Slashdot Mirror
Ask Slashdot: How To Bypass Gov't Spying On Cellphones?
First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)
The only way to win is not to play...
Or, buy a new handset and phone number for every call and only pay cash.
"File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.
Once you jump through all those loops, who will you be talking to? And if such a person exists, he probably already knows what you are going to say, so why bother calling? :)
I have two Nokia N900s and I think it would be possible to make these devices "secure". http://en.wikipedia.org/wiki/Nokia_N900
The NSA needs to be flooded with false positives. They need to have so many false positives generated that their illegal, unconstitutional spying is rendered moot.
On the other side, we need to surveille every member of Congress and the Executive and have their every move published on a publicly available site. After all, if they have nothing to hide then they shouldn't worry, right?
In a perfect world the President and every member of Congress who signed off on this unconstitutional behavior would be impeached. But I know this is not a perfect world. So instead I will advocate a world where we turn the panopticon on itself and make them suffer three times for what they make us suffer.
Tyrants must always be hoisted on their own petards.
Do what you can, with what you have, where you are.
say the NSA is tracking 500 million people worldwide
do you really think that there is a guy sitting in the NSA tracking you for no reason? out of all the tens of millions of people? what makes you so important?
its like the idiots who think the supermarkets are tracking them personally with the loyalty cards. stores want aggregate data and purchase bundles to do loss leader promotions. they really couldn't care what you buy personally
it was already said the NSA does the same. they think some muslim street vendor or cab driver is sending money to fund the jihad, they see who he is calling and so on. to build data on possible people in a network.
How about Ubuntu Touch? Linux core, can run VPN, TOR all the other goodies, and being OSS and linux you are free to investigate code and roll you own solutions on top of it.
Silence is a state of mime.
There is absolutely nothing you can do because the government has root for any given phone (if nothing else through a warrant). Own the network and you own anything going through it. Your encryption means jack when their are appliances that do nothing but decrypt and re-encrypt traffic at very high rates of speed. You could get a separate phone just for having private conversations (ala drug dealer). You would quickly find out that they can determine that number (doesn't matter how you got that phone). Once they know that number they can just tap that through the same phone system.
Want some level of privacy and to ensure that the government at least has to get a warrant to read your supposed to be private conversations? Go old school, visit this antique shop called a Post Office and buy a roll of stamps and envelopes. There is well established legal doctrine that says snooping on your mail can only be done with a warrant.
Don't like my answer? Call your congress critter and demand change.
The trick is to hide in plain sight. Most of the time if you seem legit and do nothing obvious you're flying below the radar.
It's waiting for you.
Free, OSS Redphone, or a commercial solution such as PrivateGSM.
There are over 36 million lines of COBOL code in the world, and they are all raping children.
The NSA needs to be flooded with false positives.
Undead Osama, is that you? Phoenix666 was a bit obvious...
This type of phone would be much more useful for politicians and businesspeople than the average joe, since they're the real target of rogue agents working for someone else (and not just illicitely for those in power, either, keep in mind. Planted leftovers for previous administrations could be too.)
Snowden showed he could listen in on conversations of powerful people, and no alarm bells went off anywhere.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I mean, come on, she was just a ballerina/dancer in Hawaii, what did she have to hide from the NSA? Sure, her boyfriend Edward Snowden was involved in government affairs, but just one of a gazillion contractors.
Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
I just can't stop myself. If you don't have anything to hide you have nothing to worry about.
Do the windows in your house have curtains or blinds, sir? The door to your bathroom - is there no lock on it?
Sometimes (read: most of the time) the desire for privacy has nothing to do with obscuring bad behaviour.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
This country is doomed. I'm not sure anything can be done at this point other than put your head between your legs and wait for the wreckage to come to a complete stop.
I just can't stop myself. If you don't have anything to hide you have nothing to worry about.
There, I said it. Here come the downmodders.
Since once the NSA has the data it likely never gets deleted, how do you know if you have something you want to hide from a government 10, 15, 20 years into the future? Are you sure that none of the people or groups that you associate with now won't be deemed an enemy of the state at any point in the future? Maybe some ordinary every day activity you do today will bring you under suspicion in the future, like going to church (or one particular church), or the gun range, or spending time in a Makerspace.
