Signal protects what you say. Tor protects where you are. Number stations protect whether you exist.
On 7910 kilohertz upper sideband, at exactly 0200 UTC on February 28, 2026, a male voice began reading numbers in Persian. The voice paused every few seconds to repeat the word tavajjoh — Farsi for attention. The broadcast lasted two hours. Twelve hours later, at 1800 UTC, the voice returned and read different numbers. This has happened every day since.
On March 3, the ENIGMA 2000 monitoring group — a loose, volunteer-run, decades-old network of shortwave listeners who catalogue clandestine broadcasts — formally designated the station V32. Hackaday reported it. The Irish public broadcaster's Brainstorm outlet covered it in March under the headline “How the Iran war has seen the return of Cold War spycraft.” The monitoring community's assessment, not confirmed by any government, is that the station is operated by the United States and that its intended audience is somewhere inside Iran. The activation coincided with widespread Iranian internet shutdowns that began the week before. When the internet went down, V32 went up.
This essay is about why a 100-year-old broadcast technology is, in 2026, expanding rather than dying. It is also about a specific mathematical fact that almost nobody outside the cryptography literature explains in plain language: the messages V32 transmits are not hard to decrypt. They are impossible to decrypt. Not “given quantum computers, maybe in fifty years.” Impossible in the sense Shannon proved in 1949 — a sense that does not depend on computing power, future cleverness, or how much electricity humanity is willing to burn looking for the key. The number groups on 7910 kHz at 0200 UTC on February 28, 2026 will never be read by anyone except whoever in Iran was meant to read them. The mathematics is absolute.
This combination — current operational use, mathematical unbreakability, near-zero hardware cost, a hundred-year track record of working — is unique among broadcast technologies. The essay's claim is that number stations are, in a strict sense, the last unsolved broadcast on the air. And that the reason they remain unsolved tells you something useful about the security limits of every digital communication channel you currently rely on.
A receiver tuned to 7910 kHz USB at 0200 UTC creates no record of its tuning. There is no handshake with the transmitter. There is no session log. The radio absorbs whatever electromagnetic energy is in the air and demodulates it; the act of receiving is electrically indistinguishable from the act of not receiving. An adversary observing all the electromagnetic activity in a city cannot tell which radios in that city are listening to which frequencies, because shortwave receivers are passive. They take. They do not give.
This is not a clever engineering decision. It is a property of physics. Electromagnetic waves propagate spherically from the transmitter and arrive at every receiver in the wavefront. There is no addressing, no routing, no acknowledgment. The same broadcast goes to every radio capable of tuning to that frequency, and no observable signal distinguishes one receiver from another.
Now compare this to every digital communication channel in use.
| Channel | Content protected | Metadata protected |
|---|---|---|
| Unencrypted email | No | No |
| PGP-encrypted email | Yes | No (sender, recipient, timestamp, IP all visible) |
| Signal | Yes | Partially (contact list and message timing visible to the operator) |
| Tor + encrypted chat | Yes | Mostly (but timing correlation and exit-node observation possible) |
| VPN + encrypted everything | Yes | Mostly (but the VPN operator sees connection metadata) |
| Number station broadcast | Yes (OTP) | Yes (the receiver creates no metadata at all) |
The pattern is structural. The internet is a point-to-point medium. Every connection establishes a session at both endpoints and at every relay between them. Sessions create logs. Logs are metadata. Even Tor, designed specifically to anonymize internet traffic, cannot fully escape this — because Tor is still routing packets through a network, and networks require connection-establishment, and connection-establishment leaves traces sophisticated adversaries can exploit through timing analysis.
Shortwave radio is a broadcast medium. It is not addressed to a receiver; it is broadcast to a wavefront. The receiver does nothing. There is nothing for an observer to log.
This decomposes the usual notion of “communication security” into three layers, each strictly harder than the last:
The slogan version: Signal protects what you say. Tor protects where you are. Number stations protect whether you exist.
Here is the part that most coverage of this topic gets wrong, or hedges, or doesn't bother to state cleanly.
Number station broadcasts use one-time pad encryption. The agent receiving the broadcast has, in physical possession, a printed pad of truly random numbers, generated once, distributed once, and used exactly once. To decrypt the broadcast, the agent subtracts the pad numbers from the broadcast numbers, modulo ten. The pad page is destroyed after a single use.
