[stacktrust]

Governments and law enforcement would be the best-case scenario for telco monitoring and phone/endpoint hacking via NSO et al, because there would at least be some legal framework for narrowly targeted lawful intercept.

The risk of insecure-by-design telco standards, radio networks and untrustworthy phones is that zero-day and unfixable vulnerabilities could be abused for targeted and mass surveillance by networks of criminal, corrupt or non-state actors.

If Clearview AI can scrape billions of human images from public social networks, for commercial facial recognition services, imagine the per-geo economic value of passive radio signal collection and retroactive footprint analysis by AI.

https://hn.algolia.com/?query=imsi

[cmeacham98]

Sure, but the point is that if we assume that the telco is malicious none of LTE's security matter or could ever matter. They are the party you are encrypting the data for, so they always by definition can log/sniff/whatever it.

There's no point in designing telco standards for cases where the telco is a malicious party.

[stacktrust]

Did someone suggest the telco as a malicious party?

My comment was about non-gov, non-telco malicious actors harvesting metadata via passive sniffing.

[cmeacham98]

Yes, that's literally what the parent comment to your comment is talking about when they said this:

> If your cell provider is going to help stingrays connect to your phone...