A weekly live show covering all things Freedom Tech with Max, Q and Seth.
TO DONATE TO ROMAN'S DEFENSE FUND: https://freeromanstorm.com/donate
IMPORTANT LINKS
VALUE FOR VALUE
Thanks for listening you Ungovernable Misfits, we appreciate your continued support and hope you enjoy the shows.
You can support this episode using your time, talent or treasure.
TIME:
- create fountain clips for the show
- create a meetup
- help boost the signal on social media
TALENT:
- create ungovernable misfit inspired art, animation or music
- design or implement some software that can make the podcast better
- use whatever talents you have to make a contribution to the show!
TREASURE:
- BOOST IT OR STREAM SATS on the Podcasting 2.0 apps @ https://podcastapps.com
- DONATE via Monero @ https://xmrchat.com/ugmf
- BUY SOME STICKERS @ https://www.ungovernablemisfits.com/shop/
FOUNDATION
https://foundation.xyz/ungovernable
Foundation builds Bitcoin-centric tools that empower you to reclaim your digital sovereignty.
As a sovereign computing company, Foundation is the antithesis of today’s tech conglomerates. Returning to cypherpunk principles, they build open source technology that “can’t be evil”.
Thank you Foundation Devices for sponsoring the show!
Use code: Ungovernable for $10 off of your purchase
CAKE WALLET
https://cakewallet.com
Cake Wallet is an open-source, non-custodial wallet available on Android, iOS, macOS, and Linux.
Features:
- Built-in Exchange: Swap easily between Bitcoin and Monero.
- User-Friendly: Simple interface for all users.
Monero Users:
- Batch Transactions: Send multiple payments at once.
- Faster Syncing: Optimized syncing via specified restore heights
- Proxy Support: Enhance privacy with proxy node options.
Bitcoin Users:
- Coin Control: Manage your transactions effectively.
- Silent Payments: Static bitcoin addresses
- Batch Transactions: Streamline your payment process.
Thank you Cake Wallet for sponsoring the show!
[00:00:01]
Unknown:
Is on the way. Wonderful. I'm gonna hit when my mouse works, go live. No. I'm not gonna switch to that first. Why is my mouse not working? There we go. Okay. Going live. Connecting. Hello, and welcome. Hello. Today. Can you guys hear
[00:01:43] Unknown:
me? I can.
[00:01:45] Unknown:
Wonderful. Max, can you hear me? Look at this. A professional outfit. I can hear you. Look at this.
[00:01:53] Unknown:
You've, we we give you a lot of shit, but you've outdone yourself here, mate. This is, quite the setup.
[00:02:02] Unknown:
Quite the departure from last week, I think. Guys,
[00:02:08] Unknown:
it doesn't feel legal for it to be this seamless. Is this is this a lab?
[00:02:15] Unknown:
I don't know. It's it's not so ungovernable, maybe. I don't know. I don't know. I like it. We'll roll with it.
[00:02:23] Unknown:
We have we now we know we can go the Max Payne ungovernable route. We can do it.
[00:02:30] Unknown:
It's gonna be a simpler route. Yeah. It feels like we've gone from the cubes of live streaming to the macOS of live streaming.
[00:02:42] Unknown:
Good analogy.
[00:02:43] Unknown:
Quite apt.
[00:02:45] Unknown:
Although, ironically, it doesn't look like we are live on Nosta just yet. But if I was a betting man, I'd probably say that's probably due to zap.stream and not, due to our issues. But I'll I'll continue to try and troubleshoot while, people filter in. But, yes. Let me stream in. Yes. It says it's sending data to zap dot stream. I have no idea what that means, but clearly oh, unable to connect. There's a shock. Anyway, I'll try and fix it when the other guys are chatting on. But The future, man. Hello, and welcome to Freedom Tech Friday. For those of you that are new here, allow me to briefly explain what this is all about and why the hell we're here. Freedom tech Friday is a weekly live and interactive show hosted on the Ungovernable Misfits, X, Nosta, and YouTube feeds.
We go live for one hour every single Friday at 9AM eastern or 2PM UK time. And you can also catch you up later on on the Ungovernable Misfits podcast feed. On Freedom Tech Friday, we like to cover the latest news and trends for anything relating to freedom technologies. That could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there's a news item, tool, or topic that can help you take back some control in today's digital panopticon, we want to talk about it.
My My name's q and a, and I'm head of customer experience at Foundation where we build Bitquay focused sovereignty tools. And as always, I am joined by my good friend, Max, the head honcho over at the Ungovernable Empire, and Seth, who is VP at k Wallet. As I mentioned, this show is live and interactive, and we rely on you guys to steer us towards the topics you want us to cover or send us the FreedomTech related questions that you want answering. There's many ways you can get involved, all of which really helps spread the awareness for the show. These include commenting or asking asking questions in the live chat. Submitting your topics or questions ahead of time, by posting on X or Nosta.
Boosting the show on Fountain or any other of the podcasting two point o apps. Sending any Bitcoin tips or Monero tips via XMR chat. And finally, just sharing the show on X or Nosto. So without further ado, let's dive into the show. Let's have a little catch up, guys. How is it going? I was absent last week, although I did listen. So, did you have fun?
[00:05:09] Unknown:
You you you were were you missing last week? We couldn't we couldn't tell. We were on our own stranded,
[00:05:16] Unknown:
alone, in the dark. I was I was listening. I could tell I was missing.
[00:05:23] Unknown:
I'm not quite sure what you've been there. No. Didn't you say your missus was in the car with you, and you were both just laughing? Yeah. We were both laughing. We were driving down down south for a wedding,
[00:05:37] Unknown:
and, she she she literally uttered the words, is it always this bad?
[00:05:46] Unknown:
Only when Max is in charge.
[00:05:49] Unknown:
Yeah. So I I take my hats off to you guys for for powering through. You know, there was some some good tidbits in there, so it was an enjoyable lesson.
[00:05:58] Unknown:
I don't I don't know if enjoyable listed is the right term to those who had to deal with it live, but they've learned their ears bled, but their brain grew.
[00:06:08] Unknown:
So it's worth it to take. Yeah. That feels like a tagline we could use for the show. It is Friday. Their brain grew. Might make your ears bleed, but you might also learn something.
[00:06:23] Unknown:
A realistic tagline. New setup. No fluff here.
[00:06:27] Unknown:
Yeah. Yeah. The the observant above you above you amongst you will notice that we we have a new semi professional stream, looking or looking stream where we've got lots of bells and whistles, and I can press different buttons and, you know, give us different backgrounds. And, oh, it's wonderful. So I'm gonna be playing around with some stuff today, and I might break a few things along the way like it looks like I just have. So apologies for that. Maybe I don't click any buttons. But, why are we here today? Well, today's topic, I wanted to tackle, phone privacy, and try and answer the question, can you really be private with, a mobile phone?
Think about it. Like, our our phones are with us quite literally twenty four seven. If if I'm speaking for for most people on the chat here, and and I'm certainly for for all of us that are are on the panel, They they know where we go. They know who we talk to, what we search, how we move. They are quite literally kind of our closest companions, but also, probably quite obviously, our biggest leaks in terms of data of all shapes and sizes. So Mhmm. The the question here is not just the the it's not a yes or no. Can you really be private with a mobile phone? As always, the truth is somewhere in in the middle. And it's that kind of middle ground that I wanna explore today, so that we can kind of understand the trade offs, the limits, the limitations, excuse me, and and kind of the the tools that we can use to take back some control.
There is, many ways I can kind of take this. The way I wanted to kind of kick off the conversation, is the obvious kind of come back to can you be private from with a mobile phone is, private from who? So I've broken down three kind of main sections of of people that we or or entities that we would kind of like to be, concerned about the our privacy from and using anything, not just a mobile phone. And I think we should in, outline kind of what information is typically shared with each of these kind of three buckets that I've put them into, and then follow-up with kind of some tips, if if there are any available as to how we can kind of mitigate the risk or or any potential privacy losses when using a phone if we have to from this specific set of people.
So the three buckets of, entities I've broken it up to is kind of just general other people or the human beings. The biggest one would be corporations. And then the last one we can get onto is governments. So when it comes to other people, and and when we're interacting with a phone and kind of, having privacy from other people, the reason I put this at the start is it's kinda like the easiest one for us to tackle and the easiest one for us to have influence on just by the the nature of kind of how we use a phone. You know, you don't need to you can have privacy in the digital world from other people quite easily because of the way phones are constructed these days.
And the the first two or the main two talking points for me really would be your app selection, and most importantly, how you use the apps. It's completely up to you when you've got a mobile phone, number one, which apps you install. Aside from all of the bloatware that comes on certain operating systems, which you'll get into in a second. But also, you know, how you use those apps. Like, you could have an Instagram account or a Twitter account, and it could be a completely pseudonymous account just like mine or like Max's where, you know, we share the info that we want, bought Joe Blogs down the street, doesn't know where we live. So that we've chosen to use that app in a specific way such that we're only kind of sharing the information that we are comfortable with. Whereas you got on the other end of the spectrum, you know, peep really public people, in the Bitcoin industry that are free to free to kind of share more of their their personal life, their personal information, more about themselves, photos, maybe even geographical locations, etcetera, etcetera.
So how you use the apps and what information you share via those apps is obviously crucial in terms of gaining or protecting your privacy from other people. But in terms of like app selection guys, I'm gonna bring you in here. Do you think there's specific apps that most of us here would make a selection for to kind of limit the the data that we share? Or do you think it's mainly the way in which we interact with each of those apps and that and the kind of what we put into them that has a bigger bearing on how private we can be from other people when using a phone today.
[00:11:20] Unknown:
I mean, so when you when you say other people, you would mean, like, friends, family, neighbors, like, not corporations, not coverage. Correct. Just to be clear. Like, not the app developer themselves. Right. Other people We're coming on to that sort of stuff later. Yeah. Yeah. Yeah. Yeah. I mean, from my perspective, the, like, the thing to keep in mind if your your main priority is preventing data from getting in the hands of other people about who you are or what you do is being synonymous whenever possible. Like, not not using your real family photo or something as your Twitter profile pic and not using a real name, like, using simple things that at least add a layer of obfuscation for someone who wants to learn more about who you actually are.
It really does come down less to app selection and definitely more to me at least on how you use those apps. What info you use for your profile? Do you fill out your profile and every app even if it's not necessary to have all of the latest data about who you are as a person or do you limit that use email addresses that are not your first and middle and last name at g mail dot com? Like, there's a lot of pretty low hanging fruit on how you can protect yourself there by just not leaning into this idea where every app and every service wants you to have a social profile, like, absurd. Thanks to me. Like, I'm ordering food. Like, I probably I don't think you need to know, like, my birthday and have my photo there. And, like, I don't care that my friends know I don't want my friends to know what I ordered for dinner on Thursday night. Like, it just it's weird how social so many of these things have gotten, where, like, the stuff does not need to be on the Internet at all. So I think really just minimizing how often you're sharing data, minimize what profiles you set up, use even just fake DIMMs, different ones for everything, use email aliases, things that just make it harder for someone who can see that profile data to connect it back to to Joe Schmo in the neighborhood.
[00:13:19] Unknown:
Not to anything to show you.
[00:13:22] Unknown:
Yeah. Just that it's well, on that point, it's really creepy how social these things have got. And like Seth has just said, like, it's everywhere. It's not it's not like food. It's workouts and stuff like that. It's like, where did you run? How far? How fast? What did you train? And then there's, like, people commenting on what you've done and you're commenting back. Not that I'm saying I do this, but this is, like, when you try and sign up for a service, there's this social layer that's in there and the amount of data that is is collected by all of these companies and probably either stolen or sold is just weird. So, yeah, nail on the head. Just put as little information as you possibly can get away with into these things and fake as much as you can.
And then on app selection, I mean, obviously, trying to not use the worst of the worst, obviously, trying not to use, like, TikTok and some of these other, apps that are particularly bad, and then trying to switch out some of the communication ones, for things like signal, if you can, and VPNs to be used as much as possible, if not always, puts you in a a a much better situation, I think, than most people.
[00:14:53] Unknown:
Yeah. I I think the the easy way to wrap up this portion of it is, like, everybody has their own choice as to how much information they share with other people when using their phone. It's quite easy to be able to limit which specific parts of your life you wanna share by the nature of, like, say, the app selection. You know, if you're if you're a runner and you you thrive off sharing your run information on Strava, then you're gonna you know, that's an okay trade off for you. But if you're a pseudonymous dev that wants to publish code, but you don't you don't don't wanna be, followed by three letter agencies because you might be deemed for for some wrong thinking ten years time, then, maybe you probably aren't gonna do something similar
[00:15:36] Unknown:
to that. And you might choose a a
[00:15:38] Unknown:
a kind of social network where you aren't required to give all of that certain information so that you can maintain that level of privacy. But the the crux of it is it's within the users to kind of choose, which is the important part. The the next bucket of people I wanted to bring it around to, and this is the big one. And what this is probably the one we'll spend the most time on is corporations. This is the one where, particularly if you use a phone in a kind of naive way, you can be sharing a lot more information than you really think. So with corporations, I've broken it down into a couple of different, well, quite a few different, subcategories.
So what I wanna do is I'm I'm gonna mention the the subcategory of type of corporation, and I wanna explore under each, subcategory what information is usually shared by just using a phone in in the same way it normally would. And then what we can do to prevent that. So the first one is the phone manufacturer. What do we think that the the typical phone manufacturer? So Samsung or Google or Apple, gleams in terms of information just when you use a phone in a kind of naive way. I guess the first one and the obvious one to get the ball rolling would be, your name and your payment information if, you buy directly from the manufacturer.
So that's the kind of information I'm looking at. But what else do you think that the phone manufacturer, like Apple, etcetera, would gleam just from you using a phone today?
[00:17:10] Unknown:
Well, if it's Apple, you sort of generally end up in the ecosystem with an iCloud login account and email and all your details and, warranty details and all the rest of it. So as a general rule, I would think most Apple users, Apple is going to know, name, address, payment details, as a minimum.
[00:17:42] Unknown:
And crucially, be able to tie a specific handset identifier. I believe it's called an IMEI
[00:17:48] Unknown:
number. IMEI.
[00:17:49] Unknown:
Yeah. Which is kind of, like, tagged to your phone. And then from that, that would be then be shared with other corporations that we're gonna come on to in a second. So it's the again, it's while we're right now talking about the phone manufacturer, Apple in this case, that would then that kind of phone being tagged to you would then be shared with your chosen network provider, etcetera, etcetera. So you can quickly start to see how just buying direct from one manufacturer and then using a phone, starts to ship spread your information across multiple other entities. Again, we're gonna go on to in a second. But, Seth, I know you're keen to come in here. I can see you chomping at the bit.
[00:18:27] Unknown:
Yeah. I mean, a lot of this varies quite widely. Like, you'd be surprised how relatively straightforward it is, at least in The US, to get a phone without revealing your identity to the phone manufacturer. Like, I mean, you can get pixels secondhand quite easy. You can iPhone secondhand quite easy. So, like, buying used for cash face to face is one of the most fantastic ways for privacy that you can acquire a phone to use, without having to link your ID. But even buying brand new, like, I I have heard that you can get an iPhone with cash without giving up your ID. Like, you you can just walk into an Apple store and do that. Like, it's a lot of people just kind of assume you can't do things when most of the time you just you can. Like, Best Buy ever, you can generally go and get a phone and pay with cash and walk out and then not have to give you're not there's no requirement to give over ID or something like that. So there's a lot of ways you can get a phone without linking your ID specifically, which I think just like when we talk about Bitcoin, like, the the most important first step for privacy is just not having you as a person tied directly to something and at at least being pseudonymous, which I definitely would not claim then that phone usage is anonymous in almost every case, but pseudonymous at least. So there's not necessarily an ID directly to point back to. So I think a lot of times you can get the phone without tying your identity to it, but the unfortunate thing is most phones then the the manufacturer is going to learn a lot about you just in the telemetry that happens on the device.
Apple is the best by far if you're just using a device out of the box. They collect the least data. They have a lot of protection for you. They're not perfect, but they're the best. Beyond that, basically, everything gets really bad really quickly. Samsung, Apple I mean, Samsung, Google, massive amounts of telemetry. Don't get me started on, like, getting a Xiaomi phone, which I saw someone recommend on Twitter as the better option than a Pixel.
[00:20:27] Unknown:
I've never even heard of it. What should I Yeah. There I mean
[00:20:31] Unknown:
Go on, sir. Yeah. I I was just gonna say it's a it's a Chinese manufacturer. They make really good hardware, but it's like they've long been known to they they obviously work with the Chinese government. Backdoors and a lot of Mhmm. A lot of reasons to not use them if you care about privacy.
[00:20:48] Unknown:
Wait. When you say But some people think before you move on, just switching telemetry. Can you kind of, like, just dive in a little bit? Oh, yeah. That's a good Yeah. That's a good call.
[00:20:56] Unknown:
Yeah. So telemetry is just a a I guess, the all encompassing, like, umbrella term for all of the analytics and data collection that a device does to, theoretically, just to be able to learn more about how people use it so that they can provide better software and tools. Like, that is the the well meaning side behind it. Now, obviously, unfortunately, companies collect this, use it to improve the service, and they also will sell it or it'll get act and leaked. So it can be can be harmful even if it was well meaning in the the initial days. But most of these manufacturers have massive amounts of telemetry that will tell them everything about what you do, where you click, when you have your phone on and off. Like, it gives a lot of data about your usage. Yeah. But that's where like I said, Apple is quite good out of the box. Not perfect, but quite good. And you can disable the vast majority of what they do, perform.
But then Google getting a pixel and flashing graphene OS is by far the best option because you can get a pixel with cache face to face used in many stores, flash Graphene OS, and then there's no Google telemetry at all. So they learn nothing about your activity on the device. So I think there are a lot of options. But from the phone you manufacture, the vast majority of devices and manufacturers are going to have a massive amount of data collection about how you use the device that gets sent back. And Android has notably been the worst for a very long time.
[00:22:20] Unknown:
Yeah. Glad we glad we covered that because the next one I was gonna mention was the operating system provider, but I feel like we've kind of, covered that one. So the next on my list of this in in this subcategory is your network or your cell provider. Feel like this one often gets overlooked. But good morning John. Just seen your comment rolling. Hi. Nice to have you with us. Yeah network providers, cell providers. I I feel like even though they have no direct insight into our phones and the kind of apps we're running, the amount of data that these guys can glean just by using a phone again in a very naive sense is is quite scary. Obviously they can see who we call, when we call them, for how long we call them. Same goes for text messaging, although thankfully particularly in most of the Western world, US aside, text messaging is is not used very often. And most people are using, you know, messages like WhatsApp or Signal, which is great. And obviously, it gives you some protection from the network provider.
But if you're using SMS and calls, like, all of that can be logged in, that just that small amount of or what we would think is small amount of metadata can quickly build up a big picture of your life, your network, who your friends and family are. And then the other obvious one is is kind of, yeah, like, your location. Like, your phone is literally a freaking tracking device, pinging off cell towers, five g network, with you wherever you go. So your your your cell provider knows where you are at any given time that you have your phone with you, essentially, which again, the amount of, like, data that can be harvested from that is is quite literally shocking.
And, I guess, unless you have anything to add guys, like how could we fix that? Like this is the big hole in phone privacy for me because yes they can't see specifically what's going on on our phone, but who we're calling, where we're going, like that is just a scary amount of information that can be used against you in you know like many many different ways that you know we I'm sure we could we could go into. But, like, there isn't really a fix for this because that's just how phones work. Right?
[00:24:34] Unknown:
Could you not fix it by having one of these, like, walkabout router devices that you connect to over Wi Fi with your phone and have a contract that you you have a contract for three g, four g, five g, whatever, that you pay in Monero, and it has router level, like, on the device as well because then you're not leaking your information to the provider of the three g, four g, five g. Your phone's always connected because it's with you if it was small enough. And then you're using a graphene phone or whatever, which isn't you know, it doesn't have any telemetry or anything like that. That, to me, would seem like it would be a pretty, decent option, although it's annoying because you've got another thing to carry around with you, and it's extra steps. Would that not I obviously, you can't use the cell stuff. Like, you're not gonna get a phone call, but, you know, at least for me, the only phone calls I get are fucking scam calls and bullshit from data leaks and, like, occasionally occasionally, like, maybe once every month, it's, like, someone I actually wanna speak to. And, normally, they could have called me on signal or or Telegram or whatever.
[00:25:56] Unknown:
Yeah. I think that's Yeah. Go ahead, Seth. Sorry. Yeah. I'll I'll just quickly chime in. So I've I've done this. The
[00:26:06] Unknown:
g f.
[00:26:09] Unknown:
The main downside is that use you as much as you can prevent what other information this provider gets, You cannot prevent them from getting your location down to a few meters all the time. And, yes, maybe you don't link ID, you pay in Monero, you use something like silent link or cloaked wireless, that's great. But and I don't wanna get too, like, doomer because I know that it quickly gets out of control. So, like, listen to this with a sense of we you do what you can. If someone knows exactly where you are twenty four seven, they know who you are. Mhmm. Like, they know what where your house is. They know where you work. They know where you go to church. They know your favorite restaurants.
Like, the the bulk of the, like, latest, most terrifying tooling that, like, law enforcement, etcetera, are getting access to, they don't need any of this other data. All they need is the cell tower data. Because if you can geofence and say, hey. Who all was going to the synagogue or this abortion clinic or this church between these hours? And then you get all these IMEIs. And then, okay. Well, this one, we don't have an ID for, but I'm kind of interested in this one. And then you follow it, and you see, okay. Well, it always stays at this address from 8PM until 8AM every night, three hundred and sixty days a year. Like, it okay. Well, who lives at that address? Like, it it quickly quickly unravels. So you do what you can because you don't wanna be low hanging fruit, obviously. You You don't wanna just be giving over your ID. It's certainly not a reason to just give up on everything. But the the core problem is this is just really how cell systems work, and they need to work this way. But the problem is that the data about how they work is also being harvested and then abused. So there's not really a solution outside of basically what Silas Thornburg said in in X chat of, like, just not having a SIM.
[00:28:06] Unknown:
But that Is is that is painful.
[00:28:10] Unknown:
Is there not an option of, like, satellite rather than cell tower? Because satellite presumably doesn't actually know your location because it's kinda like this is not very technical way of saying it, but beaming it down to you. It's not, you're not specifically pulling it from a certain area.
[00:28:33] Unknown:
I don't is can you actually get
[00:28:37] Unknown:
satellite You can guess. Yeah. You can. Well, you've always been able to yeah. You've always been able to have satellite phones that just weren't very widely used, and they were expensive. Yeah. I remember them from the olden days. Yeah. They were like you'd have it if you were either a drug dealer or, like, But the the now I'm thinking, you know, with, Starlink and, like, the fact that you can have pretty decent Internet in your home using, like, a tiny dish, it not be possible to have a phone or a network as of this, like, current system that we're using, which is very, very easy. As you're saying, like, cell tower tracking, which you just can't really get around.
Like, no matter what you do, if you're using that system, you can't really get around it.
[00:29:34] Unknown:
I'm just gonna be completely honest. I have I'm not sure on the privacy assurances of satellite. I just I don't know. I've never heard anyone recommend that for privacy, but that doesn't mean it's not possible. I just don't know if it is better from a technical perspective or not. But it's an interesting Yeah. Interesting angle to explore for sure. Okay.
[00:29:55] Unknown:
Yeah. And I guess the obvious one that we haven't touched upon is, like, obviously, your your cell provider or your ISP, if you're connected to your home Wi Fi, network can obviously see all of your Internet traffic unless you use something to obfuscate that traffic like a VPN or, like, using the Tor browser. Again, it's probably an obvious one, and I'm sure most of us, listening to this are already well aware of that. But just wanted to mention it because, again, like, what you do on the Internet is kinda like most like, can give an another huge insight into, you know, your your life and the websites that you visit, the amount of time that you spend on them, etcetera, etcetera.
Again, it all adds to this massive amount of data that can be collected, specifically by, you know, your network provider to to build up a very big, picture of your life and who you interact with and how you operate and where you live, etcetera. So I feel like of all the corporations, like the network provider, by the nature of how and what they operate is probably like the biggest all seeing eye in this kind of, I guess you can call it a personal honeypot, unfortunately. So in terms of, like, shielding your your traffic from them, like VPNs and Tor is is obviously the kind of obvious solution.
It's not the kind of be all and end all as we just said with, like, cell tower pinging, etcetera, that you you literally just can't stop unless you're walking around with a you know your phone in a Faraday cage and before you get one mile from home you put your phone in into a Faraday pouch and then you know they've only got a one mile radius. But again like Seth said it it very very quickly unravels and takes takes one mistake and and it's like, you know, that private perfect privacy that you thought you had quickly goes out the window.
