| HN Mirror

But then you are using SMS, which your cell carrier can absolutely see and intercept because it's decrypted.

So in either case... turn off native messaging and use Signal or something if you are paranoid. You aren't really using the "phone" part anymore, so buy an iPod touch or something.

Also, iMessage is fully E2E if you disable iCloud Backup. Which can easily do in Settings.

Please stop using the term "paranoid" to describe those who desire personal privacy.

There is a degree to where you are actually paranoid though, otherwise we wouldn't have that word.

If you are this paranoid, you shouldn't be carrying an electronic device.

caymanjim 1802 days ago

It's not paranoia when it's true. While most people value the convenience of conventional phones calls and default messaging applications over true privacy, those who prefer privacy aren't being paranoid. Companies are monitoring communication to increase ad revenue; government are monitoring communication to catch criminals, enable industrial espionage, and suppress dissent. It's only paranoia if it's delusional. We know that we're being spied on, even if we're not being individually targeted. Even democracies that supposedly value freedom engage in widespread surveillance in direct violation of their own laws.

I'm in the camp of pragmatic resistance to surveillance. I use browser plugins to block ads and cookies where it doesn't get in the way of reaching the content I want; I use Signal for messaging even though almost none of my recipients do; I disable location services except for things like Maps that actually need to know where I am; I turn off all the spyware I know about that's built into operating systems; etc. I'm not a tin-foil-hat-wearer; I'm not doing anything illegal that I need to hide; I'm just trying to push back in a small way against the erosion of privacy and rights that permeates everything electronic.

But the parent isn't paranoid. They really are watching. And we shouldn't be so complacent.

Yes, but if you are that paranoid and worried about it, the fact remains you should not carry an electronic device.

This person is so paranoid, that they believe that a cyberweapon developed by a private company in Israel that uses previously-unknown bugs in the most sandboxed messaging system you can get on a phone are going to be deployed against them, so they should not use the calling, texting, or any other "phone-like" functionalities of a phone.

They then distrust that the End to End Encryption is in-fact End to End, and then think that using Signal or something is more secure, when if a bug in a system more sandboxed than Signal was found (iMessage, which has BlastDoor which Signal does not have), it is more than likely that Signal has it's own zero-days in it, so you shouldn't be using that either.

That's paranoid, and if you are that paranoid (which, maybe you have a reason to be), your solution isn't well thought-through. You shouldn't be using a phone if you can help it.

fsflover 1802 days ago

You could carry a device with kill switches and only turn them on when you need a connection. See: Librem 5 and Pinephone.

> I disable location services except for things like Maps that actually need to know where I am

Fun fact: having systemwide location services on, even if you don't enable it for any apps, means that your location is sent in realtime to Apple/Google at all times (via Wi-Fi triangulation data). It's not just passive GPS reception.

If you want actual location privacy, you'll want to leave location services off systemwide on your smartphone, and consider getting an offline GPS receiver device. Good car satnav devices from China are like $60 now, and include continent-wide maps, though you lose realtime traffic info, being offline.

commoner 1802 days ago

There is a way around this. If you use an Android distribution with UnifiedNlp (part of microG) and without Google Play Services, you can install only the location providers that you want to use for Wi-Fi and cell tower triangulation. Google would not be monitoring your location queries. Provider options include:

- OpenCellID (offline): https://f-droid.org/en/packages/org.gfd.gsmlocation/

- Radiocells.org (optionally offline): https://f-droid.org/en/packages/org.openbmap.unifiedNlp/

- Déjà Vu (offline cache using Wi-Fi and cellular data): https://f-droid.org/en/packages/org.fitchfamily.android.deja...

- Mozilla Location Services (online): https://f-droid.org/en/packages/org.microg.nlp.backend.ichna...

UnifiedNlp is preinstalled on Android distributions that include microG. CalyxOS is the only one of these that supports relocking the bootloader with the developers' key:

https://calyxos.org

caymanjim 1802 days ago

This falls under "close enough" for me. Even with systemwide location off, cell providers and your ISP still know where you are; there's simply no way to stop them from knowing. If I fire up an app and Android gives me a popup saying it won't work with location off, then at least I know which apps are asking for it, and can enable the very few that I want to share that with because I get something out of it (like navigation).

Closi 1802 days ago

Paranoia is an irrational suspicion that you are being watched.

If you just don't want to be watched, either by people or algorithms, and have a rational understanding of what tracking/surveillance you are under, and you are actually not paranoid.

No, that's not what paranoid means. Your statement is simply incorrect and your use of the word is derogatory.

Only if you say so.

There is a degree of rational fear, rational expectation of being tracked. Your degree of fear though is irrational unless you are, in fact, a journalist in an authoritarian state.

You are saying that you are so paranoid, you don't trust iMessage to be End-to-End Encrypted because it has zero-click exploits developed as part of a cyberweapon that is explicitly targeted against high-profile journalists. You then think using Signal or something is more secure, even though if this was pulled off in iMessage (more sandboxed than any other messenger security-wise), your other messengers probably are also flawed and you shouldn't use any of them.

