Slashdot Mirror
Ask Slashdot: How To Bypass Gov't Spying On Cellphones?
First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)
The only way to win is not to play...
Or, buy a new handset and phone number for every call and only pay cash.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
Is Google's dropping of XMPP purely a business decision to focus on Hangouts, or were there other reasons?
I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.
Once you jump through all those loops, who will you be talking to? And if such a person exists, he probably already knows what you are going to say, so why bother calling? :)
I use Android and have a personal email server set up on hardware within my house. OwnCloud set up for calendar/contacts and eJabberd rather than Google Talk/Hangouts. I use RedPhone/TextSecure (both by Whisper Systems), but so far as I'm aware none of those would prevent metadata snooping. I guess RedPhone would if you initiate the call through it directly since its VoIP, but only if you are also connected through a VPN.
Which is better, drawing attention to your activity by hiding your communication, which likely triggers a red flag but won't hide metadata, or choosing your words carefully when communicating in any way, shape, or form?
I have two Nokia N900s and I think it would be possible to make these devices "secure". http://en.wikipedia.org/wiki/Nokia_N900
Another secure open source VOIP software wolld be https://www.discretio.com
It has Scype already.
I'm guessing you mean Skype, but thats hardly secure from govt snooping!
Custom ROM is your friend.* I use customized Cyanogenmod, that has not Google Apps (Gmail, Maps, Play..) installed.
* Well well known custom roms that have lot of users, there are malicious around as well.
The NSA needs to be flooded with false positives. They need to have so many false positives generated that their illegal, unconstitutional spying is rendered moot.
On the other side, we need to surveille every member of Congress and the Executive and have their every move published on a publicly available site. After all, if they have nothing to hide then they shouldn't worry, right?
In a perfect world the President and every member of Congress who signed off on this unconstitutional behavior would be impeached. But I know this is not a perfect world. So instead I will advocate a world where we turn the panopticon on itself and make them suffer three times for what they make us suffer.
Tyrants must always be hoisted on their own petards.
Do what you can, with what you have, where you are.
The most amazing Android app developed by our beloved Moxie.
https://play.google.com/store/apps/details?id=org.thoughtcrime.redphone&hl=en
say the NSA is tracking 500 million people worldwide
do you really think that there is a guy sitting in the NSA tracking you for no reason? out of all the tens of millions of people? what makes you so important?
its like the idiots who think the supermarkets are tracking them personally with the loyalty cards. stores want aggregate data and purchase bundles to do loss leader promotions. they really couldn't care what you buy personally
it was already said the NSA does the same. they think some muslim street vendor or cab driver is sending money to fund the jihad, they see who he is calling and so on. to build data on possible people in a network.
How about Ubuntu Touch? Linux core, can run VPN, TOR all the other goodies, and being OSS and linux you are free to investigate code and roll you own solutions on top of it.
Silence is a state of mime.
From one paranoid person to another: at most, all you are going to get is a temporary measure, and not a fix to your problem. The problem isn't that phones are tracked, or that some phones are more easily tracked than others, the problem is that you've got "someone" who apparently has carte blanche (or thinks they do, unless they are forced to stop, the distinction is academic) to do all the tracking they want, with no repercussions. You can do what you want to hide, if they want to find you, they will.
Now go hide under your tin-foil rock, if it makes you feel any better.
Use some obvious circumvention posted on slashdot, so the NSA can flag me for the no fly list.
Meanwhile my friends still call me so they can get on the no fly list too.
Seriously it is traffic analysis. The solution is fly causal, pretend that your IQ is normal and that you aren't paranoid.
Always VoIP.
Seriously, has the poster simply not heard of this yet or what? Encrypted cell phones are not new. Neither are freeware encrypted communications.
Just kills me with all of this "oh noes!" going on like no one has ever heard of solutions available today, especially when reading it here. Damn, RTFA every once in a while already...
Intelligence agencies have and end-to-end view and real-time packets are susceptable to timing attacks. Further, both WIFI and GSM can be clearly listened to and the encryption broken in near-real-time.
TOR is not safe either, in fact, its probably the worst system of all given the visibility.
If you want secure comms, you will need to create a ground based mesh system with a path loss that exceeds the minimum orbital distance. That's expensive and requires a lot of cryo.
Even then, what's the point? The agencies have the abilty to hit you with RF and decode the electrical activity of the brain into words, images, etc.
Privacy is a delusion of the misinformed.
The phone has to be in government-trackable-mode to receive calls, so two approaches:
* leave the phone off and use skytel to replace the ring. they have much larger cells.
* fon.com-like system where nearby celfones tether to each other and trade the duty of having the radio on.
The zeroth approach, "let the phone be tracked, but government doesn't know whose phone it is," won't work. Even without call traffic analysis, the phone can be uniquely associated with a human by where they sleep at night plus the boolean fact that they use Tor, or the fixed-IP fact of the static VPN they connect to. Also I think static VPN's will have no value in protecting anonymity if the packets coming in and out of the VPN are tapped.
This "article" is a fucking NSA plant!!!
Slashdot is being PAID by the NSA!
Fuckyou!
Or. I'm an NSA officer spreading FUD, to fool you dumb fuckers into complacency.
Hmmmm.
FUD indeed.
God! I wish I could get paid for this shit and pay off my student loans!
I'm a slave to the bankers like the rest of you - and the NSA.
Everyone add bomb terrorism plane etc etc to all their greetings and signatures :)
There is absolutely nothing you can do because the government has root for any given phone (if nothing else through a warrant). Own the network and you own anything going through it. Your encryption means jack when their are appliances that do nothing but decrypt and re-encrypt traffic at very high rates of speed. You could get a separate phone just for having private conversations (ala drug dealer). You would quickly find out that they can determine that number (doesn't matter how you got that phone). Once they know that number they can just tap that through the same phone system.
Want some level of privacy and to ensure that the government at least has to get a warrant to read your supposed to be private conversations? Go old school, visit this antique shop called a Post Office and buy a roll of stamps and envelopes. There is well established legal doctrine that says snooping on your mail can only be done with a warrant.
Don't like my answer? Call your congress critter and demand change.
It's waiting for you.
Free, OSS Redphone, or a commercial solution such as PrivateGSM.
There are over 36 million lines of COBOL code in the world, and they are all raping children.
The NSA needs to be flooded with false positives.
Undead Osama, is that you? Phoenix666 was a bit obvious...
This type of phone would be much more useful for politicians and businesspeople than the average joe, since they're the real target of rogue agents working for someone else (and not just illicitely for those in power, either, keep in mind. Planted leftovers for previous administrations could be too.)
Snowden showed he could listen in on conversations of powerful people, and no alarm bells went off anywhere.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
My Openmoko Neo Freerunner matches all the requirements. But it may be a bit slow and outdated (a bit... haha) for today standards, so maybe take a look at its spiritual successor - GTA04 from Golden Delicious.
I mean, come on, she was just a ballerina/dancer in Hawaii, what did she have to hide from the NSA? Sure, her boyfriend Edward Snowden was involved in government affairs, but just one of a gazillion contractors.
Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
T-Mobile USA and CenturyLink are the only two major telecom companies that refused to work with the NSA back when the warrantless wiretapping scandal first broke. They're a German company, so you can be pretty sure they care about your privacy.
Use Ham Radio. Set up autopatch systems all over the place. As long as you're not conducting business or speaking in codes, they'll never know exactly where you are.
This country is doomed. I'm not sure anything can be done at this point other than put your head between your legs and wait for the wreckage to come to a complete stop.
Personally, I really do not care if the government is listening to my phone calls. I seriously doubt that they are, but I have nothing to hide. Frankly my phone calls are just not all that exciting to outside parties. The only "danger" from someone listening to them is that they might get bored into a slumber.
I love how some people think that they are personally so important that the government has nothing better to do than pay attention to everything that they do. A few years ago during the "We're going to have a flu pandemic!" scare that was recommending special flu vaccinations for children, a guy I know who works for the US government (he is a low ranking employee perhaps somewhat equivalent to a computer operator) was convinced that Uncle Sam was literally going to send armed troops to his house to force him to agree to getting a flu shot. I love how logic never figures into this. If the NSA has about 40,000 employees as Wikipedia claims and all of them are forced to monitor the entire US population, that is about 7875 people per NSA employee to monitor. Yes, I'm sure that the NSA can keep up with that.
I don't see the point in going to all that work to try to maintain privacy. If I really want to hide who I'm talking to or what we're saying then I won't use a phone. I'll use something lower tech and/or with a code. Encrypted calls, VPNs, specialized phones, etc seems a bit overkill for hiding the fact you're calling home to see if you should pick up something at the store.
