Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How To Bypass Gov't Spying On Cellphones?

Posted by timothy on from the excuse-me-while-I-snap-this-glove dept.

First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)

53 of 364 comments (clear)

  1. Don't play.... by bobbied · · Score: 5, Informative

    The only way to win is not to play...

    Or, buy a new handset and phone number for every call and only pay cash.

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:Don't play.... by cold+fjord · · Score: 2

      Sign language. The US government is short of interpreters, especially for cell phone intelligence.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    2. Re:Don't play.... by Anonymous Coward · · Score: 4, Funny

      NSA: "We'll have to be able to attach our own piece of string to yours if you wanna keep using that, sir"

    3. Re:Don't play.... by SirGarlon · · Score: 2

      Or, buy a new handset and phone number for every call and only pay cash.

      And don't call anyone with, because the NSA is also monitoring all the incoming activity at the other endpoint of your call and can very likely deduce your identity that way.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    4. Re:Don't play.... by ub3r+n3u7r4l1st · · Score: 2

      this is not what he meant.

      It is very easy to analyze the identity of the caller by just nabbing the other side, unless the other side is also using a disposable cell phone.

      This is how police capture thief of stolen phones.... by contacting people who have been called from those phones.

      --
      New Economic Perspectives
    5. Re:Don't play.... by TWX · · Score: 5, Funny

      I've got a particular gesture for them right here...

      --
      Do not look into laser with remaining eye.
    6. Re:Don't play.... by ArcadeMan · · Score: 5, Funny

      I see that you're pointing to the sky, friend. Are you trying to tell me something?

      I want to believe.

      --
      Get free satoshi (Bitcoin) and Dogecoins
  2. Disposable cell phone by Skewray · · Score: 4, Interesting

    I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.

    1. Re:Disposable cell phone by rmstar · · Score: 2

      I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.

      That's an easy loophole to plug: just require registration to buy a phone. It is that way in Germany, I think.

    2. Re:Disposable cell phone by amiga3D · · Score: 4, Insightful

      Hell in the US they can't even keep non-insured non-licensed drivers off the road. Registering phones? Hah!

    3. Re:Disposable cell phone by HWguy · · Score: 5, Insightful

      Brian, I assume you paid in cash.

      Do you know how much information the Staples inventory system has? Does it store things like the phone's Mobile Identification Number? It certainly logged the time the phone was sold and the location, perhaps flagging your cash transaction. Hopefully you smiled at the various cameras in-store and in the parking lot that recorded you driving up and buying the phone. ;-)

    4. Re:Disposable cell phone by hawguy · · Score: 2

      Brian, I assume you paid in cash.

      Do you know how much information the Staples inventory system has? Does it store things like the phone's Mobile Identification Number? It certainly logged the time the phone was sold and the location, perhaps flagging your cash transaction. Hopefully you smiled at the various cameras in-store and in the parking lot that recorded you driving up and buying the phone. ;-)

      Buying with cash is definitely important.

      I almost brought up the same point about the cameras, but then I realized that if the goal is to keep broad surveillance from tracking him, cycling through disposable phones will do this unless Staples is turning over security camera footage to the NSA for facial recognition.

      If the phone was used to commit a crime, the government could probably track it back to him through security camera footage, but they aren't going to be able to track his past few years of movement based on his cell phone records.

    5. Re:Disposable cell phone by Nutria · · Score: 2

      Hopefully you smiled at the various cameras in-store

      Or wear a baseball cap and hoodie. Preferably with a full beard. And an a heavy foreign accent.

      --
      "I don't know, therefore Aliens" Wafflebox1
    6. Re:Disposable cell phone by tnk1 · · Score: 5, Insightful

      Yes. The idea of a burn phone is a very old one now. If you think that the NSA doesn't have contingencies to deal with that, you are mistaken.

      Honestly, unless you really do expect to be doing something illegal, the NSA doesn't have the resources to actually analyze the material they get from everyone for all possible illegal permutations. Unless you have reason to believe you are being targeted, the very fact that you use a burn phone regularly is probably more likely to set off red flags than just your normal use of a possibly monitored phone.

      Think about it this way. The use of burn phones is an inconvenience that most people won't bother with. If you are willing to put up with that inconvenience, you are in a relatively small group of people who are either refusers, or people doing illegal stuff. If I were the NSA, I'd be more interested in you as an evader, rather than less. And if they do happen to be able to track burn phones, you've just promoted yourself from Potential Terrorist, Second Class to Potential Terrorist, First Class.

