Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Communications Privacy Cellphones Government Handhelds Security

Ask Slashdot: How To Bypass Gov't Spying On Cellphones? 364

Posted by timothy
from the excuse-me-while-I-snap-this-glove dept.
First time accepted submitter jarle.aase writes "It's doable today to use a mix of virtual machines, VPN, TOR, encryption (and staying away from certain places; like Google Plus, Facebook, and friends), in order to retain a reasonable degree of privacy. In recent days, even major mainstream on-line magazines have published such information. (Aftenposten, one of the largest newspapers in Norway, had an article yesterday about VPN, Tor and Freenet!) But what about the cell-phone? Technically it's not hard to design a phone that can switch off the GSM transmitter, and use VoIP for calls. VoIP could then go from the device through Wi-Fi and VPN. Some calls may be routed trough PSTN gateways — allowing the agencies to track the other party. But they will not track your location. And they will not track pure, encrypted VoIP calls that traverse trough VPN and use anonymous SIP or XMPP accounts. Android may not be the best software for such a device, as it very eagerly phones home. The same is true for iOS and Windows 8. Actually, I would prefer a non cloud-based mobile OS from a vendor that is not in the PRISM gallery. Does such a device exist yet? Something that runs a relatively safe OS, where GSM can be switched totally off? Something that will only make an outgoing network connection when I ask it to do so?" And in the absence of a perfect solution, what do you do instead? (It's still Android and using the cell network, but Red Phone — open sourced last year — seems like a good start.)
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How To Bypass Gov't Spying On Cellphones?

Comments Filter:
  • Don't play.... (Score:5, Informative)

    by bobbied (2522392) on Thursday June 13, 2013 @12:45PM (#43998145)

    The only way to win is not to play...

    Or, buy a new handset and phone number for every call and only pay cash.

    • Sign language. The US government is short of interpreters, especially for cell phone intelligence.

    • by SirGarlon (845873)

      Or, buy a new handset and phone number for every call and only pay cash.

      And don't call anyone with, because the NSA is also monitoring all the incoming activity at the other endpoint of your call and can very likely deduce your identity that way.

      • And I could only assume that they have the technology to deduct to at least some degree of accuracy the identity of a person based on voice. If not, it will come.

        • this is not what he meant.

          It is very easy to analyze the identity of the caller by just nabbing the other side, unless the other side is also using a disposable cell phone.

          This is how police capture thief of stolen phones.... by contacting people who have been called from those phones.

      • by bobbied (2522392)

        Really? When the ANI (calling number) along with the ESN is changed after each call? I think that would throw off all but the most diligent of investigators. They would have to have a voice tap on the dialed phone (which requires a fully blessed search warrant and not just a FISA kangaroo court approval) to do any kind of speaker identification. You *MIGHT* be able to infer who the speaker is though the handset location, but that implies you have some kind of previous knowledge about locations. My idea

    • by TWX (665546)
      Just to hazard a guess, but if you're not using a cell phone then they can't intercept it. If you're not using a landline then they can't intercept it. If you're not e-mailing anything then they can't intercept it. If you're not mailing something then they can't intercept it, though I would think that mail would be the hardest to intercept if you were mailing and using random public mailboxes to send and if your recipients were using straw-purchase PO boxes or else third-party mailbox stores.

      How about
  • by Skewray (896393) on Thursday June 13, 2013 @12:46PM (#43998163) Homepage
    I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.
    • by rmstar (114746)

      I buy a $15 cell phone at Staples. It comes with $10 in minutes. Then I chuck it.

      That's an easy loophole to plug: just require registration to buy a phone. It is that way in Germany, I think.

      • by amiga3D (567632) on Thursday June 13, 2013 @01:00PM (#43998327)

        Hell in the US they can't even keep non-insured non-licensed drivers off the road. Registering phones? Hah!

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Cars don't require a connection to centralized infrastructure.

      • by redmid17 (1217076)
        When I lived in Germany you couldn't buy a pre-paid phone from a store without ID, passport if you were a foreigner, or maybe it was just the SIM. No one every checked if you were just purchasing minutes though and you didn't have to register a privately purchased phone as long as you had a SIM card. Circa 2003 and 2007 respectively
    • by HWguy (147772) on Thursday June 13, 2013 @01:01PM (#43998333)

      Brian, I assume you paid in cash.

      Do you know how much information the Staples inventory system has? Does it store things like the phone's Mobile Identification Number? It certainly logged the time the phone was sold and the location, perhaps flagging your cash transaction. Hopefully you smiled at the various cameras in-store and in the parking lot that recorded you driving up and buying the phone. ;-)

      • by hawguy (1600213)

        Brian, I assume you paid in cash.

        Do you know how much information the Staples inventory system has? Does it store things like the phone's Mobile Identification Number? It certainly logged the time the phone was sold and the location, perhaps flagging your cash transaction. Hopefully you smiled at the various cameras in-store and in the parking lot that recorded you driving up and buying the phone. ;-)

        Buying with cash is definitely important.

