@dianea @iode doesn't help in places like the #USA where carriers sell #IMEI & #ICCID data to anyone able to pay their prices.
- Shit that is so illegal in the #EU that businesses can be glad if their CTO doesn't get jailtime for it!
#ICCID
@adisonverlice even if an #MVNO isn't demanding any #KYC whatsoever (i.e. #prepaid are offered OTC in most juristictions) it's NOT "#Anonymous" but merely #pseudonymous as it's trivial for governments to utilize existing and mandtory "#LawfulInterception" appliances to create that #PII chain.
#PhoneNumber <=> #ICCID (#SIMcard) <=> #IMSI (SIM profile) <=> #IMEI (Phone/...).
So if #Anonymity is important, NONE of these details have to be linked somehow even circumstantial.
Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.
Use the SIM in any device? Consider them circumstantially connected forever: #ICCID <=> #IMEI.
Add to the fact that most places have #CCTV, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.
- I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing
*104*1234567890123456#)...
So any #privacy-based service should never ever & under no circumstances demand a Phone Number!
Instead any privacy-focussed service should use #OnionServices, host their own #OnionService or at least #DontBlockTor and allow users to use it via @torproject / #Tor to use and signup. (But don't forget circumstantial connections there either!)
Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.
@cryptgoat ja, nur ist es quasi illegal @signalapp / #Signal #anonym (also faktisch nur #pseudonym, weil stets korrelierbar qua #Rufnummer -> #ICCID -> #IMSI -> #IMEI -> #Location) zu nutzen.
- Seit 07/2017 sind anonyme #SIM-Karten faktisch illegal und ne SIM mir Rufnummer ist ne #Paywall die faktisch teurer ist als nen @monocles - Abo.
Allein die notwendigen #Workarounds sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...
- Von den Problemen die Signal hat ganz zu schweigen...
@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.
Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)
- I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.
I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...
- Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...
If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!
@bob_zim yeah. Seen it. in the writeup by @micahflee ...
I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...
- Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.
I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!
1) #CloudAct is just #CyberFacism, look it up!
https://en.wikipedia.org/wiki/CLOUD_Act
- And with #Trumpism ravaging the #USA must be considered as #hostile as #Russia and the "P.R." #China by anyone who takes #OpSec, #InfoSec & #ComSec seriously!
-
2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!
- Plus their #App doesn't allow #ReproducibleBuilds (if Signal was #FLOSS it would be on @fdroidorg / #Fdroid) but alas it isn't!
-
3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained beforetwice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...
- They have no "#LegitimateInterest" demanding said #PersonallyIdentifyingInformation to begin with!
-
But don't take my word for it.
https://www.youtube.com/watch?v=tJoO2uWrX1M
- Ask yourself if you'd trust someone peddlibg #Shitcoin #Scams like #MobileCoin with your data!
Question to my fellow #telecommunication nerds: Does anyone know who is maintaining the #ICCID prefix list nowadays? The #ITU-T seems to have lost interest and the last document [1] I could find is from 2018 and misses some MNOs I'm looking for...
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst