Part 1: How to get away with murder in Singapore

Steven Goh | CEO -

First things first, this is not a guide for murder. This post is a guide on how you can stay covert in Singapore. Specifically, a guide to good OPSEC (Operations Security) in Singapore. Having good OPSEC means knowing how to get under the radar of the Singapore authorities, and to escape mass surveillance. And if you somehow commit a criminal act and you need to avoid the authorities, this is your guide.

Why you should trust me

  1. I am a computer programmer, and I know my systems, the limitations of the systems AND the prevalence of systems
  2. During my arrest when I was 17, I was given a full stack of evidence (against me) which I had to help the police decipher (because they don't know better)
  3. I have come across programmers and people working in secrecy in the upper echelon of the state -- and inevitably, they always share enough for me to piece things together

Singapore is a small country

There is a good reason why crime rates are ridiculously low in Singapore. You might want to thank the efficiency of the police, but that is not the reason. It is the fact that Singapore is so small and densely populated that you cannot escape the constant surveillance in every inch of the land.

Big Brother knows where you are, all the time

I wish I were kidding when I say that given a phone number, the authorities can get a real-time lock on where you are at any point in time. There are multiple ways that the authorities can achieve this.

Cell tower triangulation

Have you noticed that you cannot purchase a phone number, be it pre-paid or post-paid without personal identification? Given a phone number, some employees can find out your location in real-time.

And I say that because I interviewed a programmer who was part of the team building such a system for Singtel. And he, the (foreigner) programmer, had access to such a system. And because such a system exists, you can be sure that the authorities have access to it.

Google has it

Do you know your Android phone tracks your location EVEN if you have rescinded the permission for Android to get your location? And it sends it right back to Google's Sensorvault. With a warrant, our local police can gain access to your location, both past and present.

Big Brother knows which apps you are using (and what you are posting on the internet)

Singtel resells our data to third parties. If Singtel does it, I am pretty sure the other smaller telcos do it too.

Singtel knows which mobile apps you are using because apps communicate with their home servers.

For example, Tinder will always communicate back to servers with the hostname tinder.com. And this meta-information is still visible EVEN if your data connection is encrypted (through HTTPS).

Also, telcos know which websites we are visiting, even if the website is encrypted. Technically, it is because they run DNS servers, and DNS queries give away the domain name. So while the body of a data packet is encrypted when you browse a website, Singtel will still know that you are browsing THAT website.

For example, Singtel will always know that you are browsing an adult forum like Sammyboyforum, even though they might not know if you are seeking out that hooker from China or if you are reading some erotica.

Disclaimer: What I do not know for sure is if identity is tagged to the data. There is SOME chance that they might be anonymized before selling it. Probably not.

Demand for data

Now, even if you somehow manage not to have your incriminating message caught up in some mass surveillance alert filter with the authorities. For example, you tried to sell drugs on Telegram.

Now, that is just stupid.

First things first, Telegram is not secure by default. I do not even think that Telegram is secure also if you use their "secret chat" option because they invented their cryptography stack and cryptography is super hard because you have to get it 100% perfect. Essentially, you can posit that Telegram stores ALL messages, images and videos for posterity on their servers.

How do you think the administrators behind "Nasi Lemak" group were arrested so quickly?

All the Singapore Police Force had to do was to draft a warrant and send it to Telegram. And Telegram will immediately respond. No businesses will risk access to an entire country to protect you. You are just one user (who is probably not even paying for their services).

In the same vein, the authorities can and have historically demanded data from internet business of sorts -- Google, Facebook (which owns Instagram and Whatsapp), etc.

So do not think ever assume that any foreign tech giant's platform is safe harbor, ever.

Big Brother knows what you are buying

Why do you think the government is trying so hard to have e-payments succeed? Why do you think the government is pushing so hard for hawker centers to convert to e-payments like NETS? Do you think it is about convenience?

No, they want to track it. Historically, hawker store owners have always under-declared their revenue, and there is nothing IRAS can do other than sitting in front of the store and counting customers.

If you pay for something digitally, you can be sure the authorities have access to that information.

Big Brother knows where you live

NRIC? This is obvious, and I will not go into it.

Big Brother has your biometric details

Your biometric information are gathered every time you travel out of Singapore. These include your picture (for facial recognition), your fingerprint and your gait (another data point used in AI to identify people)

So, how do you get away with murder?

If you cannot even get away with riding PMDs in Singapore without getting caught, how do you think you can get away with murder?

Unless...

Till my next post where I will try to share some ideas on how you can stay under the radar of the Singapore authorities.