"To receive service in today’s cellular architecture, phones uniquely identify themselves to towers and thus to operators. This is now a cause of major privacy violations, as operators sell and leak identity and location data of hundreds of millions of mobile users. In this paper, we take an end-to-end perspective on the cellular architecture and find key points of decoupling that enable us to protect user identity and location privacy with no changes to physical infrastructure, no added latency, and no requirement of direct cooperation from existing operators. We describe Pretty Good Phone Privacy (PGPP) and demonstrate how our modified backend stack (NGC) works with real phones to provide ordinary yet privacy-preserving connectivity. We explore inherent privacy and efficiency trade-offs in a simulation of a large metropolitan region. We show how PGPP maintains today’s control overheads while significantly improving user identity and location privacy."
Yes, if you have a random MAC, then the WiFi point itself may not be able to track you.
But, the tracking in real life happens in reverse. Android notes all WiFi MACs and SSIDs in your vicinity (whether you have your WiFi on or not!) and sends them to Google, and other advertisers, with location data. That is then correlated, and presumably re-sold.
And like a sibling comment said, the ADSP firmware is not being reverse engineered, and that doe a lot of the heavy lifting for cell tower connections.
In the original goal of the Librem 5, that is why they advertised an IP only phone tied to matrix. The idea is you don't need to connect to a mobile tower.
However, one avenue that may be interesting to explore is the use of WiFi calling as a means to bypass a lot of cell tower insecurity. In WiFi calling, somehow you connect all of your telephony/SMS/MMS through your WiFi (I assume it's through a VPN). However, when you sign up for it, you have to provide an address for e911 (presumably since they cannot figure out your location via cell towers). I would be curious to see if you can make a WiFi calling only phone, and in the process, you can completely turn off your modem.
Interestingly enough, the VOIP component of calling seems to be lagging in both the librem and pinephone ecosystems despite what you'd think would be significant interest.
The pinephone's modem can do VoLTE on several carriers and SMS over LTE. I haven't really looked into VoIP apps themselves.
It is an option in both Android and iOS. Android has a proprietary library that is put in there (I don't know anything past that for how Android handles it). If I were to guess, your network provider has your home address and used that? but e911 is a USA thing, I don't know Germany's equivalent laws.
I would assume the IPsec traffic is the WiFi Calling feature? But I don't know.
they would have to know what access point is at my home too.
> but e911 is a USA thing, I don't know Germany's equivalent laws.
me neither. i know we have "eCall" for car emergencies but i am somewhat certain there are similar requirements here... the thing is i never seen this work without having a cellular connection too.
> I would assume the IPsec traffic is the WiFi Calling feature?
yes it is. i can see packets flowing when receiving a call for example... the destination/origin of these packets is into my providers network...