The Team House - Your Phone Is Targeting You | EYES ON GEOPOLITICS
Episode Date: June 11, 2026Mike Yeagley joins me to break down how mobile devices, ad tech, commercial location data, and data brokers create major OPSEC risks for service members, case officers, and anyone working in national ...security. He explains how adversaries can buy or exploit pattern-of-life data, why privacy settings often don’t go far enough, and what the future of tradecraft looks like in an age of ubiquitous technical surveillance.Support the show on Patreon:⬇️https://www.patreon.com/TheTeamHouseSubscribe to our newsletter!!!!https://teamhousepodcast.kit.com/joingrab Jack's new book here:https://www.penguinrandomhouse.com/books/803651/the-most-dangerous-man-by-jack-murphy/"Karl Casey @ White Bat Audio00:00 — Start / Mike Yeagley joins Eyes On Geopolitics00:25 — Mobile devices, ad tech, and the OPSEC risk to operators03:14 — Commercial location data and how adversaries can target U.S. personnel04:57 — Why privacy settings don’t actually protect your data07:12 — Ad IDs, GPS toggles, and how apps still resolve your location10:33 — Could Iran use commercial data to target U.S. troops?14:19 — How adversaries buy data through brokers and proxies19:25 — Why regulating the data economy is so difficult22:10 — How commercial data erodes tradecraft and operational ambiguity29:24 — What case officers and operators can do to reduce digital exposure36:17 — Ubiquitous technical surveillance and the future of human intelligence41:45 — Russia and Iran using gaming platforms, crypto, and gig-style tasking47:24 — Near-real-time data buys, pattern-of-life tracking, and final thoughtsBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-team-house--5960890/support.
Transcript
Discussion (0)
Hey, everybody. Welcome to another episode of Aizond Geopolitics. I'm here with Mike Yagli.
Mike has had an extensive career, a pretty interesting one. I'd say even a novel one when it comes to like, you know, national security.
Mike worked with, you know, bunch of tier one units, J-Sox-O-Com and stuff like that working on, I mean, what would you say you worked?
You would be able to describe it better than I can.
Yeah, novel is definitely a way to describe it.
I mean, the problem that we were focusing on that has reemerged with attention and vigor is the risk to operational security from the mobile devices that we all carry.
And the intent and design of these mobile devices is fundamentally to collect data about the user and model them into.
a cohort that advertisers can sell stuff to.
Now, what shifted is it's not just advertisers that are sort of monetizing the data.
The conversion metrics are different when you're talking about an adversary, but the intent
and the behavioral patterns, whether you're trying to sell or target, roughly the same.
And it's, if you think about this low-cost way of deploying millions of sensors into the pockets and homes and work locations of protected populations, you know, that becomes a significant operational security risk that we demonstrated crudely 10 years ago tracking.
operators, you know, without any real, we weren't looking for their forward operating base,
but we had enough to start to be able to reveal a forward operating base and then track
the operator to his home and then start tracking what his spouse does and where his kids go to
school. And those rhythms, those patterns of life that transcend both what you do for
work and what you're doing personally, that removal of ambiguity that we've decided we no
longer cherish and hold true because we've got to reveal everything about ourselves every
minute of the day, that creates friction for the operational community, whether you're
a special mission unit operator, case officer, FBI agent, ICE agent,
you know, the patterns of life is a significant operational security risk.
And it's the mobile device that is that sort of foundational layer.
Yeah. It's like the gateway, huh? It's like the gateway to like all the information about you.
It's pretty scary to think about, right? Because we all kind of want our, you know, we want our
convenience. We want our phone to be able to do everything for us and stuff like that. We really kind of,
it's kind of a tradeoff that we don't think about. Um, and I know like we, you know, the America,
America's been doing it and J-Soc and CIA has probably been doing this for a long time, right? Like using,
you know, commercial location data to target other enemies of the United States and stuff like that. And
you shot me over this, the press release from, uh, Senator Wyden's office out of Oregon. I mean,
I mean, it's him and, like, 12 other bipartisan members of Congress saying, like, foreign
adversaries are using commercial data to target U.S. service members in the Middle East.
And I'm sure China's probably using it to track them all over the world, obviously.
And, yeah, we had a great, like, you had a great appearance on the team house.
So I, you know, implore everybody to go check out your full episode on the team house talking about your career, what you got into and stuff like that.
it's pretty crazy because we don't really think about the consequences and sure like the
layman person that's not working in national security maybe they don't care as much sure but
if you have a serious job where you have a top secret or you're out going on operations or
and stuff like that that's something I would hope like the DOD and CIA are bringing people
in like you to like kind of, I guess, beef up their operational security.