On the one hand, for targetted attacks there is spy software openly available for purchase by government agencies for all brands of phones (not just smartphones). For example, FinFisher is used by agencies of smaller countries. These kind of companies will usually offer the service to break any kind of device for enough money, if there is no known exploit yet they'll find one and use it.
Regarding untargetted snooping by programs like PRISM, on the other hand, the question makes even less sense. How do you want to protect yourself against something whose extent you don't know? Not just US companies, but companies all over the world participate in such programs. For example, Siemens is known to have installed loopholes into Telco equipment.
There are encrypted GSM phones with end-to-end encryption when talking to a similar phone. They're overpriced and hard to buy, but available. The source code is available so you can see how it works. It's classic Diffie-Hellman 4096-bit key exchange to establish a session key, followed by 256-bit AES encryption for the data.
It's too bad OpenMoko tanked. That was a totally open source phone down to the hardware level. That plus Cryptophone-compatible code would have been trustworthy.
If you're going to fight for privacy and rights and puppies and things, then do things toward that goal. Securing your own phone doesn't do that. It just makes work for you. Unless you really do have something of interest to them. Which you probably don't.
Use your efforts to write letters, keep informed so you can vote intelligently, educate people, publish something, or whatever. Securing your own phone is just "I got mine." Worse, it's probably wasted effort.
It won't stop the NSA from spying on you, but it'll force them to retain Klingon experts and/or Klingon translation systems. In other words, baffle them with bullshit. Any jargon or obscure language will do. Remember the Navajo code talkers? Of course you can't actually use Navajo if you're serious about getting things through. They're on to that. A better way is something like Cockney rhyming slang. This is a kind of code that evolves on a regular basis. If you haven't been hanging out in town for a few months, you no longer know the lingo. This requires agents to infiltrate your network. What? You're not a terrorist and you're not willing to go through all this trouble?
OK. I give up. Just don't use the phone, or hack up a one-time-pad system with your friends. Really though, the only solution is to hold the agency's feet to the fire somehow and actually get them to respect our rights...
Carrier Pigeon
Satellite phone
U.S. postal service (they may know where you're sending, but as far as I know it's impossible to actually read the contents without altering something, so the envelope itself acts as an intrusion detector. Also - encrypt the messages using some code. Yes, anything can be broken given sufficient time and samples, but if you stop receiving letters or they are tampered with, you know the line is unsecure)
At least they need a warrant for that.
It sounds like you want a phone with
No, it sounds like he doesn't know what the fuck he's talking about at all.
Example:
" Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls"
I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.
I can't speak for iPhones or Windows devices, but with Android you can shut off everything associated with cell phone carrier use any time you want, and install any kind of VOIP client you feel like using.
"Android may not be the best software for such a device, as it very eagerly phones home."
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
Honestly, your best hope is going to be Ubuntu Touch. It will give you a hell of a lot more control over your phone than android. It is straight up linux, so if you know what you are doing on a linux box, you, in theory, should be able to cut off those phone home's and shit.
For sure they will not understand what you say. The more different from English, the better. For example, Arabic is a good option.
Oh, wait...
Strength, balance, courage and reason. If you know what's this about, contact me!
If the cost was zero, government wouldn't be interested in doing it. In the business of government, spending is profit. This is because (1) they aren't spending their own money, as would be the case in the private sector, and (2) their reward isn't tied to the "success" of the spending, as would be the case in the private sector. On the contrary, their reward is tied to the leverage potential of their spending (because the reward must come indirectly, to bypass scrutiny). At the top of the pyramid, it doesn't even matter where the money goes -- what matters is that it passes through their hands, giving them a chance to leverage that cash flow for personal gain. Naturally, the bigger the cash flow, the more leverage, and the bigger the potential reward.
... Obamaphone ... Obamaphone ... Obamaphone ...
The 'Obama Phone' Program Has Nothing to Do with Obama
you got alternatives: Nokia N900 Maemo5, to a certain degree Nokia N9 Harmattan, and Openphoenux.org "Openmoko" GTA04. The Nokia phones both should be able to do SIP. The N900 definitely can use VPN via both GPRS/UMTS and WiFi. The GTA04 is completely open and fully documented.
Oh, all three are *true* linux smartphones, not adroid fake. /j
I just switch off my phone when I'm not using it, so that it's not acting as a tracking collar. And I don't actually use it all that much. If you believe you need to be connected all the time then the question is not how to have privacy. You can't. If the phone can receive calls then you're being tracked. So the question is how you might give up the addictive belief that something of critical interest to you is happening all the time...somewhere else.
