Hacker News new | past | comments | ask | show | jobs | submit login
Pretty Good Phone Privacy [pdf] (usc.edu)
103 points by vinnyglennon 18 days ago | hide | past | favorite | 17 comments



Abstract

"To receive service in today’s cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators sell and leak identity and location data of hundreds of millions of mobile users. In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified backend stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy."


From a user point of view, and seeing how free wifi is so prevalent, a more immediate solution could be to use something like freepbx[0] to forward gsm calls over voip.

[0] https://www.asterisk.org/downloads/


WiFi hotspot can track your position.


Unless you have a randomized mac address.


I don't think so.

Yes, if you have a random MAC, then the WiFi point itself may not be able to track you.

But, the tracking in real life happens in reverse. Android notes all WiFi MACs and SSIDs in your vicinity (whether you have your WiFi on or not!) and sends them to Google, and other advertisers, with location data. That is then correlated, and presumably re-sold.


Of course, if you OS is compromised, you can do nothing about it. Consider GNU/Linux phones instead if you care about privacy.


Or dumb phones.


I wonder if it can be implemented with freed modem firmware on Pinephone described in https://www.pine64.org/2021/02/15/february-update-show-and-t....


No matter what, if you are tying yourself to a mobile tower, you are leaking a fair amount of information to your cell provider (and whomever is running the tower you connect to).

And like a sibling comment said, the ADSP firmware is not being reverse engineered, and that doe a lot of the heavy lifting for cell tower connections.

In the original goal of the Librem 5, that is why they advertised an IP only phone tied to matrix. The idea is you don't need to connect to a mobile tower.

However, one avenue that may be interesting to explore is the use of WiFi calling as a means to bypass a lot of cell tower insecurity. In WiFi calling, somehow you connect all of your telephony/SMS/MMS through your WiFi (I assume it's through a VPN). However, when you sign up for it, you have to provide an address for e911 (presumably since they cannot figure out your location via cell towers). I would be curious to see if you can make a WiFi calling only phone, and in the process, you can completely turn off your modem.


>I would be curious to see if you can make a WiFi calling only phone, and in the process, you can completely turn off your modem.

Interestingly enough, the VOIP component of calling seems to be lagging in both the librem and pinephone ecosystems despite what you'd think would be significant interest.


Are you referring to VoIP apps or VoLTE?

The pinephone's modem can do VoLTE on several carriers and SMS over LTE. I haven't really looked into VoIP apps themselves.


Really, I was talking about VoIP, but being integrated into the native calling app as a configurable option where you could just plugin details of your SIP provider or something like that. Presumably that would be done over LTE, but would be essentially obscured from your phone plan provider for privacy sake.


i am located in Germany and my phone indicates the WiFi calling feature in the status bar. I never signed up for this and thus never provided any address. I would guess my phone is still connected to the cell network in parallel and thus locateable anyhow. i can see IPsec traffic from my phone in traffic captures...


> I never signed up for this and thus never provided any address.

It is an option in both Android and iOS. Android has a proprietary library that is put in there (I don't know anything past that for how Android handles it). If I were to guess, your network provider has your home address and used that? but e911 is a USA thing, I don't know Germany's equivalent laws.

I would assume the IPsec traffic is the WiFi Calling feature? But I don't know.


> If I were to guess, your network provider has your home address and used that?

they would have to know what access point is at my home too.

> but e911 is a USA thing, I don't know Germany's equivalent laws.

me neither. i know we have "eCall" for car emergencies but i am somewhat certain there are similar requirements here... the thing is i never seen this work without having a cellular connection too.

> I would assume the IPsec traffic is the WiFi Calling feature?

yes it is. i can see packets flowing when receiving a call for example... the destination/origin of these packets is into my providers network...


I think not. This looks like ADSP level stuff, and requires changes on the mobile operator level (to stop relying on IMSI for various things), too.


It'd be great to see it deployed in at least 1 national network but TBH no Telco is going to implement it as they're bound by the law to provide lawful interception.




Applications are open for YC Summer 2021

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: