T-Mobile refuses to retroactively apply my discount they wrongfully removed

I joined T-Mobile in December 2013 using my Microsoft discount which reduces my bill by about 15%. T-Mobile makes a photo copy of my Microsoft badge to verify my employment (which I now realize was a Microsoft security violation). In February 2015 I learned that T-Mobile had removed me from the discount program even though my employment status did not change. This month I learned that T-Mobile removed my discount on June 18, 2014 and that T-Mobile is unwilling to retroactively discount my phone bill.

1. I did not receive or agree to this contractual change. I moved from Sprint to T-Mobile explicitly for the corporate discount.

2. Even if I had received and somehow automatically agreed to the contact change, I have two specific learning disabilities that are recognized by the Americans with Disabilities Act, one of which is a reading comprehension disability. Even if I were to have read something about my discount program, I may not have understood its impact.

3. In T-Mobile stores, which I frequently visit because of account changes, I am sometimes asked for my Washington ID. At those times I have always offered my Microsoft badge to make sure my discount is active. Since June 2014, at least once, I have been told, “We don’t need to re-verify your discount.”

4. T-Mobile has already retroactively applied my discount. Last month, when I visited the T-Mobile store to have my account looked at because of my suspiciously high bill, I was informed that my discount had been removed. I was given an apology and my discount was applied for the month of February by a telephone representative, and then told to contact MCSA to get back onto the program. My email:

From: Christopher Sheats
Sent: Tuesday, March 17, 2015 6:35 PM
To: ‘MCSAMigrations@t-mobilesupport.com’
Subject: corporate discount

Hello,

I have been informed that my corporate discount has been removed. Please re-instate my discount and refund me for every month that you have not discounted my bill.

Their reply:

From: MCSA Migrations [mailto:mcsamigrations@t-mobilesupport.com]
Sent: Thursday, March 19, 2015 10:49 PM
To: Christopher Sheats
Subject: T-Mobile Advantage Program Approved

Hello Christopher,

We appreciate you taking time to contact the T-Mobile Migrations Team. For your reference, please take note of your Case ID 1#######.

We have received and successfully processed your request. Your account, 9######## has been attached to the Advantage Rewards program sponsored by Microsoft . As a T-Mobile Advantage Program participant, you will receive a $25 Rewards Card for every purchase of a new device or tablet.

As far as I could understand, my concerns were addressed and I had a bonus rewards card that I should apply for. I then waited until my next phone bill. This month I still didn’t see my discount, so I called T-Mobile back. I was told over the phone that the percentage discount program had ended, that discount changes occurred back in June 2014, and that I needed to have updated my employment verification by December 2014 to keep my discount. I was also told, as a way to shove off wrong doing, to contact MCSA again.

Their reply:

From: MCSA Migrations [mailto:mcsamigrations@t-mobilesupport.com]
Sent: Monday, March 30, 2015 10:01 PM
To: Christopher Sheats
Subject: T-Mobile Advantage Program Approved

Hello Christopher,

We appreciate you taking time to contact the T-Mobile Migrations Team. For your reference, kindly take note of your Case ID 1#######.

We do apologize for misinformation, Please be advised that your account, 9########, has been attached to the T-Mobile Advantage Program sponsored by Microsoft Corporation. You will receive an estimated 15% discount off on your monthly recurring charges*. On the invoice, you will see the discount displayed as a credit on the “Credits and Adjustment” section. Please note that it may take up to 60 days before the discount appears on your statement.

*?Monthly Recurring Charges? are the rate plan and other Service charges that recur on an invoice each month for a line of Service. Monthly Recurring Charges do not include overage, roaming, long distance, pay-per-use or data usage (other than recurring monthly data plan access charges), insurance, taxes, tariffs, or other government or regulatory fees and charges. The rate of the monthly recurring discount is an estimate and may be subject to change at any time.

Not only do I refuse to wait 60 days for something T-Mobile’s people and computer systems can do right now, I require that I be reimbursed for T-Mobiles wrongful action against me. I called T-Mobile Business and asked to have my discount retroactively applied.

After calling T-Mobile again and speaking to a representative and their supervisor, I am now waiting for a manager callback within 72 hours — a callback that the supervisor told me “might” happen.

Securing voice communication for lawyers, clients, journalists, and sources

Introduction

Lawyers need to talk to their clients securely. Journalists need to talk to their sources securely. It is through good security tools and good security practices that privacy can be achieved. Securing the conversation (content) is important. Revelations made possible by Edward Snowden show the dangers of unsecured content and metadata. This guide does not aim to create an anonymous communication device by way of anonymizing either content or metadata, only securing the content by way of employing Open Whisper Systems Signal (iOS or Android).

In February 2014, documents publicized by James Risen and Laura Poitras revealed proof of the United States explicit and illegal action of spying on lawyers. The National Security Agency’s technological capabilities, also being made public, provide facts that the public needs in order to understand the complex threats that alone chill freedom of association. Even though you might not be a law firm “representing a foreign government in trade disputes with the United States,” the threat and probability of occurrence are clear. Your voice communication can be passively swept up into a global surveillance dragnet.

This guide’s target audience are people needing to protect their day-to-day phone calls and thus the privacy of the people involved. If you want to be successful at using technology to perform your work, you need to be open to learning some technical information and theory. Without sacrificing too many comforts when it comes to communicating via phones, this guide aims to bridge the gap between easy-to-use, state-of-the-art encryption and tools that are readily available.

