476 sats \ 31 replies \ @03365d6a53 23 Jun 2023 \ on: Graphene Fixes This tech
with graphene in airplane mode, without a sim, you can actually NOT be tracked
YOU taught me that, and I'm using your information verbatim in a little guide I'm writing up about my switch to Graphene.
BTW, I took your suggestion and do not have a sim. I still have to implement more of your suggestions
reply
If you want further clarification this is actually true:
Airplane mode on phones turn the cellular radio off completely but having a SIM would still let you use over-IP carrier services like WiFi Callng. Send an SMS to yourself when you have Airplane mode on, you will receive it.
Just not having a SIM isn't enough, you need to have both no SIM and airplane mode because it will broadcast to allow calling 911.
The new Pixel Tablet has no cellular radio if you want to completely avoid it.
reply
about the tablet, that's great to know!
reply
Thanks for that detail. I used your info too! I think I credited everybody.
reply
No problem! I also am working on an article but would love to see how yours comes up. Please post here when done
reply
Mine is pretty basic. Maybe I'll put mine aside if yours is comprehensive. You have the knowledge to go way more in depth in this area than I do. I'll wait.
reply
I'd still publish it. Mine will likely be explaining the OS' changes and threat model rather than you explaining your switch.
I don't know when I'd finish it either - currently on other projects.
reply
Okay. There probably won't be much overlap then.
reply
stoked you were able to get it installed. guide sounds great, look forward to reading it ✌
reply
Thanks, but don't get your hopes up. It's pretty basic. I'm amazed at how knowledgeable some of our fellow SNers are. If @final posts his guide we'll all learn a lot. I am enjoying the ride so far. I'm optimistic I will stick it out.
reply
I am still working on this, but I want it to be comprehensive so it wont be done for a while.
I am working on images mostly, I have this draft which was originally meant to explain Sandboxed Google Play but I will likely make changes to describe the whole OS' hardening as a whole:
reply
Thank you and looking forward to reading it, searching for info like this online always confuses me so relentlessly that I have to stop
reply
Looking forward!
If I used a silent.link esim for example, what are the downsides, i.e. how exactly can I be tracked and what do I stand to lose?
reply
The cellular network provider that Silent Link uses would be responsible for what you use on their cellular data and possibly a local network. If they have data retention laws like the UK, expect them to be stored for a while. Use a VPN to counteract retention of online browsing.
Silent link users would look like foreign visitors which shows less subscriber data, providing you use a foreign SIM, in some cases it could make you stand out more than others, but reducing information as a whole often makes you stand out to any surveiling system...
You are still unique on the cellular network due to your IMEI tied to your device and other possible SIM identifiers. IMEI is tied to eSIM but a network could correlate your phone's and eSIMs IMEI constantly being together.
The start of the SIM's IMSI number also specifies the country and network. One that is foreign would definitely stand out more than one that isn't if a cellular network could see it.
(This is anecdotal information - I have done academic work in mobile forensics)
As long as you treat silent.link like you are registering yourself to cellular data through a proxy and know the downsides you're good. I've heard good things but if I want to reduce tracking to the cellular network I'd just completely disconnect from it entirely.
reply
Thank you for the detailed explanation!
Yes, I would of course use a VPN.
Agreed that not connecting would reduce tracking but I'm trying to balance convenience with privacy.
What is the problem of standing out if they can't link it to an identity or see the data?
I understand they might use cell towers to get an approximate location of any SIM card. Is it for this reason that it's better not to stand out?
So using a local nokyc SIM card would be better. But VPN users are quite unique too, I suppose.
reply
A local sim card may not stand out but they'd be able to know some more info i.e. phone number due to it not using Roaming. Also difficult to set up in a NoKYC way.
Also there is nothing wrong with standing out if they cannot see, but note that if you somehow did something that linked your identity they will probably be able to keep correlating it is you forever.
