Operating in the Open: Comms, Tracking, and Counter-surveillance in a Connected World

For intelligence, national security, and law enforcement professionals, maintaining domain awareness is critical. At its core, domain awareness is the comprehensive real-time understanding of specific operative environments (digital, physical, and hybrid) to effectively and efficiently detect, assess, and respond to emerging threats. For ECHO Intelligence readers—both public and professional—maintaining domain awareness is a continuous process leveraged to inform decision making, operational and investigative responses, and ensure operational security (OPSEC) in daily and professional life. To this end, this ECHO brief provides readers with novel and lesser-known technologies, tools, and their professional and personal applications.

Analyst Note: Components discussed within this brief do not represent a comprehensive picture of technologies and tools capable of exploitation in surveillance, countersurveillance, and communication. ECHO encourages readers to adhere to the highest ethical and legal standards when leveraging technologies contained in this writing.

Communication:

Today, information exchanges and communication occur in real time across a complex ecosystem of platforms and applications—including social media, mobile networks, encrypted messaging applications, voice-over-IP services, and peer-to-peer communication tools—enabling the rapid coordination and diffusion of influence at previously thought-unprecedented scales and speeds. These tools allow private individuals and threat actors alike to coordinate, mobilize, and obscure action and intent faster than traditional monitoring techniques can respond.

The public, criminal actors, law enforcement investigators, and intelligence professionals alike are at least cognizant of the capability of ‘tapping’ and monitoring cellular communications, social media, and online messaging platforms—at most, law enforcement and intelligence professionals are leveraging these tools to detect, monitor, and interdict on emerging threats before they make the latest news chyron.

In 2020, a new low-tech project with licit intent emerged with potential mass implications on emergency, criminal operations, and clandestine communications. Enter Meshtastic—a long-range radio (LoRa) node-enabled communications system completely not reliant upon internet or cellular access. The Meshtastic project and its systems enable users to send encrypted text messages and GPS coordinates over unlicensed radio bands. The communication technology leverages the Advanced Encryption Standard with a 256-bit key (AES-256), a robust encryption algorithm with current civilian, government, and military applications. For the layman to understand the encryption security, it would take billions of years to brute-force through the encryption key via trial and error with current technology. For the intelligence/NATSEC readers, AES-256 is approved by the National Security Agency (NSA) to protect classified information up to the Top Secret designation.

Anonymity from prying eyes is another central selling point for potential users. No one—including internet and cellular providers or government and law enforcement agencies—other than the intended recipient(s), can read the messages (absent physical access to the devices)—the setup process is just as anonymous. The devices require no phone numbers, accounts, or SIM cards to use, leaving effectively zero metadata leakage for criminal or surveillance actors to exploit. Meshtastic allows users to communicate on pure ghost signals, leaving only physical access to devices, RF signature mapping, and social engineering as ways to infiltrate the closed channels.

The only drawback: Range and Topography. Under ideal conditions with an unobstructed line of sight, Meshtastic devices can communicate from 5-10km (3-6 miles) or more. The range is highly dependent upon the antenna quality and radio power settings of the devices used and any environmental factors during use.  The range of Meshtastic devices can be significantly reduced in urban environments due to structural interference, with consistent communications at less than 1km.

Despite range limitations, Meshtastic represents a potential paradigm shift in off-grid and anonymous, decentralized communications. In the current era of pervasive digital and communication surveillance, communication tools like Meshtastic challenge conventional intelligence collection and emergency communication archetypes. Whether leveraged by private privacy-conscious citizens, humanitarian teams operating in nonpermissive environments, or criminal networks seeking to evade surveillance by law enforcement, Meshtastic’s resilience against monitoring and its independence from traditional communication infrastructure makes it quickly emerging novel tool—and growing blind spot—for professionals tasked with identifying and interdicting on emerging threats.

Surveillance/Geolocation:

Communications aren’t the only component driving privacy concerns in today’s age of enhanced surveillance. Digital footprints increasingly bleed into physical movements, and the line between physical presence and digital privacy grows thinner by the day. Tools like Wigle and Kismet actively reshape how wireless signals are mined and exploited for insights, surveillance, and targeting. Originally developed for hobbyist mapping and wireless detection, the Wigle database and the Kismet tool now give investigators, intelligence professionals, law enforcement, and threat actors a powerful edge in OSINT, geolocation, surveillance, and countersurveillance. Whether you’re a practitioner or a potential target, understanding how these tools work is critical to personal, operational, and investigative security.

Wigle operates as a crowd-sourced, global database that maps the geolocation of Wi-Fi networks, Bluetooth devices, and cell towers. Users build the database by contributing and uploading data gathered through mobile apps and wardriving tools like the Wigle WiFi app or Kismet. The platform visualizes this data on a global map and allows registered users to download it for further exploitation or research.