Prior but related guides

Notes for Signal

Signal threat modeling

Create an anonymous Signal phone number w/ Android

Goals

Provide a public or private phone number that:

1. Uses an iOS or Android device with Signal to securely communicate with your clients or sources. “Security” is gained by having an independent device that is only used for encrypted communication. Calls will be end-to-end encrypted for protecting the content of your conversations.

2. Falls back on a voicemail recording so normal (unencrypted) telephone callers hear an automated message to install Signal and to remake the call after getting it installed.

Additionally this guide will discuss basic operational security to protect the physical device and thus its contents.

Signal simply needs a telephone number to get setup. You do not need a cell phone with active cell service. When done correctly, your voicemail will be reachable by a regular phone caller but said caller and Signal calls will be routed to your Signal device.

Your options:

– A new or used iPod Touch (5th generation with iOS 8), a new or used iPhone 5, 5S, or 6 (iOS 8), or Android (OS version 5, or “L”, is ideal). The Motorola “Moto E” is inexpensive and the Google Nexus line runs “pure” Android and gets updates the quickest. Operating the phone in airplane mode with Wi-Fi enabled creates a similar device as the iPod Touch in terms of which communication networks it uses.

– Any voice-over-internet-protocol (VoIP) service that gives you a long-term phone number. I also suggest a service that provides voicemail in order to warn normal callers to call again with Signal.

Register a land line, cell phone, or VoIP number?

Installing Signal on to your iOS or Android device simply requires a phone number that can either receive a text message confirmation code or an automated telephone/audio confirmation code. Open Whisper Systems’ software does not care what type of phone number it is, they just need to be able to call it for setup confirmation. It is possible for you to do any number of the following:

1. Register a land-line phone number with Signal. Doing so will automatically route Signal callers to your Signal device. Regular, unencrypted callers will still reach your land-line phone.

2. Register a cell phone number on the same device as the SIM-registered number. This is what most people do when they install and use Signal, and it is the common scenario that your callers will implement.

3. Register a cell phone number on a different device as the SIM-registered number. The original, SIM-registered cell phone will continue to receive normal, unencrypted phone calls, but Signal calls will get automatically routed to the secondary device. Doing this compartmentalizes the communications metadata and device exploitation risk.

4. Register a VoIP phone number on a new iOS or Android device. This guide focuses on this scenario to benefit from voicemail options to alert normal, unencrypted callers to install Signal and call again.

Instead of a VoIP service, you could, in fact, use your work land-line phone number to register Signal. I advise against that based merely on the fact that using the same number may confuse your clients/sources on what is and is not a secured line. Giving them a separate Signal phone number creates cognitive dissonance. However, maybe your target audience is aware of the differences between unsecured and secured (Signal) calls. You must assess the risks involved.

Clients/sources will undoubtedly save your Signal number in to their phones. This name-number association will end up on Google’s, Apple’s, Facebook’s, Twitter’s (they steal contact databases from phones), etc servers, so keeping the number private is not probable. What you have to focus on is making it easiest for your clients/sources to contact you securely, with them knowing that the content of the call is private. Maybe you have a combination of 1+4 or 2+4, where 4 in either scenario is a private, non-publicized Signal number. Maybe you give out business cards with this number with explicit directions not to save this number into the client’s/source’s phone book. Keeping a number completely private can be difficult.

Requirements

– At least one lock-and-key safe, ideally a fireproof/waterproof safe with alphanumeric keypad entry.

Unavoidable information and metadata leakage

As stated above, without explicit direction, your clients/sources will likely store your contact number digitally. This digital database, on their iOS or Android smart phone, is continuously copied by other applications that people use, either out of convenience (to backup contact lists) or because of capitalism (direct marketing, relationship linking). Either way, state-actors make it a point to obtain these databases so that they can know who communicates with whom. As a lawyer or journalist, the likelihood that a state actor wants to know whom you work with is much higher than normal.

Apple (or Google if you use an Android) will have a name-to-device information. This means that US surveillance agencies will probably have the same information. This guide does not attempt to create an anonymous phone number (where the device is not linked to you or your company’s identity).

Even though this guide is written to use an iPod Touch which requires the use of a wireless access point and thus at least one internet service provider, and even though Signal network traffic is end-to-end encrypted, encrypted network traffic creates metadata that indicates:

A) you’re using the Internet at all, and
B) that you’re generating encrypted network traffic.

It is possible, with deep packet inspection, that your adversary will be able to identify what kind of encrypted traffic that it is, maybe even as specific as the application being used. So, theoretically, you will, for sure, create metadata, recorded by the internet service provider, that you (or your company) is making Signal calls, when, and for how long. A state actor such as the NSA, with global dragnet surveillance capabilities, may even be able to associate that traffic to the destination. These are critical issues if your threat is a well-funded surveillance agency with legal/political/global reach. A simple minimization procedure, to avoid network metadata leakage, would be to only use the Wi-Fi of at public locations such as coffee shops or libraries. But doing so is not a silver bullet.

A supplementary read: Cell Phone Opsec

If you choose to purchase a registered cell phone instead, which may be required for your work/reach-ability, you must be aware that state actors can track the physical locations of said device whenever the device is on. Movements and non-movements are very informative to adversaries. Cell phone tracking is made painless with IMSI-catchers when governments and companies can afford it.

Guide

1. Purchase and setup your device. Download and install Signal by Open Whisper Systems.

2. Choose a VoIP service.

To test Signal calling from an iPod Touch, I bought a Microsoft Skype phone number that is registered to my long-time Skype account. Skype is convenient because you simply purchase a Skype phone number with a debit/credit card, install Skype, install Signal, and you use Skype to receive the confirmation code. Yes, Skype, is a PRISM participant, and records (of you purchasing a Skype number and receiving a confirmation call from Open Whisper Systems) are guaranteed to end up in the hands of any government agency. Yes, Skype is backdoored by design. But Registering a Skype number with Signal makes the routing of said calls managed by completely different infrastructure. Skype calls are not end-to-end encrypted. Signal calls are.

An alternative to Microsoft Skype is Google Voice. Google Voice, by way of a Gmail address, has the added benefit of 2-factor authentication (2FA). Skype does not offer 2FA, so your account is remotely accessible if your password is stolen. Voice gives you a perpetual phone number that is tied to your Gmail address. Yes, Google is a PRISM participant, too. Like with Skype, calls made by Signal using a Google Voice phone number will not use Google infrastructure.

3. Setup voicemail

The value of using a dedicated, VoIP-based phone number is the ability to setup voicemail. This way, when people call with a normal, unencrypted phone number, they can get the automated message to call back after they’ve installed Signal.

Signal does not have voicemail. If they call you with either and you do not answer, it will only ring.

4. Physically secure your device.

Make sure that your iPod password is secure. Use a strong passphrase and not a simple, 4-digit “Simple Passcode”.

It is critical that you habitually store your device(s) anytime they are not in use. If your work requires that you be available 24/7, you may need to purchase a second, isolated safe for home use for when you bathe/sleep/etc. Never leave your device unattended or in the possession of someone you do not trust.

5. Share your contact number.

Depending on the nature of your work, you should decide how you want to share your number. If you’re a lawyer, you would want to share your public phone number on your website. In this case it is prudent to ensure your website is serving content via HTTPS (data in motion) so that an adversary cannot inject/disinform your clients/sources with a bad number. Similarly, having a secure website (data at rest) is equally important so that the integrity of the public information is unchanged.

It is also prudent to include minimal directions on installing and using Signal. Guiding them to EFF’s Surveillance Self Defense guide is a good option.

Telco metadata surveillance: only minimal avoidance with HTTPS and Tor

In this post I’ll explore possible telco (mostly, Internet Service Providers) metadata countermeasures using the specific example provided by Australia, a member of Five Eyes. It is not exhaustive. Glyn Moody has written a disturbing article concerning Australian data retention.

The Australian Parliament has passed a series of amendments to the country’s Telecommunications (Interception and Access) Act 1979, requiring “telecommunications service providers to retain for two years telecommunications data (not content) prescribed by regulations.”

The target audience is the 98% of the Internet users that are victims of passive surveillance. At least, the much smaller percentage that cares for and understands minimal aspects of transport encryption.

Metadata notes

There are two important distinctions for threat analysis:

1. This metadata seizure (misleadingly popularized as “bulk collection”) is outside of the scope of programs like the United States’ Special Source Operations (SSO). It does not include what governments are able to directly collect (using Section 702 of the FISA Amendments Act in the USA) at end points (downstream programs like PRISM and MUSCULAR) or en route (upstream programs).

2. Only so much can be done to mitigate telco metadata collection because most of it depends on you physically performing an action, like turning on your computer and simply accessing the Internet at all.

Metadata collected

Here is a somewhat simplified version of what the Australian government considers telco metadata, re: section 187AA Information to be kept

  1. Subscribers, accounts, services, devices: The status of, name(s) of, address(s) of, billing information of, payment(s) for, and any contact information of — and any other information that can be used to identify — the subscriber(s), account user(s), service user(s), and device user(s).
  2. Communication source: Service or device identifiers that send any and all communication.
  3. Communication destination: Account, device or service identifiers that successfully or attempt to send, forward, route or transfer communication.
  4. Session: The date and time of the start, end, connection, or disconnection of any Internet service.
  5. Communication type: The type of communication, including voice, SMS, email, chat, forum, and social media. The type of service, including ADSL, Wi-Fi, VoIP, cable, GPRS, VoLTE, and LTE. The features of services that were, would have been used by, or enabled for the communication, including call waiting, call forwarding, and data volume usage.
  6. Medium: The location of the equipment or line at the start and end of any communication, including cell towers and Wi-Fi hotspots.

HTTPS versus Tor

A general consideration is the fact that your computing and routing devices all have unique fingerprints. This includes cell phones, laptops, and routers. In order for networked devices to work at all, they have to be able to talk to other devices in order to network. Aside from having unique, physical addresses, networking protocols work by devices saying “hey, i’m alive” or “hey, are you there”. The implementation of these network protocols provides network adversaries unique clues about when, who, and what is talking on the network. Telcos see a lot of this type of identifying metadata because they’re the ones connecting you to everything else.

A general difference between HTTPS and Tor is that Tor protects the identify of your destination. If you log into Twitter over Tor, Twitter knows who you are because you’re logging into an identifying account. But your telco, who connects you to your next hop in the Tor network (the guard), will not know where your traffic is destined. Tor is, of course, limited to Internet data and not plain SMS or voice calls.

metadata-https-tor-2

Subscribers, accounts, services, devices

Only users of Internet service are partially protected when using transport encryption services like HTTPS and/or Tor as long as you’re behind an Internet router (like a Wi-Fi router) that helps mask who is using the Internet. The reason for this is that encrypting internet data might conceal the actual user using any particular service. For example, if you log into Twitter with HTTPS, the telco can only see that you’re using Twitter. If it was HTTP-only (clear text), your telco could specifically see what account is being used. Unfortunately, users of home and work Internet are routine users that are easily linkable to the account holder. Users of publicly-accessible Internet sources are better protected here.

Account information is something you have to give telcos for work and home use. Telcos know the devices immediately connected to them, when it’s used, when it’s not used, who’s likely using it, and what type of traffic those devices is making.

Communication source

Tor is only able to protect the Internet services that you’re using from spying telcos. Device and network fingerprints along with simple on/off usage of devices are very identifying. HTTPS protects the metadata within the encrypted session, but your telco can still see that you’re connecting to “https://twitter.com/”, when, and for how long.

Communication destination

Within this very small scope of threat mitigation, Tor shines when protecting your Internet destination. Unlike HTTPS that is end-to-end encrypted, that end is the service provider which your telco fully observes. Tor, on the other hand, while not end-to-end encrypted (unless you’re connecting to a Tor hidden service), has to make five hops across the global internet in order to help sever the logical connection between start and end.

Session

When using Tor, it is able to help hide your destination. So, while your telco does see what is connecting and using what device, when, and likely by whom, connecting that metadata to the services and people that you talk to is made tremendously harder. However, a global adversary like FVEY might be able to correlate the known and the unknown if you’re logging into identifiable Internet accounts.

Communication type

Again, within the small scope of Internet usage, Tor helps avoid metadata correlation. But Tor, be it from your phone or laptop, still requires physical Internet access and it still requires TCP/IP protocols. So if your communication “type” is within this small scope of communication, Tor helps. A little.

Medium

Network level encryption does nothing to protect physical medium.

Conclusion

My analysis only looks at one-time events, not holistic trends or past/future unintended consequences of this manner of data retention. A more detailed analysis might also look at the OSI-layer threats posed at each of the seven layers, and in different environments such as “work”, “home”, and “public library”, but I hope this has gotten you to think more about these complex problems.

When in doubt, use Tails Linux on a second-hand laptop at various Internet cafes in a country that doesn’t require ID to connect. How sad.

#LLAP

Signal threat modeling

In this blog post I will explore what telecommunication companies (telcos) are able to observe in terms of metadata and content when using or not using Open Whisper Systems’ Signal. Special thanks to John Brooks for content editing.

Introduction

Telecos, globally, for over a hundred years, have had various data retention policies that include metadata and content collection and storage (information seizure). In the United States, the Communications Assistance for Law Enforcement Act (CALEA) was enacted specifically to enhance electronic surveillance. Anything the telecos can see and store, intelligence agencies and law enforcement have the ability to obtain too, often in real-time (information search). Intelligence agencies store this information for much longer than telcos because of the monetary costs to store your private information. Within the Snowden revelations, top secret documents make clear that as much information as possible is collected depending on company/agency capacity and technical capability.

The mobile devices that you use contain a huge swath of information about you. They also contain a huge swath of information about the people that you communicate with. In each of the scenarios that I explore below, I’ll be breaking down my exploration into two high-level categories; device vulnerabilities, which can alternatively be thought of as “data at rest”. The second high-level category is infrastructure threats, which can alternatively be thought of as “data in motion”.

Target audience

Journalists, lawyers, activists, and domestic violence survivors are all example populations that have a choice. They can either attempt to learn somewhat technical material and self-empower their decisions about the technology that they use or don’t use, or they can further trust other people to make those decisions for them. It is my opinion that vulnerable populations that are direct victims of surveillance should put more effort into learning technical material. It is unethical for me to make all information and operational security decisions for my students. It is also my opinion that technical educators like me have a responsibility to help bridge any gaps in learning.

Summary

Standard SMS and standard voice calls leave you vulnerable to device and infrastructure exploits (information seizure) for both content and metadata. Once installed, Signal, for Android, handles SMS which is the same in transport as standard SMS, but message content is better protected on the device. Signal can not protect standard voice calls.

Signal manages both encrypted IMs and encrypted voice calls. When you use encrypted IMs and encrypted voice calls, your message content is protected against device and infrastructure exploits. Metadata is protected against infrastructure exploits when you use encrypted IMs and encrypted voice calls, but metadata on the device is still somewhat vulnerable.

Understanding the visual models

phone-basestation
The column and row -based models shown below, one model per scenario, were made to help illustrate the different phases of text/voice communications through telco networks and other related risks.

Asset

The messages that you send people (data in motion) contain two very important things. These two things are your assets: participant metadata and message content. These two assets have to traverse your telco network and the telco network of your friend in order to work the way you expect them to. Each of the two assets is uniquely vulnerable depending on your choice of communication technologies.

The adversaries to your assets are the people who want to illegally or unethically copy your assets for themselves. Your threats are the infrastructure technologies which your adversaries have designed and control.

