Comment by Darthy
8 years ago
This is a problem with the GSM/UMTS standards themselves. Carriers always know where you are, but one could create a standard where they wouldn't have to know unless you make a call. With enough encryption and effort, I'm pretty sure one could even create a standard where carriers would never know where you are, even while you are using services.
Would not it be easier to ban anyone from using this location data for anything except explicitly permitted by law? The problem is not with standards, the problem is with people.
Banning things works relatively well for people because they fear having trouble with law and justice. Doesn't work that well for corporations whose law department is just like any other department. In this case you must assume that if it's technically possible then it's done.
This argument can be used against any law, like antitrust law. Having a law department doesn't give you a free pass to break laws.
5 replies →
They will just move it all offshore.
How does one determine which tower to route an incoming call through, in your model? How could roaming work?
Spoiler: I don’t think doing what you are describing is feasible.
I can't find a link, but this problem was foreseen and solved by Robert Morris Jr. He wrote a paper on how users could register their location with a 3rd party using a hash of their IP address. When someone wanted to call them, they would contact that 3rd party for the location then route to the cell. The cell knew someone was there, it just didn't know who. And each 3rd party only had info on a few users, and no choice over which ones it had, if I recall correctly.
Looks like there is info here:
https://en.wikipedia.org/wiki/Robert_Tappan_Morris#Later_lif...
This is the way we should have designed these networks from the beginning. It was inevitable that the stuff in TFA would happen, given the interests of the companies involved and no regulation to prevent it. Same with FaceBook and Cambridge Analytica.
Couldn't you build a lookup table that reverses hashes back into their IP addresses? It might not be worth it for IPv6, but it would probably work for IPv4.
Calls could be done over IP, and as long as you could anonymously authenticate to the tower then you could be granted a new IP address at each tower via something like DHCP. I imagine roaming and handovers would have to be done on the end-device though; the end-device would need to proactively associate to new towers and both ends of the voice call would need to agree to switch to the new IP address.
But if the tower operators collude then they can still track you across towers by localizing the physical source of the end-device's signal.
If you really wanted to do this, a more secure approach is onion routing. It's essentially the same problem -- attempting to preserve anonymity in the face of adversarial network hardware, while being limited by a requirement to enter / exit through certain nodes.
So you'd want a mesh network, formed adhoc out of currently in range cellular device neighbors, with packets re-encapsulated and encrypted at each hop, eventually hitting the tower from a random device.
Authorization would be impossible (the intent of the scheme) without a side channel (as you can't simultaneously have individual authorization and individual anonymization). Which makes it a non-starter for commercial use.
5 replies →
Proving to the tower that you are a paying user should be easy, but routing the data securely will not be as easy. You'd probably need some kind of onion routing or similar on the back haul, unless you want to forego incoming calls. I would not like to have to forego those. Also, why even bother with DHCP, just say that the tower assigns you an IP, without knowing your MAC, right after you were able to prove that you are a paying customer. Handling data quota is going to be non-trivial there, as you'd either need to route everything to the provider anyway, or have a DoS-proof way of decreasing your remaining quota, e.g. by signing a new value with some key of yours, ensuring that the tower can't use that as your ID (maybe don't tell him or so), and then have to prove to the tower that your quota really got diminished, preferably without revealing how much is remaining, and just telling the tower that you still got something to spare. The main issue seems to be that you'd have to hold a session with each tower where you got quote allocated, as you can't re-run that quote proof for each packet. The finest granularity that seems remotely reasonable would be like 16kiB of traffic, which you would deduct form your account, let it get claimed by the tower, and then be required to repeat for each successive block (obviously you could assign larger blocks, but a block, once assigned, can't be put back without serious unnecessary cryptographic hurdles.
I am not well-versed enough in these cryptographic details to tell you how one could do this exactly, but I doubt it's impossible/infeasible to create a cellular protocol technically as powerful as LTE, but without tracking ability by the tower or the provider (byzantine fault tolerance, stochastic).
Off the top of my head, you could have this system: you use a new id that authenticates you with the carrier every n packets, and you do the routing from the source to your id on a server that you control yourself.
Spoiler. The utility of the live call is overstated. Most of the people I interact via a phone vastly prefer async SMS over sync voice calls. We can do SMS via polling, the network doesn't need to push anything to us.
People text so much because there is an expectation the other person is going to respond pretty quickly. There is definitely value derived from having people accessible all the time, and I doubt a service would sell if people weren't.
1 reply →
> where they wouldn't have to know unless you make a call
Presumably this is actually "unless you make a call or use data"?
They have to know your location if you want to receive a call.
With the current setup, sure, but that's by design. The cellular modem could stay off until you decided to take the call if there was a nationwide page circuit listening, the user would get the ring, see the number the page sent, and if desired, answer, which powers on the modem, hits a tower and connects to a backend system that sent the page which took the incoming call.
Page messages are in-the clear, but that's fixable by (gasp) OTP.
You want every single cell phone call in the world to send out a signal over every single cell tower?
5 replies →