1. I wouldn't recommend buying used devices, you don't know what has been done with the device, what's running there, even if you reflash it from scratch. Try to buy somehow (anonymously) device in still original and sealed packaging.
2. One would need to first install modified AOSP/CyanogenMod with patched core libraries/apps/services to return fake/random values for device serial number, WiFi and Bluetooth MAC addresses. Otherwise some of the apps might leak this information over the air, even in clear text form.
3. You need to remove or somehow power off the GSM baseband, otherwise you can still be tracked.
I'm not an expert in this area, so there might be a lot other missing weak spots in this guide.
1. the chances that a random old device you bought at a fleamarket with cash is pre-loaded with an attack package thats targeted to you is low. Lower than say ordering a phone in its "originaly sealed" package. Since Snowden we know that Hardware is intercepted and modified. I am sure the package looks sealed afterwards.
2.Installing a ROM without the normal Google apps is something that is beneficial for this application.
3. in all the android phones i have taken apart the various antennas are easy to identify and remove. they are part of the back shell and can be peeled off or are sitting on their own little module that can be left out of the phone.
I'm curious why Whisper Systems aren't allowing registration with just a handle instead of tying accounts to a PSTN number. Telegram already allows this.
Yeah, that's their answer, and it's a ridiculously shallow answer. I don't understand how people who are so dedicated to communications security won't add such a seemingly simple feature. Even Wickr allows it.
This is stupid. Wants to be anonymous, uses Google.
Google records your calls, the number of times you access their service, the messages, the IP address you are using and happily shares this information with your favorite government information service.
Wake up. If you are not paying for the service from Google, YOU are the service..
The point is creating a new network identity that is not connected to your public identity, and let Google etc track it all they want. So it's pseudonymous more than anonymous.
You mustn't use your "onymous" Google ID on this burner phone, nor have any contact between your pseudonymous Google ID and your public Google ID. I guess the guide should spell this out more, I took it as implied when the guide started by buying a non-trackable phone with cash.
Edit: quote from the guide: "11. Only use this device for Signal (and maybe Google Authenticator, see #13) from now on to minimize its exposure."
It's even worse - simply using the same wifi point as your other Google accounts or even your friends will deanonymize you.
Trustable local software (so not GApps/Android) and a mix network is the only way to get anonymity.
I'd personally like to see communication apps that use TOR for messaging, with the option to explicitly break anonymity for voice calls - leaving your location untracked most of the time.
The question with anonymity and data securing always is - "who do you want to protect against?"
No matter how you set up Signal it's not going to help you against intelligence agencies - they'll just hack into your Android or use the available backdoors in your I- or Windows Phone.
Signal is very good (the best?) to encrypt your messages and to sabotage mass surveillance which aims at content analysis. Also not any random bored Data Scientist at WhatsApp will be able to read your stuff.
Controlling your meta-data is absolutely impossible with your day-to-day-smartphone anyway. You'd have to use stolen phones and SIM cards.
In my opinion it ALL comes down to establishing online best practices to keep suspicion-independent mass surveillance at bay. The rest is politics - if your police is super corrupt - they'll just break your fingers until you give them access to what they want.
Pretend there's a phone on my desk now that was bought by someone else via ebay and reflashed to cyanogenmod. There actually was, its owner forgot it while visiting, but you can pretend that you're a powerful snooping government and that's my secret phone that you want to hack. Not registered in my name, not purchased by me, maybe there's not even a SIM card in the phone. How do you go about "just hacking into" that phone or using the "available backdoors"?
The phone still contacts the network for E911 service. Locate the phone on your desk based on signal strength to towers. If the phone moved every day it would be easy to uniquely identify, but even if there's some false positives who cares? Then simply access the application processor through the baseband processor which is likely the same chip and pwnt-by-design given its secretive nature and the stakes.
The only reasons we trust Intel processors is because A. we have to, and B. we (think) we can audit all of its communications. Neither of these is true for a cell phone.
Good point, very good point, but you too are skipping the first hurdle: Learning the name of the phone's user, or even narrowing the number of candidates down from millions to thousands.
Well, usually there has to be a SIM card in your phone to use it for communication. That SIM card has an ID and sooner or later there is going to be a correlateable pattern - the location of a phone which happens to be close to you very often or simply a voice that can be identified as yours. It depends if NSA wants you and then figures out your alter egos or if its the alter ego they care first about and then they'll try to figure out who's the real ego.
What's the satisfaction to be 100% untraceable anyway? The practially and politically relevant idea is to not cater your data to them.
WLAN is sufficient for a lot of use in some use cases, but that's a digression. The main point is that even if you do have zero-day exploits, just finding the phone can be a big, big hurdle, particularly if you don't know the name of its main user.
Just to clarify, if you use Signal, there is no meta-data. Who you called, who called you, the call times, and so on are hidden. It's like with Tor and how your browsing history isn't saved. All the WIFI network operator can know is that you accessed Signal to make a call / text.
Uh, I'm not sure about that. TOR uses many layers of obfuscation in its attempt to hide where your traffic is going. I think Signal does no such thing, and this metadata is insecure. Also, I think your mention of browsing history is a non sequitur.
It feels like the steps taken to improve anonymity are really arbitrary, without any particular threat model.
'Randomly' taking a bus you never take to a city you've never been to and never go to again just to buy a phone, sit in a coffee shop for 5 minutes, and go home, sounds like a good way to make someone pay attention to what you're doing.
And if you think that's too much paranoia, I'm pointing it out because number 8 on this list says 'never use the phone from a place you routinely go', which feels like it's on a similar level.
Of course you can (and probably should) be "sneaky" about it and have alter motive to go to that city, say you go to a concert or maybe it has better movie theater or maybe there is some kind of conference.
About using the phone in places you don't routinely go, I can think of at least couple places like coffee shops that are within range of another public wifi which I don't normally associate with.
I think using https://ostel.co instead of Signal would be easier and make a lot more sense. But in the absence of a defined threat model, it's hard to see what the author was going for.
It seems pointless to go through that exercise if you're going to share that phone number with people who doesn't share your dedication to OPSEC (for a fictional argument, recall Zero Dark Thirty where they essentially find OBL because a guy calls his mother). And once you're there, you don't need PSTN numbers, which means you can leave Google out of the equation.
Talkatone (step 6) asks for money and in order to get the temporary phone number. Possibly this could be overcome anonymously by buying Google Play coupons with cash.
Yes, but the article says you can use a temporary number to verify. If you can get a temp number on a computer for sms, then switch to the gv one for use, would calling over tor work?
Weak spots:
1. I wouldn't recommend buying used devices, you don't know what has been done with the device, what's running there, even if you reflash it from scratch. Try to buy somehow (anonymously) device in still original and sealed packaging.
2. One would need to first install modified AOSP/CyanogenMod with patched core libraries/apps/services to return fake/random values for device serial number, WiFi and Bluetooth MAC addresses. Otherwise some of the apps might leak this information over the air, even in clear text form.
3. You need to remove or somehow power off the GSM baseband, otherwise you can still be tracked.
I'm not an expert in this area, so there might be a lot other missing weak spots in this guide.