patrick.net

https://seaglass.cs.washington.edu/

Modern cellphones are vulnerable to attacks by governments and hackers using rogue cellular transmitters called IMSI-catchers. These surveillance devices can precisely locate phones, and sometimes eavesdrop on communications, send spam, or inject malware into phones.

Recent leaks and public records requests have revealed that U.S. law enforcement in Baltimore, Milwaukee, New York, Tacoma, Anaheim, Tucson, and others have used IMSI-catchers extensively in vehicles or aircraft to identify and locate suspects.

These powerful surveillance devices have often been used with little to no judicial oversight. To provide transparency and accountability, we need independent information on who uses them, how often, and when.

SeaGlass sensors collect and upload cell tower signal data to our server where algorithms look for IMSI-catcher signatures.

Main Sensor Parts
Raspberry Pi computer
Cellular modem to scan the cell spectrum
GPS
Bait cellphone
Mobile hotspot to upload data...

To covertly transmit on the same frequencies as the normal cellular network, IMSI-catchers may mimic the identifying properties (mcc, mnc, cell id, etc.) of legitimate cell towers. We expect IMSI-catchers to prefer transmitting strong signals to capture phones and to be some distance away from the towers they may mimic to avoid interference with the real cell tower.

By building a model for each cell tower of how its signals should appear from different positions, we can flag cell tower transmissions that do not match those expected from a legitimate cell tower. This image shows all the measurements of cell ID 7843, where darker colors are stronger signal strengths and larger sizes represent how statistically unlikely the measurement is.

Lol, spying on the people who are spying on us.

Cool, someone else plotted which cell towers he was using on a drive:



I guess it's not that hard because there are databases of cell tower locations and your phone knows your current cell tower ID.

https://fabiensanglard.net/lte/index.html

https://www.businessinsider.com/unredacted-google-lawsuit-docs-detail-efforts-to-collect-user-location-2021-5

Google employees admit in lawsuit that the company made it nearly impossible for users to keep their location private

Google made it nearly impossible for users to keep their location private, according to newly unredacted court documents.
Even Google execs and employees in charge of location data were confused about how privacy settings worked.
Google was sued by Arizona's attorney general over its data collection practices last year.

So what is the best phone for privacy you can get now? I'm surprised there isn't a company stepping in to fill this void.

Patrick says

Modern cellphones are vulnerable to attacks by governments and hackers using rogue cellular transmitters called IMSI-catchers. These surveillance devices can precisely locate phones, and sometimes eavesdrop on communications, send spam, or inject malware into phones.

I was thinking it might not be too difficult to defend against this, if you can modify the modem to limit which "towers" it will connect to. Mainstream android / ios users would clearly be out of luck here, but maybe an OS phone could be modified this way, and so benefit from this.

Sites like cellmapper.net and others have large crowd sourced databases of towers, with ids for each sector / band on the tower, and such a database could maybe be used to create a whitelist of towers. Maybe only connect to towers that have been there for years or something like that.

Of course, having your name on a software project like this would probably get fbi on you.

RC2006 says

So what is the best phone for privacy you can get now? I'm surprised there isn't a company stepping in to fill this void.

There are two at least:

1. https://www.pine64.org/pinephone/ (cheap, but some people kinda clunky and slow)
2. https://shop.puri.sm/shop/librem-5/ (not cheap, and also not available for at least 6 months)

https://thatgeoguy.ca/blog/2021/06/22/Librem-5-Evergreen-vs-Pinephone/

Ok, just came across this today

https://freedomphone.com/

Will Verizon, et al, give you a SIM card for that Freedom phone?

HeadSet says

Will Verizon, et al, give you a SIM card for that Freedom phone?

Yeah, no. Even if some off brand provider does, your data is all pinging a cell tower anyway controlled by one of the major providers. If you connect to the internet or cell signal assume nothing is safe. There's exactly zero providers that can secure your cell signal data.

Not sure why this continues to be a topic. There are so many avenues that you gave up all your data before you even had known about it. Registering for Kindergarten. The list is endless. No one is anonymous.

HeadSet says

Will Verizon, et al, give you a SIM card for that Freedom phone?

