Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Android Network Privacy

A Phone Carrier That Doesn't Track Your Browsing Or Location (wired.com) 33

Posted by BeauHD from the too-good-to-be-true dept.
An anonymous reader quotes a report from Wired: As marketers, data brokers, and tech giants endlessly expand their access to individuals' data and movements across the web, tools like VPNs or cookie blockers can feel increasingly feeble and futile. Short of going totally off the grid forever, there are few options for the average person to meaningfully resist tracking online. Even after coming up with a technical solution last year for how phone carriers could stop automatically collecting users' locations, researchers Barath Raghavan and Paul Schmitt knew it would be challenging to convince telecoms to implement the change. So they decided to be the carrier they wanted to see in the world. The result is a new company, dubbed Invisv, that offers mobile data designed to separate users from specific identifiers so the company can't access or track customers' metadata, location information, or mobile browsing. Launching in beta today for Android, the company's Pretty Good Phone Privacy or PGPP service will replace the mechanism carriers normally use to turn cell phone tower connection data into a trove of information about users' movements. And it will also offer a Relay service that disassociates a user's IP address from their web browsing.

PGPP's ability to mask your phone's identity from cell towers comes from a revelation about why cell towers collect the unique identifiers known as IMSI numbers, which can be tracked by both telecoms and other entities that deploy devices known as IMSI catchers, often called stringrays, which mimic a cell tower for surveillance purposes. Raghavan and Schmitt realized that at its core, the only reason carriers need to track IMSI numbers before allowing devices to connect to cell towers for service is so they can run billing checks and confirm that a given SIM card and device are paid up with their carrier. By acting as a carrier themselves, Invisv can implement their PGPP technology that simply generates a "yes" or "no" about whether a device should get service. On the PGPP "Mobile Pro" plan, which costs $90 per month, users get unlimited mobile data in the US and, at launch, unlimited international data in most European Union countries. Users also get 30 random IMSI number changes per month, and the changes can happen automatically (essentially one per day) or on demand whenever the customer wants them. The system is designed to be blinded so neither INVISV nor the cell towers you connect to know which IMSI is yours at any given time. There's also a "Mobile Core" plan for $40 per month that offers eight IMSI number changes per month and 9 GB of high-speed data per month.

Both of these plans also include PGPP's Relay service. Similar to Apple's iCloud Private Relay, PGPP's Relay is a method for blocking everyone, from your internet provider or carrier to the websites you visit, from knowing both who you are and what you're looking at online at the same time. Such relays send your browsing data through two way stations that allow you to browse the web like normal while shielding your information from the world. When you navigate to a website, your IP address is visible to the first relay -- in this case, Invisv -- but the information about the page you're trying to load is encrypted. Then the second relay generates and connects an alternate IP address to your request, at which point it is able to decrypt and view the website you're trying to load. The content delivery network Fastly is working with Invisv to provide this second relay. Fastly is also one of the third-party providers for iCloud Private Relay. In this way, each relay knows some of the information about your browsing; the first simply knows that you are using the web, and the second sees the sites you connect to, but not who specifically is browsing there. In addition to being included in the two PGPP data plans, customers can also purchase the Relay service on its own for $5 per month and turn it on while connected to mobile data or Wi-Fi. The carrier is still working to bring its services to Apple's iOS. It's also worth noting that Invisv only offers mobile data; there are no voice calling services.
This discussion has been archived. No new comments can be posted.

A Phone Carrier That Doesn't Track Your Browsing Or Location More

A Phone Carrier That Doesn't Track Your Browsing Or Location

Comments Filter:

  • Shut up and take my money (Score:2)

    by Anonymous Coward
    'nuff said

  • All fun and games until (Score:4, Insightful)

    by NaCh0 ( 6124 ) on Monday August 08, 2022 @07:04PM (#62773320) Homepage

    This is all fun and games until a warrant is sent to this company.

    Then a nice mirror feed of data to the NSA will be demanded.

    Oh, the warrant will also require that they don't notify the users who are being tracked.

    Good luck with this!

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      "Pretty Good" seemed to acknowledge this, to my ears. They know it's not serious privacy, just kinda-privacy. Given the current assrape state I'd say achieving "somewhat better" was an easy bar to clear, an easy claim to make. This will affect what the logo on your phone's case has never affected.

      Maybe not as much as we'd like, but some effect is better than none.

      • You obviously have never heard of PGP (https://en.wikipedia.org/wiki/Pretty_Good_Privacy). Take a read before denouncing the name.

  • Surprised this is completely legal (Score:3, Informative)

    by davidwr ( 791652 ) on Monday August 08, 2022 @07:09PM (#62773330) Homepage Journal

    I'm pleasantly surprised that there aren't "(meta)data retention laws" out there that interfere with this.

