Hacker News new | past | comments | ask | show | jobs | submit login
Mass cellphone surveillance experiment in Spain (cfenollosa.com)
361 points by carlesfe 86 days ago | hide | past | web | favorite | 225 comments

Following the link on airplane mode:

>“Every phone has two operating systems,” explains Gary S. Miliefsky, CEO of SnoopWall, “One that connects to cellular networks, and one that interfaces with the consumer. Airplane mode may only disable features in the consumer facing operating system, such as Android or iOS, but not in the OS used between the phone and the carrier network. A phone may be giving out a ‘ping’ and you’d never know it.”

Surely that defeats the whole idea behind airplane mode. i.e. stop the phone from sending crap that (supposedly) messes with airplanes?

As an RF engineer who has tested frequency spectra and radiated powers of various consumer electronics including cell phones, I've never seen a cell phone (specifically an iPhone 5, A Nexus, a Samsung Galaxy S4, and a razr flip phone) transmit with airplane mode turned off.

It's not just airplanes that could be susceptable to cell phone emissions, but back in GSM days, the number of handoffs while in flight would effectively jam the cellular network in a 200mi radius. Nowadays cell phones are much smarter and don't do that, and the EMC risk in aircraft is extremely low.

>>I've never seen a cell phone (specifically an iPhone 5, A Nexus, a Samsung Galaxy S4, and a razr flip phone) transmit with airplane mode turned off.

I think you meant "on"? If airplane mode was on, RF emissions were a strict test case executed in the lab Faraday cages where we ran new terminals through their paces prior to launch rollouts.

Correct, typo. We were specifically testing the radiated and conducted (through its charging cable) emissions from the cellphone's processors, display, etc, and needed the radios off in a reverberation chamber.

No way to tell if it's listening though. It could be silent and still be processing every it can detect.

Who knows if there are secret commands that can be sent to it to override airplane mode settings, or instructions to do other nefarious things and broadcast once out of air plane.

Every radio has a signature that it's turned on by listening to its Local Oscillator. [0]

We weren't testing the presence of the LO, but instead characterizing the phone's radiated and conducted emissions from it's non-phone radio functions like its processors, displays, BMS, etc. There were discrete frequencies which were certainly from oscillators, but we didn't determine whether or not that was the receiver(s') LO(s) when airplane mode was on. There's probably a dozen other oscillators within phones for memory, CPU, displays, etc. So, you might be right, but this can be tested in the right lab.

However, that might be complicated with software defined receivers that don't have a typical receiver architecture, very low level signals, and very tiny PCB traces.

[0] http://scholarsmine.mst.edu/doctoral_dissertations/1996

Why would they be listening to audio anyway when all phones have always-on speech recognition?

He means listening to the radio. A phone might have special baseband firmware that, e.g., turns on for a minute every hour and listens for a particular coded sequence (such as the date, and a mask of serial numbers, encrypted to a key in firmware etc), which would then cause the phone to do a number of things, such as turn on the radio for rx, or tx the RSSI of nearby towers, etc. All without telling the main CPU.

Colour me dubious. If the phone is in airplane mode then the carrier doesn't know where it is. Are you suggesting they broadcast this information on all their cell towers? Or that they have a secret system to predict/guess where a dark handset might be so they can target it? Either sounds extremely unlikely.

Well, lots of the NSA kit seems extraordinary.

As to the practicalities, it wouldn't need to use the carrier network, just put it in a plane. Like the plane they have circling D.C. right now, or a drone. And your location is often known approximately.


Someone should point a good signal analyser at these.

Could just listen and log GPS location, bluetooth beacons, nearby wifi access points - without transmitting.

Android does this routinely with wifi listening, if not GPS. It's a feature, and you can't turn it off. Haven't tested if GPS spoofing (a debug interface) overrides that.

Iphones now do this too, privacy violation by relay to nearby iPhones, over Bluetooth and possibly with the new mm wave RADAR too.

A while back, I experienced a technical problem with my carrier. As a result, my subscription stopped working. That meant that for everyday I used the internet connection, I was to be charged 4 euros.

The solution was obvious: airplane mode! You know what? It didn't help. They kept charging me 4 euros a day. Then I replaced the APN in the network settings with a fake one and suddenly the daily charges were gone.

Airplane mode didn't help, some byte was still passing through.

The phone was an android phone. The carrier refunded me right after fixing the problem (which took them a month and half).

might phones in some sense be cheating emissions tests?

How? I don't think there's any way a phone could know if someone has a spectrum analyzer looking at it's antennas, so it wouldn't be able to distinguish between a user enabling airplane mode because they want to vs. someone testing it.

In those RF cages, the phones are basically in a deep black void, pretty easy to tell you are in a void and not a rolling sunny hill.

Or do what VW did and detect the testing station, I am sure the locations of the FCC test facilities are widely known.

If it was on airplane mode before it entered the room it wouldn't be able to tell, that'd be a useful first step.

Why? Airplane mode is a software feature right, you just don't enable whatever power transistors you use to amplify your transmission. However a receiver won't give measurable EMF, you could still listen and detect any abnormally low noise floor. You could probably even employ a heuristic like "only call home if the noise floor has been very high for at least one hour".

That would still be catastrophic for people trying to avoid tracking in demonstrations for example.

Or what am I missing?

Your phone's (rootkit?) would have to passively measure the room before any remote action, that's true and reduces the utility. Still it would require accessing the sensors in the faraday cage which might make some noise.

Plenty of VM evasion stuff has been caught in the wild so it would up the game regardless, which is all you can really hope for against hackers and malicious parties. They almost always go for the easy targets who don't think of this stuff anyway.

Good point none-the-less.

Only Audi phones.

For those who don’t have a spectrum analyzer, you can test with an inductive amplifier like ones used for tracing cables. Or even an AM radio.

From a friend that is an amateur radio enthusiest "It's because your phone connects to so many towers (50-100 at a time) at once that it's an issue versus bringing the plane down".