[00:31:42] Unknown:
And and I I do just wanna, like sorry. Just real quick. I do just wanna continually remind people about threat models. Like, the reason why you do everything you can that's low hanging fruit, like use a VPN, like, buy your phone with cash, like, things that are not that difficult is because that makes it makes it quite difficult for the average person or the $5 wrench attacker or the angry ex spouse or, like, the normal threat that most people face. It makes it difficult to impossible for them to learn this info about you. Most people's threat model is not a government agency using a specialized tool to track you down.
So do what you can for the threat models that actually matter to you. Obviously, for those with very advanced threat models, like you're in a hostile country that's persecuting you for some reason, like, obviously, then you're gonna need to do more drastic things. And maybe in that case, it is just too unsafe for you to even have a SIM. So you do Wi Fi only. You use public Wi Fi as much as possible. Like, that's where you you should think about going more hardcore and, obviously, do what you can now, but also just, like, I tweeted about this earlier this week. Like, I feel like it's very easy for everyone to assume that you have the worst case threat model and to be, like, trying to prevent nation state agencies from surveilling you, which is is fine. Like, I also don't think government should be able to just pull up our our location often without a warrant, which is the biggest problem with this today.
But you do what you can so that the the actual people you're normally under threat from can't get this data, and that's far more important for most people. So it's not something end of the world that you can't work around, triangulation via cell tower easily because for most people, that doesn't matter. But it's just something to to know about, to to be conscious of.
[00:33:27] Unknown:
William Hornblower in the in the live chat, the YouTube chat, to be specific, is, asking about a Wi Fi router project. He can't remember the name, but he said it's about using somebody's router by paying with lightning or Monero. And the goal is to build a mesh network with payable public routers. I'm not familiar with that one, but I wanted to bring it up quickly just to see if you guys knew what he was referencing.
[00:33:52] Unknown:
Feel like I might have heard it talked about, but it it sounds like one of those things that is very, like, Bitcoin, Twitterey type of people and would need to spread. You know? Like, you need if you wanna have a mesh network that works for all people, you need lots of people to be involved, and it sounds like not many people would, but maybe that's just me being pessimistic.
[00:34:14] Unknown:
Yeah. There was a project called Loca Mesh, but all of these mesh networks that I know of have all died because there's just there's just no demand. Like, the I think the only way something like this will ever happen is that hardware that people otherwise want to run anyways also acts as a mesh network, and they can earn something by just flipping a switch and turning it on. Like, if you're Yeah. Yeah. Like, if your node in a box had the wires or the, antennas necessary for this, and you could just say, yeah. Sure. I'll be part of the mesh network. And you didn't need to be, like, this hardcore person who's gonna run specialized hardware. Like, I think it's much more possible, but most of these are, like, you have to run specialized hardware.
And if you don't have other people near you doing it too, you can't do anything. Like, it doesn't work. So it's it's very hard to get something like that started. As far as I know, like, all of those projects have died. There's the other side, which maybe William was thinking about as well, which is that you can get some, like, I think Jordan was mentioning this. You can get some eSIM or SIM routers that you can carry around that let you do things like IMEI spoofing and other things, to the on device VPN. Like, you had mentioned this before, loosely, Max, but that's probably the more possible thing. I'm not sure exactly how useful IMEI spoofing is, honestly.
It sounds nice. But, again, if someone is targeting you specifically and they see, okay. There's a 147 IMEI's that have opened at this location between the hours of 8PM and 8AM. Like, in many cases, that can raise red flags instead of make it harder to find. Yeah. But it's definitely something to think about more. But on the mesh side, it's I think it has been a tricky space for anyone to really get traction.
[00:36:07] Unknown:
Yeah. I think sometimes as well, like, like you said, threat modeling is important. So unless you're a very, very naughty boy or girl, or you're in a country where you're targeted unfairly, the simp the simplest ways, like like you said, the VPNs and stuff are are easy. And, also, if you are very, very naughty, it might also be best just to rotate and not, not constantly use the same setup, make it hard to guess. You move physically. You move SIM cards. You move data carriers. You move like, you you don't stay, trackable for too long. And, like, that was the simple way people used to do it. It's just throw away SIMs, pay and go, chuck. And, yeah, there's a lot to be said for that.
[00:36:58] Unknown:
Yeah. Definitely. Vibrant in the Twitter chat has asked, thoughts on Paragon solutions and Cellebrite? Again, hoping you guys have some insight here because, I'm not familiar with either of those.
[00:37:13] Unknown:
No?
[00:37:14] Unknown:
Yeah. So they're I hadn't heard of Paragon Solutions. Cellebrite's very well known. But, essentially, they're both solutions that are sold to nation states, often really bad nation states, unfortunately, to have, like, zero day root level exploits on mobile devices. Or celebrate specifically is if you have the device physically, they specialize in breaking security on device to be able to to harvest whatever data is possible. So, like, celebrate is celebrate is commonly used by, like, border patrol in The US when people are immigrating and are, for some reason, being being flagged.
So these these are really hard things to protect yourself against. Really, GrapheneOS and iOS are the best solutions. GrapheneOS lockdown or, what did they call it? I don't have a phone on it right now. Lockdown mode is what iOS calls it. Graphene OS has a, like, a version where if you hold the power button, you can hit a specific option.
[00:38:18] Unknown:
Oh, is it it's like the self destruct thing, isn't it, where it wipes the whole
[00:38:21] Unknown:
phone? Is that what you're saying? Do a lot of different things. Yeah. It's up to you exactly what it does. It can be a full reset. It can just be a, like, a a hard lock so that you have to have the PIN to be able to decrypt the disk, the the normal thing when you first boot the device. But the really the best protection is running a device that has the latest security updates like honestly you'd be better off with a pixel running stock Android against these tools then you would be running a ten year old Samsung device on lineage OS or even running an out of date device on Graphene OS that doesn't get security updates. Because the much more important thing than the privacy side of things against these specific attacks is the the security of the device. So staying up to date. And then when you're at the most threat for these devices being used, turn your device off.
All devices for a decade plus have, encryption at rest, and that encryption is very hard to break. I would argue basically impossible if your device is up to date and has latest security updates. So something that I've done for years is when I go through TSA, like, I I don't think I am flagged or will be threatened by border patrol or TSA or anything. But a a really easy safe thing to do is just whenever you're in a situation like that, just turn your device off until you're all the way through and totally good to go. Because if the device is off, they have to be able to actually unlock the device to get access to any data, and that on an updated device is incredibly difficult or impossible, specifically on GraphiOS or iOS.
[00:39:57] Unknown:
What about, you know, GrapheneOS has profiles now. So you can have, like, your main profile, and you can have multiple other profiles.
[00:40:05] Unknown:
Mhmm. If,
[00:40:08] Unknown:
say, the device wasn't off and someone had forgotten, then they use this, whatever it was called, Paragon or whatever you said, would that presumably give them access to all of the profiles and they would just see everything? Or, like, how would that work?
[00:40:26] Unknown:
Yeah. Specifically so I'll just be more specific about celebrate because that's the one that I know the best. Yeah. In theory, it would give them access to everything. That that very much that that varies moment to moment, release to release. It's a constant arms race between Mhmm. Android, Graphene, and people like celebrate. So it's it it varies widely, so it's very hard to say exactly what would happen. But if they're able to get in and the device is on and was not yeah. The before first unlock state, vibrant nailed it. If it wasn't powered off when they got it, I would just assume that if you really are someone who is under a severe threat, like you're a dissident fleeing Russia or something like that, you should assume that if your device is on, it's gonna get pwned. Now, hopefully, it doesn't. And in many cases, if you stay up to date, it still wouldn't get pwned. But, yeah, it's a very important thing to very important thing to do when you're in a situation where you're concerned with that.
[00:41:26] Unknown:
So this BFU state, is is that better than just turning the phone off then? It's the same. It's
[00:41:32] Unknown:
the same. It's the same. So so when the device is off and you turn it on, you know, you have to put in the PIN before you can use biometric or anything like that. Right. Before you put in your PIN, it is in this before first unlock state, which is encrypted at rest. Nothing is accessible even if the phone is pwned unless they get the PIN itself, which is a a whole another problem. Okay.
[00:41:50] Unknown:
And that Vibrance mentioned that if you mash your power button five times, I presume he's referring to to graphene here, then that's how you can enter that state, which is, useful Mhmm. Information. Nice. Alright. The the final kind of, bucket of corporate entity, should I say, the the of the three that we talked about today is, of course, governments, three letter agencies. This is probably the one that we are the most powerless against because they can essentially, have access to everything that we've spoken about today, in terms of, like, all of the data that the network provider's harvesting, all of the information that the phone manufacturer might have on you in terms of, you know, purchase location and purchase method, etcetera. Like, the government is the quite literally the all seeing eye that can subpoena any of these previous kind of corporations to be able to grab any sort of information.
So the the the protection that we can give ourselves here is what guys? Like, you know, I I guess purchasing a phone in cash, would would alleviate the fact that a certain IMEI number would be be tied to you. Again, not the not the silver bullet as we've discussed. What else could we do? I guess using, something like a silent link link SIM so that you don't have a a kind of phone contract in your name. But again, not a silver bullet because the government is the one with access to all of this data and metadata that it can tie together if it's got enough time and resources such that that's this is kinda like a roundabout way of me saying that ultimately if a government is targeting you and you are using a mobile phone, then I'm gonna go out on a limb here and say that you haven't got a chance in terms of being private and then not knowing who you are, where you live, and what you're up to. You might be able to hide specific things like your Internet traffic.
But in terms of, like, you having a phone and then getting some metadata on you, I'd say it's pretty much a lost cause for these days. Agree or disagree?
[00:44:01] Unknown:
My Agree? Answer
[00:44:03] Unknown:
oh, go ahead. Go ahead, Max. I've been hogging the mic. I was just gonna I was just gonna say agree unless you're extremely sophisticated and diligent, and you go through a checklist of things that you should and should not do every single day, and you never fuck it up, then unless you're that, then, yeah, they've got you.
[00:44:23] Unknown:
Yeah. I might be jumping in ahead of what Seth's gonna say here. But, like, if I was that person and my threat model was that high, then for whatever reason, I just would not have a phone. Because that just seems like Yeah. Too big of a risk. And, like Yeah. There's way too many moving parts there that you will, without a shadow of a doubt, fuck that up eventually. So if your threat level is that high, then, you know, my advice to to whoever that individual is would be, like, maybe don't carry a surveillance device with you everywhere you go and look for alternative solutions.
[00:44:55] Unknown:
Yeah. Good shout.
[00:44:58] Unknown:
Yeah. Yeah. I mean, I I think the one thing you need to keep in mind is, like, I always think about this from a like, I'm American. I think about it from the US government being after me, and The US is the most sophisticated advanced threat actor. Like, if if they're a threat to you, like, you're gonna have problems. But most people in the world do not live under the US government, for better or worse. And most countries do not have anything close to the resources of The US Government. So in many places, they're they're not going to be able to gather this data easily or they're not going to be able to action it quickly.
So it it it's not as doom and gloom depending on where you are. But always, if you are specifically target but targeted by a nation state, you're gonna have to do so much more excessive things to avoid that. I mean, like, an interesting example that I've always found fascinating is, one of my favorite tech writers who wrote for Wired and then now writes for four zero four Media, I believe. He hasn't had a cell phone intentionally for, like, a decade. And part of that is his threat model is he's doing a lot of specific, like, investigations into nation states, even the US government. And so he just said, it's just safer for me not to have a phone and instead to only use signal for communications on laptop or tablet, specifically Wi Fi only. He has a really interesting approach to things that is very drastic.
But for those who actually have a high threat model and he actually does, you would have to do things that are quite drastic and make it harder to live, honestly. But it's it's better to be harder to live and to be free than than to be put in jail for being a political dissident or something. Yeah. Exactly. So it's Yeah. It's always a balancing act, always about doing your own threat modeling. Make sure that you're thinking about what you actually need to protect. And if that's strict, you're gonna have to go to go to some, pretty intense lengths on the mobile side.
[00:46:55] Unknown:
Guys, we, we've got a comment in the live chat from Artori who says simply put your phone in airplane mode if you don't want tracking by the state. Like, is it really that easy?
[00:47:04] Unknown:
No. I don't think it is, actually. I could be wrong.
