I seem to remember a discussion here on HN a few years back about a paper which outlined ways to decouple technical identifiers from personal identifiers on mobile networks.

My memory is a bit hazy but maybe it was the whitepaper for PGPP[0] that OP mentioned?

[0]: https://invisv.com/pgpp/

I don’t think it’s possible to align incentives in favor of rolling out such a statement in the US without another coup.

isn’t detailed information about the user equal to additional billing power? perhaps the only disincentive that exists to having that information would be such overwhelming risk/liability that it would outweigh the profit potential of having it in the first place. it seems to me the relative incentives have reached a oretty stable equilibrium…

There's a potential family of cryptographic methods where people prove that they paid for things without revealing who they are.

https://www.eff.org/files/eff-locational-privacy.pdf (2009)

The technical paper mentioned is now at

https://web.ma.utexas.edu/users/blumberg/vpriv.pdf

(I guess Andrew Blumberg moved from Stanford to the University of Texas.)

There might be an inherent tradeoff where you need at least one of {tamper-resistant trusted meters, at least slightly noisy measurements, potential deanonymization}. For example, the short paper mentions that "point tolls" are easy to make anonymous using any form of anonymous digital cash (or blinded tokens issued by the tolling authority!), but the exact usage billing you mention people wanting is much more detailed than a point toll like that. It might indeed be inherently impossible to get all the way there without detailed surveillance.

Agreed, I always think that all these taxes should indeed just go through fuel. Want a bigger, heavier, more polluting car? Want to drive like a F1 driver? Fine, you pay more. Want to drive a long distance? You'll pay per distance*car_size. Want to go electric? You'll pay tax on electricity in concordance with it's economic price and influence on the planet.

One problem in the EU is is that this would need to be rolled out across the EU, because we already have large difference in price ranges for fuel leading to weird situations neer the border.

I don't see the issue?

Get on a toll road, pay for a ticket, done. Drive on a normal road, pay for gas, done.

I guess you could make it extremely specific, but then the problem isn't the surveillance, but the price of the cost analysis of driving 1,7 miles on a road in bumfuck nowhere with a J lbs vehicle, exerting X pressure on the road at a standstill going at [Y] speeds, thus generating Z total pressure over time H. In addition the road was I% wet due to rain the day prior.

I was imagining mobile operators that cooperated to some extent with the changes I was proposing, or at least didn't obstruct them. If it's using existing GSM protocols, the IMEI would have to be rotated frequently (and it's not that obvious how to do that without making the connection between the old IMEI and the new IMEI apparent), and the SIM technology would have to change. (What it's trying to prove in a privacy-friendly communications system is more like subscriber entitlement, not subscriber identity!)

There's also the "netheads and Bellheads" theory from the 1990s which can be taken to say that phone companies would never make technical changes to make themselves collect less data, or to be less helpful to government surveillance. Sometimes I think this is right. I still remember how I took part in a meeting with a mobile phone industry association or industry consortium of some sort about a year before the Snowden stuff. Someone on my side said "so, let's talk a bit about surveillance issues", and someone on the other side replied "sorry, that's something we don't talk about". Imagine an industry meeting with privacy advocates where the industry people are completely precommitted to not talking about surveillance!

If we accept that the right to privacy is real, that not being followed, watched, and monitored every hour of my life, is something democratic societies should strive for:

Why do criminals have more rights than I do?

That's very easy to square by just accepting that people are allowed to have private communications.

That's only the case because the truly secure and encrypted networks are not the default.

Your reasoning is so biased that it is hard for me to wrap my head around it, but at the same time it's very common because it confuses the tool with the crime. Criminals use cars and phones, too, but we don't ban them for everyone.

The argument ignores the catastrophic cost of the solution: destroying privacy for all of us. Creating a backdoor for police doesn't just hinder criminals; it makes everyone's data, from journalists to your medical records, vulnerable to hackers and abuse.

I believe we stop crime with good policing, not by building a system of total surveillance that sacrifices the very freedom we're trying to protect.

But this has been "squared" already. Can the police enter your home without a warrant? No? Why? I bet criminals are pretty secretive around their stuff too, no?

I'm unconvinced that secure communications is the bottle neck when it comes to criminal prosecution. We can expand police power without sacrificing our communications like that.

Anecdotally, take a look at China where privacy doesn't exist and yet Chinese syndicates are responsible for a major chunk of the issues you've listed. So clearly lack of privacy doesn't even correlate with decreased criminal behavior.

This is the "witch hunt" problem.

If you have two networks, one encrypted and one not, and the unencrypted network is significantly easier / cheaper to use or has better network effects, that's where most people will naturally flock. The only ones who will put in the effort to use the encrypted one are criminals and a few principled technologists / civil libertarians. In such a world, the mere fact of using the encrypted network is suspicious in itself.

We define "criminals" here as "anybody the government doesn't like." In the US, this is mostly child predators, drug traffickers, thieves, and maybe a few (legal) sex workers. In other places, this is mostly homosexuals, human-rights activists, journalists and the opposition.

The way to fix the "witch hunt" problem is to make all networks encrypted and secure.

While cryptocurrency is mostly used by criminals, as the traditional financial system is just good enough for most people, TLS is used by everybody, as it is just the default way to do things on the internet nowadays. This is despite the fact that TLS makes wiretapping criminals' communications much harder.

The US and Europe[1] should use the influence they have over standards bodies to make prosecuting the latter group of "criminals" much harder, recognizing that this comes at the expense of also letting some criminals in the EU/US sense of the word run free. It is just the morally right thing to do.

[1] I mostly mean American and European companies and organizations which participate in the process of standard setting, not governments, which mostly cannot do things for complicated political reasons.