It isn't plausible that the baseband is routinely incorporating backdoors. However it is very plausible that nation states do lots of testing of baseband firmware, with an eye towards exploiting it. If baseband protocols were as easy to test as wifi we would probably see more vuln reports about them.

It is unlikely that they would be able to remotely update the baseband firmware though, especially on an iPhone. Also, an increasing number of baseband systems use highly verified kernels, such as sel4.

As to phones in flight mode routinely pinging, this is incorrect. It would easily be detected by standard tools and counter-surveillance equipment.

It isn't plausible that a modern phone would interfere with a modern jet IMO, but I still turn it to flight mode. Doesn't mean a passenger couldn't cause problems if they wanted too though -- turn on a GPS jammer and ADS-B/mode-S spoofer while onboard and watch everything go kooky.

A more realistic security problem is that of phones listening to wifi when turned off for geolocation purposes. Just the listening is exposing the stack to some degree.

> It isn't plausible that the baseband is routinely incorporating backdoors.

Intel and AMD effectively incorporate a back door into every processor, one that they refuse to document or give the keys for (but which likely some government agencies have, whether provided willingly or not). Why is it implausible that basebands incorporate something similar?

Features like Intel ME were actually requested by major IHVs, like Dell/HP etc. VISA is a debug system you need ring 0 access to use.

In contrast, Qualcomm/Intel clients like Apple are very concerned to not have magic backdoors (Apple bought Intel's bandband IP and team recently, supposedly to make their own 5G chip). In any case, there are plenty of garden variety vulnerabilities in bandband chips, no need for NSA voodoo.

Yes, some users find them somewhat useful.

That does not explain the complete lack of documentation, access keys, and the inability to turn it off under any circumstances.

It is possible that this is not and has not been used as a back door. But why is that so implausible?

Intel ME could have been used as a backdoor in a circumstance where they knew it wouldn't be analyzed, but that is a small percentage of jobs. Really only when you know a JDAM is coming through the roof soon after, or it's a no fail type of mission, i.e. taking over NK ground control during a missile launch. It isn't going to be wasted trying to hack the Kremlin, where everything gets logged.

For baseband chips, I haven't heard of Qualcomm having these types of interfaces at all. Fleet management happens via MDM at the iOS/Android level. I don't think NSA would be able to coerce Qualcomm to introduce a huge feature like ME in secret, and besides that isn't their MO, there would be a standards process etc. I really don't think something like that could be kept completely under wraps, and then as soon as you used it once it would be burnt.

Chinese chipsets not so sure. So far Huawei has so many bugs in everything they have implausible deniability. Like dozens of level 10, full RCE exploits. That's a good reason to ban them.

JFYI, at least on iOS 13, airplane mode disables only the mobile connection, while WiFi and Bluetooth remain on. This is not hidden in any way, the buttons remain active in Control Center. I assume that only mobile signal has enough power to be considered dangerous. Maybe someone can explain what's the reasoning behind this choice.

I feel like this aligns with what "airplane" mode should be. I find it annoying when I turn on airplane mode and it disables my bluetooth and I have to re-enable it (Android X/Api 29 and below)

You can set which radios are disabled with Airplane mode with an adb command. It persists and will even transfer to a new phone.

The default is:

adb settings put global airplane_mode_radios cell,bluetooth,wifi,nfc,wimax

I have mine set to:

adb settings put global airplane_mode_radios cell,wifi,wimax

That is great! Thanks for the tip.

The reasoning is that airlines used to ban all wireless communication during flight. Now they permit Bluetooth and WiFi but still forbid cellular. The iOS behavior is calibrated to the air travel rules.

I believe iPadOS/iOS 13 by default will leave Bluetooth on while in airplane mode (likely for watches and headphones). If you turn bluetooth off while in airplane mode, it remembers that as a preference.

It's been like that for a while if you have your wifi/Bluetooth on when airplane mode is on, it will do it the same way next time you turn on airplane mode. I used that frequently on my 5S, spare 6, and iPhone X.

You carry 4 phones?

The reasoning was so that WF on flight, and BT/WF peripherals like AirPods, Apple Watch, and (for the iPad) the pencil, connected keyboards, and so on, can continue to work.

Phones affecting airplanes is already not that much of a risk (even if indeed existing), and besides, as the article claims, the phone might still just sent a periodic ping, which is going to be practicable unnoticeable for any equipment.

If it's a signal it will be noticeable with a tool that scans the relevant bands. Trivially so.

In what sense could it ever be "practicable unnoticeable", much less "for any equipment"?

UTC 0830 Smart devices mimic what they hear around them so they can blend in. For example, for wifi using the same MAC address and IP info as something transmitting frequently. You'd have to check the sequence numbers or use multi-directional gear to detect it reliably.

Conceivably it would use a different waveform with lower energy when transmitting clandestinely, but that would be insanely expensive to achieve, probably need to add a separate chip, and it wouldn't work for people who change phones regularly.

I'm reminded that a while back the Shin Bet modified a phone to have a chunk of plastic explosive, used to kill a Hamas bomb maker. It was detonated remotely with a non-phone protocol (as the phone channel was in use by the target).

Agree, if the signal is strong enough to reach a cell tower there is no way you could hide it from someone who was looking for it.

I mean in the "affect airplanes" sense. Obviously it is distinguishable from noise because it has to be received...

Meta data from regular operation, combined with data from apps, and OS telemetry is probably be such a treasure trove that backdooring the baseband processor is probably overkill in most cases, and while I suspect there are phones backdoored in this manner the real threat will not likely be government agencies for most people; it's the risk that non-government actors discovers it and abuses it for criminal purposes.

I suspect various alphabet agencies are perfectly aware of this, and that they're actively avoiding such measures unless they're considered strictly neccesary. After all, imagine the media shit-storm if some North-Korean hacker group managed to start mining bitcoin with 2 billion Android devices and it turns out that NSA put in the back door that allowed it.

