I don't like that this is piggybacking on the recognizable name of an open standard and not-for-profit software while being considerably less open (Where's the RFC? Where's the source code?) and being for-profit.
This is a bit like calling your company "Red Cross Pharmaceuticals" despite not being affiliated with them.
Just wanted to say hi – I’m one of the co-founders of this effort and would love to answer any questions or discuss further.
Also wanted to add, since this is a common question: does PGPP protect all identifiers or just some? As with most privacy systems, just some. Our aim is twofold: 1) to decouple a user's human identity from their network identities (mobile and Internet) and 2) randomize their network identities. We view decoupling as pretty fundamental to practical privacy -- to decouple who you are from what you do. Who you are in the context of the network is your human identity, often associated with the main point of contact you have with the network and billing -- your subscription and SIM, your broadband connection and its IP address and your home address, etc. That information has been used as the key upon which datasets can be attached.
The goal then is to decouple across entities -- the different parties who have data -- and across uses -- the different mechanisms of a network protocol, such as authentication and connectivity.
Other identifiers such as hardware identifiers aren't inherently attached to a person and aren't always used by networks, but even when they are, removing them is insufficient -- as our colleagues at UCSD found in recent work, phones can be identified at the PHY, without even using a unique hardware identifier.
Um what? Is PRZ involved? Is he ok with your using that name? He had something called PGPFone a long time ago, though it didn't get much traction. There have also been tons of other encrypted voice programs.
Obscuring traffic patterns without stupendous amounts of dummy traffic is quite difficult. That someone is connected to your network at all is already a huge giveaway. I have trouble seeing how something like this can work without a very big operator (think Cloudflare or AWS) being involved, and anything that size would have to get in bed with regulators. It's a lot easier if you're only trying to do low bandwidth text.
Hi barathr, thanks for joining the discussion! Having had a brief look at your paper and the Usenix slides[0], I've got three questions:
- Given that your Android app is security-critical for its users, are you planning on open-sourcing it in the near future?
- How exactly does your app work on Android? How does it rotate the IMSI? (I don't know a lot about eSIMs but I would have thought a regular app can't easily change the carrier/network settings.)
- As for the relay functionality, I suppose on Android this "simply" sets up a VPN once the network connection is established?
Your claim "we don't learn which eSIM your phone gets" is false. The eSIM update protocol, which is implemented in firmware which you do not control, will send you (the carrier) the eSIM's permanent ID (the EID), and you can't stop this. https://news.ycombinator.com/item?id=32416373
Moreover, you provide no protection whatsoever against IMEI tracking, which all carriers implement. IMEIs are reported to the carrier immediately after authentication/attach (AKA), and many will block invalid/unexpected IMEIs. You can't prevent this. Without a solution to IMEI tracking your work on IMSI tracking isn't much use. This won't protect anybody from the telcos. At best it might stop people using a stingray without assistance from the telco (i.e. almost nobody). https://news.ycombinator.com/item?id=32416308
What payment methods are available, and what data do you collect for billing?
Could I pick up an eSIM compatible Android tomorrow for cash at the local pawn shop, and get service using your system without handing over anything identifiable?
>PGPP does not support traditional phone calling/SMS and doesn’t include a phone number. Instead we recommend that users install and use more secure apps such as Signal and Matrix for voice and video.
Doesn't signal require a phone number to use? Or did they fix that?
I would love to buy your product, but won't yet. I need a few things:
1) You should explicitly test with privacy-respecting Android flavors like GrapheneOS. I assume it would work using the sandboxed play services hack, but I'm not sure.
2) You need another exit aside from London. U.K. has weak data protections, facilitates U.S. spying, doesn't even offer access to the real internet any more (they run a firewall and mandate various other kinds of nannying), and, generally, seems like it's sliding down the path towards some sort of oppressive surveillance state.
3) I need to be able to pay with cryptocurrency, ideally Monero.
1) we have tested with GrapheneOS and it does work. Relay works well with GrapheneOS. With some amount of configuration, the mobile plans also work, though it can be a bit tricky to set up.
2) We have many egresses (via Fastly) -- across North America, South America, Europe, and Asia -- and more planned. The London egress is used when you're on mobile data by default, but if you're on WiFi then you can egress elsewhere.
3) Not sure about that at the moment, but we've gotten the request from multiple folks.
> You need another exit aside from London. U.K. has weak data protections, facilitates U.S. spying, doesn't even offer access to the real internet any more (they run a firewall and mandate various other kinds of nannying), and, generally, seems like it's sliding down the path towards some sort of oppressive surveillance state.
Definitely want to try this, but the full feature cost is much more than my monthly phone bill. Does this route through a server at all (overhead costs) or is everything contained locally? Trying to understand the level of rationale for such a cost.
If it's contained locally, it's likely you could make more in volume than with a higher price.
Also, it's deceptive/leaves a bad taste in mouth with having the Play Store show an "Install" button rather than purchase, only to open the app to a paywall. Using this dark pattern could end up hurting user perception/the app's reviews.
The $5/month price is for the Relay functionality which provides the 2-hop traffic tunneling. I'm guessing(?) that's not more than your monthly phone bill?
The $90/month price is for unlimited mobile data, so it would in theory replace your phone bill entirely.
Hmm, thanks for that feedback. I think (hope?) people wouldn't think that service like this was free (the prices reflect the costs). We say pretty clearly on our site what the prices are and are trying to be upfront. It's true that the payment isn't handled by Google but by Stripe, so you aren't buying it on the Play Store, but that's because it's a network service, something that isn't under Google's normal payment processing.
I still do find it disingenuous to omit it entirely as it implies that all possible issues are averted which they absolutely are not, even if IMEI wasn't a factor.
It looks like the U.S. trademark for "PRETTY GOOD PRIVACY" (Registration Number 2015027) has "Cancellation Date April 24, 2020" even though the one for "PGP" (Registration Number 1914615 - with the identical "computer programs for data communications applications, and for the encryption and authentication of electronic information" description) isn't canceled.
Was this relevant to making the "likelihood of confusion" low enough that there's no risk of needing to rename the Pretty Good Phone Privacy product?
By decoupling the user identity from a permanent, globally unique IMSI, we make IMSI catcher / Stingray attacks less "useful" as the IMSI is changing and isn't tied to the user. They can attack your IMSI, but it won't be tied to you and it is ephemeral.
This is great if you are using an old SIM that still operates using IMSI on the sNode B Tower, its also bad because this is simply another overlay band-aid fix which bloats and slows your phone down, the privacy phones made by Obsidian Intelligence Group (obsidianintel.com) don't have this problem and they are also impervious to the SS7 network, I would check them out.. You can find more info on their twitter page @Obsidian_Intel as well.. I picked one up a few weeks ago and it is fantastic I couldn't be happier with it.
Can you give a run-down what's involved in getting service? Would I need to register with you and get an app or something? Which devices are supported? Do I need rooted device?
You can just install the app on a normal device and subscribe to the service on first run. For PGPP Relay, almost any Android device (and maybe even Chromebooks) works fine. For PGPP Mobile plans, you'd need an eSIM capable device (e.g. Pixel 4 or newer or Samsung S22).
The IMSI change is only truly effective if paired with an IMEI rotation - which as others have noted is legal (usa). So now we have a service provider that supports IMSI rotation I guess it is up to folks who can work on the hardware level to add support for IMEI rotation. I heard that GrapheneOS is developing its own hardware. It's possible we may have a very effective defense against cellular layer privacy attacks in the near future.
So what happens when the major mobile networks decide to stop allowing PGPP to use their network?
I seen this happen before. I used to use the "Private Buyer" Payment service to anonymously pay for services privately. They had issues with payment processors preventing their payments from going through. I gather largely due to the privacy aspects of the service. That was in the early 2000 and I think the went out of business after 3-5 years.
It's true, they could. The one thing that is perhaps helping at this moment is that they've come under scrutiny for their (bad) privacy practices -- both from the media and from the FCC. Ultimately we see privacy as a layered problem, from a technological standpoint and a social standpoint -- we need layers of protection across the network and software stack and also a combination of policy, technology, and user behavioral changes.