In fact, you shouldn't use a mobile device. And maybe for your situation, that is right and rational. But for most people, it's not.

Dah00n 1802 days ago

No, he is right that you are using bad words because you disagree. I wouldn't have added this but the thread just keeps going.

Just because someone want to be as secure as possible while using their electronic devices and you think they are being extreme doesn't mean that they are being paranoid. It has nothing to do with being paranoid. It could simply be because it is fun to try and secure your devices or to gather knowledge on how to do so in case you need to apply the skill-set at work or a thousand other reasons.

>you don't trust iMessage to be End-to-End Encrypted

I don't secure my devices as GP does but I also do not trust for a second that iMessage is securely E2EE. It is not something you hear rarely if talking about the topic, in fact it is very common argument on HN that iMessage messages are saved unencrypted to iCloud.

>this was pulled off in iMessage (more sandboxed than any other messenger security-wise)

That is almost the opposite opinion of iMessage than what was posted by researchers yesterday on HN (well, Twitter originally). In fact they stated:

>"BlastDoor is a great step, to be sure, but it's pretty lame to just slap sandboxing on iMessage and hope for the best. How about: "don't automatically run extremely complex and buggy parsing on data that strangers push to your phone?!"

In short, Paranoid is misused a lot like this. Just like Schizophrenia (it is often used about having multiple personalities or many opinions that clashes, but neither is correct usage).

smoldesu 1802 days ago

That's absolutely not paranoia, so I'd suggest you leave GP alone instead of burning karma and making yourself look like a fool.

Closi 1802 days ago

> Your degree of fear though is irrational unless you are, in fact, a journalist in an authoritarian state.

You are putting words in OP's mouth. OP never said he was fearful, only that he didn't want to be tracked.

Someone friendly could follow me around in real life and watch what I'm doing - and keep suggesting products to me based on getting to know me. I'm not going to be afraid but I am going to be freaking annoyed, and feel like my privacy is violated when he says he isn't going away.

meepmorp 1802 days ago

It is paranoid for the average person to think they're sufficiently interesting to be a surveillance target.

Karunamon 1802 days ago

Passive surveillance being a thing means everyone reading this text is a target.

Everyone in the global west (and China, and Russia) is subject to mass surveillance. That's documented fact, not paranoia.

heavyset_go 1802 days ago

We aren't in the 1970's. It's cheap and easy to do dragnet surveillance, and it costs a fraction of a cent to store text communications and to perform speech-to-text on audio and video.

You don't have to be interesting, you just need to exist to be caught up in the dragnet.

Dah00n 1802 days ago

This

>you are using SMS

doesn't fit with this from GP

>leave the SIM card out

swiley 1802 days ago

No, then you use gpg email or xmpp.

msh 1802 days ago

Then you could just as well get a iPod touch or iPad mini.

Neither of those has a vibrate motor to let me know about notifications. They also can't be used to pair to an Apple Watch.

I know this because I used to carry an iPad Mini in my pants pocket.

Then buy an iPhone, and turn off iCloud Backup in Settings, it's not hard to do. Then your iMessages are fully E2E Encrypted.

Nope, because they get escrowed by the other end of the iMessage conversation.

Also, the whole point of disabling iMessage (in this thread) is to close the iMessage-related zero click exploits described in TFA.

The other end of the conversation escrows the key on any messenger. Otherwise how would you read the message? Unless you consider Snapchat, but that's not End to End Encrypted.

And are you really sure that Signal or your preferred messengers don't also have Zero-Click exploits? After all, they aren't sandboxed to the degree iMessage is with BlastDoor.

https://twitter.com/billmarczak/status/1416801514685796352

Dah00n 1802 days ago

Snapchat claims to be end to end encrypted, last I looked.

Signal does not escrow endpoint keys in an iCloud Backup, so your first statement is incorrect.

smoldesu 1802 days ago

...or I could just use a truly-secure option that doesn't destroy my personal security model. Owning an iDevice presents a considerable security risk to my current setup.

There is no such thing as a "truly-secure option." As anyone truly concerned about security will tell you.

You will be forced to make compromises somewhere unless you want to live under a rock in the desert. You can't drive without a State ID, can't get a home loan without credit, can't work without a Social Security Number except under limited circumstances, can't make money without reporting to the IRS, and so on. It's entirely about what compromises you want to make, and the tradeoffs therein.

> can't work without a Social Security Number except under limited circumstances

Something like 96% of human beings don't have a social security number. Many of them work.

smoldesu 1802 days ago

I don't count on a "truly secure" option existing, I just manage my risk by reducing the amount of Big Tech thumbs in my personal pie. Apple, much like Amazon, Microsoft and Facebook, have no right to any of my personal information, end of story.

nobodylikeme 1802 days ago

I just wanna know how big are your pants pockets

askonomm 1802 days ago

Should probably also dig an underground bunker and collect cans of sardines to last for decades.

beervirus 1802 days ago

Canned food has a surprisingly short shelf life. Sealed containers of dry beans and rice are the way to go.

abaracadab 1802 days ago

Don’t forget your pentium and DOS collection! Air-gapped of course.