No it only runs on Honey Pot Wireless.

Why am I always that guy that saw too much when so little information is provided?

What strikes me curios about this offering is many things.

1) They have been trying to create and release a Google Free phone for well over 10 years now. The powers that be, have hamstrung and prevented it at every turn. Even after years and years in development.

2) Chris Wray announces they are going after Trump supporters and has vowed to chase us down to the ends of the Earth.

3) A few weeks later this phone just magically pops up and appears out of nowhere. Not even a hint that anything like this was ever even in development. Because it wasn't, it's something the CIA just threw together, with a Google debranded OS to make us feel warm, safe and cozy.

4)The preinstalled apps, aren't apps at all, they are according to the Stasi Media, "Fake News" for White Supremacists. From what I can tell, the spalsh page didn't list one single app that we don't get from a regular old computer browser.

5) Parler is featured, but Gab is not. Parler was exposed as a CIA operation to takedown the Proudboys, and the Oath Keepers and help subdue the Right, while the Left stole the election. After the mission was accomplished, Parler quietly was taken down.

6) The biggest thing that gets my Red Flag flying high and waving. Is the intentional lack of any information on the Freedom OS, on the splash page. If this were an honest legit operation, then they would have several pages dedicated on the OS, how it's safer, and how it's different and can't be snooped on by prying eyes. They would be showcasing all of the features, and features to come in future releases. There's none of that!


Suckers Beware, you'll be talking on the phone one minute, then locked up in BIden's London Tower without bail, in solitary confinement with no court date in sight.

And THIS is not This...

https://sourceforge.net/projects/freedomos/

It could well be a trap, like the FBI "secure messaging service" which exposed everything to the FBI.

It should definitely be advertising all its tech specs, but does not seem to.

It should have hardware kill switches for mic, camera, gps, etc. It should have a removable battery.

Patrick says

It should have hardware kill switches for mic, camera, gps, etc.

Until someone breaks the phone apart, no one would know if the hardware switch has a digital bypass as a "feature" if something failed on the switch. This most likely is the case though I don't wire small electronics nor program. It likely wouldn't be hard.

This assumption you can stay private is almost more conspiracy theory than acting like the government is spying on you or I. Do they, yes. Any phone that connects with cellular data is traceable though, likely can get all the info off the phone remotely. Don't buy the BS from the one CA Muslim mass shooting where the FBI couldn't unlock the phone and then did. If you have a phone turned on, anyone can find it within a certain range without GPS. The game is over, boomers (sorry to boomers but true) gave away your (and their) privacy a long time ago.

You can and will be found and/or dragged through mud if someone wants to. Especially the likes of NSA, FBI and CIA. The day you were born the government had data on you unless your mom birthed you in a ditch and dropped you at the fire station. They then likely did a DNA sample on the baby and could likely track it back to you anyway even though you're legally allowed to dump and run.

https://www.vice.com/en/article/epnmvz/industry-unmasks-at-scale-maid-to-pii

Unique IDs linked to phones are supposed to be anonymous. But there’s an entire industry that links them to real people and their address.

Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don't mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.

They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person's full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.

"If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous," Senator Ron Wyden told Motherboard in a statement.

Freedom phone looks promising.

Fortwaynemobile says

Freedom phone looks promising.

As long as it's not just another FBI scam, like their "private" messaging app:

https://www.rollingstone.com/culture/culture-news/fbi-operation-trojan-shield-crime-messaging-app-1181168/

How the FBI Tricked Criminals into Using its Messaging App
Hundreds of device users didn’t realize they were carrying the FBI in their back pockets — until they got arrested

Patrick says

Fortwaynemobile says

Freedom phone looks promising.

As long as it's not just another FBI scam, like their "private" messaging app:

https://www.rollingstone.com/culture/culture-news/fbi-operation-trojan-shield-crime-messaging-app-1181168/

How the FBI Tricked Criminals into Using its Messaging App
Hundreds of device users didn’t realize they were carrying the FBI in their back pockets — until they got arrested

I can't repeat it enough. You're not private. You never will be if you want to live a functional life with utilities (aka shit, shower, drink water, have lighting, etc.) and the ability to drive (to make income). Every non-municipal (maybe some muni's do) sell your data. Most people don't open many electric or gas accounts in their life. That's all private business. They do a soft pull on your credit and can see almost everything. Many tenants in my past couldn't even get running gas accounts because they didn't pay electric bills. Everything is shared. You're more well known than you think.