Device

Your messages must be generated and stored (data at rest) on your mobile device in a messages database. In order to reliably send people messages, you have a third asset that must be protected: your contacts database. It is possible that your teleco has pre-installed software on your phone that has access to your stored assets. Other common threats to data confidentiality include social media applications and syncing applications that make a copy of your messages and contacts and stores them on someone else’s servers.

Infrastructure

When you want to communicate with someone, your device has to send your messages across various infrastructure technologies to reach the person whom you wish to communicate with. I will not be going to great depth into each of the phases of telco network traversal. It is not important given the Open Whisper Systems crypto tools that you have available. What is important to understand is that if you’re using AT&T and your friend is using Verizon, messages have to traverse two completely different sets of infrastructure. When you send a single message to someone, it is likely that three different adversaries are able to copy your assets. Each adversary has completely different data retention policies, laws, and ethics.

SMS communication scenarios

Scenario 1

SMS2SMS-1
1. You send an SMS on your cell network without Signal to a friend who receives the SMS on her cell network without Signal, or vice versa.

Participant metadata and message content

1.1. Device vulnerabilities: message databases and contact databases are, by default, easily accessible to other applications installed on your mobile devices. Social media apps, message sync apps, etc, will copy these databases and put them unsafely on servers that you have minimal control over. Specifically, regarding SMSs and IMs, these companies that store your private information can observe who you talk to and when. Companies like Facebook want to know everything they can about you. Companies like Apple and Google want to make backups easy and seamless, but they store your information in such a way that they can make it available to law enforcement.

1.2. Infrastructure threats: SMS is only encrypted between your mobile device and the cell tower. At no other point in the message’s traversal to the delivery cell tower is it encrypted in such a way that a network operator or intelligence agency cannot access it. Your information was designed to be exploited when using these systems as-is. 2G/3G/4G encryption standards largely protect cellular network communication from local eavesdroppers, but those standards are weak.

Scenario 2

TS2SMS-1
2. You send an SMS on your cell network with Signal to a friend who receives the SMS on her cell network without Signal, or vice versa.

Note:

From Open Whisper Systems: “Signal does not store its encrypted database in a location that other applications are allowed to access. Android features support for isolated storage, and Signal takes advantage of this functionality. Memory contents are also protected, and recent versions of Android include ASLR which makes manipulating memory contents (or predicting the location of stored material) even more difficult.

Having said that, users should still choose strong passphrases to properly protect their message contents if their phone gets lost or stolen.”

Participant metadata and message content

2.1. Device vulnerabilities: While the message database is protected on your mobile device when Signal is managing said database, the contacts database is not. Apps can and will read or copy your contacts database unless you take additional protections to block apps from doing so. Copying your contacts database will not reveal who you necessarily communicate with, but it does show who you can communicate with and who you’ve likely communicated with. Database security presumes that your mobile device is free from existing malicious software.

2.2. Infrastructure threats: All participant metadata and message content infrastructure threats are identical to scenario 1.2.

Communication scenarios with Signal

Scenario 3

TSS2TSS-2
3a. You send an IM on your cell network with Signal to a friend who receives the IM on her cell network with Signal, or vice versa.

3b. You make a Signal call on your cell network to a friend who receives the call on her cell network with Signal, or vice versa.

Note:

On transport security, see Open Whisper Systems Is it secure? Can I trust it?

Participant metadata

3.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

3.2. Infrastructure threats: When using Open Whisper System’s end-to-end encryption, the participant metadata of messages is protected from all aspects of “data in motion”. However, Deep Packet Inspection (DPI) by any infrastructure intermediary is capable of identifying the fact that traffic is encrypted. DPI can also fingerprint the encrypted traffic to the degree that adversaries might be able to identify you as a Signal user. This alone would not allow a teleco to know whom you communicate with. A global adversary like Five Eyes (FVEY) may be able to identify who you communicate with by fingerprinting the type of encryption and network timing analysis. This should concern you if you’re a journalist talking to a source or vice versa.

Message content

3.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

3.4. Infrastructure threats: When using Open Whisper System’s end-to-end encryption, the content of messages is protected from all aspects of “data in motion”.

Scenario 4

TSS2TSS-1
4a. You send an IM on your Wi-Fi with Signal to a friend who receives the IM on her Wi-Fi with Signal, or vice versa.

4b. You make a Signal call on your Wi-Fi to a friend who receives the call on her Wi-Fi with Signal, or vice versa.

Note:

Scenario 4 is nearly identical to scenario 3, except that the transport infrastructure has changed, which means the specific adversaries have, too. Conceptually, the technical threats and vulnerabilities are the same.

Participant metadata

4.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

4.2. Infrastructure threats: All participant metadata infrastructure threats are identical to scenario 3.2.

Message content

4.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

4.4. Infrastructure threats: All message content infrastructure threats are identical to scenario 3.4.

Scenarios with IMSI catchers

IMSI-catchers come in many different names and capabilities. There is even a Free and Open Source Software (FOSS) version called OpenBTS that allows amateur or professional hackers to exploit the weaknesses of cellular networks. Infosec Institute made a decent guide. They all pose an abundance of threats to you and your assets.

IMSI catcher capabilities:
  1. Passively or actively extract identifiers of cellular devices such as IMSI, ESN, and MEID numbers.
  2. Passively or actively track physical locations and movements.
  3. Actively perform Denial of Service (DoS) attacks that would prevent the cellular device from connecting to a cellular network. Targeted DoS attacks can also force cellular devices to use older wireless technologies (2G or 3G) which use weaker encryption or no encryption depending on the cellular network configuration.
  4. Actively perform Man in the Middle (MitM) attacks to eavesdrop on all forms of cellular communications: SMS, voice, or data.
  5. Actively exploit baseband processors, allowing the adversary to deploy malicious software onto to the cellular device.

