I received this friendly email from Google explaining why I should turn on location history. I haven't used that gmail account for a few years:
About Location History Location History lets you create a Timeline, a map of your visited places and routes. Timeline data can also be used to give you More personalized experiences across Google, such as suggested destinations on Google Maps and Android Auto. More useful ads on Google and other places Google ads may appear, such as websites or apps
with graphene in airplane mode, without a sim, you can actually NOT be tracked
reply
YOU taught me that, and I'm using your information verbatim in a little guide I'm writing up about my switch to Graphene.
BTW, I took your suggestion and do not have a sim. I still have to implement more of your suggestions
reply
If you want further clarification this is actually true:
Airplane mode on phones turn the cellular radio off completely but having a SIM would still let you use over-IP carrier services like WiFi Callng. Send an SMS to yourself when you have Airplane mode on, you will receive it.
Just not having a SIM isn't enough, you need to have both no SIM and airplane mode because it will broadcast to allow calling 911.
The new Pixel Tablet has no cellular radio if you want to completely avoid it.
reply
about the tablet, that's great to know!
reply
Thanks for that detail. I used your info too! I think I credited everybody.
reply
No problem! I also am working on an article but would love to see how yours comes up. Please post here when done
reply
Mine is pretty basic. Maybe I'll put mine aside if yours is comprehensive. You have the knowledge to go way more in depth in this area than I do. I'll wait.
reply
I'd still publish it. Mine will likely be explaining the OS' changes and threat model rather than you explaining your switch.
I don't know when I'd finish it either - currently on other projects.
reply
Okay. There probably won't be much overlap then.
stoked you were able to get it installed. guide sounds great, look forward to reading it ✌
reply
Thanks, but don't get your hopes up. It's pretty basic. I'm amazed at how knowledgeable some of our fellow SNers are. If @final posts his guide we'll all learn a lot. I am enjoying the ride so far. I'm optimistic I will stick it out.
reply
I am still working on this, but I want it to be comprehensive so it wont be done for a while.
I am working on images mostly, I have this draft which was originally meant to explain Sandboxed Google Play but I will likely make changes to describe the whole OS' hardening as a whole:
reply
Thank you and looking forward to reading it, searching for info like this online always confuses me so relentlessly that I have to stop
reply
Looking forward!
If I used a silent.link esim for example, what are the downsides, i.e. how exactly can I be tracked and what do I stand to lose?
reply
The cellular network provider that Silent Link uses would be responsible for what you use on their cellular data and possibly a local network. If they have data retention laws like the UK, expect them to be stored for a while. Use a VPN to counteract retention of online browsing.
Silent link users would look like foreign visitors which shows less subscriber data, providing you use a foreign SIM, in some cases it could make you stand out more than others, but reducing information as a whole often makes you stand out to any surveiling system...
You are still unique on the cellular network due to your IMEI tied to your device and other possible SIM identifiers. IMEI is tied to eSIM but a network could correlate your phone's and eSIMs IMEI constantly being together.
The start of the SIM's IMSI number also specifies the country and network. One that is foreign would definitely stand out more than one that isn't if a cellular network could see it.
(This is anecdotal information - I have done academic work in mobile forensics)
As long as you treat silent.link like you are registering yourself to cellular data through a proxy and know the downsides you're good. I've heard good things but if I want to reduce tracking to the cellular network I'd just completely disconnect from it entirely.
reply
Thank you for the detailed explanation!
Yes, I would of course use a VPN.
Agreed that not connecting would reduce tracking but I'm trying to balance convenience with privacy.
What is the problem of standing out if they can't link it to an identity or see the data?
I understand they might use cell towers to get an approximate location of any SIM card. Is it for this reason that it's better not to stand out?
So using a local nokyc SIM card would be better. But VPN users are quite unique too, I suppose.
reply
A local sim card may not stand out but they'd be able to know some more info i.e. phone number due to it not using Roaming. Also difficult to set up in a NoKYC way.
Also there is nothing wrong with standing out if they cannot see, but note that if you somehow did something that linked your identity they will probably be able to keep correlating it is you forever.
As for triangulation it is unlikely to happen unless you was under an LE investigation. It isn't much of a threat unless you make it one or if you think the possibility is just a bad thing
reply
Your location data could be investigated by anybody, not just LE
Triangulation is less likely to happen as it's slow/expensive, but the process is becoming easier, faster, and cheaper - and the data, more available
There just needs to be a reason, any reason, for someone to bother to look at you
reply
Every day I learn more about the USA's unrestricted market for personal data. The fact the USA's business market is just so open about this is crazy to me. Great read.
