, it probably actually makes sense to use Gmail instead of Rise Up,” I mean, you know, contexts where you’re maybe communicating with a lawyer and your communications are privileged, right?it’s a lot harder to crack Gmail security than it is to crack something like Rise Up security, just by virtue of the volume of resources available to each of those organizations. And so where you specifically have this case where, you know, there’s, there’s some degree of legal protection for whatever that means, making sure that you’re not leveraging something where your communications can be accessed without your knowledge or consent by a third party, and then used in a way that is conducive to parallel construction.
So what is parallel construction?
Parallel construction is a legal term where you obtain information in a way that is not admissible in court, and then use that information to reconstruct a timeline or reconstruct a mechanism of access to get to that information in an admissible way.
So like every cop show
Right, so like, with parallel construction around emails, for example, if you’re emailing back and forth with your lawyer, and your lawyer is like, “Alright, like, be straight with me. Because I need to know if you’ve actually done this crime so that I can understand how best to defend you.” And you’re like, “Yeah, dude, I totally did that crime,” which you should never admit to in writing anyway, because, again, email is not the format that you want to have this conversation in. But like, if you’re gonna admit to having done crimes in email, for some reason, how easy it is for someone else to access that admission is important. Because if somebody can access this email admission of you having done the crimes where you’re, you know, describing in detail, what crimes you did, when with who, then it starts, like, it gets a lot easier to be like, “Oh, well, obviously, we need to subpoena this person’s phone records. And we should see, you know, we should use geolocation tracking of their device to figure out who they were in proximity to and who else was involved in this,” and it can, it can be really easy to like, establish a timeline and get kind of the roadmap to all of the evidence that they would need to, to put you in jail. So it’s, it’s probably worth kind of thinking about how easy it is to access that that information. And again, don’t don’t admit to doing crimes in email, email is not the format that you want to use for admitting to having done crimes. But if you’re going to, it’s probably worth making sure that, you know, the the email providers that you are choosing are equipped with both robust security controls, and probably also like a really good legal team. Right? So if…like Rise Up isn’t going to comply with the subpoena to the like, to the best of their ability, they’re not going to do that, but it’s a lot easier to sue Rise Up than it is to sue Google.
And it’s a lot easier to to break Rise Up’s security mechanisms than it is to break Google’s, just by virtue of how much time and effort each of those entities is able to commit to securing email. Please don’t commit to doing crimes in email, just please just don’t. Don’t do it in writing. Don’t do it.
Okay, let me change my evening plans. Hold on let me finish sending this email..
Well, I mean, I guess like the one of the reasons that I thought so much about that example, and why it kind of stuck with me years later was just thinking about what people decide they’re safe, because they did some basic security stuff. And I don’t know if that counts under threat modeling. But it’s like something I think about a lot is about people being like, “I don’t understand, we left our cell phones at home and went on a walk in the woods,” which is one of the safest ways anyone could possibly have a conversation. “How could anyone possibly have known this thing?” And I’m like, wait, you, you told someone you know, or like, like, not to make people more paranoid, but like…
Or maybe, maybe you left your cell phone at home, but kept your smartwatch on you, because you wanted to close, you know, you wanted to get your steps for the day while you were having this conversation, right?
Because otherwise, does it even count if I’m not wearing my [smartwatch].
Right, exactly. And like, we joke, and we laugh, but like, it is actually something that people don’t think about. And like, maybe you left your phones at home, and you went for a walk in the woods, but you took public transit together to get there and were captured on a bunch of surveillance cameras. Like there’s, there’s a lot of, especially if you’ve actually been targeted for surveillance, which is very rare, because it’s very resource intensive. But you know, there there are alternate ways to track people. And it does depend on things like whether or not you’ve got additional tech on you, whether or not you were captured on cameras. And you know, whether whether or not your voices were picked up by ShotSpotter, as you were walking to wherever the woods were like, there’s just there’s we live in a panopticon. I don’t say that so that people are paranoid about it, I say it because it’s a lot easier to think about, where, when and how you want to phrase things.
In a way that you know, still facilitates communications still facilitates achieving whatever it is that you’re trying to accomplish, but sets you sets you up to be as safe as possible in doing it. And I think that especially in anarchist circles, just… and honestly also in security circles, there’s a lot of of like, dogmatic adherence to security ritual, that may or may not actually make sense based on both, you, who your actual adversaries are, and what their realistic capabilities are.
And what they’re trying to actually accomplish I feel like is…Okay, one of the threat models that I like…I encourage people sometimes to carry firearms, right in very specific contexts. And it feels like a security… Oh, you had a good word for it that you just used…ritual of security theater, I don’t remember…a firearm often feels like that,
In a way where you’re like,” Oh, I’m safe now, right, because I’m carrying a firearm.” And, for example, I didn’t carry a firearm for a very long time. Because for a long time, my threat model, the people who messed with me, were cops. And if a cop is going to mess with me, I do not want to have a firearm on me, because it will potentially escalate a situation in a very bad way. Whereas when I came out and started, you know, when I started getting harassed more for being a scary transwoman, and less for being an anarchist, or a hitchhiker, or whatever, you know, now my threat model is transphobes, who wants to do me harm. And in a civilian-civilian context, I prefer I feel safer. And I believe I am safer in most situations armed in that case. But every time I leave the house, I have to think about “What is my threat model?” And then in a similar way, sorry, it’s just me thinking about the threat model of firearms, but it’s the main example that I think of, is that often people’s threat model in terms of firearms and safety as themselves, right? And so you just actually need to do the soul searching where you’re like,”What’s more likely to happen to me today? Am I likely to get really sad, or am I likely to get attacked by fascists?”
Yeah. And I think that there is there’s an additional question, especially when you’re talking about arming yourself, whether it’s firearms, or carrying a knife, or whatever, because like, I don’t own any firearms, but I do carry a knife a lot of the time. And so like some questions, some additional questions that you have to ask yourself are, “How confident am I in my own ability to use this to harm another person?” Because if you’re going to hesitate, you’re gonna get fucked up.
Like, if you are carrying a weapon, and you pull it out and hesitate in using it, it’s gonna get taken away from you, and it’s going to be used against you. So that’s actually one of the biggest questions that I would say people should be asking themselves when developing a threat model around arming themselves is, “Will I actually use this? How confident am I?” if you’re not confident, then it’s okay to leave it at home. It’s okay to practice more. It’s okay to like develop that familiarity before you start using it as an EDC. Sorry an Every Day Carry. And then the you know, the other question is, “How likely am I to get arrested here?” I carry, I carry a knife that I absolutely do know how to use most of the time when I leave the house. But when I’m going to go to a demonstration, because the way that I usually engage in protests or in demonstrations is in an emergency medical response capacity, I carry a medic kit instead. And my medic kit is a clean bag that does not have any sharp objects in it. It doesn’t have anything that you know could be construed as a weapon it doesn’t have…it doesn’t…I don’t even have weed gummies which are totally like recreationally legal here, right? I won’t even put weed in the medic kit. It’s it is very much a…
Well, if you got a federally arrested you’d be in trouble with that maybe.
Yeah, sure, I guess. But, like the medic bag is very…nothing goes in this kit ever that I wouldn’t want to get arrested carrying. And so there’s like EMT shears in there.
But that’s that’s it in terms of like…
Those are scary you know…the blunted tips.
I know, the blunted tips and the like safety, whatever on them. It’s just…it’s it is something to think about is “Where am I going…What…Who am I likely to encounter? And like what are the trade offs here?”
I remember once going to a demonstration a very long time ago where our like, big plan was to get in through all of the crazy militarized downtown in this one city and, and the big plan is we’re gonna set up a Food Not Bombs inside the security line of the police, you know. And so we picked one person, I think I was the sacrificial person, who had to carry a knife, because we had to get the folding tables that we’re gonna put the food on off of the top of the minivan. And we had to do it very quickly, and they were tied on. And so I think I brought the knife and then left it in the car and the car sped off. And then we fed people and they had spent ten million dollars protecting the city from 30 people feeding people Food Not Bombs.
But, but yeah, I mean, whereas every other day in my life, especially back then when I was a hitchhiker, I absolutely carried a knife.
You know, for multiple purposes. Yeah, okay, so then it feels like…I like rooting it in the self defense stuff because I think about that a lot and for me it maybe then makes sense to sort of build up and out from there as to say like…you know, if someone’s threat model is my ex-partner’s new partner is trying to hack me or my abusive ex is trying to hack me or something, that’s just such a different threat model than…
Yeah, it is.
Than the local police are trying to get me versus the federal police are trying to get me versus a foreign country is trying to get me you know, and I and it feels like sometimes those things are like contradictory to each other about what isn’t isn’t the best maybe.
They are, because each of those each of those entities is going to have different mechanisms for getting to you and so you know, an abusive partner or abusive ex is more likely to have physical access to you, and your devices, than you know, a foreign entity is, right? Because there’s there’s proximity to think about, and so you know, you might want to have….Actually the….Okay, so the abusive ex versus the cops, right. A lot of us now have have phones where the mechanism for accessing them is either a password, or some kind of biometric identifier. So like a fingerprint, or you know, face ID or whatever. And there’s this very dogmatic adherence to “Oh, well, passwords are better.” But passwords might actually not be better. Because if somebody has regular proximity to you, they may be able to watch you enter your password and get enough information to guess it. And if you’re, if you’re not using a biometric identifier, in those use cases, then what can happen is they can guess your password, or watch, you type it in enough time so that they get a good feeling for what it is. And they can then access your phone without your knowledge while you’re sleeping. Right?
And sometimes just knowing whether or not your your adversary has access to your phone is actually a really useful thing. Because you know how much information they do or don’t have.
Yeah. No that’s…
And so it really is just about about trade offs and harm reduction.
That never would have occurred to me before. I mean, it would occur to me if someone’s trying to break into my devices, but I have also fallen into the all Biometrics is bad, right? Because it’s the password, you can’t change because the police can compel you to open things with biometrics, but they can’t necessarily compel you…is more complicated to be compelled to enter a password.
I mean, like, it’s only as complicated as a baton.
Yeah, there’s that XKCD comic about this. Have you seen it?
Yes. Yes, I have. And it is it is an accurate….We like in security, we call it you know, the Rubber Hose method, right? It we….
The implication here for anyone hasn’t read it is that they can beat you up and get you to give them their [password].
Right people, people will usually if they’re hit enough times give up their password. So you know, I would say yeah, you should disable biometric locks, if you’re going to go out to a demonstration, right? Which is something that I do. I actually do disable face ID if I’m taking my phone to a demo. But it…you may want to use it as your everyday mechanism, especially if you’re living in a situation where knowing whether or not your abuser has access to your device is likely to make a difference in whether you have enough time to escape.
Right. These axioms or these these beliefs we all have about this as the way to do security,the you know…I mean, it’s funny, because you brought up earlier like use Signal use Tor, I am a big advocate of like, I just use Signal for all my communication, but I also don’t talk about crime pretty much it in general anyway. You know. So it’s more like just like bonus that it can’t be read. I don’t know.
Yeah. I mean, again, it depends, right? Because Signal…Signal has gotten way more usable. I’ve been, I’ve been using Signal for a decade, you know, since it was still Redphone and TextSecure. And in the early days, I used to joke that it was so secure, sometimes your intended recipients don’t even get the messages.
That’s how I feel about GPG or PGP or whatever the fuck.
Oh, those those….
Sorry, didn’t mean to derail you.
Let’s not even get started there. But so like Signal again, has gotten much better, and is way more reliable in terms of delivery than it used to be. But I used to, I used to say like, “Hey, if it’s if it’s really, really critical that your message reach your recipient, Signal actually might not be the way to do it.” Because if you need if you if you’re trying to send a time sensitive message with you know guarantee that it actually gets received, because Signal used to be, you know, kind of sketchy on or unreliable on on delivery, it might not have been the best choice at the time. One of the other things that I think that people, you know, think…don’t think about necessarily is that Signal is still widely viewed as a specific security tool. And that’s, that’s good in a lot of cases. But if you live somewhere, for example, like Belarus, where it’s not generally considered legal to encrypt things, then the presence of Signal on your device is enough in and of itself to get you thrown in prison.
And so sometimes having a mechanism like, you know, Facebook secret messages might seem like a really, really sketchy thing to do. But if your threat model is you can’t have security tools on your phone, but you still want to be able to send encrypted messages or ephemeral messages, then that actually might be the best way to kind of fly under the radar. So yeah, it again just really comes down to thinking about what it is that you’re trying to protect? From who? And under what circumstances?
Yeah, I know, I like this. I mean, obviously, of course, you’ve thought about this thing that you think about. I’m like, I’m just like, kind of like, blown away thinking about these things. Although, okay, one of these, like security things that I kind of want to push back on, and actually, this is a little bit sketchy to push back on, the knife thing. To go back to a knife. I am. I have talked to a lot of people who have gotten themselves out of very bad situations by drawing a weapon without then using it, which is illegal. It is totally illegal.
I would never advocate that anyone threaten anyone with a weapon. But, I know people who have committed this crime in order to…even I mean, sometimes it’s in situations where it’d be legal to stab somebody,like…
One of the strangest laws in the United States is that, theoretically, if I fear for my life, I can draw a gun…. And not if I fear for my life, if I am, if my life is literally being threatened, physically, if I’m being attacked, I can I can legally draw a firearm and shoot someone, I can legally pull a knife and stab someone to defend myself. I cannot pull a gun and say “Back the fuck off.” And not only is it illegal, but it also is a security axiom, I guess that you would never want to do that. Because as you pointed out, if you hesitate now the person has the advantage, they have more information than they used to. But I still know a lot of hitchhikers who have gotten out of really bad situations by saying, “Let me the fuck out of the car.”
Absolutely. It’s not….Sometimes escalating tactically can be a de-escalation. Right?
Sometimes pulling out a weapon or revealing that you have one is enough to make you no longer worth attacking. But you never know how someone’s going to respond when you do that, right?
So you never know whether it’s going to cause them to go “Oh shit, I don’t want to get stabbed or I don’t want to get shot,” and stop or whether it’s going to trigger you know a more aggressive response. So it doesn’t mean that you know, you, if you pull a weapon you have to use it.
But if you’re going to carry one then you do need to be confident that you will use it.
No, that that I do agree with that. Absolutely.
And I think that is an important distinction, and I you know I also think that…not ‘I think’, using a gun and using a knife are two very different things. For a lot of people, pulling the trigger on a gun is going to be easier than stabbing someone.
Yeah that’s true.
Because of the proximity to the person and because of how deeply personal stabbing someone actually is versus how detached you can be and still pull the trigger.
Like I would…it sounds…it feels weird to say but I would actually advocate most people carry a gun instead of a knife for that reason, and also because if you’re, if you’re worried about being physically attacked, you know you have more range of distance where you can use something like a gun than you do with a knife. You have to be, you have to be in close quarters to to effectively use a knife unless you’re like really good at throwing them for some reason and even I wouldn’t, cause if you miss…now your adversary has a knife.
I know yeah. Unless you miss by a lot. I mean actually I guess if you hit they have a knife now too.
I have never really considered whether or not throwing knives are effective self-defense weapons and I don’t want to opine too hard on this show.
I advise against it.
Yeah. Okay, so to go back to threat modeling about more operational security type stuff. You’re clearly not saying these are best practices, but you’re instead it seems like you’re advocating of “This as the means by which you might determine your best practices.”
Do you have a…do you have a a tool or do you have like a like, “Hey, here’s some steps you can take.” I mean, we all know you’ve said like, “Think about your enemy,” and such like that, but Is there a more…Can you can you walk me through that?
I mean, like, gosh, it really depends on who your adversary is, right?
Like, if you’re if you’re thinking about an abusive partner, that’s obviously going to vary based on things like, you know, is your abusive partner, someone who has access to weapons? Are they someone who is really tech savvy? Or are they not. At…The things that you have to think about are going to just depend on the skills and tools that they have access to? Is your abusive partner or your abusive ex a cop? Because that changes some things.
Yeah, fair enough.
So like, most people, if they actually have a real and present kind of persistent threat in their life, also have a pretty good idea of what that threat is capable of, or what that threat actor or is capable of. And so it, it’s it, I think, it winds up being fairly easy to start thinking about things in terms of like, “Okay, how is this person going to come after me? How, what, what tools do they have? What skills do they have? What ability do they have to kind of attack me or harm me?” But I think that, you know, as we start getting away from that really, really, personal threat model of like the intimate partner violence threat model, for example, and start thinking about more abstract threat models, like “I’m an anarchist living in a state,” because no state is particularly fond of us.
I know it’s wild, because like, you know, we just want to abolish the State and States, like want to not be abolished, and I just don’t understand how, how they would dislike us for any reason..
Yeah, it’s like when I meet someone new, and I’m like, “Hey, have you ever thought about being abolished?” They’re usually like, “Yeah, totally have a beer.”
Right. No, it’s…
For sure. Um, but when it comes to when it comes to thinking about, you know, the anarchist threat model, I think that a lot of us have this idea of like, “Oh, the FBI is spying on me personally.” And the likelihood of the FBI specifically spying on ‘you’ personally is like, actually pretty slim. But…
No, no, I want to go back to thinking about it’s slim, it’s totally slim.
Look…But like, there’s there is a lot like, we know that, you know, State surveillance dragnet exists, right, we know that, you know, plaintext text messages, for example, are likely to be caught both by, you know, Cell Site Simulators, which are in really, really popular use by law enforcement agencies.
Which is something that sets up and pretends to be a cell tower. So it takes all the data that is transmitted over it. And it’s sometimes used set up at demonstrations.
Yes. So they, they both kind of convinced your phone into thinking that they are the nearest cell tower, and then actually pass your communications on to the next, like the nearest cell tower. So your communications do go through, they’re just being logged by this entity in the middle. That’s, you know, not great. But using something…
Unless you’re the Feds.
I mean, even if you…
You just have to think about it from their point of. Hahah.
Even if you are the Feds, that’s actually too much data for you to do anything useful with, you know?
Okay, I’ll stop interuppting you. Haha.
Like, it’s just…but if you’re if you are a person who is a person of interest who’s in this group, where a cell site simulator has been deployed or whatever, then then that you know, is something that you do have to be concerned about and you know, even if you’re not a person of interest if you’re like texting your friend about like, “All right, we do crime in 15 minutes,” like I don’t know, it’s maybe not a great idea. Don’t write it down if you’re doing crime. Don’t do crime. But more importantly don’t don’t create evidence that you’re planning to do crime, because now you’ve done two crimes which is the crime itself and conspiracy to commit a crime
Be straight. Follow the law. That’s the motto here.
Yes. Oh, sorry. I just like I don’t know, autism brain involuntarily pictured, like an alternate universe in which in where which I am straight, and law abiding. And I’m just I’m very…
Sounds terrible. I’m sorry.
Right. Sounds like a very boring….
Sorry to put that image in your head.
I mean, I would never break laws.
Ever Never ever. I have not broken any laws I will not break any laws. No, I think that…
The new “In Minecraft” is “In Czarist Russia.” Instead of saying “In Minecraft,” because it’s totally blown. It’s only okay to commit crimes “In Czarist Russia.”
All right. We don’t have to go with that. I don’t know why i got really goofy.
I might be to Eastern European Jewish for that one.
Oh God. Oh, my God, now I just feel terrible.
It’s It’s fine. It’s fine.
Well, that was barely a crime by east…
I mean it wasn’t necessarily a crime, but like my family actually emigrated to the US during the first set of pogroms.
So like, pre Bolshevik Revolution.
But yeah, anyway.
Okay, well, I meant taking crimes like, I basically think that, you know, attacking the authorities in Czarist Russia is a more acceptable action is what I’m trying to say, I really don’t have to try and sell you on this plan.
I’m willing to trust your judgment here.
That’s a terrible plan, but I appreciate you, okay. Either way, we shouldn’t text people about the crimes that we’re doing.
We should not text people about the crimes that we’re planning on doing. But, if you are going to try to coordinate timelines, you might want to do that using some form of encrypted messenger so that whatever is logged by a cell site simulator, if it is in existence is not possible by the people who are then retrieving those logs. And you know, and another reason to use encrypted messengers, where you can is that you don’t necessarily want your cell provider to have that unencrypted message block. And so if you’re sending SMS, then your cell, your cell provider, as the processor of that data has access to an unencrypted or plain text version of whatever text message you’re sending, where if you’re using something like Signal or WhatsApp, or Wicker, or Wire or any of the other, like, multitude of encrypted messengers that you could theoretically be using, then it’s it’s also not going directly through your your provider, which I think is an interesting distinction. Because, you know, we we know, from, I mean, we kind of sort of already knew, but we know for a fact, from the Snowden Papers, that cell providers will absolutely turn over your data to the government if they’re asked for it. And so minimizing the amount of data that they have about you to turn over to the government is generally a good practice. Especially if you can do it in a way that isn’t going to be a bunch of red flags.
