Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

812
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#simcard

0 posts0 participants0 posts today
Replied in thread
*
Kevin Karhan :verified:

@adisonverlice even if an #MVNO isn't demanding any #KYC whatsoever (i.e. #prepaid are offered OTC in most juristictions) it's NOT "#Anonymous" but merely #pseudonymous as it's trivial for governments to utilize existing and mandtory "#LawfulInterception" appliances to create that #PII chain.

#PhoneNumber <=> #ICCID (#SIMcard) <=> #IMSI (SIM profile) <=> #IMEI (Phone/...).

So if #Anonymity is important, NONE of these details have to be linked somehow even circumstantial.

  • Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.

  • Use the SIM in any device? Consider them circumstantially connected forever: #ICCID <=> #IMEI.

  • Same applies to #eSIM|s: #EID <=> #ICCID <=> #IMEI.

Add to the fact that most places have #CCTV, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.

  • I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing *104*1234567890123456# )...

So any #privacy-based service should never ever & under no circumstances demand a Phone Number!

  • Instead any privacy-focussed service should use #OnionServices, host their own #OnionService or at least #DontBlockTor and allow users to use it via @torproject / #Tor to use and signup. (But don't forget circumstantial connections there either!)

  • Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.

#OnionServices#onionservice#dontblocktor
Replied in thread
*
Kevin Karhan :verified:

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

  • And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

  • Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

  • And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

  • I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

PrivacyDigest

AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge

AT&T is rolling out a protection that prevents unauthorized changes to mobile accounts as the carrier attempts to fight a costly form of account hijacking that occurs when a scammer swaps out the #SIMcard belonging to the account holder.
#security #scam #att

arstechnica.com/security/2025/

Ars Technica · AT&T rolls out Wireless Account Lock protection to curb the Sim-swap scourgeBy Dan Goodin
Replied in thread
Kevin Karhan :verified:

@mshelton @freedomofpress @eff I did prepare peoples' devices for that in the past.

My suggestions:

0. Never assume you'll have any #HumanRights or #CivilRights. Always assume #TSA staff is looking for a reason to jail, deport, deny entry or shoot one on the spot.

1. Do not have data on them! #CPB will seize any storage media under threat of lethal violence! Use a #ThinClient-like device without any persistent storage. Keep anything important in your head or don't keep it at all.

2. Have someone to setup a #RemoteDesktop for you post-entry and enshure you've got a #SafeWord to indicate you're acting under duress, so they can redirect stuff to a inconspicuous system.

3. Have a #decoy system ready. CPB have full, unrestricted bulk access to all data from companies that are located, do business in or have an office within the #USA as per #CloudAct. So much so that they consider it "suspicious" if one doesn't have an #NSABook account.

4. Make shure all your devices are #clean. Get yourself new throwaway devices and don't trust them if you ever let them out of sight for a second!

5. Test your setup before you travel to the #US on a different system.

6. This applies to every single device from #SimCard to #Laptop. Assume that if authorities plug anything in them, they are irredeemably compromised!

7. Practise proper #ITsec, #InfoSec, #OpSec & #ComSec. Have proper contingencies and emergency contacts in place.

Replied in thread
*
Kevin Karhan :verified:

@Germo The problem I have is that #eSIM restricts my #FreedomOfChoice re: #Devices.

  • Yes, I do use multiple devices and I want to be able to pick them freely.

Same with #eSIM: I can put that on a #SIM #Card *but I can't swap the soldered-down #Chip!

And yes, I routinely use #eSIMcards because I get the #freedom and #flexibility of choice, because it's noone's business which #device I use Which #plans on!

Plus many plans I want to use and/or help people to setup are #SIMonly and not available as #eSIM (i.e. #netzclub)...

I dare you to try to deploy an #eSIM on a #2Gonly #StupidPhone whereas a regular SIM can just be chugged in!

Mastodon.nl door Stichting ActivityclubDude Germo (@Germo@mastodon.nl)@kkarhan@infosec.space DualSIM is veranderd in 1 ouderwetse SIM en 1 eSIM En /e/os is gewoon voor niets te downloaden en te installeren
datenwolf

Here's a quick #realitycheck with respect to the #security of #SIMcard credentials (think developer registrations for app stores and the likes):

For my week long visit in the USA, upon arrival there I bought a prepaid SIM card, to sustain mobile data and outgoing calls so that I'd not burden my primary SIM card with that. I just went into the Target next to the Moscone Center in San Francisco, grabbed the SIM from the rack, paid with cash, no ID check involved.

TrendingLive feeds
About