Which is better, drawing attention to your activity by hiding your communication, which likely triggers a red flag but won't hide metadata, or choosing your words carefully when communicating in any way, shape, or form?
In my case, the first one - My communications really aren't all that interesting, unless you consider "Hey, Honey, need me to stop by the store on my way home?" vital to national security interests. However, if I hide them, it makes the Powers That Be think they are interesting, and thus they will want to spend resources to investigate further. Upon said further investigation, they'll discover that they not only completely wasted their time and resources, but also inadvertently helped me achieve my goal of poisoning the holy living fuck out of their well.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I kind of feel like I've forgotten my meds this week.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
There are encrypted GSM phones with end-to-end encryption when talking to a similar phone. They're overpriced and hard to buy, but available. The source code is available so you can see how it works. It's classic Diffie-Hellman 4096-bit key exchange to establish a session key, followed by 256-bit AES encryption for the data.
It's too bad OpenMoko tanked. That was a totally open source phone down to the hardware level. That plus Cryptophone-compatible code would have been trustworthy.
If you're going to fight for privacy and rights and puppies and things, then do things toward that goal. Securing your own phone doesn't do that. It just makes work for you. Unless you really do have something of interest to them. Which you probably don't.
Use your efforts to write letters, keep informed so you can vote intelligently, educate people, publish something, or whatever. Securing your own phone is just "I got mine." Worse, it's probably wasted effort.
At least they need a warrant for that.
It sounds like you want a phone with
No, it sounds like he doesn't know what the fuck he's talking about at all.
Example:
" Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls"
I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.
I can't speak for iPhones or Windows devices, but with Android you can shut off everything associated with cell phone carrier use any time you want, and install any kind of VOIP client you feel like using.
"Android may not be the best software for such a device, as it very eagerly phones home."
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
Honestly, your best hope is going to be Ubuntu Touch. It will give you a hell of a lot more control over your phone than android. It is straight up linux, so if you know what you are doing on a linux box, you, in theory, should be able to cut off those phone home's and shit.
Avoiding attention isn't the point. Simply obstructing the illegal surveillance regime is the point. Any way in which you can resist, you should resist.
Give me Classic Slashdot or give me death!
For sure they will not understand what you say. The more different from English, the better. For example, Arabic is a good option.
Oh, wait...
Strength, balance, courage and reason. If you know what's this about, contact me!
... Obamaphone ... Obamaphone ... Obamaphone ...
The 'Obama Phone' Program Has Nothing to Do with Obama
If your that concerned with your privacy then leave the grid. Go cash only and NEVER appear on camera or leave a network footprint. It's possibly if your careful to effectively disappear from the watchers but you have to tip toe like your in an active mine field.
If you want privacy just don't get a cell phone, they are pretty much the most track-able device that people carry day to day.
Funny how a privacy-oriented app like TextSecure (text app from the makers of Red Phone, mentioned in TFS) wants to access my Device ID, SIM serial number, and Subscriber ID...
Well, it makes about as much sense as the Liberal "Bush's War for Oil". just sayin
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I know that. But it's become a common term for a government issued phone. If I say a Lifeline phone, people tend to think "I've fallen... AND I CAN'T GET UP!" or something like that. The world is full of commonly accepted terms that don't mean what they sound like they mean. You can fight it, or you can just go with it, and move on with your life.
I'd say the obvious way to go: https://silentcircle.com/
"anything to hide" define this
its really that simple.
whatever you think the definition is, you are wrong.
and every four years that definition is changed.
this is a concept most children have a hard time getting a handle on but a few years of history, social studies, government, and a study on world war 2 germany and the rise of the USSR usually clear things up.
They could have kept mining federated XMPP chats and passing those to the NSA but no, they wanted to stop federation and only have Google-controlled chats go to the NSA.
signature is pants
I just can't stop myself. If you don't have anything to hide you have nothing to worry about.
