The “Atlas of Surveillance” has the info – or at least, some of it.
cross-posted from: https://programming.dev/post/36111319
EFF: Atlas of Surveillance.
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 124 users / day
- 1.05K users / week
- 1.3K users / month
- 4.58K users / 6 months
- 1 subscriber
- 4.07K Posts
- 103K Comments
- Modlog
Too bad the site monitors only American cities.
TLDR: Detecting Stingrays is pretty trivial, they are active in a lot of places.
I use a software defined radio, mostly to have a cool map using ADS-B… but it also can receive in the ghz frequency bands and capture the unencrypted header information for cellular data.
That information is largely useless because modern cellular communications don’t expose anything private. However, most cellphones will automatically attempt to use a downgraded connection (5G -> 4G) if they lose connection with the tower.
Stingay/IMSI catcher/Cell Site Simulator take advantage of this by forcing phones in an area to downgrade their connections to older and less secure frequencies and then exploiting that downgrade to get information about the phones in the area.
You can detect these downgrade attacks by listening to the traffic and analyzing the packet captures.
I noticed that my cellphone was losing connection to the tower and I was trying to see if maybe the tower was rebooting or something odd.
I tuned into the frequency bands and saw that it was still transmitting a strong signal while my phone showed no connection. If I restarted the connection it would connect to the tower, but if not it would lose the connection for 15-20mins. It always happened towards midnight but, oddly, not always at the same time.
That made me curious so I found the software to packet capture the cellular data and detect downgrade attacks. Sure enough, I’d get a downgrade attack detection and my phone would drop connection.
After a bit more research I discovered that the connection dropping was a feature, not a bug. GrapheneOS can prevent your cellular modem from downgrading in order to mitigate these kinds of attacks.
And, also, that you don’t have to buy expensive software defined radios and do all of the annoying packet capture and analysis to detect these things. You can do it with cheap ($20) hardware and free software from the EFF: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
Even if you just have a standard Android operating system, you can prevent downgrade attacks by dialing *#*#4636#*#* and choosing phone information on Android. In there you can choose what your modem will connect to and so you can set it to only connect to say 5G and LTE and if neither of those are available your phone will just have no service.
That’s a good tip, I did not know that.
If someone is going to do this, you really only need to disable 2G. The later generations are encrypted and only your carrier (and the intelligence services who’ve compelled the carriers to provide the keys) has access to the important data.
My Motorola has this by default, buried in Settings > Security > More security settings > Network protection.
I have a Motorola, I just checked and it was not on. It is now.
I turn off legacy connections. Worst case, I get DoS’d.
Is 4g actually less secure?
I thought it was fine… Down grade attack is done via 2g/3g which have no security
They downgrade to 2G, whose encryption is cracked trivially with modern hardware and there’s no tower authentication so it’s possible to have the phones connect through the css.
Disable 2G (or use GrapheneOS) and you’ll mitigate this specific attack.
3G and 4G have some flaws themselves(from Blackhat ‘17: https://youtu.be/BFkrK5kaH4o)
Damn… So 5g only should be used?
I was operating under idea that 4g was better than 5g for privacy and security. I guess I need to hit the books again
Never heard being
Well…
https://cyberdefensereview.army.mil/Portals/6/CDR V5N1 - 08_ Fonyi_WEB.pdf (List on page 10)
It’s safer to just assume that your cellular traffic can be monitored and SMS can be spoofed. So, use VPNs for data(and DNS) and Signal/whatever end to end encrypted messaging software.
Ohh i am balls deep into privacy game.
Just trying to sort out if 5g is better over 4g here for daily activities.
5g uses more battery so I generally stay on 4g but if 4g is less secure, might need to go with 5g
Also, doesnt 5g provide telco with with you position too?
IE they can tell you are on 5th floor v 15th
Yeah, 5G uses beamforming so they know where you are with pretty high accuracy.
Nothing will prevent them knowing your location, if you’re transmitting a signal it can be located with WWI level technology. But the providers do log that data so it can be available for law enforcement.
A few years ago I was a titled member of a local activist group that was considered “militant” by local police. It was a Black-lead group (I’m white myself) that spoke out and fought against police corruption, had a low-frequency radio station, and some other cool socialist shit. Anyway, I learned in a roundabout way that the local police would come by my house weekly to keep tabs on when I was home and when I wasn’t. I’m pretty sure they did this with every member. I’ll admit it was kind of flattering, seeing as I don’t consider myself even remotely important, but also fun because it wasted some cops’ time.
I don’t think people fully realize that the tons of funding these pig farms get is enough to allow them to arbitrarily put surveillance on everyday folks without even breaking a sweat. Some of the FOIA requests I’ve heard about from people in my local activist circles are wild. FBI vans, country-wide surveillance tracking using ATM cameras, wild shit!
The tl;dr - yes, even you can be under some sort of surveillance. Even if it’s just that the cops have seen your face more than once at various marches.
probably not at the moment, but just after 9/11 I think I got on the UK’s watch list for flights. Pre 9/11 I never had an issue at airports.
After 9/11 I was part of a usnet group that chatted about how easy it would be to do the bring a plane down with what could be legally be taken on a plane. Then every time I flew I was pulled out at the baggage scan / fully patted down / a couple of time it was to a booth and take off your jacket, belt, shoes, socks etc / always had to empty my carry-on bag / turn on ly laptop / etc.
This lasted until about 2005 - then just stopped and have never been patted down since
Now’s the time, brother!
alt.fan.planes.crash.crash.crash
they should post this on c/schizophrenia
We should implant chips into Schizophrenic people’s ears, so that we can whisper into their ears comforting phrases all day and night.
https://theonion.com/in-the-know-is-the-government-spying-on-paranoid-schiz-1819594659/
To dive deeper in the subject check this:
https://www.stopspying.org/peoples-handbook
I was. Drove in unregistered vehicle for a year so I guess i deserved it but still
i’m not incredibly diligent with privacy so the mass surveillance machine probably knows a thing or two about me. i haven’t been doing anything to warrant the resources for personalized stalking though.
i also live in less of a police state, i think that helps too.
So here’s a fun fact. If someone is stealthy enough and is skilled enough at hacking, you are on your fucking own.
Cybersecurity companies won’t help you because they only work with other companies. You can try filing a report with officers and dunning and Krueger it good fucking luck getting anywhere with that.
Being under police shouldn’t really worry anyone who isn’t doing anything illegal who has half a brain cell, it’s literally anyone else who wants into your shit that you need to worry about.
until they make something you do illegal just for the sake of targeting you and/or your group. shit, a lot of people do illegal shit without even knowing its illegal.
and don’t forget that using encrypted messaging services is likely to be illegal soon in the EU
Found the “have nothing to hide” person.
I don’t.
But I do think you may be reading something here I’m not trying to say.
And have zero inclination for any fucking brain dead fascist wannabe to see any of it.
My privacy matters a lot to me and I go through… not as great a length as some to safeguard it but far, far, more than most and no motherfucker has a right to a single fucking byte of data I don’t consent to them having.
My point is more that any local police force is going to be pretty much incompetent, which means that not only would any attempts of their to monitor a relatively tech savvy person be fruitless if you have even an inkling of it, and this incompetence also means you’re on your fucking own if anyone savvy really wants to get into your shit too.
Pardon me, but this sounds like ‘I’ve got nothing to hide’ or ‘Don’t be an enemy of the state.’ Daily I could inundate your email with example after example of people who have been surveilled, but not doing anything illegal. Protestors, average citizens speaking out. In America we have rights to protest against our government. They weren’t doing anything wrong either except exercising their rights as an American citizen.
You see, governments like their own self imposed status quo. Everything and everyone in a nice neat little box, each sorted, collated, and stapled into their respective groups. Here comes Paula protestor and she may have an LGBTQ+ agenda. Personally LGBTQ+ rights are covered under ‘We the people find these truths to be self evident.’ In other words, duh! No explanation needed. How is Paula protestor seen by the government? She is seen as an adversary because she represents instability to the government’s self imposed status quo. If you speak out against the government, you are also seen as an adversary. etc et al
You don’t have to be doing something illegal to be surveilled.
Someone never read the book
https://archive.org/details/threefeloniesday0000silv
Big difference between federal and local police.
But no, I haven’t read the book but I did read the title and you’ll hear no argument from me.
The difference is that you only see the local police. You don’t see the federal/state agents who’re working behind the scenes as part of a task force until you’re already in custody.
Yes.