Since "one of the co-founders of this effort" seems not to grasp the realities of IMSI's & TMSI's and the reliance of network operators (read: billing) on these, I would strongly advice to treat this "solution" as experimental at best.
Part of the 3GPP standardization process is to ensure law enforcement stays efficient. So this IMSI change is totally futile. Sorry guys. If that 'co-founder' wants to speak, dm.
Are the codebases behind this project open source? Would be great to have the eSIM code, the client side and the two relay codebases publicly released.
Yes. With a traditional VPN you are trusting that VPN provider with all of your traffic. They know your identity and everything you do. The two hop architecture we use decouples that information such that neither hop has both the user's identity and their usage information. In our case, the second hop is Fastly.
This was a research project that we undertook while at our respective universities. We decided to spin it out as we think it's useful. We are not funded by the government or Princeton (while Princeton owns the IP).
[+] [-] chmod775|3 years ago|reply
This is a bit like calling your company "Red Cross Pharmaceuticals" despite not being affiliated with them.
[+] [-] thayne|3 years ago|reply
[+] [-] j-bos|3 years ago|reply
[+] [-] barathr|3 years ago|reply
Also wanted to add, since this is a common question: does PGPP protect all identifiers or just some? As with most privacy systems, just some. Our aim is twofold: 1) to decouple a user's human identity from their network identities (mobile and Internet) and 2) randomize their network identities. We view decoupling as pretty fundamental to practical privacy -- to decouple who you are from what you do. Who you are in the context of the network is your human identity, often associated with the main point of contact you have with the network and billing -- your subscription and SIM, your broadband connection and its IP address and your home address, etc. That information has been used as the key upon which datasets can be attached. The goal then is to decouple across entities -- the different parties who have data -- and across uses -- the different mechanisms of a network protocol, such as authentication and connectivity.
Other identifiers such as hardware identifiers aren't inherently attached to a person and aren't always used by networks, but even when they are, removing them is insufficient -- as our colleagues at UCSD found in recent work, phones can be identified at the PHY, without even using a unique hardware identifier.
[+] [-] throwaway81523|3 years ago|reply
Obscuring traffic patterns without stupendous amounts of dummy traffic is quite difficult. That someone is connected to your network at all is already a huge giveaway. I have trouble seeing how something like this can work without a very big operator (think Cloudflare or AWS) being involved, and anything that size would have to get in bed with regulators. It's a lot easier if you're only trying to do low bandwidth text.
[+] [-] codethief|3 years ago|reply
- Given that your Android app is security-critical for its users, are you planning on open-sourcing it in the near future?
- How exactly does your app work on Android? How does it rotate the IMSI? (I don't know a lot about eSIMs but I would have thought a regular app can't easily change the carrier/network settings.)
- As for the relay functionality, I suppose on Android this "simply" sets up a VPN once the network connection is established?
[0]: https://www.usenix.org/conference/usenixsecurity21/presentat...
[+] [-] octoberfranklin|3 years ago|reply
Your claim "we don't learn which eSIM your phone gets" is false. The eSIM update protocol, which is implemented in firmware which you do not control, will send you (the carrier) the eSIM's permanent ID (the EID), and you can't stop this. https://news.ycombinator.com/item?id=32416373
Moreover, you provide no protection whatsoever against IMEI tracking, which all carriers implement. IMEIs are reported to the carrier immediately after authentication/attach (AKA), and many will block invalid/unexpected IMEIs. You can't prevent this. Without a solution to IMEI tracking your work on IMSI tracking isn't much use. This won't protect anybody from the telcos. At best it might stop people using a stingray without assistance from the telco (i.e. almost nobody). https://news.ycombinator.com/item?id=32416308
[+] [-] sneak|3 years ago|reply
Seems like if the same IMEI shows up over and over again with a different rotating IMSI then the jig is up.
[+] [-] nibbleshifter|3 years ago|reply
Could I pick up an eSIM compatible Android tomorrow for cash at the local pawn shop, and get service using your system without handing over anything identifiable?
[+] [-] syrrim|3 years ago|reply
Doesn't signal require a phone number to use? Or did they fix that?
[+] [-] barathr|3 years ago|reply
[+] [-] NoImmatureAdHom|3 years ago|reply
1) You should explicitly test with privacy-respecting Android flavors like GrapheneOS. I assume it would work using the sandboxed play services hack, but I'm not sure.
2) You need another exit aside from London. U.K. has weak data protections, facilitates U.S. spying, doesn't even offer access to the real internet any more (they run a firewall and mandate various other kinds of nannying), and, generally, seems like it's sliding down the path towards some sort of oppressive surveillance state.
3) I need to be able to pay with cryptocurrency, ideally Monero.
[+] [-] barathr|3 years ago|reply
1) we have tested with GrapheneOS and it does work. Relay works well with GrapheneOS. With some amount of configuration, the mobile plans also work, though it can be a bit tricky to set up.
2) We have many egresses (via Fastly) -- across North America, South America, Europe, and Asia -- and more planned. The London egress is used when you're on mobile data by default, but if you're on WiFi then you can egress elsewhere.
3) Not sure about that at the moment, but we've gotten the request from multiple folks.
[+] [-] throwaway67743|3 years ago|reply
What? No such thing exists, stop
[+] [-] throwaway743|3 years ago|reply
If it's contained locally, it's likely you could make more in volume than with a higher price.
Also, it's deceptive/leaves a bad taste in mouth with having the Play Store show an "Install" button rather than purchase, only to open the app to a paywall. Using this dark pattern could end up hurting user perception/the app's reviews.
[+] [-] max-b|3 years ago|reply
The $90/month price is for unlimited mobile data, so it would in theory replace your phone bill entirely.
[+] [-] barathr|3 years ago|reply
[+] [-] throwaway67743|3 years ago|reply
I still do find it disingenuous to omit it entirely as it implies that all possible issues are averted which they absolutely are not, even if IMEI wasn't a factor.
[+] [-] octoberfranklin|3 years ago|reply
Every time anybody points out the severe technical flaws in this scheme he either waves it away with happytalk or ignores it.
[+] [-] zer0k3wl|3 years ago|reply
[deleted]
[+] [-] pledess|3 years ago|reply
Was this relevant to making the "likelihood of confusion" low enough that there's no risk of needing to rename the Pretty Good Phone Privacy product?
[+] [-] jimhi|3 years ago|reply
How does this protect against IMSI catchers and Stingrays if they are done local to you? Local cell tower spoofing?
Also, this is just for data? So if you have another SIM for voice/SMS this is completely negated?
[+] [-] prschmitt|3 years ago|reply
[+] [-] killabit|3 years ago|reply
[+] [-] dfc|3 years ago|reply
[+] [-] hcarrega|3 years ago|reply
[+] [-] joemazerino|3 years ago|reply
[+] [-] zer0k3wl|3 years ago|reply
[deleted]
[+] [-] wjko21|3 years ago|reply
[+] [-] barathr|3 years ago|reply
[+] [-] zer0k3wl|3 years ago|reply
[+] [-] trinsic2|3 years ago|reply
I seen this happen before. I used to use the "Private Buyer" Payment service to anonymously pay for services privately. They had issues with payment processors preventing their payments from going through. I gather largely due to the privacy aspects of the service. That was in the early 2000 and I think the went out of business after 3-5 years.
[+] [-] barathr|3 years ago|reply
[+] [-] WelcomeShorty|3 years ago|reply
[+] [-] exfil|3 years ago|reply
[+] [-] pabs3|3 years ago|reply
[+] [-] buzzy_hacker|3 years ago|reply
[+] [-] prschmitt|3 years ago|reply
[+] [-] deathgripsss|3 years ago|reply
[+] [-] eyeris|3 years ago|reply
[+] [-] fire|3 years ago|reply
[+] [-] prschmitt|3 years ago|reply
[+] [-] JediPig|3 years ago|reply
So no, make a different solution.
[+] [-] prschmitt|3 years ago|reply