Graphene Fixes This \ stacker news ~tech

2976 sats \ 37 comments \ @siggy47 23 Jun 2023 tech

I received this friendly email from Google explaining why I should turn on location history. I haven't used that gmail account for a few years:

About Location History Location History lets you create a Timeline, a map of your visited places and routes. Timeline data can also be used to give you More personalized experiences across Google, such as suggested destinations on Google Maps and Android Auto. More useful ads on Google and other places Google ads may appear, such as websites or apps

view all related items

476 sats \ 31 replies \ @03365d6a53 23 Jun 2023

with graphene in airplane mode, without a sim, you can actually NOT be tracked

275 sats \ 28 replies \ @siggy47 OP 23 Jun 2023

YOU taught me that, and I'm using your information verbatim in a little guide I'm writing up about my switch to Graphene.

BTW, I took your suggestion and do not have a sim. I still have to implement more of your suggestions

291 sats \ 6 replies \ @final 23 Jun 2023

If you want further clarification this is actually true:

Airplane mode on phones turn the cellular radio off completely but having a SIM would still let you use over-IP carrier services like WiFi Callng. Send an SMS to yourself when you have Airplane mode on, you will receive it.

Just not having a SIM isn't enough, you need to have both no SIM and airplane mode because it will broadcast to allow calling 911.

The new Pixel Tablet has no cellular radio if you want to completely avoid it.

0 sats \ 0 replies \ @03365d6a53 23 Jun 2023

about the tablet, that's great to know!

0 sats \ 4 replies \ @siggy47 OP 23 Jun 2023

Thanks for that detail. I used your info too! I think I credited everybody.

20 sats \ 3 replies \ @final 23 Jun 2023

No problem! I also am working on an article but would love to see how yours comes up. Please post here when done

10 sats \ 2 replies \ @siggy47 OP 23 Jun 2023

Mine is pretty basic. Maybe I'll put mine aside if yours is comprehensive. You have the knowledge to go way more in depth in this area than I do. I'll wait.

0 sats \ 1 reply \ @final 23 Jun 2023

I'd still publish it. Mine will likely be explaining the OS' changes and threat model rather than you explaining your switch.

I don't know when I'd finish it either - currently on other projects.

0 sats \ 0 replies \ @siggy47 OP 23 Jun 2023

Okay. There probably won't be much overlap then.

reply on another page

20 sats \ 2 replies \ @_b_o_n_e_s_ 24 Jun 2023

stoked you were able to get it installed. guide sounds great, look forward to reading it ✌

21 sats \ 1 reply \ @siggy47 OP 24 Jun 2023

Thanks, but don't get your hopes up. It's pretty basic. I'm amazed at how knowledgeable some of our fellow SNers are. If @final posts his guide we'll all learn a lot. I am enjoying the ride so far. I'm optimistic I will stick it out.

130 sats \ 0 replies \ @final 25 Jun 2023

I am still working on this, but I want it to be comprehensive so it wont be done for a while.

I am working on images mostly, I have this draft which was originally meant to explain Sandboxed Google Play but I will likely make changes to describe the whole OS' hardening as a whole:

20 sats \ 0 replies \ @BBitcoinUSA 23 Jun 2023

Thank you and looking forward to reading it, searching for info like this online always confuses me so relentlessly that I have to stop

0 sats \ 16 replies \ @franzap 23 Jun 2023

Looking forward!

If I used a silent.link esim for example, what are the downsides, i.e. how exactly can I be tracked and what do I stand to lose?

273 sats \ 10 replies \ @final 23 Jun 2023

The cellular network provider that Silent Link uses would be responsible for what you use on their cellular data and possibly a local network. If they have data retention laws like the UK, expect them to be stored for a while. Use a VPN to counteract retention of online browsing.

Silent link users would look like foreign visitors which shows less subscriber data, providing you use a foreign SIM, in some cases it could make you stand out more than others, but reducing information as a whole often makes you stand out to any surveiling system...

