Ask Slashdot: How To Stay Ahead of Phone Tracking ?

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Don't carry one

[siddesu]

As you know, they can track you even when the device is off, unless you've taken the battery out.

Re:Don't carry one

[thephydes]

This may well be the case for some phones but I'm not convinced that it it is for all phones. Mind you I'm more than happy with my "dumb" phone and have no interest or use for a "smart" phone - who the fuck knows what they are sending out, off or on.

Re:Don't carry one

[gl4ss]

umm that's only the case if they've managed to fit something on your phone.
on most any phone offline mode means no connection to network.. but if you want to be conected you're going to be paged all the fucking time for your info. so staying in offline mode is the answer. of course you can't know if someone is calling you or not.

and if you're worreid about gsm attacks put your phone into umts only mode.

Re:Don't carry one

i have taken apart a "donated" huawei ascend2 earlier this year and found small watch type batteries hard wired (soldered) on to the circuit board
they were very small , 2 in quantity and were 3 volts each i dont know what they are used for other than to power the device even with the battery out
its amazing how few chips were in this devithe whole board had like three or four chips a couple of speakers and a couple of mikes and the sdcards
when i opened it i expected it to be jam packed full of components but the manufacturer really has done wonders with the SoC tehnology
TL/DR even without the battery inserted that phone has some functions that i was unable to determine what they are

Re:Don't carry one

[gomiam]

Not to raise your paranoia, but your "dumb" phone isn't as dumb as you think it is. While it is acting as cell phone it needs to keep the towers appraised of its location so you can receive calls and it can roam from one cell to the next.

Re:Don't carry one

It's called a real-time clock. Your computer has one. A builtin battery too.

Re:Don't carry one

[vux984]

As you know, they can track you even when the device is off, unless you've taken the battery out.

I don't dispute it's possible that the phone while 'off' is simply in standby and pops on now and again to ping the network.

But.. if so, why does my Galaxy S3 take 10+ seconds to 'boot up' after it's been turned off, and then another 5-10 seconds before it has service?

There might be some phone out there that is 'always on'... but is there actually one? More than one? Is it actually common?

This seems more 'urban ledgend' / paranoia then real -- the sort of paranoia where you think the NSA has installed a rootkit to simulate your phone shutdown sequence when you turn it off while it remains transmitting. Possible, theoretically? Sure.

But then what makes you think taking the battery out will work? The NSA inserted a secondary battery with enough juice to keep tracking you for days even when the battery is out. Better put the phone into your pocket faraday cage...

And take a shower and change your clothes to rinse off the micro RFID they hid in the dirt on your shoe and are tracking with a satellite equipped with some sort of super pringles antenna...

I think my Galaxy S3 is off when I turn it off. I'm prepared to be educated that it really isn't, but I need more than some handwaving or links to rumors on some guys dubious blog.

Re:Don't carry one

[robthebloke]

Buy a pay-as-you-go phone with cash, they can still track you, but they won't know who they are tracking.

Re:Don't carry one

[DKlineburg]

maybe not so? See article about your habits being unique and identifiable here on /.

Re:Don't carry one

[FrkyD]

Well, we have known for quite some time that is is not just possible to use your dumb phone as a roving bug while it is turned off, but that it has actually been done.

http://news.cnet.com/2100-1029-6140191.html

So even though you sound a bit (albeit justifiably) paranoid, you might not be paranoid enough.

Re:Don't carry one

[equex]

To disable the GSM module you have to enter a code on the dial. It does need a battery, obviously, so the only way is to take it out.

Re:Don't carry one

[scsirob]

And why would it need one of these when it has a big battery to operate on, and an entire time-driven network to sync with as soon as the main battery is connected?

Re:Don't carry one

Don't confuse the time needed to load all the bloatware that comes with Samsung phones with the time needed to power on the radio modem.

Re:Don't carry one

[egcagrac0]

Better put the phone into your pocket faraday cage...

Great. Another ad for Aluma-Wallet. Didn't realize they had a giant one now, big enough to fit a common smartphone.

Re:Don't carry one

[egcagrac0]

Most of the cash prepaid phones still demand a name and address to activate. (YMMV... who are you using for burn phones these days?)

Re:Don't carry one

[MightyYar]

Yeah, it would be awesome if your phone lost all settings every time it ran out of battery :)

Re:Don't carry one

[SuricouRaven]

I think it depends on country. Some have regulations that make it very difficult (via liability) or outright illegal to provide a communications service without the ability to determine the identity of the user - predictably, usually introduced as a measure to fight the distribution of child pornography.

Re:Don't carry one

[gl4ss]

the article describes a technique in which the phone is NOT turned off but instead is hacked to _place a call_. that sounds suspect technique, actually, even if some razrs have hackable firmwares. you could keep it next to a radio to notice that something is up - and this would be an undertaking to essentially rewrite the entire firmware of the phone better than what motorola could - while retaining all the stock functionality. it sounds very, very james bond spy shit - bordering on being plausable as just FUD(don't even try to find the bugs!).

another part of the article describes another technique, "prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.". that phrase sounds actually like actually placing a bug on the phone which is definitely not a new technique nor a surprising technique at all - instead it's a cold war era technique. But this would work while the phone is turned off - However it would be just a bug attached to the phone in essence.

Re:Don't carry one

Yeah I know, unplug your computer and you lose everything...no wait, that doesn't happen. Even if you pop the CMOS battery the computer will work fine, it's like there is a technology to save the state of the OS in between times when the hardware is powered.

Re:Don't carry one

[egcagrac0]

Good call on the jurisdiction dependent part of that.

Honestly, I think they're more worried about (would-be) terrorists and drug dealers than CP, when it comes to phones...

Re:Don't carry one

[hAckz0r]

I think my Galaxy S3 is off when I turn it off.

That switch that you use to turn your phone off is nothing but a sensor switch. Its not a physical on/off switch disconnecting the battery from the phone circuits. When you press it, the OS on the phone is programmed to start shutting down certain circuits within the phone. It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.

That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.

The phone can be reprogrammed fairly easily by someone who gains control of the device. How easy is that? I've seen a demonstration by an expert that took all but 15 seconds to have root on a popular phone. All that was needed was an IP address of the data connection for the handset. In an instant they had the equivalent of ftp and could have done anything on that phone, including staging a boot loader/update waiting for the next time you cycled the phone's OS.

For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing. Nobody needs to hack your phone, and they can then completely control the outward appearance of the devise without you knowing anything about it.

Other than having an RF monitor next to the phone you likely won't be able to detect it. A small RF monitor can be purchased and hacked to add a audible warning if the phone becomes active, if you are the tin foil hat type. Otherwise, if the phone is active and uses the network the battery will get slightly warm, even when turned off, so you might be able to tell that way. A cheap way to tell is a liquid crystal temperature strip adhered to the outside case where the battery compartment is. This is also a help if your phone has a battery drainage problem with certain apps, because it will tell you when the battery is being drained, and how quickly, for whatever reason.

Re:Don't carry one

Psst, phones now have flash memory in them that they can save settings in. You'd just need to wait for your phone to reconnect to the network to get a time/date update after a reboot.

Re:Don't carry one

[fuzzyfuzzyfungus]

This may well be the case for some phones but I'm not convinced that it it is for all phones. Mind you I'm more than happy with my "dumb" phone and have no interest or use for a "smart" phone - who the fuck knows what they are sending out, off or on.

'Smartphones' generally know more, by virtue of having a UI that makes doing lots of personally-identifiable stuff and storing lots of potentially sensitive data attractive; but if it's a cellphone, it has cellular communications capabilities, which are ample for at least lowish resolution tracking.

Re:Don't carry one

[Electricity+Likes+Me]

If you really want to track someone, it's usually way easier to steal and modify their phone, or modify a replica phone and download their phone to that one.

There are a lot of high-tech surveillance techniques, but they're just really kind of hard to do compared to the simple stuff.

Re:Don't carry one

[kilodelta]

Yeah, dropping the battery is probably the best way to prevent it. But if you're an iPhone owner you're screwed. You can't easily drop the battery.

That said, just put the phone in airplane mode. That shuts off all the radios including bluetooth, wifi and CDMA/GSM.

Re:Don't carry one

Actually the urban legend I heard from rf engineers and other field techs while working on cell networks was that the "track you even when its off" grain of truth in the bullshit perl was a case in which the FBI did just that to a mob bosses phone; modified it to fake being turned off.

The really ineresting thing was how much Qualcomms NOC seemed to know. Or why qualcomm, as the chip maker, had a NOC (seperate from the carriers) for a peon contractor to call in the first place.

Re:Don't carry one

[Thruen]

Try setting your alarm and turning your phone off. My last maybe five phone have all had this functionality, probably before then too. Even your computer isn't really off when it's off, hell even after you unplug it it's not quite dead for days. If you've seen smaller GPS devices, things like pet trackers, you know they don't actually need the whole cell phone or a big battery to work. I'm not even convinced they can't track you AFTER you pull the battery. That said, it doesn't prove they're doing it. I haven't seen anything that actually confirms this has happened, all I'm saying is it's possible. You can still call it paranoia, but a week ago people would've called someone paranoid for thinking the government is imitating cell towers and intercepting phone calls, able to hear everything, but now we have a court case to point to that shows they engage in this practice regularly. Now, I'm not trying to tell you they're watching you or anything like that, I'm just pointing out it's not some unrealistic fantasy suited for conspiracy nuts, certainly nothing to be compared with the NSA planting an RFID chip in your shoe. Everyone knows the NSA uses an advanced chemical tracking system they reverse engineered from technology recovered in Roswell, you inhale it.

Re:Don't carry one

[GameboyRMH]

That's the safe way to be sure but many phones let you turn off the GSM transceiver with "airplane mode" or something like that.

Re:Don't carry one

[MightyYar]

Flash memory has a limited number of writes, and won't power an on-board clock in any event.

Re:Don't carry one

[CohibaVancouver]

Even if you pop the CMOS battery the computer will work fine, it's like there is a technology to save the state of the OS in between times when the hardware is powered.

Read the parent. This is for the CLOCK. You 'pop the battery' and the clock will reset.

Re:Don't carry one

[GameboyRMH]

Yep in most modern PCs if you pulled the battery you'd lose the time and BIOS settings, possibly onboard RAID settings. Some high-end PCs have an onboard EEPROM where you can store BIOS settings but you'd still lose the current settings and have to load them.

On a phone you'd just lose the time.

Re:Don't carry one

It is about 30-80 seconds. What? Work with embedded radios... Quicker if you have a chipset that keeps some info around in flash.

Believe it or not the modem is just that, a modem. It has an AT command set even hanging off an internal 'com port'. You 'dial' a number just like the old acoustic modems (atdt). You just ate 3-6 seconds there. Time for the modem to find the local towers (and there is almost always more than one). Set up the connection to the tower... Newer ones have a PPP session to setup as well before they will even let you make a call. That takes time for the authentication and radius setup.

You can get it to go faster but you have to be in the right conditions and have a *very* well written stack. Most stacks are 20+ years old now with tons of diagnostic cruft. The books that describe these things are 2+ inches thick. They work but have to work in a cell network that is just as old in all conditions. So they have a very well defined setup procedure.

Also to the original poster. The tower does not 'know' where you are unless your phone transmits. ALL phones transmit. They have to. Otherwise they are not part of the cell network. Otherwise walking/running/driving from one cell to another would not work. Or do you think when someone calls you it lights up every tower in the area? Older networks did just that. But it worked for some types of messages and quickly was swamped with any sort of volume. But newer ones are all switched and routed. Its why if the tower can not see you and someone calls they are dumped right into voice mail. So yeah you could turn off the beacon. But only if you do not care about anyone ever being able to call you as the tower would drop you out if you do not beacon. It has a few hundred other phones to take care of than yours which from its point of view looks off. Do not want GPS? Good luck with that. They do not even need GPS they can figure it out from the towers (which have fixed known locations). http://en.wikipedia.org/wiki/Direction_finding

What the original poster is asking for would not work very well. Well in a very limited fashion it would work. But only if he does not care about ever getting calls or SMS. He can use airplane mode. Built in to almost every phone out there. He can then use one of the many firmwares out there and have it default to on with a startup script. The listen only? Not going to happen unless he knows specifically how to talk to the modem. Also there are hundreds of chipsets out there and they all act a little different, qcom vs athros vs ti vs bcom all different even between chipset lines (the propitiatory blob in most phone firmwares). Even then it would from the networks POV look like he is off so it would not even bother to send the message (older networks did this, newer ones do not waste the bw, they need it). Also if the carrier gets wind of him doing this? They probably would just deactivate the account for tampering with the network and leave him stuck with the bill for the phone he has not paid off yet. The guys at the lower levels 'stick to the script'.

It is very simple do not want someone tracking you? Do not carry around a cell phone radio and leave it at home and turned off. It is the position Richard Stallman takes. It is not one I take. My phone is at my pleasure. Not someone elses. They want the info they have to get a warrant. Someone got the data without one and used it against me I would press on it.

A better idea would be to get one of the *many* android pads out there and put skype on it. Much simpler.

Re:Don't carry one

[cgfsd]

Even taking out the battery doesn't work anymore. The NSA has mandated that a small hidden backup battery be installed in every new phone to keep the GPS tracking on. I used to wear tinfoil hats, but I found they didn't offer enough protection. Now I wear lead foil hats, much better.

Re:Don't carry one

[psiclops]

some people have time syncing with network turned off. i do, mostly because i live in my own time, which is about 5 minutes off the networks. (at least with my old provider, i haven't checked my new one)

Re:Don't carry one

[SuricouRaven]

They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.

In practice, some businesses have continued to recklessly provide the service, while many more have instead contracted with specialist companies who run the access point and authentication infrastructure on their behalf. Typicially it uses the mobile phone network as a way to validate identity: User connects, gets a captive portal, enters their phone number, the service provider sends them an SMS with the unlock code, user enters the code. It's somewhat cumbersome, and some people are understandably reluctant to give out their phone number, but it's the only way to provide customers with a convenience service (And thus lure them in, usually to buy food) without potentially getting sued for millions after someone goes on a torrenting spree.

The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.

Re:Don't carry one

[nabsltd]

That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.

I'd notice that my battery ran down a lot faster than usual, and I think most people would.

When my phone is in "standby" for voice and nothing exceptional is going on with background data (like nothing continuous), my phone can sit there for nearly 3 days before the battery is exhausted. But, when actually transmitting voice or data, the battery life is cut dramatically, even if the screen is off, so I end up with about a full day of normal use when doing things, which means only about 3-4 hours of actual interactive usage. If I place the phone in "airplane mode", though, I can use the phone for 10-12 hours. So, the radios are obviously a huge battery drain, and it would be very noticed.

Re:Don't carry one

[dcollins]

"Try setting your alarm and turning your phone off."

Great experiment -- I just did this, turned it off, and when the time passed, NO alarm or sound occurred. For a control, I did the same thing and just put it in standby -- then the alarm did sound as expected. This is on a Virgin Mobile LG Rumor Touch.

I find that a lot of people are confused about when a phone is really off versus when it is just in standby.

Re:Don't carry one

Every single article I've read(or started to anyways) about this starts off with me going, ah hah! they're doing tower triangulation to determine approximate location only to start reading the article and the almost always first this that pops up is GPS which is decidedly NOT tower triangulation. Additionally every single phone(and even dedicated GPS handhelds) are power hungry when actively updating location or even enabled, which would tend to make me question this by the tipoff of unusual and excessive batt drain even IF the indicator was prevented from being displayed.

I notice this from little things like checking maps on phone or even playing something like ingress, just a few minutes of either can result in a 5-10% overall power drop -> IF GPS were running a fair percentage of the day, any of my GPS enabled phones that I've owned would be dead LONG before my usual end-of-day. The only one that this wouldn't apply to would be the only phone that I got around to(and was able to) install an extended cap batt in(lasts me 4-5d of my "normal" usage between charges).

Are they really talking about tower triangulation and the article authors are idiots? (I'd assume that's why they also mention obtaining cell network records, probably lists of tower connect/disconnect.) Or do they seriously mean GPS? (Which I'm disinclined to believe as why would a cell network waste time trading GPS data with a phone? Sure I can maybe see some particular cases where that MIGHT be handy, but as an exception not a rule...)

Re:Don't carry one

[dcollins]

"This seems more 'urban ledgend' / paranoia then real..."

I agree. Based on experience with my students in college classes, where the rule is that phones must be shut off (especially on exams), many if not a majority of people are confused about when a phone is really off versus when it is just in standby. I get a lot of students who claim a phone was off when it was ringing, or that they absolutely believe it's impossible to really shut the phone off. (Even in the face being penalized multiple times on a test -- once I had a guy turn around and just throw his phone into the hallway after it rang the third time and he couldn't stop it.)

Re:Don't carry one

[number11]

Flash memory has a limited number of writes, and won't power an on-board clock in any event.

The minimum number of write cycles seems to be around 10K, and could be 1M or more (depending on type of memory). If you have the least durable flash, and turn your phone off once a day, that's 27 years. (Most people don't seem to ever turn their phone off.) What do you suppose the service lifetime of the average phone is? 3 years?

Re:Don't carry one

[petervandervos]

There are a lot of microprocessors that can wake up at a certain time to save power. Only the timer part of the chip gets power, the rest is turned off. ARM uses them, the 'Wake-up Interrupt Controller (WIC)'. This doesn't mean it always works this way, but a lot of phones uses ARM processors.

Re:Don't carry one

[vux984]

It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.

Yes, my TV and computer both do that too. But it's not on. My PC even has WOL capability, but its not enabled, so you can't remotely wake it up. That's the question -- if my phone is "off" does it periodically turn itself on, and can it be remotely waken. I contend that, with the default programming (ie the state that my phone is in right now) that the answer is no.

The phone can be reprogrammed fairly easily by...

Yes, I stated in my original post that this is theoretically possible. And I don't doubt that if you are in a criminal or terrorist network that this sort of thing you would want to consider and mitigate.

For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing.

But what about the average person who just doesn't want to be tracked? Who doesn't want their movements showing up in the logs. One who isn't the subject of a major investigation, and has no real reason to think they would be. If their phone hasn't been specifically tampered with (either locally or remotely) by a three letter agency then isn't simply turning it 'off' enough?

Re:Don't carry one

[MightyYar]

You would need to write to the flash every time something changes, not just at shutdown. You can't guarantee a graceful shutdown. I'm not sure what kind of data gets backed up in nonvolatile RAM. I'm sure simple things like call history, voice dialing, contact photos, lists of installed apps, menu and phone settings, and other things like that are fine in flash RAM. If it is a list of the most recent towers or recent battery and radio stats or GPS data, then even a million writes seems very finite.

In any event, you still need the on-board clock, which won't be replaced by flash RAM.

Re:Don't carry one

I'm not worried if they have to expend resources (read finances and budgets) to bug me and bypass my security.

What I'm worried about is a world where it so easy and cheap to do so that the government does it to everyone by default and Law Enforcement officers become nothing more than response units for a "Google" sentry bot looking for violations.

Re:Don't carry one

[julesh]

They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.

[Citation needed]

I've read the Act, and see nothing in it that sounds like it will have this consequence. It appears that they may have a legal obligation to notify their customers of allegations they receive concerning infringements, with fines as a court considers "proportionate" for failing to do so. However, by my reading of the Act, they can avoid this obligation by offering a free service with no associated terms and conditions (the definition of an ISP makes reference to a "subscriber", which is defined as somebody with whom the ISP has entered into an agreement to provide service and who is not reselling the service, so if there are no T&Cs there is no agreement, no agreement means not an ISP AFAICT).

The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.

The Act was the last Bill introduced by a government who knew they had no hope of reelection. They really didn't care about dressing it up -- they knew that by the time the next election came around, we'd mostly have forgotten about it.

Re:Don't carry one

[hAckz0r]

Any John Doe can buy software off the Internet, that once installed on the phone, has complete control over it. The spy/tracker/user does not need to know much to use that software, though most software may require physical access to the device to install it. Many don't. I would give specific examples to back up my assertion but I don't want to "help" that industry do bad things to good people. Lets just say its simple enough for your GF to find out who you are seeing on the side, and some of that software is rather effective in what they are designed to do.

As to what the software is actually designed to do, all that depends on the sophistication and talents that the spyware hacker, and and the specific mix of hardware and OS support. The short answer to your question on whether 'turning it off is enough' all depends on how much your neighbour wants to know what you are up to. If they have deeper pockets and don't mind buying available software to do the job, then the answer is definitely no.

My take on it is if "I" could figure out a way to do it, then somebody else is likely already making money doing it. Any decent hacker out there can quickly learn how to make the tail wag the dog when needed, and the smell of dirty money drives the spyware market. I had a friend who got hacked, and now my personal interests is in being the spy-master's arch-nemesis. I just wish I had more time for that sort of thing and there are very few samples out there to be openly studied.

Re:Don't carry one

[vux984]

-sigh-

That doesn't really answer my question at all. The question is quite simply, unless someone is specifically out to get me, is my phone checking in with the network when it's turned off or not.

I'm not asking whether someone CAN do it. I know it can be done. Perhaps I waxed a bit poetic when I mentioned three letter agencies, but really I'm just asking whether any carriers are doing it, by default, on everyone.

. I would give specific examples to back up my assertion but I don't want to "help" that industry do bad things to good people. Lets just say its simple enough for your GF to find out who you are seeing on the side

Odd example. Who are people doing bad things to good people in that scenario?

But the point remains, that unless someone specifically targets my phone to subvert it, then off is off.

If they have deeper pockets and don't mind buying available software to do the job, then the answer is definitely no.

And this comes full circle. IF they have deep enough pockets then taking your battery out won't make a lick of difference because maybe they've actually swapped your battery for a "spy" battery with a self-contained GPS tracker in it, and taking it out of your phone is irrelevant. :)

Re:Don't carry one

[Thruen]

I understand you think your phone must have every feature there is, and it's natural to act like someone else must be the ignorant one when their phone has a feature yours does not, but there's no need. I'm sure owning one you know, the Rumor Touch is not a high-end phone, it's a budget phone and so won't have all of the features of other phones. I'm not saying that's bad, I'm just saying you can't honestly expect that phone to be any sort of standard for what to expect out of other phones. I just checked on my S3, was using an iPhone before, and I pulled the battery after setting the alarm and shutting it down just to be certain, popped the battery back in and waited. Alarm went off. So yeah, pretty positive it wasn't in standby. I find that a lot of people are confused about when they're being smart versus when they're being ignorant. Don't feel bad, though, we're all ignorant sometimes.

Re:Don't carry one

[Sigg3.net]

Unless your phone is hijacked you're referring to GSM comm.

GSM continuously sends and receives "hi guys I'm here" to/from cell towers in order to maintain a connection (and be usable as a phone for both in/out calling) and keep track of time.

The empty space in these numerous messages is what's used for SMS AFAIK. I read a great white paper PDF on this when those CCC guys announced the GSM rainbow table project a few years ago. Sorry if some of the details are wrong.

Get a dumb phone and don't insert the battery until you need it. Newer phones can have internal power to keep GSM in communication without a buttery (I've seen it in 3G modems as well). Of course, you can only call out or accept calls at a period of time previously agreed on with this configuration.

Re:Don't carry one

[Sigg3.net]

It's part of the GSM spec AFAIK.

The "getting a service" part is network authentication. So even if your IMEI is blocked in EIR or the regional equivalent (it's stolen), GSM still sends/receives.

turn it off

[thephydes]

Turn your phone off when you aren't using it. Do you really have to be contactable 24/7? I suspect not for most people and if your phone is off then you cannot be tracked.

Re:turn it off

You are told to turn it to airplane mode FIRST so that when you turn it on mid flight it doesn't come on and start reaching for a cell. Now whether that will cause a problem or not is another matter entirely.

Re:turn it off

[complete+loony]

Assisted GPS in cell phones is typically just a way to download accurate satellite position information from the internet. Otherwise your receiver will have to download that data from the satellites themselves, which takes a significant amount of time. It doesn't have anything to do with remembering where the phone is, and I highly doubt it helps the cell phone company to determine your position.

Re:turn it off

[KZigurs]

Bollocks. Unless by 'turn it off' you mean 'press the power button sending the phone to sleep', there is no smartphone out there that will 'stay on' when 'powered off'.

aGPS works by sending a small data packet to a nearby server (ether over gprs or sms) when starting to triangulate your location to speed up the satellite discovery process.

(Mind you, that does not exclude possibility of compromised software and radio modem + bootstrap indeed being kept alive for eavesdropping purposes. For what it's worth modern smartphones generally consist of a small PC part (buttons, input, screen, cpu, sound, etc) and small separate dumbphone (cellular modem) part that talk to each other over serial bus)

Re:turn it off

[Jafafa+Hots]

compromised software - that is the key.
If they decide they want to use your phone as a bug, I wouldn't be too surprised if they could root your phone or change the firmware so that when you push "off" it gives you all of the usual "off" sounds and screens and goes blank... except.

It has to still be active in some way for it to know when you press "on," after all.

It's not like any phones have an actual physical off switch that literally physically opens a circuit. A sliding switch that goes "click?" I haven't seen one of those.

Re:turn it off

[poetmatt]

Huh? the off you are referring to is sleep mode. People do understand the difference between "Screen is not on" and "phone is off".

Re:turn it off

[psiclops]

no i don't need to be contactable 24/7. the thing is, i'm not psychic and do not know in advance when people might need to contact me

Re:turn it off

[plover]

Depends on how "off" you mean by "off". There are still a few circuits energized when the smartphone is off - obviously, the power button sense circuitry, as well as the real time clock. But most of the CPU is shut off and most other circuits are not drawing current. Certainly none of the radios are supposed to be energized. As you say, the activity of powering down circuits is partially defined by software, and software can be changed while the phone user remains none the wiser.

A-GPS actually has two modes of assistance. One is the boot-up process you mentioned where it sends a request to the nearby tower to get the current ephemeris data of the satellite constellation, and the tower quickly returns the list of satellites currently in view, enabling it to synchronize much faster than a cold start. The other form of assistance is that the phone can retransmit the received signal to the tower, and allow the tower to decode and perform the computations of location, with the assumption that the tower can improve position accuracy by acting as a sort of differential GPS (the tower is in a fixed surveyed position and can thus factor out local RF path anomalies due to weather.) But that was an old requirement, and since modern GPS chipsets do all their own decoding internally, I don't know if it's needed anymore. Actually retransmitting the GPS signal would use more battery energy than it would take an on board chip to decode it, which is why I doubt it's being done as a time or energy saving measure.

However, the cellular network does want phone location information for a reason other than E-911: signal quality. If they are receiving reports of dead zones or dropped calls, they have real data they can observe instead of just a bunch of inaccurate customer complaints.

What I don't know is if GPS derived location information is ever used by the cellular network for handoff, or if that remains a function of the handset signal strength.

Re:turn it off

[EndlessNameless]

Assisted GPS can offload some tasks to carrier-operated servers. Also, enabling GPS on most cell phones will enable network-based location.

In areas with poor visibility of the sky or other issues, network-based location may be faster, more accurate, or both.

Every cell phone in the US must be capable of determining its location (since the late 90s), and this requirement existed before GPS was widespread. Assisted GPS uses that existing infrastructure to some extent. There are some standards related to aGPS that allow it to work globally on GSM networks, and US carriers have additional proprietary functionality beyond that (or at least they used to---I've been out of the industry for a few years now).

Re:turn it off

[KZigurs]

Agreed. The point made earlier was implying that such behaviour would be part of normal operation - which it certainly isn't.

There is another caveat with keeping radio modems active while 'powered off' - battery drain. If you are even thinking about transmitting anything as it happens around phone you will have to use pretty much the same amount of battery power as when you are on call (sorry, physics, can't really argue with that) - with perhaps 3-4 hours of operation until the main battery is empty.

If you are trying to be smarter and record/transmit in bursts when in coverage of higher bandwidth signal - still extra power required to operate mics and storage.

Re:turn it off

[tehcyder]

If they decide they want to use your phone as a bug

Once "they" are taking that serious an interest in you, you're better off stopping doing anything dodgy rather than trying to outsmart them. Just because you work out a way to stop the your phone acting as a bug doesn't mean that "they" will give up on surveillance and other types of bug instead.

I assume the attraction of using phones is that (in theory) everything can be done remotely. That doesn't mean "they" won't get hands on if they think it's necessary.

Re:turn it off

[Jafafa+Hots]

"my battery doesn't hold as much charge as it used to..."

Re:turn it off

[Jafafa+Hots]

The fact that you use the word "dodgy" leads me to think you may not be American, since that is not commonly used here.

What the gvt. considers "dodgy" is a considerably broader category here in the land of the free.

Transmitter off won't work.

[rew]

If you want to receive calls or SMSes, you need to leave the phone on and transmitting:

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone. If you properly turn it off, the phone will tell the GSM network it is going off. So when a call comes in, it will go to voicemail immediately. If you yank the battery, the system will assume you are still in that cell where you last had the phone on, but it will probably time you out if it doesn't hear from your phone for a while. (which happens naturally if for example you drive out of range).

Re:Transmitter off won't work.

[KiwiSurfer]

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone.

Not quite, a GSM switch will keep track of which Location Area (LA) a mobile device is in. A LA can contain a few or upwards to several hundred cells. Using Vodafone's GSM network in New Zealand as a point of reference, their largest LA covers all of Auckland's (our biggest city with 1.5m population) CBD with around 150-200 sites while in rural areas a LA generally only has around 50 sites.

When a phone is being called, all the cells in the LA will send out a broadcast request to all mobile devices in the LA and the mobile device will respond by contacting the nearest cell. This is quite useful as it reduces the need for the mobile device to check in frequently — the mobile device only needs to check in with the network when it moves into a new LA.

