Who’s monitoring your Cell phone? More than you’d like. Paul Schmitt saw a “IMSI catcher” at the entrance of a Guatemalan refugee camp, allegedly to track occupants’ movements. Governments utilise “Stingrays,” to track citizens.
The FTC requests opinion on “the business of collecting, analysing, and profiting from people’s information.”
The IMSI (international mobile subscriber identifier) on your SIM card tells the network you’re a valid subscriber. This number helps your Cell phone operator track you and share the information with partners or authorities. Third parties can set up Stingrays to capture subscriber IDs and whereabouts.
Schmitt founded Invisv with ex-Googler Barath Raghavan to conceal IMSIs. Its new “pretty good phone privacy” offering combines a virtual carrier (using AT&T’s US network) with software that churns your IMSI.
“We hoped [phone] firms would adopt it. The telecoms’ response was disappointing “Says Schmitt. “We wanted to show this is actually possible.”
Invisv’s eSIM Cell phone service features an app that cycles your IMSI. $40/month gets you 9GB of data and eight IMSI changes; $90/month gets you unlimited data and 30 changes. You’d essentially be a different person every day.
Physical networks give connectivity. In the US, that’s AT&T; T-Mobile is coming. They deal with Invisv and never see subscriber info.
A two-hop VPN costs $5 separately. Two-hop VPNs transfer data to Invisv, which hides your IP address and sends it to Fastly, which sends it to the destination website. It becomes difficult to match your requests with destination-bound traffic.
Raghavan: “There’s Cell phone privacy, there’s internet privacy, and there’s app privacy,” “We’re trying to solve the two [mobile and internet] which nobody has addressed.
More From Us:Desktop CPU Shipments Plunge Amid Economic Downturn
Carriers, platform providers, and app providers can track and sell your phone data in several ways. Schmitt showed me over Invisv’s top product and others.
1 ) MSISDN (Your Phone Number)
Every voice-line phone also has an MSISDN, or phone number. Even if you change your IMSI, your carrier can monitor you using MSISDN. Invisv’s data-only SIMs are numberless. Line2 is a cloud-based company for making calls and sending SMS.
2 ) Attacks against SS7
A 2G and 3G bug lets well-resourced attackers—typically espionage agencies—intercept traffic. 4G’s Diameter protocol seals the breach, but it can reopen when someone calls or texts (because those functions often use parts of the 2G or 3G system.) Schmitt avoids that by buying just 4G and 5G service; without 4G, his phone has no signal.
GMS “fingerprints” your device so Google’s and clients’ ads can target you. To avoid this, use a “non Googled” Android OS. Invisv uses Graphene and Calyx, explains Schmitt. Raghavan said the app will be available through F-Droid and as a direct APK download.
4 ) App-tracking SDKs
Many third-party apps capture personal and location data and sell it to brokers. The New York Times provides a frightening example of the brokers’ precise location data. When apps request your location, say no. Schmitt says feature phones “there’s not a huge market”
5 ) Behavior fingerprinting
Last one’s hard to avoid. Even without permission, apps may “fingerprinting” your behaviour using platform APIs to create a unique identity. The Times suggested Disconnect.me to prevent location trackers after its story.
“Privacy-conscious users should also utilise Signal or Matrix for communication and a privacy-preserving mobile browser, etc. (They won’t need VPN apps, though.) We consider privacy as a layered challenge, thus these are complementary “Raghavan.