There is no indication that local law enforcement perform capabilities #3 or #5. However, intelligence agencies and well-funded groups are capable of such operations. It is very important to understand who your actual adversaries are in order to apply any notion of risk (threat + vulnerability).

Scenario 5

SMSIC2SMS-1
5. You send an SMS without Signal via your compromised cell network to a friend who receives the SMS on her cell network without Signal, or vice versa.

Note:

When IMSI catchers are in use, there is a higher probability of device exploitation if you are the target of the operator. Mobile device databases could be extracted, key-logging software or voice and visual recording software might be installed that will jeopardize existing and future conversations.

Participant metadata and message content

5.1. Device vulnerabilities: All participant metadata and message content device vulnerabilities are identical to scenario 1.1.

5.2. Infrastructure threats: SMS is likely not encrypted at all or the IMSI catcher was able to Man-in-the-Middle the encryption between your mobile device and the cell tower. At no point in the message’s traversal to the delivery cell tower is the message protected in any way. The IMSI catcher operator, cellular network operator, and/or intelligence agency can access the messages.

Scenario 6

TSSIC2TSS-1
6a. You send an IM on your compromised cell network with Signal to a friend who receives the IM on her cell network with Signal, or vice versa.

6b. You make a Signal call on your compromised cell network to a friend who receives the call on her cell network with Signal, or vice versa.

Note:

When IMSI catchers are in use, there is a higher probability of device exploitation if you are the target of the operator. Mobile device databases could be extracted, key-logging software or voice and visual recording software might be installed that will jeopardize existing and future conversations.

Participant metadata

6.1. Device vulnerabilities: All participant metadata device vulnerabilities are identical to scenario 2.1.

6.2. Infrastructure threats: All participant metadata infrastructure threats are identical to scenario 3.2.

Message content

6.3. Device vulnerabilities: All message content device vulnerabilities are identical to scenario 2.1.

6.4. Infrastructure threats: All message content infrastructure threats are identical to scenario 3.4.

Related adversaries + threats not discussed

  1. Intelligence agencies, companies with lots of money to spend with grudges, and global surveillance adversaries that have the ability to pin-point your mobile device and perform one-time or persistent malicious activity.
  2. Technical threats or adversaries posed by IMSI catchers are the same when connecting to your normal cell network, but the probability of exploitation may not be the same.
  3. MitM attacks, similar to IMSI catchers, can also be performed on Wi-Fi networks; technical exploitation might be different, but outcome of exploitation might be the same.
  4. Mobile devices that have already been compromised either intentionally or accidentally.
  5. Can you think of one?

Conclusion

This is the style of guide that people like journalists, activists, and lawyers need. It borders on specific technical details without getting into too many details. It is also the style of guide that needs regular maintenance (research, Q&A, feedback, editing, administration). This guide demonstrates the need of journalists, activists, and lawyers to become educated in certain areas of technological advancement.

I hope that this has proven useful to you. If you liked this blog post, tell your friends about it and talk to them about it. Talk about encryption. Talk about surveillance. People need to talk about this stuff. If you have any questions, concerns, or constructive feedback for me, please email me.

Glossary

2G/3G/4G: cellular teleco technologies that allow your cellular mobile device to talk to telco networks.

802.11 a/b/c/n: “Wi-Fi”

Android: Google’s mobile device operating system.

Asset: Something that is important to you.

BTS: See: “Base transceiver station” on Wikipedia.

IM: Instant Message. Think: AOL instant messenger or MSN instant messenger. Signal is capable of sending IMs to mobile devices using Internet data.

IMSI catcher: a device that can be used to maliciously intercept, alter, or deny your cellular network communication. It is commonly used by law enforcement, private police, private investigators, or hackers. See “IMSI-catcher” on Wikipedia.

iOS: Apple’s mobile device operating system.

ISP: Internet Service Provider. This might be your home ISP or the ISP of a coffee shop that you’re using.

Message content: the content of an SMS or IM.

Participant metadata: Any aspect of people and the communications between people. This could include, but is not limited to, who is communicating, when, for how long.

Signal: The open source application made for iOS by Open Whisper Systems. See: Notes for Signal

SMS: Short Message Service. A “text”. You usually send these to people with your phone, limited to 160 characters per message.

SMS-SC: See: “Short message service center” on Wikipedia.

SS7: See: “Signalling System No. 7” on Wikipedia.

Telco ISP: the ISP of your cellular telco network provider. It could be that your cellular network provider is also its own ISP.

Threat: A person, place, or thing that is likely to cause damage or danger to your assets.

Vulnerability: A person, place, or thing that is unable to withstand the effects of a hostile environment.

WAP: Wireless Access Point. It provides Wi-Fi.

Create an anonymous Signal phone number w/ Android

Formerly: “Create an anonymous TextSecure and RedPhone phone number”

Published: 2015-Mar-14
Updated: 2015-Nov-16, revision 64

Sometimes you just need an email address and a phone number to do things online. Or maybe you want to ditch you expensive phone plan because your friends and family all smartly use Open Whisper Systems crypto tools. And why not? Signal lets you communicate for free, even to international numbers. This guide will show you:

  • how to create a new Gmail address without an existing phone number,
  • create a new Google Voice phone number with your new Gmail address,
  • and then using your new Google Voice number to setup Signal.

