F-Droid, Tracfone, SIP, & Anonymity

I’ve had an interesting time the last few days.

It started with Verizon and my cell phone sporadically not having any signal at all for days; at home, at church, at a lot of places. I’d thought maybe it was my phone reaching EOL End Of Life, or that Verizon was shutting down 3G antennas.

Looking on line, Verizon has a lot of folks complaining about reduced coverage. It isn’t just me. It isn’t my old phone (folks with iPhone 6 phones have the same problem) and it isn’t that 3G is being shut down. Verizon intends to continue 2G and 3G until December 2019. Whatever is the problem, it is all over the place in the Verizon network.

My suspicion is that they have added 4G and perhaps are adding 5G to their towers and in some way this has reduced the 3G signal strength.

I looked into getting a signal range extender, but at about $200 for all of a year of use, that’s a bit more than I wanted to spend. Then the used ones at about $100 “had issues” in that they were often still registered to someone else and could not be used until that was resolved.

So I decided to just keep the Verizon phone for the rest of the 1 year of life it has left and set up a “Kludge” via forwarding the Verizon phone to my “burner” phone when headed to home. One of the forwarding option, *71, rings the Verizon phone first, then does the forward, so it can be left on “when in doubt”, going to *72 when I know I just want it to forward immediately. (*73 ends the forward).

The Burner Phone was bought a couple of months ago with the intent to do a couple of things. First off, have a reliable alternative phone. Second, get some experience with Anonymous Android limits (what you can do without giving Google your data and identity). Third, play around with what can be done with the hardware “someday” with alternative software and providers. It is a “Tracfone” so is very hard to “root” and typically you must spend a year+ of money with them before you can “unlock” the phone. So that third bit can at most be done in a year (as I’m just not that interested in becoming a master of phone unlock foo…)

1st Reliable Signal / Phone

Back at the first point: I did the activation at their web site, using a $19 “service plan” card also bought without ID for cash. Technically this “plan” was for a non-smart phone, but it worked anyway. I’d bought it intending to activate my old burner phone (which I’d mentioned before had a dead SIM card as they expire with lack of use… and getting a replacement required identity information – which defeats the idea of a burner phone…) So instead I dropped about $80 for a Samsung J3 Galaxy with a new SIM card – cash at Best Buy so also anonymous.

All up I’m into this about $100. In theory, for another $135 or so I can get a year of active use with something like several GB of data plan and 1500 text messages plus some larger talk time than I typically use.

Throughout the activation process they try at several points to get you to “set up an account” and hand over identity information or a credit card (to avoid the ‘bother’ of those cash cards…). At one point it demanded a name for the phone – I gave it a pseudonym I developed in Dramatic Arts class in college. (We had to develop a full ‘back story’ and character – and I respond to the name as I spent weeks “in character” as him.) Other than that, the whole thing was set up without any PII Personal Identifying Information.

I’ve tested it with a call to the spouse, text messages to the Florida Friend, and then forwarded my Verizon phone to it (and tested that). So now the first part is also a done deal. Plus I have a workaround for whatever is wrong with Verizon.

Oddly, shortly after it was working, I started getting signal on the Verizon phone while at home, so was able to test the forwarding and stop-forward processes from home. I have no idea if the “fix” is temporary or if Verizon had some antennas out of service for upgrade and finished the process, or what. In any case, I’ve also solved the problem of reliably getting Verizon calls to complete. That’s the *71 setting – ring then forward if no answer. That’s now my default for a few days, at least. I don’t need to tell 50 people my number is temporarily changed…

2nd Anonymous Android

That just left on the “now” ToDo list, the question of what all can be done with an Android Phone without handing over all sorts of incidental information to Google. From the Tablet I’d already learned that to use the Google App store you need an identity, so had set up a “never used” Gmail account. Now I wanted to find out what could be done without that behaviour. Without putting that tracking beacon on the phone.

There are some apps already install. Fairly limited set though. An open issue is how many of them “tattle” too. It may be that I need to remove some of them to be truly anonymous. Then there is Android itself. I’ve turned off auto-updates, but it did one update already. So to some extent this phone is “known” now to Google as an existing active device.

There are a lot of places to turn off various automatic updates and notifiers and “stuff”. Took me about 1/2 hour wandering through settings to get them all ( I hope I got them all… on a fixed small size data plan all the auto-everything will drain your bytes in no time for nothing you wanted.)

The default apps included the usual things like an email interface, a ‘gallery’ app for looking at pictures, a camera, a chatty weather app that wanted my location and constant weather data downloads (I think I got it turned off…), a clock, calculator, settings, “messenger”, phone, a browser called “Internet”, Samsung “My Files” file viewer & their app store, a calendar and contacts; then Google apps: Chrome, Maps, Youtube, Drive (cloud storage), Duo, and Photos. A pretty good list that provides lots of basic functions for that $80.

I turned on WiFi and connected via that (so as to conserve the very limited ‘data’ on my ‘service plan’ with Tracfone). Once the phone is mated to WiFi a whole lot of interesting things become possible, and a lot cheaper. The WiFi identity might well also be “tattled” to Google, so in a really serious use case, you would not want to do that from home but instead from some public WiFi (such as at the local library).

I find it interesting that so much can be done over a WiFi connection. Essentially this is a tiny tablet for nearly nothing once WiFi is enabled. I’m fairly certain this will work even if the phone is not activated as a phone. I’ve not tested that, though, as I activated it first. Worth testing “someday” if anyone buys one of these again… or my “plan” runs out.

After Android updated, I tried the App Store (Google Play). It still insists on an account and handing over an identity / email address. Similarly the Samsung App Store also wants an identity. So you are stuck with the apps pre-installed if you want to remain anonymous OR you must have a false ID for setting up the accounts. But is their something else?

