A handout for the Chattanooga Voluntaryist Society Talk

4 June 2026

The Agora

Part 1: Privacy Tools & Defensive Tactics

• TAILS (The Amnesic Incognito Live System) TAILS is a security-focused operating system that boots entirely from a USB drive, bypassing the host computer’s hard drive. It automatically routes all internet traffic through the anonymous Tor network and stores nothing on the machine. Because it runs purely in temporary memory (RAM), every trace of your activity vanishes instantly the moment you shut down or unplug the drive.
• Encrypted Messaging (Signal vs. Delta Chat) While both tools secure your conversations, they use completely different architectures. Signal offers gold-standard end-to-end encryption for text and voice, operating on a centralized server but storing almost zero user metadata. Delta Chat provides a decentralized alternative; it requires no phone number and sends encrypted messages over standard, existing email servers, leaving no central company or server for adversaries to target or subpoena.

Part 2: Emerging Infrastructure & Local Threats

• Cell-Site Simulators (“Stingrays”) Stingrays are passive and active surveillance devices used by law enforcement that mimic legitimate cell phone towers. They trick all nearby mobile devices into connecting to them, allowing operators to map your precise location, track your movements in real time, and occasionally intercept unencrypted communications data without your knowledge.
• Flock Safety & Automated License Plate Readers (ALPRs) Flock Safety operates a massive network of neighborhood and roadside cameras designed to automatically capture vehicle license plates, makes, models, and unique identifying features. This data is fed into a centralized, searchable cloud database, allowing police departments and private entities to track a vehicle’s geographical history and establish long-term patterns of life.
• Vehicular Surveillance (Ford’s In-Cabin Patents) Modern cars are quietly becoming highly invasive tracking devices. Recent patent filings from major automakers like Ford highlight an aggressive push toward in-vehicle monitoring. These include “in-vehicle advertisement systems” designed to listen to passenger conversations via cabin microphones to serve targeted dashboard ads. Other automotive patents detail using internal cameras for facial recognition, biometric eye-tracking, and speed monitoring to autonomously share data with law enforcement or insurance providers.

Part 3: Wireless Leakage & The Digital Footprint

• Cell Phone Emissions (Wi-Fi & Bluetooth Leakage) Even when you aren’t actively using your phone, it constantly broadcasts unique identifiers. Your device silently beacons out a list of Preferred Wi-Fi Networks (past SSIDs you’ve connected to), allowing passive scanners to map your historical movements. Simultaneously, active Bluetooth vulnerabilities and location data leaks from unsecure commercial apps broadcast your real-time coordinates to surrounding receivers.
• Biometric Eye Scanning (Iris & Retina Tracking) Biometric surveillance is shifting from broad facial recognition to precision eye scanning. Iris recognition maps the complex, unique patterns of the colored ring of the eye from a distance for rapid identification, while retina scanning maps the blood vessels at the back of the eye for high-security access control. These technologies are increasingly deployed at border checkpoints and restricted public spaces for persistent, unalterable tracking.

Part 4: The Surveillance Economy

• Individualized “Surveillance Pricing” (Kroger’s Digital Tags) The retail landscape is shifting from standard pricing to algorithmic “surveillance pricing” via Electronic Shelf Labels (ESLs) like Kroger’s EDGE system. Rather than just changing prices based on the time of day, these digital shelf tags can be paired with embedded cameras, loyalty card profiles, and facial recognition technology. By analyzing a shopper’s demographics, buying history, or perceived wealth while they stand in the aisle, the algorithm calculates that specific individual’s “maximum willingness to pay” and dynamically alters the price on the shelf in real time.
• The Online-Offline Ad Loop (Google, Mastercard, & Visa) Big Tech bridges the gap between digital activity and physical spending by buying private financial data. Google has cut multi-million dollar deals with credit card networks like Mastercard to access real-world transaction logs. Through “Store Sales Measurement” tools, Google uses double-blind encryption to cross-reference your offline credit card swipes with your online search history and ad clicks, letting retailers track exactly whether an online ad successfully coerced you into buying a product in a physical store.
• Commercial Data Brokers & Government Purchasing When legal warrants are difficult to obtain, agencies frequently bypass constitutional restrictions by purchasing bulk data directly from private data brokers. These brokers aggressively harvest location history, app usage, and behavioral profiles from ordinary smartphone software, bundling and selling the records to the highest bidder under tiered corporate pricing models.
• Social Media Analytics & Predictive Spying Modern surveillance relies heavily on Open Source Intelligence (OSINT) scraped from social media networks. Advanced AI algorithms ingest massive amounts of public posts and metadata to perform automated sentiment analysis. By tracking public opinion and mapping user associations, these platforms build predictive models designed to forecast future actions, protests, or potential dissidence before they occur.

