I am a security researcher and three letter agencies have talked to me more than a couple times about their interest in my work.
I got a used manual transmission easy to repair vehicle with no internet, no cell phone, I only use cash IRL, and the only device I travel with is a QubesOS laptop.
If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
A former NSA guy worked with me seventeen years ago. He had been retired for five years from the agency at that point we worked together.
He did not own a mobile phone or any internet connected device. Was staunchly against it. This attitude was based on what he knew were the surveillance capabilities in 2003. Ended up retiring to a mountain cabin that was off grid.
Maybe he was crazy, but he never seemed like the prepper type. Just very very sober and serious about avoiding electronic communications.
Purchasing things online I sometimes use anonymized bitcoin, or prepaid credit cards purchased with cash. Most of the time I use bank cards like anyone else. Almost everything but appliances is shipped to a P.O. box.
IRL I only use cash which makes my movements around the real world mostly invisible digitally speaking. What I buy at the pharmacy etc is not tracked or sold to insurance companies, etc.
Never seen contactless payment be a hard requirement. Everyone takes cash eventually if there is a human to talk to, though I do sometimes end up using a frequently rotating prepaid credit card for things like parking.
Well, these measures are a bit outdated. To be tracked now you don't need to access someone's personal devices. You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too. Your home address is also logged through many ways but primarily your tax filing and driver's license. Your home internet can be logged one way or another too, at router level (think of the many exploits against that). What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle. And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you? FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely. What about personal connections like friends and family or work that could be a weak link? and many ways without going into further details. So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't. If they want to track you, they have all the resources (technical, legal, etc.) needed to do so.
>FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.
Don't Airtags now notify the nearby user if they are being tracked? I have heard of airtags getting modded to remove the speaker but Apple bypassed this with software updates that alert you out of band(as far as I know). Your assertion would require government to have special Airtags that iOS ignores no?
If apple really wants to (and put their money where their mouth is when it comes to those stupid "Pro Privacy" ads they run), they can start by filing a CFAA lawsuit against said agencies.
Privacy is like diet, it is not a zero sum game. The less data we give to advertisers and governments the better. The point is to increase the expense of tracking and create as many holes in their databases as possible.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/
firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.
Maybe in US but in various parts of Europe this ain't true, you cross certain threshold for power or speed and license plate is required, with corresponding insurance - same for e-scooters.
Ie in Switzerland thats 20kmh so basically all of them since they often cut off at 25kmh. Almost nobody does that for weaker ones and thus police keeps taking them and then you see police guys riding around say Geneva on various e-scooters.
At least by reading all of the above, it seems they have something like Genode (running on https://sel4.systems/ , amongst others ), but instead of some academic research thing, widely deployed commercially, running on consumer ready devices of all sorts.
Lately all based on that HongMeng kernel thing, comparable in performance to SEL4, utilizing containerized Linux-drivers by way of compatibility-shim, still fast.
I really appreciate the scorched earth efforts to redo computing with security from the start, but personally I have reached the conclusion that compatibility is key to adoption, and that desktop focused linux distros like ubuntu with yolo security being used for servers is the practice causing the most harm we must end as soon as possible.
QubesOS falls really short in supply chain integrity, and server solutions, but IMO the overall hypervisor/IOMMU isolation architecture is the most practical and compatible way forward though nowhere near as elegant as some of the ideas in Genode.
In EnclaveOS my team and I chose to focus on remote attestation and best available security isolation technologies available to most server CPUs while still using (hardened) linux kernels. We talk about this here: https://distrust.co/blog/enclaveos.html
> What about your laptop hardware? Definitely it isn't open source.
On some older Thinkpads you can install Coreboot/Libreboot. Or even buy them with that, if flashing the firmware seems to complicated/risky, or necessitating buying equipment one does not have at the ready. Same goes at least for some routers, with OpenWRT, or the likes, or depending on the used connection technology going 'full personal computer' with some Linux/BSD again, with even more options regarding Core-/Librebroot/Dasharo underneath. There are always some paths for at least some aspects of that stuff. Most funny thing, if you don't trust your switches is something like https://www.apalrd.net/posts/2025/network_smartsfp/ <-that's not the only one. Imagine a cluster of firewalls in your ports!1!!
The question is if it's worth it? Or maybe more like a hobby with the benefit of staying technologically fit, but at the end of the day more like LARPing 'prepping'?