After you complete this guide, your new phone number can send/receive Signal calls and instant messages using Wi-Fi. Persistent SMS capabilities will also be available using Google Voice. Baseband and SIM card exploits will be a thing of the past.

Anonymity is relative in this context. Yes, you’ll be creating a phone number that you’ll probably be giving to other people. Those people will probably know who you are. Pay special attention to step 14. If you follow this guide, you’ll be in a position to maintain communications anonymity in a massive passive-surveillance network.

The following was tested on a Motorola “Moto G” running Android 4.4.4. You will need a laptop to perform the Google Voice aspects of this procedure. Like most guides, you may want to read through the whole thing before starting. Please email or Tweet me if you have any suggestions.

Alternative security

If you just need security and not anonymity, Signal on an iPod Touch is even better.


Guide

1. Obtain an Android phone that was not purchased by you at any retail location. The Nexus phones might be ideal as they typically will not come with a bunch of extra software installed. The Moto E is also a good choice. Craigslist should be fine. Pay with cash. You don’t want any phone device IDs linkable to you (including by way of electronic payment cards and shipping addresses).

1.1. To further distance your connection to device IDs and location-based IPs, take a bus (pay with cash) to a different city than the one you live. Don’t bring any other personal cell phones. Go to a mall and buy a used Android from one of the kiosks. Perform this guide in that city. Do nothing else in the city; don’t go and get your face on a bunch of cameras, and don’t pay for things with debit/credit cards.

2. Go to a public library or coffee shop with free Wifi with your Android, laptop, and Tails Linux (USB or DVD). Make sure it’s a place that you’ve never been to and one which you’ll never return to. Order a coffee with cash, be nice, and avoid interacting with people.

3. Remove any SIM cards from the Android. Turn on then restore the Android to factory defaults. Skip all activation settings and enable Airplane Mode as soon as possible. Disable or uninstall all possible apps that aren’t needed, especially ones that sync. You need, at a minimum, Google Play Store, Google Play Services, and Google Services Framework. With Airplane mode still enabled, turn on Wi-Fi and connect.

4. Open Google Play Store. Create a new Gmail address when Android prompts you to log in. Don’t use any words or phrases in either your email address or your password that you’ve used before. And don’t use a password that you’ve ever used before.

5. Using your laptop, boot up Tails Linux. Open the “insecure” browser that is not Iceweasel to log in to your Gmail address. Do not use Iceweasel or Tor, Google will lock you out of the new account, and you’ve already shown Google where you are in steps 3 and 4.

5.1. Make sure you do not proceed if you are prompted to accept bogus SSL/TLS certificates.

5.2. Booting up Tails has two advantages despite not using Tor: 1) the Wifi MAC address is spoofed, and 2) when you shut down your laptop, no history is saved. Do not use Tor to log in to your Google account until after you have two-factor authentication set up.

5.3. If you ever need to enter an alternate email address, simply open the Gmail Android app and create a new address. You can use it as the backup for your new primary address.

6. Use your Android to download “Talkatone“, a free VoIP Android app that gives you a temporary phone number. You will use it to receive phone calls over Wi-Fi. Register for a new account for a new number using your new Gmail address. You may need to search various area codes to find one that has numbers available.

7. Log into google.com/voice with Tails’ insecure browser. Enter your Talkatone phone number and receive its call to verify the number. Go into settings and verify that both “Receive text messages on this phone” and “Notify me of new voicemails via text” are checked. Turn Call Screening off in the Calls tab.

7.1. You can stop here if you don’t need Signal. You may only need a WiFi connected Android with Google Voice to privately receive access tokens via SMS.

8. Never use this phone from any place you routinely go (anchor points) unless you are behind Tor. See (*) below.


Signal configuration and Android configuration

9. Download “Signal” and register it with your Google Voice number. The SMS verification will fail. Wait and then verify via phone call. Your temporary Talkatone number will receive a call, so prepare to write down or remember the six-numeral verification code. Enter the code to verify Signal.

10. Encrypt the phone (Settings > Security > Encrypt phone).

11. Only use this device for Signal (and maybe Google Authenticator, see #13) from now on to minimize its exposure. Especially do not use apps that have in-app ads. Uninstall Talkatone. Uninstall or disable all web browsers. Uninstall or disable all Google apps and services except Google Play Services (and maybe Google Authenticator, see #13). You will need to enable Google Play Store again at some point to keep apps updated, but only at another random, public Wifi location. Always keep all syncing disabled, you do not want Google to have your contacts.

11.1. “NetGuard” may be a useful solution for keeping network activity minimized.

12. Open Signal. Disable SMS/MMS to both Signal users and non-Signal users in settings. Require password access to Signal by turning on “Enable passphrase” to further harden the message database in addition to adding another layer of defensive security (shoulder surfing for the phone access passphrase is easy). Set a low “Timeout interval”.

12.1. When preparing to IM someone with Signal, be sure to first add a contact in your Contacts. When you’re looking at your Signal contact list (or lack thereof), tap the refresh symbol to force a refresh. Now you should be able to see Signal users that can receive your IMs.

