HN Theater @HNTheaterMonth

It also seems like phones have their own tracking ids that they report, it's not just the sim card.

There was a great talk about some of this from black hat; how the CIA renditioned Abu Omar out of Italy and how they were found out: https://youtu.be/BwGsr3SzCZc

⬐ alias_neo

All GSM phones have at least one of these (multi-SIM devices have multiple), they uniquely identify devices with SIMs and are held in databases shared intentionally amongst many nations for blacklisting and such.

If a phone is reported stolen in the UK and reported, it's IMEI can be added to this list and the device becomes useless in participating countries, say for example, Spain, or Germany or the US.

My point is, it's a globally unique identifier; tempering with, modifying or cloning them is illegal in some countries.

The SIM itself is almost irrelevant, but, with the information mobile providers hold, it's trivial to link a SIM account, a device identifier and a person (particular given some countries require ID by law to obtain a SIM).

⬐ mindslight

Furthermore, being criminalized in some countries has caused discussion of how to change IMEIs to be censored in technical forums everywhere. The obvious draw is stolen phones, so nobody wants to touch the topic with a ten foot pole, despite its straightforward relevance to privacy.

⬐ gruez

>censored in technical forums everywhere

everywhere? I found this in 1 minute.

https://forum.xda-developers.com/android/general/how-to-rest...

⬐ aSplash0fDerp

MTK has similar steps, but I don't think we see many mediatek chips in the states.

https://forum.xda-developers.com/lenovo-vibe-p1m/how-to/writ...

⬐ mindslight

And yet there is also this: https://forum.xda-developers.com/showthread.php?t=2652022

That attitude reflects the dead ends I've experienced when looking around for how to change IMEIs for various phone models I was interested in. Also note all the disclaimers in the thread you linked.

Maybe recent phones are still so straightforward with QPST that any time the question is actually asked it's bound to get flooded with crap? It certainly doesn't feel that way. Eventually I'll get around to setting up another Windows VM and seeing what modern QPST can actually do.

⬐ tinus_hn

These ‘trackingids’ are called the IMEI, the International Mobile Equipment Identifier.

⬐ zahllos

There are two numbers on the cellular network that matter: international mobile equipment identifier (IMEI). This identifies the cellular radio in question, usually the phone but a dual SIM phone will have one for each slot.

The second is the international mobile subscriber identifier, IMSI. This is the identifier the SIM sends to ask the network for functionality.

Even without a sim installed, the phone may transmit and will transmit its IMEI when doing so. This is so that cell towers can talk back to the device (a bit like ssids in WiFi networks). As mentioned in other replies to you you can often dial emergency numbers and your calls are routed. To do that you need to know which device is calling.

So yes you can track individual phones. You can also tell when a phone has changed SIM or a SIM has changed phone and so on. No idea if networks do this, but the data is there.

Going to be hard and would be ineffective. For one, America still has several military bases in Germany alone e.g. Ramstein, which was used by the CIA in the Milan kidnapping [0][1].

[0] https://en.wikipedia.org/wiki/Abu_Omar_case

[1] Black Hat talk: https://www.youtube.com/watch?v=BwGsr3SzCZc

⬐ tuco86

If it was easy and effective, I would not really want that either. Just some counter pressure against these practices.

I just feel that there should be mutual respect of our countries citizens. We don't stop Americans from visiting our country or our neighbors countries. We don't ask for their passwords on entry either.

I'd like the same rights to visit your country as you have visiting mine.

⬐ masonic

  We don't stop Americans from visiting our country 

You're sure of this? Have you actually checked?

Heck, for one example, the UK has banned an American radio talkhosr just for his commentary, with no criminal charges on either side of the pond. A nation is entitled to choose its guests (aside from diplomats).

⬐ jai_

Are you talking about Alex Jones?

He doesn't seem to be on this list, but please add him if you can find a reliable source:

https://en.wikipedia.org/wiki/List_of_people_banned_from_ent...

⬐ dagw

Michael Savage. While I agree he's said some pretty terrible things, I do find it kind of weird that he's on that list when so many other similar people aren't. They should really either remove his name or add like 50 other names.

⬐ rosege

What you want is international reciprocity https://en.wikipedia.org/wiki/Reciprocity_(international_rel... Brazil is a big proponent of this. When the US brought in taking bio-metric data from travelers Brazil did it too - but only for US citizens.

Your phone's location can be silently triangulated based on what cellphone towers can see your phone and the strength of the signal to them. This is being done and you can buy the data from LocationSmart. This was discussed on HN a few weeks ago [0].

This data was used in Italy to catch CIA agents after they extrajudicially extradited (so to speak) a terrorist[1] in 2003 https://youtu.be/BwGsr3SzCZc?t=7m2s. The whole talk is worth watching.

The cost of storing this forever is negligible and going down. The government would be foolish or (in my opinion irrationally) principled not to hold on to this for the next 1,000 years.

[0] https://news.ycombinator.com/item?id=17095667

[1] https://en.wikipedia.org/wiki/Hassan_Mustafa_Osama_Nasr#Conv...

Both the SIM and the phone's serial number are available to the network. An analyst looking to correlate your activities can do so trivially. In fact, this is how Italian investigators were able to prove the link between a CIA cell and the American embassy. No one used the same SIM to talk to both groups, but they did use the same phone.

https://www.youtube.com/watch?v=BwGsr3SzCZc

⬐ derefr

Yes, sure, the IMEI is accessible; this is why I referred to it as a "side-piece phone" rather than a "burner phone." They're separate OPSEC profiles: evading a state attacker, vs. anonymizing some of your traffic from the view of a private individual attacker (e.g. your spouse.)

⬐ None

None

⬐ mseebach

Step 0 is to correctly identify the threat model. If you're just hiding an affair from your spouse, any old smartphone on a prepaid contract will do.

⬐ buildbuildbuild

IMEI is unfortunately a mutable value on many devices.

An extreme example which is used for SMS/Voice spam: https://www.aliexpress.com/store/product/GPRS-sms-64-sims-mu...

⬐ jonathanstrange

I might be wrong but I always thought this requires some pretty high level of operational discipline, because its detectable and highly suspicious when you switch the IMEI while the phone is switched on and the same card is in the phone. You have to turn off the phone, remove the sim, turn on the phone and switch the IMEI, turn it off again and put another SIM in, and then turn it on again. Otherwise the Telecom provider will register the anomaly and might even inform the authorities or kick off the phone from the network.

Again, please correct me if I'm wrong.

⬐ TomMarius

You can configure (rooted) Android to not connect to mobile network until you tell it to do so

⬐ CydeWeys

A proper side phone could be programmed to handle this process correctly. In an option accessible from a menu it could drop the network, prompt to switch out a SIM (or use one in a different slot), wait a suitable amount of time, and then reconnect to the network.

I see no reason to reboot the phone. SIMs can be hot-swapped.

Longer video (25 minutes) of a talk from BlackHat 2013, about how metadata was used to expose an illegal(?) 2003 CIA operation carried out in Italy. It's by a non-tech journalist, so it's also largely non-technical and provides a very interesting overview of what metadata can expose.

https://www.youtube.com/watch?v=BwGsr3SzCZc