Unless you bought a pixel, graphene’d it and then paid a homeless person to activate a pre-paid data only sim which you would top up with vouchers paid in cash and used a von and international voip service…
A lot of effort though
And this is while you're flagging yourself heavily by (1) using a phone which is easily identified as a burner and (2) using it intermittently which means you're trying not to be tracked.
So you've already substantially identified yourself in any dataset.
One of my hobbies is Recreational Paranoia. I used to have (probably still do in a drawer here somewhere) a 3G WiFi hotspot, with an Arduino and GPS module that powered down the battery within a few km of home (actually, within a few km of a public library that's a few km from home, so plotting all the power up & down locations would centre on the library not my house). I could then leave home with that in my backpack and instead of my phone take a wifi only device - I mostly used an iPod Touch but also sometimes Android tablets. I wouldn't get actual phone calls sir SMS that way, but those are both rare for me, most of my social comms are via Signal which worked just fine.
I figure wifi cellular hotspots are "not easily identified as a burner phone" and that intermittent use of them is the most common case. It would still have been able to be tracked as being a thing that turned on and off in my surrounding suburbs, and I'm sure I slipped up last least a few times and had it with me while I also had my phone with me - but like I said this was for my hobby, not running an international drug cartel or doing journalism critical of Saudi Royal houses...
This is very wrong. In Germany you can go to any shady kiosk in a big city and buy a pre activated SIM card invariably registered to some Arabic or Pakistani name.
You can buy it in cash. Completely untraceable if you take care of CCTV.
They might go an ask Achmed some hard questions later, but he’s long since left the country and never met you anyway.
For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
Why not just get an EE SIM if that's your main use?
And the easy answer is that T-Mobile, or rather the parent Telekom, is a terrible company best known for right now for getting the government to agree that they can cancel your existing internet contract to make switching easier when they want to catch you as a fiber customer but actually all they’re doing is sending a marketing company around Germany (Raider Marketing) to lie to your grandma to sign contracts for the Telekom or just cancel your existing internet contract because they think with a bit of pressure they can get you to sign up with them.
Alternatively, they are also known for the worst peering on existence because they have the crazy idea that they can charge tenfold what other ISPs take for peering because they are the Telekom…
In summary, the Telekom is such a terrible company that I’d rather not give them any money and if I needed T-Mobile coverage I’d rather get a foreign eSIM and rely on roaming than giving them a single cent.
These allow for self activation, have a lockout of 5 failed attempts or so and can be done via sim card codes (not SMS, but you interact with a program on the simcard and low level carrier services.)
You are not bypassing any firewall as your traffic is actually happening at home. If you access local sites, traffic is coming from home.
Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!
So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.
I imagine they simply don't allow selling such SIMs in China. It would be extremely easy to track and flag any that were e.g. used for longer than a few weeks.
Buying prepaid SIMs from tourists or foreign students returning home is a reasonable easy workaround for that - at least if you're the sort of person who meets and befriends those sort of people.
And anyone leaving would have their immigration status expire and the SIM is turned off then unless you provide some other proof of residence.
GPS is a passive technology, no?
Downloading GPS assist data obviously isn't, and plenty of phones use wifi scanning as a way to augment GPS position fixes, but this seemed a strange callout. Am I missing something?
I could easily see a phone with some sort of location tracking saving GPS data points internally until it can reach a network again to send them out.
> Unfortunately, due to technical issues outside of our control, we have to shut down our subscription services.
Easy enough to say "Gee...these 2 phones are always together or nearby when activated" or "this phone shuts off right before this one powers up".
Although, I suspect there are a few other ways to determine identity easier. Such as tracking the device identifier and then looking up nearby public facing cameras.
Airbnb Is Banning People Who Are ‘Closely Associated’ with Already-Banned Users - https://news.ycombinator.com/item?id=34983871 March 2023 (119 comments)
h/t HN user dmitrygr
Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.
Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.
Turning on any sort of radio transmitter is just turning on a big flash light into the sky.
Turning on anything relatively uncommon is even worse: normal people have cellphones and use them. They don't use LoRa devices, there aren't a lot of LoRa devices and someone who only uses LoRa devices will stand out in any dataset.