[00:47:08] Unknown:
So with with your phone in airplane mode, I believe it's still pinging cell towers, etcetera. Is that right?
[00:47:19] Unknown:
I think so. I I think it still is. And I think even if your phone is off potentially, there's still a way maybe not if it's off. I don't think that I I can't be sure, but I don't think it's as simple as just putting it on airplane mode.
[00:47:38] Unknown:
What I what I would say is, yeah. So he's also said graphene in airplane mode will not connect to cell network. That's that's, yeah, is a good point. But, again, I'm gonna I'm gonna circle back to be like, that's great. It's if it's in airplane mode, but, like, it's not much good as a phone then. So, eventually, you're gonna wanna turn airplane mode off. And, again, we're circling right back to being okay. When it's off, you're gonna have to be very careful with what you do, where you go, who you call, etcetera, etcetera. So, yes, it might temporarily prevent some tracking.
But, again, I don't think it's the kind of silver bullet answer to be like, okay. Just get a phone, turn it in airplane mode, and the the state can't track you. Because as we've discussed, there's lots of other data points that can be used to pinpoint a specific device to a specific person in a specific location.
[00:48:26] Unknown:
I'll just very quickly add a couple of things there. So if if that is the case and it is, you can airplane mode it and that will stop it pinging cell towers, then then okay, yes, but it's the same as turning it off or Faraday cage or bag or whatever. And on top of that, one thing that I've heard a lot of people doing is like, oh, well, I've got my NIM phone, and I turned that off or, switch that off at certain times. But then they have their usual phone that they use for everything else, and they carry both. And then if you do that, you're still giving away all of this data, and anyone sophisticated would probably be able to tie the two up and be like, these two devices constantly travel together. So if this one's switched off and this one other one is on, it's the same person. So, yeah, I'd I'd just say that that if you do carry multiple devices and you are switching one off or airplane mode in or putting it in a Faraday bag, Also consider if you have any other devices on you or another individual that is always with you, who could be tracked and has their device on them, if you have that type of threat model.
[00:49:40] Unknown:
Yeah. It's a good call out. It's a good call out. Okay. Just, we're gonna hit the questions in a second, guys. If you're in the live chat and you have, any related questions to what we've been talking about today, get ready to drop those. William Hornblows circled back and said that, the the kind of router level thing that was paid for by Bitcoin and Monero, is called Tollgate. He said it's community driven. You install Tollgate OS on supported routers, and you are part of the network. So maybe, want to, want to check out later on, and maybe we can have a discussion about that once we understand it a bit more. Atore said you can use Wi Fi with airplane mode. You are definitely tracked if you connect to a cell network, but you can temporarily disappear by using airplane mode. Yep. I think that kind of echoes what we mentioned, earlier.
Whilst I'm waiting for any live chat questions to roll through, guys, I'm gonna start working through the backlog. The first one is very tangential to what we've been talking about today, and I'm keen to hear, thoughts on this one. Rivian Stokes, on Nosta asked, paying via Google or Apple Pay? Let me just bring the question up. There we go. Paying via Google Pay or Apple Pay, I've heard you share less information with the vendors, but you sharing more with goo but you are sharing more with Google, I guess. And a second tangential question is, is NFC more secure than inserting a card?
So let's first discuss the data one because I've heard something similar to that. It's not something I've ever kind of dived into, but I believe that, as ironic as it sounds, using Google Pay or Apple Pay, you do actually share less information with the specific vendor than you will be by tapping your, bank card. Obviously, this is not comparable to to handing over some physical cash. The comparison here is Google Apple Pay versus tapping your bank card. Anybody have, any This is a Seth this is a Seth question because of cake pay and everything. He's he's gonna be proper clued up on this, isn't he?
[00:51:41] Unknown:
So I both are definitely better if you're mainly worried about merchants being able to track you or the security of your card numbers. Because that is one of the huge improvements with these is that you you don't share any, we you don't reuse card numbers with either of them. It generates a fresh card number for each, so it's harder for a merchant to track you between purchases,
[00:52:04] Unknown:
unless, obviously, you're using, like, a loyalty card or something like that alongside of it. Then then, obviously, they would be able to track you. Sorry to jump in. That was a revelation for me. Did you just say, like, each time you tap your iPhone or your Pixel or whatever and use Tap to Pay, the you're using a different card number each time.
[00:52:22] Unknown:
That's my understanding. Yeah. They never get the real card number underneath.
[00:52:26] Unknown:
Okay. Wow. Interesting. Okay. That's a big improvement then.
[00:52:30] Unknown:
Now I'm scared that I'm wrong.
[00:52:32] Unknown:
Yeah. Interesting. Okay. Well, considering what you were saying there, I'm If he's wrong, abuse him in the comments now. Quickly get it. Please do.
[00:52:40] Unknown:
So sorry to cut you off your flow there. That was a real revelation for me. I'm gonna go and try and look into that just while you you carry on. So sorry to throw you off your flow.
[00:52:49] Unknown:
Yep. Yeah. I mean, no. It's a it's a good question. And when I should I should confirm, and if you do find one way or another, that was that's my understanding of both is that's one of the key benefits that they propose from a privacy perspective is that the merchants themselves don't get it. And the main reason they do that is so that a merchant being pwned or a POS system being hacked or something, they don't get the card number that they can reuse and make another charge too. So that's that's the point of it. It's one time use, cards, essentially, virtual cards every time you'd have to pay.
So, it is great from a perspective of hiding your information from the merchant. My, like, TLDR understanding of the two is that Apple Pay is better in terms of privacy from Apple than Google Pay in terms of privacy from Google. But I haven't done a deep dive on either. I have been using Graphene OS for years, so I haven't been able to use Google Pay. So I haven't really focused on that. I spoiler alpha for those in the chat. I am using an iPhone right now, so I have been using Apple Pay, quite regularly. And then so I I need to dig into that. And so I I'll I'll promise that I'll dig into that before, before next Freedom Tech Friday, and we can get a little deeper in the weeds. But that is one of the things I was missing on GrapheneOS is there are many advantages to be able to do that when I do have to still use credit cards and stuff. Like, I I do live in the fiat world still.
[00:54:15] Unknown:
So so Shame me all you want. I've got a follow-up, and I'm gonna read this, so bear with me, guys. So when you add a credit or debit card or prepaid card to Apple Pay, your actual card number is never stored on your device or on Apple servers. Instead, Apple creates a unique device specific device account number that is encrypted and stored securely in the secure element. A certified chip isolated from the device's operating system. This number is used for transactions and cannot be decrypted by Apple. Your card details including the card number, expiration date, and CVV, security security number, are never shared with merchants when you make a purchase.
When you pay in stores, apps, or on the web, Apple Pay sends only the device account number and a unique transaction specific dynamic security code to the merchant. This ensures that your sensitive card information remains private and hidden from the merchant. So, yeah, you were bang on, sir. Yes.
[00:55:10] Unknown:
It was a close one. I'm scared. I have a question,
[00:55:15] Unknown:
on the Google Pay, Apple Pay stuff. So when you buy the either prepaid Visa things or gift cards, would obviously, gift card is different. Visa card would go into your Apple or Google, wallet effectively, and then you would just use that as an NFC tap to go and buy your coffee or whatever shopping you're doing out and about, or would it only work online?
[00:55:50] Unknown:
So yeah, I mean, like, one of the things we target with Cake Pay and most of the, like, prepaid debit card things is, like, the the bare minimum we want is Apple and Google Pay being supported. Because, otherwise, they're just not really that useful. Like, yeah, you can use them online, but far more useful for you to be able to add it to those. So that that is always the goal, and that's where most of these can be used. So that's yeah. I know that's the primary way that, like, cake pay cards are used is you you add them to those so that you can use them everywhere.
[00:56:21] Unknown:
So in theory, if I went on to Cake Pay, bought a 100 quits worth of, a Visa card with a 100, dollars on it, and then I went to a shop to buy my coffee, and they accept Visa, and they accept Apple Pay, and I use my iPhone, and I tap it. It's just gonna go ding, and they'll go, here's your coffee, sir. And I go, oh, I just paid for that with Monero, effectively.
[00:56:47] Unknown:
Yep. Bond is And Apple and Google don't even learn anything about you. Mhmm.
[00:56:53] Unknown:
How do they not learn anything about me? How do they not learn anything?
[00:56:57] Unknown:
Because you didn't use a card that's, like KYC'd for back of a letter. Well, for yeah. KYC'd actually, or, yeah, tied to your identity. So, I mean, in theory, I know Apple says that they don't get the actual credit card number itself. So in theory, they don't learn that about you. Obviously, iOS closed source, so, you know, we don't ever really wanna make assumptions there. But, yeah, it's another extra layer. So now even the even Apple or Google couldn't know who you are, but you can still pay through them, which is a really powerful combination.
[00:57:28] Unknown:
So is that not I don't want to get us too off track here, but is that not a better way for people who are earning or using, cryptocurrencies to live on? Isn't it a better way than just to buy those and spend with those for your daily, you know, like, your shopping and your fuel and everything else like you would with gift cards rather than doing something like a peer to peer sale on something like BISK because you're actually giving less information to your, trading partners and people that you're dealing with than you would than giving your banking details, and you don't know who's on the other side of it. Would you not be better off if you need to to sell to do the Visa cards and the gift cards?
[00:58:19] Unknown:
Yeah. I mean, it's a Yeah. You you go ahead, Q. You go ahead. I was gonna probably gonna say what you were gonna say. I mean, in theory, yes. That makes sense. I mean, the the the gift cards, again, are not always a silver bullet. Like, I've heard reports of some merchants not accepting them. I'm sure Seth can probably talk, at length more than I can as to as to how big of a problem that is, but I've definitely heard reports of some some of these prepaid cards, you know, being rejected. So that that's something to bear in mind, whereas, you know, gift cards kind of always seem to to go through. I guess the the bottleneck there would be the the gift card provider. But, again, that's always gonna be, you know, somewhat of a kind of permissioned or or semi trusted relationship there, depending on how much currency you use, of course.
[00:59:07] Unknown:
Yep. Yeah. I think you nailed it.
[00:59:10] Unknown:
I wanna go back to a quick question that, Otori mentioned here. Is there a non Google or Apple equivalent that also hide your card number? I think the the short answer is no. Obviously, Apple, you know, you have Apple Pay and that's it. It's it's kind of locked down. You can't there's no alternative for for an iOS device. With Google, as soon as you go to a nonofficial, Android install like GrapheneOS, Google Pages doesn't work. And to my knowledge, there is no alternative because, again, that's locked down at the kind of OS level.
So if you if you're not produced by, you know, if you're not on a version of Android that is produced by Google or signed by Google or or any of their trusted partners, I don't know how how wide ranging that is, then, they just refuse to let Google Pay work entirely. So I I don't think there's a there's a fix for that. Again, correct me if I'm wrong there, guys.
[01:00:05] Unknown:
Yeah. The only thing you can do is you can use privacy.com cards, but that's, again, just when you need to give out the card number. So, like, paying online, you can do that, but you can't just tap to pay. Like, you you cannot replace tap to pay, unfortunately, in a way that is not Google or Apple, because those things there's a lot in the back end that has to happen, and they're very strict about what devices they'll let it run on for obvious reasons as well. I mean, fraud. They do have to worry about fraud. So I I understand why they do restrict it, but that doesn't mean it's not a pain in the ass that they restrict it.
[01:00:37] Unknown:
Yeah. Definitely. Alright, guys. I can't believe it. We're we're already at time. That one absolutely flew by. Lots to to dive in there in terms of in terms of mobile phone privacy, and I'm sure we've only just scratched the surface. Wanna extend, you know, a thank you to to everybody as always in the live chat. Bon, Vibrant, Torey, with, William Hornblower. Good to see you with us, guys. Thanks for, stoking the conversation and, keeping us going. And, for everybody else that's listening, either live or catching up on the podcast feed, we will see you for more of the same next week, 9AM eastern, 2PM UK time, live, hopefully, on, X, Nosta, and YouTube.
We'll see if we can get all three working next week. This week, we just add YouTube and X. But, yeah. And as Seth mentioned, we we chatted that much that we got to one question from the back end. And and and that and that question was posed this week. So, actually, we did zero from the backlog. So, we We did zero. We we still have a long list, but, again, we we really appreciate it. We've got Monday. Yes. We have got Monday. We've got Monday. We'll be recording a brief so we if there's any Bitcoin related questions, Max and I will will take that, we'll take that on. Yeah, Bon. Hopefully, Zap. Stream works next week, but, seems to be the the only thorn left on our side for this streaming setup at the moment. But we'll get there. We'll get there. Okay.
Once again We will. Thank you, everybody. That was a fun one, and we'll see you at the same time next
[01:02:04] Unknown:
week. See you then.
[01:02:06] Unknown:
See you on a week.
[01:02:14] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the Ungovernable Misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord short, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay
Is on the way. Wonderful. I'm gonna hit when my mouse works, go live. No. I'm not gonna switch to that first. Why is my mouse not working? There we go. Okay. Going live. Connecting. Hello, and welcome. Hello. Today. Can you guys hear
[00:01:43] Unknown:
me? I can.
[00:01:45] Unknown:
Wonderful. Max, can you hear me? Look at this. A professional outfit. I can hear you. Look at this.
[00:01:53] Unknown:
You've, we we give you a lot of shit, but you've outdone yourself here, mate. This is, quite the setup.
[00:02:02] Unknown:
Quite the departure from last week, I think. Guys,
[00:02:08] Unknown:
it doesn't feel legal for it to be this seamless. Is this is this a lab?
[00:02:15] Unknown:
I don't know. It's it's not so ungovernable, maybe. I don't know. I don't know. I like it. We'll roll with it.
[00:02:23] Unknown:
We have we now we know we can go the Max Payne ungovernable route. We can do it.
[00:02:30] Unknown:
It's gonna be a simpler route. Yeah. It feels like we've gone from the cubes of live streaming to the macOS of live streaming.
[00:02:42] Unknown:
Good analogy.
[00:02:43] Unknown:
Quite apt.
[00:02:45] Unknown:
Although, ironically, it doesn't look like we are live on Nosta just yet. But if I was a betting man, I'd probably say that's probably due to zap.stream and not, due to our issues. But I'll I'll continue to try and troubleshoot while, people filter in. But, yes. Let me stream in. Yes. It says it's sending data to zap dot stream. I have no idea what that means, but clearly oh, unable to connect. There's a shock. Anyway, I'll try and fix it when the other guys are chatting on. But The future, man. Hello, and welcome to Freedom Tech Friday. For those of you that are new here, allow me to briefly explain what this is all about and why the hell we're here. Freedom tech Friday is a weekly live and interactive show hosted on the Ungovernable Misfits, X, Nosta, and YouTube feeds.
We go live for one hour every single Friday at 9AM eastern or 2PM UK time. And you can also catch you up later on on the Ungovernable Misfits podcast feed. On Freedom Tech Friday, we like to cover the latest news and trends for anything relating to freedom technologies. That could be anything from Bitcoin or Monero, encrypted messengers, privacy tools, and everything in between. Essentially, if there's a news item, tool, or topic that can help you take back some control in today's digital panopticon, we want to talk about it.
My My name's q and a, and I'm head of customer experience at Foundation where we build Bitquay focused sovereignty tools. And as always, I am joined by my good friend, Max, the head honcho over at the Ungovernable Empire, and Seth, who is VP at k Wallet. As I mentioned, this show is live and interactive, and we rely on you guys to steer us towards the topics you want us to cover or send us the FreedomTech related questions that you want answering. There's many ways you can get involved, all of which really helps spread the awareness for the show. These include commenting or asking asking questions in the live chat. Submitting your topics or questions ahead of time, by posting on X or Nosta.
Boosting the show on Fountain or any other of the podcasting two point o apps. Sending any Bitcoin tips or Monero tips via XMR chat. And finally, just sharing the show on X or Nosto. So without further ado, let's dive into the show. Let's have a little catch up, guys. How is it going? I was absent last week, although I did listen. So, did you have fun?
[00:05:09] Unknown:
You you you were were you missing last week? We couldn't we couldn't tell. We were on our own stranded,
[00:05:16] Unknown:
alone, in the dark. I was I was listening. I could tell I was missing.
[00:05:23] Unknown:
I'm not quite sure what you've been there. No. Didn't you say your missus was in the car with you, and you were both just laughing? Yeah. We were both laughing. We were driving down down south for a wedding,
[00:05:37] Unknown:
and, she she she literally uttered the words, is it always this bad?
[00:05:46] Unknown:
Only when Max is in charge.
[00:05:49] Unknown:
Yeah. So I I take my hats off to you guys for for powering through. You know, there was some some good tidbits in there, so it was an enjoyable lesson.
[00:05:58] Unknown:
I don't I don't know if enjoyable listed is the right term to those who had to deal with it live, but they've learned their ears bled, but their brain grew.
[00:06:08] Unknown:
So it's worth it to take. Yeah. That feels like a tagline we could use for the show. It is Friday. Their brain grew. Might make your ears bleed, but you might also learn something.
[00:06:23] Unknown:
A realistic tagline. New setup. No fluff here.
[00:06:27] Unknown:
Yeah. Yeah. The the observant above you above you amongst you will notice that we we have a new semi professional stream, looking or looking stream where we've got lots of bells and whistles, and I can press different buttons and, you know, give us different backgrounds. And, oh, it's wonderful. So I'm gonna be playing around with some stuff today, and I might break a few things along the way like it looks like I just have. So apologies for that. Maybe I don't click any buttons. But, why are we here today? Well, today's topic, I wanted to tackle, phone privacy, and try and answer the question, can you really be private with, a mobile phone?
Think about it. Like, our our phones are with us quite literally twenty four seven. If if I'm speaking for for most people on the chat here, and and I'm certainly for for all of us that are are on the panel, They they know where we go. They know who we talk to, what we search, how we move. They are quite literally kind of our closest companions, but also, probably quite obviously, our biggest leaks in terms of data of all shapes and sizes. So Mhmm. The the question here is not just the the it's not a yes or no. Can you really be private with a mobile phone? As always, the truth is somewhere in in the middle. And it's that kind of middle ground that I wanna explore today, so that we can kind of understand the trade offs, the limits, the limitations, excuse me, and and kind of the the tools that we can use to take back some control.
There is, many ways I can kind of take this. The way I wanted to kind of kick off the conversation, is the obvious kind of come back to can you be private from with a mobile phone is, private from who? So I've broken down three kind of main sections of of people that we or or entities that we would kind of like to be, concerned about the our privacy from and using anything, not just a mobile phone. And I think we should in, outline kind of what information is typically shared with each of these kind of three buckets that I've put them into, and then follow-up with kind of some tips, if if there are any available as to how we can kind of mitigate the risk or or any potential privacy losses when using a phone if we have to from this specific set of people.
So the three buckets of, entities I've broken it up to is kind of just general other people or the human beings. The biggest one would be corporations. And then the last one we can get onto is governments. So when it comes to other people, and and when we're interacting with a phone and kind of, having privacy from other people, the reason I put this at the start is it's kinda like the easiest one for us to tackle and the easiest one for us to have influence on just by the the nature of kind of how we use a phone. You know, you don't need to you can have privacy in the digital world from other people quite easily because of the way phones are constructed these days.
And the the first two or the main two talking points for me really would be your app selection, and most importantly, how you use the apps. It's completely up to you when you've got a mobile phone, number one, which apps you install. Aside from all of the bloatware that comes on certain operating systems, which you'll get into in a second. But also, you know, how you use those apps. Like, you could have an Instagram account or a Twitter account, and it could be a completely pseudonymous account just like mine or like Max's where, you know, we share the info that we want, bought Joe Blogs down the street, doesn't know where we live. So that we've chosen to use that app in a specific way such that we're only kind of sharing the information that we are comfortable with. Whereas you got on the other end of the spectrum, you know, peep really public people, in the Bitcoin industry that are free to free to kind of share more of their their personal life, their personal information, more about themselves, photos, maybe even geographical locations, etcetera, etcetera.
So how you use the apps and what information you share via those apps is obviously crucial in terms of gaining or protecting your privacy from other people. But in terms of like app selection guys, I'm gonna bring you in here. Do you think there's specific apps that most of us here would make a selection for to kind of limit the the data that we share? Or do you think it's mainly the way in which we interact with each of those apps and that and the kind of what we put into them that has a bigger bearing on how private we can be from other people when using a phone today.
[00:11:20] Unknown:
I mean, so when you when you say other people, you would mean, like, friends, family, neighbors, like, not corporations, not coverage. Correct. Just to be clear. Like, not the app developer themselves. Right. Other people We're coming on to that sort of stuff later. Yeah. Yeah. Yeah. Yeah. I mean, from my perspective, the, like, the thing to keep in mind if your your main priority is preventing data from getting in the hands of other people about who you are or what you do is being synonymous whenever possible. Like, not not using your real family photo or something as your Twitter profile pic and not using a real name, like, using simple things that at least add a layer of obfuscation for someone who wants to learn more about who you actually are.
It really does come down less to app selection and definitely more to me at least on how you use those apps. What info you use for your profile? Do you fill out your profile and every app even if it's not necessary to have all of the latest data about who you are as a person or do you limit that use email addresses that are not your first and middle and last name at g mail dot com? Like, there's a lot of pretty low hanging fruit on how you can protect yourself there by just not leaning into this idea where every app and every service wants you to have a social profile, like, absurd. Thanks to me. Like, I'm ordering food. Like, I probably I don't think you need to know, like, my birthday and have my photo there. And, like, I don't care that my friends know I don't want my friends to know what I ordered for dinner on Thursday night. Like, it just it's weird how social so many of these things have gotten, where, like, the stuff does not need to be on the Internet at all. So I think really just minimizing how often you're sharing data, minimize what profiles you set up, use even just fake DIMMs, different ones for everything, use email aliases, things that just make it harder for someone who can see that profile data to connect it back to to Joe Schmo in the neighborhood.
[00:13:19] Unknown:
Not to anything to show you.
[00:13:22] Unknown:
Yeah. Just that it's well, on that point, it's really creepy how social these things have got. And like Seth has just said, like, it's everywhere. It's not it's not like food. It's workouts and stuff like that. It's like, where did you run? How far? How fast? What did you train? And then there's, like, people commenting on what you've done and you're commenting back. Not that I'm saying I do this, but this is, like, when you try and sign up for a service, there's this social layer that's in there and the amount of data that is is collected by all of these companies and probably either stolen or sold is just weird. So, yeah, nail on the head. Just put as little information as you possibly can get away with into these things and fake as much as you can.
And then on app selection, I mean, obviously, trying to not use the worst of the worst, obviously, trying not to use, like, TikTok and some of these other, apps that are particularly bad, and then trying to switch out some of the communication ones, for things like signal, if you can, and VPNs to be used as much as possible, if not always, puts you in a a a much better situation, I think, than most people.
[00:14:53] Unknown:
Yeah. I I think the the easy way to wrap up this portion of it is, like, everybody has their own choice as to how much information they share with other people when using their phone. It's quite easy to be able to limit which specific parts of your life you wanna share by the nature of, like, say, the app selection. You know, if you're if you're a runner and you you thrive off sharing your run information on Strava, then you're gonna you know, that's an okay trade off for you. But if you're a pseudonymous dev that wants to publish code, but you don't you don't don't wanna be, followed by three letter agencies because you might be deemed for for some wrong thinking ten years time, then, maybe you probably aren't gonna do something similar
[00:15:36] Unknown:
to that. And you might choose a a
[00:15:38] Unknown:
a kind of social network where you aren't required to give all of that certain information so that you can maintain that level of privacy. But the the crux of it is it's within the users to kind of choose, which is the important part. The the next bucket of people I wanted to bring it around to, and this is the big one. And what this is probably the one we'll spend the most time on is corporations. This is the one where, particularly if you use a phone in a kind of naive way, you can be sharing a lot more information than you really think. So with corporations, I've broken it down into a couple of different, well, quite a few different, subcategories.
So what I wanna do is I'm I'm gonna mention the the subcategory of type of corporation, and I wanna explore under each, subcategory what information is usually shared by just using a phone in in the same way it normally would. And then what we can do to prevent that. So the first one is the phone manufacturer. What do we think that the the typical phone manufacturer? So Samsung or Google or Apple, gleams in terms of information just when you use a phone in a kind of naive way. I guess the first one and the obvious one to get the ball rolling would be, your name and your payment information if, you buy directly from the manufacturer.
So that's the kind of information I'm looking at. But what else do you think that the phone manufacturer, like Apple, etcetera, would gleam just from you using a phone today?
[00:17:10] Unknown:
Well, if it's Apple, you sort of generally end up in the ecosystem with an iCloud login account and email and all your details and, warranty details and all the rest of it. So as a general rule, I would think most Apple users, Apple is going to know, name, address, payment details, as a minimum.