I'm not too familiar with how UMTS or LTE works but I presume the same principles applies but I may stand corrected.

Re:Transmitter off won't work.

[rew]

The cell-phone transmit is "expensive" in that it drains the battery. You can optimize the electronics all you want but if you have to transmit a 1W burst for 0.01 seconds to indicate that you're still there, the energy expense of that burst is fixed and cannot be reduced. This is apparently a trick to reduce the number of transmissions from the phone to the towers so that the battery can last longer. I didn't know that. Thanks for the update!

Re:Transmitter off won't work.

[rew]

On second thought:

As a privacy concern the fact that "the network" knows where you are is a problem.
It does not matter whether the network knows your location to 3m (your phone sends the current GPS location), several tens of meters (your phone reports the strenghts of several towers it "hears"), several hundreds of meters/ a few km (which cell) or several tens of km's (the LA).

Track the LA's of my phone and you'll know when I visited my mom last week. Sure, you'd have to guess that I actually visited my mom and not someone else in that town. But if someone develops an interest in your whereabouts, the LA will already give away lots of information.

There MUST be a timeout on an "inactive" phone. Otherwise phones that are dropped into a toilet would remain ghost-phones in the LA where they dropped (pun intended) off the network.

With the argument that it is expensive for phones to transmit, they will transmit as little as possible already. If the timeout is known to be 1 hour, they will transmit after 55 minutes. (provided the protocol sends and ACK from the tower, otherwise you have to account for the possibility of a lost packet and transmit for example every 25 minutes).

Re:Transmitter off won't work.

[YoopDaDum]

When in idle mode, a phone only transmit every few hours to indicate it's still "there". So transmission power is negligible and not a concern. It works as the GP explains (and it's the same principles for UMTS, LTE, WiMAX BTW). In idle, a phone will listen for a possible network paging that indicates an incoming call, SMS or data connection for a very short duration (a few milliseconds to a few tens, depending on the actual standard and implementation) every paging cycle. The maximum paging cycle is 2.56s for LTE and 5.12s for WiMAX and CDMA2000 for example. So it's regular, but only needs reception not transmission (and reception uses less power than transmission).

Then every few hours (3 or 4 is typical, that's standard dependent and configurable) the device will also transmit to indicate it's still in the expected paging area (the LA of GP for GSM). It's just a keep alive to detect a phone going off "uncleanly". In a clean power off, the phone is expected to sign-out to the network so that the network immediately redirects to the voice mail any incoming call. If an incoming call happens for an uncleanly shut down phone before it is detected as out by the network, the network will page it but after a while without the phone replying, it will also consider the phone out and redirect to voice mail. So it will be safe, but will take a bit more time.

Futile

You can't.

Those are functions performed by the baseband software stack, which cannot be modified by the end user. Also you can't be simultaneously connected and not connected to the network anyway. If you don't want to be tracked by the network, don't use a cellphone.

What you're asking for is impossible

Can't work. Your phone needs to periodically broadcast its location to the network, otherwise the network won't know which cell to route your calls to.

Re:HAM radio?

[Gordonjcp]

Great idea! Then not only are you giving away your location but you're transmitting your message in the clear, for anyone to eavesdrop on!

I can't help but think you've missed the point a little...

There's this really cool app that...

[metalmaster]

I suspect that's the answer you were looking for, but i'm afraid that's not an answer. Something like this would probably require hardware switches to be truly effective. It's much simpler to take out your battery as a few others have already stated. and dont forget to discharge the device by holding in the power key for a good 10-15 seconds.

Re:There's this really cool app that...

[lazy_playboy]

Discharge what?

The capacitors in the power supply circuitry.

Re:There's this really cool app that...

[Joce640k]

Which will be depleted very rapidly anyway - probably about a millisecond after the first time it tries to transmit your location.

(Assuming it tries to transmit your location when it's switched off, which I doubt...)

Re:There's this really cool app that...

[lazy_playboy]

I wouldn't be so sure. Anyhow, I prefer to wrap the phone in tinfoil as well to make sure.

Re:There's this really cool app that...

[guygo]

May as well wrap your head in tinfoil. Big capacitors take big real estate that doesn't exist in cell phones. Take the battery out and the phone will be completely dead in a very short time. It's called physics... works a lot better than paranoia.

Re:There's this really cool app that...

[Farmer+Pete]

How do I remove the battery from my iPhone???? PLEASE HELP ME! They are afters me!

Re:There's this really cool app that...

[stormpunk]

Shit, so you're saying there's capacitors in my head too!?

Airplane mode and OsmocomBB

[asnelt]

I would say a good start is to just use the airplane mode of your phone. That should disable your RF transmitter. But of course you wont be notified when the network is paging your IMSI. The save option is to use a phone with OsmocomBB, a free software implementation of the GSM stack: http://bb.osmocom.org/trac/ It has limited functionality (no GPRS working at the moment) but at least you know exactly would your phone is doing. With that, you can even run CatcherCatcher, which is able to detect IMSI catchers: http://opensource.srlabs.de/projects/catcher The supported phones are a bit outdated, mostly old Motorola phones. But there is one supported smartphone: the Openmoko Freerunner. It is pretty usable these days and is fully supported by Debian. I love it, but you will need to tinker - a lot.

Re:Airplane mode and OsmocomBB

[asnelt]

What I forgot to mention: using OsmocomBB it should even be possible to fake your location. It is explained in this presentation at 05:20: http://www.youtube.com/watch?v=M0NjS6aUXYw

Re:Only one way

[thephydes]

Thanks Apple, please tell your users how to remove the batteries!

Re:HAM radio?

[thephydes]

As a ham operator VK4YEH, I appreciate this solution, but sadly, realistically it is not and will not be available to most people. OH well back to my ham shack .......

Re:SOLUTION: DON'T BE A CRIMINAL !!

[rvalles]

You missed this recent story: http://yro.slashdot.org/story/13/03/31/1755203/gauging-the-dangers-of-surveillance

Re:SOLUTION: DON'T BE A CRIMINAL !!

[AvderTheTerrible]

The issue is that the government does not wait until they think you *are* a criminal to do this stuff, they start doing it when they think you *might* be a criminal, or worse yet, when someone *wants* you to be a criminal. It's not the stuff that would actually manage to fetch a warrant that a lot of people are worried about, it's the fishing expeditions that lazy crime fighting agencies and power abusing bureaucrats engage in if they don't like some of your associations. Just look to what happened during the McCarthy era to see what can happen when persons in power don't like the idea of you exercising your right to free association with people they don't like, regardless of if any rules are being broken.

Switch it off or throw it away.

[stooo]

There's no way you can be paged without being discovered. Paging is discovery. Silent paging is always possible. Even without paging, the phone needs to be registered to a cell.

So
Switch it off or throw it away.

Use sombody else's phone

[qaz123]

- Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Re:Use sombody else's phone

[pla]

Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Actually one of the most realistic answers so far, except, you don't need an ID or a straw buyer... Just pick up a tracphone at Target and activate it at the in-store Starbucks' hotspot. Done and untraceable-to-you, unless "they" want you enough to manually hunt down security footage from one of those two stores.

That said, who do you plan to call with it? I consider it a sad commentary on our times that who (on the whole) you associate with matters far, far more than your own identity - Though the two end up largely interchangeable, unless a lot of people in your immediate circle of friends call to chat with your folks once a week. And of course, you probably use it at home - Lot of people living there? Keep in mind, even pre-GPS requirement, the cell providers could still get a decent lock on a phone just from the towers that can see it; and going back to the original FP question, you can't use the phone if no towers can see it.

Re:Use sombody else's phone

[Joce640k]

They can figure out who's carrying a phone by their daily habits (where you go, what time, how long you stay there).

Google claims to be able to do this - see last week's news stories.

Re:Use sombody else's phone

[DNS-and-BIND]

1. Look at your calling records. 2. Call the people you called. Ask them who called from your number. 3. Done.

Re:Use sombody else's phone

[Farmer+Pete]

Just pick up a tracphone at Target and activate it at the in-store Starbucks' hotspot. Done and untraceable-to-you, unless "they" want you enough to manually hunt down security footage from one of those two stores.

Who could watch more than 2 minutes of Target security footage without wanting to gouge their eyes out? That place is almost as bad as Walmart. Seriously though, I was under the impression that they required an ID to buy any SIM or phone with a SIM in the USA. If there is a place that sells SIMS/Phones without requiring an ID, your best bet is to buy the device and then wait a month before using it for your intended crime/activity. Very few places will retain security footage for more than a month. The crappier the store, the less they'll keep the footage. Some of them just have a single tape in that gets recorded over and over and over. Great for when a visible crime comes...much worse for long term surveillance. The problem with using someone else to buy it is that there is still a person that may be able to identify you if forced to. The trick about communication sterilization is that you have to treat a cell as secure as the least secure thing you use it for. In other words, if you use your phone to call a friend before you use it to call in a bomb threat, you can be sure that your friend is going to get a call/visit from the police asking about who it was that called him. If you just buy this "untraceable" SIM and use it like a normal phone, it wont take very long before your mobile fingerprint will betray you. You need to realize that the only really anonymous way to communicate with people is USPS, and possibly over the internet (if you take the proper precautions).

Re:Use sombody else's phone

[nabsltd]

They can figure out who's carrying a phone by their daily habits (where you go, what time, how long you stay there).

This makes the assumption that "they" can take the habits from a phone ID and connect it to a person. With the process from the GP post, there would be no way to connect the phone to a name.

For example, what if you planted a phone on a baby (or an object that is close to them at all times). The phone would move with their care provider, which could likely be multiple people. So even if you could say with some certainty that the "person" with the phone lived at a particular address, there would be no way to tell who at that address had the phone. By adding in data like who you called, then "they" can pin it down, but the claims from Google are that only location information is required to ID a person, and there are too many cases where that isn't really true.

Re:Use sombody else's phone

[Fnord666]

The problem with using someone else to buy it is that there is still a person that may be able to identify you if forced to

Don't leave any loose ends then.

Re:Use sombody else's phone

[wiredlogic]

Don't leave any loose ends then.