Works well but cost money.
If your that concerned with your privacy then leave the grid. Go cash only and NEVER appear on camera or leave a network footprint. It's possibly if your careful to effectively disappear from the watchers but you have to tip toe like your in an active mine field.
If you want privacy just don't get a cell phone, they are pretty much the most track-able device that people carry day to day.
OP: That is how Republic Wireless phones work, on Gingerbread with custom firmware. Ask them.
Funny how a privacy-oriented app like TextSecure (text app from the makers of Red Phone, mentioned in TFS) wants to access my Device ID, SIM serial number, and Subscriber ID...
You just need a helluvalot of string...
Well, it makes about as much sense as the Liberal "Bush's War for Oil". just sayin
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I know that. But it's become a common term for a government issued phone. If I say a Lifeline phone, people tend to think "I've fallen... AND I CAN'T GET UP!" or something like that. The world is full of commonly accepted terms that don't mean what they sound like they mean. You can fight it, or you can just go with it, and move on with your life.
If you *try* to avoid it they will notice and make extra effort to see why.
I'd say the obvious way to go: https://silentcircle.com/
Symbian has made all that possible that for years beyond memory...
It's like you've never heard of (a) inalienable rights, (b) computers that can scan as many signals as you need (irrespective of NSA staffing levels), or (c) unhinged prosecutors who take a personal disliking to someone and then dig up every piece of dirt they need to destroy them (as evidenced by the USA's beating every country in the history of the world on imprisonment numbers).
You don't need to be exciting. You can just be the wrong person in some local cop's or prosecutor's crosshairs, or the wrong address on a sloppy search warrant. It happens EVERY. SINGLE. DAY.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
I don't know what's maximum distance to the closest cell tower, but there are handheld transceiver that reach a distance of 30-40 kilometers. Let's assume some of the people you connect with daily are relatively nearby, say 1-2 kilometers radius which is is probably enough for most cases. At work, most of the people are in the same building, a few hundred meters.
What I'd like to see someday is a some kind of encryption where two devices are paired to create a contact, just like regular cell phones. When I'd like to send a message my device will ping the receiving device. If it's in range, the message will be sent encrypted directly to it, and opened with our shared key generated in the pairing process. If not, the message will be sent like regular SMS via the cell tower.
Same goes for Audio calls, although this will be much more complicated.
This method benefits from both having no middle-man (so less money to pay to network operators) and from having the messages and calls encrypted.
The downside is the battery will probably take a hit and would last less.
Can this be done?
Government a$$ kisser right here.
Set up a VOIP exchange at home connected to a landline. When dialing someone, phone your house landline; then use the exchange to connect via a VPN to one or multiple VOIP providers, who connect you to your recipient. This prevents meaningful metadata collection, unfortunately it does not stop tracking of the cellphone itself.
SIP software on your phone and a VPN connection. you connect to your target's VPN and then make the SIP call to his protected internal phone over the VPN. Good luck cracking that phone call.
They will have your IP address, so use a VPN service that is outside the country and hope it's not actually a honeypot ran by the government....
Do not look at laser with remaining good eye.
The data that is being collected is valuable, and we as a civilization should determine how it should be preserved and used.
Consider that we all lead our lives and meet our ends... someday, these histories will be all that is left of us: actions, statements and tendencies recorded in a series of bits in some unimaginable substrate. Since this may be all that remains of us, we should be careful how we keep it.
An alternate future embraces the "singularity" and sees us transcend ourselves in ways that we could not possibly understand. Perhaps our darkest data secrets now will seem like scribbles in the margins of a schoolbook in the future, nostalgic but defanged.
What is clear is that we are not smart enough to use it wisely, so we must preserve it until we become so.
Doesn't https://www.seecrypt.com// encrypt your calls and send them over the internet as VoIP calls ?
We are Dead Stars looking back Up at the Sky
Use text and encrypt with a one time pad.
The problem is not really that they are listening to everybody now. The problem is that they would log everything that is being said or done. Later on, if you become a "problem" to them, they could start charging you with ridiculous past illegal activities you had.
