overhaul cellular tracking section
This commit is contained in:
Daniel Micay
parent
4316be6c0e
commit
b11aa57ed5
@ -76,8 +76,8 @@
|
|||||||
<li><a href="#hardware-identifiers">Can apps access hardware
|
<li><a href="#hardware-identifiers">Can apps access hardware
|
||||||
identifiers?</a></li>
|
identifiers?</a></li>
|
||||||
<li><a href="#non-hardware-identifiers">What about non-hardware identifiers?</a></li>
|
<li><a href="#non-hardware-identifiers">What about non-hardware identifiers?</a></li>
|
||||||
<li><a href="#cellular-tracking">What does GrapheneOS do about cellular
|
<li><a href="#cellular-tracking">What does GrapheneOS do about cellular tracking,
|
||||||
tracking and silent SMS?</a></li>
|
interception and silent SMS?</a></li>
|
||||||
<li><a href="#wifi-privacy">How private is Wi-Fi?</a></li>
|
<li><a href="#wifi-privacy">How private is Wi-Fi?</a></li>
|
||||||
<li><a href="#default-connections">Which connections do the OS and
|
<li><a href="#default-connections">Which connections do the OS and
|
||||||
bundled apps make by default?</a></li>
|
bundled apps make by default?</a></li>
|
||||||
@ -380,36 +380,56 @@
|
|||||||
between apps within the same profile, but never between them.</p>
|
between apps within the same profile, but never between them.</p>
|
||||||
|
|
||||||
<h3 id="cellular-tracking">
|
<h3 id="cellular-tracking">
|
||||||
<a href="#cellular-tracking">What does GrapheneOS do about cellular tracking and
|
<a href="#cellular-tracking">What does GrapheneOS do about cellular tracking,
|
||||||
silent SMS?</a>
|
interception and silent SMS?</a>
|
||||||
</h3>
|
</h3>
|
||||||
|
|
||||||
<p>GrapheneOS always considers the network to be hostile and does not implement weak
|
<p>GrapheneOS always considers networks to be hostile and avoids placing trust in
|
||||||
or useless mitigations. Therefore, it does not have the assorted gimmicks seen elsewhere
|
them. It leaves out various carrier apps included in the stock OS granting carriers
|
||||||
providing privacy/security theatre to make users feel better about these issues. One
|
varying levels of administrative access beyond standard carrier configuration.
|
||||||
of the core tenets of GrapheneOS is being honest with users and avoiding scams/frills
|
GrapheneOS also avoids trust in the cellular network in other ways including providing
|
||||||
based around marketing rather than real world privacy/security threat models.</p>
|
a secure network time update implementation rather than trusting the cellular network
|
||||||
|
for this. Time is sensitive and can be used to bypass security checks depending on
|
||||||
|
certificate / key expiry.</p>
|
||||||
|
|
||||||
<p>Activating airplane mode will fully disable the cellular radio transmit and receive
|
<p>Cellular networks use inherently insecure protocols and have many trusted parties.
|
||||||
capabilities, which will prevent your phone from being reached from the cellular
|
Even if interception of the connection or some other man-in-the-middle attack along
|
||||||
network and stop your carrier (and anyone impersonating them to you) from tracking the
|
the network is not currently occurring, the network is still untrustworthy and
|
||||||
device via the cellular radio. The baseband implements other functionality such as
|
information should not be sent unencrypted.</p>
|
||||||
Wi-Fi and GPS functionality, but each of these components is separately sandboxed on
|
|
||||||
the baseband and independent of each other. Enabling airplane mode disables the
|
<p> Authenticated transport encryption such as HTTPS for web sites avoids trusting the
|
||||||
cellular radio, but Wi-Fi can be re-enabled and used without activating the cellular
|
cellular network. End-to-end encrypted protocols such as the Signal messaging protocol
|
||||||
radio again. This allows using the device as a Wi-Fi only device.</p>
|
also avoid trusting the servers. GrapheneOS uses authenticated encryption with modern
|
||||||
|
protocols, forward secrecy and strong cipher configurations for our services. We only
|
||||||
|
recommend apps taking a decent approach in this area.</p>
|
||||||
|
|
||||||
|
<p>Legacy calls and texts should be avoided as they're not secure and trust the
|
||||||
|
carrier / network along with having weak security against other parties. Trying to
|
||||||
|
detect some forms of interception rather than dealing with the root of the problem
|
||||||
|
(unencrypted communications / data transfer) would be foolish and doomed to
|
||||||
|
failure.</p>
|
||||||
|
|
||||||
|
<p>Connecting to your carrier's network inherently depends on you identifying yourself to
|
||||||
|
it and anyone able to obtain administrative access. Activating airplane mode will
|
||||||
|
fully disable the cellular radio transmit and receive capabilities, which will prevent
|
||||||
|
your phone from being reached from the cellular network and stop your carrier (and
|
||||||
|
anyone impersonating them to you) from tracking the device via the cellular radio. The
|
||||||
|
baseband implements other functionality such as Wi-Fi and GPS functionality, but each
|
||||||
|
of these components is separately sandboxed on the baseband and independent of each
|
||||||
|
other. Enabling airplane mode disables the cellular radio, but Wi-Fi can be re-enabled
|
||||||
|
and used without activating the cellular radio again. This allows using the device as
|
||||||
|
a Wi-Fi only device.</p>
|
||||||
|
|
||||||
<p>The <a href="/usage#lte-only-mode">LTE-only mode added by GrapheneOS is solely
|
<p>The <a href="/usage#lte-only-mode">LTE-only mode added by GrapheneOS is solely
|
||||||
intended for attack surface reduction</a>. It should not be mistaken as a way to make
|
intended for attack surface reduction</a>. It should not be mistaken as a way to make
|
||||||
the cellular network into something that can be trusted.</p>
|
the cellular network into something that can be trusted.</p>
|
||||||
|
|
||||||
<p>Even if interception of the connection or some other man-in-the-middle attack along
|
<p>GrapheneOS does not add gimmicks without a proper threat model and rationale. We
|
||||||
the network is not currently occurring, the network is still untrustworthy and
|
won't include flawed heuristics to guess when the cellular network should be trusted.
|
||||||
information should not be sent unencrypted. Legacy calls and texts should be avoided
|
These kinds of features provide a false sense of security and encourage unwarranted
|
||||||
as they're not secure and trust the carrier / network along with having weak security
|
trust in cellular protocols and carrier networks as the default. These also trigger
|
||||||
against other parties. Trying to detect some forms of interception rather than dealing
|
false positives causing unnecessary concern and panic. Make good use of authenticated
|
||||||
with the root of the problem (unencrypted communications / data transfer) would be
|
encryption and airplane mode to avoid needing to depend on an insecure network.</p>
|
||||||
foolish and doomed to failure.</p>
|
|
||||||
|
|
||||||
<p>Receiving a silent SMS is not a good indicator of being targeted by your cell
|
<p>Receiving a silent SMS is not a good indicator of being targeted by your cell
|
||||||
carrier, police or government because <em>anyone on the cell network can send
|
carrier, police or government because <em>anyone on the cell network can send
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user