[Qn] Possibility of anonymity on cellular networks
 

Bold statement, considering how many people are interested in the project and donated/pre-ordered already.

Other than that, I sympathize with need for pages reception, and HAM-friendly receiver (although, the latter can be achieved easily via USB dongle). Hoever, I don't quite see point of changeable IMEI (even putting aside fact that it won't happen AFAIK, for zillions of reasons), as in my book, it doesn't help to avoid being spied on (as you've stated yourself, sole fact of using GSM&friends service means accepting being traceable to some - not small - extent), and would, IMHO, only serve as snake-oil anonymity "measure", or promoter of fraudulent illegal activities.

Cheers,
/Estel

Re: Neo900 - finally a successor of N900
 

I'm not sure if I should make a separate thread to discuss the following, but I would be willing to donate 1000+ euros for the development of a computer that allows someone to protect her own privacy by writing software that can restrict the amount of information revealed to the bare minimum necessary for a given task. The approach being taken by the creators of the Neo900 in which the software can generally restrict each component/technology is exactly what is needed, but I'm not sure if the priorities of the project are otherwise 100% aligned with the order of importance:
1. Portability made possible with the kind of hardware that can be easily used in temporary locations (like a good keyboard) is the most important requirement because, even if privacy is compromised, one can always "erase" the most sensitive information by simply changing her location.
2. Simulcast reception technologies such as paging and dvb-t are the second most important tool for privacy because, lacking transmission, these are the only communications that can't be tracked by the physics of triangulation.
3. 802.11/"Wifi" technologies are the next most important because, although they might reveal location by triangulation and/or IP address, the identity of the device being used at the location can be protected by changing the MAC address every time one connects to the network, additional network layers like TOR can be used to disassociate the other metadata, and software encryption can be used to protect the content from interception or correlation attacks to anonymity.
4. Cellular transmission should be used only when absolutely necessary because it can be triangulated at a longer range than Wifi and, in addition to being under centralized/coordinated control, meticulous records are maintained of the radio activity at access points/towers. Moreover, service activation is often linked to the identity of one's physical body (with payments for service recorded by video camera if paying with cash or else traceable back to bank account information which has been verified by photo id) and, even if service is purchased anonymously, actually using the service by connecting to the cellular network should not downgrade this protection to mere pseudoanonymity by the use fixed IMEIs or MEIDs to track the identities of devices (which creates another avenue for correlation attack).

There are other devices which accomplish #1 and #3 (and some of them quite affordably such as the Zipit Z2 which sells for only 15 euros), but the reason the Neo900 is needed is to also solve #2 and #4. However I am concerned that the creators aren't going to:
A) Include a paging network receiver because this seems to have been more of a "maybe" than a "must have" in the discussion of features.
B) Include the ability to program the MEID. The German Neo900 creators don't seem to realize that on the CDMA networks that are used by half of the carriers in the USA and in Asia, carriers will not activate MEIDs for phones that they don't brand/sell themselves. So there is no point in including an option for CDMA modem if the MEID cannot be changed to meet the requirements of the carrier and, as described above, even with GSM phones a changeable IMEI will be necessary to protect anonymity.

As mentioned, I am willing to donate 1000+ euros for the development of a device that can satisfy these requirements (even if I can't get one myself I would like it for the good of humanity), but if the specifications of #2 and #4 aren't met then there's no point in building the Neo900.

Re: Neo900 - finally a successor of N900
 

while I sympathize with your general approach, i'm afraid we can't deliver what you're asking for. E.G. CMDA is binding accounts to IMEI (MEID in CDMA?), so faking another IMEI would mean doing fraud on another account. Generally carriers allow roaming with alien hardware, given the hardware has been approved by the carrier, which our modems generally are.
Even for GSM you theoretically could change the IMEI but you nevertheless would need a new SIM for every new call to stay anonymous. And even then there are other more sophisticated methods to determine the type/build of a device even when IMEI got changed - think "electronic fingerprint".

Bottom line: sorry, anonymous legal mobile communication is a dream, unless you use FRS/PMR or other peer2peer radio techniques. And for sure Neo900 won't go embrace illegal stuff like IMEI forging.

cheers
jOERG

Re: Neo900 - finally a successor of N900
 

I'm sure you already understand this and that your response is motivated by the fact that if the Neo900 isn't 100% regulation compliant then it won't exist at all, but I think it's worth saying that the identification of the type/build of device is not the problem -- it's the identification of the specific/individual device that allows the spies to use correlation to build the identity of the user (as well as other private information) bit by bit over time. So the danger is that, for an expensive device that might be kept for many years like the Neo900, these bits will eventually add up to a dangerous lack of privacy, but that doesn't mean one needs to use a new IMEI for each and every single call to completely prevent each and every single bit from ever being revealed because one will still maintain privacy as long as she uses sufficient precautions (such as end-to-end encryption and TOR) to prevent too many bits from accumulating before the IMEI is changed. So one would simply purchase a cheap prepaid phone with cash, destroy the prepaid phone after inputing the necessary information to the Neo900, and repeat every time the prepaid service is exhausted.

