Git-Mirrors/thgtoa
1
0
Fork 0
mirror of https://github.com/Anon-Planet/thgtoa.git synced 2025-04-19 07:25:54 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge b00a913c91c3b623704cde300d84ebd030b3da5f into 4c89ea63777273cfc8e4364754310d1224634572

Browse Source
This commit is contained in:
Than Harrison 2022-10-06 07:44:43 +00:00 committed by GitHub
commit 7ea5fdc500
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
guide.md
View File

@ -101,6 +101,7 @@ Finally note that this guide does mention and even recommends various commercial
- [Some Devices can be tracked even when offline:]
- [Your Hardware Identifiers:]
- [Your IMEI and IMSI (and by extension, your phone number):]
- [Your Cell-Site Location Information:]
- [Your Wi-Fi or Ethernet MAC address:]
- [Your Bluetooth MAC address:]
- [Your CPU:]
@ -825,6 +826,28 @@ While there are some smartphones manufacturers like Purism with their Librem ser
See [Appendix N: Warning about smartphones and smart devices]
### Your Cell-Site Location Information:
Wireless carriers produce CSLI or [Cell Data Records](https://cyfor.co.uk/digital-forensics/call-data-record-analysis/) for phones. The Government is able to obtain **thousands** of location identifiers based on who was in a given area at a specific time or range of times. This includes:
- Date of call
- Time of call
- Call duration
- Number making the call (originating)
- Number receiving the call (terminating)
- IMEI International Mobile Equipment Identity
- CI Cell site identity number
This data was pointed to in an article from Vice, titled *["Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data"](https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data)* regarding Augury, which is designed to reveal historical subscriber data. Among others, it is a tool used by the Navy, Army, Cyber Command, and the Defense Counterintelligence and Security Agency (DCSA) in the US. Augury gathers a staggering amount of data about a subject, including a subscriber's CSLI. But the UK spy agency GCHQ also has access to the subscriber information given the UK-US agreement made in the CLOUD Act: <https://www.justice.gov/dag/page/file/1153466/download>. At the end of the agreement, it is said this is "encryption neutral", but remember, this doesn't cover metadata, and that's what the governments around the world are heavily focused on. This makes tools like Augury a privacy blunder because it allows governments to warrantlessly gather minute-by-minute data on a user of any devices at any time in an area surrounding an investigation.
"Cell phones perform their wide and growing variety of functions by connecting to a set of radio antennas called "cell sites." Although cell sites are usually mounted on a tower, they can also be found on light posts, flagpoles, church steeples, or the sides of buildings. Cell sites typically have several directional antennas that divide the covered area into sectors. Cell phones continuously scan their environment looking for the best signal, which generally comes from the closest cell site. Most modern devices, such as smartphones, tap into the wireless network several times a minute. Each time the phone connects to a cell site, it generates a time-stamped record known as cell-site location information (CSLI). The precision of this information depends on the size of the geographic area covered by the cell site. The greater the concentration of cell sites, the smaller the coverage area."
Wireless carriers collect and store CSLI for their own business purposes, including finding weak spots in their network and applying "roaming" charges when another carrier routes data through their cell sites. In addition, wireless carriers often sell aggregated location records to data brokers, without individual identifying information of the sort at issue here. Accordingly, modern cell phones generate increasingly vast amounts of increasingly precise CSLI, which can easily be obtained, often without a warrant. [Carpenter v. US, 585 U.S. 2018.](https://supreme.justia.com/cases/federal/us/585/16-402/)
Given that cell phone users voluntarily convey cell-site data to their carriers as "a means of establishing communication," the court concluded that the resulting business records are not entitled to Fourth Amendment protection," [as decided June 22, 2018](https://www.law.cornell.edu/supremecourt/text/16-402) <sup>[[Archive.org]](https://web.archive.org/web/20220826042940/https://www.law.cornell.edu/supremecourt/text/16-402)</sup>
Due to the nature of cell networks and how they work, there is **no** way to not give information like this to your service provider. It is apparently "implied", as evidenced by the [Telephone Consumer Protection Act 47 U.S.C. § 227](https://www.fcc.gov/sites/default/files/tcpa-rules.pdf) <sup>[[Archive.org]](https://web.archive.org/web/20220913181620/https://www.fcc.gov/sites/default/files/tcpa-rules.pdf)</sup>.
### Your Wi-Fi or Ethernet MAC address:
The MAC address[^99] is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized. As it was the case with the IMEI, manufacturers of computers and network cards usually keep logs of their sales (usually including things like serial number, IMEI, Mac Addresses, ...) and it is possible again for them to track where and when the computer with the MAC address in question was sold and to whom. Even if you bought it with cash in a supermarket, the supermarket might still have CCTV (or a CCTV just outside that shop) and again the time/date of sale could be used to find out who was there using the Mobile Provider antenna logs at that time (IMEI/IMSI).
@ -13573,6 +13596,7 @@ In short, our opinion is that you may use Session Messenger on iOS due to the ab
[Some Devices can be tracked even when offline:]: #some-devices-can-be-tracked-even-when-offline
[Your Hardware Identifiers:]: #your-hardware-identifiers
[Your IMEI and IMSI (and by extension, your phone number):]: #your-imei-and-imsi-and-by-extension-your-phone-number
[Your Cell-Site Location Information:]: #your-cell-site-location-information
[Your Wi-Fi or Ethernet MAC address:]: #your-wi-fi-or-ethernet-mac-address
[Your Bluetooth MAC address:]: #your-bluetooth-mac-address
[Your CPU:]: #your-cpu