Pay the homeless guy to take out a hit on you?

Re:Use sombody else's phone

[julesh]

Anyone aware that this is being done can easily trick them.

Re:here's a thought

[Anne+Thwacks]

this thread is probably a response to Google reporting they could identify the owner of a phone by where it went - so no cigar today,

The correct answer is live in a third world country Smart phones are about the only thing that will work reliably. After the electricity supply, security forces and tracking technology are the things least likely to work reliably

Short answer: you can't.

[koan]

Stop using phones with GPS.

Re:Short answer: you can't.

[Gordonjcp]

Why would GPS be "mandatory" on a phone? It's only in the past two or three years that GPS receivers have got small and low-power enough to fit to phones, without requiring a battery the size of a brick.

If you want to locate a phone, GPS is close to useless.

Re:Short answer: you can't.

[GameboyRMH]

Why does it matter if the phone has GPS? The location tracking is normally done using the cell towers, GPS isn't necessary.

Re:Short answer: you can't.

[Obfuscant]

Why would GPS be "mandatory" on a phone? It's only in the past two or three years that GPS receivers have got small and low-power enough to fit to phones,

You haven't been paying attention. It's called e911 and it is a requirement so that a caller can be located when calling 911 from a cell phone. The wire system provided that information for a long time, and now the cell system does too.

It's not just so they can track you, but so that when you are calling in an emergency situation they don't have to rely on your potentially faulty identification of your own location to be able to send help. You may be perfectly coherent and not panicky, but you may also not be familiar with the area and cannot identify where you are well enough for the ambulance to appear.

The number of search and rescue callouts in this area has gone down dramatically simply because those lost mushroom hunters can call 911 and the dispatch center can send a patrol car out to pick them up based solely on the cellphone GPS information. It's certainly not anywhere close to useless.

Re:Short answer: you can't.

[Gordonjcp]

You haven't been paying attention. It's called e911 and it is a requirement so that a caller can be located when calling 911 from a cell phone. The wire system provided that information for a long time, and now the cell system does too.

It's only a requirement in the US, and it doesn't use GPS. GPS would be a waste of time for this, because it would either need to be on all the time and thereby kill your battery in an hour, or only enabled in response to an emergency call and need a good ten minutes to get a lock from cold.

Re:Short answer: you can't.

[Obfuscant]

It's only a requirement in the US, and it doesn't use GPS.

It is a requirement in the US, but whether it is a requirement anyplace else I don't know, and don't care. For the latter, you're wrong.

GPS would be a waste of time for this, because it would either need to be on all the time

Sorry, wrong again. You can turn a GPS off and it will still find itself when you turn it on later. There is no need for it to be on all the time, just when you dial 911. It isn't the same GPS receiver that the apps use, it's a special chip that doesn't take as long to get a fix. You can read more about it here and here and here. Note that the last link is from 2002 -- 11 years ago.

or only enabled in response to an emergency call and need a good ten minutes to get a lock from cold.

Well, yes it is enabled when you dial 911, but it certainly doesn't require anything like ten minutes to get a fix. If your GPS takes ten minutes to get a fix, then you are using a very very very old GPS unit. The last time I turned my Garmin 60CSx on (two days ago) it had a fix in less than a minute and a good fix in two. That was after sitting idle for six months. Remember, the first part of the problem is getting the time, and cell phones get good time info from the cell system.

Re:Only one way

Thanks Apple, please tell your users how to remove the batteries!
 
WIth a hammer.

Phone tracking is just part of a wide grid

[AHuxley]

Phone tracking was a result of the troubles in Ireland and the NATO/US need for Red trouble makers in 1980's Europe.
Think of an early Cyber Intelligence Sharing and Protection Act (CISPA) hardwired into every generation of phone by default.
Then came GPS, web 2.0, maps and cloud ... your phone is sucking up details about your life as you walk around with/use it.
Stop using your phone other than for family to say hi and ask for help/shopping.
Meet your people/tribe/business associates without a phone and talk face to face or in some other hi tech/no tech way.
Soon a working phone with CCTV (camera pod), facial recognition, 24/7 city wide look down drones, covert LEO in-car cameras will be filling in even more details.
Dont forget the private sector is also doing its part to link all their cameras in too :)
No warrants are needed. Deep extended boarder search, gang area 'random' searches, drink driving tests will all have rows of plate reading cameras, passenger face capture, driver logging, train station federal task forces, anti war mil protest watching... all add up to very deep efforts if you make a list.
All the tech used in 1950's Soviet watching, Vietnam, Iraq is now so cheap, tiny and sold to even the smallest, struggling police forces as federal 'gifts' to help with 'drugs', 'terror' or just as free 'surplus' with never ending private maintenance contracts.
The next big thing will be state level voice print records- no longer the play thing of GCHQ, NSA - expect a fake cell towers in a region of interest to do more than just log calls, numbers and record flagged people - your voice will soon be all that local law enforcement needs on any network.
Swap the phone sim all you want, better stay off the voice too.

Re:Phone tracking is just part of a wide grid

[Gothmolly]

All you did was provide a few concrete examples of the issues the submitter posed, and threw in some buzzwords. How are you remotely Insightful?

Re:Phone tracking is just part of a wide grid

[Bill_the_Engineer]

Actually in the US, mandatory tracking was put into place as part of enhanced 9-1-1. There were a rash of emergencies where the caller couldn't be located in a timely manner (IIRC one was a lady stuck in a car during a blizzard in the midwest). The law required phone companies to be able to give a location within 300m no later than 6 minutes of the request by a public safety answering point (PSAP). Radio location capabilities on the towers and GPS built into phones were a direct result of this law.

What the government did with the data once it became available to them is a different matter.

Re:Phone tracking is just part of a wide grid

[AHuxley]

What can you do? Every message you send if you phone is flagged is logged, every phone connecting to a flagged phone is logged.
When a clean phone connects it is tracked, when a known phone rings out to a clean phone your logged.
So both sides have to swap clean phones details and change phones quickly without infiltration or plea deal along the sim supply line- dealer, courier, contact...
Then you had the "performance monitoring and diagnostic tools" layer added by helpful third parties to hardware that just seemed to log data input as a user keystrokes once enabled that make anything like https useless.
This was 2008 http://www.dailymail.co.uk/news/article-1041011/MI5-launch-spy-sky-UK-manhunt-British-Taliban-fought-Afghanistan.html flying 12,000ft and 15,000ft over a few cities trying to find known voice prints.

Re:Phone tracking is just part of a wide grid

[gl4ss]

blahblahblah.
the made an efficient mobile phone network just so they could fuck with separatists? because the trackability is a byproduct - can't have one without the other.

and if it's "them" the official authorities doing their thing.. they don't actually need fake gsm towers. why the fuck would they? you only need them if you want to go without warrants or asking for authorization... which is pretty much why they should be(and well, they are technically!) banned.

Don't use it.

[complete+loony]

So don't use your cell phone as a cell phone. Buy a pre-paid with no ID (if you can), use the data connection to open a VPN link, use whatever voice and IM protocols you want over the VPN link.

Re:Don't use it.

[gl4ss]

if you use it as a data link they can still see where you are.
if they're really tracking the guy then can deduce which imsi it is that he is carrying with himself with couple of days of surveillance.

of course by that effort they could just slap a transmitter on his car as well.

Re:SOLUTION: DON'T BE A CRIMINAL !!

[DNS-and-BIND]

This is rather disingenuous and attempting to rewrite history to serve an agenda. It's not "free association with people they don't like" when said people urge the overthrow of the U.S. government. Just look at other countries where the government WAS overthrown by the people that McCarthy opposed - China comes to mind.

some thoughts

[wbr1]

As stated you cannot turn off the transmitter and have the network be able to reach your phone. However you can get a smartphone with good custom rom and kernal support. Then you can build your own kernal and be sure it has a real gps switch. You may also be able to implement filtering of the network stack bit iirc, the radio section is often a binary blob. Find a phone where you can code all thos and you may have a popular product.

Re:some thoughts

[tgeek]

. . . . Find a phone where you can code all thos and you may have a popular product.

Or you may get free room and board in Guantanamo for an undefined period of time . . .

GPS is not the issue.

[thegarbz]

Even with GPS disabled or if your phone doesn't have GPS, cell triangulation allows for a reasonably accurate position of the phone. In urban areas this works well, in rural areas less so but still enough to provide someone with potentially useful information. This is a function of the cell phone network and not the GPS of your phone.

Re:GPS is not the issue.

[SternisheFan]

Even with GPS disabled or if your phone doesn't have GPS, cell triangulation allows for a reasonably accurate position of the phone. In urban areas this works well, in rural areas less so but still enough to provide someone with potentially useful information. This is a function of the cell phone network and not the GPS of your phone.

Location by using cell tower triangulation can be off by as much as 10 miles.

Re:GPS is not the issue.

[DontScotty]

If you are only using one tower - sure...

--------
  The tower can also measure how long it takes to get a response from your phone, and use that to estimate how far away you are. That puts you on the edge of a circle that distance from the tower.

Usually your phone can be heard by multiple cell towers. If two can hear you, then you're on the edge of each of 2 circles, and two circles can only meet at 2 points, so you must be at one of those 2 points.

If a third tower can hear you, its circle can only meet the others at one point, so there you are.

Emergency services (like 911) can get this information from the cell towers. The information exists whenever your phone is on and in range of a tower, whether you're making a call or not. The information is not meant to be publicly accessible.

Re:GPS is not the issue.

[RabidReindeer]

The actual process is called "trilateration", if I haven't botched the spelling. Sprint was claiming 1000 meter accuracy minimum.

If you can't get at least 3 towers, you have to fall back to less accurate options. I'm not sure if the 2-tower approach is employed or whether they simply take the easy way out and look for the tower with the strongest signal. I suppose it depends on provider and local equipment.

Re:GPS is not the issue.

[AHuxley]

Re much as 10 miles.
With logs, a good security system in place and pro police level tech skills - you can get that down to streets, cars.
http://www.slate.com/articles/news_and_politics/war_stories/2006/07/italys_watergate.html showed in open court what good team can do with cell information.