-"I am not arresting you because you are protesting drone strikes against an american target... I am arresting you because you smoked some weed 2 years ago (There are pictures of that on facebook and phones call logs where you admit it). Also you jaywaled 10 times in the last 6 month (recorded by your google glasses). I see that you also bought stuff from amazon and did not fill for sales tax, that's a tax fraud. Also you drove your car on june 3rd without insurance, It had expired on the 2nd and was renewed on the 4th, so here goes your driving licence. Your protest of the drone strikes? That's protected by the first amendment, I would not dare touching that. Too bad you'll have to protest in prison..."
Is Google's dropping of XMPP purely a business decision to focus on Hangouts, or were there other reasons?
Alternative scenario...
Government: "We have a FISA warrant which lets us monitor all your XMPP traffic" ... ...
Google:
Google: clickity clickity clickity clickity
Google: "What's XMPP?"
If you don't want to be tracked, don't use/carry a cell phone at all.
VoIP can be traced.
VPNs can be traced.
GSM calls can be traced.
Any IP-based protocol can be traced.
All of these can be traced to a specific location. It is a necessity of the protocols. No way around it.
Tor can hide your real location, but it is not suiteable for VoIP traffic. It is barely good for slow web traffic.
Sure, you can hop from country to country to country using IP, but even that can be traced if you don't do something like TOR.
All those magazine articles clearly are written by non-network knowledgable people.
If you don't want to be tracked, don't use/carry a cell phone at all.
https://guardianproject.info/apps/ostel/
Yes, you can only call on wifi or over some internet connection.
I wonder what would happen if there was another Church Committee. http://en.wikipedia.org/wiki/Church_Committee
Everyone bangs on about 'privacy'. If you're a celebrity, or a spy, or a terrorist, or a criminal maybe it's an issue. If you're not, then what have you got to hide? And who gives a fuck? You're maybe not as important as you think.
staying away from certain places; like Google Plus, Facebook, and friends
Summary is correct. The only way to stay off of Facebook is to not have any friends.
https://play.google.com/store/apps/details?id=org.servalproject
factor 966971: 966971
Don't forget to also take out the battery from your cell when you've turned it off, otherwise your phone can still be pinged by the network and in some cases will continue to automatically phone home. IIRC, smartphones will often also have some internal micro-power source (kinda like a cmos battery in your desktop). You'd have to disable that to make sure there's no power to the phone when it's off. I believe that most older dumbphones do not have this kind of thing, so you should probably stick to one of those for your burner (and of course if you've got a burner and a legit phone, never have them powered up in the same location at the same time).
There is apparently a project underway to create an Incognito Mode for Cyanogenmod
https://plus.google.com/100275307499530023476/posts/6jzWcRR6hyu
How would anyone know without the source code? Even with the source code, it's impossible to prove there's no back door.
Give me Classic Slashdot or give me death!
I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.
You really need a hardware switch. Otherwise the OS could just pretend to shut off the radio.
Give me Classic Slashdot or give me death!
At one level, you're toast, right? You need a burner phone you bought with cash, without using ID, and to activate it without linking it to your person. You need to never have it with you at your commons places to be (house, work, coffeeshop on the corner, etc.) - and once you start talking using apps on a smartphone, you've multiplied the complications here 1000x. If you care that much, you probably should just give up on cell phones.
But, there are a tons of ways to make your usage of cell phones safer and more secure. The Guardian Project is a great place to start - https://guardianproject.info/apps/ - you can get their apps from the Play store, from the F-Droid OSS repo, or as APKs directly. It brings Tor to your Android, OTR chatting, end-to-end encrypted VOIP calls, and even PGP email.
iOS is a bit further behind with all of this, for various reasons.
There was a great guide on this last year, but the site seems to have gone offline. Some intrepid data-rescuers have put the content up on github:
https://github.com/opensafermobile/materials
Returned Peace Corps IT Volunteer
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
That's absolutely false. If Google Apps are installed on the phone (any stock Android, not AOSP or Cyanogenmod (though you can install gapps)), then background programs will make constant connections to Google. GTALK_ASYNC_CONN_com.android.gsf.gtalkservice.AndroidEndpoint will wake the phone periodically to phone home (despite the name, it's not normal GTalk service, as it persists even if Talk is logged out or completely disabled). If you have "Wi-Fi & mobile network location enabled", a service will periodically wake your phone and send Google the surrounding wifi access points, the surrounding cell towers, and sometimes will turn on GPS and send your location.