Looking around, I found via some web searching an alternative. F-Droid. I’m sure it stands for “Free” Droid and not some other F… ;-)

https://f-droid.org/

Seems that a whole lot of other folks have already gone there ahead of me and set up a nice place for Free Software and Privacy folks to make their own alternative world.

What is F-Droid?

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.
[…]
About

F-Droid is a robot with a passion for Free and Open Source (FOSS) software on the Android platform. On this site you’ll find a repository of FOSS apps, along with an Android client to perform installations and updates, and news, reviews and other features covering all things Android and software-freedom related.

F-Droid is operated by F-Droid Limited, a non-profit organisation registered in England (no. 8420676).

Looking around, it generally follows the FOSS world way of things. Source available. Lots of opportunities to verify who they are while you stay private. A LOT of apps that are also open source and non-tracking. Nice. Very nice.

While exploring and downloading a lot of their Apps, I ran into a fascinating one that lets you download Google Play store apps via their application credentials. Essentially a bypass on that whole identity thing and without the need to invent your own pseudo-you that then is also a unique thing, so might be trackable if you are un-careful.

Called Aurora Store, it’s your access point for Google Play apps without identity:

https://f-droid.org/en/packages/com.dragons.aurora/

Aurora Store
Download apks from Google Play Store

Aurora Store is a fork of Yalp Store by Sergey Yeriomin It lets you download apps directly from Google Play Store as apk files. It can search for updates of installed apps and lets you search for other apps.

Aurora Store provides a Material UI to Yalp Store.

Using it, I downloaded an example app just to prove it worked reasonably well. It did.

I’ve now downloaded a variety of interesting apps, but not tested nor configured them all. Just some quasi-random choices to play with “later”. In no particular order they are:

Termux – a tiny terminal window. Fun, but I started a “ping” and then discovered the keyboard had no CNTL key so no CNTL-C to kill it… Had to shut down the phone to stop it from running forever ;-) I’ll need to look at the docs to see if there’s a magic chord for CNTL…

RasPi Check – a neat little app that connects to your Raspberry Pi via ssh / sudo and reports things like temps of cores, CPU use, and more. Unfortunately, the command it uses is not on the Alpine Linux running my DNS server, and my other Pi machines are on the backside of the firewall in the WiFi router and it blocks the connection. I’ll need to turn on the other WiFi (internal) and try it again on that WiFi network.

Elementary – a nice Periodic Table where you click on an element to get more data or a Youtube video about that element. As I often pop up a periodic chart to ponder things like elements in semiconductors, this is quicker than opening a tab in a browser and hitting Wiki…

Book Reader – now I just needsome books…

Torrent Client – for torrent downloads

Privacy Browser – that claims to protect my browsing

SolitaireCG – for those airport hours

PocketMaps – downloadable maps for offline navigation (Google Snoop not included)

OpenVPN for Android – VPN service provider required. I think I need to raise priority on that home VPN server…

Baresip – for minimal SIP phone exploration. Now I need an SIP provider for an IP phone number.

Ring – a more advanced form of SIP phone

There were a whole lot more. Their “Browse” tab for F-Droid has 30 items / page and 57 pages. That’s about 1700 apps. Then the Google Play store has God Only Knows how many thousands. The Aurora Store app has a filter to block those that don’t run on your device AND a filter for those with bad actions – like ads, or that are too snoopy. You can turn that filter off if you like.

FWIW, there’s another source for FOSS Android apps.

https://fossdroid.com/

I know nothing about them yet. More exploring…

In Conclusion

I’m quite happy with what has turned out to be an $80 mini-tablet with optional telephone. I’m intending to explore setting up IP Telephony on it. At least one Email app advertizes that they are encrypted and dedicated to security ‘end to end’ (there is also a specific encryption app for documents and several for email). All this on a platform where so far the only “identity” information it has on me is a fake name and what IP address I used for some downloads. (Had I set up the phone in a library, then configured and turned on a VPN client while there; even using it at home would not give up the home IP address…)

I’m pretty darned sure it would work as such a cheap tablet even if you never did activate the phone service. OTOH, for $25 you get an emergency phone service too… so why not? Once I get the IP phone stuff figured out, then using it for all sorts of VoIP calls or video calls – some via VPN or encrypted for security – becomes nearly free and reasonably secure, even from public locations and probably from home too (IF you choose your VPN provider wisely and NOT in the USA).

One side note: I had a problem with my first incoming phone call. Phone lit up. Red button to decline. Green button to accept. I’m pressing, tapping and all kinds of things that green button. Nothing happens. Press red, call ends. WT? Seems you must “wipe right” on the green button to answer. Had to consult the dinky manual for that one… Sigh. Guess it avoids “butt answering” the phone.

I now realize I have days to weeks of “work” to do on this little distraction. Setting up IP telephony. Figuring out what various communications apps are really private and secure. Deciding do I want the Aurora Store (Google Play) Whatsapp? that’s supposedly private (but likely has account and tracking issues) or finding the FOSS (Free and Open Source Software) alternative on F-Droid? Repeat that process for 20 or so categories of apps… and a dozen offerings in each of them. I’ll likely knock off one / week (or month for the hard ones) when not swamped with other things demanding attention.

3rd: The “someday” Future

Phone service has worked just dandy at home. Given that, and given that I’ve decided to keep the phone active for at least a year to be able to unlock it “someday”, I’ll likely buy that 1 year “plan” for $135 (or whatever it was). I do need to verify that even if bought anonymously, the active phone is enough to get to the unlock allowed point. Why unlock? Because there are 2 alternatives I’d like to explore “someday”. One is a non-Google Android. Basically Android for folks who hate the Google Track Me experience. I know almost nothing about it other than that is their goal. The other is a Real Linux ™ port might be possible. They exist for my Samsung Tablet, so ought to be at least “in the works” for this thing that’s almost identical in concept.