      When it comes to panopticons, what you really need to do is learn how to hide in plain sight. The U.S. government is more like Sauron than God. They see everything, but only if they're looking at it.

    7. Re:Disposable cell phone by ub3r+n3u7r4l1st · · Score: 3, Informative

      and how do you know if a warrant has been issued and executed? You have basically don't have a right to protest a warrant because you don't know it even existed.

      And all mail are scanned and the image is taken and stored into a database (presumably the NSA):

      http://www.thesmokinggun.com/documents/woman-arrested-for-obama-bloomberg-ricin-letters-687435

      --
      New Economic Perspectives
    8. Re:Disposable cell phone by Charliemopps · · Score: 4, Insightful

      they have an $80 billion per year budget. That's $255 for every Man woman and child living in this country. They certainly can track every single one of us. Especially considering the Majority of US Citizens aren't even old enough to use a phone or the internet yet.

    9. Re:Disposable cell phone by bsDaemon · · Score: 2, Insightful

      pay some kid $20 to guy buy the burn phone/SIM for you. What kind of tradecraft master or wanna-be actually goes and buys their own burn phone?

    10. Re:Disposable cell phone by Anonymous Coward · · Score: 2, Insightful

      Cars don't require a connection to centralized infrastructure.

    11. Re:Disposable cell phone by Rogue+Haggis+Landing · · Score: 2

      they have an $80 billion per year budget. That's $255 for every Man woman and child living in this country. They certainly can track every single one of us. Especially considering the Majority of US Citizens aren't even old enough to use a phone or the internet yet.

      Pedant here -- at the 2010 Census, 79.9% of the US population was 15 or older, which seems like a good age by which most everyone will have a cell phone. So about $322 for everyone 15 and over.

    12. Re:Disposable cell phone by Hatta · · Score: 3, Interesting

      The last place you want to be is where you are only caught by the traps they set up for the really dangerous people

      You assume that this is only about really dangerous people. We just had weeks of controversy about the IRS targeting people for political motives. Are you so naive to think that won't happen at the NSA?

      --
      Give me Classic Slashdot or give me death!
    13. Re:Disposable cell phone by tnk1 · · Score: 2

      I'm just advising you to not waste your time trying to make yourself seem safer, only to find that you're actually painting a bigger bullseye on your back.

      Sure, someone could target you politically if they have a reason, but going through obvious steps to hide your activity makes it pretty easy to justify trying to find out what you are hiding.

      We're all guilty of some crime that's on the books, it's just that no one has the time or inclination to bother with us. However, if you gain their interest, then maybe that comes out.

      Your attempts to regain your privacy only make you a bigger target because you stick out like a sore thumb. If I am monitoring streams of data over the internet, what streams are going to interest me the most? Of course it would be the streams that are encrypted in some non-trivial manner. And why is that? Because you cared enough to encrypt or otherwise protect them.

      Sure, you might be good at it and not get caught, but these guys get paid to find people who try and hide information. You're going to attract attention by trying so hard.

    14. Re:Disposable cell phone by 7-Vodka · · Score: 2

      Come to think of it, there have been some very peculiar incidents recently.

      Supreme court justices changing their mind about which way to vote.

      The head of the CIA and other officers resigning because of affairs where the government admits reading their personal email without a warrant.

      Journalists being spied on.

      Fuck, they caught Elliott Spitzer with that call girl and then couldn't explain how they stumbled on him....

      Are you sure none of these incidents involved the illegal spying? The eye of Sauron stings a bit when it focuses on you doesn't it?

      --

      Liberty.

  3. And talk to who? by ugen · · Score: 3

    Once you jump through all those loops, who will you be talking to? And if such a person exists, he probably already knows what you are going to say, so why bother calling? :)

  4. Flooding by Phoenix666 · · Score: 4, Interesting

    The NSA needs to be flooded with false positives. They need to have so many false positives generated that their illegal, unconstitutional spying is rendered moot.

    On the other side, we need to surveille every member of Congress and the Executive and have their every move published on a publicly available site. After all, if they have nothing to hide then they shouldn't worry, right?

    In a perfect world the President and every member of Congress who signed off on this unconstitutional behavior would be impeached. But I know this is not a perfect world. So instead I will advocate a world where we turn the panopticon on itself and make them suffer three times for what they make us suffer.