Yeah.
It's a complicated topic.
And you're right.
We all want conveniences.
We all want our smartphones to do these amazing things.
And we're not there isn't a, we're not going to return to an era where we're not connected
like this.
and really the risk and the mechanics that create that risk,
whether you're an operator or just a citizen that values privacy and agency
and kind of wants to be left alone but still be able to use a mobile phone or a
smartphone, we need to sort of look at this from a first principles perspective,
which is we understand the fundamental issue.
It's this commercial data and the device is that foundational risk surface.
So let's break it down.
Every app that you have on your phone is a collection surface.
It may do things that are helpful,
but its privileged position on your phone enables it to interrogate your device
without any governance.
And I will tell you that privacy and the privacy policies that have come out of state, federal government, and privacy settings, it's really, they're not real privacy.
If we think about privacy settings on the current sort of the two dominant platforms, they enable.
a user to indicate a preference to, and let's talk about the two selectors that the Senate,
Armed Services Committee, Senator Wyden, who's leading this charge across a variety of domains,
the risk to operators and to personnel being the latest. If we think about the
selectors that are of most concerned, it's this thing called.
an ad ID, which is this crude way of doing things that a cookie would do on a browser,
but on a mobile device, and location. So let's start with location first. You can you can toggle
and indicate your preference that an app not extract or access the GPS sensor on your device.
that does not mean the app is not going to resolve your location through other means from the data that it can inspect on your device.
So the letter is talking about location data and maybe everybody toggles that selector on your phone not to track location.
All that is doing is indicating your preference that the app.
not access the sensor. It's going to figure out where you are through a host of other data
features telemetry that your device is collecting. And in many ways, it's far more probative than
the GPS. And then the ad ID, again, it's just indicating your preference not for an app not to
track you. There's no governance at the device layer to ensure that that's policy, that's
being enforced. It's you're indicating a preference. And again, like the with location data or
location, there are a variety of different ways to assign an identifier to you based upon the behavioral
patterns that can be resolved through the telemetry on your device that you do not control
modeled in ways that you cannot perceive because we're looking for these non-obvious
patterns, think about it this way, you know, developing a pattern using the gyroscope, battery
level, accelerometer, and screen orientation. Is there a pattern in there? Maybe, maybe not,
but at scale across the population of everybody that these platforms and systems are modeling,
behavioral deviation becomes easily, becomes distinguishable. And that's the right. That's the
risk where we are today.
Senator Wyden and the Armed Services Committee, the letter and the focus is really on
this, the way in which we were doing it 10 years ago.
But the platforms, apps, they've moved on to different methodologies.
So my concern is that the intent of the Senate sort of misses the current state of the risk.
and we're not attacking.
We're not attacking that,
which just maintains exposure and gives us the impression that, you know,
there's something that is protecting us.
And that's just not the case.
Mike, I saw a report early on when we started bombing Iran
that the Iranians use some of that information
or some of those techniques to kind of triangulate where our guys were.
And it might have caused like people.
like the 13, you know, some of the 13 service members that passed that got killed to get killed,
or, you know, the hundreds that have been injured. Is that, is that factual?
I don't know. I don't know if, if the adversary, you know, used commercially available
location data for targeting, but I will tell you this, if you have a variety of devices
that are clustered, that you can reasonably infer our U.S. personnel because,
the location data, the GPS sensor hadn't been turned off.
And this is where I kind of lose my mind on this because these are alleged DOD issued devices
where the ad ID is still available, a GPS, you know, and GPS is highly precise.
So if you start seeing clusters of devices, you know, based somewhere, you can infer,
well, that's U.S. personnel.
they will certainly look at other targeting data and intelligence.
But if you're looking for, you know, target cues about where U.S. personnel are stationed,
of course, this is possible.
And of course, an adversary can do it.
And, you know, 10 years ago when I was standing in front of a room at J-Socq, you know, I said to them,
If a history major from St. Lawrence University can expose your forward operating base at the Lafar Cement Factory in Syria and then target and bring and identify where your operators live.
If I can do it, certainly an adversary can if they're not already.
We don't have, you know, dominion or a monopoly on these things.
and we must assume that an adversary is as equally hungry for targeting information as we are.
And this is perhaps a lesson learned.
Unfortunately, it required casualties in order for anybody of consequence to take notice.
And that, I don't know, that's dereliction.
I don't know what the characterize that is.
And I understand, you know, I look at these things, you know, in a perfect, if I were in charge, this is how I do things.
And I know things don't work that way.
But these are easy fixes.
We're, you know, we need the Senate Armed Services to get involved in the easy fix, the fix that should have been applied de facto, full stop.
10 years ago. And here we are today still talking about something that, you know, is a decade old.
But notwithstanding, we need to fix this. We have tools and tech that can address this.
And we need to make this a priority because these are the easy ways of, you know, propagating OPSEC
across the entire continuum of obsec risk.
Hey guys, I want to tell you tonight about my new novel,
The Most Dangerous Man, coming out June 9th.
I think, like a lot of you,
I read in high school the short story,
The Greatest Game,
which is almost a century old at this point,
but it's the classic premise of man-hunting man for sport.
This book is based off of,
that a little bit, but also on stories that I have heard over the years about safari guides that
have actually taken hunting parties, wealthy people, hunting poachers in West Africa.
That idea kind of cooked off in my mind when I was asked to write a novel and get back into writing
fiction again.
And this book is about a ranger with the Ranger Reconnaissance Company who's on a mission in
West Africa and gets kidnapped and hunted for sport by a group of wealthy tech billion.
I had a lot of fun writing this book, and I think you'll have a good time reading it.
It's a quick, fast and furious, fast-paced action novel.
And I hope you all check it out.
It's up there.
You can find it wherever books are sold, the hard copy, the hard back, the soft cover,
and also the Kindle e-book edition.
We'll have some links down in the description for you.
The book comes out June 9th, and I hope you all let me know what you think of it.
Love like an example.
Like so what would it take for an adversary to exploit commercial data?
They have to buy data that's already been hacked and is online or like do they hack an app and
somebody downloads an app?
Like how does it, how does it work?
Exactly.
Let's, I think it's far easier than that.
I think through, well, just this is how I did it.
You develop a sort of a cover, you know, some commercial use case as to why you're even in the
business.
or interested in commercial location data.
You set up a proxy easy to do outside of Tehran.
So maybe you have a proxy based in Turkey or Oman or a country like that.
And you're buying the data.
You don't have to hack.
You don't have to hack an app.
You don't have to engineer anything.
10 years ago, again, I had to defend.
my methodology and explain that, you know, I didn't hack, intercept, engineer. I didn't,
you know, follow anybody. I bought it. I bought it sitting in a home office. And 10 years ago,
there wasn't a lot of challenge. It was, you know, like if you're in the market to buy,
we're in the market to sell. Yeah. Probably a little, there's maybe a little bit more friction
today because some of these companies have to provide reporting and, you know, they're on the hook if they sell to an adversary.
But if it's a proxy, if it's a legitimate proxy that I sell to an adversary, how do they know?
Yeah.
Right.
Yeah.
Yeah.
But it's, you know, buying this stuff is, you know, is a far, requires fewer higher risk operations.
You don't need to have, you know, case officers, you don't need to have this sort of bespoke, unique capability.
You just need to know how to buy it, how to talk it, how to explain what it is that you want.
And that's not hard to do.
Is it legal to buy this stuff?
For the most part, yeah, right?
Like, they're data brokers out there.
Or is it like a gray area?
I feel like, you know, the line from Pulp Fiction, you know, Pulp Fiction, where
Of course, yeah.
Samuel Jackson is, or no, John Travolta is like, it's legal to sell it, it's legal to buy it.
It's legal to carry, you know, that line where he's, and then he says, and they, and the police
can't even, you know, they can't even, they're not allowed to inspect or, or whatever that
line was.
Yeah.
But no, the answer to these is, yeah, it is legal.
This is a market.
There are big businesses involved in this in marketing technology or ad tech.
Microsoft has a business.
Oracle had a business, but they sort of deprecated it.
This is big business.
And if you think about all of the credit bureaus,
their entire business model is predicated on.
on these types of data sets that are...
And like credit bureaus can go ahead and flip them?
Say that again?
So credit bureaus can just go ahead and flip that information, no problem?
So a credit bureau is creating credit products.
But if you think about the modern sort of data broker industry,
a few years ago, Tim Cook sort of launched a fat law against data brokers
because he kept, you know,
he was sick and tired of hearing about the malfeasance of data brokers,
you know, tracking people.
And so that triggered the suppression of the ad ID and GPS data,
which is sort of the lifeblood of a data broker.
