[liberationtech] Cell phone tracking

[michi1 at michaelblizek.twilightparadox.com]

Hi!

On 12:56 Fri 24 May     , Yosem Companys wrote:
> From: Dan Gillmor <dan at gillmor.com>
> 
> Given the vanishingly small likelihood that companies or governments
> will do anything about cell phone tracking, I'm interested in what
> countermeasures we can take individually. The obvious one is to turn
> off GPS except on rare occasions.

Your cell phone provider knows which cell you are in and so knows your
approximate location, even if your phone is not running malware.

I am programming a layer 3+4 network protocol for mesh networks and have had
some thoughts about hardening against this. My idea is basically that mobile
devices:

- do not have a layer 3 address; Yes, this works, because the protocol is
  connection oriented. These devices are client only and cannot route packets
  for others and cannot accept incoming connections. But this is probably
  pointless anyway because the routing table probably would not keep up with
  their mobility anyway (not a problem if they are a client due to source
  routing)
- do not broadcast anything, but only listen for broadcasts instead and
  respond with unicasts; When doing so, use a different random-generated MAC
  address for each node which we connect to. When connecting to more than
  one node (maybe also for one device for simplicity reasons), put the network
  adapter in promisc mode.
- use TOR or any other anonymisation layer on top, so the mesh->internet
  uplink does not leak your approximate location

Well, I guess it is not really secure. You can probably still track these
mobile devices, if you can passively observe the network. Any suggestions?


http://michaelblizek.twilightparadox.com

	-Michi