Big Brother has been here for a while. You're a little late to the game of privacy if you're trying to do it now or even in the last 20 years. Best way is to fool them. Everyone on this forum is accounted for in some way shape or form. You're better off making them try to prove you are you if that makes sense. Reasonable doubt as they say. If you can line up witnesses that can say with certainty, under perjury, that John Doe (you/me) never talked about fucking squirrels, you have an out. Has to be more than just one thing though, but I think you get the tactic. You make your friends and family become character witnesses. You've then created doubt.

It's backwards, but the LESS data they have on you, it's likely worse if you find yourself in a situation or Big Brother decides to just go after randoms. Now if we turn into a legit kangaroo court system all best (edit: bets) are off. Hence why we have 2A.

Fortwaynemobile says

Freedom phone looks promising.

It's still based on android. And, I'm under the impression that android has a few closed source components. Unless the freedom phone can exclude these parts, google will likely still have their tentacles into your phone. The closed source stuff is likely where the NSA backdoor is.

But, my guess is it will still be somewhat of an improvement on privacy and ability to use apps, at least for now. I would imagine FP can prevent many types of data collection built into the os, but some will be hard to fight. For example, many apps use "push messaging" to save battery and reduce latency on data updates (like, to notify you that you have a new message). Google made it so every android app uses their push messaging server (so the phone only needs to call 1 google server, and that 1 call can get updates for potentially hundreds of apps at the same time - very efficient). But, it means you phone is still talking to google. Apps aren't required to use this service, but many do. I'm also under the impression that many apps depend on "google play services" (a google background app which provides push messaging, gps / location services, and other services). So, either many apps stop working, or you install the google "play" services, which is a spaghetti pile of crap that probably gives them a golden honey pot of personal & tracking info.

I'm skeptical this will be much of an improvement, aside from ability to install certain censured apps.

Hircus says

Fortwaynemobile says

Freedom phone looks promising.

It's still based on android. And, I'm under the impression that android has a few closed source components. Unless the freedom phone can exclude these parts, google will likely still have their tentacles into your phone. The closed source stuff is likely where the NSA backdoor is.

But, my guess is it will still be somewhat of an improvement on privacy and ability to use apps, at least for now. I would imagine FP can prevent many types of data collection built into the os, but some will be hard to fight. For example, many apps use "push messaging" to save battery and reduce latency on data updates (like, to notify you that you have a new message). Google made it so every android app uses their push messaging server (so the phone only needs to call 1 google server, and that 1 call can get updates for potentially hundreds of apps at the same...

It’s mostly the uncensored App Store I think, something like that.

Hircus says

It's still based on android. And

I suspected that and worse. The fact that their splash page is nothing more than a color flyer advert, lacking any details and specs.
What ever your worse fears are about this phone. I would double it to be on the safe side. This phone is scarier than a Boost Mobile bought from a store own John Brennan.

https://www.haaretz.com/israel-news/tech-news/.premium-how-nso-s-pegasus-is-used-to-spy-on-journalists-1.10010560

How NSO's Pegasus Is Used to Spy on Journalists
Israeli firm NSO's Pegasus software is used to infect journalists phones in what is called 'zero clicks'. Here's how they did it and what we found out

https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

Revealed: leak uncovers global abuse of cyber-surveillance weapon
Spyware sold to authoritarian regimes used to target activists, politicians and journalists, data suggests ...

Human rights activists, journalists and lawyers across the world have been targeted by authoritarian governments using hacking software sold by the Israeli surveillance company NSO Group, according to an investigation into a massive data leak.

The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO’s hacking spyware, Pegasus, which the company insists is only intended for use against criminals and terrorists.

Pegasus is a malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

The leak contains a list of more than 50,000 phone numbers that, it is believed, have been identified as those of people of interest by clients of NSO since 2016.

https://www.theguardian.com/news/2021/jul/18/huge-data-leak-shatters-lie-innocent-need-not-fear-surveillance

Huge data leak shatters the lie that the innocent need not fear surveillance

Donald says

The Freedom Phone is made in Communist China and is nothing more than a $120 phone being sold for $500.

Yet another conservative con game

https://www.nydailynews.com/news/national/ny-freedom-phone-made-china-cheap-rebrand-20210716-ye2coq5r5nfthgt4vc4cw2ugby-story.html

Better than stealing elections and censorship. You probably have to run/buy a pine phone or similar to get privacy and low margins, but it can be done just with Android, which by itself is not spyware.

https://www.nytimes.com/2021/07/21/technology/phones-location-data.html

“Data privacy” is one of those terms that feels stripped of all emotion. It’s like a flat soda. At least until America’s failures to build even basic data privacy protections carry flesh-and-blood repercussions.

This week, a top official in the Roman Catholic Church’s American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.

Another thing that political left and right should be able to agree on: We don't want our phones spying on us.

We can also be unified in our opposition to the Jeff Bezos' destruction of American retail and manufacturing.

Freedom Phone is SoakTheRubesPhone

Brave on the desktop? HEHEHEHEHEHEHEHEHE!

If your phone isn't running Symbian, you're being electronically skull fucked.

Get a pager and use disposable email accounts.

Learn to kill with your bare hands.

Teach your wives and kids to kill with their bare hands.

Biden is planning to control supplies of ammo.

Donald says

The Freedom Phone is made in Communist China and is nothing more than a $120 phone being sold for $500.

Yet another conservative con game

it is android, so probably you are right
google loaded with spyware and a few free speech apps to con people into buying it

I also suspect this is true.

https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal

In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by anyone willing to put money in the hand of this new Insecurity Industry. The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that occupy the red-hot intersection of a Venn Diagram between “desperately craves the tools of oppression” and “sorely lacks the sophistication to produce them domestically.”

An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled. ...

If you want to see change, you need to incentivize change. For example, if you want to see Microsoft have a heart attack, talk about the idea of defining legal liability for bad code in a commercial product. If you want to give Facebook nightmares, talk about the idea of making it legally liable for any and all leaks of our personal records that a jury can be persuaded were unnecessarily collected. Imagine how quickly Mark Zuckerberg would start smashing the delete key.

Another possibility:

https://calyxos.org/

If people want a phone that doesn't spy on them, they have to have a stripped down OS that they can understand, that will trivially monitor inbound and outbound connections.

It has to be simple enough so that that a typical coder can understand the OS (i.e. an embedded OS) and move the complexity up into libraries.

The problem with OSes is they are monolithic. Understanding Linux is a tremendous task, understanding Windows is an impossible task. This was done for efficiency reasons back in the day, but building an OS on top of a kernel, like MACH, that's still doable. This is a software abstraction of the hardware itself. The OS runs on top of another OS, a very simple OS. This was once called a Board Support Package.

Kernels allow you to run multiple operating systems on a single device, often simultaneously. NO hardware is directly accessible, and you can always detect access to the hardware through the interface. I think this will have to be done at some point to guarantee security.

If you had, for example, a virus running on your phone, you'd be able to detect the outbound data packets on it, and the incoming data packets on it. What files were modified, which parts of the storage were written or sent out, and what devices were activated. This was impractical 20 years ago because we were running on 200 Mhz machines, but it's entirely practical now at the cost of a bit of battery life - and my phone runs fine for weeks without a charge when its unused. I have a junk phone I use only for wifi access, and screwing around on (it's got damaged screen), I can leave that thing sitting on the counter for 2 weeks, and it goes from 100% charge to 90% charge over that time.

We can even further secure the devices, by using the kernel to require certified binaries only be run, and to expand the storage, to not only record things like date and time, but the applications that created them. This has already been figured out, but it's purposely not implemented. It's trivial to eliminate viruses, and to guarantee secure communication - the reason it's not done, is the government doesn't want it done.

I worked on the XBox project. One of the main concerns on developing that system was PREVENTING unauthorized code from running on it. Why? Because MS sold the machine for BELOW COST to gain marketshare. They make up the cost differential because for each game sold, they receive a cut of the sale. So, they might sell the first revision of their machine for $300, but it cost $500 to make, but they expected 10 games to be bought by a user on average, so they would initially break even. Then they cost reduce and the box to $400 to make, then $300, then $250, then $200 and so on. As they do this, they also reduce the cost of the game machine to gain market share.

What they were terrified of, is a company could run arbitrary software on it, and cut out MS from their fee, or even worse, making a machine that kicked ass, that was a full replacement for a desktop, that could act as a server. Game machines, are no longer toys, they are as powerful as servers. They do not want you to be able to use them as full machines, just toys - but games have to have a digital signature, this could be done with any machine, that would obliterate viruses - but they don't. Why do you think that is?

Machines are PURPOSELY built with backdoors, and phones, they are the worst. Nobody cares about desktops today, they care about your personal communication.

richwicks says

I worked on the XBox project.

Fuck that device. Fuck it hard. Apple can take all my shit for all I care, new devices are set up in minutes not hours. I don't game but my kids do, it's the worst platform I've ever encountered. So convoluted and retarded to be honest. I'm no techie, but I've build mediocre websites that worked well for real estate. Xbox (currently) is not intuitive and is a shit show. Maybe it was better when you worked on it, as again I don't play video games.

We've spent hours doing something to get the kids a game or whatever. The feedback is the exact same from other parents. My one buddy just rebuilt the JP Morgan investment site for trading. Even he said Xbox is a shit show. I've seen the dude work, his keyboard is on fire.

https://puri.sm/posts/internet-of-snitches/

Imagine an Internet of Snitches, each scanning whatever data they have access to for evidence of crime. Beyond the OS itself, individual phone apps could start looking for contraband. Personal computers would follow their lead. Home network file servers could pore through photos, videos and file backups for CSAM and maybe even evidence of copyright infringement. Home routers could scan any unencrypted network traffic. Your voice assistant could use machine learning to decide when yelling in a household crosses the line into abuse. Your printer could analyze the documents and photos you send it.

I want a phone that kicks larry and serge in the nuts and take a massive shit on their faces every time I make a call and hundreds of times a second when I don't/

https://reclaimthenet.org/how-to-install-grapheneos-on-a-pixel-smartphone/

Patrick says

Your printer could analyze the documents and photos you send it.

Already does to some extent.

WookieMan says

richwicks says

I worked on the XBox project.

Fuck that device. Fuck it hard. Apple can take all my shit for all I care, new devices are set up in minutes not hours. I don't game but my kids do, it's the worst platform I've ever encountered. So convoluted and retarded to be honest. I'm no techie, but I've build mediocre websites that worked well for real estate. Xbox (currently) is not intuitive and is a shit show. Maybe it was better when you worked on it, as again I don't play video games.

I am unoffended. I'm a contractor. Some people would call me a mercenary for hire, but I know what I really am. I'm a prostitute. I'm a whore.

If your kids like video games, look into the retroarcade. Maybe your kids need the "latest and greatest", but if they just want to play video games, I have a library of over 10,000 of them, not to play (my life isn't that long), but to preserve.

For < $100, you can have a raspberry pi, running retroarcade with more video games on it, than any one person can play in a lifetime. Also, it burns less than 10 watts.

https://retropie.org.uk/

The last time I tried to play a modern arcade game was 10 years ago. When I was a kid, a video game was a 10 minute distraction, that at worst could be a 2 hour struggle to win. Today, video games are just ordeals, that take WEEKS to get through. Want a blast from the past?

http://impossible-mission.krissz.hu/

That's one of the toughest video games I conquered as a kid. I can still beat it, and I recently have, but there's no enjoyment in it.

Stay awhile, Stay Forever!!!

richwicks says

I worked on the XBox project.

That's interesting.

One fun thing about tech is that your work is often used by millions of people.

I worked on a phone (the Nextel phone) that was used by millions. And many well-known websites. Not that I did a huge part of any of them.