    Tyrants must always be hoisted on their own petards.

    --
    Do what you can, with what you have, where you are.
    1. Re:Flooding by Grave · · Score: 2

      Flood them with too much data? They can't sort what they have now, but they sure can store a lot And if they start to run low on space, they'll just make Congress fund another yottabyte of storage.

    2. Re:Flooding by Sarten-X · · Score: 2

      So in other words, we need to do absolutely nothing. The reality is the NSA already has more data than they can act on. Sure, they can analyze your phone calls and emails and figure out that you're the sort of person who is influential among your friends*... you could be a terrorist leader, or you could be a town gossip. It's far more likely to be the latter, so without more evidence, there's little point in pursuing you.

      On the other hand, once you do do something that arouses suspicion, they can use your phone calls and emails to determine who may have conspired with you, and from there figure out what groups may be planning future attacks. By having that information available and already analyzed, they can pull up connections within minutes of a (preferably court-approved) request.

      Rampant surveillance isn't what's really scary about what the NSA et al. are doing. Rather, what's worrying is that our government continues to rely on hindsight as a means to future security. We really ought to be more careful with our foreign policy, domestic welfare, and generally be more concerned with what people want to do to us, rather than what they can do to us. That would be a perfect world.

      * I did this in grad school. It turns out analyzing call patterns is pretty simple, but the insight is practically useless. Most calling patterns are small rings with spokes.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    3. Re:Flooding by onyxruby · · Score: 3, Insightful

      Wonderful idea, you and a few thousand buddies are all going to crapflood the NSA. The NSA, an organization that is arguably the best in the world at sorting noise from signal. Check your ego at the door and realize your an amateur pretending to play in the big leagues.

      Want real change instead of feel good crap that doesn't do a damn thing? Call, or better yet, write your congress critter and demand change.

  5. Umm by wbr1 · · Score: 3, Interesting

    How about Ubuntu Touch? Linux core, can run VPN, TOR all the other goodies, and being OSS and linux you are free to investigate code and roll you own solutions on top of it.

    --
    Silence is a state of mime.
    1. Re:Umm by dos1 · · Score: 2

      Ubuntu for phones uses Android interfaces for drivers, so most of phones with it will have closed blobs to operate hardware directly. You never know what lives in such blobs.

      Some phones also have their RAM directly connected with the modem. If that's the case, then no matter what OS you'll run, non-free GSM modem firmware may still access it and do nasty things, even with GSM radio supposedly disabled.

      The only phones I know that provide full transparency regarding their firmware are Openmoko Neo Freerunner and OpenPhoenux GTA04. As the first one is a bit outdated, GTA04 is worth looking at, as it provides everything that was requested by the original poster and is still actively maintained - http://www.openphoenux.org/

      BTW. The only thing that stops RMS from calling GTA04 completely free phone is non-free WiFi firmware, which has to be loaded to the chip. GTA02 (Freerunner) had WiFi firmware stored in its memory. Other than that, those two phones are completely free and you have full control from the first executed lines of code.

  6. Not a god damned thing by onyxruby · · Score: 4, Insightful

    There is absolutely nothing you can do because the government has root for any given phone (if nothing else through a warrant). Own the network and you own anything going through it. Your encryption means jack when their are appliances that do nothing but decrypt and re-encrypt traffic at very high rates of speed. You could get a separate phone just for having private conversations (ala drug dealer). You would quickly find out that they can determine that number (doesn't matter how you got that phone). Once they know that number they can just tap that through the same phone system.

    Want some level of privacy and to ensure that the government at least has to get a warrant to read your supposed to be private conversations? Go old school, visit this antique shop called a Post Office and buy a roll of stamps and envelopes. There is well established legal doctrine that says snooping on your mail can only be done with a warrant.

    Don't like my answer? Call your congress critter and demand change.

  7. Re:Being "spied" on, or drawing attention, choose. by amiga3D · · Score: 4, Insightful

    The trick is to hide in plain sight. Most of the time if you seem legit and do nothing obvious you're flying below the radar.

  8. HAM Radio? by littlewink · · Score: 3, Funny

    It's waiting for you.

    1. Re:HAM Radio? by red_dragon · · Score: 2

      Encrypted communication on amateur radio bands is prohibited by law in the US, so transmitting an encrypted signal just invites spooks to triangulate your transmitter's position.

      --
      In Soviet Russia, Jesus asks: "What Would You Do?"
  9. Re:what makes you worth tracking? by Qzukk · · Score: 4, Insightful

    "What makes you worth tracking?"

    As the cost of this approaches $0, it's pretty easy to make tracking any given person's life worth more than it costs to do it.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  10. Did Lindsay Mills think she was important? by ZeroPly · · Score: 4, Insightful

    I mean, come on, she was just a ballerina/dancer in Hawaii, what did she have to hide from the NSA? Sure, her boyfriend Edward Snowden was involved in government affairs, but just one of a gazillion contractors.

    --
    Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
  11. Re:what makes you worth tracking? by immaterial · · Score: 5, Informative

    its like the idiots who think the supermarkets are tracking them personally with the loyalty cards. stores want aggregate data and purchase bundles to do loss leader promotions. they really couldn't care what you buy personally

    Bullshit. Careful who you call idiot, lest you look even more the fool.

  12. Encrypted phones by Animats · · Score: 4, Informative

    There are encrypted GSM phones with end-to-end encryption when talking to a similar phone. They're overpriced and hard to buy, but available. The source code is available so you can see how it works. It's classic Diffie-Hellman 4096-bit key exchange to establish a session key, followed by 256-bit AES encryption for the data.

    It's too bad OpenMoko tanked. That was a totally open source phone down to the hardware level. That plus Cryptophone-compatible code would have been trustworthy.

    1. Re:Encrypted phones by Anonymous Coward · · Score: 3, Informative

      Openmoko is not tanked.

      OpenPhoenux project, coming from Openmoko community, may be the answer for all those needs. It has less resources than Openmoko had, as it's done by a small german company Golden Delicious, but thanks to that it makes small moves rather than big and crazy that Openmoko did, so it's less likely that it'll completely fail like Openmoko did.

      Old Openmoko Neo Freerunner already was perfect for such purpose, but it's a bit unusable for anyone who's not hardcore geek always being ready to use terminal on his phone to do simple tasks in case something breaks. Fortunately, new GTA04, together with QtMoko or SHR systems, should be quite good choice.

      http://www.openphoenux.org/

      "What OpenPhoenux stands for:
      * participation by everyone
      * extensible hard- and software - DIY
      * allows to inspect what the system is doing (as far as achievable)
      * can be repaired using standard parts (as good as possible)
      * long-term support (e.g. software upgrades for an 2007 Neo 1973)
      * no planned obsolescence through open hard- and software
      * no central, intransparent, stock exchange listed instance that gives directions
      * hardware development and production near to users (Europe) under fair labour conditions
      * independent from the "modern mainframe" and back to the networked, decentralized web
      * everybody plays client and server roles and keeps control over his/her participation
      * makes the technical system transparent, not the user"

  13. Re:what makes you worth tracking? by LF11 · · Score: 2

    I'm just waiting for the next pin to drop: DEA gets access to help assist the war on drugs.

  14. Re:what makes you worth tracking? by localman57 · · Score: 2

    No. Not in real time. The point is that they can go back in time and see what you did after they've identified you as a person of interest. The government has pretty much said as much. A lot of this apparatus is designed around the idea that the more information they collect, the more they can use one incident (whether it is successful or not) to prevent future incidents by tracking the person back in time and see who else might be connected. Then prevent them from doing anything.

  15. Re:Windows mobile 6.5 by Anonymous Coward · · Score: 3, Insightful

    It sounds like you want a phone with

    No, it sounds like he doesn't know what the fuck he's talking about at all.

    Example:
    " Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls"
    I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.
    I can't speak for iPhones or Windows devices, but with Android you can shut off everything associated with cell phone carrier use any time you want, and install any kind of VOIP client you feel like using.

    "Android may not be the best software for such a device, as it very eagerly phones home."

    Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.

  16. Re:Being "spied" on, or drawing attention, choose. by Hatta · · Score: 2

    Avoiding attention isn't the point. Simply obstructing the illegal surveillance regime is the point. Any way in which you can resist, you should resist.

    --
    Give me Classic Slashdot or give me death!
  17. Re:Learn and use some obscure foreign language by Anonymous Coward · · Score: 2, Funny

    How about British English?

