All questions are in bold for ease of use.

The major carriers in the United States participate in NSA surveillance (except for T-Mobile apparently, because it’s based outside of the US. Except they bought Sprint, which participates.) and that, along with other major privacy issues, means that the market for private carriers is incredibly slim. When I found out that some carriers, such as Mint Mobile, piggyback off of Verizon, I wondered: What’s stopping a carrier from simply E2EE everything from Verizon, and then using Verizon to transfer the data? Obviously, the encrypted data could still be collected and sold, but it wouldn’t matter if the encryption was setup properly, right? I’m looking to better understand how this works, and, if a solution exists, potentially be the first to make it happen. The reason I’m not suggesting creating a carrier without piggybacking is due to the sheer cost and lack of support it would have, which would lead to poor adoption. Also, if carriers simply don’t support E2EE, couldn’t carrier locked phones install the software (since most install software anyways) required to make E2EE work?

Possibly linux
link
fedilink
1
edit-2
9M

Somehow I think that the NSA has a hand in the pot.

T-Mobile is not private and neither is any other carrier

Melody Fwygon
link
fedilink
2
edit-2
9M

Personally I think there are possible federal wiretapping laws that might have something to say about a telecom that is offering an E2EE secure phone line to someone who is not on duty as a police officer (cop), federal agent (glowie), or other authorized federal, state or local employee (bureaucrat, with data that has legitimate need to be protected).

That’s not even considering the entitled political hand-wringing about terrorists, spies, drug dealers, pedophiles and other so called “EVIL” people who “should not have access to such a powerful tool” because “it’s our law enforcement’s right to catch them in the act.” Unfortunately it’s a nuanced problem and we can’t wave away all of that hand-wringing, even if we think most of it is dramatic and performative. They do have some points.

But…even if we were to suppose for a moment that all of the above issues are not a problem… because something likely happened to wake people up to the need for privacy…we would be facing an entirely new set of technical challenges to hurdle over.

As our current cell networks are structured; we would need to deploy cell phones with phone numbers that do not typically allow routing of outbound unencrypted calls…instead all phone calls would need to be routed over cellular data (AKA LTE or 5G). These calls could definitely be nominally routed by an existing application such as Signal and would require that remote recipients also install the Signal app to receive encrypted calls.

Essentially you’d have a phone which is a Data+SMS only line with a phone number for ease of access. You wouldn’t be able to make outbound unencrypted calls or send SMS messages except to emergency services.

removed by mod

Well, you could do WiFi calls and text with a VPN, use Signal, or Signal with a VPN?

Because universal surveillance is more profitable than consumer privacy, and surveilling consumers aligns really well with the interests of the billionaires that control telecommunications.

I been thinking about the concept and i dont see why one couldnt build a descentralised network where u pay/get paid per gb every gb someone transfers is a some amount if money that gets split equally among everyone to transfered part of the data. U would have to solve all the problems of people gaming the system ensuring all parties get paid aproprietly without tracing every single packet and undermining privacy.

I recon it would be a legitimate and usfull use of crypocurrency. It would also kill monopolies and seriously fuck with government spying operations since there is now nolonger a single place the cia can put a magic black box and collect everything.

PropaGandalf
link
fedilink
3
edit-2
9M

It’s called Helium

Ive heard of it but it has some seriouse shortcomings as it was used mainly used as a pump and dump crypto scheme and doesnt seem to have much application other than iot it seems.

PropaGandalf
link
fedilink
19M

I think they evolved quite well. They even have a cellular net now.

To have e2ee, you’d have to have compatible software on both ends. But if you’ve got that, why bother with the private pipe to Verizon at all?

Greg Clarke
link
fedilink
29M

Do you mean E2EE for voice calls and SMS? Otherwise why not use a trusted or personal VPN to solve this problem? I wouldn’t bother with trying to secure voice calls provided by a carrier as the recipient would also need those counter measures in which case why not use ab E2EE voice app like signal.

First question: there are already free apps (signal) that will provide E2EE through the Verizon network.

Second question: yes, it wouldn’t matter if the encryption was setup right.

Third: carrier locked phones can install the free software, see answer to question one

As another poster said, the underlying tech is not private: https://jmp.chat/privacy

For backwards compatibility, what your proposing is unlikely unless driven through regulation (personal opinion).

Use something over the top (like Signal was suggested), use a non-KYC provider (like Jmp), or use a burner phone.

A non-KYC provider I wouldn’t trust to be private personally, especially as a secondary SIM. Maybe slightly above average (the company can’t sell the number attached to my name), but I’m sure enough information leaks that a state-level actor could correlate the device to me. The IMEI the tower gets is probably enough to run to Google to figure out who bought the phone.

Even burners may trace back to you through GPS or triangulation depending on how private you really want to be.

Gravitywell
link
fedilink
159M

Mainly Because there is no money in doing it… people who are privacy can just do it themselves and use VPN, most every chat app these days is already e2ee, and data collection is mostly dependent on what apps you use/have installed rather than whos networks your data travels through.

You seem to be asking for telephone calls and SMS messages to be end-to-end encrypted. The underlying technologies were not designed with encryption in mind, so the only way for it to work would be for all the participants in a conversation to use an additional software layer. That was the method used by TextSecure.

