Ask Slashdot: How To Stay Ahead of Phone Tracking ?

An anonymous reader writes "In the last few years there has been a significant upsurge in subverting the cellular network for law enforcement purposes. Besides old school tapping, phones are have become the ideal informant: they can report a fairly accurate location and can be remotely turned into covert listening devices. This is often done without a warrant. How can I default the RF transmitter to off, be notified when the network is paging my IMSI and manually re-enable it (or not) if I opt to acknowledge the incoming call or SMS? How do I prevent GPS data from ever being gathered or sent ?"

Don't carry one

[siddesu]

As you know, they can track you even when the device is off, unless you've taken the battery out.

Re:Don't carry one

i have taken apart a "donated" huawei ascend2 earlier this year and found small watch type batteries hard wired (soldered) on to the circuit board
they were very small , 2 in quantity and were 3 volts each i dont know what they are used for other than to power the device even with the battery out
its amazing how few chips were in this devithe whole board had like three or four chips a couple of speakers and a couple of mikes and the sdcards
when i opened it i expected it to be jam packed full of components but the manufacturer really has done wonders with the SoC tehnology
TL/DR even without the battery inserted that phone has some functions that i was unable to determine what they are

Re:Don't carry one

[gomiam]

Not to raise your paranoia, but your "dumb" phone isn't as dumb as you think it is. While it is acting as cell phone it needs to keep the towers appraised of its location so you can receive calls and it can roam from one cell to the next.

Re:Don't carry one

It's called a real-time clock. Your computer has one. A builtin battery too.

Re:Don't carry one

[vux984]

As you know, they can track you even when the device is off, unless you've taken the battery out.

I don't dispute it's possible that the phone while 'off' is simply in standby and pops on now and again to ping the network.

But.. if so, why does my Galaxy S3 take 10+ seconds to 'boot up' after it's been turned off, and then another 5-10 seconds before it has service?

There might be some phone out there that is 'always on'... but is there actually one? More than one? Is it actually common?

This seems more 'urban ledgend' / paranoia then real -- the sort of paranoia where you think the NSA has installed a rootkit to simulate your phone shutdown sequence when you turn it off while it remains transmitting. Possible, theoretically? Sure.

But then what makes you think taking the battery out will work? The NSA inserted a secondary battery with enough juice to keep tracking you for days even when the battery is out. Better put the phone into your pocket faraday cage...

And take a shower and change your clothes to rinse off the micro RFID they hid in the dirt on your shoe and are tracking with a satellite equipped with some sort of super pringles antenna...

I think my Galaxy S3 is off when I turn it off. I'm prepared to be educated that it really isn't, but I need more than some handwaving or links to rumors on some guys dubious blog.

Re:Don't carry one

[DKlineburg]

maybe not so? See article about your habits being unique and identifiable here on /.

Re:Don't carry one

[FrkyD]

Well, we have known for quite some time that is is not just possible to use your dumb phone as a roving bug while it is turned off, but that it has actually been done.

http://news.cnet.com/2100-1029-6140191.html

So even though you sound a bit (albeit justifiably) paranoid, you might not be paranoid enough.

Re:Don't carry one

[MightyYar]

Yeah, it would be awesome if your phone lost all settings every time it ran out of battery :)

Re:Don't carry one

[gl4ss]

the article describes a technique in which the phone is NOT turned off but instead is hacked to _place a call_. that sounds suspect technique, actually, even if some razrs have hackable firmwares. you could keep it next to a radio to notice that something is up - and this would be an undertaking to essentially rewrite the entire firmware of the phone better than what motorola could - while retaining all the stock functionality. it sounds very, very james bond spy shit - bordering on being plausable as just FUD(don't even try to find the bugs!).

another part of the article describes another technique, "prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware.". that phrase sounds actually like actually placing a bug on the phone which is definitely not a new technique nor a surprising technique at all - instead it's a cold war era technique. But this would work while the phone is turned off - However it would be just a bug attached to the phone in essence.

Re:Don't carry one

[hAckz0r]

I think my Galaxy S3 is off when I turn it off.

That switch that you use to turn your phone off is nothing but a sensor switch. Its not a physical on/off switch disconnecting the battery from the phone circuits. When you press it, the OS on the phone is programmed to start shutting down certain circuits within the phone. It keeps other circuits powered up so that it can sense that same switch to bring the phone back up to its normal powered state.

