Hi Pine !
I bought a pinephone but before installing it I would like to know what informations are leaked by powering it up and installing an OS on it (I'd like to try all the ones available), and to whom.
And ideally of course, how to avoid to leak anything.
If I understand correctly, if I set the physical kill switches to "cut" then nothing should be leaked.
Is that actually and entirely true ?
Is there a way to access the Net somehow in this situation (via some cable then I guess) ?
Once I'm done installing and I spoofed the MAC address, what would be leaked if I switch the Wifi on ?
If I put a SIM car on it, what will be leaked ? The IMEI number of the phone, the number associated with the SIM card, and the location of the SIM card I guess; anything else ?
How to spoof all these ? At least the IMEI number ? Or to prevent them from being leaked ?
What do you consider a leak? What if your spoofing gets leaked?
The beautiful thing is that you can inspect all the source code for yourself, to see what might be in there that you disagree with.
:wq
[ SRA accepts you ]
(04-08-2023, 10:34 AM)LienRag Wrote: Hi Pine !
I bought a pinephone but before installing it I would like to know what informations are leaked by powering it up and installing an OS on it (I'd like to try all the ones available), and to whom.
And ideally of course, how to avoid to leak anything.
If I understand correctly, if I set the physical kill switches to "cut" then nothing should be leaked.
Is that actually and entirely true ?
Is there a way to access the Net somehow in this situation (via some cable then I guess) ?
Once I'm done installing and I spoofed the MAC address, what would be leaked if I switch the Wifi on ?
If I put a SIM car on it, what will be leaked ? The IMEI number of the phone, the number associated with the SIM card, and the location of the SIM card I guess; anything else ?
How to spoof all these ? At least the IMEI number ? Or to prevent them from being leaked ?
in regards to mac addresses of wifi and bluetooth and imei of modem, turning killswitches 1 and 2 terminates mac address and imei totally. usb ethernet dongle could be used for internet.
mac addresses are not usually that big privacy nightmare. if you have spoofed mac addresses, i don't think there is other hardware related problems with wifi and bluetooth. however software may leak something though.
modem chip with sim leaks at least imsi and imei. imei could be changed, but it is ILLEGAL in some jurisdictions, like u.k.. see https://forum.pine64.org/showthread.php?...nging+imei . if mobile services are used then imsi is required. if modem is active without sim card, then i think imei is leaked, because of possible emergency calls.
in regards to location of a device, if modem chip is active, then operator knows rough location in all cases. gps location might be more complicated, because some software has to leak it somewhere, although there is theory that modem chip could do it by itself. do not confuse operator cell tower based location and gps location.
what i know of cellphone technology, phone numbers are not leaked, unless it is stored on a sim card somehow. only operator knows what imsi is connected to which phone number. sim cards do not know phone number directly.
previous explanations are usually hardware related. what software does and what software leaks. i'm usually more worried about google accounts and similar, then software in a phone is far more important. this means software toggles is usually enough for me.
those hardware methods start to sound paranoid. however, i live in a country which neighbors totalitarian regime, so those hardware switches and changing imei and mac addresses might be highly useful if i ever go to that regime.
(04-08-2023, 04:34 PM)zetabeta Wrote: in regards to mac addresses of wifi and bluetooth and imei of modem, turning killswitches 1 and 2 terminates mac address and imei totally. usb ethernet dongle could be used for internet.
mac addresses are not usually that big privacy nightmare. if you have spoofed mac addresses, i don't think there is other hardware related problems with wifi and bluetooth. however software may leak something though.
modem chip with sim leaks at least imsi and imei. imei could be changed, but it is ILLEGAL in some jurisdictions, like u.k.. see https://forum.pine64.org/showthread.php?...nging+imei . if mobile services are used then imsi is required. if modem is active without sim card, then i think imei is leaked, because of possible emergency calls.
Thanks !
MAC addresses are only disclosed to the local network, but they clearly are a privacy problem when connecting (or broadcasting) to networks you don't own. Luckily they are easy to spoof.
About the Wifi/Bluetooth chips, I was asking about this issue.
For the part about software, not hardware, Wifi used to be quite talkative... I know that it has improved a little bit, and that there are options in Wifi to be more discreet, don't remember what they are.
IMSI is leaked to the operator, but it's not preventable, and more importantly it's tied to the SIM card right ? So if I make a call/connect to the Net/send a SMS while spoofing IMEI and the MAC address, there's no way I can be identified as the same caller (or the same device) if I change the SIM card later (I mean, if I spoof a different MAC address and IMEI) ?
If I ever need to use a Google or another hostile service, just going through Tor should be enough, right ? They don't have access to my device's MAC, IMSI, IMEI nor wifi signature...
Also, I'm not sure how to interpret this note under the Phosh installation instructions : "When using the installer images (recommended), it is possible to: - encrypt the installation
- install from the SD card to eMMC"
Does it mean that to encrypt my phone I need to use the installer ? Does it have to install the OS on the eMMC or is it possible to install it on the SD card ? My objective is to test many different OS before choosing one, but I still need to have my phone encrypted...
08-04-2023, 06:58 AM
(This post was last modified: 08-04-2023, 07:00 AM by Kevin Kofler.)
(08-02-2023, 08:06 AM)LienRag Wrote: Does it mean that to encrypt my phone I need to use the installer ? Yes. At least if you want full disk encryption. If you use an image to dd directly, then the unencrypted partition will just be copied and you have no way to encrypt it. And of course, if you run the prebuilt image directly from the microSD card, it will not be encrypted either. So it is necessary to go through the installer to install with an encrypted / partition.
Thanks, seems logical.
It raises another question though : when using the SD for the OS, where is the data stored ?
The installation instructions say to dd the OS to the SD card, which means that it's not partitioned ?
(08-05-2023, 05:37 AM)LienRag Wrote: Thanks, seems logical.
It raises another question though : when using the SD for the OS, where is the data stored ?
The installation instructions say to dd the OS to the SD card, which means that it's not partitioned ?
pinephone and pinephone pro use generic partitioning, like in computers. images include partition table, installer installs partitions into disk. that is why whole disk is written, when using dd.
in android world, images are written into specific partitions. messing with partitions in android might cause serious and permanent damage.
Well, I tried to re-install my phone, and the installer asked me whether I wanted to install it on the EMMC or on the SD card.
I chose the SD card and it asked me whether I wanted or not to encrypt the disk entirely (disk being the SD card from the context).
Though, even when I had chosen the SD card for the installation, it still installed it on the EMMC... So I don't know why it asked me the questions.
OK, apparently there's a bug in the installer as it should not ask where to install the OS since whatever the answer is, it will install it on the EMMC.
Anyway, now I have Phosh on my Pinephone, with all buttons switched to "cut" so nothing should be leaked as of now.
When/if I connect it to the Wifi or Ethernet, things will change though.
I recently learned that the hostname is transmitted to the router (yes, that I learned it recently shows that I'm a noob, but even noobs deserve privacy), so that's quite a huge privacy issue. I guess it's easy to spoof though.
Any other leak that I'm not aware of even if they seem obvious to everyone else ?
Also, has there been any progress made about spoofing the Wifi/bluetooth fingerprinting problem ?
|