So what a data broker is going to do now is they're going to take all of this raw data and
build products around it.
So if I'm an advertiser, I'm going to go to an audience attribution firm, which buys a lot of data or collects a lot of data.
And I'm going to buy an audience of, you know, people that are of a certain demographic, certain income, education, profession, et cetera, in order to do targeted advertising.
as an adversary and working with those firms to actually acquire the raw data behind those products is just the matter of negotiation.
Man, I mean, are there any steps that like the U.S. government could take to like reel that in or it's just like, it's a free market, you know, go ahead.
You gave up your data.
It's now a product and can be market.
and sold to whoever wants it.
Yeah.
So this is where policy, like you're trying to regulate these businesses is hard because methods,
tech change so rapidly.
So you regulate one element and six months later, the market has developed a new technique,
whether they develop that new technique because of regulation or because of opt-
optimization, who knows, but policy, it's difficult for policy to keep up with this, with the state of change because the incentives are just are so massive.
I mean, the 10 trillion, we're trying to regulate 10 trillion dollar economy that is opaque.
It's not like trying to regulate the banks.
there is no FINRA or there's no bank regulation.
There's no data regulation that everybody plays by a certain rule and we've got, you know,
AML policies and KYC.
So from a policy perspective, you know, they're moving in the right direction.
They recognize that the risk is acute.
but recognizing the acute risk and actually applying techniques or technologies that we're not
trying to put a $10 trillion economy out of business, but to give the user, the operator, the case
officer, the special agent, the ICE agent capability to inject on their own some friction
in that commercial data economy as a means of foundational OPSEC.
You know, we think about tradecraft and we have all sorts of techniques and approaches
and you spend a lot of time learning tradecraft, which is absolutely foundational to
operational, you know, objectives.
where the modern economy has disrupted that is this loss of ambiguity that we all used to enjoy.
We just sort of took for granted.
Maybe you knew somebody was a special mission unit operator, but he didn't really know.
And nowadays, I know what unit he's in.
I know that he's a, you know, I know that he's a case officer that spends a lot of his time or is focused on,
Africa or Western Hemisphere, that ambiguity was a substrate for tradecraft because we started
at a baseline. And now that baseline has been eroded, has collapsed. And so you're starting
the mission and your pattern of life, your behavior is already out there. And so it's a disadvantage.
But for a long time now, you know, I would sit in front of the operational community and explain to them what they're up against.
And the question, the fundamental question always came back was how do I get out of commercial data?
Well, it's that there's not a maximalist approach to fix that.
However, if commercial data is imposing this operational risk, we need to inject some friction into that business model and restore some of that user choice in what they're sharing, what an app can collect, and what it can extract.
Now, apps have to collect and understand device diagnostics in order to function.
That is certainly a reasonable expectation.
But when you look at the delta between what they're collecting that's essential to function
and everything else, it's like I have this flashlight app.
Why does it need to know my network configuration?
It doesn't.
I need light.
Yeah.
Show me fucking light.
I don't need you to improve my user experience.
Give me a break.
But when you look at and you're able to see what an app is doing on your device,
which you cannot do now, because the platforms are, you know,
they're sort of they want to provide privacy,
but their business depends upon an app thriving.
You know, there's only so much they can do.
And that governance layer built into the operating system on an iPhone or an Android just does not exist.
Yeah, it's like why do they want to throw a wrench into their money-making operation, right?
Without, they're not going to do something like that unless they're legally forced to.
They're not going to just give it up.
It's interesting, too, like when I download an app, particularly on iPhone, it's so, it always gives me the like the creeps a little bit because it says at, it gives you like a notification.
Ask app to not like track your location.
Why do I have to ask the app?
Why don't I just say, no, don't track my location.
I need permission from the app to not track my location.
Just the way that they phrase the prompt that they give you is super like,
it gives me the creeps for some reason.
And I always like the second thing,
like,
oh,
maybe I should delete this fucking app.
Yeah.
And isn't that interesting?
It's,
it's ask app not to track.
The linguistics of it is very,
you know,
uh,
and like I said before that,
that is you are indicating a preference,
whether the app,
respects your preference, that's up to the app.
That's not a policy that you're invoking.
That's up to the app.
You have indicated a preference not to reveal your ad ID in that selector for app
ask not to track or your GPS sensor.
Those are user preferences that you're indicating and not necessarily enforced by policy.
