It’s bad enough that our phones and cars (and vacuum cleaners and doorbells) track, save, and sell our texts, phone calls, and location data. But that may be just the beginning. From Mark Jeftovic’s Axis of Easy daily briefing:

China Hacks US Telecom Giants in Massive Espionage Operation

The “Salt Typhoon” hacking campaign, attributed to China, has infiltrated major U.S. telecommunications companies AT&T, Verizon, and Lumen Technologies in one of the largest intelligence breaches in American history. Hackers accessed call metadata, live phone conversations, and CALEA [Commission on Accreditation for Law Enforcement Agencies] compliance systems—used for lawful surveillance, sometimes involving classified Foreign Intelligence Surveillance Court orders. Despite the breach’s scope, the FBI will not notify those affected or confirm if classified materials were accessed. Targets included political entities such as Donald Trump’s and Kamala Harris’s campaigns and Senate Majority Leader Chuck Schumer’s office.

U.S. officials recommend encrypted messaging apps like Signal and WhatsApp, alongside robust cybersecurity practices such as timely updates and phishing-resistant multi-factor authentication, to safeguard communications. Encryption, as emphasized by Jeff Greene of CISA, remains critical: intercepted data becomes unreadable when encrypted. The FBI describes the campaign as traditional espionage focused on intelligence collection, particularly in Washington, D.C., dismissing links to election interference.

Critics, including Senator Ron Wyden, have decried reliance on CALEA, arguing it exposes sensitive communications to hacking. Privacy advocates stress end-to-end encryption as essential. The breach’s resolution remains elusive, with officials unable to predict when compromised systems will be secured, reflecting the scale of China’s intelligence operation targeting U.S. infrastructure.

Conclusion

If this is what we know is happening, imagine what’s happening that we don’t know about. So we have to assume that our day-to-day communications are visible to some bad actors at least some of the time — and to some others all of the time.

For communications that we don’t want to be surveilled, the above article mentioned some basic steps like two-factor verification and encrypted apps. Past posts in this series explain some others, including:

Becoming Invisible, Part 3: Hiding From Google (5/22/23)

Becoming Invisible, Part 4: How To Choose And Use A VPN (6/10/23)

Becoming Invisible, Part 6: iPhone Privacy Settings (7/27/23)

Becoming Invisible, Part 7: Android Phone Privacy Settings (8/4/23)

Becoming Invisible, Part 9: Burner Phones (9/9/23)

Becoming Invisible, Part 14: Proton’s Latest Tools (4/6/24)

Becoming Invisible, Part 15: Don’t Let Roomba See You Hide Your Gold (11/1/24)