"While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone"
That's pretty interesting. it makes me wonder what sorts of things aside from the obvious things like home addresses, work addresses, favorite pubs, etc, can de-anonymize data.
I suppose they could use whatever that is to de-anonymize burner phones. Maybe something like identifiable driving patterns, similar to how we have individually identifiable gaits when we walk.
Taxi records from NYC were de-anonymized with just a few origins and destinations, which caused a bit of scandal when some celebs were found to be poor tippers. (Tips were also in the dataset.) https://www.fastcompany.com/3036573/nyc-taxi-data-blunder-re...
To me it's the creepy corporate weirdos who are scary, even more than the government. And if you carry a cell phone those creepy corporate weirdos can all track you.
Security (provided by walled-gardens and by denying root to users) ends in presence of the worlds largest threat-actors - the same ones who have the power to imprison people.
With the battery removed there were ways track phones at least in the 2G days, you won’t be able to use cellular tracking but the phone could be detected by flooding the area with RF and looking for a specific signal pattern that would happen wether the phone was powered on or not or even if it didn’t had a power source.
I don’t know if the new phones can still be tracked like this but in the early to mid 2000’s you had airborne pods capable of detecting phones in remote locations even those which were off/without a battery.
I’ve seen a demonstration of this (intelligence community heritage museum, it was public it was part of an RF demonstration which also included remotely capturing screen images by listening to a VGA cable and some other cool stuff), the specific mode of operation wasn’t revealed it wasn’t clear if the RF absorbed by the antenna causes enough current to flow to power something in the cellphone which sends out a chirp or if it’s completely passive and measures the RF attenuation changed from an antenna being present.
It wouldn’t surprise me if older 2G phones could be wirelessly powered to some extent I still remember those inductive LED after market antennas for old Nokia phones.
Alternatively even if no logic was powered it might be that there was some sort of a mechanism to deal with unwanted buildup like tying a capacitor that once full discharges back through the antenna which causes it to emit signal, that might be the thing that makes most sense since otherwise you are risking building up enough charge to damage something.
Sorry for the pedantry: It will prevent live cellular tracking, it will not prevent malicious apps or libraries from vacuuming your Bluetooth, WiFi, GPS, barometric pressure, or whatever else you've given permissions to a trusted app that is being used as an exfiltration vector.
If a phone runs the Linux kernel, and are hit with one of dozens and dozens of known unpatched exploits, and has no boot security to detect such, expect your hardware switches to be useless when faced with any motivated attacker.
To be clear, you're stating that the Librem 5 and Pinephone, with their hardware kill-switches that prevent current getting to the GPS, modem, cameras, BT & wifi radios, and microphone, will still be able to determine where it's been when power is restored to the above radios?
Because I'd like even a pie-in-the-sky hypothetical for how exactly this would work. Keep in mind, there is no inertial navigation in these devices; no pedometer, no low-power fitness tracking, nothing else.
I'm not sayinmg I know it's impossible, but I'm deeply curious how in the world you can make this assertion in good faith, or with any credibility.
Purism's Chief Security Officer Kyle Rankin commented that Purism is "looking into implementing" the Librem Key for tamper-evident booting on the Librem 5. Another way this could be done is storing hashes of the boot files in an OpenPGP smartcard to compare with the current boot files to verify that they haven't been changed.
Librem 5 is the only phone in the world having mobile/desktop convergence and OpenPGP smartcard. This is not just theoretical possibility, a lot of research has already been put into it.
Most laypeople think that their phone is turned off when they switch off the screen. That is mist definitely wrong and you can still be tracked while the screen us pitch black.
You can get texts, app notifications, and phone calls, you can play music and podcasts, you can download app updates, an app you opened earlier is still in the same state later. All with the phone screen off. They also know that none of these things are possible when their phone runs out of battery and dies. I think most people could notice the difference between these states and realize that screen off != phone off.
What I think most people don't notice is that the fact that simply because they can receive phone calls and notifications implies that they are in practice being tracked.
I've done end-user support for laypeople for 30 years - including their mobile devices. The least tech-savvy of them understands the phone is still on, after the screen goes dark.
That's pretty interesting. it makes me wonder what sorts of things aside from the obvious things like home addresses, work addresses, favorite pubs, etc, can de-anonymize data.
I suppose they could use whatever that is to de-anonymize burner phones. Maybe something like identifiable driving patterns, similar to how we have individually identifiable gaits when we walk.