The authors of TextSecure eventually figured out that a purpose-built Internet-based messaging protocol would be a better transport layer for secure messaging. If you’re interested enough in secure messaging to be asking this question, you may be familiar with TextSecure’s successor.

As for why a carrier wouldn’t do this, I’ll ask the inverse: why would they put in the effort when anyone who cares about secure communication just uses an encrypted messaging app?

Id put it this way. Until lack of encryption is an issue for carriers and not a source of revenue, there wont be an incentive.

The 8232 Project
creator
link
fedilink
0
edit-2
9M

Why would they put in the effort when anyone who cares about secure communication just uses an encrypted messaging app?

Because not all traffic sent through cellular is messaging. People visit websites and whatnot when they’re out-and-about. Not to mention that not everyone uses secure messaging apps.

P.S. I am very aware of Signal, thanks!

Browsing most websites is E2EE. When it’s not, that isn’t something a phone carrier or ISP can fix because they don’t control the web server. The traffic will be in the clear between the ISP and the server.

For secure messaging without a third-party app, phone carriers in the USA seem to be pretty onboard with Google RCS, though I think I’d recommend anyone who’s serious about security use Signal instead.

The 8232 Project
creator
link
fedilink
19M

Thanks for elaborating! I’m curious about two things

  1. How are DNS queries handled over cellular?

  2. Is traffic E2EE between the phone and the cell tower, or could anyone with a laptop sniff packets of phone calls OTA with Wireshark?

Saik0
link
fedilink
29M
  1. Up to your device.
  2. Doesn’t matter what layer 1 is if higher layers are encrypted.

deleted by creator

This is the right lead, but also OP asking the question doesn’t seem to understand encryption in general, or PFS. We’re all running on a decades old system now. Just move to something more modern like the Signal protocol if you’re so freaked out about who is listening to your shit.

I swear, this thread just invites so many militia psychos and preppers…

@TheFriar@lemm.ee
link
fedilink
0
edit-2
9M

This comment screams “why worry if you have nothing to hide?”

I mean, I’m sure that wasn’t your intention, but that’s the sense I got from it. I think they were trying to find out from someone more knowledgeable on the subject why a privacy-centered cell company, selling a phone that doesn’t track you with bloatware, and the extra layer of software, as mentioned above, isn’t standard.

I mean, I think the answer is money and pressure from regulators. Any time a privacy issue comes up, they start handwringing about “a safe haven for terrorists” and shit.

Also, while more people are becoming concerned with their privacy, it’s met with a lack of technical knowledge from most people. The question definitely hints at a lack of technical knowledge, but most people don’t possess that that aren’t in IT/tech themselves. I think that’s completely understandable.

removed by mod

The 8232 Project
creator
link
fedilink
19M

doesn’t seem to understand encryption in general

I have some degree of knowledge in how encryption works, not so much how cellular carriers work (on a low level).

What’s stopping a carrier from simply E2EE everything from Verizon, and then using Verizon to transfer the data?

Nothing, if you’re talking about using them as an internet connection. You’re describing Signal and other E2EE applications, basically. If you’re talking about SMS and traditional phone calls, no, those protocols don’t support encryption because they’re not built to. You can jury-rig it which I’ll get to later, but otherwise, it’s just not possible due to the tech.

the encrypted data could still be collected and sold, but it wouldn’t matter if the encryption was setup properly, right?

Correct, as all they’d see is gibberish with no way to decrypt it.

if carriers simply don’t support E2EE, couldn’t carrier locked phones install the software (since most install software anyways) required to make E2EE work?

Yes, but not with “phone” functions like SMS and PSTN (Public Switched Telephone Network) calls. SMS character limits are arbitrary and make it impossible to encrypt content in a single message. Signal, back in the Text secure days, used to use MMS to carry encrypted text, or where MMS wasn’t available they’d send encrypted chunks and decrypt in the app on the other end. There’s a reason they stopped doing that, and a reason it’s a rare feature in messaging apps: it’s hard to build and maintain and have it be reliable.

PSTN, I don’t know of any way to encrypt the call. Edit: Actually I guess over a traditional copper wire you could encrypt a voice call with an eletronic device that could encode your speech into audio, so it’d sound like a dial-up modem if you listened to it, and only another device with the decryption key could decode the audio back into speech, but there’d probably be some delay and I don’t even know if that’d be legal or allowed by the carrier’s TOS. We’re still extending bits of the PATRIOT Act, right?

The 8232 Project
creator
link
fedilink
09M

This was very helpful, thank you! While I’m well aware of encrypted messaging apps, it seems more beneficial to encrypt all traffic, since not all traffic is just messaging and not everyone uses encrypted messaging apps.

PSTN, I don’t know of any way to encrypt the call

Many calls are VoIP nowadays though, which could be encrypted depending on your provider and upstream SIP trunks. It’s probably not end to end though, so your carrier can still spy on you.

Right. I was just thinking after I’d posted that over a traditional copper wire you could encrypt a voice call with an eletronic device that could encode your speech into audio, so it’d sound like a dial-up modem if you listened to it, and only another device with the decryption key could decode the audio back into speech, but there’d probably be some delay and I don’t even know if that’d be legal or allowed by the carrier’s TOS.

Davel23
link
fedilink
29M

There have been encryption systems for analog channels dating back as far as World War II.

https://en.wikipedia.org/wiki/Secure_voice

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.12K Posts
  • 78K Comments
  • Modlog