That being said, someone can reprogram the phone to 'look like' its powered off. It can still be recording audio/video to the local memory, or whatever it wants to, and even use the transmitter periodically without being noticed by the owner.

The phone can be reprogrammed fairly easily by someone who gains control of the device. How easy is that? I've seen a demonstration by an expert that took all but 15 seconds to have root on a popular phone. All that was needed was an IP address of the data connection for the handset. In an instant they had the equivalent of ftp and could have done anything on that phone, including staging a boot loader/update waiting for the next time you cycled the phone's OS.

For someone who has the power of the courts behind them, they can easily have the phone company push an update out to the phone to do the same thing. Nobody needs to hack your phone, and they can then completely control the outward appearance of the devise without you knowing anything about it.

Other than having an RF monitor next to the phone you likely won't be able to detect it. A small RF monitor can be purchased and hacked to add a audible warning if the phone becomes active, if you are the tin foil hat type. Otherwise, if the phone is active and uses the network the battery will get slightly warm, even when turned off, so you might be able to tell that way. A cheap way to tell is a liquid crystal temperature strip adhered to the outside case where the battery compartment is. This is also a help if your phone has a battery drainage problem with certain apps, because it will tell you when the battery is being drained, and how quickly, for whatever reason.

Re:Don't carry one

[Electricity+Likes+Me]

If you really want to track someone, it's usually way easier to steal and modify their phone, or modify a replica phone and download their phone to that one.

There are a lot of high-tech surveillance techniques, but they're just really kind of hard to do compared to the simple stuff.

Re:Don't carry one

It is about 30-80 seconds. What? Work with embedded radios... Quicker if you have a chipset that keeps some info around in flash.

Believe it or not the modem is just that, a modem. It has an AT command set even hanging off an internal 'com port'. You 'dial' a number just like the old acoustic modems (atdt). You just ate 3-6 seconds there. Time for the modem to find the local towers (and there is almost always more than one). Set up the connection to the tower... Newer ones have a PPP session to setup as well before they will even let you make a call. That takes time for the authentication and radius setup.

You can get it to go faster but you have to be in the right conditions and have a *very* well written stack. Most stacks are 20+ years old now with tons of diagnostic cruft. The books that describe these things are 2+ inches thick. They work but have to work in a cell network that is just as old in all conditions. So they have a very well defined setup procedure.

Also to the original poster. The tower does not 'know' where you are unless your phone transmits. ALL phones transmit. They have to. Otherwise they are not part of the cell network. Otherwise walking/running/driving from one cell to another would not work. Or do you think when someone calls you it lights up every tower in the area? Older networks did just that. But it worked for some types of messages and quickly was swamped with any sort of volume. But newer ones are all switched and routed. Its why if the tower can not see you and someone calls they are dumped right into voice mail. So yeah you could turn off the beacon. But only if you do not care about anyone ever being able to call you as the tower would drop you out if you do not beacon. It has a few hundred other phones to take care of than yours which from its point of view looks off. Do not want GPS? Good luck with that. They do not even need GPS they can figure it out from the towers (which have fixed known locations). http://en.wikipedia.org/wiki/Direction_finding

What the original poster is asking for would not work very well. Well in a very limited fashion it would work. But only if he does not care about ever getting calls or SMS. He can use airplane mode. Built in to almost every phone out there. He can then use one of the many firmwares out there and have it default to on with a startup script. The listen only? Not going to happen unless he knows specifically how to talk to the modem. Also there are hundreds of chipsets out there and they all act a little different, qcom vs athros vs ti vs bcom all different even between chipset lines (the propitiatory blob in most phone firmwares). Even then it would from the networks POV look like he is off so it would not even bother to send the message (older networks did this, newer ones do not waste the bw, they need it). Also if the carrier gets wind of him doing this? They probably would just deactivate the account for tampering with the network and leave him stuck with the bill for the phone he has not paid off yet. The guys at the lower levels 'stick to the script'.

It is very simple do not want someone tracking you? Do not carry around a cell phone radio and leave it at home and turned off. It is the position Richard Stallman takes. It is not one I take. My phone is at my pleasure. Not someone elses. They want the info they have to get a warrant. Someone got the data without one and used it against me I would press on it.

A better idea would be to get one of the *many* android pads out there and put skype on it. Much simpler.

Re:Don't carry one

[SuricouRaven]

They did something like that with hotspots in the UK - the Digital Economy Act means that businesses can be liable for the infringements of people using their connection, which is a serious concern for all those places that used to provide customers with free wifi.

In practice, some businesses have continued to recklessly provide the service, while many more have instead contracted with specialist companies who run the access point and authentication infrastructure on their behalf. Typicially it uses the mobile phone network as a way to validate identity: User connects, gets a captive portal, enters their phone number, the service provider sends them an SMS with the unlock code, user enters the code. It's somewhat cumbersome, and some people are understandably reluctant to give out their phone number, but it's the only way to provide customers with a convenience service (And thus lure them in, usually to buy food) without potentially getting sued for millions after someone goes on a torrenting spree.

The only thing about the arrangement that surprised me is that the MPs were so open about the change in the law being about copyright. I'd have expected them to instead use child porn as an excuse, but they didn't: The Digital Economy Act is an entirely open effort to strengthen copyright law.

Re:Don't carry one

[dcollins]

"This seems more 'urban ledgend' / paranoia then real..."

I agree. Based on experience with my students in college classes, where the rule is that phones must be shut off (especially on exams), many if not a majority of people are confused about when a phone is really off versus when it is just in standby. I get a lot of students who claim a phone was off when it was ringing, or that they absolutely believe it's impossible to really shut the phone off. (Even in the face being penalized multiple times on a test -- once I had a guy turn around and just throw his phone into the hallway after it rang the third time and he couldn't stop it.)

Re:Don't carry one

[number11]

Flash memory has a limited number of writes, and won't power an on-board clock in any event.

The minimum number of write cycles seems to be around 10K, and could be 1M or more (depending on type of memory). If you have the least durable flash, and turn your phone off once a day, that's 27 years. (Most people don't seem to ever turn their phone off.) What do you suppose the service lifetime of the average phone is? 3 years?

Re:Don't carry one

[hAckz0r]

Any John Doe can buy software off the Internet, that once installed on the phone, has complete control over it. The spy/tracker/user does not need to know much to use that software, though most software may require physical access to the device to install it. Many don't. I would give specific examples to back up my assertion but I don't want to "help" that industry do bad things to good people. Lets just say its simple enough for your GF to find out who you are seeing on the side, and some of that software is rather effective in what they are designed to do.

As to what the software is actually designed to do, all that depends on the sophistication and talents that the spyware hacker, and and the specific mix of hardware and OS support. The short answer to your question on whether 'turning it off is enough' all depends on how much your neighbour wants to know what you are up to. If they have deeper pockets and don't mind buying available software to do the job, then the answer is definitely no.

My take on it is if "I" could figure out a way to do it, then somebody else is likely already making money doing it. Any decent hacker out there can quickly learn how to make the tail wag the dog when needed, and the smell of dirty money drives the spyware market. I had a friend who got hacked, and now my personal interests is in being the spy-master's arch-nemesis. I just wish I had more time for that sort of thing and there are very few samples out there to be openly studied.

turn it off

[thephydes]

Turn your phone off when you aren't using it. Do you really have to be contactable 24/7? I suspect not for most people and if your phone is off then you cannot be tracked.

Re:turn it off

[KZigurs]

Bollocks. Unless by 'turn it off' you mean 'press the power button sending the phone to sleep', there is no smartphone out there that will 'stay on' when 'powered off'.

aGPS works by sending a small data packet to a nearby server (ether over gprs or sms) when starting to triangulate your location to speed up the satellite discovery process.

(Mind you, that does not exclude possibility of compromised software and radio modem + bootstrap indeed being kept alive for eavesdropping purposes. For what it's worth modern smartphones generally consist of a small PC part (buttons, input, screen, cpu, sound, etc) and small separate dumbphone (cellular modem) part that talk to each other over serial bus)

Transmitter off won't work.

[rew]

If you want to receive calls or SMSes, you need to leave the phone on and transmitting:

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone. If you properly turn it off, the phone will tell the GSM network it is going off. So when a call comes in, it will go to voicemail immediately. If you yank the battery, the system will assume you are still in that cell where you last had the phone on, but it will probably time you out if it doesn't hear from your phone for a while. (which happens naturally if for example you drive out of range).

Re:Transmitter off won't work.

[KiwiSurfer]

When a call for your number comes in, the incoming call is NOT transmitted nationally. Only in the GSM-cell that you are actually in is the signal transmitted. So, the system has to know in which cell you are to be able to "call" your phone.

Not quite, a GSM switch will keep track of which Location Area (LA) a mobile device is in. A LA can contain a few or upwards to several hundred cells. Using Vodafone's GSM network in New Zealand as a point of reference, their largest LA covers all of Auckland's (our biggest city with 1.5m population) CBD with around 150-200 sites while in rural areas a LA generally only has around 50 sites.

When a phone is being called, all the cells in the LA will send out a broadcast request to all mobile devices in the LA and the mobile device will respond by contacting the nearest cell. This is quite useful as it reduces the need for the mobile device to check in frequently — the mobile device only needs to check in with the network when it moves into a new LA.

I'm not too familiar with how UMTS or LTE works but I presume the same principles applies but I may stand corrected.

Re:Transmitter off won't work.

[rew]

The cell-phone transmit is "expensive" in that it drains the battery. You can optimize the electronics all you want but if you have to transmit a 1W burst for 0.01 seconds to indicate that you're still there, the energy expense of that burst is fixed and cannot be reduced. This is apparently a trick to reduce the number of transmissions from the phone to the towers so that the battery can last longer. I didn't know that. Thanks for the update!

Futile

You can't.

Those are functions performed by the baseband software stack, which cannot be modified by the end user. Also you can't be simultaneously connected and not connected to the network anyway. If you don't want to be tracked by the network, don't use a cellphone.

Re:HAM radio?

[Gordonjcp]

Great idea! Then not only are you giving away your location but you're transmitting your message in the clear, for anyone to eavesdrop on!

I can't help but think you've missed the point a little...

Airplane mode and OsmocomBB

[asnelt]

I would say a good start is to just use the airplane mode of your phone. That should disable your RF transmitter. But of course you wont be notified when the network is paging your IMSI. The save option is to use a phone with OsmocomBB, a free software implementation of the GSM stack: http://bb.osmocom.org/trac/ It has limited functionality (no GPRS working at the moment) but at least you know exactly would your phone is doing. With that, you can even run CatcherCatcher, which is able to detect IMSI catchers: http://opensource.srlabs.de/projects/catcher The supported phones are a bit outdated, mostly old Motorola phones. But there is one supported smartphone: the Openmoko Freerunner. It is pretty usable these days and is fully supported by Debian. I love it, but you will need to tinker - a lot.

Re:Airplane mode and OsmocomBB

[asnelt]

What I forgot to mention: using OsmocomBB it should even be possible to fake your location. It is explained in this presentation at 05:20: http://www.youtube.com/watch?v=M0NjS6aUXYw

Re:Only one way

[thephydes]

Thanks Apple, please tell your users how to remove the batteries!

Re:SOLUTION: DON'T BE A CRIMINAL !!

[AvderTheTerrible]

The issue is that the government does not wait until they think you *are* a criminal to do this stuff, they start doing it when they think you *might* be a criminal, or worse yet, when someone *wants* you to be a criminal. It's not the stuff that would actually manage to fetch a warrant that a lot of people are worried about, it's the fishing expeditions that lazy crime fighting agencies and power abusing bureaucrats engage in if they don't like some of your associations. Just look to what happened during the McCarthy era to see what can happen when persons in power don't like the idea of you exercising your right to free association with people they don't like, regardless of if any rules are being broken.

Use sombody else's phone

[qaz123]

- Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Re:Use sombody else's phone

[pla]

Buy it using a fake id. - Ask a homeless or drug addict to buy you a prepaid phone/sim and use it. - Buy it in another country.

Actually one of the most realistic answers so far, except, you don't need an ID or a straw buyer... Just pick up a tracphone at Target and activate it at the in-store Starbucks' hotspot. Done and untraceable-to-you, unless "they" want you enough to manually hunt down security footage from one of those two stores.

