[emXdem]

Tradecraft hasn't changed much. It has been fairly well tested. Operational security and information security have not changed much... They have become more difficult with cell-phones and small internet connected devices.

I think another big difference and a subject that probably would be included in a redo is understanding how all of the modern data generating systems can reveal covert activity through the analysis of metadata and how to "hide in the noise" of this.

The geospatial correlation of burner phone to actual identity if one does not practice good sanitation as far as locational security when accessing wireless networks as an example.

[jacquesm]

I treat my cellphone as though I have an always-on homing beacon on me that can not be trusted to be off even when it says it is off. And that's not even a smartphone, so I can still remove the battery if I want to. Now throw ANPR, face recognition, cheap DNA synthesis, ubiquitous video surveillance, public transport ID cards and a some more modern goodies into the mix and it takes real work just to move from 'A' to 'B' without leaving a trail a mile wide.

[gaius]

There is that, but there is also the massive palaver at Gatwick which reveals that the authorities aren’t actually very good with modern tech.

[sn41]

They aren't good. Hence the dragnet approach of collecting all data, and then waiting for Google or some such entity to come up with the research for mining methodology.

[maroonblazer]

I’m going to presume you’re not conducting illegal activity such that you’re worried about getting caught. Given that presumption, what risks are you trying to mitigate by treating your cell phone as you describe?

[jacquesm]

Knowing what companies are on the market. My cell phone location would pretty much tell you who is being invested in or about to be sold. That could really cause trouble.

[mef]

if a party was going to go to the trouble of getting access to your phone geo data, couldn’t they just as easily put a tail on you?

[jacquesm]

I don't think that would be a strategy that would work for very long, and besides that, why make it easy?

[sn41]

William Binney once said in an interview that one could also analyze which pair (or cluster) of cellphones went off together, and then analyze possible rendezvous.

I think one way to circumvent this is to force all participants to keep the cellphones in their offices/homes, and then meet elsewhere at a predetermined time, with no one carrying phones.

As many security professionals often say, it's not about whether I do any illegal activity, it is also about whether someone can "impersonate" me for various crimes like phishing. The less sensitive information people know about you, the safer it is for you.

[A2017U1]

I live in a country which retains phone location data for 2 years and can be warantlessly accessed by hundreds of government agencies down to tiny local councils and has zero oversight. Would love to "mitigate" the risks of that information falling into the wrong hands whether legally accessed or not, sadly it's too much effort so I don't.

[emXdem]

Someone you know may be without your knowing and you can be snapped up in the "drag net"...