This would not be fraud even though I don't know if it would or wouldn't be also illegal in various countries, but there might not be any other way to use the Neo900 with some common carriers because, even if the Neo900 modem is approved by the carrier, it's my understanding that the second biggest CDMA carrier in the US, for example, approves different devices for different service plans, keeps track of whether or not an individual modem was installed in one of the types/builds sold by the carrier (perhaps also in cooperation with the manufacturer of the type/build), and might not approve a specific individual modem for which the manufacturers they have a relationship with don't have any records of installation, regardless of whether or not they have approved the same type of modem in other devices.

Nevertheless, I understand that embracing "illegal stuff like IMEI forging" cannot be a feature of the Neo900, but I just wanted to bring the topic to everyone's attention because I know there are FCC approved devices on the market with firmware bugs that make such hopefully-legal privacy protections possible and, if the same thing doesn't end up being possible with the Neo900, then my desire is that Neo900 purchasers will at least benefit from the protection of the page receiver and removable cell modem ideas that were previously discussed.

Sorry I reposted instead of "editing" so your response now shows before my original post, but I don't think the tremendous interest in the Neo900 project undermines the importance of #2 and #4 because the proposal already addresses these to some extent (for example, by having the main computer control the connection of power and antenna to the modem). So I'm just saying it would be a shame for the project to compromise on the aspects that are already partly responsible for its popularity.

As to the acceptance of being traceable inherent to GSM, a changeable IMEI would only be traceable back to location, but location is meaningless if it can't be linked to identity or correlated to past/future communications from the same device or person. For example, in a busy/crowded location I can always tell you that *some* IMEI is connected to the cellular network without looking at any data from the cell towers at all. And if you think anonymity only promotes fraudulent activities then why take the precautions that the Neo900 takes at all? Why not just buy a standard device and let the NSA spy on you?

Re: Neo900 - finally a successor of N900
 

excerpt from carrier's logfile:
[lots of other noise]
2014-05-10 14:55:01: new device logged in first time; IMEI: 12345678-001; IMEI allocated to a 10$ phone but fingerprint shows it's used on PXS8 cinterion modem.
2014-05-10 14:55:48: IMEI: 12345678-001; Call to 001555123456789
2014-05-10 14:58:22: IMEI: 12345678-001; Call to 001555990000077
[lots of other noise]
2014-05-10 15:02:14: IMEI: 12345678-001; Call to 001555221111111

[lots of other noise]

2014-05-11 20:15:44: new device logged in first time; IMEI: 12345678-066; IMEI allocated to a 10$ phone but fingerprint shows it's used on PXS8 cinterion modem.
[lots of other noise]
2014-05-11 22:11:22: IMEI: 12345678-066; Call to 001555990000077
[lots of other noise]
2014-05-11 22:48:17: device logged in; IMEI: 12345678-066; IMEI allocated to a 10$ phone but fingerprint shows it's used on PXS8 cinterion modem.
2014-05-11 22:50:00: IMEI: 12345678-066; Call to 001555123456789
[lots of other noise]
2014-05-12 04:12:59: IMEI: 12345678-066; Call to 001555221111111
[end of quote]

That's how correlation works. Nothing you can do against that, it even works simply based on the number you call and the location where from you call (left out this as well as a lot of other parameters from my made-up logs up here). And that's not even evaluating how detailed the fingerprinting can get, they might be able to identify a particular single transmitter when they use sophisitcated lab equipment, by exactly checking calibration details, timing, other individual significant stuff.



Honestly, forget about it. If you need to do anonymous phone calls, you should put on sun glasses, a red nose, a base cap, ZZ-Top beard, and use a public phonebooth far away from your home.

Pagers are a big problem since as far as I know there's no worldwide standard, so we would need a special hardware variant for every single country or even country district we deliver Neo900 to. While via Neo900 expansion connector you already can plug in your matching POCSAG pager module, once you got it working for your local pager service/frequency/encoding

Re: Neo900 - finally a successor of N900
 

Of course I'm not, and I was sure you could notice that by my interest in (ab)using HAM standards for data transfer and pagers.

But, as mocked up in the post above this, changing IMEI is a snake-oil for people seeking anonymity (joerg used more technical terms to explain what I was referring to in my last post).

The only real use case i Can think of for changing IMEI (apart from educational experiments) is to allow thieves to easily re-sell device in countries, where stolen IMEI is blocked nation-wide. Which is a snake-oil for buyers of those stolen goods too (BTW, they may be unaware of stolen state of device, purchasing it from e-bay like sites, etc), as if anyone show reasonable (but achievable without zillions of dollars) effort, it can be tracked after IMEI change, too.
---

Personally, I prefer Neo900 focusing on things that are *really* working (also working for supporting privacy), instead of things that just "look good" in a paper for average, who got all hyped up about PRISM.

/Estel

Re: Neo900 - finally a successor of N900
 

While I think IMEI spoofing is no more wrong than MAC address spoofing in itself, usable for several legitimate reasons, and I would love for it to be supported, people shouldn't hope that it allows you to remain anonymous.

In fact, people concerned with privacy should note that all phone-privacy-related moves, such as phones only turning on and connecting to a network for brief periods of time to make single calls and then disconnecting, is already automatically detected and treated as a flag for increases monitoring and suspicion by some NSA programs.

Re: Neo900 - finally a successor of N900
 

You'd be the expert on this, but I'm skeptical of your claim that a single transmitter could be identified because that would mean the communication code is leaving behind extra bandwidth.

But voice calls aren't secure because the metadata can't be obscured and the content probably wouldn't be encrypted. So, yes, a pay phone or disposable prepaid mobile would provide more anonymity for that, but the reason we'd need a smart phone like the Neo900 is if a Wifi connection isn't accessible and we'd like to transmit non-voice data whose metacontent can be obscured with something like the TOR network. So there'd be no:
Call to 001555990000077
Call to 001555123456789
Call to 001555221111111
...just a PXS8 modem with a given IMEI connecting to TOR from a given location. Could be another Neo900 or even another type of phone or maybe even 10 different ones leaving a busy train station and maybe 10 more on the return trip.

There's a difference between the 47 bits of the IMEI and the 1 bit represented by the question "PXS8 or not PXS8?" and I already have my carrier and my government telling me how many bits of my privacy I do or don't need to protect.

Without the Snowden revelation I doubt the Neo900 would be as popular as it is. People want to reign in control over their own lives and data and that happens 1 bit at a time. 1 bit is supposed to be all it takes to keep someone out of jail, but since people are getting sent without trial to Gitmo nowadays we need a few more.

IMO anonymity is relative: more vs less, not yes vs no.

Although I wouldn't confuse the amount of conditional entropy of the IMEI with its absolute entropy, it suffices to say that every bit I manage to successfully withhold is an extra bit the NSA needs to get via compromising TOR (easier) or by building a quantum computer (harder).

Re: Neo900 - finally a successor of N900
 

Absolutely. My point is I'm pretty sure that if you start at 'less', and add randomizing IMEI, you will not get substantially (or even noticeably) closer to 'more'. In fact, your efforts may even earn you more notice in the algorithms the spy agencies use to monitor phone movements.

Honestly, I'm at the point where I don't even know that I trust TOR. I would assume any given exit node is more likely to have been compromised than not, given the various intelligence agencies' sophisticated arsenal of malware, especially zero-days up their sleeves.

Re: [Qn] Possibility of anonymity on cellular networks
 

My operator sends settings sms depending on the fingerprint results, though N900 gets misidentified or identified as something else, as I get internet, wap and mms settings... Accepting fhe settings makes n900 unable to use cellular data, as n900 doesn't do wap or mms (and fmms isn't able to add mms settings sent by operator)

So yeah, weird imeis would stand out in a TLA logfile analysis.. One could even wonder if popular phone with bugs allowing imei change isn't intentional so that the so called radicals can tag themselves and maks TLA job easier...

Re: [Qn] Possibility of anonymity on cellular networks
 

Anonimity and privacy is not possible in raw GSM telephony.

You can acheive a higher level of privacy by using higher abstraction communication protocols like openvpn, gpg, otr, sip+srtp etc.

It might be possible to be slightly more anonymous by using modem with an open source firmware and doing the tricks you mentioned above. But it was already said that it's possible to fingerprint a given modem, whatever the IMEI is.
Read "Forensic Identification of GSM Mobile Phones":
http://www.dence.de/theme/Cakestrap/...tification.pdf

You could increase your anonimity in GSM telephony by buying a small, trusted device like Neo900 or OpenPandora and connect a GSM modem via an USB port. Change the sim card and modem often;)

Re: [Qn] Possibility of anonymity on cellular networks
 

Welllllllll yes and no. You're thinking about this traditionally.

Think about a service like redphone and how it functions. Overview of the architecture is here https://github.com/WhisperSystems/Re...cture-Overview

Basically the idea would be to mix signaling for plausible deniability using a central server, think tor node. This in theory makes the call anonymous. Ofc the cell company can still track location while in progress, but again you can shut off radio when not in use, or spoof mac and hop around wifi.

Traditional GSM and/or SIP this is not possible. There's likely ways to improve on the protocol they use (it's very centralized and I haven't done a review) but it's an improvement from traditional lines of thought.

EDIT: and yes ofc a small low-traffic'd mixer would be subject to timing attack for correlation by a large and well funded entity.