You're just, you know, when the app sees your,
Your user session, it's, you know, there's a little field that says, you know, user is as indicated preference for you to not to track.
Okay.
I'll respect that or tuck that.
I'm going to track.
Right.
Yeah.
It's literally every app.
And, you know, a developer to developer, like, who knows?
Like, if you had TikTok and I, like, I have a cap cut on my phone, right?
Capcut is the same developer or it's a Chinese developer.
that's a known like that has I guess been pinged as uh possibly um Chinese intelligence or
whatever it is like connected to the CCP and for a while it was not you weren't allowed to use it
like when the whole TikTok thing was going on is I don't know if it's the same developer I don't
know exactly but you're asking developer to develop or app developer to maybe please if you don't
mind not track my location and all my data like what are they going to do you're going to think you know
you can't give everybody the benefit of the doubt, even American developers, you know, like it.
Absolutely.
I mean, look at the, so when Apple invoked app tracking transparency, this privacy panel that suppressed the ad ID and location services.
I mean, that really throttled Meta's business for a couple of quarters.
I mean, like, that was a big, that was a big quarter revenue miss because the gig was up.
Meta could no longer claim that cat videos, you know, sell sneakers.
They were really dependent upon attributing behavior through these stable identifiers.
But if you look at Meta's recovery in this post-privacy environment, they're doing just fine.
And how are they doing just fine?
Yeah, they're killing. They're a great quarter.
Because they're not, you know, laying awake at night, worried about.
user privacy, they've just gone deeper into the device and they've developed, you know,
different cross-app partnerships where if you're not, if you're not a meta user,
there's a meta SDK on that app and meta is monetizing you that way. I mean, it's,
what's a meta SDK? Just a little, it's, it's think about an SDK. Like when you build a house,
you've got a general contractor, that's the app.
The app is going to have a bunch of SDKs that provide functionality.
And a lot of that functionality is, you know, like I'm going to just use an SDK.
I'm not going to build my own proprietary payment capability, right?
I'm going to use an SDK that, you know, and the SDK is the plumber, the electrician,
the carpenter, right, to build your app and the functionality.
And so some of these SDKs are only there to collect.
data and monetize data for for uh question how does a guy or a girl who's working overseas whether
it's a case officer or an smu person how do they you know go about their jobs i guess it's i guess the
question doesn't even apply for just overseas but let's just talk about overseas how do they avoid
things like that outside of getting an unplugged phone okay yeah um so uh you know that i'm on the board
of advisors of unplugged.
So whether, so it goes down, goes back to this, how do we, how do we inject some friction
into the flow of our personal data to these opaque networks?
And the current configuration of all of the devices, you know, the two major
platform duopoly, they are, they are part of that cartel.
Which is Apple and Android, right?
Correct.
Yeah.
Just for the, for folks listening.
Yep.
And they are fundamentally incentivized to make their devices easy for an app to collect, extract, and monetize.
As a, as a user, we have to go how we have to think about how do I supervise or how do I supervise or how do I,
almost like an intervention before all of that data flows from my device to this opaque network.
How do I intervene and mitigate some of that?
And until we start thinking about privacy as an integration of hardware and software,
where privacy is built into the, is engineered into the device,
we're going to be susceptible to this.
So, you know, use a VPN.
There's nothing wrong with using a VPN, but all VPN is doing is mediating your traffic.
Everything that's going over that pipe has already been extracted.
So VPN is not offering you any privacy at that identifier layer or at that telemetry layer
from your device.
Privacy settings have already sort of blasted that.
It's really theater makes you feel good, but the app is going to figure out a way to either resolve your location or attribute you through the behavior of your device.
So until we mediate what an app is collecting on your device and give the user options to suppress that flow of telemetry, we're going to be, we're going to be, we're going to.
to be chasing this problem indefinitely.
Yeah.
And like, I'll give a free plug to unplugged.
You know, we're in the middle of talking about unplugged becoming a sponsor of the show,
full disclosure.
But, you know, I got a phone from unplugged and I did the orientation.
First of, the orientation is like opens your mind up to what the phone can actually do.
It's pretty incredible, honestly.
