On Mon, 20 May 2019 09:17:56 +0000 Fil Lupin <fillu...@protonmail.com> wrote:
> Hi, Hi, > I forward a question concerning Information known by a cellular > network provider while using and not using internet asked on the > forum (https://redmine.replicant.us/boards/33/topics/15152) : Part of that is documented on the following page: http://www.replicant.us/freedom-privacy-security-issues.php but some information might be missing from it. Patches for that are welcome, the source code of the page is here: https://git.replicant.us/replicant/website/ > 1. While I am not using the internet: > The network provider would know Non-internet based static content > such as: personal information including address, occupation, proof of > identity, etc (if given/required during purchase) sensitive personal > information including as bank account details, etc, > device details such as IMEI number?, If you have a SIM card, the IMEI number is not static. The operator sees the IMEI number of all the phones you put your SIM card in. > Serial number?, operating system?, I've no idea about that, and it depends on several things: - Are the proprietary modem firmwares and RIL implementation able to report that somehow? If so the operator can deduce that you don't use the stock implementations. On the top of my mind, the following ways may or may not be able to achieve that: - The SIM card would communicate with the OS through SIM Toolkit. - The modem would somehow report the data and communicate with the OS through the nonfree RIL. - The smartphone bought is modified by the operator in some way and enable to report that. This is very common for operator to modify and brand smartphones, but you typically know it at the time of purchase. > type of device (smartphone, tablet etc.)?, This can be deduced from the IMEI. Some operator even enable you to see that in your account web interface. > MAC address of the device? etc. That is tricky and would require more research. If the MAC address are somehow sequential you might be able to deduce one MAC address from another one, or from the IMEI. > [Note: I am not sure whether content such as IMEI number, operating > system, type of device (smartphone, tablet etc.), MAC address of the > device would come under non-internet based content or internet-based > content] The IMEI is seen on the cellular network. The operating system can be somehow deduced actively with tools like nmap but it's probably expensive to do that at large scale. The MAC addresses of the Bluetooth and WiFi interfaces are seen and sometimes stored by hardware that displays adds, supermakets, etc. Weather that's illegal or not depends a lot on the jurisdiction on the countries. It's a good idea to turn off the WiFi and Bluetooth when you don't use them because of that. I'm not sure if it's possible to change the MAC addresses in Replicant 6. However it might be way easier to do it in Replicant 9 as we plan to use a kernel that is way more closely based on upstream. > The network provider would know Non-internet based dynamic content > such as network-based location (which cell towers I use), I was told by someone who worked in an operator that this has 10m of precision with 3G activated and 20m without. If you stay at the same place during a long period of time the accuracy increase as you see multiples points at roughly the same location, so you can remove some of the imprecision. > call detail > records (who you called and when), text message details (who you > texted and when), text message content, Yes, that all go through the operator. You can sometimes see some of the information in your account web interface. > payment history, etc. I don't know what payment history refers to here. > 2. While I am using the internet: > The network provider would know Internet-based dynamic content such > as IP address, It assigns the IP address to you. > bandwidth consumption, Again you pass through the operator for that, they also often cap your speed or make you pay or stop providing you data when you consume more than a given bandwidth. > turned on), browsing content and history (including the date, time > and duration of the internet session)?, the apps running on the > device?, data sent and received by the apps?. That's the same than a classical Internet provider. It can see a lot of metadata, (domain names, traffic usage, hours at which you use the Internet the most, etc). You probably can see some data too if TLS is not used. It might also be possible to deduce the data being transferred even with TLS with the size and pattern of the data being transferred. A way to fix that would be to add random padding with random sizes in TLS connections. > 3. While I am using the internet via a VPN: > The network provider would know Internet-based dynamic content such > as the VPN's IP address, Not automatically. The provider would see a VPN connection to a VPN provider. They would have to deduce the IP address from other means. > bandwidth consumption, They would still get metadata from the bandwith, and deduce at which hours you use the Internet the most. > location via GPS?. The provider already has the location of the smartphone, but in some cases it can also obtain it through the GPS if the modem has access to the GPS receiver somehow: https://en.wikipedia.org/wiki/Radio_resource_location_services_protocol If I understood well, in some system on a chips, like the Qualcomm MSM 7K series, the GPS is under the control of the modem, so RRLP (Radio resource location services protocol) might work in that case. I've not yet got the time to setup a test system to try that with Replicant smartphones. I think that it's possible to do that without having to get a test license by using cables that go from an SDR to the phone under test, and by making sure that the signal doesn't radiate outside of the cables (for instance by using proper attenuators and such): https://redmine.replicant.us/projects/replicant/wiki/TestingInfrastructure > Some info I got from another forum is that apps created using > technologies/terms such as JSON, TNA, SDK and GPS would receive/send > data while using the internet i.e. Internet-based dynamic content > (JSON = JavaScript Object Notation, SDK = Software Development Kit, > TNA = Truly Native Apps) A GPS receiver doesn't need to send data to work. As far as I know there is nothing in the GPS standard that may enable a GPS receiver to send back some data. So what happens usually is that something else (like an application) manage to get the user position for instance by asking the OS which in turn will try to get a position using various means like the GPS receiver, the nearby cellphone tower ID, the MAC address of the WiFi access point nearby, etc. As the GPS consumes a lot of battery, the other ways to get a location are also commonly used. I managed to test it, I think it was with navit and some network location provider in f-droid. There is also room for improvement here: if I remember well, in libsamsung-ipc, we only have support for getting the identification of the tower you're connected to, and not all the other ones that are nearby. Denis.
pgpIrUyR4Ebsg.pgp
Description: OpenPGP digital signature
_______________________________________________ Replicant mailing list Replicant@osuosl.org https://lists.osuosl.org/mailman/listinfo/replicant
