undefined | Better HN

0 pointsjvanderbot3y ago0 comments

Your location data. Tower associations can still happen with data "off", since there's plenty of "listen" components. All your home wifi connections are well Geo-located, thanks to other Android users picking up the ESSID as they walk / ride / drive past your house. Your shopping / outings? Forget it, fully known.

VPNs hide the content of connections, at least from MITM / eavesdroppers, but server-side data scrapes are quite effective at figuring out who you are (or what your phone is ... see below). Nothing really does a good job of hiding the fact that you are connected to a VPN except TOR, and where that connection originates (e.g., your wifi network, which is well Geo-located, remember?). And de-anonymization of VPN connections to identify downstream connections are possible, IIRC. Details about your phone are well recorded (MAC, SID, etc)

And always remember, your phone can be implicated based on location data, which will implicate you once it's discovered you own the phone. And that's as simple as looking up the SIM purchase / use.

0 comments

10 comments · 2 top-level

kornhole3y ago· 8 in thread

From https://grapheneos.org/faq: "Connecting to your carrier's network inherently depends on you identifying yourself to it and anyone able to obtain administrative access. Activating airplane mode will fully disable the cellular radio transmit and receive capabilities, which will prevent your phone from being reached from the cellular network and stop your carrier (and anyone impersonating them to you) from tracking the device via the cellular radio. The baseband implements other functionality such as Wi-Fi and GPS functionality, but each of these components is separately sandboxed on the baseband and independent of each other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular radio again. This allows using the device as a Wi-Fi only device."

When I am at home, I am WIFI only. When I am out, WIFI & bluetooth are off. This takes some discipline at first but then just becomes habit. I know the spot on my commute home where I switch my settings.

burntwater3y ago

I can promise that airplane mode does not fully disable the cellular radio, at least not on Samsung phones. Repeating a comment above: I can verify they do in fact receive data - I worked an immersive art project that had 100 Samsung cell phones that were in airplane mode, and we found out the hard and noisy way that they were still able to receive emergency and AMBER alerts (U.S. alerts that notify of potential child abductions).

MengerSponge3y ago

BTW habitually switching at the same time and place is terrible opsec. It leaks a ton of information.

thewataccount3y ago

Yeah I'm not sure what information this really protects assuming you're only communicating over encrypted channels (https) already.

In theory it could protect location data from the carrier for locating you with a wild amount of opsec practice but I highly doubt you could pull that off for a daily driver.

Having wifi/bluetooth off in public isn't a terrible idea though as those are generally much easier attack surfaces and are leakier.

kornhole3y ago

It is the same general location about half a mile from home where I flip over. This is to ensure location from cell tower triangulation does not identify my home and therefore me.

1 more reply

kube-system3y ago

The baseband is an entirely separate SoC that is a blackbox outside of the control of GrapheneOS. And your radios are solely under the control of that system. GrapheneOS just asks it nicely to do things on its behalf.

All of these privacy focussed phone OSes tread lightly on the fact that there are a grand total of zero modern open source basebands in existence.

kornhole3y ago

Agreed. We can only mitigate by tactics: -not associating the device ID's to personal ID's. -only using cellular in limited situations. -rotating the SIMs periodically with other family members

1 more reply

sgc3y ago

I would never trust that. It is how thing are supposed to work, not the way they necessarily will. Just buy a phone with physical disconnect switches if it is important enough for you.

jvanderbotOP3y ago

I appreciate the extra information. I'm still skeptical on any phone except the OS/HW combo the faq was written against (which by the way was not in your original post)

RektBoy3y ago

In my country, this one girl is buying prepaid SIMs and selling them on darknet. Which is fully legal. Still she got notified from our intelligence agency, lol. They're butt-hurt a lot from this.

j / k navigate · click thread line to collapse

0 comments

10 comments · 2 top-level

kornhole3y ago· 8 in thread

burntwater3y ago

MengerSponge3y ago

BTW habitually switching at the same time and place is terrible opsec. It leaks a ton of information.

thewataccount3y ago

Yeah I'm not sure what information this really protects assuming you're only communicating over encrypted channels (https) already.

In theory it could protect location data from the carrier for locating you with a wild amount of opsec practice but I highly doubt you could pull that off for a daily driver.

Having wifi/bluetooth off in public isn't a terrible idea though as those are generally much easier attack surfaces and are leakier.

kornhole3y ago

It is the same general location about half a mile from home where I flip over. This is to ensure location from cell tower triangulation does not identify my home and therefore me.

1 more reply

kube-system3y ago

All of these privacy focussed phone OSes tread lightly on the fact that there are a grand total of zero modern open source basebands in existence.

kornhole3y ago

Agreed. We can only mitigate by tactics: -not associating the device ID's to personal ID's. -only using cellular in limited situations. -rotating the SIMs periodically with other family members

1 more reply

sgc3y ago

I would never trust that. It is how thing are supposed to work, not the way they necessarily will. Just buy a phone with physical disconnect switches if it is important enough for you.

jvanderbotOP3y ago

I appreciate the extra information. I'm still skeptical on any phone except the OS/HW combo the faq was written against (which by the way was not in your original post)

RektBoy3y ago

In my country, this one girl is buying prepaid SIMs and selling them on darknet. Which is fully legal. Still she got notified from our intelligence agency, lol. They're butt-hurt a lot from this.

j / k navigate · click thread line to collapse