Re:GPS is not the issue.

[OldSport]

And it can be pretty damn accurate, too. Older iPhones didn't have GPS and relied on trilateration to navigate in map applications, and I remember it being surprisingly accurate.

Re:GPS is not the issue.

[sunderland56]

Suppose you hacked the GPS software stack to fake your location - e.g. shift it northeast by 50 miles. Would the various location-finding services use the GPS location, or the triangulated radio tower one? Or, would the software notice the discrepancy?

Re:GPS is not the issue.

[SternisheFan]

2 years back I got a call from a 'friend' one morning on the 'feature phone' I owned then, and he asked me with a suspicious tone to his voice, "Uh, ... where are you?" I told him at my local library, and he hesitates, as if he's doing something else at the moment. Later on I learned why, that guy had a black market phone signal tracking program (that was given to him) running on his home computer. Not being a very computer literate person, I later realized that when he hesitated, he was really trying to understand why where I claimed to be wasn't where his program said I was, because there weren't enough towers available at that location to get a proper lock on the phone's location.

That one phone conversation was what began me googling for information about cell phone tracking, until then I was ignorant of this technology. Less than $50 and some googling for sites to download the program from is all that's needed to track a phone. Enter the phone number into such a program and a map will appear on the screen with the phone's location clearly displayed. It's an easy way to invade someone's privacy, and in my opinion it's done by people who are without a clearly defined sense of proper morality. That's rather a sad reflection on those who do track others just because they can, but what can a person do to prevent it from being done? It's a sad fact of living life in today's modern, tech-filled world.

Re:GPS is not the issue.

[thegarbz]

Most android phones have a feature to "allow mock locations". This allows programs special access to write location data to the phone and is how some bluetooth GPS receiver apps work. This is a godsend for my original Galaxy S with it's crap GPS receiver which doesn't work in the car. I use an external bluetooth serial GPS unit for navigation.

I don't think software is smart enough to notice a discrepancy between cell location and GPS location as it would have to make some risky assumptions on where you are. In my home cell location is accurate to about 100m, yet last time I went camping on an island off the coast the only tower I got a signal from (1 bar in good weather mind you) was about 40km away on the mainland. Location services reported me within about 1km of that tower (way wrong) and my phone showed that was the only tower it could talk to.

OFF pocket

[Simon+Brooke]

Curiously enough I saw an idea to solve this problem this morning. It's a small bag lined with material opaque to radio waves (possibly lead foil or barium, I don't know). Whether this particular implementation works or is a tin-foil beanie, again I don't know. But the concept seems to me good. With modern phones like iPhones or my HTC One, the battery is non-removable, so it isn't easy for the user to verify that all radio transmission is in fact shut down - there could still be things like, for example, passive RFID. But if you had a radio-opaque bag in which you kept your phone, you could have a phone with you in case of emergencies, without the possibility of being tracked except when you were actively using it.

Re:OFF pocket

[egcagrac0]

See also this fine product on offer.

Bruce Schneier says we've already lost

[wild_berry]

http://www.schneier.com/blog/archives/2013/03/our_internet_su.html

But... if I were going to try and confound the system which can correlate almost all of your electronic records, you'd need to have a rolling list of sock-puppets who supply proxy identifying information to the cell towers. You'd need to have a bundle of SIM cards in the handset to do this, or to have electronics which fake the same data. Then, to make sure you can actually be contacted, you need to have a call redirection system sending you SIP calls (though if you're designing the hardware for this, you can encrypt the data streams carrying your voice over the existing cell transports - note that Skype may be encrypted but we don't know how well or who has a back door key). To avoid that being a single point of obfuscation failure, it probably needs to be a distributed network of TOR-like relays across hardware and cloud providers, and even then, it will probably need to be steganographically hidden in ordinary-looking traffic.

Not impossible, but still a pipe-dream since 1993.

Re:Bruce Schneier says we've already lost

[BrokenHalo]

note that Skype may be encrypted but we don't know how well or who has a back door key

Nobody needs a back door key for Skype. If "they" know who they're looking for, chances are they will also know your Skype ID, so they only have to either buy a skype resolver (google that for yourself) or roll their own from an older (5.something) version of skype. That will give an IP address that should give some idea of a physical location.

Sure, Tor might be useful if you can cope with the latency, but (unless I'm completely off-beam) I can't see the P2P nature of Skype working very usefully with that. A vanilla SIP client might work though, provided that you aren't so silly as to attach a dial-in number to the service.

Of course, this is all fairly academic as far as i am concerned. Anyone listening in to my phone conversations is in for a very boring time. But if I had something to say to someone that must go no further, the safest way to do so is in person. At a nudist beach.

Re:Bruce Schneier says we've already lost

[BrokenHalo]

Apologies for the solecism of replying to my own post, but just to clarify...

My facetious remark about nudist beaches might not work if you happen to be an AK-47-wielding member of the Taliban in your customary work attire. Whereas I, as a 50-something white male would probably fit in all too well, and for the worst reasons... :-/

Re:Bruce Schneier says we've already lost

[Thor+Ablestar]

I have heard about mesh networks, for instance, B.A.T.M.A.N. or Netsukuku. You just need a mesh network to GSM gate that impersonates your phone and sends the calls via the mesh to the endpoint router with VoIP gate. It's quite difficult to trace the mesh but all this project needs at least tens of paranoiacs around the city that keep the mesh routers up and running.

GSM Module

[Thor+Ablestar]

For the REALLY paranoid geek I have a variant. There are lots of GSM modules that are intended for installation in some equipment. They need some power source, keyboard and microphone to operate. You may use something like the simplest PIC controller for keyboard and microphone control and be sure that unless you explicitly turn the microphone on it will be off.

It will still be a beacon, but you can invent some countermeasures, too. Your controller can detect the transmission and duly warn you if it finds something suspicious, for instance, long transmission without calls. If you are STILL overparanoid you may add a GPS device that will just turn the phone off while in zones where you don't want to be tracked.

Stationary GSM module with WiFi link to your real phone (or to your second secret GSM phone) is to be added according to taste.

Re:HAM radio?

[DKlineburg]

I had a ham radio, but we ate it at Easter lunch. I don't know why my grandma insisted in carving the ham to look like a radio; but it was her house.

I have it.

[BrokenHalo]

I am in a position to offer a perfect solution. Just move to rural Australia and move your phone contract to Telstra. They are so fucking incompetent, nobody will ever succeed in tracking you.

The only downside is that you won't be able to make phone calls either. :-/

Re:I have it.

[Benaiah]

How about, you use a phone with a prepaid data plan only. THen you connect your phone on your data plan to your home server via VPN. Then your home server routes your traffic through TOR or something. Your friends can gchat you, skype call, whatever voip/ims service you chose to use and no one should be able to track you because your number is just a throw away prepaid.

Re:I have it.

But your number is the same throw-away prepaid all the time, so once they do identify it (e.g. short range RF surveillance of your home or vehicle, or with physical access just opening the back and reading the IMEI in the battery compartment), they can track you just as easy as anyone else.

Re:I have it.

[Sentrion]

Trying to make yourself untraceable while still using modern technology is not an easy task. People have thought that they could avoid being tracked by buying an item with cash, but there are numerous cases of store security cameras recording purchases at the checkout counter and these images used to identify the culprets of a variety of alleged offenses. Combined with facial recognition software and the increasing cross-linkage of databases, such as photos from your driver's license or passport; combined with the fact that your face is probably online somewhere, such as your own Facebook page, or your friend's Facebook page if you avoid using facebook, or Flickr, or one of hundreds of image intensive online depositories, it is only a matter of time and effort to track you down. Even using a laptop you bought a garage sale and public wifi can't guarantee anonymity since surveilance cameras can show you within the vicinity of the wifi hotspot at the time of a particular event - such has already been used to identify "cyber-crooks" on more than one occasion.

Best defense is security by obscurity - don't do anything that will make you a target. If for sure you are going to be a target, then I'm not sure what will help you. If you try to live in some remote area with no technology at all, chances are people will be talking about you for miles around where you set up camp. "Ya, he's the guy living in the middle of that forest with nothing but a cabin and messenger pigeons."

Re:I have it.

[OhHellWithIt]

Using TOR via an unsecured or hacked WLAN router seems to be quite secure, in my opinion. You can easily extend the range of your WLAN atenna by a factor of 10 via a "Cantenna" (dead simple, gooogle it). So, your post is full of paranoid hyperbole.

Didn't Osama bin Laden try a variant of the carrier pigeon method? It seems to me is the best thing is to not do anything that makes them that interested in you to begin with.

Re:I have it.

[tehcyder]

Something I've always wondered about people like you is whether you're genuinely paranoid, or just like playing at it. The danger is that if you pretend to be mad for too long, you end up going mad anyway.

Re: Buy a phone that turns off

[tautauthebear]

Those are way too expensive

Re:SOLUTION: DON'T BE A CRIMINAL !!

[peragrin]

Two points.

1 :) if the authorities waited until after you commit a crime then people complain that they should have stopped it. if the USA had definite proof of the September 11th attacks and knew who want where and when but the perpetrators hadn't committed an actual crime until they hijacked the planes, at what point should they have been stopped? after hijacking the planes? how about after they flew them into the buildings?

2:)Organizations that protest the government are generally the ones that might shift into violence and actually try it. You can't watch everyone all the time so you watch the ones that are most likely to do something. It is a relatively short jump from peaceful protest to full on riot. you already have the people in place, and have them angry about something. all you need is the right spark to set them off.

Bullshit - mind control circuit

[Overzeetop]

That's what that battery is for - the mind control circuit. It's the only way they're keeping the people in line.

What most people don't know is that *that* is why there's a battery in your computer too! It has nothing to do with the stupid clock. The clock doesn't need the battery! You've seen the ones that work with a potato - that's proof enough that a clock doesn't need a battery. No, they have the computers programmed to reset your clock and bios after a short timeout to make you THINK you need that for the clock. And all you weak-minded losers fell for it, and the mind control circuit just keeps you believing that you need that battery.

Don't you miss the days...

[Overzeetop]

...when they just turned the border pink and we talked about... OMG Ponies!

Ask Slashdot?

[Fnord666]

As I have mentioned before:

Dear Editors,

There is an 'Ask Slashdot' section for a reason. Please use it!

Thanks.

Fnord666

PS Putting "Ask Slashdot" in the title doesn't do it.

Re:SOLUTION: DON'T BE A CRIMINAL !!

This is rather disingenuous and attempting to rewrite history to serve an agenda. It's not "free association with people they don't like" when said people urge the overthrow of the U.S. government. Just look at other countries where the government WAS overthrown by the people that McCarthy opposed - China comes to mind.

SERIOUSLY ??? The people that McCarthy chased were not the same people that were behind the cultural revolution in China, those were mainly chinese people.
There was never any measurable movement in the US to overthrow the government and establish a communist regime. Most people who were investigated under McCarthyism were only guilty of having opinions different from the average american.

Re:HAM radio?

[egcagrac0]

Totally useful if you're more than say 50 miles from home.

If you're less than 50 miles from home, they know where you are anyway, and can triangulate your position.

Which autopatch are you suggesting that can answer a ringing line?

Staying ahead

[pittaxx]

It's rather easy. All you have to do is leave your phone on the back seat of your car. If you want to go to the greater lengths, you might want to consider a trailer, or possibly a train.

Faraday Cages Work.

[BoRegardless]

Both ways. RF can't cross the cage either direction.

Re:HAM radio?

[Bill_the_Engineer]

Before cell phones were cheap and everywhere, we had a large community of HAM operators who used our local 2m repeater to make short personal phone calls. It wasn't that hard to implement, just a DTMF decoder and a POTS interface board. We had improved capabilities once we replaced the repeater controller with a newer one that had this functionality built in. We were able to not only use DTMF tones to make phone calls, but to also patch into a network of linked 2m repeaters to converse with other HAMs throughout the state using VHF.

Re:HAM radio?

[SuricouRaven]

This will vary by country, but in the US it is prohibited to transmit an encrypted message on the HAM or amateur bands. FCC rules, Sec. 97.113: " No amateur station shall transmit: ... messages encoded for the purpose of obscuring their meaning."

http://www.w5yi.org/page.php?id=121

Re:SOLUTION: DON'T BE A CRIMINAL !!

[SuricouRaven]

Not even that. It varies by country, but generally there is a law requiring network operators to track anyone and everyone, and store the tracking information along with call and SMS records for a period ranging from six months to many years, so that if the government does have a reason to track you they can do it retroactively. Obviously something immensely useful to law enforcement (Pull the murder victim's phone records, discover his secret mistress), but still something that can potentially be very easily abused.

Don't carry a cellphone?

[argStyopa]

Seriously, if you're that paranoid about being traced, why even carry a cellphone?

Essentially, if you're going to turn off all the functions that allow connectivity, and disable the phone enough that you're *pretty sure* that you can't be traced, why are you even carrying it? It's going to be a non-functional pile of circuitry in your pocket, basically. If you're that concerned, then any time you turn it on you might be being traced, even if the radio function is allegedly "off".

I guess if you want to be able to call out in case of emergency, just buy a one-time phone and DON'T USE IT UNTIL YOU NEED TO. Then throw it away.

Re:Don't carry a cellphone?

[argStyopa]

I have a palm titanium 3 or whatever the hell it's called, I'd be HAPPY to sell it to him.

My solution

[fishthegeek]

My solution is to stay a Sprint subscriber, that way I am never near any towers and if I see more than 2 bars I know the FBI is close.

Removable battery

[gweihir]

The only really secure way to turn of a smartphone is to remove the battery. Get one where you can do that or mod it with a switch.

New plan

[Fuzi719]

As part of the new KGB-Plus service available as an option on many plans, the wireless provider can have genetically modified carrier pigeons enhanced with bloodhound DNA find and alert you anywhere in a growing number of metro areas. The specially-trained pigeons will carry a coded message that only you will understand to tell you to turn on your phone and prepare for an incoming call or text message, or to seek a safe house/shelter should your identity and location be discovered by unknown forces.

Re:Ferrite Beads

[SternisheFan]

I believe that if your phone is on and in a frequency blocking bag, the battery will drain faster than normal, since the phone is now emiiting a more powerful signal trying to locate a tower.

Re:HAM radio?

[CohibaVancouver]

We were able to not only use DTMF tones to make phone calls, but to also patch into a network of linked 2m repeaters to converse with other HAMs throughout the state using VHF.

Kids today wanna send text messages.

RMS sez...

[storkus]

This is a complete quote from the relevant section of http://stallman.org/rms-lifestyle.html

Cellular Phones

        I refuse to have a cell phone because they are tracking and surveillance devices. They all enable the phone system to record where the user goes, and many (perhaps all) can be remotely converted into listening devices.

        In addition, most of them are computers with nonfree software installed. Even if they don't allow the user to replace the software, someone else can replace it remotely. Since the software can be changed, we cannot regard it as equivalent to a circuit. A machine that allows installation of software is a computer, and computers should run free software.

        When I need to call someone, I ask someone nearby to let me make a call.

As a ham radio operator myself, reading some on GSM and other standards, a little on OpenBTS, and what the military (especially black ops like CIA) have done in these kinds of situations, I think I can reliably state this:

1. *ANY* radio transmission can be tracked to its source. If your phone on, it can be triangulated automagically by the base stations around you, although modern E-911 compliant ones also assist in this. In addition, the TIMING can be used to trace your distance from even one cell site (think latency/ping), so you can get a radius (similar to GPS, if I've read right).

2. The only way not to be tracked in this fashion is to turn off all radio transmitters on your person or nearby that can be associated with you. This includes wifi and can even include bluetooth in radio-quiet locations. Bear in mind you can fingerprint individual transmitters, to the point there are commercial transmitter fingerprint readers readily available: these are usually used when dealing with jammers, but you can track anyone with these.

3. None of this precludes them putting an active tracking device in your phone (I've read the battery can be replaced with a smaller one with a device included), your car, jacket, etc. These were being done during the cold war; the only difference is that you can buy them online now! And don't even get started on passive methods like lasers-on-the-windows, Van Eck, etc.

4. Jamming just keeps you from making calls: your radio can't hear the base. The base can still hear you just fine (under normal circumstances).

The bottom line: you'd have to do like RMS does and not carry one...though I wonder how useful that is since his entourage probably are loaded with them!

Re:HAM radio?

[GameboyRMH]

To work around all the problems the sibling posters pointed out, maybe just use a PC with a POTS interface and then connect the phone to that with IAX through an SSH tunnel. You'd have to bum off free wifi though and keep changing your mac address so you can't be tracked.

Break the habit

[the+eric+conspiracy]

Don't carry a cell phone with you unless you think you will actually need it. Leave it at home most of the time. Lend it to a friend to establish an alibi.

And when you are in a situation where you don't want to be tracked but still want the phone around in case of emergencies take the battery out. If you are handy with a soldering iron make an external kill switch. Also try experiments with a RF blocking bag to see what the effect on battery life is with your phone. Consider having spare batteries.

It wasn't that long ago when most people didn't have these devices. Really, they aren't particularly necessary for daily life.

Also put your EZPass transponder in the foil bag instead of leaving it on your dash all the time. Especially when you are doing something that you don't want coming out during divorce proceedings.

Re:SOLUTION: DON'T BE A CRIMINAL !!

[CohibaVancouver]

lazy crime fighting agencies

It's not just laziness - It's financial constraints. The US citizenry has made it clear to the government that there must be no taxes evernever (except when it comes to aircraft carriers and F-35s, then you can spend like a drunk sailor). You can't expect law enforcement to hire skilled investigators to run long programs but not fund them - So they're forced to take shortcuts.

Re:Get a pager

[CohibaVancouver]

Pagers are receive-only

True - But if you watch season 1 of "The Wire" (great show, BTW) you'll see a tale about how the police track dealers based on their patterns around pager usage.

I don't think you can avoid being tracked

[mark_reh]

if you have a phone. What would be really neato is if the people who make ROMs for Android phones could build in something that strips off location data or even allows ID spoofing.

For legal purposes, I think the police would have to prove that the phone was in your possession if they wanted to use tracking data against you in court, and likewise if you wanted to use it to defend yourself you'd have to prove you were in possession of the phone at the time the location data in question was generated. I don't know how easy that would be unless you were texting photos of yourself...

Re:here's a thought

[GameboyRMH]

They wouldn't get your call records or contents but the location tracking would work just as before.

Avoiding tracking has been patented (yes, really)

[frinkster]

US Patent 7751826 - Motorola submitted the patent in 2002, it was issued in 2010:

US Patent 7,751,826

The Federal Communications Commission (FCC) has mandated that, by December 2002, all cellular telephone carriers must market handsets capable of providing an emergency locator service. This emergency locator service, known as E911, will enable personnel at the public safety answering point (PSAP) to pinpoint the location of a cellular telephone user dialing 911. This FCC mandate further requires that the user not be able to override the emergency locator service in the case of a 911 emergency call.

This technology has raised public concern that, in addition to being used for emergency location, the locator service may be used by cellular carriers or by others to track the movements of cell phone users without their consent. There is therefore a need for a system that complies with the FCC mandate for location service while providing maximum privacy protection for cell phone users.

The invention overcoming these and other problems in the art relates in one regard to a system and method for selectively activating or deactivating E911 tracking service, in an embodiment by disabling power to GPS locator circuitry in a cellular telephone until the key sequence "9-1-1-Send" is detected. In one embodiment, the power to the GPS circuitry in a cellular handset may be activated by detection of a keypad sequence and the rotation of a physical switch to permit power delivery. When the handset detects the key sequence "9-1-1" it may output a signal that loads the switch into a "ready" position. When the user presses the "Send" button, the switch closes, enabling power to be delivered to the GPS circuitry. In other embodiments, the selective delivery of power may be controlled by software.

Motorola has been building phones for more than a decade in which the GPS circuitry is physically separated from electrical power until the user does something that causes it to be connected. This obviously doesn't help you if your phone has been hacked or modified and it doesn't help you avoid network triangulation, but it makes you wonder how all these supposed experts know all about the "dangers" of cell phones without having done much research or talking to the people who actually made the phones (you know, the inventors of patents are listed on the patents).

Here's one idea

[sacrilicious]

Write (or wait for someone like me to write) software for your phone that has the following modes:

• *Disabled. Phone behaves as normal. This is the mode to have it in when you're carrying your phone around and -- for whatever reasons -- you don't care about being tracked that particular day.
• *Enabled. In this mode you leave your phone at home, or at your office, or in the possession of some friend. In this mode, your phone will responds to all incoming calls and texts by optionally either sending text messages to some other number, or emails to an account, or posting info on a website (or some combination thereof).

Example use cases:

• *Alice is running this software, and has left her phone at home. Bob calls Alice, gets her voicemail, leaves a message. Alice's phone sends Alice an email (optionally encrypted) which contains the number from which she was called. Alice dials into her voicemail using her office phone system, then dials Bob back from that same office phone and continues talking with him.
• *Alice gets a text from Bob. Alice's phone sends email to Alice with the text message (optionally scrambled/encrypted), or relays the text message to an anonymous disposable phone Alice is carrying (again optionally scrambled). Alice either calls Bob from her anon phone or some desk phone, or text him back from her anon phone, or texts her home cell phone (the one at home running the software) with a response for Bob, which the home phone then texts onwards to Bob.
• *Midday, Alice decides she's like calls to ring through to her desk phone. She sends a text to her cell at home instructing it to switch modes so that it now forwards calls to her desk phone. Alternate ways of informing the home cellphone of the need to switch modes could include posting key info on a web that the home phone polls, or sending an email that the home phone pays attention to.

And *poof*... you are off the grid.

Re:Only one way

[dwye]

"Only One Way" is false. Putting the phone in a Faraday cage also works. Actually, just use a steel lunchbox.

It might also work if you wrap the phone in a couple sheets of aluminum foil, but I haven't tried that to confirm it. Just make sure that any external antenna doesn't tear through.

Faraday cage

[moonwatcher2001]

Put your phone in an aluminum foil pouch. (See Faraday cage) Take it out to check messages/make calls.

Gene Hackman tought me...

[big_oaf]

All you need is an empty potato chip bag.

Re:Avoiding tracking has been patented (yes, reall

[YoopDaDum]

Not very useful. You don't need for the device to provide its location with GPS, the network can deduce it with no specific device support (except complying with the cellular standard for replying to the network pages and request for cells measurements). Google "RF pattern matching": it's 100% network side, and is more accurate than GPS in urban and semi-urban locations so cutting the GPS won't help at all here (and most people live in such environments nowadays). RF pattern matching is already deployed in some 2G/3G networks, and is currently being specified for future LTE evolutions.

In rural environments using the device GPS is still the most accurate method, but even then the network can provide a reasonable location estimation based on the device reporting the receive power of its serving and surrounding cells (a standard function, which is used to drive handover). And cellular networks do support this as not all devices have GPS.

Re:Cool conspiracy story, bro.

[SternisheFan]

When I went on the guy's computer I saw & ran the program.

Re:SOLUTION: DON'T BE A CRIMINAL !!

[ub3r+n3u7r4l1st]

by misrepresenting yourself as AC you have just violated the CFAA, a felony.

TX indicator?

[jasno]

I wonder how feasible it would be to come up with a small field-strength indicator that at least lets you know if your phone is transmitting significant amounts of data when you don't expect it to. It's not too hard to construct such a device with older, modulated-carrier type radios, but it might be more difficult with a CDMA or other wide-spectrum device. Also it would be prone to false detection of other nearby cellphone radios. However I think it's your best bet for taming a commercial cell fone.

Then again it is easily thwarted by an app which stores compressed audio/location data on the fone and bulk uploads it whenever other traffic is occurring.

Measuring power draw of the battery might tell you if something is running when the phone is 'off'. It won't help you if the spying app is only active under normal operation, however.

As I'm sure many others have said, you could use pre-paid phones and recycle them every so often. Then again it may be pretty easy to identify you based solely on the people you call with that phone, along with other biometric information(voice indentification, for instance).

I think we're all going to have to get used to being tracked, scanned, inspected, detected and infected. What we should be doing is establishing a legal framework that offers us clear protections and a method of redress when our rights are violated. I think we're entering this new era blind - most Americans and even government officials can't even comprehend what's coming or what is already here.

We live in an age when most people don't have a clue why the bill of rights exists as it does, so the chances of success are not good.

Re:HAM radio?

[plover]

Pro tip: Your point seems less false when you don't try to pass the same URL off as three different references. :-)

BTW, I attended Chris' presentation at DEFCON 18, and while he showed us all just how quickly so many of the phones in the room believed his fake tower, he never did demonstrate the actual interception of a phone call in front of the audience. I think the FCC and FBI were chilling his effect a bit that day. That said, I don't doubt for a minute that everything he discussed was entirely possible.

If you're really interested in seeing how far the concept can be taken, search Google for "Harris Stingray", and read a few of the news articles. Let's just say that Chris is not alone in his understanding of hacking the cellular protocols.

Faraday Cage?

[rbrander]

I wasn't tops in physics, but the lecture on Faraday cages really stuck with me - no ifs ands, or buts about how it completely separates the inside from outside electromagnetic worlds. So rather than running around pulling out batteries or modifying your phone, what's so hard about a metal phone case?

You may not need a tinfoil hat, but a tinfoil pouch may not be paranoid...

Re:Faraday Cage?

[Mr.+Protocol]

This is exactly right. Turn off your phone, and put it in one of those RFID-proof containers, and it doesn't matter if spooks have modified it or not. Write off all incoming texts or calls, of course.

Faraday

[gmclapp]

Instead of modifying your phone, turning it off, taking the battery out etc. you could build a mini Faraday cage. put the phone in there whenever it's not in use. :) When people ask about it tell them you've had issues with your phone running away.

Re:here's a thought

[wiredlogic]

After the electricity supply, security forces and tracking technology are the things least likely to work reliably

That strategy didn't work out so well for a lot of Taliban and Al Qaeda members.

Re:Avoiding tracking has been patented (yes, reall

[wiredlogic]

That feature is for power conservation not user security. Many such phones keep the GPS off until an emergency call is made to extend battery life.

For the paranoids out there there is a very real possibility of your phone receiving an "update" that hides the fact that your GPS is transmitting your location. And as the other poster stated, even without GPS, your location can still be approximated from your phones normal interactions with the local cell towers.

Tower Triangulation does not often happen

Multiple tower triangulation, which seems so obvious, is quite difficult to implement, and is rarely done. Here's why:
  - if you're fairly close to a tower, then other towers are unlikely to hear you. (This is by design: cell phone towers are designed to minimize overlap in coverage, so as to maximize frequency re-use over a geographic region)
- Those times when you are in range of multiple antennas (LTE people call these e-nodeBs), it's your cellphone that keeps track of the strengths of the neighboring e-nodeBs. This list of signal strengths and interference levels is not sent out from your cellphone unless a handover between enb's is about to happen.
- communications between a cellphone and a tower is not by a single carrier, but rather using a large number of discrete frequencies (for LTE, it's orthogonal frequency division multiplex). This type of modulation is designed to resist fading and interference, but is extremely difficult to triangulate, because the databits are spread over many symbols)

Most common localization of a cellphone uses a single tower. Simply knowing the antenna that you're connected through localizes you to a sector (of about 60 to 120 degrees in angle by about 1Km to 10Km in radius). The cellphone operator's Mobility Management Entity keeps track of this in real time, so as to route your calls, forward messages, and page your cellphone. Of course, this is several square kilometers, but it's possible to do much better:

Better single-tower geolocation takes advantage of every cellphone's being kept in tight time-synchronization with the clock in the tower's enb, using "Timing Advance". The Timing Advance method, in theory, can determine the distance of your cellphone to the tower within about 150 meters, but typically an operator gets 300 to 400 meters rms. This is a radial distance from the tower to your cellphone. The azimuthal location is coarsely determined by the sectorization of the tower: most cellphone towers have 3 to 6 enodeb antennas, and so can localize within 120 to 60 degrees in azimuth. And so, in general, you can be geolocated within an annulus: it's about 300 meters in radial distance from the tower, and about 60 to 120 degrees in azimuth. A fairly big territory: probably a football field or three. These systems are very useful for locating network problems, but cannot determine your location to better than a couple hundred meters.

A few systems can improve on this. For example, Newfield Wireless has developed a high resolution method of single-tower localization, apparently using enodeB timing data combined with local geographic information. But I'd be surprised if this results in better than 50 meter resolution.

Short version: Cellphone triangulation will not track you. Single tower tracking systems can yield coarse tracking.

A Low Tech Approach - Hide in the Crowd

[Ken+McE]

Buy a disposable phone. Use it for a few months, wipe its internal memory & associated voice mail box, then abandon it where you think it might get adopted. You will always have a phone, but searching for your records becomes difficult, your past becomes plausibly deniable. If you are currently under active surveillance this will probably open up delays in the tracking each time you change over before they catch up. It is not impossible to backtrack you, but the difficulty and expense of tracking go up with each change, and the reliability of the results goes down. Rather than being a crisp and clear ten year history in their records you become a blur. Is this Samzenpus?, what about that? This sort of looks like him, but what about these ones?

This setup lets you always be able to dial out, but will eventually weary your friends who don't know what number you are now. You might want to do something else for a receiving number.

You probably have a core "fingerprint" of usage that is identifiably you, but it may resemble the fingerprint of people who run in your social circle. Mix things up a little. With each new phone add a new group of numbers unrelated to the other phones. Let's say phone #1 calls a cluster of sports related numbers, # 2 local civic groups, #3 bars, taxis, and liquor stores, etc. Call them a few times with honest questions. Let the watchers burn through their budget finding out who all these new d@#mn numbers are.

It doesn't work that way

[sjames]

If your radio is off, it won't check in with the tower. If no tower has seen you, you won't be getting any SMS messages or voice calls.