That said, who do you plan to call with it? I consider it a sad commentary on our times that who (on the whole) you associate with matters far, far more than your own identity - Though the two end up largely interchangeable, unless a lot of people in your immediate circle of friends call to chat with your folks once a week. And of course, you probably use it at home - Lot of people living there? Keep in mind, even pre-GPS requirement, the cell providers could still get a decent lock on a phone just from the towers that can see it; and going back to the original FP question, you can't use the phone if no towers can see it.

Re:Use sombody else's phone

[Joce640k]

They can figure out who's carrying a phone by their daily habits (where you go, what time, how long you stay there).

Google claims to be able to do this - see last week's news stories.

Re:Use sombody else's phone

[DNS-and-BIND]

1. Look at your calling records. 2. Call the people you called. Ask them who called from your number. 3. Done.

Re:Use sombody else's phone

[Fnord666]

The problem with using someone else to buy it is that there is still a person that may be able to identify you if forced to

Don't leave any loose ends then.

Re:here's a thought

[Anne+Thwacks]

this thread is probably a response to Google reporting they could identify the owner of a phone by where it went - so no cigar today,

The correct answer is live in a third world country Smart phones are about the only thing that will work reliably. After the electricity supply, security forces and tracking technology are the things least likely to work reliably

Phone tracking is just part of a wide grid

[AHuxley]

Phone tracking was a result of the troubles in Ireland and the NATO/US need for Red trouble makers in 1980's Europe.
Think of an early Cyber Intelligence Sharing and Protection Act (CISPA) hardwired into every generation of phone by default.
Then came GPS, web 2.0, maps and cloud ... your phone is sucking up details about your life as you walk around with/use it.
Stop using your phone other than for family to say hi and ask for help/shopping.
Meet your people/tribe/business associates without a phone and talk face to face or in some other hi tech/no tech way.
Soon a working phone with CCTV (camera pod), facial recognition, 24/7 city wide look down drones, covert LEO in-car cameras will be filling in even more details.
Dont forget the private sector is also doing its part to link all their cameras in too :)
No warrants are needed. Deep extended boarder search, gang area 'random' searches, drink driving tests will all have rows of plate reading cameras, passenger face capture, driver logging, train station federal task forces, anti war mil protest watching... all add up to very deep efforts if you make a list.
All the tech used in 1950's Soviet watching, Vietnam, Iraq is now so cheap, tiny and sold to even the smallest, struggling police forces as federal 'gifts' to help with 'drugs', 'terror' or just as free 'surplus' with never ending private maintenance contracts.
The next big thing will be state level voice print records- no longer the play thing of GCHQ, NSA - expect a fake cell towers in a region of interest to do more than just log calls, numbers and record flagged people - your voice will soon be all that local law enforcement needs on any network.
Swap the phone sim all you want, better stay off the voice too.

Re:Phone tracking is just part of a wide grid

[Gothmolly]

All you did was provide a few concrete examples of the issues the submitter posed, and threw in some buzzwords. How are you remotely Insightful?

Don't use it.

[complete+loony]

So don't use your cell phone as a cell phone. Buy a pre-paid with no ID (if you can), use the data connection to open a VPN link, use whatever voice and IM protocols you want over the VPN link.

GPS is not the issue.

[thegarbz]

Even with GPS disabled or if your phone doesn't have GPS, cell triangulation allows for a reasonably accurate position of the phone. In urban areas this works well, in rural areas less so but still enough to provide someone with potentially useful information. This is a function of the cell phone network and not the GPS of your phone.

Re:GPS is not the issue.

[DontScotty]

If you are only using one tower - sure...

--------
  The tower can also measure how long it takes to get a response from your phone, and use that to estimate how far away you are. That puts you on the edge of a circle that distance from the tower.

Usually your phone can be heard by multiple cell towers. If two can hear you, then you're on the edge of each of 2 circles, and two circles can only meet at 2 points, so you must be at one of those 2 points.

If a third tower can hear you, its circle can only meet the others at one point, so there you are.

Emergency services (like 911) can get this information from the cell towers. The information exists whenever your phone is on and in range of a tower, whether you're making a call or not. The information is not meant to be publicly accessible.

Re:There's this really cool app that...

[lazy_playboy]

Discharge what?

The capacitors in the power supply circuitry.