You are still unique on the cellular network due to your IMEI tied to your device and other possible SIM identifiers. IMEI is tied to eSIM but a network could correlate your phone's and eSIMs IMEI constantly being together.

The start of the SIM's IMSI number also specifies the country and network. One that is foreign would definitely stand out more than one that isn't if a cellular network could see it.

(This is anecdotal information - I have done academic work in mobile forensics)

As long as you treat silent.link like you are registering yourself to cellular data through a proxy and know the downsides you're good. I've heard good things but if I want to reduce tracking to the cellular network I'd just completely disconnect from it entirely.

10 sats \ 9 replies \ @franzap 23 Jun 2023

Thank you for the detailed explanation!

Yes, I would of course use a VPN.

Agreed that not connecting would reduce tracking but I'm trying to balance convenience with privacy.

What is the problem of standing out if they can't link it to an identity or see the data?

I understand they might use cell towers to get an approximate location of any SIM card. Is it for this reason that it's better not to stand out?

So using a local nokyc SIM card would be better. But VPN users are quite unique too, I suppose.

22 sats \ 8 replies \ @final 23 Jun 2023

A local sim card may not stand out but they'd be able to know some more info i.e. phone number due to it not using Roaming. Also difficult to set up in a NoKYC way.

Also there is nothing wrong with standing out if they cannot see, but note that if you somehow did something that linked your identity they will probably be able to keep correlating it is you forever.

As for triangulation it is unlikely to happen unless you was under an LE investigation. It isn't much of a threat unless you make it one or if you think the possibility is just a bad thing

32 sats \ 3 replies \ @03365d6a53 23 Jun 2023

Your location data could be investigated by anybody, not just LE

Triangulation is less likely to happen as it's slow/expensive, but the process is becoming easier, faster, and cheaper - and the data, more available

There just needs to be a reason, any reason, for someone to bother to look at you

This article is 4 years old already: https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html

10 sats \ 0 replies \ @final 23 Jun 2023

Every day I learn more about the USA's unrestricted market for personal data. The fact the USA's business market is just so open about this is crazy to me. Great read.

reply on another page

5 sats \ 1 reply \ @franzap 24 Jun 2023

Fortunately I don't live in the USA

view replies

10 sats \ 3 replies \ @franzap 23 Jun 2023

Nah it's actually quite easy to get a nokyc SIM card where I live.

So for example a 911-type call where I doxxed myself could be used to link my identity to the behavior and used to predict my identity in the future based on that behavior patterns. Interesting

0 sats \ 2 replies \ @03365d6a53 24 Jun 2023

yes! also true

zero transmissions is definitely the way forward

there are online services for sms verification

you can make voice/video calls with simplex or element/matrix

we don't need phone numbers any more and we should resist the systems that insist on them

view replies

189 sats \ 4 replies \ @03365d6a53 23 Jun 2023

if you are not in airplane mode, you are constantly transmitting your IMEI (device identifier) to nearby cell towers

as soon as your identity is linked to the device your entire movement history / habits are known

swapping sims won't help once you are linked to the device. which can happen by simply walking past a camera, with facial recognition, or a myriad of other ways.

don't use phone numbers / GSM networks, unless it's a data sim on a throwaway vpn dongle.

0 sats \ 3 replies \ @franzap 23 Jun 2023

which can happen by simply walking past a camera, with facial recognition

How would this work? How would they link the SIM card with the face?

data sim on a throwaway vpn dongle

What is a throwaway dongle? Any recommendations?

179 sats \ 2 replies \ @03365d6a53 23 Jun 2023

If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.

So if anyone with that data (literally anyone, as it can be bought on darknet) wants to track an individual, just catch that person on a camera, and triangulate with the IMEIs in that location at that time. It will only take a few recordings to find the IMEI, and boom, you can now track that person anywhere (follow the IMEI). Every sim card you put in that phone can be reasonably associated with the owner of the device (because when you use the sim, you transmit both the IMEI and the IMSI / sim identifier).