For the private citizen, any Bluetooth-enabled device constantly emits signals that broadcast identifying information such as MAC addresses, device names, and in some cases, model and manufacturer details. Tools like Kismet—paired with proper hardware and software—can passively or actively capture these emissions. Operators can then track devices with static MAC addresses across traveled locations. While MAC address randomization can harden devices against such tracking, ECHO notes that persistent surveillance remains possible even against randomized signals.

The privacy and OPSEC implications for both private citizens and law enforcement/intelligence agencies are significant. Carrying devices with Bluetooth or Wi-Fi enabled allows actors to track your movements across locations. Tools that extract device metadata—such as model and manufacturer—can enable unwanted surveillance actors to fingerprint and uniquely identify individuals. Combined with common OSINT and SOCMINT techniques, Bluetooth tracking via Wigle and Kismet can expose patterns many users would prefer to keep private, including home addresses, commutes, and personal habits.

While everyday citizens may trade privacy for convenience, this type of tracking poses serious physical and operational risks to law enforcement and intelligence professionals.

Basic countermeasures include:

1. disabling Wi-Fi and Bluetooth when not in use,

2. enabling MAC address randomization where available,

3. avoiding connections with unknown or unsecured devices, and

4. turning off auto-connect features.

ECHO strongly recommends that law enforcement and intelligence professionals store personal and professional devices in Faraday cases when not in active use. SLNT offers a range of Faraday bags, sleeves, and backpacks suitable for various device sizes and daily operations.

Countersurveillance Digital Evasion:

Whether you're a private citizen conducting sensitive research or a law enforcement or intelligence professional conducting investigations or threat monitoring through OSINT or SOCMINT, OPSEC isn't optional. It's a prerequisite. As digital activities become increasingly sensitive, the likelihood of your digital footprint being observed, tracked, and exploited by unwanted prying eyes increases—a sentiment all too well known to those whose work involves terrorist or violent extremist actors and organizations, foreign intelligence services and militaries, or criminal networks. For the layman, basic and surface-level OSINT and SOCMINT can be conducted passively on conventional operating systems, such as Windows or macOS. Further down the rabbit hole, these operating systems leave investigators and intelligence professionals far too exposed, with numerous digital artifacts left behind that could potentially expose their identity or affiliation. In non-permissive digital/online environments, Tails OS— The Amnesic Incognito Live System—offers a robust, portable, and privacy-focused alternative to the standard, run-of-the-mill OS.

Tails OS is a security-hardened Linux-based operating system that runs entirely from a USB. Differing from conventional operating systems, which store data on internal hard drives, Tails OS is designed to run in live mode and leave no trace of activity on the host machine unless explicitly configured to do so. This operating style makes Tails OS ideal for high-risk OSINT, browsing, and sensitive data collection, particularly when operating in contested or hostile online environments or violent extremist online spaces.

For the law enforcement or intelligence operator, here's what you need to know: All network connections while leveraging Tails OS are routed through the Tor anonymity network, which obfuscates your physical location and online traffic. All DNS requests, IP addresses, and browsing history during use are anonymized by default, making your digital identity less vulnerable to targeted digital surveillance entities that aim to trace your activities back to your physical device and real-world identity. Unless enabled by the user, there is no persistent storage of data and browsing history; each Tails OS session starts fresh with the RAM automatically erased on shutdown. The "amnesic" behavior ensures your OPSEC even if a device is seized, stolen, or examined post-use. Tails OS further leverages built-in cryptographic tools for secure file encryption via GnuPG, encrypted messaging via Pidgin and OTR, and file deletion using gold-standard methods for forensic device wiping. Lastly, Tails OS enables MAC address spoofing by default to prevent wireless tracking on networks.

It's important to note that Tails OS isn't an OSINT silver bullet. Unless you employ proper OPSEC methods when conducting OSINT (i.e., using burner accounts, minimizing browser fingerprinting, and robust sock-puppet account compartmentalization), you still risk exposing your physical location and personal identity. Online hygiene remains the top priority.

Closing Note:

In the contemporary age of enhanced surveillance, digital noise, and the blurring of operational and personal domains, maintaining proper domain awareness requires more than simply maintaining technical competence—it demands deliberate tradecraft, adaptive thinking, and a commitment to proactive and innovative OPSEC. Whether you’re an ECHO reader interested in improving your privacy or a law enforcement or intelligence professional conducting sensitive work in online contested spaces, tools like Meshtastic, Wigle, Kismet, and Tails OS offer both opportunities and risks. ECHO Intelligence encourages practitioners and readers alike to regularly red team, assess their vulnerabilities, adapt to emerging technologies, and approach any environment—physical, digital, or more often, hybrid —with the same rigor demanded in any mission. Operating in the open isn’t a weakness; it's an inevitable reality. Awareness gives you the upper hand.