So if you are worried about your local.
or you know just all the kinds of stuff that could get sucked out from all these apps that we all get we all have
Unplug does seem like the right fit and I'm not like we're not getting paid not yet anyway so and I had the orientation and frankly I was I was extremely impressed by it like
especially the new operating system and Jacob one of the people that like you know I guess the customer success one of the customer success guys was like
like you know super dialed into it and uh and i remember texting jack murphy afterwards i was like
yo this phone is pretty fucking impressive like what you can and can't do it's like
and i hate to sound like i'm selling it because i'm really not like it's just the fact like
from what i've gathered from just the orientation and playing around with the phone is uh
it feels like a james bond phone because you could like reset it like super quick if you needed to
so outside of that I don't really think there's like another company doing that um
so it's a good point people are really worried about yep yeah and and the white glove
uh onboarding experience uh you know it's not just because you're super handsome d we do that for
everybody um i thought that was just for me god damn it that's part of the that's part of the
that's part of the that's part of the deal but you know the the the the
community has spent a lot of time and a lot of money developing, you know, special phones,
op phones. Unplugged is built for a consumer. So if we think about what we need to do for
operators, we don't want to create new signatures that are revealing because it's a phone
that has special egress points and, you know, acts differently. And, you know, acts differently.
and looks different than a consumer device.
Whereas the unplugged phone or a privacy,
a privacy phone built for a consumer is meant to not create new signatures,
that this is a special operator or case officer.
This is an individual who values privacy
and carries a device that enables that.
Without it looking like, you know,
one of these op phones that are concerning, considering the amount of data that an adversary can
collect and discover, okay, this is what an op phone looks like.
Show me all of the other op phones that are in my country or phones that look like that.
That's the math, a look-alike model is really how advertising targeting is built.
Show me, this person just bought a, you know, $150,000 G-wagon.
show me other people like him or her to target.
And that's the math behind this.
So, you know, we don't want to build new technology that is specific to a community.
This is privacy, but the new substrate of tradecraft or OPSC starts with privacy and all that ambiguity that I...
Yeah.
I mean, it's interesting how, you know,
I've heard a couple CIA guys talk about
how it's going to be very difficult to do like the
what do you how do you would you describe it like the
legacy style of
human collection because
you know ubiquitous technical surveillance is everywhere
and specifically if you're
liaison in an embassy somewhere like you're going to be
you know, the Cyclops Eye will be pointed at you specifically.
Any like tips or tricks that you would give?
Obviously, I guess you can't really say it out loud if you do have like real, real insight.
But like what can somebody like that do?
Or what will human intelligence really look like in the next 10, 20, 30 years?
Yeah.
You all have had people that have worked this problem.
you know, ubiquitous technical surveillance almost became this living, breathing thing that
constrained.
It is constraining, but it is going to require that we think about tradecraft or the operation differently.
And we've seen this before.
where we have historical references.
The agency is infamous for something called Moscow Rules,
where you need to figure out a different way to operate in a really hostile, aggressive environment.
And they did.
And some of the things they came up with were crude, but creative as hell to enable, to be able to operate and create those windows,
those gaps where they could have a meeting without physical surveillance.
And this environment is really is no different, this new environment and ubiquitous technical surveillance where, you know, there is no neutral ground anymore because who knows in some of these countries, all of their telecom has been, you know, gifted by China as part of their Belt and Road initiative.
So there's no neutral ground in it safely.
Like everywhere is a hostile environment or could potentially be a hostile environment because of ubiquitous technical surveillance.
And so this just is going to require a more holistic approach to operational readiness.
If you are making that left turn into CIA headquarters every day with your phone on and you think you're going to go black anywhere,
forget it. It's not possible or it's possible but with significant risk. So how do we how do we
mitigate this and how do we create how do we refabricate some some ambiguity so that we have this
operational range? And I think the first step is really looking at this commercial data
problem and applying solutions that add some friction to that, to that, the velocity of that data
that's flowing.
So, you know, you've been working in the space for a long time.
Do you think that now, I mean, I feel like it's been trending this way for a while,
like technical surveillance and SIGINT is becoming the dominating intelligence, right,
compared to like, you know, giving a guy 10 grand a month for information about the Chinese military or whatever.
Do you think like humans kind of taking the backseat to now SIGA because, you know, everyone's on their phones and trying to find a way to penetrate them or, you know, what do you think?
So I think that in terms of, you know, targeting an asset, developing that asset, validating that asset, I think there are a lot of things that all of this commercial data.
enables us to do, you know, below the threshold of risk and before we even begin that
recruitment process to understand who we're dealing with and what their value is, almost no
differently than, you know, a company that's trying to determine the value of a customer based
upon who they are, what they've bought, where we can apply those same techniques. I think that
human relationships will always, always be critical when you're in these types of transactions.