There are several alternatives, but for the Still Android experience this one looks decent:

https://lineageos.org/

Security

Your data, your rules. With powerful tools such as Privacy Guard, you are in control of what your apps can do whenever you want.

Trust will help you understand the security of your device and warn you about possible threats.

We take security very seriously: that’s why we deliver security updates every month to all our supported devices.
And to make your device more secure, lock everything behind an enhanced lock screen.
[…]
Longevity

LineageOS extends the functionality and lifespan of mobile devices from more than 20 different manufacturers thanks to our open-source community of contributors from all around the world.

likely at least 1.5 years away for this phone (though maybe on my Tablet that is near or at EOL for software updates… ;-).

This article has several annoying “features” like popups and a nag box ad at the bottom that grows upward as you scroll downward (so hitting the X is mandatory), but lists some other alternative Linux like OSs:

https://itsfoss.com/open-source-alternatives-android/

Most interesting being eelo that’s a fork of LineageOS:

eelo is an upcoming Android distribution based on LineageOS. It is being created by the developer of Mandrake Linux. The idea is to have an open source mobile operating system free from Google.

eelo promises to have its own cloud and email services to give you an Android free experience. eelo is in very early phases of development.

In devo, but maybe in 2 years…

Then PostmarketOS is interesting to me as it is aimed at keeping old hardware alive for a 10 year horizon. Near free “obsolete” phones anyone? Then roll your own burner phone.

https://postmarketos.org/

postmarketOS (pmOS), is a touch-optimized, pre-configured Alpine Linux that can be installed on smartphones and other mobile devices. The project is at very early stages of development and is not usable for most people yet.

Based on Alpine (a small and security oriented release – running my DNS / Proxy server) so likely secure. Also WIP Work In Progress – but at my 1.5 to 2 year target date? I’d be happy with a ‘touch optimized Linux’.

My intent in any case is to push this particular device and all the applications I put on it, as fully into Anonymous Land as possible. At NO TIME will I give it any real identity information, any credit card or PII, any “account” with Google to get apps. The only thing it will every “share” (with my permission…) is my IP address – and even that is only until I get a VPN set up and running, then everything will be sent through that or though public WiFi HotSpots. As I learn things, I’ll put them up in articles. Don’t know that I’ll catch everything, but I’ll post what I do catch.

Oh, and one other Fun Point: I chose a Florida Phone Number for it ;-) So while it geolocates me in California via GPS and ISP (Internet Service Provider) information at the moment, the phone claims to be from Florida. Why? Because it will be soon enough! I’m planning another trip back “soonish” and at the start of the new year, the Spouse is retired and we start the move process in earnest. Figuring out where to be, how to get there, what to move, sell, or toss out in earnest, and when to just visit for a while.

Once I reach the end of the Anonymous Line, then what?

I’m also looking at a “cloud provider” of docker systems that provisions some standard Linux based VMs for something cheap like $36 / year where I might set up my own globally visible VPN and DNS services. They need a name, billing address, and phone number.

I already have an address.. and a debit card filled at Walmart (so abuse opportunities are limited to the cash I put in any given month) but didn’t have a bogo-phone number. Once I’ve got SIP going, I can either use this number, or put one on a R.Pi PBX and then have a full set of pseudo-me “identity” to go into that very public identity leakage space of Domain Name registration and such. Figure about 6 months more for that one. (I need to flesh out the virtual me a bit more first – and finish my ‘fully anonymous’ exploration before the VMe is rolled out to the world).

At that point, I can VPN from some public place to my own VPN server where I KNOW there are zero logs kept, then use it to browse the world or get encrypted email, all with my own filtering DNS service; and anyone fingering it finds a PO Box, a VMe name, and a phone number to a SIP phone exchange… and billing information that leads back to a pre-paid debit card loaded with cash at Walmart… IF I can get it all set up and maintained ;-) All while moving…

Ambition, can’t live with it, can’t live without it ;-)

Subscribe to feed

Advertisements

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , . Bookmark the permalink.

36 Responses to F-Droid, Tracfone, SIP, & Anonymity

  1. John S Howard says:

    Good info, but initially I had to look up the word “bogosity”… not found in my jargon.

  2. H.R. says:

    You’ve piqued my interest with this post, E.M. I bookmarked it.

    My flip phone will not last forever. Had the devil of a time getting the one I have just a few months ago. Next time I won’t be so lucky. You’ve got a lot of options to explore in there.

    Oh, that was the first mention from you I’ve noticed that your Mrs. is fully retired. I hope all is peaceful at the Smith residence 😜. Both of you at home full time and all that, but that’s offset by the move plans and preparations, so I suspect you two will be busier than ever for a while.

  3. Ian W says:

    I think that 5G may being oversold. The frequencies used do not appear to provide the range or the penetration required to act like normal cell phones. Companies installing 5G are talking about antennas every few hundred yards and are worried about trees in the way, Cell phones will need multiple built in antennas too to ensure that they can pick up the signals.

    “But T-Mobile’s focus on the wide-area benefits of the 600 MHz band for its 5G rollout underscores a critical factor in that deployment: Not all spectrum is created equal. Millimeter wave signals don’t propagate well over long distances, have difficulty in the presence of trees and buildings and require an almost perfect line of sight.

    “They hardly like air,” Robert Howald, Comcast’s vice president of network architecture, said at an industry event last year. He was making a joke, but he also made an important point — it’s unlikely that any 5G strategy will be able to live successfully on millimeter wave spectrum alone.”
    https://www.multichannel.com/needtoknow/need-to-know-5g

    “Millimeter waves, which 5G connectivity will be working through to broadcast signals cannot travel long distances. So what is going to be the solution? Small cells. Small cells are low-powered base stations that are going to be deployed in thousands of numbers and transmit millimeter waves. They can also be deployed on light poles and building rooftops. The more small cell towers you have, the better the performance of the network.”

    Where I am at the moment has trees lining the street with branches meeting over the roadway. Houses have steel straps from foundations through the walls and over the roofs every 18″. I cannot see 5G in my area.

  4. cdquarles says:

    Millimeter waves … don’t travel far and have to have line of sight. What’s absorbing and/or scattering them, then?

  5. Taz says:

    Best Buy 1yr AT&T service for $40

    https://www.bestbuy.com/site/freedompop-12-month-prepaid-plan-lte-3-in-1-sim-card-kit/6187400.p?skuId=6187400

    Buy with cash
    Never give them your identity – use a zoo animal and zoo address
    Never give them a credit card number

    Signal private messenger has excellent voice quality.

    For PSTN look at MySudo or some other webrtc PSTN provider.

    https://anonyome.com/

  6. Pouncer says:

    For anonymity, Chief, you’ve nailed it.

    For conservation of budget resources, the HSN package deals on TracFone should be considered. Sacrificing a (burner, “gift”?) card number and a (UPS storefront?) physical address gets you a fairly powerful Tablet/Android smartphone AND a service plan that a moderate user can stretch for a year.

    Cost of the phone AND the service is less than the cost of the service alone if bought as pre-paid cards or from the TracFone website.

    https://www.hsn.com/products/lg-fiesta-2-55-16gb-tracfone-prepaid-phone-with-1200-mi/8849721

    A $100 bucks a year gets each of my kids a phone and a plan.

  7. R. de Haan says:

    Nice work, I give it a try. There is a firewall App for Android that includes a great VPN for free. Check it out: NoRoot Firewall for Android. Also think about installing Hacker’s Key Board instead of the Android key board. You have to trust an app developer/provider to a certain level and their word for their privacy claims but using google you’re screwed for sure.
    F-Droid is true alternative for Google.

    Another important point to think about: Keep your mug from the grid. Today you can acquire an App that tracks people real time if they pass a security camera. I have tested it when my business partner traveled abroad and I received a message when he arrived at the airport. Incredible.
    As soon as you or your “friends” publish a single picture of your face, you can be tracked for life.

  8. H.R. says:

    “As soon as you or your “friends” publish a single picture of your face, you can be tracked for life.”

    I sense that it’s time for me to grow a beard and let my hair grow to cover my ears. Groucho glasses probably wouldn’t hurt either along with a few fake moles and a couple of crab apples in each cheek.

    Having written that, if I find out that this person is tracking me… well forget about all that disguise stuff I just wrote. I’ll be smiling at every camera I pass. 😁

  9. Wazzel123 says:

    @EM

    Advanced calling settings will provide for a WiFi call capability.

    Your phone will definitely work as a tablet without cellular connectivity over WiFi.

    In your app manager (Samsung) , you have settings on the main page through the hamburger button (top right) for additional control on apps for draw over permissions etc.(pop ups).. Individually you can also control nearly all permissions available to individual apps (location access, notifications etc..). At least in android you have a choice on many thing unlike Apple. If you are concerned about data, peek around in the data usage page in settings to ID who is using what. The bloatware on these phones typically cannot be deleted, only disabled in the app manager. Some notification settings need to be turned off in the app store page for your apps to stop letting you know they want updated.
    Good luck!

  10. Wazzel123 says:

    Hummm, seems my fat fingers and small mobile keyboard strikes again with typo’s ;-)

    [Reply: Typo’s? What typos? ;-) -E.M.Smith ]

  11. E.M.Smith says:

    @H.R.:

    I was very dismayed to discover Verizon is killing off 2G and 3G service. A whole lot of old phones become paper weights then. IF you have a SIM card phone, you can move to another service, but my old Flipper is not SIM card based.

    It’s been a real tank. Starting life with my Son when he was in high school – so we’ve had it about 14? years now. It’s been dropped dozens of times, knocked around in bags and pockets, left in the sun for hours, etc. etc. Nothing has failed. (The color on the corners is starting to wear through though). An LG phone that opens sideways to a real keyboard. I’ll miss it. (I’ll have to investigate if it can be returned to life on some other carrier…)

    There will be a whole lot of folks with old phones suddenly “in the market” then. Near as I can tell Verizon has not advertized this fact…

    I’ve got a few more weeks / months before we’re both home full time, but no worries. We have spent a lot of time together at times. Like when I was between contracts as was she. We work well together. Worst case I discover this intense desire to become a Walmart Greeter ;-)

    @Ian W:

    Not to mention folks like me with chicken wire in stucco walls… Add a fireproof metal roof and it’s almost a Faraday cage… There’s trees in front of all the significant windows, too.

    Then, in cities, you have two other problems. LOTS of metal vehicles and steel buildings, AND about that reception on the 50th floor… In the ’80s I had to install cell coverage extenders inside a couple of buildings at work… I’m pretty sure 5G is going to have BIG issues.

    @Pouncer:

    That LG phone w/ plan is a great deal! I’d not seen that one. But I wanted the whole “paid cash no shipping address” experience ;-) For someone where you just want a phone, that’s a heck of a deal. Especially for kids who are likely to lose it, sit on it, want a newer model every year… Heck, I might get one of those as my “It really is me” phone when the LG Flip dies!

    @R. de Haan:

    I’ve not put up any photos of me, but unfortunately, a friend is “into” Facebook, so I’m “up” at a football game with beer in hand.

    I’ve pondered the problem facing Intelligence Agencies going forward. Essentially ALL potential agents will have had a photo history “up” from the time of their first cell phone, then a DNA sample can match against any extended family who did a DNA & Me thing and “out” their actual family and name. It will be interesting.

    Yes, I’m still a bit worried that “normal” Android things like spell checking sends all the words you type to Google for spell check (and storage)… If I were in a real TLA interested enterprise I’d root the phone and put on a non-Android replacement. THEN lock it all down and only then add cell service. Then, when in use, you are leaving a rich “contact trace” with the service provider. Call your bookie, your drug dealer, and then every day talk with spouse and kids for an hour and anyone wanting to know who you are can rapidly lock in on spouse and kids on Name Phones and make a good guess as to who is calling them so much. Then connect you to the bookie & dealer… So a Real Burner ™ must ONLY be used for the Burner Folks… never with any of your usual contacts. (And my forward of my real number to it would blow the whole deal in one records check…)

    As a White Hat my major interest in Burner Phones is how to do forensics on them and break the privacy; so playing with one helps me figure out what all to attack. It’s a bit like the Klingon Reflective Game: You keep swapping sides of the board to figure out how to beat yourself ;-) It’s also a fairly cheap way to have another phone for when the primary one “has issues”. So I learn things – like that whole point that I can get a SIM card but only by matching it to identity information for shipping. Now I know why in the movies they show the Bad Guy dumping the whole phone and not just the SIM card…

    So for some of it I just note “likely exposure here – in the spell check via cloud” and move on as I don’t care enough to actually fix it; for others I go through the motions to find out if there are other “issues” to surface. Like even paying in cash you have photo records on the security cameras and an “activation” time at the register – so for a real TLA proof operation you would need a homeless guy to make the buy and be on camera…

    @H.R.:

    While I’d love to be “followed” like that, I think it unlikely… (massive understatement ;-)

    FWIW, there’s folks working on makeup to confound facial recognition.

    https://cvdazzle.com/

    Has a pop-up ad: https://www.allure.com/story/juggalo-makeup-facial-recognition

    https://io9.gizmodo.com/how-fashion-can-be-used-to-thwart-facial-recognition-te-1495648863

    https://www.theatlantic.com/technology/archive/2014/07/makeup/374929/

    https://www.survivopedia.com/6-ways-to-defeat-facial-recognition/

    and a whole lot more… So you’re not the only one.

    I have adopted the Wide Brim Sunhat and big blocky “over your eyeglasses” sunglasses as things to keep around “just in case”. Add a hood (my regular jacket has one in collar rolled up) and basically you now have a chin, lips, and bit of nose to work with. (Ears are as distinctive as fingerprints so must be covered). A light scarf can finish that off. Works well in cold climates, a bit out of place in Florida ;-) So there use the long hair bit (note to self: buy big wig) and a beach towel wrapped around face & over shoulder…

    Ah, the future…

  12. E.M.Smith says:

    @Wazzel123:

    Yeah, I shut off a bunch of it… but only after I’d signed up for service. One of those “lessons learned” things: Go through the phone shutting off the crap BEFORE you activate it and BEFORE you turn on the WiFi. In a “Do Over” I’d clean up the apps first, then enable WiFi and update if needed, and only once all done turn on cell activation. Oh Well. Given I’m using it to forward my Verizon phone (not to mention blogging about it ;-) it isn’t like I’m at risk…

    I did find a nice setting (hold finger on top bar of phone for a while and a drop down happens…) that lets me shut off “data over cell service” and send it over WiFi only. Would have been nice to have set that first…

    One other minor point: For a Real Burner ™ you would simply remove a bunch of apps that you don’t need to call your bookie. Toss the weather app, the calendar, the browser, etc. Strip it down to ONLY what is essential to get that bet down on time ;-) What I did was the exact opposite. Toss on a lot more apps just to play with them and see what needs to be done to secure them. Different motivation so different behaviour.

  13. Ossqss says:

    Well that is interesting. Seems wordpress assigned me an alternate user name on my last post…… or maybe I fat finger that too ;-) Actually, it appears to have autofilled with my fantasy football team name or my alter ego stole my Avi! LOL

    @EM, couple interesting items in that J3 phone you have that you don’t see much of today. FM radio and a pop out replaceable battery. I would recommend spending 10 bucks and get a spare. Be aware, the NFC chip on most Samsung phones like that is in the battery. There are many bootleg batteries sold that don’t have it on them. If you don’t use it, no biggie. If you use NFC to initiate a file transfer or for a transaction, you need it.

  14. Larry Ledwick says:

    Probably fits here better than the wood post, cloudflare has now introduced a high privacy DNS service
    https://one.one.one.one/

  15. jim2 says:

    EM said: cash at Best Buy so also anonymous.

    Check your receipt. It might have the telephone number on it. If so, then you were videoed. Unless u were incognito, they can find you …

  16. jim2 says:

    There are Caterpillar phones that are pretty tough. Can drop from 6 ft or into water.

    https://www.amazon.com/s/rh=i%3Aaps%2Ck%3Acaterpillar+phone%2Cp_89%3ACAT+PHONES|Caterpillar&keywords=caterpillar+phone

  17. jim2 says:

    Oh, and most of the Cat phones are already unlocked. You can use them via Tracfone “bring your own phone” program.

  18. ossqss says:

    @Jim2

    I looked at those Cat phones as they had a built in Flir option if I recall. At the time I opted for a Flir One to plug into my Note phone because of the self contained battery in the device and changable batteries in my note.. Works great with quite good range too.

  19. H.R. says:

    I’ve bookmarked all of this as very useful, but…

    … wake me up when my flip phone dies. I’ll have a frantic 2-3 or maybe 4 years to find an alternative.😜

    Current best use of my phone is to ponder the why’s and wherefores of spam calls. Second best use is to call my siblings to tell them to call me back on my land line. That burns 3 or 4 minutes per year.

    Third best use is my wife saying “Gimme that! I don’t want to burn my minutes.” 😆😆

    P.S. Anytime someone wants a cell number to contact me I give them my wife’s cell phone number. Same, usually, with an email address. She’s all good with that. That may somehow be related to us staying married for 42 years. Maybe not. Could just be inertia. I dunno. 😜

  20. E.M.Smith says:

    @Jim2:

    The Tracfone does not have a telephone number until you sign up. There is an “activation” of the SIM card (basically setting a time to expire on it if service is not started).

    There is always a way to “find you” as the phone talks to cell towers and localization data is easy to come by. The harder bit is connecting it to a real identity. They only resort to the store video if there’s a significant criminality involved. Why? It costs a lot of money to send folks to the store and collect it, then review it. Were I involved in an “enterprise” that involved folks with badges, I’d be buying it in disguise or have a proxy buyer.

    Pasting in an Amazon search you have to substitute the Unicode for special characters… It is easier to just pick one example, trim off the stuff after ?ref= and then paste in just that product link (minus the tracking data)
    https://www.amazon.com/dp/B077PNB33K/

    But at $200 to $300 it’s not exactly “Burner phone” material… It would need to be the replacement for the Real Phone…

    I’m actually looking forward to the project build of making my own phone… OTOH, it is possible to have several physical phones and just move the SIM card between them. Useful when your DIY phone “has issues” ;-)

    @Larry L:

    I’ll have to look into that. Encrypting DNS is a happening thing now. I have my own DNS server in part so that my ISP is not my DNS service provider, partly for speed, and a little bit for privacy and security. On the “someday” list is to set it up for DoH (encrypted DNS). I probably ought to care more, but I don’t. It’s one of those “Do this if under TLA watch or a corporation provider” kind of things; not really needed for “one guy and a TV set”…

    @Ossqss:

    Nice to know. I don’t use Near Field Communications so not a bother if the function leaves with a battery swap. OTOH, it is nice to know I can kill it with a battery swap ;-)

    There’s an FM radio in it? That I must find ;-)

  21. E.M.Smith says:

    Hmmmm… no bluetooth…

    https://www.cnet.com/how-to/unlock-the-secret-fm-tuner-in-your-android-phone/

    Says it uses the wired earphone as the antenna… and doesn’t connect to bluetooth. Unfortunate as I have a great Bluetooth headset (that cost more than the phone… About $120.. but works well with all my devices AND blocks out ambient noise a bit with the ear buds… So I can watch YouTubes while the spouse is watching TV and both of use hear our respective stuff OK…

    I’ll have to give it a try anyway. I’ve got some wired headset things somewhere ;-)

  22. Ossqss says:

    @EM, remember, wire headsets are not dependent upon a separate power supply. Just sayin, weakest links things.

  23. jim2 says:

    I have a cheaper Cat phone that does have FM radio.

  24. E.M.Smith says:

    @Qsqss:

    My LG headset is like a Torque. It’s sort of jewelry bling like and mostly lives under my shirt collar when I don’t want it visible… but at the pool it looks cool. Then the ear buds are on a nearly invisible thin black wire. At the touch of a button they retract and are out of my way. I also have volume and other controls on the headset with buttons. It lets me answer a call with a touch and without finding the phone. I can place calls with voice commands. But…

    What sold me was the sound quality. It’s just amazing.

    So there’s no wire tangle to deal with. It’s out of the way but always at the ready. Even has a vibrate mode to tell me a call is coming in… Since I don’t hear the high pitch phone ringer well, that’s a big benefit. Then on soft female voices where my loss of high end is an issue, I can raise the volume setting without touching the phone all while they block the distracting outside sounds.

    There’s a reason I paid up for it… BIG lifestyle improver.

    Since USB charging is now ubiquitous it isn’t much of an issue. My LG headset gets charged about once a week. Looking around my desk, I see at least 20 USB charging points ( 8 of them are on “socket doublers” that give me 6 outlets from 2 and throw in 4 surge protected USB charge points for free… Bought at Costco for something like $12? for both.) I travel with a small Cigar Lighter to USB charger gizmo that cost me $2, plus I’ve got 2 or 3 plug in the wall micro sized units in my travel bag. Oh, and the last portable 150 W inverter I bought has 2 x USB charge points on it too…

    Oh, yeah, and I’ve got two “external batteries” in my pack for charging USB things. They will charge the headset a dozen times over each…

    Yes, I get the point that I have to charge it, but really, it just is lost in the noise of all my other tech gear. Even new cars now come with USB charge points built in. I’ve got a couple of house sockets I want to replace, and I’ll likely get the ones with a USB charge socket built in just because…

    @Jim2:

    I’ve downloaded a couple of FM Radio aps and I’ll find out if my set works or not. Some of them say they do connect to Bluetooth…

  25. Pouncer says:

    Our Host advises: ‘ Were I involved in an “enterprise” that involved folks with badges, I’d be buying it in disguise or have a proxy buyer. ‘

    “Proxy” seems to me a nice new niche market / “side hustle” opportunity for an enterprising free-lance young techie. The techie takes all the risks of being photographed and making buys — for a minimum flat rate up to a percentage of the clients’ larger expenses. All cash in advance in a plain white envelope …

    1) Advertise on paper pinned to cork boards in various locations

    2) Meet clients (facing opposite directions in adjacent booths) at a free WiFi site like McDonalds or Starbucks — discuss services and fees.

    3) Services might include:
    a) Taking client’s cash to buy or recharge a “cash card” debit style gift card for use registering for or ordering embarrassing services or products
    b) Taking cash to buy a burner phone and separate card
    c) Setting up a mail drop / physical address at a UPS or FedEx storefront postal service shop.
    d) Picking up the hard-to-trace phones, hotspots, tablets, laptops, SD cards, and/or WiFi adapters the client may have ordered with the gift card and shipped to the mail drop
    e) Configuring the device with various sorts of encryption / security apps
    f) Printing off the “how to” pages for new user to get up to speed on such security apps
    g) Identifying, testing, and providing lists of relatively safe open free WiFi places and APs.
    h) Setting up a cheap VPN service, (paid for via the gift card)
    i) Holding the “to be opened and published in the event of my death” envelope containing the client’s insurance and backup SD card.
    j) Collecting a reasonable monthly “retainer fee” for NOT turning the backup SD card over to the TLA prematurely.

    4) Form a small network or cell system of co-operator proxy techs so one client does NOT meet the same techie each transaction, and no individual techie knows more than one of two of the others in the network.

    5) Writing it all up in script format and circulating that script among legitimate agents, studios and producers, such that defense attorneys might confuse prosecutors with an “It was research for a movie!” explanation.

  26. R. de Haan says:

    @E.M, I downloaded the F-Droid APK file to an old androind pad and when I opened it for an install I had to allow the app to perform the following actions:
    Storage, modify/delete SD card content
    Network communication: control near field commuications, create blue tooh connections, full internet access.
    System tools: allow multicast reception, bluetooth administration, change network connectivity, change wifi starte, modify global system settings, prevent tablet from sleeping.
    If I hadn’t NoRoot Firewall available I wouldn’t install this app.
    A lot of changes since the last time I used this App.
    Data theft is everywhere now and no App supplier can be trusted any longer.

  27. E.M.Smith says:

    @R. de Haan:

    Since it installs packages by definition it needs a lot of permissions. Of all the app makers, I trust the Open Source community most. After all, the project is open and you can look over the source code and build it yourself if you want: https://gitlab.com/fdroid/fdroiddata

    @Pouncer:

    Hmmm….. Sounds like a business model ;-)

  28. R. de Haan says:

    @E. M,
    I also like the concept of Open Source but really….
    Why would F-droid need to access your blue tooth or your WIFI connection, or wipe your SD card?????. The entire Android project was based on Open Source until Google took a run with it. I think they have turned your Android device into an “Open Source”, your personal data to be exact.
    It really bugs me that they simply take people’s data, pictures, listen in on conversations, etc, etc.
    The total lack of decency and respect covers it plus the fact that they really think that we’re a bunch of total idiots. They’ve ruined the grid and our freedom. We’re on the wrong side of the Iron Wall now. DDR 2.0, USSR 3.0 if you know what I mean.
    Apart from that, I wasn’t able to install any apps from F-Droid because the Android version installed on the Pad is too old. So I think I turn it into an off line picture display in the kitchen but only after I have removed F-Droid. Wonder by the way where the “F” stands for.

    On youtube I stumbled on some vide’s posted by some wannabee rocket scientists who cut up sim cards and glue them together again and than claim they “their method” allowed them to call and surf for free. Just the idea of people getting crazy enough to cut up their sim cards put a smile on my face. Others hack the system including tutorial and even offer you a phone that will work for free until 2030. What the guys have in common is that they all look like they can’t even afford a prepaid sim card. But as I watch at what’s going on these day’s, I wish them all the luck in the world. Screwing the System obviously has gone from a game level to a necessity.

    Heart warming in contrast, if true, is a recent article I read about a Japanese Minister responsible for IT and Internet Security who never in his life touched a computer because someone told him they could be infected with viruses…

    This is how the world seems to work now. You put totally incompetent people in top positions and watch how the entire system crumbles in front of your eyes.
    That must crack you up doesn’t it but only if you’re a sociopath.

  29. E.M.Smith says:

    @R.de Haan:

    Per SIM card: I could see that they might install an application there. I’ve set up my tablet so that all the key directories redirect to the SIM card. Pull the card and “my stuff” including downloads, email, identity stuff “goes away”. WiFi? That’s where it gets stuff so might need to fire it up to get a download to work. Bluetooth? I could see a case where it needs to send sound to a headset. All of it looks to me like folks adding “features” and fixing things to work in edge cases. Could they make a simpler one without that that works in a more limited way? Sure. But folks usually ask for more features, not less, and fewer restrictions on configurations when it works.

    For images: Some applications use image files.

    I’m also on a very old Android. Only some applications don’t run on it… but more each year. (Note to self: Install anything you expect to want when still new and matching versions in the “app store”.) Frankly, part of what made F-Droid interesting to me was that there were more on it that worked on my Android than on the Goggle Play store…

    Now that the phone runs Android stuff, I’ll likely move my android related stuff to it; freeing up the Tablet for that “someday” process of running a Linux on it. With fewer apps for it, that’s becoming more attractive every day.

    Though first I might give a try at the non-Google Android clone. Just to learn it and the process.

    I’m generally in the mode of de-Googlling my life, so it’s a reasonable next step. Frankly, I see F-Droid as part of that process. Using open source applications instead of things from the Google Play store. A 1/2 way step from Android + Google Play to Android – Google Play; then eventually to non-Android…

  30. Larry Ledwick says:

    Apparently there is now a very confidential commercial cracker law enforcement can use on cell phones.

    https://www.zerohedge.com/news/2018-11-23/authorities-are-using-mysterious-new-tool-can-unlock-virtually-any-cellphone

  31. H.R. says:

    Well, Larry, they are welcome to unlock my cellphone and gaze upon my collection of spam calls.
    😆😆

    Seriously though, I just don’t happen to send or receive anything much at all, and very little of significance. However the tracking we’ve discussed previously does cause me some concern.

  32. Larry Ledwick says:

    It is not just your call history, but for some prosecutor shopping for a charge, they can pull your travel history, where you stop for gas, where you eat lunch, what time you leave for work and when you get home (makes black bag operations much easier), what you order from online vendors, your banking activity, what route you drive to and from various locations.

    If you are involved in complex web of acquaintances, who you meet with (both at the same location same time) etc. etc.

    It is basically the same as having a 24 hour tail for weeks at a time, so even some perfectly harmless activity can be twisted into something nefarious.

    You happen to buy a legal pad at a store when a sleezy lawyer is in the store, – Why did you meet wit XYZ on the afternoon of abc, in a stationary store rather than in his office (see attached street cam video of you both entering and leaving the store at the same time.

    It is the opportunity not that any given person is doing something wrong as a complete loss of privacy.

  33. ossqss says:

    Well, with respect to information gathering. Yep, you phone is a nice funnel of info, but pretty much all of that is backed up by other systems monitoring and logging things. In most instances, if justified, most of that info would be readily available through other sources available.

    Think about it.
    -Yes your phone is a data funnel, even without GPS and just a signal.
    -Your ISP routes and logs your every move, mobile or fixed.
    -Your transactions are always documented (even cash), and many with image and transaction number
    -Your smart house, knows you well, especially my beer fridge recently.
    -Your cable box or connected TV knows you well. Some with Mic’s and cameras.
    -Your power, water etc. utilities know you well.
    -USPS, UPS, Amazon, Wallyworld, Ebay,Roku probably know us all well.
    -Let alone Alexa or google home.

    I guess the moral of the story is, there may not be one. :-)

  34. E.M.Smith says:

    My family & friends have done the “Natter Natter” and snicker routine when I talk about having a “burner phone”. The reality is that I need to know that technology so that I can both defend against it as a White Hat and potentially resort to it if present trends continue.

    I’m VERY fond of NOT having my phone powered on all the time. I leave it on, on the charger, while I go off running errands and such. (Dirty the data…) I like to leave it right in front of the TV with the TV running then (remote access, if any, gets Conservative News or ‘whatever’). IF I want assured privacy, I remove the battery. Yes, it’s a dumb phone, but I want the habit…

    Some folks complained that I “never answer my phone”, then mostly stopped calling. I’m OK with that… less contact trace history to work with. I don’t do ANY computer like stuff on my phone.

    Now, that said, I deliberately got a “Smart Phone” as my replacement burner phone. One reason is that I want to see if the SIM card can be moved to a dumb phone when I want a phone with me, but not doing “smart phone” things… Another is to explore just how hard it is to make a “Smart Phone” be polite about my privacy. So far what I’ve found out is that Modern Android is a 24 x7 x 365 Horror Show.

    ONE example:

    A few days ago I was installing some apps. The things even benign apps get access to is horrifying. Along the way I wanted to install FireFox, but it wasn’t available in the open source archives at F-Droid. I had FF Klar (the privacy release) installed and found something called FireFox Updater. Asked it to install FireFox – nothing happened. OK, it’s a few days after I gave up.

    So tonight I’m playing solitaire on the phone and up pops this pop-up notice that it would like to install FireFox. WT? I let it go ahead… but what was it doing for a few days that just now it decides that’s a good thing to do?

    Then I uninstalled a particular SIP Phone app. Even though I’d not configured it, it would periodically pop open and ask who to call. Perhaps I was hitting some button without knowing it, but really? No other apps seemed to do that. So this one that likes to “phone someone” pops up from time to time wanting to make calls? Now what would have happened if I did have a SIP service and DID have connectivity for it? Grumble…

    So all in all I continue to have a complete lack of trust in any “smart phone” and I’m not all that keen on my dumb phone… (Its greatest feature is that the old battery now dies in one day, freeing me from ever more intrusion risk as I leave it happy on the charger taking messages while I live my life somewhere else…). Even if my DIY Phone turns out to be the size of a medium book, I’ll be happier with it. I can easily use the headset with it so it doesn’t need to be 1/2 ounce and live in my pants pocket. I also know I’ll be able to shut off ALL the intrusion features AND I can make sure it doesn’t log anything against my will AND I can have it self destruct on attempts to hack into it.

    BTW, that “crack into the phone” gadget sounds like limited vendors and poor security. I suspect it can not work on an iPhone. UN-fortunately, the “face lock” is easily bypassed with a good photo and a 3d mask to print it on… For comparison, a LUKs file system with 2048 or 4096 bit encryption is NOT going to be cracked by anyone. And a system can be made that formats the card on errors…

    As of right now, there’s not a damn thing on my phone that matters. (It would tell the police I call family and the Florida Friend & spend almost all my time at home or the grocery store once or twice a week… and play solitaire sometimes… ). Should I ever need secrecy and private communications, it would be via a VPN to somewhere like Switzerland and an IP phone call back from some other country… (I’m way too slowly working on that. I set up a testing Proton Mail account for encrypted secure email and it’s OK so far. Next step is the VPN and then a SIP phone service provider outside the USA & EU… When I’ve got something interesting I’ll do a posting.)

    What is quite clear is that IF you use a domestic cell phone or tablet with public WiFi: You must assume the device is your enemy. You must take steps to wipe history and purge the device periodically, with “Factory Reset” if you do anything “marginal”. When in doubt, do not use it for anything that matters… To the extent possible, have the device store information on the uSD card, and periodically swap it out for a new one and purge / format the old one if anything incriminating might be on it. In an AwShit condition, have some nice tin snips laying on your desk where you can chop through it a couple of times to chop the chip, then drop it into some battery acid…

    Or just live a fairly boring life like I do ;-)

  35. Pouncer says:

    Frequently acquiring a new “Smartphone” via HSN and Tracfone, having 3 or 4 old devices in inventory at present, I wonder what the most productive use is for the tiny-tablets once they are de-registered as phones? Some uses that might not require either WiFi or Cellular service, some that do …

    – Automobile “dash cam” use ?
    – Digital photo “frame” display ?
    – Smart TV remote ?
    – GPS footpath tracker back and forth to parked location at the mall?
    – Voice memo recorder?
    – eBook reader?
    – Very Big Pocket Watch ?
    – Wild Game camera (motion sensor) ?
    – Flashlight?

    ( With regard to the flashlight, it has been truly written that “The things even benign apps get access to is horrifying.” Why does a FLASHLIGHT app even bother to ASK for access to ANYTHING? )

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.