As for triangulation it is unlikely to happen unless you was under an LE investigation. It isn't much of a threat unless you make it one or if you think the possibility is just a bad thing
reply
Your location data could be investigated by anybody, not just LE
Triangulation is less likely to happen as it's slow/expensive, but the process is becoming easier, faster, and cheaper - and the data, more available
There just needs to be a reason, any reason, for someone to bother to look at you
This article is 4 years old already: https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
reply
Every day I learn more about the USA's unrestricted market for personal data. The fact the USA's business market is just so open about this is crazy to me. Great read.
reply
Fortunately I don't live in the USA
reply
Not being in the USA doesn't mean this could not happen either in a more closed environment, in the UK this type of stuff isn't permissible but in the past Police and the press were often getting into the bedsheets with private investigators who would then buy information to sell news stories. Such as tapping the cellphone of a murdered child to get voicemails - this is the one that broke the camel's back.
I'm a national and there is so many investigations/backgrounds to it that I still do not have a full scope of the events myself.
Here is a good background on that, even for how much it is - it is out of date: https://brown-moses.blogspot.com/2012/06/hackgate-for-beginners-whos-who-key.html
Edit: Wrong link, this is the REAL index: https://brown-moses.blogspot.com/2012/05/hackgate-for-beginner-index.html
Nah it's actually quite easy to get a nokyc SIM card where I live.
So for example a 911-type call where I doxxed myself could be used to link my identity to the behavior and used to predict my identity in the future based on that behavior patterns. Interesting
reply
yes! also true
zero transmissions is definitely the way forward
there are online services for sms verification
you can make voice/video calls with simplex or element/matrix
we don't need phone numbers any more and we should resist the systems that insist on them
reply
We're luckily seeing an increase in the independence of phone numbers as 2FA options. A lot of professional services / work-related use an app or TOTP now so my reliance on a phone number ended about a year ago.
I would feel like in the far future phone numbers would be obsolete and be replaced with different system, but cellular networks suck in making any meaningful progression so I'll likely be dead before something like that happens.
Unfortunately cutting out a few of those systems will severly impact my social life and the tradeoff is not worth it. I could get a second phone maybe
if you are not in airplane mode, you are constantly transmitting your IMEI (device identifier) to nearby cell towers
as soon as your identity is linked to the device your entire movement history / habits are known
swapping sims won't help once you are linked to the device. which can happen by simply walking past a camera, with facial recognition, or a myriad of other ways.
don't use phone numbers / GSM networks, unless it's a data sim on a throwaway vpn dongle.
reply
which can happen by simply walking past a camera, with facial recognition
How would this work? How would they link the SIM card with the face?
data sim on a throwaway vpn dongle
What is a throwaway dongle? Any recommendations?
reply
If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.
So if anyone with that data (literally anyone, as it can be bought on darknet) wants to track an individual, just catch that person on a camera, and triangulate with the IMEIs in that location at that time. It will only take a few recordings to find the IMEI, and boom, you can now track that person anywhere (follow the IMEI). Every sim card you put in that phone can be reasonably associated with the owner of the device (because when you use the sim, you transmit both the IMEI and the IMSI / sim identifier).
My recommendation would be to purchase a GL 750 travel router (mudi) and install Blue Merle software (2 commands).
You can then switch the IMEI every time you switch the sim (ie, monthly) so the most you would typically reveal would be a months worth of tracking data.
Also, 100% of your traffic will be over VPN so the provider will know nothing about your browsing habits / destinations. And Blue Merle will also wipe the connection logs from the router.
Alternatively, just buy a cheap dongle and throw it away. The downside is, you won't have any VPN on the dongle, so you better hope your phone isn't leaking outside the VPN (Apple is guilty of this)
reply
Thanks for the recommendations.
If your phone is not on airplane mode, then the device is constantly transmitting it's unique identifier (IMEI), time, and location, regardless of the sim.
Is this true with Graphene? I didn't get that impression from their docs
reply
yes
even without a sim, it will ping, if airplane mode is not on
graphene really need to enable airplane mode by default, to avoid the pings on startup
to be clear, those "pings" are normal cellular operations, it's just they always contain your identifiers
reply
I know what you are saying but thats funny.
When my phone is in a Faraday bag it can't be tracked either. Lol
Graphene is great.
reply
truth!
reply