Claude Shannon proved in 1949, in a paper in the Bell System Technical Journal, that this scheme has a property he called perfect secrecy: the ciphertext contains zero information about the plaintext. This is not the usual cryptographic claim that breaking the cipher would take more compute than the universe contains; that claim is true of AES and RSA and is contingent on computational assumptions that future advances might invalidate. Shannon's claim about one-time pads is unconditional. There is no key smaller than the message to be found. There is no pattern in the ciphertext that distinguishes it from random noise. There is no quantum computer, no AI breakthrough, no algorithmic insight that can change this, because the impossibility is information-theoretic rather than computational. The plaintext is not encoded into the ciphertext under a key the way it is in modern encryption; the plaintext is combined with the key in a way that loses all information about the plaintext if the key is unknown.
The operational consequence is sharp. Every other encrypted message broadcast in human history will eventually be readable. AES messages will yield to a quantum machine large enough to run Grover's algorithm at scale. RSA messages will yield to Shor's algorithm on a sufficient quantum substrate. Side-channel attacks will recover keys from implementations that were thought to be safe. Patient adversaries with patient computers will get there.
The number groups V32 broadcast on March 1, 2026, will not. Not “probably not.” Not “not in our lifetimes.” Not ever. The mathematics is closed. The proof is seventy-seven years old. There is nothing left to discover that would change it.
The operational weakness of one-time pads is the key-distribution problem — the pad has to be physically delivered to the recipient in advance, and any compromise of that delivery compromises everything downstream. This is a real limitation and it is the reason OTPs are not used for general internet traffic. But intelligence agencies are very good at physical logistics — dead drops, diplomatic pouches, in-person handovers — and the key-distribution problem, however hard, is a different category of problem from breaking the cipher. The cipher is closed. The distribution is open. A patient adversary can attack the distribution. They cannot attack the math.
The reflexive read of this story is that number stations are an intelligence-agency curiosity. The structural finding is broader.
A journalist in an authoritarian country needs to receive information without the government knowing she is receiving it. Encryption protects the content of her conversations, but the metadata — the fact that her phone is exchanging Signal messages with a known dissident — already compromises her, content unread. A dissident reaching out to a foreign news organization has the same problem; the relationship is the surveillance target, not the message. Snowden's central NSA disclosure was about metadata collection at scale, because who talked to whom turned out to be more strategically valuable than what they said.
The existence-security problem is therefore not a spy problem. It is a structural feature of point-to-point networks that disadvantages anyone whose vulnerability is the fact of communication rather than the content of it. The number-station insight is that the problem was solved in the 1930s by switching media. The digital-native generation forgets that switching media is on the menu — for them, “switching media” means switching apps, which is moving from one point-to-point network to another. The genuine alternative is broadcast, and broadcast is a different category of physics.
This is why the rebuttal “satellite communications have replaced shortwave” misses the structure. The receiving terminal must be aimed at the satellite, which creates an electromagnetic signature direction-finding equipment can localize. Burst transmissions, which compress a message into a sub-second pulse, are a mitigation rather than a solution. Shortwave reception is genuinely passive. The receiver does not emit.
In October 2022, the Proceedings of the U.S. Naval Institute — a serious military journal, not a hobbyist outlet — published a piece titled “Use Numbers Stations to Communicate in Future High-Intensity Conflict.” The argument is operational, not nostalgic: in a peer-conflict scenario against a capable state adversary, satellite communications will be degraded or denied, internet infrastructure will be a primary target, and encrypted digital messaging will be vulnerable to the metadata analysis that any sophisticated military intelligence service runs as a matter of course. Number stations — broadcast from safe territory, propagating via ionospheric skip to wherever the agent happens to be, requiring no infrastructure on the receiving end beyond a battery-powered radio — survive all of these denial scenarios.
When a service journal advocates for a 1920s technology as appropriate doctrine for 2030s warfare, the word “obsolete” is doing work it cannot support. The technology is not being preserved. It is being recommended forward.
V32 is the most recent operational instance of that recommendation playing out in real time. The next one will not be announced.