  18. Redphone, huh? by geminidomino · · Score: 4, Informative

    Funny how a privacy-oriented app like TextSecure (text app from the makers of Red Phone, mentioned in TFS) wants to access my Device ID, SIM serial number, and Subscriber ID...

  19. Re:what makes you worth tracking? by hawguy · · Score: 2

    So someone asks you some questions. So what? If you went overseas, you were clearly fine with not only being questioned by the TSA, but having your personal property searched (without a warrant!) and even having your person scanned or physically scrutinized.

    Well actually no, TSA didn't question me or go through my personal property other than an X-ray. US Customs asked if I was bringing back any restricted or taxable items, but they didn't question me about what else I had with me. They didn't even open my checked bag (or if they did, they reset the "opened by TSA indicator" on my lock and replaced the zip-tie on the zippers with another one just like mine.

    If the NSA can flag your purchases, it also knows enough about you to know what you are doing with said purchases. So just ignore them (like they are ignoring you).

    I'm supposed to be comfortable with surveilllance that is so detailed that not only do they know what I'm purchasing, but they also know what I'm doing with the purchases?

  20. Re:'Obama Phone' Program Has Nothing to Do with Ob by Archangel+Michael · · Score: 2

    Well, it makes about as much sense as the Liberal "Bush's War for Oil". just sayin

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  21. Re:'Obama Phone' Program Has Nothing to Do with Ob by localman57 · · Score: 2

    I know that. But it's become a common term for a government issued phone. If I say a Lifeline phone, people tend to think "I've fallen... AND I CAN'T GET UP!" or something like that. The world is full of commonly accepted terms that don't mean what they sound like they mean. You can fight it, or you can just go with it, and move on with your life.

  22. Re:what makes you worth tracking? by jma05 · · Score: 2

    Now you are changing what you meant by "personally". Your first post implied personalized profiling. Now you are saying you meant personnel doing the profiling and that it would not matter if the profile is not public.

    We are all products of different experiences and have different thresholds for finding things creepy. No need to call names.

  23. Re:XMPP by master5o1 · · Score: 2

    They could have kept mining federated XMPP chats and passing those to the NSA but no, they wanted to stop federation and only have Google-controlled chats go to the NSA.

    --
    signature is pants
  24. Re:Windows mobile 6.5 by Hatta · · Score: 2

    How would anyone know without the source code? Even with the source code, it's impossible to prove there's no back door.

    --
    Give me Classic Slashdot or give me death!
  25. Re:Windows mobile 6.5 by Hatta · · Score: 2

    I've never seen a phone that wouldn't let you shut off the GSM transmitter, nobody needs to "design" this it's already there.

    You really need a hardware switch. Otherwise the OS could just pretend to shut off the radio.

    --
    Give me Classic Slashdot or give me death!
  26. Re:Windows mobile 6.5 by chihowa · · Score: 2

    Bullshit. There's nothing in the Android OS which phones home or anywhere else. Yes, there are some applications which do it, but you can shut those off. And if you're extra paranoid just go install a custom ROM and don't run the spyware applications.

    That's absolutely false. If Google Apps are installed on the phone (any stock Android, not AOSP or Cyanogenmod (though you can install gapps)), then background programs will make constant connections to Google. GTALK_ASYNC_CONN_com.android.gsf.gtalkservice.AndroidEndpoint will wake the phone periodically to phone home (despite the name, it's not normal GTalk service, as it persists even if Talk is logged out or completely disabled). If you have "Wi-Fi & mobile network location enabled", a service will periodically wake your phone and send Google the surrounding wifi access points, the surrounding cell towers, and sometimes will turn on GPS and send your location.

    These are stock Android OS components that phone home. Maybe you use different definitions for "OS" or "phone home", but there is certainly something to be concerned about in Android.

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  27. Re:Being "spied" on, or drawing attention, choose. by Jherek+Carnelian · · Score: 2

    > The trick is to hide in plain sight. Most of the time if you seem legit and do nothing obvious you're flying below the radar.

    Hiding in plain sight simply doesn't work when there is a permanent recording of everything you do. You might not trip some pattern detector today, but if you have any proximity to any events of interest then the NSA will be focusing on everything they've ever recorded you doing.

    Just look at Snowden - for over a decade he anonymously posted to multiple websites with the username TheTrueHOOHA but no one paid any attention to him, he was "below the radar." But now everybody and their brother is digging up everything he ever wrote with that username. Crap he wrote when he was 17 is now under the microscope.