I am a nobody who had a mental health breakdown following an ugly divorce and even though I settled my case - 380 days in solitary, Plea Bargain for Class A Misdemeanor - last month I was cuffed and interrogated in one county simply because I visited downtown and my plates were picked up in a different county when I was trying to navigate family law related obligations.
To put it another way, I'm on a legal-to-harass-list probably for the rest of my life and likely can't do a damn thing about it...beyond the obvious, which I've chosen, which is to enjoy a low-key, crime free, introspective creative sabbatical as much as possible on the fringes of society. Last thing I'm interested in is...whatever they accused me of this time...
Even when trying to find killers, with known faces, we find out law enforcement facial recognition even in a city like NYC is actually not that effective as most cameras are not sharing data and wearing masks in public is socially acceptable now. Eyewitness reports are often the way arrests are made and that only works when a face is all over TV.
The government obviously knows when I am at airports, but that is significantly different than them knowing every detail of my day to day life.
But this is not just about me, it is about dogfooding tactics that make it much harder to usefully track everyone remotely at scale so the people that are being unfairly targeted have an easier time hiding.
(And not those stupid “Honda Civic is the most stolen car” publications that fail to control for popularity. When you do, Civics are middle of the pack).
Of course the industry only published the frequency rates for a few years because it probably didn’t instil the fear factor that journalists failed to point out in their slop.
I always comment when people say how TV shows make hacking look so easy, that I think they're not too far off when the "hackers" are state-sponsored. Part of the benefit of compartmentalizing things like tool/exploit-dev from ops is you get good tooling that you just point and shoot and it mostly works.
With enterprise/corporate red-teaming you have to work for it a lot, update your tooling, attacks, etc... do a lot of recon. But even then, even in companies that take security seriously and pay for it too, experienced pros spend a few days and get domain-admin (or equivalent) half the time. And I'm talking about in 2025 with everyone and their mom running EDR that have only gotten better over time (in my opinion).
The CIA's tools probably don't have flashy graphics, but even the ones that were leaked a while ago give a good insight into things.
I can imagine an experienced operator automating things quite a bit, and when you give them a target, they'll just run a few commands, wait a some time and get a shell with lots of powerful capabilities.
Matter of fact, I think they don't show enough "easy hacking" in the movies, where you take over hospitals, government agents, courts ,etc.. in a matter of minutes and start snooping around, or just wipe them out. That would feel unbelievable to movie/tv audiences so they lave it out.
He plead to a crime, which must’ve cut him off from most government work.
He seems to be on a PR tour now, I guess to try and get other work. Some people blast every connection on LinkedIn, he seems to take a different approach and guest on every testosterone fueled and non-fact checked podcast.
There's only one podcast that could conceivably fact-check him, and that's the official CIA podcast, and somehow I doubt very very much that they'd be interested in having him on.
Someone in a quarter zip with pants from 5.11 tactical talked to me at conference once. From then on I decided to burn all my poop, walk everywhere with a face mask, only communicate with smoke signals and only use cash.
In one interview he says that after being surveilled overseas for a while by an obvious amateur, he told the station chief who then gave him the OK to kill the guy.
Surely they would try evasion, counter-surveillance, or maybe even sending a team to grab the guy off the street to figure out who he is?
He claims the only reason he didn't kill the guy is because for some reason he randomly decided to mention it to a general in the local intelligence service, and then suddenly the tail vanished.
Some Navy SEALs infiltrating a hostile country via amphibious underwater assault, vs. an intel officer working under non-official cover out of the US embassy in Greece… not the same situation.
2. While I don't even dislike the guy, let alone hate him, Kiriakou tends to make grandiose and controversial claims that get discredited.
3. Kiriakou hasn't been privvy to CIA tech since roughly 2004. Yes, before the era of modern smartphones, all devices were pwned. He's been doing the rounds on any podcast that will take him where he elaborates on these claims further and it's pretty clear that he doesn't have decent subject matter knowledge.
Can a lot of phones and TVs and cars be exploited? Yes. Keep your devices patched. And, don't do things that attract the CIA's attention enough that they're putting in the significant effort it takes to pwn your TV or car.
tl;dr: If you're in a position where the CIA is targeting you, worry.