        I almost brought up the same point about the cameras, but then I realized that if the goal is to keep broad surveillance from tracking him, cycling through disposable phones will do this unless Staples is turning over security camera footage to the NSA for facial recognition.

        If the phone was used to commit a crime, the government could probably track it back to him through security camera footage, but they aren't going to be able to track his past few years of moveme

        • Re: (Score:3, Insightful)

          by bsDaemon (87307)

          pay some kid $20 to guy buy the burn phone/SIM for you. What kind of tradecraft master or wanna-be actually goes and buys their own burn phone?

      • by Nutria (679911)

        Hopefully you smiled at the various cameras in-store

        Or wear a baseball cap and hoodie. Preferably with a full beard. And an a heavy foreign accent.

      • So you pay 5 extra bucks to get the illegal immigrant hanging out at the home depot next to staples to buy it for you, or send in a kid.

    • Here are some problems with that:

      - Did you pay with a credit/debit card? If so, that shit's logged.
      - Did you modify your appearance to foil the likely Internet-connected security camera watching the cashier? If not, evidence of your purchase is available there.
      - Did you take the car you normally use to the store? If not, it's possible parking lot security cameras have identifying information on you, including a license plate number.
      - Cell phone towers are at least capable of logging the towers and RSSI of

  • by ugen (93902) on Thursday June 13, 2013 @12:46PM (#43998165)

    Once you jump through all those loops, who will you be talking to? And if such a person exists, he probably already knows what you are going to say, so why bother calling? :)

    • by gl4ss (559668)

      Once you jump through all those loops, who will you be talking to? And if such a person exists, he probably already knows what you are going to say, so why bother calling? :)

      that's the thing. if everyone else is already tapped, what's the point. in fact this is how the prez and congress are justifying tapping everyone, because everyone might be called or might call someone or be somehow part of someone elses call network who might be aiding the enemy(so yeah if someone on your call network ever called someone who might have made a call to somali, yemen, iran or whatever country they label as suspicious this week then you're on the metadata list!).

      otherwise just getting some end

  • Flooding (Score:5, Interesting)

    by Phoenix666 (184391) on Thursday June 13, 2013 @12:52PM (#43998237)

    The NSA needs to be flooded with false positives. They need to have so many false positives generated that their illegal, unconstitutional spying is rendered moot.

    On the other side, we need to surveille every member of Congress and the Executive and have their every move published on a publicly available site. After all, if they have nothing to hide then they shouldn't worry, right?

    In a perfect world the President and every member of Congress who signed off on this unconstitutional behavior would be impeached. But I know this is not a perfect world. So instead I will advocate a world where we turn the panopticon on itself and make them suffer three times for what they make us suffer.

    Tyrants must always be hoisted on their own petards.

    • The NSA needs to be flooded with false positives.

      Undead Osama, is that you? Phoenix666 was a bit obvious...

    • by Grave (8234)

      Flood them with too much data? They can't sort what they have now, but they sure can store a lot And if they start to run low on space, they'll just make Congress fund another yottabyte of storage.

    • by Sarten-X (1102295)

      So in other words, we need to do absolutely nothing. The reality is the NSA already has more data than they can act on. Sure, they can analyze your phone calls and emails and figure out that you're the sort of person who is influential among your friends*... you could be a terrorist leader, or you could be a town gossip. It's far more likely to be the latter, so without more evidence, there's little point in pursuing you.

      On the other hand, once you do do something that arouses suspicion, they can use your p

    • Re:Flooding (Score:4, Insightful)

      by onyxruby (118189) <.onyxruby. .at. .comcast.net.> on Thursday June 13, 2013 @01:53PM (#43999059)

      Wonderful idea, you and a few thousand buddies are all going to crapflood the NSA. The NSA, an organization that is arguably the best in the world at sorting noise from signal. Check your ego at the door and realize your an amateur pretending to play in the big leagues.

      Want real change instead of feel good crap that doesn't do a damn thing? Call, or better yet, write your congress critter and demand change.

    • The NSA needs to be flooded with false positives. They need to have so many false positives generated that their illegal, unconstitutional spying is rendered moot.

      On the other side, we need to surveille every member of Congress and the Executive and have their every move published on a publicly available site. After all, if they have nothing to hide then they shouldn't worry, right?

      In a perfect world the President and every member of Congress who signed off on this unconstitutional behavior would be impeached. But I know this is not a perfect world. So instead I will advocate a world where we turn the panopticon on itself and make them suffer three times for what they make us suffer.

      Tyrants must always be hoisted on their own petards.

      Might I suggest that you be the first to generate all those false positives? I'm sure you'll have no problem with the black SUV's that show up at your house.

      • Gladly, coward. They can show up in all the black SUVs they want. The cameras I have mounted streaming that activity will evoke no reaction at all, I bet.

  • Umm (Score:4, Interesting)

    by wbr1 (2538558) on Thursday June 13, 2013 @12:53PM (#43998249)
    How about Ubuntu Touch? Linux core, can run VPN, TOR all the other goodies, and being OSS and linux you are free to investigate code and roll you own solutions on top of it.
  • by onyxruby (118189) <.onyxruby. .at. .comcast.net.> on Thursday June 13, 2013 @01:03PM (#43998365)

    There is absolutely nothing you can do because the government has root for any given phone (if nothing else through a warrant). Own the network and you own anything going through it. Your encryption means jack when their are appliances that do nothing but decrypt and re-encrypt traffic at very high rates of speed. You could get a separate phone just for having private conversations (ala drug dealer). You would quickly find out that they can determine that number (doesn't matter how you got that phone). Once they know that number they can just tap that through the same phone system.

    Want some level of privacy and to ensure that the government at least has to get a warrant to read your supposed to be private conversations? Go old school, visit this antique shop called a Post Office and buy a roll of stamps and envelopes. There is well established legal doctrine that says snooping on your mail can only be done with a warrant.

    Don't like my answer? Call your congress critter and demand change.

  • HAM Radio? (Score:4, Funny)

    by littlewink (996298) on Thursday June 13, 2013 @01:05PM (#43998389)

    It's waiting for you.

    • by red_dragon (1761)

      Encrypted communication on amateur radio bands is prohibited by law in the US, so transmitting an encrypted signal just invites spooks to triangulate your transmitter's position.

      • That's what code is for. Not encryption, code. Talk in codewords. Get a ham license (or better yet, don't get one) then get a 2 meter radio, and move somewhere with an autopatch. That goes a long way towards giving you an anonymous outgoing phone number. And I'm guessing the spooks aren't just standing by to triangulate positions. That shit takes actual work by people, as opposed to harvesting tons of digital communication, which is easily done by computers.

        Again, this is assuming that you're up to
      • by Teckla (630646)

        Encrypted communication on amateur radio bands is prohibited by law in the US, so transmitting an encrypted signal just invites spooks to triangulate your transmitter's position.

        One could always use Steganography [wikipedia.org].

  • This country is doomed. I'm not sure anything can be done at this point other than put your head between your legs and wait for the wreckage to come to a complete stop.
  • Encrypted phones (Score:5, Informative)

    by Animats (122034) on Thursday June 13, 2013 @01:22PM (#43998651) Homepage

    There are encrypted GSM phones [cryptophone.de] with end-to-end encryption when talking to a similar phone. They're overpriced and hard to buy, but available. The source code is available so you can see how it works. It's classic Diffie-Hellman 4096-bit key exchange to establish a session key, followed by 256-bit AES encryption for the data.

    It's too bad OpenMoko tanked. That was a totally open source phone down to the hardware level. That plus Cryptophone-compatible code would have been trustworthy.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Openmoko is not tanked.

      OpenPhoenux project, coming from Openmoko community, may be the answer for all those needs. It has less resources than Openmoko had, as it's done by a small german company Golden Delicious, but thanks to that it makes small moves rather than big and crazy that Openmoko did, so it's less likely that it'll completely fail like Openmoko did.

      Old Openmoko Neo Freerunner already was perfect for such purpose, but it's a bit unusable for anyone who's not hardcore geek always being ready to us

  • If you're going to fight for privacy and rights and puppies and things, then do things toward that goal. Securing your own phone doesn't do that. It just makes work for you. Unless you really do have something of interest to them. Which you probably don't.

    Use your efforts to write letters, keep informed so you can vote intelligently, educate people, publish something, or whatever. Securing your own phone is just "I got mine." Worse, it's probably wasted effort.

  • Honestly, your best hope is going to be Ubuntu Touch. It will give you a hell of a lot more control over your phone than android. It is straight up linux, so if you know what you are doing on a linux box, you, in theory, should be able to cut off those phone home's and shit.
  • For sure they will not understand what you say. The more different from English, the better. For example, Arabic is a good option.

    Oh, wait...

    • Re: (Score:2, Funny)

      by Anonymous Coward

      How about British English?

    • by PPH (736903)

      Navajo. No, wait. That's domestic, not foreign.

  • If your that concerned with your privacy then leave the grid. Go cash only and NEVER appear on camera or leave a network footprint. It's possibly if your careful to effectively disappear from the watchers but you have to tip toe like your in an active mine field.

    If you want privacy just don't get a cell phone, they are pretty much the most track-able device that people carry day to day.
  • Redphone, huh? (Score:5, Informative)

    by geminidomino (614729) on Thursday June 13, 2013 @01:51PM (#43999027) Journal

    Funny how a privacy-oriented app like TextSecure (text app from the makers of Red Phone, mentioned in TFS) wants to access my Device ID, SIM serial number, and Subscriber ID...

Be careful when a loop exits to the same place from side and bottom.

Working...