These are stock Android OS components that phone home. Maybe you use different definitions for "OS" or "phone home", but there is certainly something to be concerned about in Android.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Many poster are recommending phones with Open Source software .... Such as Ubantu touch ... but what most open source projects seem to currently lack is what the criminal justice system calls a "chain of evidence" ....
You can look at what is claimed to be the source code for the software BUT there is nothing to prove that the executable tha you have was derived from the source code that you can access .... short of doing your own compile-and-build
This doesn't matter for most software ... but if the security services are involved .... how do you know the the particular mirror site you downloaded from hasn't got a modified executable with its own valid checksum ?
Telecoms in Germany check all German users against the official German government residency databases ("we know where you live"). There are probably loopholes, but they seem pretty determined to close them.
"Android may not be the best software for such a device, as it very eagerly phones home. "
Submitter is a corporate shill with an agenda. Anyone reading any posts below should take them with a grain of salt. This conversation will be VERY heavily infested with Social Media Managers (SMMs).
1. Buy a phone with a removable battery. Cheap or expensive doesn't really matter.
2. Remove battery from phone.
3. Discard battery as appropriate for the type (it's probably classified as some sort of hazardous waste).
Your cellular phone is now 100% secure from government spying.
Log in or piss off.
1. Purchase a prepaid phone without providing your details.
However, since you call your friends, you can still be identified by your "friend signature."
2. Switch to encrypted VoIP. However, your connection network addresses can still reveal your friend signature.
3. Route your VoIP traffic over a VPN connection. However, if your VPN server's IP is traceable to you, there's at least a hint that you "may have something to hide" and potentially attract attention (which is worse than no privacy solution at all.)
4. Use a trusted VPN tunnel provider.
At this point you probably have decent privacy. But for completeness, there are a few more issues you might want to address.
It's still technically possible to cross-reference the timing of your data traffic with the traffic timing of the calls to your friends.
5. Throw in some decoy traffic to stabilize the data rate.
If you're using Android or another vendor-controlled OS, you're at the mercy of whatever backdoors and exploits it might contain.
6. Switch to an OS alternative that's non-vendor controlled and fully open source.
At this point you've pretty much done everything you can. It's still not going to be 100% secure, since even a fully open-source OS isn't beyond exploiting, and since no VPN tunnel providers are beyond judicial orders and the like.
"And in the absence of a perfect solution, what do you do instead?"
I'd highly suggest tightening your tinfoil hat.
Or, if that doesn't work, just keep yipping about this constantly: pretty soon you won't have to worry about securing your calls, because nobody will want to talk to your crazy ass.
This is an objective of the Serval Project. Our Serval Mesh software for android currently provides secure voice / chat / file distribution over local networks. But since Wi-Fi has such lousy range, we're also planning to build and sell small Wi-Fi routers with 915MHz ISM band radios for long range / low bandwidth links.
While we're focused on local communications in places where the infrastructure is down / never existed / can't be trusted, with the addition of a Distributed Hash Table, we could provide services over the internet.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Anyone know what is happening with the OpenMobo open source phone project? Would that be a good starting point?
The phone system has been backdoored with CALEA since 94. If you ever thought anything you've said down a phone was private since then you're mistaken.
The only way to not be tracked by a cell phone is to not own one. Sure, you can use burners, but only if every other person you communicate to are also using burners. You can not be on facebook, so long as everyone you know is also not on facebook. The reality is, you can be tracked either directly, or indirectly and there really isn't anything you can do about it. I personally don't have a facebook account, but my girlfriend, sister, and parents do, so there are images and conversations about me all through the FB database. They also have phones, so if I call/sms them, my movements can be tracked, even if I use a new phone every time. Fact is, if the government really cares enough about YOU, then they can track and monitor your activities. However, it takes a lot of resources to track 1 person. TB's of data to troll through, bundles of CPU to crack encryption, meetings to determine with your worthwhile tracking, people to follow you around, so on... So the real trick, don't be worth tracking. If your really upset by the world we live in, move into the middle of no where and live in a cave, live of the land... alone.
Humans are social creatures, as we grow more technically advanced, we also become more social technically, sharing stuff about ourselves and other people we know and care about, thus making it impossible to hide, but not impossible to go unnoticed.
Funnily enough, you will probably stick out like a sore thumb by not having a FB account, not carrying a cell phone, and only ever having encrypted internet traffic heading for TOR relays. It's just not average modern human, so you must be up to something, so you will more than probably be tracked.