Yes, in fact, during my days of red teaming, if I couldn't get info on an HVT (think celebrity), I'd go after their not-famous relatives[1] and friends, who generally had very bad opsec/persec. It was extremely effective.
1. An effective tactic is to friend relatives and friends on social media. From there, you either get to the HVT's data because it's set to viewable for "friend of friend" or you be patient, friend more of their friends and family and eventually friend the HVT directly, using your "connections" as social proof.
A very famous celebrity family was very susceptible to this tactic. After this project, they... tidied up their social media permissions.
These three agencies are opposed to the public having access to appropriate cybersecurity: NSA, NIST, CIA. The goal of government should have been to boost the citizen's cybersecurity, but it is the opposite. Americans are worse off as a result.
> Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux.
> In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks, and in February 2024 sentenced to 40 years' imprisonment.
Just a reminder they can car accident anyone anywhere from anywhere and having an old car will not save anyone when a Tesla with AI enabled cloud cameras is approaching head on.
that's like the every 6 months proposed new revelation that everyone around cats is supposedly schizophrenic from toxoplasmosis gondii, which a day or two later is debunked. then "goto 10" and the cycle starts anew.
i am glad you responded, because i just went looking anew and could not find it being debunked...and don't remember what i had seen last time around.
evidently not debunked, as i just (first time in months) went re-reading CDC etc...but the punchlines i remembered from months ago include the only reservoir being cats, who clear the infections themselves, and healthy immune system humans generally have no symptoms.
"Cats can only release the infectious oocytes for between one and three weeks after they become infected, after which they can no longer spread the parasites."
what's interesting, and to your point, is the lack of insight as to why some people have side effects like bipolar and schizophrenia.
I got a used manual transmission easy to repair vehicle with no internet, no cell phone, I only use cash IRL, and the only device I travel with is a QubesOS laptop.
If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
He did not own a mobile phone or any internet connected device. Was staunchly against it. This attitude was based on what he knew were the surveillance capabilities in 2003. Ended up retiring to a mountain cabin that was off grid.
Maybe he was crazy, but he never seemed like the prepper type. Just very very sober and serious about avoiding electronic communications.
IRL I only use cash which makes my movements around the real world mostly invisible digitally speaking. What I buy at the pharmacy etc is not tracked or sold to insurance companies, etc.
Never seen contactless payment be a hard requirement. Everyone takes cash eventually if there is a human to talk to, though I do sometimes end up using a frequently rotating prepaid credit card for things like parking.
How did they discover it and what was the actual bug? Are you aware of Purism Anti-Interdiction service?
Link if anyone is curious: https://puri.sm/posts/anti-interdiction-services/
>FBI and DEA already used modified AirTags that won't notify anyone with an iPhone around to track drug dealers precisely.
Don't Airtags now notify the nearby user if they are being tracked? I have heard of airtags getting modded to remove the speaker but Apple bypassed this with software updates that alert you out of band(as far as I know). Your assertion would require government to have special Airtags that iOS ignores no?
I would not be surprised if Apple does this.
>>If the CIA wants to track me, they are going to have to work for it. I hope to waste as much of their time as possible.
> You can be tracked with flock cams, ring cams, or any other thousands of cams out there that are already recording you and logging your car and your details. That grocery store you went to yesterday? Yep, you are logged from the moment you are in the parking lot till you leave. Oh, you used paid parking a day later? Your car is logged too, same goes with bus/trains tickets. Neighbors cams or building CCTV? That too.
E-Bikes do not require license plates and allow most of this to be mitigated when I use one of those and are what I would recommend for targeted individuals and demographics, but at some level the movements of my vehicle are tracked unavoidably but they certainly cannot remotely control the car or access microphones when they do not exist so these tactics still have value.
> same goes with bus/trains tickets
I pay cash for these and use them short term so little tracking value here.
> our home internet can be logged one way or another too, at router level (think of the many exploits against that).
I significantly reduce the chance of this by using VPNs and Tor for most personal traffic depending on use case, and layers of simple open source linux/freebsd etworking hardware I setup myself.
> What about your laptop hardware? Definitely it isn't open source. Plus, have you checked your hardware if it's bugged? I personally know someone who ordered a laptop and an XYZ agency bugged his laptop (man in the middle) before it was delivered. A new laptop you order online and your bank info will trigger someone to intercept it and alter it in the middle.