    I don't know if it's still the case, but time was, land-line ISPs like cable companies and DSL providers in the United States had to keep certain information for several months if not longer. If these laws still apply, then Invisv may need to keep logs of your ISMI numbers going back several months.

    Yes, this is still a whole lot better than the current "you are the product, even if you are paying us for the privilege" model some cellular carriers use, but if you are hoping you can completely "disappear" using a system like this then use your device for illegal activities, well, "good luck with that," assuming the (meta)data-retention laws are still in effect.

    • its like one person with 30 phones... they are all registered to 1 person

      you can assemble the metadata and its trivial to do so

      in the EU you have to register the ISMI to a person

      this is just marketing

      • No, and no. It may be mandatory to retain any metadata you have, but this tech is designed to never give it to you in the first place. It is effectively a VPN and a browser / device obfuscation service baked into one. First, it uses your data connection to create a tunnel from your device to a relay server. Then, the headers from your device are stripped so the browser / device can not be fingerprinted by the header's specifics. That is how this tech works. So the ISP only sees your encrypted data to the se

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        You don't have to do anything in person in the EU. Back when I was in the EU, I used to buy throwaway SIM cards to register for stuff without getting spammed or giving away my real number. Never needed to do anything in person. The rules have not changed since then.

    • Re:Surprised this is completely legal (Score:5, Informative)

      by XopherMV ( 575514 ) on Monday August 08, 2022 @07:46PM (#62773400) Journal
      Telecoms track cell phone location so they can quickly route incoming calls and messages to your phone. This is basic functionality necessary for a cell phone to work properly. It makes no sense that someone would complain about their telecom tracking their location.

      That said, the need for this location data is ephemeral. There's absolutely no need for Telecoms to store that data long-term in order for those companies to track all the locations their customers have visited in the past. That's what customers really should get upset about.

    • Re:Surprised this is completely legal (Score:5, Interesting)

      by rudy_wayne ( 414635 ) on Monday August 08, 2022 @07:49PM (#62773406)

      I'm pleasantly surprised that there aren't "(meta)data retention laws" out there that interfere with this.

      People are trying to solve the wrong problem. Phone carriers keeping data about calls is not the problem - there are legitimate reasons to do that. The problem is phone carriers selling that data to marketers, something that should be 100% illegal.

    • I'm pleasantly surprised that there aren't "(meta)data retention laws" out there that interfere with this.

      There doesn't need to be. The majority won't bother with the carrier, the device manufacturers will make it incredibly difficult for any phone you buy to connect to it (at the competition's request), and if they do get big enough to become a problem, the tower owners will either buy them out, or refuse service to them.

      The problem with the idea of making yet another company to combat a given market-wide practice, is that the new company will either fail, or be successful enough to be bought out and merged

  • A phone carrier that doesn't track you.

    Novel concept, if it were "carriers" that were responsible for inventing all the shit the rest of the internet abuses to track you. What's next? Selling "dumb" phones again?

    Wake me when Stupid stops being The Product.

  • 95% chance this is (Score:5, Interesting)

    by hdyoung ( 5182939 ) on Monday August 08, 2022 @08:17PM (#62773452)
    run by the FBI. For those that doubt, look up the “ANOM” phone and read about it.

    I don't even feel like Im causing trouble by discussing it. Criminals are by and large a pretty stupid lot. They will eat something like this up, ask for seconds, and then be surprised when they and all their buddies get raided at the same night at 3:00 am sharp.
  • OK so I'll stick with payphones, got it.

  • Only data, not phone (Score:3)

    by gurps_npc ( 621217 ) on Monday August 08, 2022 @11:00PM (#62773762) Homepage

    They can only protect your internet data, not your phone data. No way to stop the phone company from knowing what cell tower picked up your phone call - if you use a traditional phone service.

    Of course you could set up a VOIP account and phone number. Surprised that Invisv does not offer that as a premium service. But they are new, perhaps that will happen later.

    I would be willing to pay $100 a month for a truly private VOIP cell phone service + unlimited internet.

    With any luck, this will become standard. We need to start fighting back against what most people think is the inevitable loss of privacy.

    • Good luck with that luck! Phone carriers are too interested in selling your data to marketers, to offer such privacy options.

  • In the extraordinarily unlikely event they're not lying, it's that they're not lying *yet.* Blink and you'll miss the change.

  • sounds like another anom phone setup. designed specifically to attract criminals in the promise of anonymity and thankfully most criminals are dumb as dog shit so many will take it up.
  • Dragnet surveillance on populations is a legal issue, not a technological one. Whatever technology comes along to prevent surveillance, another technology will come along to counter it. If you make it illegal with effective penalties & liabilities, the problems pretty much go away.

  • Dragnet surveillance will gobble up communications by this phone, and with how unique it is, how hard would it really be to de-anonymize?
    What the output on this page when viewed from the phone? https://amiunique.org/fp [amiunique.org]

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close