OFF pocket

[Simon+Brooke]

Curiously enough I saw an idea to solve this problem this morning. It's a small bag lined with material opaque to radio waves (possibly lead foil or barium, I don't know). Whether this particular implementation works or is a tin-foil beanie, again I don't know. But the concept seems to me good. With modern phones like iPhones or my HTC One, the battery is non-removable, so it isn't easy for the user to verify that all radio transmission is in fact shut down - there could still be things like, for example, passive RFID. But if you had a radio-opaque bag in which you kept your phone, you could have a phone with you in case of emergencies, without the possibility of being tracked except when you were actively using it.

Re:HAM radio?

[DKlineburg]

I had a ham radio, but we ate it at Easter lunch. I don't know why my grandma insisted in carving the ham to look like a radio; but it was her house.

I have it.

[BrokenHalo]

I am in a position to offer a perfect solution. Just move to rural Australia and move your phone contract to Telstra. They are so fucking incompetent, nobody will ever succeed in tracking you.

The only downside is that you won't be able to make phone calls either. :-/

Re:I have it.

[Sentrion]

Trying to make yourself untraceable while still using modern technology is not an easy task. People have thought that they could avoid being tracked by buying an item with cash, but there are numerous cases of store security cameras recording purchases at the checkout counter and these images used to identify the culprets of a variety of alleged offenses. Combined with facial recognition software and the increasing cross-linkage of databases, such as photos from your driver's license or passport; combined with the fact that your face is probably online somewhere, such as your own Facebook page, or your friend's Facebook page if you avoid using facebook, or Flickr, or one of hundreds of image intensive online depositories, it is only a matter of time and effort to track you down. Even using a laptop you bought a garage sale and public wifi can't guarantee anonymity since surveilance cameras can show you within the vicinity of the wifi hotspot at the time of a particular event - such has already been used to identify "cyber-crooks" on more than one occasion.

Best defense is security by obscurity - don't do anything that will make you a target. If for sure you are going to be a target, then I'm not sure what will help you. If you try to live in some remote area with no technology at all, chances are people will be talking about you for miles around where you set up camp. "Ya, he's the guy living in the middle of that forest with nothing but a cabin and messenger pigeons."

Bullshit - mind control circuit

[Overzeetop]

That's what that battery is for - the mind control circuit. It's the only way they're keeping the people in line.

What most people don't know is that *that* is why there's a battery in your computer too! It has nothing to do with the stupid clock. The clock doesn't need the battery! You've seen the ones that work with a potato - that's proof enough that a clock doesn't need a battery. No, they have the computers programmed to reset your clock and bios after a short timeout to make you THINK you need that for the clock. And all you weak-minded losers fell for it, and the mind control circuit just keeps you believing that you need that battery.

Re:HAM radio?

[Bill_the_Engineer]

Before cell phones were cheap and everywhere, we had a large community of HAM operators who used our local 2m repeater to make short personal phone calls. It wasn't that hard to implement, just a DTMF decoder and a POTS interface board. We had improved capabilities once we replaced the repeater controller with a newer one that had this functionality built in. We were able to not only use DTMF tones to make phone calls, but to also patch into a network of linked 2m repeaters to converse with other HAMs throughout the state using VHF.

Don't carry a cellphone?

[argStyopa]

Seriously, if you're that paranoid about being traced, why even carry a cellphone?

Essentially, if you're going to turn off all the functions that allow connectivity, and disable the phone enough that you're *pretty sure* that you can't be traced, why are you even carrying it? It's going to be a non-functional pile of circuitry in your pocket, basically. If you're that concerned, then any time you turn it on you might be being traced, even if the radio function is allegedly "off".

I guess if you want to be able to call out in case of emergency, just buy a one-time phone and DON'T USE IT UNTIL YOU NEED TO. Then throw it away.

Re:Bruce Schneier says we've already lost

[Thor+Ablestar]

I have heard about mesh networks, for instance, B.A.T.M.A.N. or Netsukuku. You just need a mesh network to GSM gate that impersonates your phone and sends the calls via the mesh to the endpoint router with VoIP gate. It's quite difficult to trace the mesh but all this project needs at least tens of paranoiacs around the city that keep the mesh routers up and running.

Re:Ferrite Beads

[SternisheFan]

I believe that if your phone is on and in a frequency blocking bag, the battery will drain faster than normal, since the phone is now emiiting a more powerful signal trying to locate a tower.

Avoiding tracking has been patented (yes, really)

[frinkster]

US Patent 7751826 - Motorola submitted the patent in 2002, it was issued in 2010:

US Patent 7,751,826

The Federal Communications Commission (FCC) has mandated that, by December 2002, all cellular telephone carriers must market handsets capable of providing an emergency locator service. This emergency locator service, known as E911, will enable personnel at the public safety answering point (PSAP) to pinpoint the location of a cellular telephone user dialing 911. This FCC mandate further requires that the user not be able to override the emergency locator service in the case of a 911 emergency call.

This technology has raised public concern that, in addition to being used for emergency location, the locator service may be used by cellular carriers or by others to track the movements of cell phone users without their consent. There is therefore a need for a system that complies with the FCC mandate for location service while providing maximum privacy protection for cell phone users.

The invention overcoming these and other problems in the art relates in one regard to a system and method for selectively activating or deactivating E911 tracking service, in an embodiment by disabling power to GPS locator circuitry in a cellular telephone until the key sequence "9-1-1-Send" is detected. In one embodiment, the power to the GPS circuitry in a cellular handset may be activated by detection of a keypad sequence and the rotation of a physical switch to permit power delivery. When the handset detects the key sequence "9-1-1" it may output a signal that loads the switch into a "ready" position. When the user presses the "Send" button, the switch closes, enabling power to be delivered to the GPS circuitry. In other embodiments, the selective delivery of power may be controlled by software.

Motorola has been building phones for more than a decade in which the GPS circuitry is physically separated from electrical power until the user does something that causes it to be connected. This obviously doesn't help you if your phone has been hacked or modified and it doesn't help you avoid network triangulation, but it makes you wonder how all these supposed experts know all about the "dangers" of cell phones without having done much research or talking to the people who actually made the phones (you know, the inventors of patents are listed on the patents).

Faraday

[gmclapp]

Instead of modifying your phone, turning it off, taking the battery out etc. you could build a mini Faraday cage. put the phone in there whenever it's not in use. :) When people ask about it tell them you've had issues with your phone running away.

Tower Triangulation does not often happen

Multiple tower triangulation, which seems so obvious, is quite difficult to implement, and is rarely done. Here's why:
  - if you're fairly close to a tower, then other towers are unlikely to hear you. (This is by design: cell phone towers are designed to minimize overlap in coverage, so as to maximize frequency re-use over a geographic region)
- Those times when you are in range of multiple antennas (LTE people call these e-nodeBs), it's your cellphone that keeps track of the strengths of the neighboring e-nodeBs. This list of signal strengths and interference levels is not sent out from your cellphone unless a handover between enb's is about to happen.
- communications between a cellphone and a tower is not by a single carrier, but rather using a large number of discrete frequencies (for LTE, it's orthogonal frequency division multiplex). This type of modulation is designed to resist fading and interference, but is extremely difficult to triangulate, because the databits are spread over many symbols)

Most common localization of a cellphone uses a single tower. Simply knowing the antenna that you're connected through localizes you to a sector (of about 60 to 120 degrees in angle by about 1Km to 10Km in radius). The cellphone operator's Mobility Management Entity keeps track of this in real time, so as to route your calls, forward messages, and page your cellphone. Of course, this is several square kilometers, but it's possible to do much better:

Better single-tower geolocation takes advantage of every cellphone's being kept in tight time-synchronization with the clock in the tower's enb, using "Timing Advance". The Timing Advance method, in theory, can determine the distance of your cellphone to the tower within about 150 meters, but typically an operator gets 300 to 400 meters rms. This is a radial distance from the tower to your cellphone. The azimuthal location is coarsely determined by the sectorization of the tower: most cellphone towers have 3 to 6 enodeb antennas, and so can localize within 120 to 60 degrees in azimuth. And so, in general, you can be geolocated within an annulus: it's about 300 meters in radial distance from the tower, and about 60 to 120 degrees in azimuth. A fairly big territory: probably a football field or three. These systems are very useful for locating network problems, but cannot determine your location to better than a couple hundred meters.

A few systems can improve on this. For example, Newfield Wireless has developed a high resolution method of single-tower localization, apparently using enodeB timing data combined with local geographic information. But I'd be surprised if this results in better than 50 meter resolution.

Short version: Cellphone triangulation will not track you. Single tower tracking systems can yield coarse tracking.