Notably, appeals to not having your phone on in an airplane and airplane mode are more due to the extensive reach of an airborne cellphone and the effect this has on cells and hand-over protocols, as the phone connects to a plethora of cell towers in rapid succession, by this seriously harming available capacity. So this is intended more to protect the earthbound infrastructure than the cockpit electronics. I'd guess, subverting any countermeasures by means of the baseband system would be contrary to the interest of those involved and profiting from this.

"stopping the phone from sending crap that (supposedly) messes with airplanes" was never the goal of airplane mode. If phones could bring down an airplane they would have never been allowed on board.

The technical problem was always that planes cross cells at speeds for which the gsm handover protocol was not designed. The business problem was phones would eat into the juicy onboard services turnover.

From what I've seen, the phone still collects all the data as normal but just doesn't transmit while in ariplane mode, but will transmit after.

edit: Quickest thing I could find was a Tucker Carlson piece, so grain of salt https://www.youtube.com/watch?v=0s8ZG6HuLrU

Yeah, they need to update that setting to "Data Harvesting Mode".

> It is unclear whether enabling airplane mode stops this tracking. The only way to make sure is to remove the SIM card and battery from the phone.

It is possible for a handset to attach to a network without a SIM card for the purposes of making an emergency call. Please don't think removing or swapping your SIM card stops tracking.

I've yet to see 2G or 3G phones try and talk to a local network in aeroplane mode (though you shouldn't believe me). I did see some oddness years ago when testing an early and proprietary LTE handset, but I'm not sure I'd believe that either.

It also seems like phones have their own tracking ids that they report, it's not just the sim card.

There was a great talk about some of this from black hat; how the CIA renditioned Abu Omar out of Italy and how they were found out: https://youtu.be/BwGsr3SzCZc

There are two numbers on the cellular network that matter: international mobile equipment identifier (IMEI). This identifies the cellular radio in question, usually the phone but a dual SIM phone will have one for each slot.

The second is the international mobile subscriber identifier, IMSI. This is the identifier the SIM sends to ask the network for functionality.

Even without a sim installed, the phone may transmit and will transmit its IMEI when doing so. This is so that cell towers can talk back to the device (a bit like ssids in WiFi networks). As mentioned in other replies to you you can often dial emergency numbers and your calls are routed. To do that you need to know which device is calling.

So yes you can track individual phones. You can also tell when a phone has changed SIM or a SIM has changed phone and so on. No idea if networks do this, but the data is there.

All GSM phones have at least one of these (multi-SIM devices have multiple), they uniquely identify devices with SIMs and are held in databases shared intentionally amongst many nations for blacklisting and such.

If a phone is reported stolen in the UK and reported, it's IMEI can be added to this list and the device becomes useless in participating countries, say for example, Spain, or Germany or the US.

My point is, it's a globally unique identifier; tempering with, modifying or cloning them is illegal in some countries.

The SIM itself is almost irrelevant, but, with the information mobile providers hold, it's trivial to link a SIM account, a device identifier and a person (particular given some countries require ID by law to obtain a SIM).

Furthermore, being criminalized in some countries has caused discussion of how to change IMEIs to be censored in technical forums everywhere. The obvious draw is stolen phones, so nobody wants to touch the topic with a ten foot pole, despite its straightforward relevance to privacy.

>censored in technical forums everywhere

everywhere? I found this in 1 minute.


And yet there is also this: https://forum.xda-developers.com/showthread.php?t=2652022

That attitude reflects the dead ends I've experienced when looking around for how to change IMEIs for various phone models I was interested in. Also note all the disclaimers in the thread you linked.

Maybe recent phones are still so straightforward with QPST that any time the question is actually asked it's bound to get flooded with crap? It certainly doesn't feel that way. Eventually I'll get around to setting up another Windows VM and seeing what modern QPST can actually do.

MTK has similar steps, but I don't think we see many mediatek chips in the states.


These ‘trackingids’ are called the IMEI, the International Mobile Equipment Identifier.

Will removing the battery but leaving the SIM card in be enough, though? It seems surprising that the phone would be able to send a signal without the battery for very long

Yes, not many phones have that option any more though.


airplane mode means no transmission. The phone can still receive and might be remotely activated by a so-called silent text.

"airplane mode means no transmission. The phone can still receive and might be remotely activated by a so-called silent text."

I don't think that's workable.

Remember, the phone is not a walkie-talkie - it's a node on a cellular network and has to participate on that network to be addressable and receive messages.

This means it is answering status requests, sending ACKs, etc. In order to receive a text, the phone has to be sending TX outward.

Is it possible that there could be a phone network built to send RX only transmissions to network nodes (handsets) that were otherwise silent ? Sure - but I don't believe any of the GSM/3G/LTE specs define any such behavior.

In short, if your phone is truly in an RX mode, I don't think it can receive a SMS - or participate on the cellular network in any way.

Back when I worked with LTE (now 4G) there was no such thing in the S1AP protocol at least.

Me, and a colleague, where actually the first to get a paging through from network to a UE in LTE. Sure, it was a test UE the size of a small refrigerator, and the network was a simulated network. But still. All layers involved. The paging, at the time, was the only way for the network to silently contact the UE, and that message didn’t contain any information. It was basically just a: “Hello IMEI X, are you here?”

See the other replies and connect it to:


It could still listen and process GPS, bluetooth, wifi and NFC signals, and transmit the data when it comes out of airplane mode.

Airplane mode means no radio. Handsets will not transmit anything, and thus obviously will not attempt to connect to a network, in airplane mode.

The article is largely fear mongering, though. The way the system is designed means that the location of every connected device is known at least at cell level. If that wasn't the case you could not be called!

Edit: by law they have have to keep location data, though I'm not sure to what extent.

The author of this article does not seem to know the topic but makes sweeping, borderline conspiratist, claims...

Oddly it turns out that these days airplane mode doesn mean turn off all RF transmissions. e.g. it can mean "configure for use in an aircraft under fcc jurisdiction" which means turn off cell radio but keep Wifi on.

Source: https://support.apple.com/en-us/HT204234

That would be great.