I'm not going to downmod you, but I did notice:
amiga3D (567632)
(email not shown publicly)
Would you be willing to post your email? What about the name of your elementary school, the name of your first pet, and your mother's maiden name? Or how much money you have in the bank, and your retirement accounts?
It's not about having something to hide. It's about wanting a modicum of privacy from the Lois Lerners of the world (and yeah the baddies on the right too but the IRS is current events so that's my reference du jour).
It's like you've never heard of (a) inalienable rights, (b) computers that can scan as many signals as you need (irrespective of NSA staffing levels), or (c) unhinged prosecutors who take a personal disliking to someone and then dig up every piece of dirt they need to destroy them (as evidenced by the USA's beating every country in the history of the world on imprisonment numbers).
You don't need to be exciting. You can just be the wrong person in some local cop's or prosecutor's crosshairs, or the wrong address on a sloppy search warrant. It happens EVERY. SINGLE. DAY.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
Set up a VOIP exchange at home connected to a landline. When dialing someone, phone your house landline; then use the exchange to connect via a VPN to one or multiple VOIP providers, who connect you to your recipient. This prevents meaningful metadata collection, unfortunately it does not stop tracking of the cellphone itself.
SIP software on your phone and a VPN connection. you connect to your target's VPN and then make the SIP call to his protected internal phone over the VPN. Good luck cracking that phone call.
They will have your IP address, so use a VPN service that is outside the country and hope it's not actually a honeypot ran by the government....
Do not look at laser with remaining good eye.
Doesn't https://www.seecrypt.com// encrypt your calls and send them over the internet as VoIP calls ?
We are Dead Stars looking back Up at the Sky
Use text and encrypt with a one time pad.
The problem is not really that they are listening to everybody now. The problem is that they would log everything that is being said or done. Later on, if you become a "problem" to them, they could start charging you with ridiculous past illegal activities you had.
-"I am not arresting you because you are protesting drone strikes against an american target... I am arresting you because you smoked some weed 2 years ago (There are pictures of that on facebook and phones call logs where you admit it). Also you jaywaled 10 times in the last 6 month (recorded by your google glasses). I see that you also bought stuff from amazon and did not fill for sales tax, that's a tax fraud. Also you drove your car on june 3rd without insurance, It had expired on the 2nd and was renewed on the 4th, so here goes your driving licence. Your protest of the drone strikes? That's protected by the first amendment, I would not dare touching that. Too bad you'll have to protest in prison..."
Is Google's dropping of XMPP purely a business decision to focus on Hangouts, or were there other reasons?
Alternative scenario...
Government: "We have a FISA warrant which lets us monitor all your XMPP traffic" ... ...
Google:
Google: clickity clickity clickity clickity
Google: "What's XMPP?"
I wonder what would happen if there was another Church Committee. http://en.wikipedia.org/wiki/Church_Committee
staying away from certain places; like Google Plus, Facebook, and friends
Summary is correct. The only way to stay off of Facebook is to not have any friends.
https://play.google.com/store/apps/details?id=org.servalproject
factor 966971: 966971
Don't forget to also take out the battery from your cell when you've turned it off, otherwise your phone can still be pinged by the network and in some cases will continue to automatically phone home. IIRC, smartphones will often also have some internal micro-power source (kinda like a cmos battery in your desktop). You'd have to disable that to make sure there's no power to the phone when it's off. I believe that most older dumbphones do not have this kind of thing, so you should probably stick to one of those for your burner (and of course if you've got a burner and a legit phone, never have them powered up in the same location at the same time).
How would anyone know without the source code? Even with the source code, it's impossible to prove there's no back door.
Give me Classic Slashdot or give me death!
I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.
You really need a hardware switch. Otherwise the OS could just pretend to shut off the radio.
Give me Classic Slashdot or give me death!
At one level, you're toast, right? You need a burner phone you bought with cash, without using ID, and to activate it without linking it to your person. You need to never have it with you at your commons places to be (house, work, coffeeshop on the corner, etc.) - and once you start talking using apps on a smartphone, you've multiplied the complications here 1000x. If you care that much, you probably should just give up on cell phones.
But, there are a tons of ways to make your usage of cell phones safer and more secure. The Guardian Project is a great place to start - https://guardianproject.info/apps/ - you can get their apps from the Play store, from the F-Droid OSS repo, or as APKs directly. It brings Tor to your Android, OTR chatting, end-to-end encrypted VOIP calls, and even PGP email.
iOS is a bit further behind with all of this, for various reasons.
There was a great guide on this last year, but the site seems to have gone offline. Some intrepid data-rescuers have put the content up on github:
https://github.com/opensafermobile/materials
Returned Peace Corps IT Volunteer
Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.
That's absolutely false. If Google Apps are installed on the phone (any stock Android, not AOSP or Cyanogenmod (though you can install gapps)), then background programs will make constant connections to Google. GTALK_ASYNC_CONN_com.android.gsf.gtalkservice.AndroidEndpoint will wake the phone periodically to phone home (despite the name, it's not normal GTalk service, as it persists even if Talk is logged out or completely disabled). If you have "Wi-Fi & mobile network location enabled", a service will periodically wake your phone and send Google the surrounding wifi access points, the surrounding cell towers, and sometimes will turn on GPS and send your location.
These are stock Android OS components that phone home. Maybe you use different definitions for "OS" or "phone home", but there is certainly something to be concerned about in Android.
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
> The trick is to hide in plain sight. Most of the time if you seem legit and do nothing obvious you're flying below the radar.
Hiding in plain sight simply doesn't work when there is a permanent recording of everything you do. You might not trip some pattern detector today, but if you have any proximity to any events of interest then the NSA will be focusing on everything they've ever recorded you doing.
Just look at Snowden - for over a decade he anonymously posted to multiple websites with the username TheTrueHOOHA but no one paid any attention to him, he was "below the radar." But now everybody and their brother is digging up everything he ever wrote with that username. Crap he wrote when he was 17 is now under the microscope.
1. Buy a phone with a removable battery. Cheap or expensive doesn't really matter.
2. Remove battery from phone.
3. Discard battery as appropriate for the type (it's probably classified as some sort of hazardous waste).
Your cellular phone is now 100% secure from government spying.
Log in or piss off.
This is an objective of the Serval Project. Our Serval Mesh software for android currently provides secure voice / chat / file distribution over local networks. But since Wi-Fi has such lousy range, we're also planning to build and sell small Wi-Fi routers with 915MHz ISM band radios for long range / low bandwidth links.
While we're focused on local communications in places where the infrastructure is down / never existed / can't be trusted, with the addition of a Distributed Hash Table, we could provide services over the internet.
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
I wouldn't count Nokia N9, it's pretty much locked and easy to screw thanks to their security framework. Nokia N900 still has non-free bootloader, but without ability to brick your phone if you tinker too much with it just because security rules say so.
Fortunately, N900 and GTA04 are good choices :)
You mean Openmoko? Company behind it failed, but community around it is still alive and there is now even successor of Openmoko Neo Freerunner - GTA04 (http://www.openphoenux.org/)
And yes, that would be great starting point. With GTA04 (and with old Freerunner too) you can be sure that that's you who is in control of your phone and your data. Openmoko and OpenPhoenux phones are pretty much the only completely free mobile phones out there.
While it would be great if a large number of people poisoned the well of information, the unfortunate reality is that the very people able to safely do that (those with no secrets they want to keep private) are the ones that also have little motivation to do so.
The people that genuinely understand the need for such privacy and the value of information poisoning are often also the ones that don't want to have their lives scrutinised.
This sort of system works so well because they've convinced so many that there's no need to worry, and the ones that understand the risk can easily become public examples.
Yeah but look at the results. Look how long it took before he finally got put in the spotlight. Even then he kinda just threw himself out there. This could have stretched out much longer before they figured it out. You assume that you'll be able to stay anonymous forever and that is simply not true. The gov is huge and they have much much more power than you ever will. If they want you, they'll get you. The most that you can hope for is to keep delaying them as long as possible. It failed for the NSA too. They practiced some hardcore OPSEC I am sure. They locked this, encrypted that. And what did that get them? Nothing. The info got leaked. Same goes for you. If you try to hold a secret and someone wants to know it bad enough it will eventually leak as well. We the common folks are always at a disadvantage to the powers that be. It is better to overload the system than to try and starve it.
"Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls." Android and iOS have had the ability to turn on wifi in airplane mode for years. Don't want to phone use.google services, install CM without the google apps.
....this guy is totally a fuckin' cop.
If the NSA isn't doing anything wrong then they must not have anything to hide. Why haven't they declassified everything? Why is there even a classification system, if the only reason to hide things is because you're doing evil things?
Not a sentence!
Switch on airplane mode, switch on WIFI, and use whatever encryption you like
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
This damage has to be fixed, period. The corruption and psychopaths and enablers must be ripped out by their roots with no favoritism nor quarter given, By Any Means Necessary. Only then can we "have a new birth of freedom -- and that government of the people, by the people, for the people, shall not perish from the earth. "
Use Verizon Wireless or T-Mobile. U.S. government cannot spy on the users of those two cellphone services because they are both partially owned by foreign companies. http://online.wsj.com/article/SB10001424127887324049504578543800240266368.html?mod=WSJ_hps_MIDDLE_Video_Third
It's still very crude and entirely useless but academics have had success in creating images depicting what someone's thinking of.
So give it another decade, it's not impossible that you will be able to tell what someone's thinking.
Whether it's ever possible at a mass population (rather than inserting someone into a scanner) is more difficult. I'd guess not, but I have no scientific basis for that.
Try to have that phone approved by the FCC (or whatever equivalent entity in other countries)
I've got better things to do tonight than die.
Do the windows in your house have curtains or blinds, sir?
Yes, they are one of the most effective climate control methods. Open day and closed night in winter, and you should cut at least 10% off your heating bill, or vice versa in summer to cut your cooling bill.
The door to your bathroom - is there no lock on it?
As a parent with small children, I removed the locks. The children managed to lock themselves in, so I pulled them to prevent issues.
Learn to love Alaska
Because I do have something to hide. You are proving his point. Why do you put your money in a wallet and your wallet in a pocket? Wouldn't it be more convenient to tape bills to your shirt, and pluck them from there as you need them?
Sure it would, but you aren't keeping your money "secret" (though doing so is often a security feature as well), but you are protecting it from loss or damage. Do you lock your car in a parking lot so nobody sees what's in your ashtray (are they still calling them that when so few cars have real lighters or ashtrays anymore?)? Or do you do so to secure it?
Security of physical possessions isn't related to "hiding" anything.
Learn to love Alaska
(b) computers that can scan as many signals as you need (irrespective of NSA staffing levels),
The level of false positives and such are still where it's too labor intensive to track people. They "could" track lots of people, but they don't because of cost and complexity. They do best in retro-tracking. Once a person becomes a person of interest, then they can track them back for everything they've done in the past 10 years.
Learn to love Alaska
Obtuse response aside, I'm certain my point was clear.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
IF you thought it obtuse and you didn't take anything from it, then you aren't listening. Perhaps many people have different ideas of privacy for you. You look around and see millions of people wanting privacy. Maybe they just want solitude or security and you are confused because you have some bizarre affinity for seeing everything as "privacy". No, everyone *must* have the exact same values as you, or you'll go out of your way to explain how they are wrong for having an opinion.
Learn to love Alaska
Ah, ok...
In case you missed it, I actually spelled out the point I was making in the once sentence you didn't quote:
Sometimes (read: most of the time) the desire for privacy has nothing to do with obscuring bad behaviour.
I said nothing about the rationales people actually use, but rather was pointing out that the rationale for removal of privacy (essentially, that only bad people have stuff they don't want made public) posited by OP was flawed.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Sometimes (read: most of the time) the desire for security or seclusion has nothing to do with privacy. I don't keep my PIN private for privacy reasons, but security reasons. Privacy is under attack in the US because it has been equated with supporting abortion, so I try to be clear what is discussed. That and if privacy was a "real" right, many laws and corporate activities would be broken. Would the Right to Privacy include the right to be forgotten, the right to be free from surveillance?
Learn to love Alaska