Slashdot Mirror
Volunteers Around the World Build Surveillance-Free Cellular Network Called 'Sopranica' (vice.com)
dmoberhaus writes: Motherboard's Daniel Oberhaus spoke to Denver Gingerich, the programmer behind Sopranica, a DIY, community-oriented cell phone network. "Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents," says Gingerich. "Taking out all the basement firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it's about running community networks instead of having companies control the cell towers that we connect to." Motherboard interviews Gingerich and shows you how to use the network to avoid cell surveillance. According to Motherboard, all you need to do to join Sopranica is "create a free and anonymous Jabber ID, which is like an email address." Jabber is slang for a secure instant messaging protocol called XMPP that let's you communicate over voice and text from an anonymous phone number. "Next, you need to install a Jabber app on your phone," reports Motherboard. "You'll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network." Lastly, you need to get your phone number, which you can do by navigating to Sopranica's JMP website. (JMP is the code, which was published by Gingerich in January, and "first part of Sopranica.") "These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app." As for how JMP protects against surveillance, Gingerich says, "If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening."
SIP over XMPP? Already had it. It doesn't work well. And towers still need to know where you are in order to reach your phone. Amazing.
As of right now, I've walked MANY through getting google voice going on mobiles and ditching the monthly bill. Works good until they catch on and force you re-verify the number you setup, at which point it seems your no longer able to make calls (originating from that number) but you can still receive voice mail. The privacy trade-off is obvious when working with any google product, but for quick and dirty free wifi phone it worked great (last time i set it up for somebody)
It sounds like this is pretty damn close to the same thing, only without all the snoopy big tech middle man garbage. I'm going to try it.
These phone numbers are generated by Sopranica's Voice Over IP (VOIP) provider which provides talk and text services over the internet.
Regarding the encryption, where does it take place? Is this privacy-centric un-named VOIP provider/DIY network subject to NSLs?
I suppose I should RTFA....
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
How's this different than using SIP over one of the http://www.talkonaut.com/ clients?
It's at least 11 years old.. Can't reinvent the wheel.
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Another voice over internet protocol app! Wooooow
> they are really encrypting it, then they are tunneling UDP (SIP) over TCP (for TLS)
Just finished Chapter 1 of Basic Cryptography?
"Encryption" doesn't mean TLS, and TLS doesn't require TCP. Plenty of common applications use encrypted UDP, some do TLS over UDP. IPsec, which is built-in to the Linux kernel, encrypts IP. Some apps, such as Cisco Anyconnect, can set up EITHER an IPSec connection, OR a TLS-based connection.
I wrote an IPSec / ISAKMP / IKE client a couple of months ago, so that's one I'm rather familiar with. As mentioned above, IPSec encrypts *IP* packets. Those could carry UDP or TCP fragments, or icmp, cdp, etc. It's encrypted at the IP packet level. To *set up* the IPSec connection, it uses UDP packets.
Another client I wrote this year spoke encrypted RDP, which is TLS over UDP. Some other Microsoft products use roughly the same protocol. OpenVPN is another example. It uses encrypted UDP, and can use optionally TLS authentication within the encrypted UDP channel.
This coming week my task is Microsoft SQL Server. It's TLS over TCP - hopefully STANDARD to over TCP.
A while back I suggested using a passive alert system.
Your phone could listen for its ID and receive text messages without revealing it's location. Making calls or sending messages would however reveal your location to your carrier.
Minimum threshold fixed. Thanks!
Your phone could listen for its ID and receive text messages without revealing it's location.
When it registers with the cell site, so the cell site knows where to send the ID and text message, the system will determine your location. All your phone has to do is register, and it does that just to know it has service and what to listen to.
Sopranica is a portmanteau of the words "Sopranos" (i.e. The Sopranos, criminal activity and shady dealings hidden from public view and the authorities) and "Silica" (i.e. the chemical compound used to make silicon wafers for manufacturing microchips).
Crime through Technology.
Sopran-ica.
We need to replace the commercial infrastructure... We need people to set up hotspots that are limited to this application only somehow, and for those to prevent abuse. For example voice data should be small so we can limit bandwidth, and limit amount of users per hotspot. Just needs people to volunteer their support.
The bigger problem with the entire concept being that even if it works as advertised, the government will enact laws, rules, regulations to criminalize it. The US government will never tolerate any system of mass domestic voice/data communications that they cannot monitor/track/decrypt/control. Even Cardinal Richelieu needed those 6 lines from the most honest of men and the ability to read them in order to have him hanged.