In 1997 the small London label Irdial-Discs released The Conet Project, a four-CD collection of number station recordings made by hobbyist listeners over decades, packaged with an essay arguing that these broadcasts deserved to be heard as found art. The label released the recordings into the creative commons, inviting reuse.
The most-cited reuse came in 2001, when the band Wilco sampled the Conet Project on their album Yankee Hotel Foxtrot — taking the album title from the NATO phonetic alphabet letters Y-H-F as broadcast by a station the Conet recordings captured. The album was named the decade's best record by multiple publications and introduced number-station aesthetics to listeners who had never owned a shortwave radio. Signalis (a 2022 survival-horror video game) and Call of Duty: Black Ops (2010) followed in different registers. Ambient musicians from Boards of Canada onward have woven number-station fragments into work that has nothing to do with espionage.
The aesthetic question is why these broadcasts fascinate people who have no operational stake in them. The answer is that number stations sit in an uncanny valley of communication: the broadcasts have the cadence and rigor of a message, but the content is inaccessible. You can hear that it means something. You cannot know what. The musical interval signals that introduce many stations (the Lincolnshire Poacher played the first two bars of the English folk song; the Swedish Rhapsody played a music-box rendition of Hugo Alfvén) are beautiful precisely because of what follows them. The flat, affectless synthetic voices reading the digit groups — many produced by the East German Stasi's Sprach-Morse Generator to eliminate voice identification — became the archetypal “creepy broadcast” that ambient music and horror fiction have been borrowing from ever since.
What the art was discovering is that deliberate, structured, sustained unsolvability is itself a kind of object. Most things that look unsolved are waiting to be solved. The Voynich manuscript will plausibly yield to future analysis. The Zodiac ciphers might. RSA messages from 1995 will. Number station broadcasts will not, because they were designed not to. The unsolvability is the product.
Three practical takeaways.
The first is to separate the layers of communication security in your own threat model. Content security, modern encrypted messaging is good. Identity security, you are in harder terrain, and Tor and mixnets are the partial answers. Existence security — whether an adversary can prove that you are communicating at all — no point-to-point network will give you what you need, and you should stop pretending it will. Almost everyone confuses the three layers. The collapse is comfortable; it is also wrong, and the structural reason is the physics of point-to-point versus broadcast media.
The second is that the most secure communication technology you can deploy today is a 100-year-old broadcast medium plus a printed pad. Not a recommendation for daily use. A reminder that the cryptographic frontier and the operational frontier are not the same place. The frontier of cryptography is post-quantum lattices and zero-knowledge proofs. The frontier of operational secrecy is the medium that creates no receiver records, which has been solved since the 1930s and is unlikely to be improved upon for as long as broadcast remains a thing physics permits.
The third — the part most worth sitting with — is what V32 tells you about which technologies survive the next decade. The reflexive prediction in technology discourse is that the digital eats everything. Sometimes it does. Sometimes it does not, and the surviving analog is the one that solves a problem the digital cannot. Number stations solve existence security; that is why a new station appeared this year when Iranian internet went down. The next class of technologies likely to follow this pattern are the ones that survive a denial event because they do not depend on the infrastructure being denied. Most of them are out of fashion. Most of them will be back.
A man's voice will read numbers on 7910 kHz at 0200 UTC tonight, in Farsi, with the word tavajjoh every few seconds. It will say something specific to one person in Iran. That person, alone in the wavefront, will write the numbers down. The numbers will be unreadable to anyone else now and unreadable to anyone else ever. The radio cost less than fifty dollars. The math is seventy-seven years old. The transmission is going out right now.
A century in, this is what the last unsolved broadcast looks like. It looks ordinary.
The opposite product for the opposite use case.
Number stations are for the case where you want the chain of communication to *not exist*. The opposite case — where you want the chain of an agent's actions to be provably verifiable in the open — is the one Chain of Consciousness is for. Both are unusual problems. Most digital communication tries to land in the middle: confidential enough to feel private, traceable enough to be auditable, and ends up bad at both. The honest move is to pick which side you need and use the technology built for it. CoC is the audit-trail tool for agent execution. The pad and the receiver are the existence-security tools for human communication. The point of the essay is that you should not confuse them.
pip install chain-of-consciousness · npm install chain-of-consciousness
Hosted Chain of Consciousness → · See a verified provenance chain