So get ready to be legally bound to leave your front door unlocked because some people store stolen loot behind locked doors!

Better remove the locks on your house and bathroom and set up a public webcam while you're at it. After all, I'm not sure you're not a criminal, and to be sure of that I — and the rest of society — need to be able to observe you in your bathroom.

"innocent until proven guilty" exists for a reason.

> However, how do you square that with the proof, time and again, that truly secure and encrypted networks are primarily use by criminals

Do you have a URL for this proof?

(If it's true, that would be good to know.)

Me and the government have slightly differing opinions of what a "criminal" should be. I am a gender outlaw in many states

You ready to drop encryption between you and your bank?

... They said, on a forum where everyone is posting and reading using connections encrypted by TLS/HTTPS.

I don't see how you've become a criminal just because you don't want somebody in the same coffee shop to see what you're posting or browsing.

Is it fine because it's not "truly" secure? How secure is so secure that it crosses the line and becomes evil?

It’s quite easy to square: your argument is nonsense through and through, barely deserving an iota of rebuttal. I could justify absolutely appalling invasions of privacy with what you’re saying.

We are not beholden to ruining everything for almost everyone to stop a small fee from doing bad things. It’s not any more complicated than that.

This is nonsense. By your logic me and the majority of people using Signal are criminals.

As the other commenter mentioned please provide proof for these hyperbolic claims.

Airbnb as well, at least in principle, if not in implementation.

Airbnb Is Banning People Who Are ‘Closely Associated’ with Already-Banned Users - https://news.ycombinator.com/item?id=34983871 March 2023 (119 comments)

h/t HN user dmitrygr

I have no idea how this isn’t illegal. I’ve experienced the same horrifying loss of anonymity before. People I met long ago and definitely do not want knowing my real name showing up as Instagram suggested friends.

Or people who stay next door at an Airbnb and I had a quick chat with in person, like I didn't give them any contact information nor did they give me theirs so how ...

Isn't buying a SIM traceable by itself? if for example the shop has CCTV recordings or the email where you got the eSIM

I am not sure I agree with this. I don't think that running out of battery or rebooting a phone is that rare.

But more importantly, if these events are noticeable and Alice does what you suggest she is probably going to highlight her location. Especially if she naively waits till she is 15 minutes from home to switch her burner on. Over time there will be a circle around her house of no burner phone network attach events.

>For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.

Why not just get an EE SIM if that's your main use?

Are you able to select which mobile network you use? At least in the US the price for tmobile is about triple that of att so it would be pretty hard to predict your spend if it switches between them without warning.

Going to buy a prepaid SIM registered under an arabic name in europe is probably the safest way of getting traced by a government

IMEI + cell tower triangulation easily makes it traceable. If the authorities want to find you, they can.

You should never turn on your burner in a place where you use your regular phone, duh.

It's because the government regulations only apply to Chinese citizens. My first trip to China was back in the '00s, and I went for work. I was also surprised to find that my home SIM worked just fine there without any interference from the Great Firewall.

Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!

So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.

They bypass the firewall precisely because they're roaming SIMs. Their internet connection goes through the home operator.

I imagine they simply don't allow selling such SIMs in China. It would be extremely easy to track and flag any that were e.g. used for longer than a few weeks.

It's how data roaming works in general -- it's tunneled through to the SIM's home provider. Conversely, a Chinese SIM roaming overseas is still subject to the Great Firewall.

They just don't enforce the exact same restrictions on roaming users. I suppose there are risks of tourists spilling the beans, so to speak, they just don't view that as a severe unmitigated risk.

At least where I live tourist SIMs are restricted to 2 weeks, then need to be converted to a local SIM (with ID requirements).

And anyone leaving would have their immigration status expire and the SIM is turned off then unless you provide some other proof of residence.

It doesn't specifically help with obtaining a SIM without presenting ID, but it does help make it easier to avoid later leaking your true identity to Google/Apple/etc. once you start using the phone.

> Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.

How many cameras did you just go by? did you have your cell phone on you? how many networks did it connect too? how many bluetooth broadcasts did it passively send out? Not being tracked and being in public are slowly becoming an untenable duo.

There are other alternatives https://meshtastic.org

It's mostly open source. https://github.com/meshcore-dev/MeshCore They have a couple minor things that are paid features.

Almost like ethernet, if only there were a way to fix that

MeshCore has verified public key sharing; see what happened to the other network at defcon. Direct messages are encrypted.

I’ve tried them on snowmobile trails. With the vegetation the range was about a mile.

Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.

Range is line of sight. If you can see it, even if 100 miles away, odds are it'll work. Seattle area has one of the better networks for MeshCore. Tacoma to Vancouver BC is the range for semi reliable messaging

And illegal to obscure/encrypt: http://www.arrl.org/part-97-text

This stood out from me as odd from the article too, but that's definitely a plausible explanation.

I could easily see a phone with some sort of location tracking saving GPS data points internally until it can reach a network again to send them out.

This one's a good overview where he references his own deeper dives into the tech details. Disclaimer he's selling his own de-googled phone but he's transparent about it

https://www.youtube.com/watch?v=_I9bFIrFhDs

That's far, but good to know.

You could have also just bought a T-Mobile SIM and then activated a pre-paid plan with just credits you buy with whatever you want. You can get them for cryptocurrency as well on a lot of places.

Phones with MediaTek basebands are able to change their own IMEIs. Do with this information what you will.

As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.

My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.

Since then, plane electronics are better insulated making it less of a problem.

How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).

Sony BRAVIA

Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.

Funny how airplane mode didn't work.

That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.

I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.

This wiki article is a nice overview: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Dete...

Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS

Rubbish!

I have an iPhone 16 and it has a sim slot.

only in US.