Right, like being in Belarus and using Signal.
Okay. Also, there’s the Russian General who used an unencrypted phone where he then got geo located and blowed up.
Also bad threat modeling on that that guy’s part, it seems like
I it, it certainly seems to…that person certainly seems to have made several poor life choices, not the least of which was being a General in the Russian army.
Yeah, yeah. That, that tracks. So one of the things that we talked about, while we were talking about having this conversation, our pre-conversation conversation was about…I think you brought up this idea that something that feels secret, doesn’t mean it is, and
I’m wondering if you had more thoughts about that concept? It’s not a very good prompt.
So like, it’s it’s a totally reasonable prompt, we say a lot that, you know, security and safety are a feeling. And I think that that actually is true for a lot of us. But there’s this idea that, Oh, if you use coded language, for example, then like, you can’t get caught. I don’t actually think that’s true, because we tend to use coded language that’s like, pretty easily understandable by other people. Because the purpose of communicating is to communicate.
And so usually, if you’re like, code language is easy enough to be understood by whoever it is you’re trying to communicate with, like, someone else can probably figure it the fuck out too. Especially if you’re like, “Hey, man, did you bring the cupcakes,” and your friend is like, “Yeah!” And then an explosion goes off shortly thereafter, right? It’s like, “Oh, by cupcakes, they meant dynamite.” So I, you know, I think that rather than then kind of like relying on this, you know, idea of how spies work or how, how anarchists communicated secretly, you know, pre WTO it’s, it’s worth thinking about how the surveillance landscape has adapted over time, and thinking a little bit more about what it means to engage in, in the modern panopticon, or the contemporary panopticon, because those capabilities have changed over time. And things like burner phones are a completely different prospect now than they used to be. Actually…
In that they’re easier or wose?
Oh, there’s so much harder to obtain now.
It’s it is so much easier to correlate devices that have been used in proximity to each other than it used to be. And it’s so much easier to, you know, capture people on surveillance cameras than it used to be. I actually wrote a piece for Crimethinc about this some years ago, that that I think kind of still holds up in terms of how difficult it really, really is to procure a burner phone. And in order to do to do that safely, you would have to pay cash somewhere that couldn’t capture you on camera doing it, and then make sure that it was never turned on in proximity with your own phone anywhere. And you would have to make sure that it only communicated with other burner phones, because the second it communicates with a phone that’s associated to another person, there’s a connection between your like theoretical burner phone and that person. And so you can be kind of triangulated back to, especially if you’ve communicated with multiple people. It just it is so hard to actually obtain a device that is not in any way affiliated with your identity or the identity of any of your comrades. But, we have to start thinking about alternative mechanisms for synchronous communication.
And, realistically speaking, taking a walk in the woods is still going to be the best way to do it. Another reasonable way to go about having a conversation that needs to remain private is actually to go somewhere that is too loud and too crowded to…for anyone to reasonably overhear or to have your communication recorded. So using using the kind of like, signal to noise ratio in your favor.
To help drown out your own signal can be really, really useful. And I think that that’s also true of things like using Gmail, right? The signal to noise ratio, if you’re not using a tool that’s specifically for activists can be very helpful, because there is just so much more traffic happening, that it’s easier to blend in.
I mean, that’s one reason why I mean, years ago, people were saying that’s why non activists should use GPG, the encrypted email service that is terrible, was so attempt to try and be like, if you only ever use it, for the stuff you don’t want to be known, then it like flags it as “This stuff you don’t want to be known.” And so that was like, kind of an argument for my early adoption Signal, because I don’t break laws was, you know, just be like,” Oh, here’s more people using Signal,” it’s more regularized, and, you know, my my family talks on Signal and like, it helps that like, you know, there’s a lot of different very normal legal professions that someone might have that are require encrypted communication. Yeah, no book, like accountants, lawyers. But go ahead.
No, no, I was gonna say that, like, it’s, it’s very common in my field of work for people to prefer to use Signal to communicate, especially if there is, you know, a diversity of phone operating systems in the mix.
Oh, yeah, totally. I mean, it’s actually now it’s more convenient. You know, when I when I’m on my like, family’s SMS loop, it’s like, I constantly get messages to say, like, “Brother liked such and such comment,” and then it’s like, three texts of that comment and…anyway, but okay, one of the things that you’re talking about, “Security as a feeling,” right? That actually gets to something that’s like, there is a value in like, like, part of the reason to carry a knife is to feel better. Like, and so part of like, like anti-anxiety, like anxiety is my biggest threat most most days, personally. Right?
Have you ever considered a career in the security field, because I, my, my, my former manager, like the person who hired me into the role that I’m in right now was like, “What made you get into security?” when I was interviewing, and I was just like, “Well, I had all this anxiety lying around. And I figured, you know, since nobody will give me a job that I can afford to sustain myself on without a degree, in any other field, I may as well take all this anxiety and like, sell it as a service.”
Yeah, I started a prepper podcast. It’s what you’re listening to right now. Everyone who’s listening. Yeah, exactly. Well, there’s a value in that. But then, but you’re talking about the Panopticon stuff, and the like, maybe being in too crowded of an environment. And it’s, and this gets into something where everyone is really going to have to answer it differently. There’s a couple of layers to this, but like, the reason that I just like, my profile picture on twitter is my face. I use my name, right?
And, yeah, and I, and I just don’t sweat it, because I’m like, “Look, I’ve been at this long enough that they know who I am. And it’s just fine. It’s just is.” One day, it won’t be fine. And then we have other problems. Right?
And, and, and I’m not saying that everyone as they get better security practice will suddenly start being public like it… You know, it, it really depends on what you’re trying to accomplish. Like, a lot of the reasons to not be public on social media is just because it’s a fucking pain in the ass. Like, socially, you know?
But I don’t know, I just wonder if you have any thoughts about just like, the degree to which sometimes it’s like, “Oh, well, I just, I carry a phone to an action because I know, I’m not up to anything.” But then you get into this, like, then you’re non-normalizing… don’t know, it gets complicated. And I’m curious about your thoughts on that kind of stuff.
So like, for me, for me personally, I am very public about who I am. What I’m about, like, what my politics are. I’m extremely open about it. Partially, because I don’t think that, like I think that there is value in de-stigmatizing anarchism.
I think there is value in being someone who is just a normal fucking human being. And also anarchist.
And I think that, you know, I…not even I think. I know, I know that, through being exactly myself and being open about who I am, and not being super worried about the labels that other people apply to themselves. And instead, kind of talking about, talking about anarchism, both from a place of how it overlaps with Judaism, because it does in a lot of really interesting ways, but also just how it informs my decision making processes. I’ve been able to expose people who would not necessarily have had any, like, concept of anarchism, or the power dynamics that we’re interested in equalizing to people who just wouldn’t have wouldn’t have even thought about it, or would have thought that anarchists are like this big, scary, whatever. And, like, there, there are obviously a multitude of tendencies within anarchism, and no anarchist speaks for anybody but themselves, because that’s how it works. But, it’s one of the things that’s been really interesting to me is that in the security field, one of the new buzzwords is Zero Trust. And the idea is that you don’t want to give any piece of technology kind of the sole ability to to be the linchpin in your security, right? So you want to build redundancy, you want to make sure that no single thing is charged with being the gatekeeper for all of your security. And I think that that concept actually also applies to power. And so I…when I’m trying to talk about anarchism in a context where it makes sense to security people, I sometimes talk about it as like a Zero Trust mechanism for organizing a society.
Where you just you…No person is trustworthy enough to hold power over another person. And, so like, I’m really open about it, but the flip side of that is that, you know, I also am a fucking anarchist, and I go to demonstrations, and sometimes I get arrested or whatever. And so I’m not super worried about the government knowing who I am because they know exactly who I am. But I don’t share things like my place of work on the internet because I’ve gotten death threats from white nationalists. And I don’t super want white nationalists like sending death threats into my place of work because It’s really annoying to deal with.
And so you know, there’s…it really comes down to how you think about compartmentalizing information. And which pieces of yourself you want public and private and and how, how you kind of maintain consistency in those things.
Like people will use the same…people will like be out and anarchists on Twitter, but use the same Twitter handle as their LinkedIn URL where they’re talking about their job and have their legal name. And it’s just like, “Buddy, what are you doing?”
So you do have to think about how pieces of data can be correlated and tied back to you. And what story it is that you’re you’re presenting, and it is hard and you are going to fuck it up. Like people people are going to fuck it up. Compartmentalization is super hard. Maintaining operational security is extremely hard. But it is so worth thinking about. And even if you do fuck it up, you know, that doesn’t mean that it’s the end of the world, it might mean that you have to take some extra steps to mitigate that risk elsewhere.
The reason I like this whole framework that you’re building is that I tend to operate under this conception that clandestinity is a trap. I don’t want to I don’t want to speak this….I say it as if it’s a true statement across all and it’s not it. I’m sure there’s absolute reasons in different places at different times. But in general, when I look at like social movements, they, once they move to “Now we’re just clandestine.” That’s when everyone dies. And, again, not universally,
Yeah, but I mean, okay, so this is where I’m gonna get like really off the wall. Right?
All right. We’re an hour in. It’s the perfect time.
I know, right? People may or may not know who Allen Dulles is. But Allen
Not unless they named an airport after him.
Oh, then i do who he is.
Allen Dulles is one of the people who founded the CIA. And he released this pamphlet called “73 Points On Spycraft.” And it’s a really short read. It’s really interesting, I guess. But the primary point is that if you are actually trying to be clandestine, and be successful about it, you want to be as mundane as possible.
And in our modern world with the Panopticon being what it is, the easiest way to be clandestine, is actually to be super open. So that if you are trying to hide something, if there is something that you do want to keep secret, there’s enough information out there about you, that you’re not super worth digging into.
Oh, yeah. Cuz they think they already know you.
Exactly. So if, if that is what your threat model is, then the best way to go about keeping a secret is to flood as many other things out there as possible. So that it’s just it’s hard to find anything, but whatever it is that you’re flooding.
Oh, it’s like I used to, to get people off my back about my dead name, I would like tell one person in a scene, a fake dead name, and be like, “But you can’t tell anyone.”
And then everyone would stop asking about my dead name, because they all thought they knew it, because that person immediately told everyone,
It’s, it’s going back to that same using the noise to hide your signal concept, that it…the same, the same kind of concepts and themes kind of play out over and over and over again. And all security really is is finding ways to do harm reduction for yourself, finding ways to minimize the risk that you’re undertaking just enough that that you can operate in whatever it is that you’re trying to do.
No, I sometimes I like, ask questions. And then I am like, Okay, well don’t have an immediate follow up, because I just need to like, think about it. Instead of being like, “I know immediately what to say about that.” But okay, so, but with clandestinity in general in this this concept…I also think that this is true on a kind of movement level in a way that I I worry about sometimes not necessarily….Hmm, what am I trying to say? Because I also really hate telling people what to do. It’s like kind of my thing I don’t like telling people what to do. But there’s a certain level…
Yeah, you’d be shocked to know,
You? Don’t like telling people what to do?
Besides telling people not to tell me what to do. That’s one of my favorite things to tell people. But, there’s a certain amount of.
Oh, that’s true, like different conceptions of freedom.
But that’s not telling people what to do, that’s telling people what not to do.
It’s actually setting a boundary as opposed to dictating a behavior.
But I’ve been in enough relationships where I’ve learned that setting boundaries is the same as telling people to do. This is a funny joke.
But all right, there’s a quote from a guy whose name I totally space who was an old revolutionist, who wasn’t very good at his job. And his quote was, “Those who make half a revolution dig their own graves.” And I think he like, I think it proved true for him. If I remember correctly, I think he died in jail after kind of making half a revolution with some friends. I think he got like arrested for pamphleteering or something,
It was a couple hundred years ago. And but there’s this but then if you look forward in history that like revolutionists, who survive are the ones who win. Sometimes, sometimes the revolutionists win, and then their comrades turn on them and murder them. But, I think overall, the survival rate of a revolution is better when you win is my theory. And and so there’s this this concept where there’s a tension, and I don’t have an answer to it. And I want people to actually think about it instead of assuming, where the difference between videotaping a cop car on fire and not is more complicated than people want you to know. Because, if you want there to be more cop cars on fire, which I do not unless we’re in Czarist Russia, in which case, you’re in an autocracy, and it’s okay to set the cop cars on fire, but I’m clearly not talking about that, or the modern world. But, you’re gonna have to film it on your cell phone in order for people to fucking know that it’s happening. Sure. And and that works absolutely against your best interest. Like, on an individual level, and even a your friends’ level.
So like, here’s the thing, being in proximity to a burning cop car is not in and of itself a crime.
So there’s, there’s nothing wrong with filming a cop car on fire.
But there’s that video…
There is something wrong with filming someone setting a cop car on fire. And there’s something extremely wrong with taking a selfie while setting a cop car on fire. And don’t do that, because you shouldn’t do crime. Obviously, right?
But there’s Layers there…No, go ahead.
Okay, well, there’s the video that came out of Russia recently, where someone filmed themselves throwing Molotovs at a recruitment center. And one of the first comments I see is like, “Wow, this person has terrible OpSec.” And that’s true, right? Like this person is not looking at how to maximize their lack of chance of going to jail, which is probably the way to maximize that in non Czarist Russia… re-Czarist Russia, is to not throw anything burning at buildings. That’s the way to not go to jail.
And then if you want to throw the thing at the… and if all you care about is setting this object on fire, then don’t film yourself.
But if you want more people to know that this is a thing that some people believe is a worthwhile thing to do, you might need to film yourself doing it now that person well didn’t speak.
You may not need to film yourself doing it. Right? Because what what you can do is if, for example, for some reason, you are going to set something on fire.
Right, in Russia.
Perhaps what you might want to do is first get the thing to be in a state where it is on fire, and then begin filming the thing once it is in a burning state.
Right? And that can that can do a few things, including A) you’re not inherently self incriminating. And, you know, if if there are enough people around to provide some form of cover, like for example, if there are 1000s of other people’s cell phones also in proximity, it might even create some degree of plausible deniability for you because what fucking dipshit films themself doing crimes. So it’s, you know, there’s, there’s, there’s some timing things, right. And the idea is to get it…if you are a person who believes that cop cars look best on fire…
Buy a cop car, and then you set it on fire. And then you film it.
I mean, you know, you know, you just you opportunistically film whenever a cop car happens to be on fire in your proximity.
Oh, yeah. Which might have been set on fire by the person who owned it. There’s no reason to know one way or not.
Maybe the police set the cop car on fire you know? You never know. There’s no way to there….You don’t have to you don’t have to speculate about how the cop car came to be on fire. You can just film a burning cop car. And so the you know, I think that the line to walk there is just making sure there’s no humans in your footage of things that you consider to be art.
Yeah. No, it it makes sense. And I guess it’s like because people very, very validly have been very critical about the ways that media or people who are independently media or whatever, like people filming shit like this, right? But But I think then to say that like, therefore no, no cop cars that are on fire should ever be filmed versus the position you’re presenting, which is only cop cars that are already on fire might deserve to be filmed, which is the kind of the long standing like film the broken window, not the window breaker and things like that. But…
I think and I think also there’s, you know, there’s a distinction to be made between filming yourself setting a cop car on fire, and filming someone else setting a cop car on fire, because there’s a consent elemenet, right?
You shouldn’t like…Don’t do crime. Nobody should do crime. But if you are going to do crime, do it on purpose. Right?
Like that’s, that’s what civil disobedience is. Civil disobedience is doing crime for the purpose of getting caught to make a point. That’s what it is. And if you if you really feel that strongly about doing a crime to make a point, and you want everyone to know that you’re doing a crime to make a point, then that’s, that’s a risk calculation that you yourself need to make for yourself. But you can’t make that calculation for anybody else.
I think that’s a great way to sum it up.
So unless your friend is like, “Yo, I’m gonna set this cop car on fire. Like, get the camera ready, hold my beer.” You probably shouldn’t be filming them.
See you in 30 years.
Right? You probably shouldn’t be filming them setting the cop car on fire either.
And also, that’s a shitty friend because they’ve just implicated you in conspiracy, right?
Friends don’t implicate friends.
It’s a good, it’s a good rule. Yeah, yeah. All right. Well, I that’s not entirely where I immediately expected to go with Threat Modeling. But I feel like we’ve covered an awful lot. Is there something? Is there something…Do you have any, like final thoughts about Threat Modeling, and as relates to the stuff that we’ve been talking about?
I think that you know, the thing that I do really want to drive home. And that honestly does come back to your point about clandestinity being a trap is that, again, the purpose of threat modeling is to first understand, you know, what risks you’re trying to protect against, and then figure out how to do what you’re accomplishing in a way that minimizes risk. But the important piece is still doing whatever it is that you’re trying to accomplish, whether that’s movement building, or something else. And so there there is, there is a calculation that needs to be made in terms of what level of risk is acceptable to you. But if if, ultimately, your risk threshold is preventing you from accomplishing whatever you’re trying to accomplish, then it’s time to take a step back, recalculate and figure out whether or not you actually want to accomplish the thing, and what level of risk is worth taking. Because I think that, you know, again, if if you’re, if your security mechanisms are preventing you from doing the thing that you’re you set out to try to do, then your adversaries are already winning, and something probably needs to shift.
I really like that line. And so I feel like that’s a decent spot, place to end on. Do. Do you have anything that you’d like to shout out? People can follow you on the internet? Or they shouldn’t follow you on the internet? What? What do you what do you want to advocate for here?
If you follow me on the internet, I’m so sorry. That’s really all I can say. I’m, I am on the internet. I am a tire fire. I’m probably fairly easy to find based on my name, my pronouns and the things that I’ve said here today, and I can’t recommend following my Twitter.
I won’t put in the show notes then.
I mean, you’re welcome to but I can’t advocate in good conscience for anyone to pay attention to anything that I have to say.
Okay, so go back and don’t listen to the last hour everyone.
I mean, I’m not going to tell you what to do.
I am that’s my favorite thing to do.
I mean, you know, this is just like my opinion, you know? There are no leaders. We’re all the leaders. I don’t know. Do do do what you think is right.
Agreed. All right. Well, thank you so much.
Thank you. I really appreciate it.
Thank you so much for listening. If you enjoyed this podcast, you should tell people about it by whatever means occurs to you to tell people about it, which might be the internet, it might even be in person, it might be by taking a walk, leaving your cell phones behind, and then getting in deep into the woods and saying,” I like the following podcast.” And then the other person will be like, “Really, I thought we were gonna make out or maybe do some crimes.” But, instead you have told them about the podcast. And I’m recording this at the same time as I record the intro, and now the dog has moved on to chewing on my cloak. Why am I wearing a cloak? That is a question between me and God, I guess. And if you want to support this podcast, you can do so by supporting its publisher, which is Strangers In A Tangled Wilderness. And actually, Strangers In A Tangled Wilderness is a very old project, but also a new project. We’re relaunching it’s tangledwilderness.org. And we’re going to be bringing you all kinds of stories, and podcasts, and memoir, and role playing games, and all kinds of fun stuff. I think you’ll actually really like it. I hope you really like it. And we’re also looking for more content, and we do pay our contributors, so please check out our submission guidelines. Or just support us on Patreon which is patreon.com/strangersinatangledwilderness. And we send out a zine every month to our backers as well as put it online. Although people can also eventually read the content for free on our website. Because paywalls are gross and weird. In particular, I would like to thank Mikki, and Nicole, David, Dana, Chelsea, Staro, Jennipher, Eleanor, Natalie Kirk, Michiahah. Nora, Sam, Chris and Hoss the dog. Your contributions are absolutely what make this podcast possible. Because it no longer supports me directly. My this used to be supported by a Patreon that was for me directly. But now it instead supports a whole bunch of people doing a whole bunch of other things with as Strangers In A Tangled Wilderness and also people who are doing transcription and editing and all of those things that make podcasting possible. So thank you so much. I hope you’re doing as well as you can, and I hope that you to find someone’s arm to chew on in a very annoying fashion. Much like my dog is doing to me. Take care
Find out more at https://live-like-the-world-is-dying.pinecast.co