But I think that, you know, the technical open source publicly available information,
commercially available information will help us target with more precision with lower risk.
It's interesting.
There was an article.
We spoke about it a little bit on the episode.
before this one um where um russia and naren like have hit up kids on like uh video game servers
essentially giving them like a couple hundred bucks maybe a grand to go like do some bda or even
sabotage like place bombs and stuff like that um it's interesting like you mentioned like the
it's relatively crude right like this is a crude way of doing it it's like maybe the guys the kid that's
going to take a picture of a bomb site or plant a bomb.
Like that's like a one off kind of these like a one off one use case and then the
kid's fucking life is ruined.
Um, it's interesting the ways that different intelligence agencies are, uh, trying to get
things done, right?
It seems way more cost, cost efficient and stuff like that.
So it's an interesting world.
I don't have a question, but that's, that use case is, is one of those.
Look, if you can sort of activate the gig economy through these methods,
so long as that gig is doing legitimate commercial work and not something that's
been stood up on behalf of, you know, if these third-party collection platforms,
and there are companies that do this.
If they are able to develop situational awareness through either, you know, photographs or whatever the assignment is.
But if they're doing that for legitimate commercial purposes and then they can sell that data to the government, it's a much safer approach versus standing up a contract.
And having, you know, this contract be specific to a U.S. government entity, that just, that's where, that's where, you know, people who are trying to make some, make some coin or tokens or however the payment stream is, that's how they get in.
Yeah. Yeah, it's an interesting, ever-evolving world, this stuff.
but yeah again i'm not trying to plug unplugged but i was and i'm a cynical of fucker like i you know
i think people know that about me that watch eyes on um i was very impressed by the phone like
extremely impressed by it um because i don't really know what to expect until we did that uh you know
that white glove orientation and uh it really opens your eyes so like if it was incredible and i you know
i'm really looking forward like they're going to likely be sponsored
or working with us.
So I'm excited about that because it's actually a product that works.
You know, it's a good thing.
So it's going to be a high performance.
You're going to all of the everything that you expect from a smartphone.
Apps that you're using will function just as you normally expect them to function.
But that disintermediating that data flow does not encroach or.
interfere with the functionality of the app.
So as a user, you're not sacrificing or trading off anything in terms of functionality
to have engineered privacy into the device.
Yeah.
Interesting too, like the sketchiest apps, not the sketchiest, but they're the ones
that track the most are like the ones you wouldn't even think of, you know, like the
state format app or something.
And I know like people use the apps like test,
monitor their driving and you know to maybe lower their rates but they they go at it pretty
fucking pretty aggressively honestly or or an app that you know the scrapbookers use or you know
people who are selling their art or crafts out of their garage you know that app begins with
the P they really understand the behavior of their users yeah I could say I could totally
see that. I was thinking Etsy once you said that, but I'm trying to think I can't really come up
on top of my head.
Same Etsy and Pinterest. Gotcha. Yep. Yeah. But when you, when you understand what's going on and you
can see it, and what's even, what's even more compelling is when you take that telemetry,
which to a normal person like you and me means nothing, right? It looks like telemetry. And you
dumped that into, you know, chat GPT or Claude and give it an instruction like, find me
some patterns that are unique or tell me about this user in a, you know, develop the pattern of life
based upon this data. And it just, it unravels your story big time. And if we think about it at
scale, like, okay, do this over the course of a year. And tell me how this person is different
from everybody else, that's where it becomes, you know, a state sponsored approach becomes
operationally significant.
One question, like, about the data sets that people buy are like, you know, adversarial
countries buy or whoever buys, are those data sets like up till this date or is it like continuous?
Like you're continuously getting the same data based on like the whoever the cohort of people that you bought.
Is it like a subscription or you pay like a lump sum?
Like how does it work?
You can do a big data buy.
You can do a subscription.
It's near real time based upon, you know, the processing and when they're doing the extraction.
You know, if you think about people have talked about.
you know, all of a sudden at, you know, 2 a.m., my device just started firing off and processing.
So this is, the extraction, you know, happens on a sort of a scheduled basis.
It's not pure real time, but it's near real time.
I got you.
Up to date within easily, you know, 12 hours.
Yeah, that's pretty, that's insane.
Which if you're trying to target, you know, you're trying to whittle down or you're targeting and you go from 100,000 people who have top secret clearances in the DC area to, you know, the 50 that are doing things with their device that indicate an operational posture like powering down your phone in the middle of the workday against the population that never does that.