My recommendation would be to purchase a GL 750 travel router (mudi) and install Blue Merle software (2 commands).

You can then switch the IMEI every time you switch the sim (ie, monthly) so the most you would typically reveal would be a months worth of tracking data.

Also, 100% of your traffic will be over VPN so the provider will know nothing about your browsing habits / destinations. And Blue Merle will also wipe the connection logs from the router.

Alternatively, just buy a cheap dongle and throw it away. The downside is, you won't have any VPN on the dongle, so you better hope your phone isn't leaking outside the VPN (Apple is guilty of this)

0 sats \ 1 reply \ @franzap 24 Jun 2023

Thanks for the recommendations.

If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.

Is this true with Graphene? I didn't get that impression from their docs

22 sats \ 0 replies \ @03365d6a53 24 Jun 2023

yes

even without a sim, it will ping, if airplane mode is not on

graphene really need to enable airplane mode by default, to avoid the pings on startup

https://github.com/GrapheneOS/os-issue-tracker/issues/1989

to be clear, those "pings" are normal cellular operations, it's just they always contain your identifiers

reply on another page

117 sats \ 1 reply \ @kepford 23 Jun 2023

I know what you are saying but thats funny.

When my phone is in a Faraday bag it can't be tracked either. Lol

Graphene is great.

0 sats \ 0 replies \ @03365d6a53 23 Jun 2023

truth!

22 sats \ 0 replies \ @gunson 24 Jun 2023

There are some helpful posts here about using Graphene in the most private way (no SIM airplane mode etc) which are really helpful, and worth doing when possible.

But, as OP suggests, Graphene in general reduces your location info leakage. Sure, you wouldn't be safe from a targeted state attack, BUT you massively reduce the ease of which your data can be bulk analyzed by individual surveillance organizations.

Other OS also have the ability to turn off location, but it's not as obvious (there are so many exceptions when trying to do it in iOS). And using more private browsers with a VPN and clearing your browsing data will generally lower your footprint and make your device look more generic online.

The more people that do these basic steps, the better everyone's privacy becomes because it breaks the entity resolution methods used by big data firms.

0 sats \ 0 replies \ @justsmile 24 Jun 2023

Yes. And it is still just spam which you can ignore.

Graphene in the title refers probably to GrapheneOS, is that right? Note that this Android mod does not allow you to do real things with your "phone" (which is actually just a small computer). Yes, most of the Android mods (Samsung, Xiaomi, …) are not any better, but on such phones one is at least able to install a custom Recovery (preferably TWRP) which then lets the owner of the device to install a vanilla Android (LineageOS), optionally with Google Apps and Magisk.

Installing the latter two to an Android phone leads to a device that can run any app from the Google Play store but still letting you as the owner use superpowers and learn. For example by connecting over USB from your computer using ADB.

GrapheneOS wouldn't work if the tech used by Google in Android itself was broken. And because it is not broken, but actually works great, one can install latest Revolut (or any other root-checking app) and use it on a rooted phone by adding it to the DenyList on Magisk.

IMHO making more consumers rather than teaching principles is not the way to go. Android is Linux. Everyone is free to learn.

Like there is a clear thread of history regarding Bitcoin, which leads to understanding the "only" part, the same way can be used to go deeper into history of computers and learn about Linux, UNIX (KISS), birds' nest (architecture) and so on.

All the best!

0 sats \ 0 replies \ @2bithits 24 Jun 2023

I have something similar

Should probably delete properly for good

0 sats \ 0 replies \ @psilo 23 Jun 2023

To my daughters dismay, this is his I found out she was skipping school. Location history created an almost perfect map of her whereabouts and when she came to and left school , and the gas station and library and dairy queen...

0 sats \ 0 replies \ @mudbloodvonfrei 23 Jun 2023

That's bizarre...