It would help citizens to effectively oppose what the government does that they are unhappy about, assist in holding people in the government accountable, and facilitate removing corrupt leaders from office, and thus any domestic mass communications system they cannot eavesdrop upon, decrypt, track, and control is anathema to such an oligarchic kleptocracy posing as a democratic republic as the US has become. A massive reduction in government size, power, and scope would be necessary to allow such a system to be built & operated without government forbidding it.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
You misunderstand it's just broadcasted to all cells assuming your phone might be on and listening.
As a result its going to have limitations like a limit to rebroadcasts and a time interval between them.
Still it wouldn't scale well but would probably scale plenty well enough for the number of people that I think would actually be interested in this.
Minimum threshold fixed. Thanks!
The network would still be centrally managed so every tower would recive and broadcast the message every 10 minutes 4x or so and then give up never knowing if the message was actually received.
It won't scale which is why it wasn't done in the first place.
But it would still likely handle everyone that would be interested in a allways on communications network that only tracked you when you were transmitting. Eg when you called someone, sent a message or browsed the web.
Would make it so your location isn't revealed without your consent while still allowing you to be contacted at any time.
Minimum threshold fixed. Thanks!
Oh your right I did. Neat!
Which also means that even without the ability to scale it still has enough capacity to be viable.
Minimum threshold fixed. Thanks!
If people want to get surveillance free networks they have to get a handheld radio (or base station at home) and get a transmitter for it (with range up to ~100 km). The problem today is that no easy way to network together many transmitters over the internet and it requires a licensed frequencies (public channels are off limit for this type of usage). It is possible but last I knew the set-up is both difficult and not necessary a stable one (might require a lot of DIY hardware). Radio to radio communication is always possible over the public channels (licence free), but the problem with that is anyone can listen into any conversation that happens since the frequency band is both analogue and in the clear. There is a frequency allocation for digital channels but I have not seen any handheld radio able to use that frequency. I do not know why that is. There is also no data transmission over this type of frequency as the bandwidth is limited to few kHz.
You misunderstand it's just broadcasted to all cells assuming your phone might be on and listening.
Actually I believe you are partially misunderstanding, and parent is correct.
From grandparent:
Your phone could listen for its ID and receive text messages without revealing it's location. Making calls or sending messages would however reveal your location to your carrier.
The existing cellular network does not work via broadcasting messages to all towers such that your phone could passively listen for it.
Your phone registers with the cell tower, which updates the carriers internal routing info, and only then does the network forward things for your cell ID to that one tower you last registered with.
If your phone unregistered, the network will either hold the message or simply reject it as undeliverable.
If your phone registered to a tower and then simply "goes dark" without unregistering, the message will still go to just the last tower you registered with for a little bit to be broadcast there. The tower will retry a number of times until it receives an acknowledgement from your phone, and failing to do so (with the phone not transmitting) typically results in the message being rejected back or simply dropped.
After a few minutes of the phone being dark and not responding to the towers (think like a constant ping check), the route gets removed from the network as stale, and then even that one tower no longer transmits anything to your cell.
To have a cell network operate on a true broadcast without acknowledgement type of basis, it would need redesigned from the protocol up.
This would be much closer to "possible" on a home-grown newly designed cellular network/protocol, such as this article is about.
But the bold part of the quote above indicates GP was specifically talking about your carriers cell network, not a newly made one that works in a different way such as this.
I'm Denver, "the programmer behind Soprani.ca", and specifically JMP. Feel free to ask me any questions about JMP, WOM, or Soprani.ca as a whole that haven't been answered in the comments section yet. I'd be happy to hear from you.
Correct this would be used along side the existing cellular networks. However as was pointed out to me what I was thinking of already exists as one way pagers but not as a combined device. You could recive texts directly via a one way pager along with notice of attempted incoming calls then if you needed further information and weren't somewhere you you needs your location protected you could switch the cellular side of your phone on and continue like today.
It wouldn't fully eliminate tracking but it would knock it down to only when you were transmitting which is a big step IMHO from being tracked 24/7 without the loss of the ability to be contacted at any time.
Yes I should have been more clear In my post so it wasn't so ambiguous.
Minimum threshold fixed. Thanks!
I suspect the volume of broadcasts would be prohibitive.
In practice, the best you could do is expire logs quickly and be sure to actually delete them.
... but as some already said, it's just an app more... :-D
If really you want to see what an actual, independent mesh network can be, please go to http://www.servalproject.org/
And yes there is an app
But this one, works -including from tablets with no SIMcard inside.
IMHO the only issue is, this will become useable only when thousands will run it, including some in your neigborhood...
Herve S.
I wonder how Sopranica and Jitsi compare. Are their missions overlapping? Different use-cases? I know that Jitsi's big push is enterprise stuff whereas Sopranica seems more of a hobbyist endeavour.
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman