Your Thoughts

Mirimir mirimir at riseup.net
Thu Jul 4 07:55:43 CEST 2019 

On 07/03/2019 07:16 AM, Ryan McGinnis via Gnupg-users wrote:
> Not sure why the phone number thing bothers people -- having a
> phone at all in the first place means you are easily tracked.

Well, that's why I only use phones (and not smartphones) for routine
meatspace stuff where I don't care about privacy. If the NSA wants to
know about my dental appointments, fine.

> What Signal (and any encryption system, really) does is try to
> prevent in-transit interception and surveillance of the actual
> data content.  It can't hide the metadata associated with a layer
> well above the application layer.

You're missing the point. Signal not only doesn't hide network-level
metadata, it embeds it in the content. As the bloody account ID.

I mean, I'm sitting here at a computer. It has lots of firmware IDs, a
MAC address, and a public ISP-assigned IP address. But none of that
stuff, unless I am sadly mistaken, shows up in my online activity. In
the headers of this message, for example. Because I use nested VPN
chains, plus Tor when I really want some anonymity.

So the equivalent here to Signal would be that my email address had to
be associated with my ISP-assigned IP address. And for sure, that's how
it was 20 years ago, when I used an email address from my ISP. I used
PGP for content privacy, but there was zero anonymity.

So how is that bullshit acceptable in 2019?

> Openwhisper can be picked up at the firewall level, but then so
> can Tor and VPN spinups, and all of these things are metadata
> that make you score more interesting to the mass-data-scoop
> algorithms.  If you don't want to be easily geo-locationally
> tracked, don't use a device with a cellular modem, full stop.  

Sure. But I can start with a popular VPN, and maybe 20% of people around
me use VPNs for pirating, so that's not too unusual. What's unusual is
what I route through that VPN. But even discovering that would take some
work, and then they'd just see another VPN. The won't see Tor until they
drill down 3-4 VPNs.

It's not just cellular modems that enable geolocation. There's GPS. And
there are databases with locations of WiFi APs. If it were possible to
securely use VPNs and Tor on smartphones, geolocation wouldn't be any
more of an issue than it is for me, sitting here at my computer.

<SNIP>

More information about the Gnupg-users mailing list