Fortunately I don't live in the USA
Nah it's actually quite easy to get a nokyc SIM card where I live.
So for example a 911-type call where I doxxed myself could be used to link my identity to the behavior and used to predict my identity in the future based on that behavior patterns. Interesting
reply
yes! also true
zero transmissions is definitely the way forward
there are online services for sms verification
you can make voice/video calls with simplex or element/matrix
we don't need phone numbers any more and we should resist the systems that insist on them
if you are not in airplane mode, you are constantly transmitting your IMEI (device identifier) to nearby cell towers
as soon as your identity is linked to the device your entire movement history / habits are known
swapping sims won't help once you are linked to the device. which can happen by simply walking past a camera, with facial recognition, or a myriad of other ways.
don't use phone numbers / GSM networks, unless it's a data sim on a throwaway vpn dongle.
reply
which can happen by simply walking past a camera, with facial recognition
How would this work? How would they link the SIM card with the face?
data sim on a throwaway vpn dongle
What is a throwaway dongle? Any recommendations?
reply
If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.
So if anyone with that data (literally anyone, as it can be bought on darknet) wants to track an individual, just catch that person on a camera, and triangulate with the IMEIs in that location at that time. It will only take a few recordings to find the IMEI, and boom, you can now track that person anywhere (follow the IMEI). Every sim card you put in that phone can be reasonably associated with the owner of the device (because when you use the sim, you transmit both the IMEI and the IMSI / sim identifier).
My recommendation would be to purchase a GL 750 travel router (mudi) and install Blue Merle software (2 commands).
You can then switch the IMEI every time you switch the sim (ie, monthly) so the most you would typically reveal would be a months worth of tracking data.
Also, 100% of your traffic will be over VPN so the provider will know nothing about your browsing habits / destinations. And Blue Merle will also wipe the connection logs from the router.
Alternatively, just buy a cheap dongle and throw it away. The downside is, you won't have any VPN on the dongle, so you better hope your phone isn't leaking outside the VPN (Apple is guilty of this)
reply
Thanks for the recommendations.
If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.
Is this true with Graphene? I didn't get that impression from their docs
reply
yes
even without a sim, it will ping, if airplane mode is not on
graphene really need to enable airplane mode by default, to avoid the pings on startup
to be clear, those "pings" are normal cellular operations, it's just they always contain your identifiers
I know what you are saying but thats funny.
When my phone is in a Faraday bag it can't be tracked either. Lol
Graphene is great.
reply
reply
There are some helpful posts here about using Graphene in the most private way (no SIM airplane mode etc) which are really helpful, and worth doing when possible.
But, as OP suggests, Graphene in general reduces your location info leakage. Sure, you wouldn't be safe from a targeted state attack, BUT you massively reduce the ease of which your data can be bulk analyzed by individual surveillance organizations.
Other OS also have the ability to turn off location, but it's not as obvious (there are so many exceptions when trying to do it in iOS). And using more private browsers with a VPN and clearing your browsing data will generally lower your footprint and make your device look more generic online.
The more people that do these basic steps, the better everyone's privacy becomes because it breaks the entity resolution methods used by big data firms.
reply
Yes. And it is still just spam which you can ignore.
Graphene in the title refers probably to GrapheneOS, is that right? Note that this Android mod does not allow you to do real things with your "phone" (which is actually just a small computer). Yes, most of the Android mods (Samsung, Xiaomi, …) are not any better, but on such phones one is at least able to install a custom Recovery (preferably TWRP) which then lets the owner of the device to install a vanilla Android (LineageOS), optionally with Google Apps and Magisk.
Installing the latter two to an Android phone leads to a device that can run any app from the Google Play store but still letting you as the owner use superpowers and learn. For example by connecting over USB from your computer using ADB.
GrapheneOS wouldn't work if the tech used by Google in Android itself was broken. And because it is not broken, but actually works great, one can install latest Revolut (or any other root-checking app) and use it on a rooted phone by adding it to the DenyList on Magisk.
IMHO making more consumers rather than teaching principles is not the way to go. Android is Linux. Everyone is free to learn.
Like there is a clear thread of history regarding Bitcoin, which leads to understanding the "only" part, the same way can be used to go deeper into history of computers and learn about Linux, UNIX (KISS), birds' nest (architecture) and so on.
All the best!
reply
I have something similar
Should probably delete properly for good
reply
To my daughters dismay, this is his I found out she was skipping school. Location history created an almost perfect map of her whereabouts and when she came to and left school , and the gas station and library and dairy queen...
reply
That's bizarre...
reply