I full source bootstrapped my own operating systems and compilers and very often firmware (https://stagex.tools). I mostly use desktops, among them a Talos II which is open hardware/ firmware.
As the lead author of AirgapOS I recommend sensitive use case laptops be purchased randomly from retail locations with cash and document tamper evidence tactics in detail. These tactics are regularly used to move billions of dollars of value around by large financial institutions we advise, but I also recommend these tactics for targeted individuals like journalists as well, along with QubesOS depending on use case.
https://trove.distrust.co
> And many more details, like, are you sure someone won't stick an AirTag somewhere in/beneath your car to track you?
If I force them to target me in person where I am much more likely to notice, my tactics have done their job and are good to recommend to the general public since they cannot do this type of targeting at scale and thus the tactics can protect most people. I really hope they try something this, because if they do, I am going to waste a lot of their time and have a lot of fun at their expense. I have quite an arsenal of radio forensics hardware and if my vehicle if ever transmitting anything, it is for sure something I did not put there.
> What about personal connections like friends and family or work that could be a weak link?
I do not share sensitive information with people with opsec significantly worse than my own. Everyone at my job uses the same opsec tactics I do for anything work related. We self host everything including E2EE encrypted chat, everyone uses qubesos, etc etc.
> So while your measures might work against some random internet attack or random stalker, against a surveillance state it won't.
My tactics create massive holes in surveillance capitalism and government tracking databases they would need to deploy agents in person to fill. If thousands of people use my tactics, suddenly they run out of agents to stalk people.
My goal is not to make tracking impossible, it is to make myself mostly invisible to surveillance capitalism and blackhats who are my most likely threats, and as a nice bonus require a government to get a warrant and spend a lot of money to track me or anyone using my tactics.
Maybe in US but in various parts of Europe this ain't true, you cross certain threshold for power or speed and license plate is required, with corresponding insurance - same for e-scooters.
Ie in Switzerland thats 20kmh so basically all of them since they often cut off at 25kmh. Almost nobody does that for weaker ones and thus police keeps taking them and then you see police guys riding around say Geneva on various e-scooters.
https://en.wikipedia.org/wiki/HarmonyOS / https://en.wikipedia.org/wiki/HarmonyOS_NEXT /https://en.wikipedia.org/wiki/OpenHarmony / https://en.wikipedia.org/wiki/EulerOS / https://en.wikipedia.org/wiki/HongMeng_Kernel
At least by reading all of the above, it seems they have something like Genode (running on https://sel4.systems/ , amongst others ), but instead of some academic research thing, widely deployed commercially, running on consumer ready devices of all sorts.
Lately all based on that HongMeng kernel thing, comparable in performance to SEL4, utilizing containerized Linux-drivers by way of compatibility-shim, still fast.
Reads all very impressive and sexy, TBH.
QubesOS falls really short in supply chain integrity, and server solutions, but IMO the overall hypervisor/IOMMU isolation architecture is the most practical and compatible way forward though nowhere near as elegant as some of the ideas in Genode.
In EnclaveOS my team and I chose to focus on remote attestation and best available security isolation technologies available to most server CPUs while still using (hardened) linux kernels. We talk about this here: https://distrust.co/blog/enclaveos.html
On some older Thinkpads you can install Coreboot/Libreboot. Or even buy them with that, if flashing the firmware seems to complicated/risky, or necessitating buying equipment one does not have at the ready. Same goes at least for some routers, with OpenWRT, or the likes, or depending on the used connection technology going 'full personal computer' with some Linux/BSD again, with even more options regarding Core-/Librebroot/Dasharo underneath. There are always some paths for at least some aspects of that stuff. Most funny thing, if you don't trust your switches is something like https://www.apalrd.net/posts/2025/network_smartsfp/ <-that's not the only one. Imagine a cluster of firewalls in your ports!1!!
The question is if it's worth it? Or maybe more like a hobby with the benefit of staying technologically fit, but at the end of the day more like LARPing 'prepping'?
To put it another way, I'm on a legal-to-harass-list probably for the rest of my life and likely can't do a damn thing about it...beyond the obvious, which I've chosen, which is to enjoy a low-key, crime free, introspective creative sabbatical as much as possible on the fringes of society. Last thing I'm interested in is...whatever they accused me of this time...
You are concerned about nation state level threats from 3 letter agencies, if they cared enough to track you they would.
But this is not just about me, it is about dogfooding tactics that make it much harder to usefully track everyone remotely at scale so the people that are being unfairly targeted have an easier time hiding.
Like, 4% theft rate per year nationwide. 1 in every 25 jacked in a year: https://www.equiteassociation.com/top-10-archives/top-10-mos...
And pushed 7% in Ontario: https://www.equiteassociation.com/top-10-archives/top-10-mos...
(And not those stupid “Honda Civic is the most stolen car” publications that fail to control for popularity. When you do, Civics are middle of the pack).
Of course the industry only published the frequency rates for a few years because it probably didn’t instil the fear factor that journalists failed to point out in their slop.
https://www.equiteassociation.com/top-10-most-stolen-vehicle...
With enterprise/corporate red-teaming you have to work for it a lot, update your tooling, attacks, etc... do a lot of recon. But even then, even in companies that take security seriously and pay for it too, experienced pros spend a few days and get domain-admin (or equivalent) half the time. And I'm talking about in 2025 with everyone and their mom running EDR that have only gotten better over time (in my opinion).
The CIA's tools probably don't have flashy graphics, but even the ones that were leaked a while ago give a good insight into things.
https://github.com/secoba/CIA-Hacking-Tools
I can imagine an experienced operator automating things quite a bit, and when you give them a target, they'll just run a few commands, wait a some time and get a shell with lots of powerful capabilities.
Matter of fact, I think they don't show enough "easy hacking" in the movies, where you take over hospitals, government agents, courts ,etc.. in a matter of minutes and start snooping around, or just wipe them out. That would feel unbelievable to movie/tv audiences so they lave it out.
He shows up on Youtube a lot, and is always a great watch, but is he full of shit or what?
He seems to be on a PR tour now, I guess to try and get other work. Some people blast every connection on LinkedIn, he seems to take a different approach and guest on every testosterone fueled and non-fact checked podcast.
He does repeat the same saga of his time in Pakistan a lot (or maybe im watching too many of his talks expecting something new).
In one interview he says that after being surveilled overseas for a while by an obvious amateur, he told the station chief who then gave him the OK to kill the guy.
Surely they would try evasion, counter-surveillance, or maybe even sending a team to grab the guy off the street to figure out who he is?
He claims the only reason he didn't kill the guy is because for some reason he randomly decided to mention it to a general in the local intelligence service, and then suddenly the tail vanished.
https://youtu.be/BXtDH2IXKY8?t=650
https://www.aljazeera.com/news/2025/9/6/us-navy-seals-killed...
2. While I don't even dislike the guy, let alone hate him, Kiriakou tends to make grandiose and controversial claims that get discredited.
3. Kiriakou hasn't been privvy to CIA tech since roughly 2004. Yes, before the era of modern smartphones, all devices were pwned. He's been doing the rounds on any podcast that will take him where he elaborates on these claims further and it's pretty clear that he doesn't have decent subject matter knowledge.
Can a lot of phones and TVs and cars be exploited? Yes. Keep your devices patched. And, don't do things that attract the CIA's attention enough that they're putting in the significant effort it takes to pwn your TV or car.
tl;dr: If you're in a position where the CIA is targeting you, worry.
1. An effective tactic is to friend relatives and friends on social media. From there, you either get to the HVT's data because it's set to viewable for "friend of friend" or you be patient, friend more of their friends and family and eventually friend the HVT directly, using your "connections" as social proof.
A very famous celebrity family was very susceptible to this tactic. After this project, they... tidied up their social media permissions.
Trial for leaker https://news.ycombinator.com/item?id=22226066
> In July 2022, former CIA software engineer Joshua Schulte was convicted of leaking the documents to WikiLeaks, and in February 2024 sentenced to 40 years' imprisonment.
https://en.wikipedia.org/wiki/Vault_7
evidently not debunked, as i just (first time in months) went re-reading CDC etc...but the punchlines i remembered from months ago include the only reservoir being cats, who clear the infections themselves, and healthy immune system humans generally have no symptoms.
"Cats can only release the infectious oocytes for between one and three weeks after they become infected, after which they can no longer spread the parasites."
what's interesting, and to your point, is the lack of insight as to why some people have side effects like bipolar and schizophrenia.