Apparently Apple phones will silently phone home an SMS as an iMessage heartbeat when you turned off data.

I bought a SIM card in France, loaded 10 EUR for a 9,95 plan. But my balance declined to 9,85 despite having data turned off and not making any calls/SMSs.

There was no record in Messages, but my provider showed me sending a text.

Ugh. Another 5 EUR added just to buy the 9,95 plan.

> Apparently Apple phones will silently phone home an SMS as an iMessage heartbeat

I recently traveled abroad and bought a local SIM card, and when I first activated it I got a dialog asking if I approved of it sending the iMessage activation SMS. It wasn't silent.

I don't know how new this behavior is

Seems new. I still dunno why Apple made it such a secret.

Drove me bonkers when my carrier claimed I sent an SMS but my phone showed I had not.

Edit: others reported that there’s a message that said “Your Carrier May charge for SMS messages used to activate iMessage” that would still send even if you hit “Cancel”.

Seems like a lot of providers don’t charge for this SMS, but for those that do, it can be a costly int’l SMS.

There's nothing odd about that, right? It's called "airplane mode".

Yes, but technically there's no reason to keep knowing that once you've left that cell.

Technically, no, by law, yes [1]

[1] https://en.m.wikipedia.org/wiki/Data_retention

The solution will be to have a slider that physically disconnects the networks. Slide it down and the hardware is no longer physically connected. The phone still have all it's no-connection features. Slide it up and you are back online.

We cannot trust software to actually disconnect as advertised. It is not in the network operator's interest. Unfortunately, it is also not in the phone manufacturer's interest to have you disconnect. Wake up, this is only a dream.

Or put the phone inside a Faraday Cage phone pouch.

Just because there is a physical control presented to the user doesn't mean there won't be any hidden connections inside the phone still.

I've tested two of those. It's hit and miss. If it's not closed perfectly flat (and it's metal-lined fabric, it's not always perfectly flat even if you're careful), it'll receive phone calls just fine.

A faraday cage works for incoming signals, but not so much for outgoing. It also depends on the wavelength vs size of mesh.

I think using a solid cage is the best bet.

Hi 'm463, you seem knowledgeable about this subject, so I have a few questions. Could you please answer the questions below or direct me to where I can learn more?

1. If a phone is off e.g. iOS’s General->Shut Down, then can it still receive and transmit signals?

2. What is the best kind of cheap case / enclosure for a cellphone that would prevent signals from being transmitted or received? Can I just wrap a cellphone in aluminum foil and place said wrapped cellphone in a Tupperware / plastic sandwich container?

3. What is an effective way for an RF layperson like myself to detect whether or not my phone is transmitting or receiving signals while it appears to be off e.g. RF tool or measurement device?

I just want a way to know and be completely certain that “off” means “off”.

Those are good questions and I'm not an expert. I was a part of a discussion once where someone mentioned that faraday cages mostly work for signals entering.


1a) You don't know (because your phone can pretend to be off). You need to remove the battery (and also remove hidden batteries)

1b) some phones support NFC, which can theoretically be used when the phone is off.

2) I suggest being familiar with: https://en.wikipedia.org/wiki/Faraday_cage and your cellphone before making a decision

3) I don't know, but this would help with #2

there is the librem5 phone that has these physical switches

Also the Pinephone if i am not mistaken, though it will be a few more month till thats available.

Even the Librem 5 is on backorder, but at least I can find a price for the Lebrem 5 ($700)

The pinephone has a planed release price at 150. The dev-version currently available goes for the same amount.

If you can't trust a manufacturer to make software that does what you're told it does, what makes you trust the same manufacturer to make hardware that will physically disconnect?

Similar steps would have to be taken for monitoring the device to ensure the hardware switch does what it's told, same goes for the software.

We need the same for cameras and microphones, too.

Well, cameras just need you to block them.

Software blocks aren't good enough because a compromised system can lie and say something is blocked when it isn't. Hardware disconnects you don't need to worry about.

I think he meant put a physical cover over the lens.

You can still be fingerprinted based off the scratches on the lens.


If someone has hacked your computer such that they can control your camera, how worried are you about being fingerprinted?

I'm pretty sure I've seen similar attempts to identify a specific camera using things like sensor noise patterns and lens aberrations

Maybe, but more important, a potential hacker cannot see me nor my family anymore

that link is giving me a 404

You can't really put a cover over a microphone.

Nothing really helps when everyone is voluntarily buying always on surveillance tubes, headphones and glasses with Alexa/Google assistant that's always listening

I could imagine a mini-microphone playing continuous noise of the appropriate 'color' to mask everything.

Then turn off the speaker when you want to use the mic.

Or do what Snowden does and de-solder the microphone and rely on manually plugging in a mic in the headphone jack.

I considered doing that and using an external microphone, but I don't trust my skills to get everything back together in one piece. Even getting access to the board to do it seems to require the use of destructive force. I'd probably be perfectly fine with a phone that didn't include a mic and required an external one though. While I do use it to place and answer calls sometimes, it's almost exclusively used for texting, and I haven't run into an occasion where loss of audio while recording video would matter.

A few comments here claim that aggregated data is fine. An interesting read is [1]. It discusses how trajectories of individuals can be recovered from aggregated mobility data with high accuracy. It's a great read because it breaks down the approach into small logical steps, but the end result (recovering individual's trajectories from aggregated data) sounds bizarre at first.

[1]: https://blog.acolyer.org/2017/05/15/trajectory-recovery-from...

People are often able to get personally identifiable information from aggregated/anonymized data. At this point, I think people should be automatically skeptical that their personal habits are protected when a company claims they only collect/use/sell aggregated/anonymized data. In practice, it might not be protected at all.

Having gps trajectrories and two locations in the city, like home and job address, it should be quite easy to find corresponding trajectory and thus deanonymising a single person. No need for imsi or any other data. Therefore to make data anonymous it should be encoded in terms of number of subscribers in given time and area. My guess would be it isn't

[UPDATED. It seems that the recording will happen after the elections, not before, so apparently spying the political preferences of people would not be the motive (yet). I had removed those parts]

Is easy to stablish a probable connection between this sudden need to watch all phones in relation to the disturbs in Catalonia coordinated by sms messages and apps.

