Maybe some people know about certain crypto phones that existed before (they were used a lot by criminals in western Europe), phones like SkyECC and EncroChat. Though the implementation of these phones in terms of using a third party host (which you needed to trust), it was totally wrong from a privacy side, you can never trust someone with your data except yourself. But These companies did had some interesting privacy features which is worth implementing even now.
From what I know about these phones:
The cameras were removed
The microphones were removed
The GPS sensor was removed
The gyroscope and accelerometer sensors were removed
The phones had a physical panic swipe button (you hold that button in for several seconds and it would auto delete your whole phone)
The USB ports were modified in order to be used as charging only, so its not possible to use a data cable for it (this is imo a very interesting option even today, why? In the event the feds take your phone away in AFU state and they see that they can’t extract information or put an exploit in your device because your USB port doesn’t accept data transfer, well then the feds have only 1 option left: turning off the device and putting a new usb port in the device, this comes however with a major benefit for the phone owner as the phone will turn back into BFU state. The biggest enemy of law enforcements are phones which come into BFU state and phones who are FBE at the same time.)
What are your thoughts about this? I’m really interested in the USB feature.
If your phone isn’t glued, it should be trivial to disable the microphone and camera. Some models are probably better to modify than others.
As for the USB port, GPS, and gyroscope, I think you would need to reach out to a phone oem and make a phone that that has (or rather lacks) those features. (Might be a good business)
A panic button could be implemented at the software level.
I actually already experimented myself and I believe most is doable for the average person as long he/she is interested in it, as for what I’ve done:
I removed cameras (all of them, the most easy part tbh and most straightforward)
I removed the microphones (all of them, they are a bit harder to remove, you just need to heat them good with the soldering equipment and you can pull them off the motherboard)
I removed the gyro/accelero sensor (basically the same difficult lvl as microphones, heat that fucker up and pull it off gently).
Now what I’m going to try and what would probably the hardest part is to change my current USB-C port (which can charge and transfer data) to another one which can only charge, I’ve seen that those connectors are available everywhere (on aliexpress cheap as fuck). I hope soon I can try this out :).
But I would love to hear opinions of other people (maybe people who already done this themselves?)
As for the panic button, the only thing close to it which I could find is the ‘locker’ app which has the ability to auto delete/erase your whole device after a certain amount of wrong unlocks. I’d rather not use something like this (if there is an app which allows you to auto wipe your device after a set amount of days/months that would be better imo. Also I’m interested in knowing how those crypto phones implemented the panic button.
I won’t bother reading throroughly what’s written, so correct me if I misunderstood something.
You are not really gaining any privacy/security from removing cameras or microphones. In modern vanilla Android (Not in something like Samsung where a lot of more apps are running as Admin ) or IOS if you have not given an app a specific permission, it’s nearly impossible for the app to get access to them (Something like FORCEDENTRY is required to pull off such a feat).
If you are really in need of covering your camera you may as well use some tape lol.
If you are some Snowden looking to reveal classified stuff, removing the microphones doesn’t really help all that much for you. The gyroscope and acclerometer needs to be removed too. All of these combined would make your phone a brick which can be used for some network browsing but I don’t suppose a person with this high threat model would use their brick for network browsing. Then again you wouldn’t want to browse the internet even with Tor as Mobile version of Tor Browser can be fingerprinted easily.
Doesn’t that make such a phone pretty much useless in every aspect?
It’s not really clear what threat model you are supposed to be in with such a phone. Are you looking to be hiding from the Goverment and Feds? I don’t really think the Feds just exfiltrate data of any random heroin addict they find on the street lol. If you are a Govt. wanted man they will likely have no intention of return your phone and employ every means to crack the phone.
I think the idea here is that by remove the hardware you are further protecting yourself in the event of exploits. The kinds of exploits that would target your input would probably be reserved for targeted attacks so I think it’s unlikely the average person will run into this.
I think the idea is to have just a tiny computer where you’re constrained to text-based communication. If you’re still connecting to the internet then you can still get information out and it’s more inconspicuous than a computer. To your point, however, at that point your phone is not that different from using a laptop without a mic or camera, so the benefits of using one or the other may come down to use case.
I personally haven’t thought through that many scenarios you’d want to protect against at this level, but it seems like a neat hobby and exercise. Fairphone might be a good option to check out because its repairability makes it easier to swap or remove a phone’s internals. Could be an even stronger option once CalyxOS releases a stable version for it.
When your phone is exploited you can benefit from removing these components.
Tape is pretty annoying and gets of after a time, just removing it is super easy.
If you read my first post I did mention the removal of the gyroscope and accelerometer. It’s not of benefit here to speculare about threat models “if you are snowden like”, as if snowden is the only person in need of high treat model? An average drugs mob is need of a higher threat lvl than snowden. And who says TOR browser on your mobile phone is the only way to use TOR? We have TOR vpns on mobile phones which act as a VPN and routs all your traffic through TOR, there is no need for TOR browser in this case. And the phone that I’m talking about is used only for message based communication (E2EE), which is the safest online way of communicating.
Again there is no need to speculate for threat models here, also not every phone is able to be cracked by government agencies.
Not only you, in most peoples case they use a smartphone mostly for internet usage. Also calling people is still possible by using a plug in microphone (in case you removed microphones from your device).
Nothing in this article implies that a TOR vpn is bad for anonymity, heck the writer even confirms that using a SSH proxy before entering a TOR entery guard is actually a good idea:
" Once the VPN client has connected, the VPN tunnel will be the machine’s default Internet connection, and TBB (Tor Browser Bundle) (or Tor client) will route through it.
This can be a fine idea, assuming your VPN/SSH provider’s network is in fact sufficiently safer than your own network.
Another advantage here is that it prevents Tor from seeing who you are behind the VPN/SSH. So if somebody does manage to break Tor and learn the IP address your traffic is coming from, but your VPN/SSH was actually following through on their promises (they won’t watch, they won’t remember, and they will somehow magically make it so nobody else is watching either), then you’ll be better off."
You two are talking about two completely different things lol, your first post was talking about a “Tor VPN” like Orbot which proxies all your phone’s traffic over Tor, and @whattheduck is talking about using a standard VPN in conjunction with Tor.
Edit: With regard to the latter and the article linked, it’s true that (contrary to popular belief) connecting to Tor via a VPN or SSH tunnel does not harm your anonymity and may in very specific cases be more private. It’s still generally not recommended because the benefit is typically extremely small (for censorship circumvention you are probably better off using bridges), there’s a not insignificant risk that your VPN provider is less trustworthy than your regular ISP, and there is a greater potential to screw up your configuration and break your anonymity because there are more moving parts involved.
Well he claimed that TOR vpn (like orbot or inviziblepro) is not good for anonymity and nothing in that page (which actually has some mistakes in it) confirms his stance. Also his contributtion to this topic is offopic and leading to some speculations: “ArE yoU soMe SnoWden?”
I don’t think the reference to Snowden was meant as a slight. He’s just an easy example of a very advanced threat model. Of course there can be others who need to be similarly cautious and there are some people who choose to operate at an advanced threat level even though others in the privacy community would think it’s unnecessary. Or you just want to do this to your phone because you want to, it’s all good.