
Create an anonymous Signal phone number with Android - nyolfen
https://yawnbox.com/index.php/2015/03/14/create-an-anonymous-textsecure-and-redphone-phone-number/
======
ynezz
I think, that it's not that anonymous.

Weak spots:

1\. I wouldn't recommend buying used devices, you don't know what has been
done with the device, what's running there, even if you reflash it from
scratch. Try to buy somehow (anonymously) device in still original and sealed
packaging.

2\. One would need to first install modified AOSP/CyanogenMod with patched
core libraries/apps/services to return fake/random values for device serial
number, WiFi and Bluetooth MAC addresses. Otherwise some of the apps might
leak this information over the air, even in clear text form.

3\. You need to remove or somehow power off the GSM baseband, otherwise you
can still be tracked.

I'm not an expert in this area, so there might be a lot other missing weak
spots in this guide.

~~~
dayon
Regarding #3, what about putting the phone into airplane mode and keeping WIFI
on? Wouldn't airplane mode disable the baseband?

~~~
chadzawistowski
Possibly... but you have to trust that the software is doing what you told it
to. A hardware killswitch would be far more trustable.

------
yuvadam
I'm curious why Whisper Systems aren't allowing registration with just a
handle instead of tying accounts to a PSTN number. Telegram already allows
this.

~~~
LeoPanthera
> Telegram already allows this.

No it doesn't. You can have a handle, but only after verifying a number first.

~~~
retromario
And Telegram is not secure anyways:
[https://security.stackexchange.com/questions/49782/is-
telegr...](https://security.stackexchange.com/questions/49782/is-telegram-
secure)

Check out Threema for a secure alternative that doesn't require a phone
number:
[https://en.wikipedia.org/wiki/Threema](https://en.wikipedia.org/wiki/Threema)

~~~
LeoPanthera
That's all very well, but no good if everyone you want to talk to already uses
Telegram, which is proving to be quite popular.

------
nunobrito
This is stupid. Wants to be anonymous, uses Google.

Google records your calls, the number of times you access their service, the
messages, the IP address you are using and happily shares this information
with your favorite government information service.

Wake up. If you are not paying for the service from Google, YOU are the
service..

~~~
fulafel
The point is creating a new network identity that is not connected to your
public identity, and let Google etc track it all they want. So it's
pseudonymous more than anonymous.

~~~
blubb-fish
They'll still track you by correlating your Signal meta-data with that
resulting from your usage of other Google services where you are "onymous".

~~~
fulafel
You mustn't use your "onymous" Google ID on this burner phone, nor have any
contact between your pseudonymous Google ID and your public Google ID. I guess
the guide should spell this out more, I took it as implied when the guide
started by buying a non-trackable phone with cash.

Edit: quote from the guide: "11\. Only use this device for Signal (and maybe
Google Authenticator, see #13) from now on to minimize its exposure."

~~~
mindslight
It's even worse - simply using the same wifi point as your other Google
accounts or even your friends will deanonymize you.

Trustable local software (so _not_ GApps/Android) and a mix network is the
only way to get anonymity.

I'd personally like to see communication apps that use TOR for messaging, with
the option to explicitly break anonymity for voice calls - leaving your
location untracked most of the time.

------
blubb-fish
I don't see the problem to begin with.

The question with anonymity and data securing always is - " __who __do you
want to protect against? "

No matter how you set up Signal it's not going to help you against
intelligence agencies - they'll just hack into your Android or use the
available backdoors in your I- or Windows Phone.

Signal is very good (the best?) to encrypt your messages and to sabotage mass
surveillance which aims at content analysis. Also not any random bored Data
Scientist at WhatsApp will be able to read your stuff.

Controlling your meta-data is absolutely impossible with your day-to-day-
smartphone anyway. You'd have to use stolen phones and SIM cards.

In my opinion it ALL comes down to establishing online best practices to keep
suspicion-independent mass surveillance at bay. The rest is politics - if your
police is super corrupt - they'll just break your fingers until you give them
access to what they want.

~~~
Arnt
Try harder.

Pretend there's a phone on my desk now that was bought by someone else via
ebay and reflashed to cyanogenmod. There actually was, its owner forgot it
while visiting, but you can pretend that you're a powerful snooping government
and that's my secret phone that you want to hack. Not registered in my name,
not purchased by me, maybe there's not even a SIM card in the phone. How do
you go about "just hacking into" that phone or using the "available
backdoors"?

~~~
blubb-fish
Well, usually there has to be a SIM card in your phone to use it for
communication. That SIM card has an ID and sooner or later there is going to
be a correlateable pattern - the location of a phone which happens to be close
to you very often or simply a voice that can be identified as yours. It
depends if NSA wants you and then figures out your alter egos or if its the
alter ego they care first about and then they'll try to figure out who's the
real ego.

What's the satisfaction to be 100% untraceable anyway? The practially and
politically relevant idea is to not cater your data to them.

~~~
Arnt
WLAN is sufficient for a lot of use in some use cases, but that's a
digression. The main point is that even if you do have zero-day exploits, just
finding the phone can be a big, big hurdle, particularly if you don't know the
name of its main user.

------
jalada
It feels like the steps taken to improve anonymity are really arbitrary,
without any particular threat model.

'Randomly' taking a bus you never take to a city you've never been to and
never go to again just to buy a phone, sit in a coffee shop for 5 minutes, and
go home, sounds like a good way to make someone pay attention to what you're
doing.

And if you think that's too much paranoia, I'm pointing it out because number
8 on this list says 'never use the phone from a place you routinely go', which
feels like it's on a similar level.

~~~
746F7475
Of course you can (and probably should) be "sneaky" about it and have alter
motive to go to that city, say you go to a concert or maybe it has better
movie theater or maybe there is some kind of conference.

About using the phone in places you don't routinely go, I can think of at
least couple places like coffee shops that are within range of another public
wifi which I don't normally associate with.

------
ars
Can't you just buy a prepaid phone at some corner market, and not use it for a
month (to wait for any video surveillance to overwrite)?

------
JS3WUMP
I think using [https://ostel.co](https://ostel.co) instead of Signal would be
easier and make a lot more sense. But in the absence of a defined threat
model, it's hard to see what the author was going for.

------
mseebach
It seems pointless to go through that exercise if you're going to share that
phone number with people who doesn't share your dedication to OPSEC (for a
fictional argument, recall Zero Dark Thirty where they essentially find OBL
because a guy calls his mother). And once you're there, you don't need PSTN
numbers, which means you can leave Google out of the equation.

------
edent
Very interesting. But what happens if someone gets that temporary phone number
and re-registers it on a different handset?

~~~
gcb0
i was thinking you'd need that temp number only to register gvoice

------
fulafel
Talkatone (step 6) asks for money and in order to get the temporary phone
number. Possibly this could be overcome anonymously by buying Google Play
coupons with cash.

------
ikeboy
Is there a secure way to make phone calls from a computer over tor? If you get
an anonymous Google voice number, would it work over tor to make calls?

~~~
therein
Google requires you to verify with a phone number if your IP address matches a
Tor exit node.

~~~
ikeboy
Yes, but the article says you can use a temporary number to verify. If you can
get a temp number on a computer for sms, then switch to the gv one for use,
would calling over tor work?

------
zeropointmodule
create a throwaway google voice number

------
gfuguy
You can't be serious. Ain't nobody got time for that.

