Perhaps no one has created such a catastrophic technical highgun this year as US Secretary of Defense Pete Hegses.
Saga reported that Atlantic Editor-in-Chief Jeffrey Goldberg was accidentally added to a fraudulent signal group chat by US national security adviser Michael Waltz.
To be fair, we all made embarrassing technical mistakes. But for most people, that means mistakenly preferring an original Instagram post from five years ago. It does not share secret government military plans with fraudulent recipients and commercial messaging apps.
While this false misunderstanding of this highly sensitive information has already been bothering enough, this week the New York Times reported that Hegses shared information about the attack on Yemen in another signal chat. Hegses' wife does not work even in the pentagon.
These security failures are especially bad – can you accidentally loop to a journalist about your military plan? However, this is not the first time that modern technology has landed global governments in a tricky situation. And we're not just talking about Watergate.
Are you stationed in the military? Do not use Strava
The fitness tracking/social media app Strava can be a privacy nightmare for the average athlete too. The app allows people to share exercise logs (often hiking or riding bikes) on public accounts with friends who can like to comment on morning jogging in the park.
However, your STRAVA account is public by default. This means that if you're not well versed enough to check your privacy settings, you'll be broadcast to the world where you accidentally worked out. Strava defaults to hide the first and last 200 meters of a run as a way to obscure where someone lives, as it is likely that people will start and finish running near their home.
For anyone on the internet, broadcasting a 200-mile radius of where you live is still dangerous, but for example, if you are a member of the army of a secret base, it is even more dangerous.
In 2018, Strava released a heat map of the world, showing where public users around the world recorded their activities. This is not really a problem if you are looking at a map of New York City, but in places like Afghanistan and Iraq, few people use Strava except for foreigners, so you can assume that there may be a hot spot of activity at or around military bases.
Now, where things become a problem. Through STRAVA, you can use pre-configured segments to rub location-specific user data from essentially public profiles (and they exist on the base and lead straight to the social media profiles of service members). https://t.co/vdnbgckviy
– Tobias Schneider (@tobiaschneider) January 29, 2018
Worse, users can look at a specific running route in STRAVA and see the public profile of the user who recorded the activity there. So, for example, it is possible to find a list of US troops where bad actors are stationed at certain bases in Iraq.
Joe Biden's less-than-secret Benmo
Venmo is a peer-to-peer payments app, but for some reason it's the default to share transactions. So, maybe just open my Venmo app, which synced my Facebook friend to my account over a decade ago, and you'll see that there are two girls who got dinner together last night and went to high school. Good for them.
The information you share on Venmo is rather boring and benign, but avid fans of reality shows like “Love Is Blind” search for contestants' accounts and predict who is dating from the show (if the couple rents each other, yes, they probably live together).
So, if you can find a reality star on Benmo, why not look for the president?
In 2021, some BuzzFeed News reporters decided to search for Joe Biden's Venmo. Within ten minutes they found his account.
Biden's account allowed reporters to easily spot other members of the Biden family and other members of his administration, and map the wider social circle. Even if users make their Venmo account private, their friends list will continue to be published. When BuzzFeed News contacted the White House, Biden's profile was wiped clean, but the White House did not provide a comment.
So yes, the reporters actually found Benmo accounts of Pete Hegses, Mike Waltz and other government officials. Some things never change.
Encrypted messaging cannot protect you from cameras
You can take all the cautions you want to protect your message, but you cannot save you from the looming possibility of human error.
Former Catalonian President Carls Puigdemont achieved independence from Spain in 2017 and led the movement to become his own country. However, the Spanish government blocked this attempt and expelled Puigdemont from his leadership. They fled to Belgium when the Spanish government issued a warrant for the arrest of Puigdemont and his allies.
A few months later, Spanish media attended an event in Belgium. Puigdemont was scheduled to give a speech there. Instead, he sent a video of the speech, but as the clip was being played, the Spanish broadcaster noticed that former Catalonian health minister Toni Comin was texting him to make his screen fully visible.
The camera operator zoomed in on ComÃn's phone and published a text from Puigdemont. There he resigned to defeat in an attempt to bring Catalonian independence.
Puigdemont later tweeted that he expressed himself at a moment of doubt, but that he was not intending to retreat.
No matter what steps you take to encrypt your private message, you may want to look over your shoulder before reading sensitive information in public.