Government officials are kind of bad at the internet
Perhaps no one in the world has made such catastrophic tech flubs this year as U.S. Secretary of Defense Pete Hegseth.
The saga started when the editor-in-chief of The Atlantic, Jeffrey Goldberg, reported that he had been mistakenly added to an unauthorized Signal group chat by U.S. National Security Advisor Michael Waltz, where numerous high-ranking government officials discussed detailed plans for attacking the Houthis in Yemen, including the times and places where such attacks would occur.
To be fair, we’ve all made some embarrassing tech mistakes. But for most people, that means accidentally liking an ex’s Instagram post from five years ago — not sharing top-secret government military plans on a commercial messaging app with unauthorized recipients.
This mishandling of massively sensitive information was already troublesome enough, but this week, The New York Times reported that Hegseth shared information about the attacks on Yemen in another Signal chat, which included his lawyer, his wife, and his brother, who had no reason to receive such sensitive information; Hegseth’s wife doesn’t even work for the Pentagon.
These security failures are particularly egregious — how do you manage to accidentally loop in a journalist on your military plans? But this is far from the first time that contemporary technology has landed global governments in tricky situations — and we’re not just talking Watergate.
Stationed in the military? Don’t use Strava
The fitness tracking/social media app Strava can be a privacy nightmare, even for your average athlete. The app allows people to share their exercise logs — often runs, hikes, or bike rides — on a public account with their friends, who can like and comment on their morning jogs in the park.
But Strava accounts are public by default, meaning that if you aren’t savvy enough to check your privacy settings, you will inadvertently broadcast to the world exactly where you work out. Strava defaults to hiding the first and last 200 meters of a run as a means of obscuring where someone lives, since people are likely to begin and end runs near their home.
For anyone on the internet, it’s still risky to broadcast a 200-mile radius of where you live, but it’s even more dangerous if you’re a member of the military at a secret base, for instance.
In 2018, Strava unveiled a global heat map, showing where in the world public users have logged activities. This doesn’t really matter if you’re looking at a map of New York City, but in places like Afghanistan and Iraq, few people use Strava aside from foreigners, so one can assume that hot spots of activity may occur at or around military bases.
To make matters worse, users could look at certain running routes on Strava to see the public profiles of the users who logged activities there. So, it would be possible for a bad actor to find a list of U.S. soldiers stationed at a certain base in Iraq, for example.
Joe Biden’s not-so-secret Venmo
Venmo is a peer-to-peer payments app, yet for some reason, it defaults to publicly sharing your transactions. So, by simply opening my Venmo app — which synced my Facebook friends to my account at some point, probably over 10 years ago — I can see that two girls I went to high school with got dinner together last night. Good for them.
The information we share on Venmo can be pretty boring and benign, but dedicated fans of reality shows like “Love Is Blind” will search for contestants’ accounts to predict who from the show is still dating (if the couple sends each other rent money, then yes, they probably live together).
So, if you can find reality stars on Venmo, why not search for the president?
In 2021, some BuzzFeed News reporters decided to search for Joe Biden’s Venmo. Within 10 minutes, they found his account.
From Biden’s account, the reporters could easily find other members of the Biden family and his administration and map out their broader social circles. Even if a user makes their account on Venmo private, their friends list will remain public. When BuzzFeed News contacted the White House, Biden’s profile was wiped clean, but the White House didn’t provide a comment.
So, yes, reporters did indeed locate the Venmo accounts of Pete Hegseth, Mike Waltz, and other government officials, too. Some things never change.
Encrypted messaging can’t protect you from cameras
You can take all of the precautions you want to protect your messages, but nothing can save you from the looming possibility of human error.
Carles Puigdemont, the former president of Catalonia, led a movement in 2017 to attain independence from Spain and become its own country. But the Spanish government blocked this attempt and ousted Puigdemont from leadership. When the Spanish government issued a warrant for the arrest of Puigdemont and his allies, they fled to Belgium.
A few months later, the Spanish media attended an event in Belgium where Puigdemont was expected to speak — he sent in a video of a speech instead, but as the clip was playing, a Spanish broadcaster noticed that a former Catalan health minister, Toni Comín, was texting with his screen fully visible.
The camera operator zoomed in on Comín’s phone, exposing texts from Puigdemont, where he had resigned himself to defeat in his attempts to bring about Catalan independence.
Puigdemont later tweeted that he was expressing himself in a moment of doubt but that he didn’t intend to back down.
No matter what steps you take to encrypt your private messages, you might want to look over your shoulder before reading sensitive information in public — especially when you’re texting with a self-exiled former president.