Would be trivial to connect the pool of "people that went to the place X at the day Y", and the part of the city or neighborhoods where they mainly go to sleep after the disturbs. Many other sensible things can be disclosed from that, like how many people came from Euskadi to join the disturbs for example, and if they joined to eat before in a special place).

Nobody signed to accept to participate in this, and there is not a way that allow you to be excluded.

Is totally "1984" level, is outrageous, breaks many red lines all "in your face european parlament", and somebody should pay for that.

go to etsi.org go to the search form for standards and enter "lawful interception" without quotes. Read / browse all the relevant standards (titles and content). This has been going on for years and years

Thanks for the link!

There are 1130 results:


I've posted the link to HN, so as to not derail this thread, but there's a clear conversation starter there!


Also in Spanish news: there was a separation movement leading to the arrests and jailing of separatist leaders after 90% of the population votes for separation. The leaders got something like 15 years of jail time. There have been massive protests for weeks now


While true, the number of 90% is a little misleading. The vote was declared unconstitutional and illegal by Spanish government, so many people against a separation did not show up to vote. However with a voter turnout of 43%, it is still a strong signal in favor of separation.


It is extremely misleading. Support for secession in Catalonia hovers around 40%.



The last wave from the Centre d'Studis d'Opinió from the Generalitat (Local Government), measures support for independence at 44% vs 48% who wish to remain part of Spain.


"Altogether, parties supporting Catalan independence received 48 percent of the vote."


So from far away, I would question the neutrality of the Centre d'Studis d'Opinió.

Also, if the numbers are right, then why on earth does the spanish government escalate and not just let them have a referendum which fails and have peace afterwards?

> So from far away, I would question the neutrality of the Centre d'Studis d'Opinió.

They are the "Department of Statistics" of Catalonia, and they are controlled by the local government (pro-independence), so i am not sure why would they be biased to report lower support than the actual one. Our Constitution does not consider secession of part of a territory. To hold a referendum, they will have to change the constitution first, which is unlikely to happen in the short term.

Also, I am not sure that a referèndum is the best way to settle this conflict. I think that other options that can gather the support of more than 50% of the population would offer a better solution. (i.e., how do you build a new country when half of the population feels strongly about it?)

> how do you build a new country when half of the population feels strongly about it

this is exactly the current situation with spain! About half of catalans feel very strongly against the spanish state. This is obviously not sustainable. But the spaniards prefer to bully the catalans, to earn votes elsewhere, than to solve the problem once and for all by holding a binding independence referendum.

I for one couldn't care less anymore about the spanish position. I do not consider spain a legitimate state, and we will have to free ourselves from it by any means necessary.

You seem to have forgotten that half of catalans want to keep being spanish. This is not catalans vs. the rest, however convenient that narrative is.

why on earth does the spanish government escalate and not just let them have a referendum which fails and have peace afterwards?

Brexit would like a word with you.

Why? That was a succesful referendum.

GP was essentially saying: we'll just do the referendum, people will vote "no" and then we'll be done. That's more or less what happened with Brexit, except that people (against all expectations) voted "yes" in the end, which has led to something of a mess.

>"Altogether, parties supporting Catalan independence received 48 percent of the vote." > 48>40

Support for independence and voting share of parties supporting Catalan independence are two different things. Heavily correlated, sure, but not equivalent.

How is that related to this piece of information?

Spanish Constitution does not allow regions (Autonomous Communities in Spain's legal jargon) to make referendums. What's the issue here?

Wildly inappropriate sentencing? The question of whether it's really appropriate to deny a kind of democratic participation is also worth discussing.

I'd say the sentencing is right because they broke the law.

15 years in prison? that's nuts. that had better be manslaughter or armed robbery or stealing zillions of pensions etc...

there is no way you can present holding a controversial referendum as worthy of a jail sentence at all, let alone 15 years. "broke the law"... i mean, crossing the street when the light is red is "breaking the law". buying weed is "breaking the law".

it is a provocative heavy-handed foolish move by the Spanish Supreme Court, that will only serve to inflame tensions, as it now provides an air of martyrdom.

it's all thoroughly unnecessary and gratuitous. it would be enough to say "well that referendum result doesn't count, sorry. nope." and you'd have a bit of protest and another "illegal" referendum every few years, but you wouldn't be feeding the popularity of the Catalonian independence movement.

it was a stupid move. hubris appears unattractive to the global lens.

mind you, I couldn't have given 2 hoots about any of this, just reporting on how it appears on the world stage.

The sentencing also includes misappropriation of public funds to pay for their personal project, wildly out of the target of that money and their mandate.

So yes: it actually was a case of stealing millions.

Secession movements have a big chance of killing a ton of people and violating the civil rights of many more, so a 15 year sentence is very plausibly appropriate, in comparison to armed robbery.

This was the the peaceful independence movement. They have not killed anyone and have no declared intention to.

That would be a great argument if it meant there was no chance of future violence. But it doesn't, so it's not.

So basically you're saying that somebody should be jailed for N years because maybe, in the future, someone else related with the same movement might use some level of violence to achieve... something we still don't know, in circumstances we still don't know? Wow.

Actually, no, but if you want to pretend I did, have at it.

You were the one talking about "future". Can you explain better what did you mean?

Well, old and nasty argument, but it was also against the law in Nazi germany to be jewish.

In other words, laws are not necessarily holy, just because they are laws.

As long as they identify themselves as not Spanish nation, they can claim that they have a right for independence granted by UN

To achieve it though they will have to convince the whole world that it is true and more important then anyone's relationship with Spain

No country allows self-determination of it's regions. Do you think that USA would allow Texas or Lakota Nation to secede?

There have been recent, legal self-determination referenda in Scotland, New Caledonia and the Falkland Islands.

I'm sure there are more; these are just three I'm familiar with.