[00:17:42] Unknown:
And crucially, be able to tie a specific handset identifier. I believe it's called an IMEI
[00:17:48] Unknown:
number. IMEI.
[00:17:49] Unknown:
Yeah. Which is kind of, like, tagged to your phone. And then from that, that would be then be shared with other corporations that we're gonna come on to in a second. So it's the again, it's while we're right now talking about the phone manufacturer, Apple in this case, that would then that kind of phone being tagged to you would then be shared with your chosen network provider, etcetera, etcetera. So you can quickly start to see how just buying direct from one manufacturer and then using a phone, starts to ship spread your information across multiple other entities. Again, we're gonna go on to in a second. But, Seth, I know you're keen to come in here. I can see you chomping at the bit.
[00:18:27] Unknown:
Yeah. I mean, a lot of this varies quite widely. Like, you'd be surprised how relatively straightforward it is, at least in The US, to get a phone without revealing your identity to the phone manufacturer. Like, I mean, you can get pixels secondhand quite easy. You can iPhone secondhand quite easy. So, like, buying used for cash face to face is one of the most fantastic ways for privacy that you can acquire a phone to use, without having to link your ID. But even buying brand new, like, I I have heard that you can get an iPhone with cash without giving up your ID. Like, you you can just walk into an Apple store and do that. Like, it's a lot of people just kind of assume you can't do things when most of the time you just you can. Like, Best Buy ever, you can generally go and get a phone and pay with cash and walk out and then not have to give you're not there's no requirement to give over ID or something like that. So there's a lot of ways you can get a phone without linking your ID specifically, which I think just like when we talk about Bitcoin, like, the the most important first step for privacy is just not having you as a person tied directly to something and at at least being pseudonymous, which I definitely would not claim then that phone usage is anonymous in almost every case, but pseudonymous at least. So there's not necessarily an ID directly to point back to. So I think a lot of times you can get the phone without tying your identity to it, but the unfortunate thing is most phones then the the manufacturer is going to learn a lot about you just in the telemetry that happens on the device.
Apple is the best by far if you're just using a device out of the box. They collect the least data. They have a lot of protection for you. They're not perfect, but they're the best. Beyond that, basically, everything gets really bad really quickly. Samsung, Apple I mean, Samsung, Google, massive amounts of telemetry. Don't get me started on, like, getting a Xiaomi phone, which I saw someone recommend on Twitter as the better option than a Pixel.
[00:20:27] Unknown:
I've never even heard of it. What should I Yeah. There I mean
[00:20:31] Unknown:
Go on, sir. Yeah. I I was just gonna say it's a it's a Chinese manufacturer. They make really good hardware, but it's like they've long been known to they they obviously work with the Chinese government. Backdoors and a lot of Mhmm. A lot of reasons to not use them if you care about privacy.
[00:20:48] Unknown:
Wait. When you say But some people think before you move on, just switching telemetry. Can you kind of, like, just dive in a little bit? Oh, yeah. That's a good Yeah. That's a good call.
[00:20:56] Unknown:
Yeah. So telemetry is just a a I guess, the all encompassing, like, umbrella term for all of the analytics and data collection that a device does to, theoretically, just to be able to learn more about how people use it so that they can provide better software and tools. Like, that is the the well meaning side behind it. Now, obviously, unfortunately, companies collect this, use it to improve the service, and they also will sell it or it'll get act and leaked. So it can be can be harmful even if it was well meaning in the the initial days. But most of these manufacturers have massive amounts of telemetry that will tell them everything about what you do, where you click, when you have your phone on and off. Like, it gives a lot of data about your usage. Yeah. But that's where like I said, Apple is quite good out of the box. Not perfect, but quite good. And you can disable the vast majority of what they do, perform.
But then Google getting a pixel and flashing graphene OS is by far the best option because you can get a pixel with cache face to face used in many stores, flash Graphene OS, and then there's no Google telemetry at all. So they learn nothing about your activity on the device. So I think there are a lot of options. But from the phone you manufacture, the vast majority of devices and manufacturers are going to have a massive amount of data collection about how you use the device that gets sent back. And Android has notably been the worst for a very long time.
[00:22:20] Unknown:
Yeah. Glad we glad we covered that because the next one I was gonna mention was the operating system provider, but I feel like we've kind of, covered that one. So the next on my list of this in in this subcategory is your network or your cell provider. Feel like this one often gets overlooked. But good morning John. Just seen your comment rolling. Hi. Nice to have you with us. Yeah network providers, cell providers. I I feel like even though they have no direct insight into our phones and the kind of apps we're running, the amount of data that these guys can glean just by using a phone again in a very naive sense is is quite scary. Obviously they can see who we call, when we call them, for how long we call them. Same goes for text messaging, although thankfully particularly in most of the Western world, US aside, text messaging is is not used very often. And most people are using, you know, messages like WhatsApp or Signal, which is great. And obviously, it gives you some protection from the network provider.
But if you're using SMS and calls, like, all of that can be logged in, that just that small amount of or what we would think is small amount of metadata can quickly build up a big picture of your life, your network, who your friends and family are. And then the other obvious one is is kind of, yeah, like, your location. Like, your phone is literally a freaking tracking device, pinging off cell towers, five g network, with you wherever you go. So your your your cell provider knows where you are at any given time that you have your phone with you, essentially, which again, the amount of, like, data that can be harvested from that is is quite literally shocking.
And, I guess, unless you have anything to add guys, like how could we fix that? Like this is the big hole in phone privacy for me because yes they can't see specifically what's going on on our phone, but who we're calling, where we're going, like that is just a scary amount of information that can be used against you in you know like many many different ways that you know we I'm sure we could we could go into. But, like, there isn't really a fix for this because that's just how phones work. Right?
[00:24:34] Unknown:
Could you not fix it by having one of these, like, walkabout router devices that you connect to over Wi Fi with your phone and have a contract that you you have a contract for three g, four g, five g, whatever, that you pay in Monero, and it has router level, like, on the device as well because then you're not leaking your information to the provider of the three g, four g, five g. Your phone's always connected because it's with you if it was small enough. And then you're using a graphene phone or whatever, which isn't you know, it doesn't have any telemetry or anything like that. That, to me, would seem like it would be a pretty, decent option, although it's annoying because you've got another thing to carry around with you, and it's extra steps. Would that not I obviously, you can't use the cell stuff. Like, you're not gonna get a phone call, but, you know, at least for me, the only phone calls I get are fucking scam calls and bullshit from data leaks and, like, occasionally occasionally, like, maybe once every month, it's, like, someone I actually wanna speak to. And, normally, they could have called me on signal or or Telegram or whatever.
[00:25:56] Unknown:
Yeah. I think that's Yeah. Go ahead, Seth. Sorry. Yeah. I'll I'll just quickly chime in. So I've I've done this. The
[00:26:06] Unknown:
g f.
[00:26:09] Unknown:
The main downside is that use you as much as you can prevent what other information this provider gets, You cannot prevent them from getting your location down to a few meters all the time. And, yes, maybe you don't link ID, you pay in Monero, you use something like silent link or cloaked wireless, that's great. But and I don't wanna get too, like, doomer because I know that it quickly gets out of control. So, like, listen to this with a sense of we you do what you can. If someone knows exactly where you are twenty four seven, they know who you are. Mhmm. Like, they know what where your house is. They know where you work. They know where you go to church. They know your favorite restaurants.
Like, the the bulk of the, like, latest, most terrifying tooling that, like, law enforcement, etcetera, are getting access to, they don't need any of this other data. All they need is the cell tower data. Because if you can geofence and say, hey. Who all was going to the synagogue or this abortion clinic or this church between these hours? And then you get all these IMEIs. And then, okay. Well, this one, we don't have an ID for, but I'm kind of interested in this one. And then you follow it, and you see, okay. Well, it always stays at this address from 8PM until 8AM every night, three hundred and sixty days a year. Like, it okay. Well, who lives at that address? Like, it it quickly quickly unravels. So you do what you can because you don't wanna be low hanging fruit, obviously. You You don't wanna just be giving over your ID. It's certainly not a reason to just give up on everything. But the the core problem is this is just really how cell systems work, and they need to work this way. But the problem is that the data about how they work is also being harvested and then abused. So there's not really a solution outside of basically what Silas Thornburg said in in X chat of, like, just not having a SIM.
[00:28:06] Unknown:
But that Is is that is painful.
[00:28:10] Unknown:
Is there not an option of, like, satellite rather than cell tower? Because satellite presumably doesn't actually know your location because it's kinda like this is not very technical way of saying it, but beaming it down to you. It's not, you're not specifically pulling it from a certain area.
[00:28:33] Unknown:
I don't is can you actually get
[00:28:37] Unknown:
satellite You can guess. Yeah. You can. Well, you've always been able to yeah. You've always been able to have satellite phones that just weren't very widely used, and they were expensive. Yeah. I remember them from the olden days. Yeah. They were like you'd have it if you were either a drug dealer or, like, But the the now I'm thinking, you know, with, Starlink and, like, the fact that you can have pretty decent Internet in your home using, like, a tiny dish, it not be possible to have a phone or a network as of this, like, current system that we're using, which is very, very easy. As you're saying, like, cell tower tracking, which you just can't really get around.
Like, no matter what you do, if you're using that system, you can't really get around it.
[00:29:34] Unknown:
I'm just gonna be completely honest. I have I'm not sure on the privacy assurances of satellite. I just I don't know. I've never heard anyone recommend that for privacy, but that doesn't mean it's not possible. I just don't know if it is better from a technical perspective or not. But it's an interesting Yeah. Interesting angle to explore for sure. Okay.
[00:29:55] Unknown:
Yeah. And I guess the obvious one that we haven't touched upon is, like, obviously, your your cell provider or your ISP, if you're connected to your home Wi Fi, network can obviously see all of your Internet traffic unless you use something to obfuscate that traffic like a VPN or, like, using the Tor browser. Again, it's probably an obvious one, and I'm sure most of us, listening to this are already well aware of that. But just wanted to mention it because, again, like, what you do on the Internet is kinda like most like, can give an another huge insight into, you know, your your life and the websites that you visit, the amount of time that you spend on them, etcetera, etcetera.
Again, it all adds to this massive amount of data that can be collected, specifically by, you know, your network provider to to build up a very big, picture of your life and who you interact with and how you operate and where you live, etcetera. So I feel like of all the corporations, like the network provider, by the nature of how and what they operate is probably like the biggest all seeing eye in this kind of, I guess you can call it a personal honeypot, unfortunately. So in terms of, like, shielding your your traffic from them, like VPNs and Tor is is obviously the kind of obvious solution.
It's not the kind of be all and end all as we just said with, like, cell tower pinging, etcetera, that you you literally just can't stop unless you're walking around with a you know your phone in a Faraday cage and before you get one mile from home you put your phone in into a Faraday pouch and then you know they've only got a one mile radius. But again like Seth said it it very very quickly unravels and takes takes one mistake and and it's like, you know, that private perfect privacy that you thought you had quickly goes out the window.
[00:31:42] Unknown:
And and I I do just wanna, like sorry. Just real quick. I do just wanna continually remind people about threat models. Like, the reason why you do everything you can that's low hanging fruit, like use a VPN, like, buy your phone with cash, like, things that are not that difficult is because that makes it makes it quite difficult for the average person or the $5 wrench attacker or the angry ex spouse or, like, the normal threat that most people face. It makes it difficult to impossible for them to learn this info about you. Most people's threat model is not a government agency using a specialized tool to track you down.
So do what you can for the threat models that actually matter to you. Obviously, for those with very advanced threat models, like you're in a hostile country that's persecuting you for some reason, like, obviously, then you're gonna need to do more drastic things. And maybe in that case, it is just too unsafe for you to even have a SIM. So you do Wi Fi only. You use public Wi Fi as much as possible. Like, that's where you you should think about going more hardcore and, obviously, do what you can now, but also just, like, I tweeted about this earlier this week. Like, I feel like it's very easy for everyone to assume that you have the worst case threat model and to be, like, trying to prevent nation state agencies from surveilling you, which is is fine. Like, I also don't think government should be able to just pull up our our location often without a warrant, which is the biggest problem with this today.
But you do what you can so that the the actual people you're normally under threat from can't get this data, and that's far more important for most people. So it's not something end of the world that you can't work around, triangulation via cell tower easily because for most people, that doesn't matter. But it's just something to to know about, to to be conscious of.
[00:33:27] Unknown:
William Hornblower in the in the live chat, the YouTube chat, to be specific, is, asking about a Wi Fi router project. He can't remember the name, but he said it's about using somebody's router by paying with lightning or Monero. And the goal is to build a mesh network with payable public routers. I'm not familiar with that one, but I wanted to bring it up quickly just to see if you guys knew what he was referencing.
[00:33:52] Unknown:
Feel like I might have heard it talked about, but it it sounds like one of those things that is very, like, Bitcoin, Twitterey type of people and would need to spread. You know? Like, you need if you wanna have a mesh network that works for all people, you need lots of people to be involved, and it sounds like not many people would, but maybe that's just me being pessimistic.
[00:34:14] Unknown:
Yeah. There was a project called Loca Mesh, but all of these mesh networks that I know of have all died because there's just there's just no demand. Like, the I think the only way something like this will ever happen is that hardware that people otherwise want to run anyways also acts as a mesh network, and they can earn something by just flipping a switch and turning it on. Like, if you're Yeah. Yeah. Like, if your node in a box had the wires or the, antennas necessary for this, and you could just say, yeah. Sure. I'll be part of the mesh network. And you didn't need to be, like, this hardcore person who's gonna run specialized hardware. Like, I think it's much more possible, but most of these are, like, you have to run specialized hardware.
And if you don't have other people near you doing it too, you can't do anything. Like, it doesn't work. So it's it's very hard to get something like that started. As far as I know, like, all of those projects have died. There's the other side, which maybe William was thinking about as well, which is that you can get some, like, I think Jordan was mentioning this. You can get some eSIM or SIM routers that you can carry around that let you do things like IMEI spoofing and other things, to the on device VPN. Like, you had mentioned this before, loosely, Max, but that's probably the more possible thing. I'm not sure exactly how useful IMEI spoofing is, honestly.
It sounds nice. But, again, if someone is targeting you specifically and they see, okay. There's a 147 IMEI's that have opened at this location between the hours of 8PM and 8AM. Like, in many cases, that can raise red flags instead of make it harder to find. Yeah. But it's definitely something to think about more. But on the mesh side, it's I think it has been a tricky space for anyone to really get traction.
[00:36:07] Unknown:
Yeah. I think sometimes as well, like, like you said, threat modeling is important. So unless you're a very, very naughty boy or girl, or you're in a country where you're targeted unfairly, the simp the simplest ways, like like you said, the VPNs and stuff are are easy. And, also, if you are very, very naughty, it might also be best just to rotate and not, not constantly use the same setup, make it hard to guess. You move physically. You move SIM cards. You move data carriers. You move like, you you don't stay, trackable for too long. And, like, that was the simple way people used to do it. It's just throw away SIMs, pay and go, chuck. And, yeah, there's a lot to be said for that.
[00:36:58] Unknown:
Yeah. Definitely. Vibrant in the Twitter chat has asked, thoughts on Paragon solutions and Cellebrite? Again, hoping you guys have some insight here because, I'm not familiar with either of those.
[00:37:13] Unknown:
No?
[00:37:14] Unknown:
Yeah. So they're I hadn't heard of Paragon Solutions. Cellebrite's very well known. But, essentially, they're both solutions that are sold to nation states, often really bad nation states, unfortunately, to have, like, zero day root level exploits on mobile devices. Or celebrate specifically is if you have the device physically, they specialize in breaking security on device to be able to to harvest whatever data is possible. So, like, celebrate is celebrate is commonly used by, like, border patrol in The US when people are immigrating and are, for some reason, being being flagged.
So these these are really hard things to protect yourself against. Really, GrapheneOS and iOS are the best solutions. GrapheneOS lockdown or, what did they call it? I don't have a phone on it right now. Lockdown mode is what iOS calls it. Graphene OS has a, like, a version where if you hold the power button, you can hit a specific option.
[00:38:18] Unknown:
Oh, is it it's like the self destruct thing, isn't it, where it wipes the whole
[00:38:21] Unknown:
phone? Is that what you're saying? Do a lot of different things. Yeah. It's up to you exactly what it does. It can be a full reset. It can just be a, like, a a hard lock so that you have to have the PIN to be able to decrypt the disk, the the normal thing when you first boot the device. But the really the best protection is running a device that has the latest security updates like honestly you'd be better off with a pixel running stock Android against these tools then you would be running a ten year old Samsung device on lineage OS or even running an out of date device on Graphene OS that doesn't get security updates. Because the much more important thing than the privacy side of things against these specific attacks is the the security of the device. So staying up to date. And then when you're at the most threat for these devices being used, turn your device off.
All devices for a decade plus have, encryption at rest, and that encryption is very hard to break. I would argue basically impossible if your device is up to date and has latest security updates. So something that I've done for years is when I go through TSA, like, I I don't think I am flagged or will be threatened by border patrol or TSA or anything. But a a really easy safe thing to do is just whenever you're in a situation like that, just turn your device off until you're all the way through and totally good to go. Because if the device is off, they have to be able to actually unlock the device to get access to any data, and that on an updated device is incredibly difficult or impossible, specifically on GraphiOS or iOS.
[00:39:57] Unknown:
What about, you know, GrapheneOS has profiles now. So you can have, like, your main profile, and you can have multiple other profiles.
[00:40:05] Unknown:
Mhmm. If,
[00:40:08] Unknown:
say, the device wasn't off and someone had forgotten, then they use this, whatever it was called, Paragon or whatever you said, would that presumably give them access to all of the profiles and they would just see everything? Or, like, how would that work?
[00:40:26] Unknown:
Yeah. Specifically so I'll just be more specific about celebrate because that's the one that I know the best. Yeah. In theory, it would give them access to everything. That that very much that that varies moment to moment, release to release. It's a constant arms race between Mhmm. Android, Graphene, and people like celebrate. So it's it it varies widely, so it's very hard to say exactly what would happen. But if they're able to get in and the device is on and was not yeah. The before first unlock state, vibrant nailed it. If it wasn't powered off when they got it, I would just assume that if you really are someone who is under a severe threat, like you're a dissident fleeing Russia or something like that, you should assume that if your device is on, it's gonna get pwned. Now, hopefully, it doesn't. And in many cases, if you stay up to date, it still wouldn't get pwned. But, yeah, it's a very important thing to very important thing to do when you're in a situation where you're concerned with that.
[00:41:26] Unknown:
So this BFU state, is is that better than just turning the phone off then? It's the same. It's
[00:41:32] Unknown:
the same. It's the same. So so when the device is off and you turn it on, you know, you have to put in the PIN before you can use biometric or anything like that. Right. Before you put in your PIN, it is in this before first unlock state, which is encrypted at rest. Nothing is accessible even if the phone is pwned unless they get the PIN itself, which is a a whole another problem. Okay.
[00:41:50] Unknown:
And that Vibrance mentioned that if you mash your power button five times, I presume he's referring to to graphene here, then that's how you can enter that state, which is, useful Mhmm. Information. Nice. Alright. The the final kind of, bucket of corporate entity, should I say, the the of the three that we talked about today is, of course, governments, three letter agencies. This is probably the one that we are the most powerless against because they can essentially, have access to everything that we've spoken about today, in terms of, like, all of the data that the network provider's harvesting, all of the information that the phone manufacturer might have on you in terms of, you know, purchase location and purchase method, etcetera. Like, the government is the quite literally the all seeing eye that can subpoena any of these previous kind of corporations to be able to grab any sort of information.
So the the the protection that we can give ourselves here is what guys? Like, you know, I I guess purchasing a phone in cash, would would alleviate the fact that a certain IMEI number would be be tied to you. Again, not the not the silver bullet as we've discussed. What else could we do? I guess using, something like a silent link link SIM so that you don't have a a kind of phone contract in your name. But again, not a silver bullet because the government is the one with access to all of this data and metadata that it can tie together if it's got enough time and resources such that that's this is kinda like a roundabout way of me saying that ultimately if a government is targeting you and you are using a mobile phone, then I'm gonna go out on a limb here and say that you haven't got a chance in terms of being private and then not knowing who you are, where you live, and what you're up to. You might be able to hide specific things like your Internet traffic.
But in terms of, like, you having a phone and then getting some metadata on you, I'd say it's pretty much a lost cause for these days. Agree or disagree?
[00:44:01] Unknown:
My Agree? Answer
[00:44:03] Unknown:
oh, go ahead. Go ahead, Max. I've been hogging the mic. I was just gonna I was just gonna say agree unless you're extremely sophisticated and diligent, and you go through a checklist of things that you should and should not do every single day, and you never fuck it up, then unless you're that, then, yeah, they've got you.
[00:44:23] Unknown:
Yeah. I might be jumping in ahead of what Seth's gonna say here. But, like, if I was that person and my threat model was that high, then for whatever reason, I just would not have a phone. Because that just seems like Yeah. Too big of a risk. And, like Yeah. There's way too many moving parts there that you will, without a shadow of a doubt, fuck that up eventually. So if your threat level is that high, then, you know, my advice to to whoever that individual is would be, like, maybe don't carry a surveillance device with you everywhere you go and look for alternative solutions.
[00:44:55] Unknown:
Yeah. Good shout.
[00:44:58] Unknown:
Yeah. Yeah. I mean, I I think the one thing you need to keep in mind is, like, I always think about this from a like, I'm American. I think about it from the US government being after me, and The US is the most sophisticated advanced threat actor. Like, if if they're a threat to you, like, you're gonna have problems. But most people in the world do not live under the US government, for better or worse. And most countries do not have anything close to the resources of The US Government. So in many places, they're they're not going to be able to gather this data easily or they're not going to be able to action it quickly.
So it it it's not as doom and gloom depending on where you are. But always, if you are specifically target but targeted by a nation state, you're gonna have to do so much more excessive things to avoid that. I mean, like, an interesting example that I've always found fascinating is, one of my favorite tech writers who wrote for Wired and then now writes for four zero four Media, I believe. He hasn't had a cell phone intentionally for, like, a decade. And part of that is his threat model is he's doing a lot of specific, like, investigations into nation states, even the US government. And so he just said, it's just safer for me not to have a phone and instead to only use signal for communications on laptop or tablet, specifically Wi Fi only. He has a really interesting approach to things that is very drastic.
But for those who actually have a high threat model and he actually does, you would have to do things that are quite drastic and make it harder to live, honestly. But it's it's better to be harder to live and to be free than than to be put in jail for being a political dissident or something. Yeah. Exactly. So it's Yeah. It's always a balancing act, always about doing your own threat modeling. Make sure that you're thinking about what you actually need to protect. And if that's strict, you're gonna have to go to go to some, pretty intense lengths on the mobile side.
[00:46:55] Unknown:
Guys, we, we've got a comment in the live chat from Artori who says simply put your phone in airplane mode if you don't want tracking by the state. Like, is it really that easy?
[00:47:04] Unknown:
No. I don't think it is, actually. I could be wrong.
[00:47:08] Unknown:
So with with your phone in airplane mode, I believe it's still pinging cell towers, etcetera. Is that right?
[00:47:19] Unknown:
I think so. I I think it still is. And I think even if your phone is off potentially, there's still a way maybe not if it's off. I don't think that I I can't be sure, but I don't think it's as simple as just putting it on airplane mode.
[00:47:38] Unknown:
What I what I would say is, yeah. So he's also said graphene in airplane mode will not connect to cell network. That's that's, yeah, is a good point. But, again, I'm gonna I'm gonna circle back to be like, that's great. It's if it's in airplane mode, but, like, it's not much good as a phone then. So, eventually, you're gonna wanna turn airplane mode off. And, again, we're circling right back to being okay. When it's off, you're gonna have to be very careful with what you do, where you go, who you call, etcetera, etcetera. So, yes, it might temporarily prevent some tracking.
But, again, I don't think it's the kind of silver bullet answer to be like, okay. Just get a phone, turn it in airplane mode, and the the state can't track you. Because as we've discussed, there's lots of other data points that can be used to pinpoint a specific device to a specific person in a specific location.
[00:48:26] Unknown:
I'll just very quickly add a couple of things there. So if if that is the case and it is, you can airplane mode it and that will stop it pinging cell towers, then then okay, yes, but it's the same as turning it off or Faraday cage or bag or whatever. And on top of that, one thing that I've heard a lot of people doing is like, oh, well, I've got my NIM phone, and I turned that off or, switch that off at certain times. But then they have their usual phone that they use for everything else, and they carry both. And then if you do that, you're still giving away all of this data, and anyone sophisticated would probably be able to tie the two up and be like, these two devices constantly travel together. So if this one's switched off and this one other one is on, it's the same person. So, yeah, I'd I'd just say that that if you do carry multiple devices and you are switching one off or airplane mode in or putting it in a Faraday bag, Also consider if you have any other devices on you or another individual that is always with you, who could be tracked and has their device on them, if you have that type of threat model.
[00:49:40] Unknown:
Yeah. It's a good call out. It's a good call out. Okay. Just, we're gonna hit the questions in a second, guys. If you're in the live chat and you have, any related questions to what we've been talking about today, get ready to drop those. William Hornblows circled back and said that, the the kind of router level thing that was paid for by Bitcoin and Monero, is called Tollgate. He said it's community driven. You install Tollgate OS on supported routers, and you are part of the network. So maybe, want to, want to check out later on, and maybe we can have a discussion about that once we understand it a bit more. Atore said you can use Wi Fi with airplane mode. You are definitely tracked if you connect to a cell network, but you can temporarily disappear by using airplane mode. Yep. I think that kind of echoes what we mentioned, earlier.
Whilst I'm waiting for any live chat questions to roll through, guys, I'm gonna start working through the backlog. The first one is very tangential to what we've been talking about today, and I'm keen to hear, thoughts on this one. Rivian Stokes, on Nosta asked, paying via Google or Apple Pay? Let me just bring the question up. There we go. Paying via Google Pay or Apple Pay, I've heard you share less information with the vendors, but you sharing more with goo but you are sharing more with Google, I guess. And a second tangential question is, is NFC more secure than inserting a card?
So let's first discuss the data one because I've heard something similar to that. It's not something I've ever kind of dived into, but I believe that, as ironic as it sounds, using Google Pay or Apple Pay, you do actually share less information with the specific vendor than you will be by tapping your, bank card. Obviously, this is not comparable to to handing over some physical cash. The comparison here is Google Apple Pay versus tapping your bank card. Anybody have, any This is a Seth this is a Seth question because of cake pay and everything. He's he's gonna be proper clued up on this, isn't he?
[00:51:41] Unknown:
So I both are definitely better if you're mainly worried about merchants being able to track you or the security of your card numbers. Because that is one of the huge improvements with these is that you you don't share any, we you don't reuse card numbers with either of them. It generates a fresh card number for each, so it's harder for a merchant to track you between purchases,
[00:52:04] Unknown:
unless, obviously, you're using, like, a loyalty card or something like that alongside of it. Then then, obviously, they would be able to track you. Sorry to jump in. That was a revelation for me. Did you just say, like, each time you tap your iPhone or your Pixel or whatever and use Tap to Pay, the you're using a different card number each time.
[00:52:22] Unknown:
That's my understanding. Yeah. They never get the real card number underneath.
[00:52:26] Unknown:
Okay. Wow. Interesting. Okay. That's a big improvement then.
[00:52:30] Unknown:
Now I'm scared that I'm wrong.
[00:52:32] Unknown:
Yeah. Interesting. Okay. Well, considering what you were saying there, I'm If he's wrong, abuse him in the comments now. Quickly get it. Please do.
[00:52:40] Unknown:
So sorry to cut you off your flow there. That was a real revelation for me. I'm gonna go and try and look into that just while you you carry on. So sorry to throw you off your flow.
[00:52:49] Unknown:
Yep. Yeah. I mean, no. It's a it's a good question. And when I should I should confirm, and if you do find one way or another, that was that's my understanding of both is that's one of the key benefits that they propose from a privacy perspective is that the merchants themselves don't get it. And the main reason they do that is so that a merchant being pwned or a POS system being hacked or something, they don't get the card number that they can reuse and make another charge too. So that's that's the point of it. It's one time use, cards, essentially, virtual cards every time you'd have to pay.
So, it is great from a perspective of hiding your information from the merchant. My, like, TLDR understanding of the two is that Apple Pay is better in terms of privacy from Apple than Google Pay in terms of privacy from Google. But I haven't done a deep dive on either. I have been using Graphene OS for years, so I haven't been able to use Google Pay. So I haven't really focused on that. I spoiler alpha for those in the chat. I am using an iPhone right now, so I have been using Apple Pay, quite regularly. And then so I I need to dig into that. And so I I'll I'll promise that I'll dig into that before, before next Freedom Tech Friday, and we can get a little deeper in the weeds. But that is one of the things I was missing on GrapheneOS is there are many advantages to be able to do that when I do have to still use credit cards and stuff. Like, I I do live in the fiat world still.
[00:54:15] Unknown:
So so Shame me all you want. I've got a follow-up, and I'm gonna read this, so bear with me, guys. So when you add a credit or debit card or prepaid card to Apple Pay, your actual card number is never stored on your device or on Apple servers. Instead, Apple creates a unique device specific device account number that is encrypted and stored securely in the secure element. A certified chip isolated from the device's operating system. This number is used for transactions and cannot be decrypted by Apple. Your card details including the card number, expiration date, and CVV, security security number, are never shared with merchants when you make a purchase.
When you pay in stores, apps, or on the web, Apple Pay sends only the device account number and a unique transaction specific dynamic security code to the merchant. This ensures that your sensitive card information remains private and hidden from the merchant. So, yeah, you were bang on, sir. Yes.
[00:55:10] Unknown:
It was a close one. I'm scared. I have a question,
[00:55:15] Unknown:
on the Google Pay, Apple Pay stuff. So when you buy the either prepaid Visa things or gift cards, would obviously, gift card is different. Visa card would go into your Apple or Google, wallet effectively, and then you would just use that as an NFC tap to go and buy your coffee or whatever shopping you're doing out and about, or would it only work online?
[00:55:50] Unknown:
So yeah, I mean, like, one of the things we target with Cake Pay and most of the, like, prepaid debit card things is, like, the the bare minimum we want is Apple and Google Pay being supported. Because, otherwise, they're just not really that useful. Like, yeah, you can use them online, but far more useful for you to be able to add it to those. So that that is always the goal, and that's where most of these can be used. So that's yeah. I know that's the primary way that, like, cake pay cards are used is you you add them to those so that you can use them everywhere.
[00:56:21] Unknown:
So in theory, if I went on to Cake Pay, bought a 100 quits worth of, a Visa card with a 100, dollars on it, and then I went to a shop to buy my coffee, and they accept Visa, and they accept Apple Pay, and I use my iPhone, and I tap it. It's just gonna go ding, and they'll go, here's your coffee, sir. And I go, oh, I just paid for that with Monero, effectively.
[00:56:47] Unknown:
Yep. Bond is And Apple and Google don't even learn anything about you. Mhmm.
[00:56:53] Unknown:
How do they not learn anything about me? How do they not learn anything?
[00:56:57] Unknown:
Because you didn't use a card that's, like KYC'd for back of a letter. Well, for yeah. KYC'd actually, or, yeah, tied to your identity. So, I mean, in theory, I know Apple says that they don't get the actual credit card number itself. So in theory, they don't learn that about you. Obviously, iOS closed source, so, you know, we don't ever really wanna make assumptions there. But, yeah, it's another extra layer. So now even the even Apple or Google couldn't know who you are, but you can still pay through them, which is a really powerful combination.
[00:57:28] Unknown:
So is that not I don't want to get us too off track here, but is that not a better way for people who are earning or using, cryptocurrencies to live on? Isn't it a better way than just to buy those and spend with those for your daily, you know, like, your shopping and your fuel and everything else like you would with gift cards rather than doing something like a peer to peer sale on something like BISK because you're actually giving less information to your, trading partners and people that you're dealing with than you would than giving your banking details, and you don't know who's on the other side of it. Would you not be better off if you need to to sell to do the Visa cards and the gift cards?
[00:58:19] Unknown:
Yeah. I mean, it's a Yeah. You you go ahead, Q. You go ahead. I was gonna probably gonna say what you were gonna say. I mean, in theory, yes. That makes sense. I mean, the the the gift cards, again, are not always a silver bullet. Like, I've heard reports of some merchants not accepting them. I'm sure Seth can probably talk, at length more than I can as to as to how big of a problem that is, but I've definitely heard reports of some some of these prepaid cards, you know, being rejected. So that that's something to bear in mind, whereas, you know, gift cards kind of always seem to to go through. I guess the the bottleneck there would be the the gift card provider. But, again, that's always gonna be, you know, somewhat of a kind of permissioned or or semi trusted relationship there, depending on how much currency you use, of course.
[00:59:07] Unknown:
Yep. Yeah. I think you nailed it.
[00:59:10] Unknown:
I wanna go back to a quick question that, Otori mentioned here. Is there a non Google or Apple equivalent that also hide your card number? I think the the short answer is no. Obviously, Apple, you know, you have Apple Pay and that's it. It's it's kind of locked down. You can't there's no alternative for for an iOS device. With Google, as soon as you go to a nonofficial, Android install like GrapheneOS, Google Pages doesn't work. And to my knowledge, there is no alternative because, again, that's locked down at the kind of OS level.
So if you if you're not produced by, you know, if you're not on a version of Android that is produced by Google or signed by Google or or any of their trusted partners, I don't know how how wide ranging that is, then, they just refuse to let Google Pay work entirely. So I I don't think there's a there's a fix for that. Again, correct me if I'm wrong there, guys.
[01:00:05] Unknown:
Yeah. The only thing you can do is you can use privacy.com cards, but that's, again, just when you need to give out the card number. So, like, paying online, you can do that, but you can't just tap to pay. Like, you you cannot replace tap to pay, unfortunately, in a way that is not Google or Apple, because those things there's a lot in the back end that has to happen, and they're very strict about what devices they'll let it run on for obvious reasons as well. I mean, fraud. They do have to worry about fraud. So I I understand why they do restrict it, but that doesn't mean it's not a pain in the ass that they restrict it.
[01:00:37] Unknown:
Yeah. Definitely. Alright, guys. I can't believe it. We're we're already at time. That one absolutely flew by. Lots to to dive in there in terms of in terms of mobile phone privacy, and I'm sure we've only just scratched the surface. Wanna extend, you know, a thank you to to everybody as always in the live chat. Bon, Vibrant, Torey, with, William Hornblower. Good to see you with us, guys. Thanks for, stoking the conversation and, keeping us going. And, for everybody else that's listening, either live or catching up on the podcast feed, we will see you for more of the same next week, 9AM eastern, 2PM UK time, live, hopefully, on, X, Nosta, and YouTube.
We'll see if we can get all three working next week. This week, we just add YouTube and X. But, yeah. And as Seth mentioned, we we chatted that much that we got to one question from the back end. And and and that and that question was posed this week. So, actually, we did zero from the backlog. So, we We did zero. We we still have a long list, but, again, we we really appreciate it. We've got Monday. Yes. We have got Monday. We've got Monday. We'll be recording a brief so we if there's any Bitcoin related questions, Max and I will will take that, we'll take that on. Yeah, Bon. Hopefully, Zap. Stream works next week, but, seems to be the the only thorn left on our side for this streaming setup at the moment. But we'll get there. We'll get there. Okay.
Once again We will. Thank you, everybody. That was a fun one, and we'll see you at the same time next
[01:02:04] Unknown:
week. See you then.
[01:02:06] Unknown:
See you on a week.
[01:02:14] Unknown:
Thank you for listening to Freedom Tech Friday. To everyone who boosted, asked questions, and participated in the show, we appreciate you all. Make sure to join us next week on Friday at 9AM EST and 2PM London. Thanks to Seth, Max, and Q for keeping it ungovernable. And thank you to Cake Wallet, Foundation, and my NIM box for keeping the Ungovernable Misfits going. Make sure to check out ungovernablemisfits.com to see mister Crown's incredible skills and artwork. Listen to the other shows in the feed to hear Kareem's world class editing skills.
Thanks to Expatriotic for keeping us up to date with Boost's XMR chats and sending in topics. John, great name and great guy, never change and never stop keeping us up to date with mining news or continuing to grow the mesh to Dell. Finally, a big thanks to the unsung hero, our Canadian overlord short, for trying to keep the ungovernable in check and for the endless work he puts in behind the scenes. We love you all. Stay
Introduction to Freedom Tech Friday
Recap and Humour from Last Week
Exploring Phone Privacy
Privacy from Other People
Corporate Data Collection
Network Providers and Privacy
Government Surveillance Concerns
Airplane Mode and Privacy
Payment Privacy: Google and Apple Pay
Closing Remarks and Community Interaction
