I was mostly wondering if there were any that didn't sell your data, like location and traffic data. I understand that to truly be reasonably secure you would have to take the steps you mentioned... and still wouldn't help with location tracking.
I was mostly just interested if there was a company that was focused on consumer protection, then I would prefer to support them by switching to them.
Why not just use appropriate tools for appropriate tasks? Making PSTN private is a battle you won't win because who you speak to is ultimately going to be the weakest link of any solution, likewise your cellphone itself, and all the infrastructure comms pass through.
>I was mostly wondering if there were any that didn't sell your data, like location and traffic data
Presumably you want this because you don't trust the incumbent mobile network operators (ie. the companies that actually operate their own towers)? If that's the case, it's unclear how going with another company will improve privacy, because they'll most certainly me MVNOs operating on the incumbent mobile network operators' networks. You'll still be exposed by surveillance by the incumbent operators, as well as the state.
>and still wouldn't help with location tracking
location privacy is fundamentally incompatible with mobile networks. The network has to know here you are (roughly) to route packets to you.
As someone who’s spent a lot of time working in the world of telco, it’s depressing how inherently unsecure the networks are in their design – Some networks attempt to improve on this which is good, however I simply wouldn’t call them secure.
My suggestion to anyone seriously worried about security – Consider the Internet access on your device no more secure than open WiFi at a coffee shop, and assume Calls/SMS are no more secure than a public conversation.
In short, use data/internet based over the top applications with encryption that you trust, obviously also trusting your endpoint/device too.
However remember that even that does nothing if your worried of location/device tracking.
Thanks! I agree with this. I was mostly wondering is any carrier had consumer privacy and stuff in mind from a nontechnical perspective, like not selling user data.
Does it make any difference worth caring about going from 2G to 3G to 4G? I know extremely little about telecom, and only remember reading once that something oldish with a name like s7 (but that's apparently not it) was so bad.
You're thinking of SS7, which is how international voice carriers interconnect (can also do SMS). SS7 was architected around a limited number of trusted participants (national monopoly carriers), but now there are a huge number of participants but there's no structural protection against abuse (although some carriers are able to address some abuses through ad-hoc means)
4G (LTE) at least has mutual authentication between the carrier and the user, so that's a meaningful security improvement.
If the carrier is your main threat, then port your number out to Google Voice, lock that down seriously, and go prepaid. If you buy your phone in cash, install a privacy-sneisitive OS like Graphene, and only use prepaid without giving info, then your phone starts off as being not associated with you. From there, you need to practice extremely good hygiene to not have it tied back to you. Never give anyone that phone number (only use the Voice number, which you'll forward), only connect by VPN, probably use few or no apps (web apps only), and definitely never have your phone on outside of a faraday bag within, say, 1 mile of your house (distance depending on density.)
There are legitimate reasons for doing this (one great example is to never get caught unwittingly in a geofence search warrant), but mostly it's not worth the trouble. And that's why no one does it.
All this to say that you should treat all the info you give to telcos as leaked from that time, and act accordingly. The only way to seriously avoid leaks is to give them nothing to leak.
One the more accessible security measures you can take is to get a second number that you don't communicate publicly. Use this number for recovery codes and MFA when needed. This will reduce your exposure significantly.
15 comments
[ 5.2 ms ] story [ 42.6 ms ] threadUse communication software you trust (Signal?) over VPN on IP networks (cell/wifi/wired).
I was mostly just interested if there was a company that was focused on consumer protection, then I would prefer to support them by switching to them.
Secure comms? Matrix protocol.
Secure email? Forget it.
Secure PSTN? Forget it.
Presumably you want this because you don't trust the incumbent mobile network operators (ie. the companies that actually operate their own towers)? If that's the case, it's unclear how going with another company will improve privacy, because they'll most certainly me MVNOs operating on the incumbent mobile network operators' networks. You'll still be exposed by surveillance by the incumbent operators, as well as the state.
>and still wouldn't help with location tracking
location privacy is fundamentally incompatible with mobile networks. The network has to know here you are (roughly) to route packets to you.
My suggestion to anyone seriously worried about security – Consider the Internet access on your device no more secure than open WiFi at a coffee shop, and assume Calls/SMS are no more secure than a public conversation.
In short, use data/internet based over the top applications with encryption that you trust, obviously also trusting your endpoint/device too.
However remember that even that does nothing if your worried of location/device tracking.
4G (LTE) at least has mutual authentication between the carrier and the user, so that's a meaningful security improvement.
There are legitimate reasons for doing this (one great example is to never get caught unwittingly in a geofence search warrant), but mostly it's not worth the trouble. And that's why no one does it.
All this to say that you should treat all the info you give to telcos as leaked from that time, and act accordingly. The only way to seriously avoid leaks is to give them nothing to leak.