Scotland did the referendum in agreement with British Law and Westminster pairlament. This, note there is no British Constitution that forbids them to do referendums.

About Flakland Islands I don't know, so I don't have an opinion.

Your previous post:

> Do you think that USA would allow Texas or Lakota Nation to secede?

I think Symbiote was using Scotland as an example to prove that this wasn’t out of the question.

Also done legally under British law. With hilariously lopsided results!


Actually, some of us wish they would.

What's the minimum size of people to ask for independence? One person, one thousand, one million?

I imagine it's dependent on boundaries not individuals. A nation, an island, a state, or a city might ask for independence, but not a person or a group of people. In the US we even have semi-independent spaces like reservations and embassy buildings where a single complex or structure is considered separate from the nation that surrounds it.

I would say, it depends.

what do you mean "let"?

a lot depends on the outcome. you can bet that the british empire didn't "let" the colonies secede, but they did anyway, persevered, and eventually the british "let them" by way of not pursuing the war.

and so, here we are. the same could happen with spain, or a state in the US, or w/e. winners tend to write the history books, as well as perspective on past events.

No country recognizes your right to not be thrown into a black hole.. And yet I’d be willing to bet some would be opposed to it happening :)

How this relates to what I'm saying?


They both agreed to split. Totally different situation there.

Where did you get the "90% of the population" number when the total turnout for the referendum was 43%?

From your article: "a recent survey suggests Catalonia's residents oppose independence by about 48% to 44%".

> after 90% of the population votes for separation

No matter how many times this was repeated it feels still relevant to explain it; cows do not fly and 1,6 millions is neither the 90% of 46,7 millions, nor the 43% of 46,7 millions.

Could you explain how those news are related to the article? I’m trying to connect the dots but perhaps I’m missing something.

Well, launching a study that could potentially endanger the privacy of millions while the prime minister and his staff compares to terrorists thousands of protesters who happen to have organized themselves via mobile apps..

It certainly raises some doubts

> the prime minister and his staff compares to terrorists thousands of protesters who happen to have organized themselves via mobile apps

Organized themselves to create non-stop disturbes, block repeatedly several main roads, attack systematically police (to the point of almost killing a policeman and hurting thousands), burn cars and bikes, and creating damages only to the street furniture in Barcelona valued in 3,5 Million euro. The aditional damage to the economy and tourism has been estimated in more than three hundreds millions euro lost.

I would love to hear your definion of terrorism. Must be a very interesting one.

This does not change the fact that the massive surveillance that the government is announcing, has never happened before, sets a very dark precedent, has surpassed all reasonable limits and is an error. The secret services must be running wild and at full power without nobody trying to stop them

My definition of terrorism does not include voting, I can tell you that much.

Peaceful demonstrations were also organized, and there’s no ex ante way with this system to target the violations to perpetrators (or to set up any judicial safety check, although in Spain I’m told that would not make much of a difference).

Spain keeps crossing all of the red lines we have set as europeans, and yet our governments will do nothing because they want to avoid troubling the euro even more. This is a recipe for disaster if I ever saw one.

> in Spain I’m told that would not make much of a difference

If you are told that, is simple. You are being lied (and pretty gullible).

Lied by the same people that keep repeating "Spain is baaad!, baaad!, baaah!, baaah!, baaah!".

Okay, Lets talk about judicial safety procedures. The entire trial was public, transparent, broadcasted in direct on TV, and can be watched in internet if you want to freely make your own opinion (and die of boredom). The sentence was justified in 493 pages that you can also read in this link, because... surprise! we, the PIGS, had the same ancient laws than in the rest of the stupendous Europe. We adopted this laws earlier in fact and Roman law is still studied and relevant for lawyers.


Please read it, watch it, explore the truth by yourself and don't hesitate to tell me if you find that there was something pigilesque and "uneuropean" here and in what part this people did not enjoyed the right of defense and a fair trial.

> Peaceful demonstrations were also organized

Oh, then is all fine. Lets continue this Anschluss and burn the city

> If you are told that, is simple. You are being lied (and pretty gullible).

Maybe I’m being lied, and maybe I’m too gullible, but it’s a hard sell to say that everything is fine and dandy on Spain.

Just this year you had quite a scandal with the supreme court changing a decision about mortgage taxes by quite a margin. Not forget that your current foreign affairs minister got caught red handed trading with inside information, something that warrants jail in all other western countries.

there's a massive ongoing police operation to suppress the catalan independence movement. This data allows to massively track everyone. Not that the government couldn't access this data already, but now they are making it explicit via this scare propaganda.

Do you have any independent sources of that?

what do you mean "independent"? All the major catalan and spanish newspapers are talking about this (with quite different points of view, depending on the political leaning of the mediun).

The person is hinting that intel gathered may be used for political profiling in police activities, I suppose.

Come on: 90% of voters in an ILLEGAL referendum? how can that be representative of Anything?

There is discussion but let us keep it honest.

90 %!! This is absolutely false.

In Spain it is legal to want independence, it is legal to create political parties that go for it, legally, BUT it is not legal to go against the law.

Creating a referendum is not legal because in Spain the sovereignty is in the general Spanish population, not in the local population.

This is not Scotland, Catalonia has never been a sovereign state that decided to join a union preserving its sovereignty. Spain was created as the union(by marriage) of the reigns of Castilla and Aragón, that included Catalonia.

The secesionist organized a referendum and they themselves counted the votes, like Stalin said it is not important who votes but who counted the votes. They added a million to the real number.

The local population holds over 50% of secessionist votes.

BTW the joke of gobertment that Spain has given the Catalan local Government(managed by secessionist!!) the management of prisons there. So they will be released soon after the elections, because the president is there thanks to the support of secessionists.

This is not Scotland, Catalonia has never been a sovereign state that decided to join a union preserving its sovereignty.

That's not what happened with Scotland.

90% of 43% turnout = 38% of the population. You lost.

I thought that something like this would not be allowed due to the general monitoring clause as per article 15 of the directive 2000/31/EC.[0] But reading it again I'm not sure anymore.