Airplane mode on iphone switches everything off, you can then turn wifi back on right away while in airplane mode.
I don't think most people understand what the government is really doing, or rather not doing. None of these suggestions are going to matter except to raise your profile in the metadata and bring you under scrutiny by the domestic intel agencies.
Before the Unity-to-Amazon nonsense, I would have said Ubuntu's mobile plans were very promising, possibly their phone would be the one we've all been waiting for. It still might be, but the Amazon thing suggests it would be some fork/derivation of Ubuntu.
But seriously, though. I bet an Ubuntu-based phone is going to be the closest thing to the ideal phone that any "cypherpunk" would want, within the constraints of also being a smartphone and relatively mainstream. There are a lot of conflicting goals here and Ubuntu is going to hit pretty near the sweetest spot.
I've never seen a phone that wouldn't let you shut off the GSM transmitter
You can still be pinged by the carrier. You have to turn the phone off and pull the battery out. Thank you E-911.
sure hope you were locked down when posting that. you just made their list
"Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls." Android and iOS have had the ability to turn on wifi in airplane mode for years. Don't want to phone use.google services, install CM without the google apps.
....this guy is totally a fuckin' cop.
Or is it 50 cents now? Anyway, you get the money and go down to the corner. Quite often (but not as often as used to be) there are these things called "payphones". Don't want your friend tracked either? Tell him to do the same thing.
Switch on airplane mode, switch on WIFI, and use whatever encryption you like
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
"Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!"
I checked out the linked in the referenced article. This paragraph caught my eye:
"Å gjøre seg anonym på nettet, med disse hjelpemidlene, er selvsagt helt lovlig. Det er også mange eksempler på når slikt kan være nødvendig. Kanskje du sitter i en betrodd stilling, og vil tipse om at firmaet du jobber i gjør noe ulovlig. Kanskje du er bekymret for nabogutten, og vil sende en bekymringsmelding om det."
Provocative. Then the author further stated:
"I slike situasjoner kan du risikere å miste jobben eller nabofreden hvis det blir oppdaget hva du har gjort. Da er det greit å sikre at du ikke kan spores opp, og i denne artikkelen skal vi hjelpe deg finne, og ta i bruk, den teknologien som passer dine behov best."
This guy knows what he's talking about. All I can say is: Genius. Pure genius.
What's legal today, will maybe not be tomorow ... (religions, hobbies, sexual preferences, political opinion, etc)
General principles :
Protect your privacy from governement and all third party is just self-preservation.
Don't put everything public as it can be bad for you later.
Don't make easy for them to track you and label you.
A french expression : live happily, live hidden.
Well, maybe not anything in AOSP. But in consumer phones you have Google Mobile Suite stuff which IS part of the OS for all purposes. And those things DO phone home all the time, like location provider, play market, analytics, ads, ...
This damage has to be fixed, period. The corruption and psychopaths and enablers must be ripped out by their roots with no favoritism nor quarter given, By Any Means Necessary. Only then can we "have a new birth of freedom -- and that government of the people, by the people, for the people, shall not perish from the earth. "
You really need a hardware switch. Otherwise the OS could just pretend to shut off the radio.
A square foot of tinfoil wrap should take care of that ...
Best advice I could chime in with is using services and software where the algorithms and security at work mean there is no way of the organisation supporting the infrastructure to be able to hand out the data in the first place.
For voice calls for example these guys seem to be doing it right - http://www.securemobile.com , it uses a different encryption key for every single phone call and alerts you when the keys have not been negotiated directly between (and known only to) end to end devices. Meaning nobody apart form the call participants ever get a chance to record or intercept communication without the end users knowing.
Use Verizon Wireless or T-Mobile. U.S. government cannot spy on the users of those two cellphone services because they are both partially owned by foreign companies. http://online.wsj.com/article/SB10001424127887324049504578543800240266368.html?mod=WSJ_hps_MIDDLE_Video_Third
www.silentcircle.com - I use this for the majority of my SMS/Voice
Try to have that phone approved by the FCC (or whatever equivalent entity in other countries)
I've got better things to do tonight than die.
(b) computers that can scan as many signals as you need (irrespective of NSA staffing levels),
The level of false positives and such are still where it's too labor intensive to track people. They "could" track lots of people, but they don't because of cost and complexity. They do best in retro-tracking. Once a person becomes a person of interest, then they can track them back for everything they've done in the past 10 years.
Learn to love Alaska