💡 Quick Reference: Daily Operational Security (OpSec) Tips

1. Minimize Wireless Footprints: Turn off Wi-Fi and Bluetooth entirely when leaving trusted environments to prevent passive tracking from beaconing your preferred networks.
2. Starve Retail Trackers: Avoid using store loyalty apps that tie your real-name identity to your minute-by-minute aisle movements. Opt for cash where possible to sever the online-offline ad loop.
3. Audit App Telemetry: Deny “Always Allow” location access to smartphone apps, and use privacy-focused browsers or DNS ad-blockers to choke off the background data pipelines that feed commercial brokers.
4. Check Vehicle Privacy Settings: Look into your car’s infotainment menu and manufacturer privacy portals to explicitly opt out of data sharing, connected telematics, and insurance reporting pipelines.
5. Use Lockdown Mode: Enable Lockdown Mode (on iOS) or absolute minimal-privilege profiles on Android/Linux devices when traveling through high-risk transit points to dramatically reduce your digital exploit surface.

I’m an experienced home cook, security engineer, people leader, and dedicated father and husband. I can be found on Mastodon at @IAintShootinMis@DigitalDarkAge.cc and on Signal at DigitalDarkAge.98. An RSS Feed of this blog is available here and a copy of my current OPML file is here.

Errata

After dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, too | TechCrunch - This version of Cyber can perform such tasks as penetration testing, vulnerability identification (and exploitation), and malware reverse engineering, the application implies. It’s intended to be a toolkit to help a company find security holes and test defenses. The fear is that the kit could be misused by the bad guys.

Errata

NCSC: Passkeys now good enough to be the default standard • The Register - The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.

NCSC’s first gadget blocks malware transfer over HDMI cables • The Register - Very little exists in the research literature about these kinds of attacks. A team based out of Montevideo’s Universidad de la República published findings in 2024 about the potential for highly technical individuals to intercept the electromagnetic radiation emitted from HDMI cables and use deep learning algorithms to reproduce text intended to be displayed on a monitor.

This is part of a new series called,“Allusions for Engineers” which hopes to improve the cultural lexicon of technical or foreign peers who may not share a formal education in “classics” by western definitions. Other parts in this series include Biblical allusions, Norse, Modern/American, and others.

Working with engineers, I often find their lexicon slightly…lacking. Not for complexity or precision, but for the classical references that make allusion and simile the marks of a well-rounded Western education. And that often leads to some well intentioned accusations that working with me is akin to ‘Picard and Dathon at El-Adrel’.

Geopolitics

Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant | TechCrunch - Sweden’s minister of civil defense, Carl-Oskar Bohlin, said during a press conference on Wednesday that the attempted attack happened in early 2025 and attributed the incident to hackers with “connections to Russian intelligence and security services.”

Iran intruders disrupting US water, energy facilities • The Register - “These PLCs were deployed across multiple US critical infrastructure sectors within a wide variety of industrial automation processes … Some of the victims experienced operational disruption and financial loss,” it continued. It’s also worth noting that the energy and utilities sector was the fifth-most targeted industry in the US last month, according to Check Point’s cyberattack tracking.

Trump wants to slash $707M from CISA’s budget • The Register - Trump’s 2027 spending plan says it will “refocus” CISA by “removing offices that are duplicative of existing and effective programs at the State and Federal level, such as certain targeted school safety programs.” Overall reduction to CISA budget will be $710M~

Supply Chains

1K+ cloud environments infected via Trivy attack • The Register - “That 1,000-plus downstream victims will probably expand into another 500, another 1,000, maybe another 10,000,” he continued. “And we know that these actors are collaborating with a number of other actors right now.”

LiteLLM infected with credential-stealing code via Trivy • The Register - Two versions of LiteLLM, an open source interface for accessing multiple large language models, have been removed from the Python Package Index (PyPI) following a supply chain attack that injected them with malicious credential-stealing code.

Japan to allow ‘proactive cyber-defense’ from October 1st • The Register - online the nation faces “the most complicated national security environment” since World War II, and because “society as a whole is proceeding with digitalization.”

Linux Foundation wants to shield FOSS devs from AI bug slop • The Register - “OpenSSF has the active resources needed to support numerous projects that will help these overworked maintainers with the triage and processing of the increased AI-generated security reports they are currently receiving.”

I am so exhaustively tired of having this conversation. I do not hate anyone. I don’t hate them for who they voted for. I don’t hate them for who they support politically. But I will be very clear about the following.

I hope that if you find yourself worshiping false idols and chasing after the political power that Satan offers; that you and others will be reminded of my posts and that the Holy Spirit uses them to convict you.