[0] https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX...

Solution: Faraday cage. They can't make radio waves break the laws of physics! (that I know of...)

Better make sure it's off before you stick it in there, or it will be dead when you take it back out.

Why would a Faraday cage kill a phone? It's not EMP.

Some (older) phones will burn a lot of power searching for a cell signal when there is none.

I see the same thing in some apps that use GPS/location. If it can't get your location because you're underground battery use increases as it keeps trying and trying.

Still wouldn't do nothing except waste battery power.

I had all kinds of older phones, and in older times 20-25 years ago there were tons of places with zero signal (villages, islands, places out of the city, national parks, and so on) and the phones survived just fine.

That's as zero as in a faraday cage, as far as the phone is concerned -- no tower to talk to at all, 0 bars for hours or days on end.

I took "dead" to mean a dead battery.

A, probably. Sounded like the parent meant something more ominous, as that's no biggie to warn about, you recharge and are as good as new.

Yes, I meant a dead battery. The "solution" I was replying to was suggesting keeping your phone in a Faraday cage to thwart government surveillance, presumably a small portable cage that you would take with you wherever you go. If you leave your phone running in there, there's a pretty good chance that the battery will be dead when you take it out to use it, which defeats the entire purpose of carrying a phone in the first place.

If it can't send the data in that moment, the phone can cache it and send it later.

Controlled compromise of privacy for the sake of scientific insight seems like a good idea, until you realize that we either get profoundly non-replicable junk "science", or continued and unlimited re-breach of privacy for the sake of replication. Neither is any good.

I'm reminded of Raj Chetty who publishes papers based on exclusive access to IRS tax return data. (https://www.sciencemag.org/news/2014/05/how-two-economists-g...) Not real science unless you can have access to that data, too. You can't.

While I'm normally all for access to raw data used in research, that's pretty hard to do with IRS data without massively violating Americans' privacy and exposing them to identity theft. It's fair to be skeptical of anything using locked-up data, but I don't see a good way around the problem.

The problem is that carriers have being retrieving this data for a long time. This news is that they're giving the data to the government for statistical analysis and we cannot do anything about it...

it is very innocent to believe that the carriers would not provide these data already to the government if asked (e.g. by a court order), and they have probably been asked many times.

More likely, they proactively give everything to the government and let the govt. figure out what they want to do with it.

Yes they do, but for individuals and under a court order, not in a massive scale as it's today

"With a court order, this data can be used to identify and track an individual... ... which means that it is stored de-anonymized in the carrier servers"

No, it does not mean that it's stored de-anonymized. It means that it can be de-anonymized if required by a court order.

EDIT because all the downvotes, this is not nitpicking. The deanonymizing data is ELSEWHERE, not on the servers. It takes a court order to obtain it, employees cannot use it. It's an important point.

The idea that 24/7 minute-by-minute location data can somehow truly be "anonymized" is beyond ridiculous. It's easy for any organization (or even a single researcher who has cash to spend) to deanonymize it by merging w any number of other datasets that are available for purchase.

"Anonymizing" this kind of data is really just saying "for some of these users, it'll be somewhat expensive to unmask them. for others it will be trivial."


If you read the original, it is aggregated on an hourly based by cell tower, at the Telco level, before it hits the stats department.

Also New Zealand did it first, using exactly the same model.

The stats department don't get unit record.

In order to de-anonymize it, the data needed to do so would have to be stored somewhere, very little difference between something split and that.

That sounds like the same thing.

What would you say if a SaaS told you that they store your password hashed, but that they can reverse it and get it out in plain text, if someone with authority asks?

Isn't that the same? If it was properly anonymized, it couldn't be de-anonymized. Which implies it's not anonymized, i.e., it's store de-anonymized.

No, it's not the same. It could be stored anonymized, and the de-anonymizing data is somewhere else, and it can ONLY be accessed with a court order. I don't know why my original comment is being downvoted, it's an important distinction.

Edit: stop with the downvotes please. Whether you agree or not, anonymizing something does not always mean it cannot be de-anonymized. And who can do it (and under what circumstances) is important.

If the de-anonymizing data exists at all, then the anonymized data was never truly anonymized in the first place.

Anonymizing does not mean that it has to be one-way. You can give other people an anonymized version of your data, but you can keep the key to deanonymize that data (and hand it out selectively). I don't know who is assuming that anonymizing means the information has to be thrown away and lost to EVERYONE.

If someone can use that information to identify you, then the data is by definition not anonymized. It doesn't matter how exceptional the circumstances where that's allowed to happen are. "Fully 100% anonymous, unless we label you a terrorist" is not the same as anonymous.

If you're going to nitpick like that, then no data is ever anonymized if it contains any information at all. When you start combining pieces of data, they all contribute information that helps you narrow down individuals until there is only one possible match.

Read up on differential privacy and k-anonymization. There are commonly implemented best practices for measuring and preserving anonymity in a dataset in non-reversible ways. It usually involves aggregating clusters of data and dropping clusters with too few unique contributions.

These techniques have a long track record in the private sector and with public entities such as the US Census, with a lot of formal research to back it up.

It's not nitpicking. Your definition of "anonymized" leads people to believe they are anonymous when they are not. That can lead to serious consequences.

It’s not my definition. You’re twisting words. Location data is just not “anonymizable” at all because it’s always possible to combine it with other sources.

This does not work for most location datasets. It is easy to Re identify users in this type of dataset with a few lines of code. The identifying information is embedded in the locations and time stamps themselves. Research shows 4 randomly selected location points from a phone is all that is needed to uniquely identify 95% of the population.

Depends on your definition of "the data". If they store all the data, split it in two, and you only count one half as "the data", and the other half as... something else, then yes, it can be both anonymized and de-anonymizable. But I think privacy advocates (myself included) count everything collected and stored as "the data", and don't find some red tape securing it particularly reassuring.