How many cameras did you just go by? did you have your cell phone on you? how many networks did it connect too? how many bluetooth broadcasts did it passively send out? Not being tracked and being in public are slowly becoming an untenable duo.
It basically comes from routing requirements (especially to receive incoming phone calls) combined with billing requirements (to make people pay for their connectivity) combined with the empirical requirement to see which base station a device is connected to, and which other base stations can see it at a given moment.
If you aggregate all of that data, then you know a (geographically moderate-resolution) complete history of where almost all people have been at almost all times, and patterns of their habits and whom they probably recurrently spent time with.
Not all of this data has to be collectable, because these things could be disaggregated by introducing different protocol layers. For example, you could pay the mobile company for data connectivity, but use cryptographic blinding mechanisms so that it doesn't know which specific subscriber obtained connectivity at a particular place and time. (Those blinding mechanisms could be implemented inside of SIM cards, so the SIM card's task is to cryptographically prove "I am a SIM card of a current paying subscriber of carrier X" rather than "I am SIM card number 42d1b5c0".) You could have device hardware IDs be ephemeral rather than permanent. Actual messaging and call services could all be "over the top" (as phone industry jargon puts it), provided by people who are not the phone company itself.
This disaggregation is a straightforward improvement from a privacy point of view because it prevents companies from knowing things about you that they didn't need to know in order to provide services.
Meanwhile, in the world we live in, we see governments trying to make it harder to make phones less trackable, by putting legal restrictions on changing hardware addresses, or requiring legal ID in order to establish service. I imagine that an additional cryptographic indirection layer in SIMs to prevent carriers from linking a permanent identifier to a network registration (or specific data use) would also be banned in some places if it were invented.
This shouldn't be inevitable. One thing that made me think about this was when there was a little scandal (which I was a small part of) about companies tracking device wifi MAC addresses for commercial purposes. There was a little industry that would try to recognize people and build commercial profiles based on recognizing that the same device was present (in fact, at the time, even if it didn't actually connect to the wifi -- because a typical wifi-enabled mobile device was sending broadcast wifi probe packets that included its MAC address). So Apple was like "this is a bad use of MAC addresses, which only exist to distinguish devices that happen to be on the LAN at the same time, and perhaps to allow network administrators to assign permanent IP addresses to specific devices", and they made iPhones randomize wifi MAC addresses for some purposes, mostly fixing that particular issue.
We could think just the same way about GSM networks: "these identifiers exist for specific protocol reasons; using them for device or user tracking is an abuse that should be mitigated technically".
Did you ever get to the point of hypothesizing good ways to align incentives to make this happen? It is hard to tell (having not thought much about it) whether this is a “smart well meaning engineers need to make new standards” problem, a “we need to harness the power of corporate greed problem,” or something else.
My memory is a bit hazy but maybe it was the whitepaper for PGPP[0] that OP mentioned?
World Mobile claims 99% coverage of the US, although I think it uses existing networks where there's no native coverage.
They're "interesting", but only early days, and I don't know how close they come to what you describe for privacy and opposition to data aggregation. Large-geographic-area comms coverage isn't something that there's ever going to be a lot of options for.
There's also the "netheads and Bellheads" theory from the 1990s which can be taken to say that phone companies would never make technical changes to make themselves collect less data, or to be less helpful to government surveillance. Sometimes I think this is right. I still remember how I took part in a meeting with a mobile phone industry association or industry consortium of some sort about a year before the Snowden stuff. Someone on my side said "so, let's talk a bit about surveillance issues", and someone on the other side replied "sorry, that's something we don't talk about". Imagine an industry meeting with privacy advocates where the industry people are completely precommitted to not talking about surveillance!
And also be aware of "shoulder surfing", which is different today in 2 ways it wasn't in the past.
In the past, the risk was something like someone looking at you type in your PIN on a bank ATM, or maybe your password on an computer keyboard.
Today, shoulder surfing is mainly different in 2 ways: (1) near-ubiquitous high-resolution surveillance camera networks, which can be places/scale and capture images that humans practically didn't; and (2) with machine learning, they don't even need to see what buttons you press, only see movements of your arm.
(Randomizing button positions on a touchscreen can help, and also help fight forensics like traces your fingers leave for where they touch. But randomization means you need to be able to see your screen, which reduces the ways you have to hide your screen from the view of others.)
1. starting with threat modeling (though they don't call it that);
2. mentioning that your OPSEC affects not only you but also people connected to you; and
3. mentioning that maybe you should just leave the device at home (because it's basically a surveillance machine that you pay for).
(A more common article format would be to unload a pile of supposed security&privacy measures without putting them into context, and wouldn't properly set expectations for what that gives you. Neither of which is very helpful, and can be very counterproductive.)
Step one is already difficult here in Australia: to do so you must hand over your personal details and ID. At least that was true for anything with a SIM card for sale back in the 2010s
So the “step 0” was “find a retailer who didn’t follow the rules”, and they’d usually be a corner store selling handsets or SIM cards by the bucket load to all sorts of interesting characters
Movies make it seem anyone can walk into any store in a trenchcoat and walk out with a burner phone ready to go. I get the service part (you can buy prepaid SIMs in cash). What about the phone?
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...
Buying a phone anonymously is much harder than "just cash". Most places demand name & address for sign-up, and if you're unlucky want to see an ID.
You really should think through where and how you buy, how to find the "off the back of a truck" places, where to get SIMs, how to pay for renewal in untraceable money and without a CC, etc.
For example, can you just walk into Best Buy with cash?
> Best Buy
Cameras are everywhere in big box stores. Anonymity is not sold in stores.
Also if you want one-way “location less” communication, the old alphanumeric pager network is still available.
I think those messages are simply broadcast across the network (which at least in the US is national). There’s evidence of a message being sent, none about whether it was received or where it was received.
There were simply too many possibly related videos on the Rob Braxman Tech channel to determine which one you might mean. Do you have a recommendation?
Here's his channel for folks who are new to his content:
Most OPSEC failures are due to leakages which is a failure of compartmentalisation.
It’s either got too much stuff on it or not enough stuff on it.
h4ck_th3_pl4n3t•3d ago
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
KeybInterrupt•3d ago
But they are likely not ideal for the use case...
goopypoop•25m ago
madethemcry•3d ago
aja12•3d ago
pdesi•3d ago
h4ck_th3_pl4n3t•3d ago
Charge phone to full 100%. Turn it off.
Put it into a faraday cage, e.g. a steel box, for 7 days.
Take it out again and wonder why the battery is empty.
(The faraday cage has the effect of making the modem have to switch bands constantly, which costs more electricity than sleep mode in LTE)
kelnos•6h ago
dahart•6h ago
inportb•4h ago
Repeat the experiment a few times. Then cross over: liberate the caged phone, cage the free phone, and repeat the experiment a few more times. Or alternate the phones' positions between experiments. This mitigates hardware and software differences that might've been overlooked (such as a faulty battery, etc).
Analyze the results, draw your conclusions, publish, and encourage others to reproduce.
escaine•8h ago
joha4270•7h ago
It can't just scream out into the void and hope a tower picks it up, it needs a few pieces of timing information & cell configuration beforehand.
dahart•6h ago
h4ck_th3_pl4n3t•3d ago
Funny how airplane mode didn't work.
That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.
I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.
This wiki article is a nice overview: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Dete...
kelnos•6h ago
mjg59•6h ago
gruez•1h ago
???
arendtio•7h ago
The risk was that mobile networks could not handle moving many devices from one cell to another at high speeds (during takeoff and landing).
SahAssar•7h ago
kelnos•6h ago
reaperducer•6h ago
My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.
Since then, plane electronics are better insulated making it less of a problem.
tonyarkles•6h ago
- People not paying attention to/ignoring the instructions of the FAs during safety briefings and emergencies due to being engaged in a phone call.
- People being assholes and talking on the phone, bothering the person stuck in the seat next to them.
On all of the flights I’ve been on recently the preflight brief has been crystal clear that you can do whatever you want on the internet connection except have voice calls.
userbinator•6h ago
AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.
I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.
Are there actually smartphones without an IMEI
Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.
reaperducer•6h ago
Maybe an old iPod Touch that can still run a VOIP program?