You are the anomaly and you've got a clearance and you're powering down and who else is powering down around.
the same times, et cetera, et cetera. And when your phone powers back up, all of that backfill
shoots off to the various apps. So, you know, this is how it works. And it's not that complicated,
but it's something that people who are dealing in life and death, not just advertisers,
but they're dealing with an adversary that's going to target them in a way that is, you know,
the metrics are far more acute.
This is something we need to fix.
Yeah, you brought up a great point.
Like, you know, in a city where, you know, everyone's on their phones all day.
And like, there's a specific amount of folks that just shut their phones down.
And that would stick out like a sore thumb and would not be hard to kind of.
sift through specifically too if you add like you know large language models to it too like you know
I can see it being as easy as fucking pie to figure out yeah I mean you power down your phone there
isn't some parameter that says you're a drug dealer you're a spy you're committing crimes you know
it doesn't but again it is a behavioral indicator that is anomalous compared to the rest of the
population that never does any of those things fair day bags
toggling between airplane mode when you're nowhere near an airport and, you know, you're trying to
provide some, some obfuscation to what you're doing, but all you're really doing is nominating
yourself for inspection. Yeah. Yeah. I mean, I hope that like, at least like off, you know, case
officers, analysts, whoever, whoever's working in Intel or J-Soc, you know, national security professionals
with top secret clearance,
I hope there's like some ways of like spoofing that to.
You know what I mean?
Like there's got,
I'm assuming there is like for the love of God.
But I could see where people,
you know,
don't think it's a big deal.
Even somebody with top secret clearance, right?
It's a wild world we live in, man.
It's like this whole second like,
dimension of where we live, you know?
MySpace only wish they were around today.
right?
Yeah, for sure.
100%.
They'd be making tons of money off selling data.
Just targeting ads.
Absolutely.
Mike, anything else, man?
You tell me the floor is yours.
No, man.
I think we got it.
Look, there are solutions out there.
I joined the board of unplugged because, frankly, I got sick and tired of standing in front
of these people who are desperate for a solution.
and not really having anything for them.
That wasn't some fancy op phone.
So this convergence of privacy as that substrate trade craft makes a lot of sense to me,
having spent over a decade talking about this and educating this community about this.
And look, we don't have the cognitive capacity to be monitoring and
toggling and thinking through all of these risk surfaces.
Layered on top of we are in a denied area.
We're on the X.
We've got people shooting at us.
I'm not going to sit there and worry about my stupid device.
So we need something that just is a permanent state to remove that that cognitive burden
from people who are already in a high risk situation.
We don't need to add more to that.
And that's where I see this is a variable in that, in that solution space.
Yeah.
Mike, a pleasure, dude.
I want everybody to know that, like, if you want to know more about Mike's career,
the kind of shenanigans he got up to,
we have a long form interview with him on the team house.
I'll put the link in the description for that.
Yeah, it's kind of like,
When you sit and think about it for a little bit, especially like a layman, like myself, it's, it's kind of daunting to think about.
And, like, it feels like an impossibility.
Like, you can't avoid being on the phone and stuff like that.
And I think we really, like the normal, like, you know, the masses, we really give up information about ourselves.
We trade it off for, like, convenience, right?
And I think if everyone's a little bit more cognizant of it, I think it would be beneficial for them, just as a whole.
If you're in the operational community and you're struggling and you know that you need to do something, contact me, I will help you.
Cool.
You want me to put your LinkedIn and stuff like that?
Is there anywhere else you want people to follow you?
Yeah, that's about it.
All right.
So the LinkedIn, I'll put it down in the description and grab it there.
And if you're listening on audio down in the show notes as well.
Mike, awesome.
As always.
Thanks, stay.
Appreciate it.
Hey, guys.
I want to take a moment to tell you about the Teamhouse podcast newsletter.
If you go and subscribe, it's totally free.
And what it will do is aggregate all of our data, all of our content that we put out,
the things that are on the team house, on our geopolitics podcast, eyes on,
things that I write journalistically with Sean Naylor on the high side,
anything else that we have going on, books we recommend,
upcoming guests that we have coming on the show and also, you know, filtering in some fun stuff
in there as well. If you go and check it out, we send it out just once a week. We don't want to
spam you guys. It's just a kind of roll up of all of our content on a weekly basis. You can find
our newsletter at teamhousepodcast.kitt.com slash join. Again, the website for that is
teamhousepodcast.com slash join. So we hope to see you there.
The link will be down in the description.