Then that isn't anonymized at all. Anyone who thinks it is is a fool. It's just 2 step identification, and pretty typical of overreaching governments. No one should be tracked unless a warrant is issued and at that point meta data can start being collected.

Can you explain this to the layman? How does it work? Does it mean they store IMSI hashes with location data in one database and customer names and their IMSI in another and nobody supposedly should have access to both databases at the same time?

That's the explanation I'd expect the answer to be. In Europe it'd be classified as pseudo-anonymous, and would still be personally identifiable data in the legal sense, and therefore not truly "anonymised".

The network stores the location of connected users at cell level (group of cells, sometimes) because that information is required to page (ie receive calls) and then to route traffic.

If you can de-anonymize so-called "anonymous" data through some well-known (intended, even) procedure then said data is not anonymous. This is trivially, definitionally true.

Are you just being nitpicky or does that actually make a difference?

It does, see my other comment. It means employees CANNOT deanonymize the data. If done properly, the key is off network and off premises, only retrievable with a lot of red tape.

Then it isn't anonymized. It can't be unmaskable by any procedure and anonymous at the same time. You need to stop calling it anonymous and call it what it is:

Bound to an individual, but not actionable via the collecting agency without outside input.

So how many carriers do you know that do this properly?

An interesting point is that they have yet the data of the phone owner, because is required by the new laws that you send they your name, phone number and your email in order to receive some notifications from the government. This has happened since the last two years or so.

A good article but I'd like to offer one minor correction.

>The only way to make sure is to remove the SIM card and battery from the phone.

You only have to remove the battery, not the battery and the SIM. You aren't being tracked if your phone has no battery.

Hasn't this been going on in most countries and most carriers for years?

Just shut it down and wrap it in aluminium foil if you're concerned.

Well, you would think this kind of mass surveillance would help Spanish authorities put Russian mobsters (with connections to Putin and Co.) in jail... but instead they get acquitted:



This information won't be useful to track any individual.

RIP privacy!

This seems a bit exaggerated. I work for one of these ISPs, but I'm not involved in this project.

GDPR explicitly states that no permission is required if the data is anonymised. The data shared with the INE will be movement of batches of at least 5000 people. The movements will be between 3500 zones. There are more than 60.000 cell phone towers in Spain, so they could have made the movements much more precise if they wanted (at the cost of anonymity of course). If less than 5000 people cross from a zone to another it will not be shared. No IMEI/IMSI/MSISDN will be shared.

I understand that there might be concerns of de-anonymisation, but it makes no sense. If the Spanish government wanted to track someone they already can, with a court order. Spanish phone providers are required by law to store this data for 6 months minimum up to 2 years maximum. (https://www.boe.es/buscar/doc.php?id=BOE-A-2007-18243). The government is going to receive data from 4 working days, 1 weekend day, a holiday and two days in Summer. Tying this with Tsunami Democratic is a bit strange. There is an ongoing investigation, so they can already track people tied with the movement as long as they have some form of personal information (IMEI, IMSI, MSISDN). Honestly, a massive protest one of those days might throw off the statistics in Catalunya.

And by the way, this data is already being sold to third parties for profit:




Sometimes, unfortunately, it's being sold without anonymisation too and leaks have happened. Just one example in the USA:


> I understand that there might be concerns of de-anonymisation, but it makes no sense. If the Spanish government wanted to track someone they already can, with a court order.

Bingo! Is there a court order here?

You don't need a court order here because you can't track and identify an individual with this information.

With a timeline of location data? There is no such thing as anonymity with such a data set.

That's why taking your phone to a demo is a bad idea.

Better build your own device.

Since October 14th, there are ongoing mass protests in Catalonia (a part of Spain with a strong pro-independence sentiment), demanding freedom for their political prisoners jailed by Madrid (for 9–13 years). Hundreds of thousands people are on the streets. Barely reported by media. Barcelona Airport was overtaken for one day.

So yes, looks extremely convenient these days.

The fact that a prisoner was a politician does not make him/her a political prisoner.

And most of the current prisoners are not politicians and have never been.

Regarding the politicians, may these traitors rot in jail. They betrayed their people and surrendered themselves when everybody was on the streets ready to fight.

OK, so for what non-political crimes they were jailed then?

This "experiment" might be somehow related with https://tsunamidemocratic.github.io ?

No, it's not related at all. Jesus guys, this is not reddit, you don't need all of this to know the location and track a mobile phone. Every carrier in the world can do this with very basic tooling.

That was my first thought too but seems the dates are between 18 and 21 november. If they wanted to track the current widespread protests in Spain, they would have done it right now.

they are of course tracking us right now. This announcement is just an explicit reminder that they can do so, to try to scare the people. The dates are irrelevant.

I'm sorry but this post seems like scaremongering.

As long as data is not de-aggregated and de-anonymized there is no issue here.

I see no relationship with the GPDR as this law applies to personal data and the agreement explicitly stated that data must be aggregated.

As long as it is used to know people flow or for statistical purposes, I see no wrong here.

The other political statements and comparisons he makes, well are unrelated and sincerely looks like political propaganda to me.

It is, it's going to be part of the Census.

I currently work for an spanish ISP, and I can tell you that this test will put a lot of stress in the ISPs network. Querying, for example, cellid for so many phones simultianeously is going to be a problem. Other data like IMSI and so on is not a problem because it's stored in a database.

For people who is scared of this, ditch your phones because extracting your location, subscriber id and other info is, honestly, trivial. It is not to do at scale, but if someone wanted to spy on you and had access to the ISP network, be it via hacking into it (very difficult in the one I work for, but may be possible), or using a law, they can know where are you with very little effort.

"As long as data is not de-aggregated and de-anonymized there is no issue here"

Awfully hopeful there.

"The other political statements and comparisons he makes, well are unrelated and sincerely looks like political propaganda to me."

I would say the same about your assertions of innocence and presumption that the data can not be de-anonymized. If the "propaganda" is supporting user privacy I'd say you're on the wrong side of this discussion.

Do you have any idea about law in this matter? It is illegal to de-anonymize data without a court order.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact