That’s a very interesting resource!
Actually, the countries where I have been able to purchase anonymous SIM cards are in the list “As of 2021, the following countries do not have mandatory SIM card registration laws”. So, it appears like I just happen to have been lucky and I should not make this as such a general recommendation…
Funny, about Mexico it says:
Countries expected to implement mandatory SIM registration in 2022: Philippines, Mexico.
I can at least confirm that I was not asked for ID when buying SIM cards last year in Mexico.
I just looked it up and found the proposed law for Mexico on Wikipedia. It was struck down in 2022 as unconstitutional.
So, then, I really have no anecdotes to say that it is easy in places where it is formally illegal.
I am not sure about France. When I search online, I often find resources stating “Yes, ID is required”, even for the countries where I know that I have bought SIM cards with cash. Well, the SIM is usually free and what I pay for is the top-up code.
I would imagine (but I’m not sure) that if you try to buy a SIM card at an airport or at an official store from a large telephony provider you are more likely to get asked for an ID. I find them in shops that have signs with the names of smaller MVNOs. Something like what is shown in this image that I found online, where you can see signs of ‘Lyca Mobile’ and ‘Lebara’:
But, your mileage may vary. Probably some locations are more strict than others.
Depending on where you are travelling to and from, you can often get an anonymous prepaid SIM card. That is what I do: buy one with cash, put it into a MiFi router, and only switch it on when I need internet. That way I stay off the records of whoever else is with me and I am not relying on their identity as a shield. I have not found an eSIM provider that gives me the same level of anonymity, so I have avoided those.
If you really have to register a SIM with your identity, it depends on the situation. For example, if you buy a SIM in the EU, activate roaming, and then use it in Mexico, the Mexican authorities can’t instantly demand your subscriber info from the EU. On the other hand, if you or your family buy local SIMs while showing ID, then travel together and check in to hotels together, it makes little difference whose SIM is whose. For Mexico specifically, you can walk into an OXXO store, pay cash, and get a prepaid SIM with a data package, no ID required. Many countries have similar cash options so you check ahead of time.
About whether the worry is justified. The type of surveillance you mention, such as stingrays, requires both strong capability and strong motivation. If a government wanted to, they could stop your entire family at the border before you ever left. But from what you describe, you are just a foreigner who might pass by a protest. That is unlikely to trigger the level of targeting you are thinking of.
Still, I would not call it “in vain.” Building habits that protect privacy and understanding how information flows is always useful. But if you can get a prepaid SIM anonymously with cash, it is usually a cleaner option than tethering from family.
I like the idea of PeerTube, but I tried running an instance and was unable to sustain the experiment for too long. I made it very open and it got quickly flooded by pirated TV series and spammy and heavy content.
After that, I had a difficult time at some point finding an instance to host some videos I wanted to upload - and, having had that failed experiment before hand, I can see why the instances that do survive are often those with more stringent filters and less generous with resources.
So, I am sorry to “chime in about the shortcomings”, but hosting a PeerTube instance can be a demotivating experience. You set up the infrastructure expecting to contribute to a space reminiscent of the old youtube, and you see it filled with spam. The signal-to-noise ratio is just awful and it is expensive. To avoid this, you can be an aggressive gate keeper - but this makes the platform less friendly to people who are looking to find a space to share their original content. Gate keeping is also an additional effort that you need to make. In the end I chose to just shut it off as it was more of a hassle than fun. By comparison, hosting a Lemmy instance is fun, much much cheaper, and little hassle.
I still haven’t given up on the idea of Peertube, though… I have some video ideas, and when I finally get to making them I plan to make another instance to host only my channel. Then, I would be able to host my own channel using my own infrastructure via a federated network. This use case would work very well for me, and it can probably work for many others. So that is one way of building the Peertube network.
General permissive video uploads is something that makes YouTube such a powerful platform though, and that is very difficult to replicate.
Hmm, you are right, it is possible that the initial activation is more difficult if you are not in NL.
I found a forum post of someome having problems with a KPN sim card, but for LycaMobile I still don’t know: https://community.kpn.com/prepaid-16/sim-card-activation-doesn-t-work-in-germany-591780
I wil be going to Germany in a few days so I will bring one of those SIM cards and check what happens when I try to activate it, I’ll report back.
I looked up LycaMobile in Germany and was surprised to find you have an entire ‘Prepaid SIM’ wiki, ha! https://www.prepaid-wiki.de/tarife/Lyca_Mobile
Germany is not too far from NL. I think you can just order a Dutch SIM card. If all you want is for it to be active, I don’t think it would be a problem as you would not actually use roaming services. Just top up via code every 5.5 months or so by dialing 101CODE#
I have not tested this myself so there may be some special rules I am not aware of, but I have often kept phone numbers abroad for years - just not Germany specifically
In NL, one option is to get one of these: https://top06.nl/products/lyca-mobile-simkaart-5-euro-beltegoed
It is also possible to buy one of these with cash from many shops.
This one lasts 6 months each. You can buy several of these and replace every 6 months if you don’t mind changing the phone number, or top-up €5 every ~6 months. You can buy the 5 euro top-up code in person from many shops, using cash, or online in a website like this one: https://kaartdirect.nl/beltegoed/lycamobile
Yeah, as others mentioned, you can get cheaper data plans depending on the monthly data you need.
However, one of the interesting properties is that, unlike with phones, there is no restriction on the number of pagers that can listen to your assigned RIC. You can use one subscription to communicate with as many pagers as you would like, and each individual pager can be programmed using text filters such that one can implement their own sub-address system.
LoRA is sort of a slower version of wifi and as such, you should assume Meshtastic is monitored, at least for traffic metadata. The actual messages are encrypted though.
LoRa is great in that it gives us direct control and ownership over the infrastructure. One can participate in the network without their identity being known. But, yes, traffic metadata specifying the sender and recipient identifiers are plain text and can be easily logged.
Default configurations will have your device broadcasting often to contact new neighbors and will re-broadcast incoming messages. Since the device is quite active, and the chirped signal signal so characteristic when seeing via an SDR, someone who is actively tracking a Meshtastic device can do so very effectively.
Still, the fact that you own fully the device and have total control over it opens up a lot of possibilities. To give one example: if the mesh around here were strong, I could make use of a device configured for Rx only as a meshtastic pager. I might set up my Raspberry pi to inject a message from a randomized sender via MQTT in response to an XMPP message. Then, I would not use any radio transmitter at all.
For regular peer-to-peer chatting, yes, the default properties are very leaky, but we can change some of what we don’t like.
There is actually still such a thing as a satellite pager, a receive-only device that can get pages that cover regions as big as small countries. They stopped making the receivers quite a while back, but some are still around and the subscriptions are still available, though expensive. This info is itself some years old so maybe they are all gone by now.
That is very interesting. When I looked into satellite devices I only found two way devices, like the GARMIN inReach. I figured that it made sense that satellite comms would be 2-way because broadcasting all over the world seems rather extreme.
I have searched for these now and found the Iridium 9501 from Motorola. It is pricey, ~$680 for the device and either $90 (150 messages) or $150 (unlimited) per month for the subscription. In the description it says that you do need to program three ‘Message Delivery Areas’ as the messages are not broadcast globally, but I think this is acceptable.
Thanks for pointing that out. $90/month is pricey… But it is cool enough that I would seriously consider it if I would travel a lot for work.
POCSAG pagers still exist in the US too, though again, they are quite expensive compared to cell phones. Their main attraction is supposed to be higher reliability, so e.g. doctors can get paged even with the mobile phone network is out. I don’t know if that advantage still exists. In the more distant past there was something called ARDIS which I think is gone now. That was quite a robust signal, so you could get paged even in sub-basements of buildings and places where mobile phones didn’t work. Repair technicians who worked in those places often carried them.
I think that the advantage might still exist, especially in buildings with thick walls and underground floors. While looking into pagers I found discussions about them being phased out in many hospitals and replaced with ‘EPIC secure chat’ and with sharing private cellphone numbers.
In the Netherlands there is also the P2000 system, which is considered to be very reliable. That network makes use of FLEX to send messages to emergency services. It is possible to easily capture those too using SDR, or to see a live dump of these messages in sites like this one: https://p2000-online.net/alleregiosf.html
I’ve followed this stuff slightly as it’s interesting for the reasons you say, but I’d have to say it’s not really cost effective for most of us. POCSAG in particular only works in relatively localized areas like single countries. I know a guy who would want something like it, but only if it worked pretty much everywhere, since he travels a lot.
Yea, I can see that. So, that guy might like the satellite pager, but probably will not like the price tag.
Thanks for your reply!
- •
- 2M
- •
This scanner is for 2-factor authentication in the case that one does not want to use a phone app. When you try to log in, or pay online, the browser displays a unique QR code that the scanner is able to decode.
You would enter your pin into the scanner, scan the code, and the scanner displays a number. You then type that decoded number into a field under the QR code and your are let through.
It can be ordered for free here in the NL: https://www.ing.nl/particulier/digitaal-bankieren/mijn-ing/scanner
So, with this scanner as a 2FA method, the app is not needed. One can pay offline with a card, online with a scanner, and check account balances through any browser using the scanner to log in.
OK, fine… I’ll be honest…
I have had good experiences with it. I have not had problems with apps. Most of my apps I get via Obtaininum. As for the UI, I think it is fine.
I don’t think Google will be able to lock my Pixel’s bootloader, and, if they do, well it is already running the OS. So it shouldn’t be a problem for a while. If at some time GrapheneOS stops being supported I will find something else. I don’t need a guarantee of permanence to find it useful today.
I video call my family over WiFi, usually when I am home. For me it is easy to get by without making a phone call. In the past few years I remember making one phone call to cancel an internet subscription and one to make a doctor’s appointment. Calling is not my preferred medium, I strongly prefer e-mail. I do keep a prepaid SIM card inside my phone’s case in case of emergency, but fortunately I have never needed it.
My first faraday bag was a ‘HODUFY’ pouch. It works fine.
After that, I bought the Nickle/Copper fabric from China and tested making pouches using cyanoacrylate glue and velcro strips. I found a supplier now that sells 10 m x 1.1 m fabric for $65 + shipping.
If you are in a hurry and you only want the cellphone pouch, you can buy a cheaper pouch online and test that you cannot call it nor connect via Bluetooth when it is inside the pouch. Working with the fabric directly lets you make custom pouches by cutting, folding, and gluing.
Here are some photos of a HODUFY and the DIY pouch. In the third photo you can see that the material inside the pouch is a similar type of Nickel/Copper fabric.
To make the pouch, a single piece is cut into a rectangle and folded in half, leaving three open sides. Two of the three open sides are folded over twice and glued shut. The remaining side is the opening, which makes use of velcro strips to close. This opening also needs to be folded when closing, like this:
The key point here is that you do not pierce the fabric, and you make sure that the edges are sealed shut properly by folding.
I am privacy conscious and care about privacy even though I don’t care too much about my own personal privacy just for privacy’s sake.
Privacy advocacy runs deeper than just protecting your own data. Convincing someone to care about “their privacy” is more straightforward when they face a real threat. For example, a journalist in Mexico writing about a politician linked to organized crime has every reason to avoid being easily tracked. That person is not going to post their location on Facebook.
But most people aren’t under direct threat. If you read my texts, you’ll find casual conversations with family and dinner plans. I’m not afraid of someone showing up at my door, so I’m fine sharing my address to get a package delivered. Getting ads is a minor annoyance.
Still, I care about privacy. Not necessarily mine, but privacy as a principle. I care about what surveillance capitalism does to society. Even if my personal threat model is easy, I want tools and systems to exist for people with harder ones. Privacy is part of the kind of world I think we should live in, and its erosion usually points to larger structural problems.
So back to the question. It’s easier to convince someone to care about privacy if they feel directly threatened. But if they don’t, you need something else to make them give up convenience in the name of privacy. That something is ideology. You’re asking how to shift someone’s ideological framework. That’s hard, and not something you can do for them. You can recommend good material, share your reasoning, explain what led you to care. But they have to engage with the ideas themselves. Like with exercise, you can’t build someone’s muscles for them. You can’t implant the ideology, but you can create the conditions for it to take root.
I have used XMPP for some time now and I tried Matrix for a bit, but have stuck with XMPP until now.
I found it practically very easy to set up a prosody XMPP server in a raspberry pi. In XMPP you have the core standard that is kept quite minimal and then you can extended your implementation using XMPP extension protocols (XEPs) in a highly modular fashion. This approach of building on top of a light core using well-documented extensions I like very much.
With Matrix, JSON is used instead of XML. I think that JSON is a nice format when trying to look under the hood at how the message data is structured. XML is a bit of a pain to look at in my opinion. And I think JSON might be more efficient in how it moves the data around. So, that is a big positive for me. But I Matrix appears to be more focused on being feature rich than on having a flexible modular structure. While it does have extensions, successful extensions do have a chance of being eventually integrated into the core protocol. This makes the core feel bloated to me, because I have very minimal requirements.
In terms of security, in XMPP you start with the core and then you select the type of encryption that you like (OpenPGP, OMEMO, etc). OMEMO encryption has plausible deniability built into its design, and for me, plausible deniability is a property that I consider important for messaging. The modular approach to XMPP also means that these are choices that one gets to make in an active manner, and the protocols are open protocols that come from outside of XMPP. With Matrix you get their encryption protocol as part of the core - it is a protocol that they designed and that you need to accept to use their tool with encryption. It is probably a good protocol, but I don’t think it has plausible deniability built in, and that’s a choice you did not get to make.
As for moderation, I don’t know. Do they mean moderation tools, or the actual absence of moderators and unmoderated communities? Because the latter is more a property of the people using the tool that the tool itself. You can have your own private communities.
If someone asks me, I could recommend Matrix but would rather recommend XMPP, depending on what they are looking for specifically.
I’m not sure about the laser from the article, but I know that the Extreme Light Infrastructure project has a few pretty strong lasers.
The L4 Aton in Romania produces a single, 1.5 kJ, 150 fs pulse every minute - so peak power is 10 PW (1500 / 150E-15), but 1.5 kJ over a full minute is only 25 watts.
ELI also has the 2 PW High Field (HF) Laser laser, in Szeged, Hungary. This one gets the 2 PW with a 10 Hz rep rate, 17 fs pulses.
If they can send me over the second half of my thesis I would appreciate it enormously! 😀
The analytics tools that I am personally uncomfortable with involve dynamic, changing forms of data. I run GPSLogger on my phone (without a SIM card) and continuously log the GPS data to a text file. This data is then synced to my computer when WiFi is available. I can display this data on a map using gpx-viewer, and show very detailed tracking data of myself.
I have explored this map with some friends/family. They get to see a time-stamped movie of my life - my trips to work, to the shop, when I go out, if I go on a trip, etc. The data displayed in this manner is somewhat intimate, personal information. Anyone I have shown this to has said that they would not be so comfortable with such a map of their lives existing… Well, if they are carrying a active phone with a SIM card, it does.
To think that a company like Google can own such a map for a very large number of people makes me uncomfortable. On top of that, each of those map trajectories can be associated with an individual and their personality… They have the ability to pick out specific trajectories on the basis of the political ideologies or shopping behaviors of the personas behind them. This is extreme. I am of the opinion that the convenience afforded by a these technologies does not justify the allocation of that super-power to the companies that enable the technology.
A few years ago Facebook enabled a “Graph search” feature. This allowed users to create search queries such as"Friends of friends of X who like the page “X” and went to school near Z". That tool seemed super cool on the surface, but it quickly became obvious how something like that could be easily exploited. Later on in Snowden’s book I learned about XKeyscore from the NSA, which is like an extra-powerful no-consent-needed graph search that is available to some people. This is not just targeted ads.
I guess that what I am trying to convey is… For me, making the privacy-conscious choice is about not contributing to the ecosystem of very concrete tools that give super-powers to groups of people that may not have my best interest in mind. In my mind it is something very tangible and concrete, and I find many of those convenience tradeoffs to be clearly worth it.
Is the fact that I recognize this comment evidence that I use Lemmy a bit too much? 😅
I think we might see one or more “trusted fediverse” groups emerge in the next few years, with instance admins making commitments to security controls, moderation, code of conduct, etc.
There is now at least one system in place for admins to vouch for other instances being non-malicious, and to report suspected instances. It is called the fediseer: https://gui.fediseer.com/
I have the Tianje MF903 (https://nl.aliexpress.com/item/32719535459.html), which I bought early 2022.
But just now I have done a search and I see many more pocket wifi routers now. Unfortunately I can’t tell you if they work well, or if it is also possible to change their IMEI easily. The one I have is functional, but it doesn’t have a very long battery life.
Almost all countries require official authentication to activate a SIM card.
Fortunately not in the Netherlands. I don’t think that’s the case in the rest of the EU. I can use free sim cards as much as I want!
When communicating with cell towers, a phone will also broadcast its unique IMEI identifier. So, even if you swap the SIM card every day, your IMEI is still being broadcast the same.
Changing the IMEI of a phone in the EU is illegal, unless the manufacturer consents: https://www.legislation.gov.uk/ukpga/2002/31/section/1
So… I have a Chinese 4G mobile router, and the manufacturer gives me the permission to change the IMEI as it is an integrated feature of the device. I use that for my data. The data codes I purchase small quantities in bulk with cash, and I can access the router via its ip from my phone’s browser to send the SMS messages to activate the data codes as needed. Since WiFi connections are abundant around here I keep these codes for emergencies. I can go a few months some time without activating data codes. I mostly use them when traveling internationally.
I don’t know if this mindset will hold true with the new owner of Twitter though. I would assume Elon will do far worse things with the data.
I don’t know much about Elon Musk. But he strikes me as someone who would want to extract as much value as possible from data, and not as someone who thinks user privacy is something important to protect. Is this a topic that he has publicly spoken about?
This feels like one of those chain messages that we would get on Facebook asking us to do something like posting “I don’t give permission to Facebook to use my data”. Except that this time it is actually true!
I have added “_nomap” to my SSID and now I have to read the manual for the wifi extender, which by default appends _EXT to the SSID 🙄
I would much rather see a “_yesmap” opt-in policy!
No worries! If you need me to test something with it I can this week, just let me know