13. Using the “Google Authenticator” Android app, enable two-factor authentication (2FA) for access to your new Gmail. If an attacker can get into your Gmail accounts, an attacker could register your number with a new device and deny you the ability to communicate with Signal. When configuring your new Google account, you can now use your new Google Voice number as a verification phone number. Immediately configure 2FA with only Google Authenticator and Google Voice as a backup.

13.1. To further compartmentalize, put your Google Authenticator tokens on a separate device — Preferably one that remains in Airplane Mode all the time.

14. Tell people that you communicate with not to save your number with any personally identifiable name. The apps they use–like Facebook or their Google Contacts sync–will betray your privacy by recording their contact list, forever creating the digital record of your name with your new number.

15. Log into google.com/voice with Tails’ insecure browser on your laptop and disable forwarding to your former Talkatone number. Or alternatively, use Tails’ Iceweasel (Tor) and test access now that 2FA is configured.

Optionally…

16. Physically remove the phone’s microphone and cameras; if possible, the accelerometer too. Rely on a corded headset when communicating with Signal (voice). Don’t leave the headset plugged in when not in use.

16.1. If an attacker is able to compromise your device, you do not want them to be able to hot-mic your Android or take pictures/video of your environments.

rootkovska
An iPhone with its microphone and front camera removed.
Photo credit: Joanna Rutkowska

Root?

There are pros and cons to rooting your phone. Rooting might make the job of targeted attacker much easier. Should you root for more control (creating new vulnerabilities) or simply hope that Airplane Mode is doing what it promises when you are carrying your phone with you at anchor points?

(*) There are several options for getting Signal to work with Tor, but the downside is that only Signal IMs will work, not Signal voice calls. One option is to create a wireless access point for your anchor points that force all traffic over Tor, which does not need root, like P.O.R.T.A.L.. It also may be possible to leverage another Android phone that is already rooted and running Orbot to tether through. And again, InvizBox and Anonabox are simple solutions, but you have to buy them online and have them shipped somewhere, creating a lot of metadata. Lastly, there is the option of rooting and using Orbot to proxy local Android traffic.

Mission Impossible Android Hardening on Github, previously on the Tor Project blog, goes into good detail on how to root your Android device and attempt to delete the Android baseband firmware partition.

Once your Android is rooted, you would need to install a 3rd-party ROM that does not have any Google services pre-installed. Then you’d have to find the Signal APK online (plus verifying their hashes) and manually install the apps you need. There are some interesting, unsupported ways to get and use Signal on an Android. Google Cloud Messaging (GCM) is required unless another service pretends to be GCM.

Ideally you’d use an iptables-based firewall to prevent any apps or services using any network interface except Signal and Orbot. You would also need to find a different long-term VOIP provider (to receive phone calls and SMS) since you wouldn’t be setting up a Gmail or Google Voice in this scenario.

Notes for Signal

Previously: “Signal, TextSecure, and RedPhone ecosystem notes”

Published: 2015-Mar-02
Updated: 2015-Nov-16, revision 36

FAQs

1. You need a phone number plus an Android, iPhone, or iPod Touch to use Signal.

2. You need a data connection (Wifi or cellular) to use any of Signal’s end-to-end encrypted (E2EE) services.

3. Signal provides easy E2EE voice and text communications including to international Signal users; however, Signal for Android can optionally manage SMS by replacing your default SMS application.

4. Signal’s message database is independently encrypted on the device. Other apps cannot access the contents of this database. Signal (iOS) messages are not included in iCloud backups if iCloud is enabled. Signal (Android) messages are not included in Google Hangout syncing.

5. Unlike iMessage, WhatsApp, and other encrypted IM solutions, Signal allows users to verify each other’s public encryption key by sharing the public key fingerprint.

Group Messaging

6. Signal can be used to create and manage E2EE text/IM group chats.

7. Signal group chats protect 1) who is in the chat, 2) the name of the chat, and 3) the message content shared between Signal users.

Android specific

8. Signal asks to replace the default Android SMS application. It can send SMS (insecure) to non-Signal users. When Signal manages the SMS database (default SMS application), SMS (insecure) sent and received are not any more protected in transit than if you were using Android’s default SMS application.

9. If you need to send an SMS (insecure) to a contact but you have already chatted with Signal IMs, long-press the “enter” button when you are about to send the message.

10. Signal for Android can be configured to turn off SMS-sending. In this case you’ll only be able to send IMs to other Signal users. However, turning off SMS-sending only removes SMS contacts from Signal’s user interface. If you have an existing SMS conversation that is managed by Signal, you will still be able to send SMS to said contact. If someone SMSs you, you can still reply with SMS. Turning off SMS-sending in Signal is only superficial.

11. Signal SMS messages provide message content, time, date, contact (phone number), and location (cell tower) metadata to your telecommunication service provider and to your federal agencies. In the United States, this is accomplished via Section 215 of the USA Patriot Act. Signal IMs can provide time, date, and location metadata to telecommunications companies while protecting message content and contact metadata. Communication records will not show up on your phone bill when using Signal (non-SMS) encrypted communications.

iOS specific

12. Signal for iOS cannot send or receive SMS because there is no application program interface (API) in iOS for SMS. It can only send encrypted IMs.

13. Signal (iOS) is like iMessage. However, iMessage encryption keys can be replaced transparently (without your knowledge) by Apple, and iMessage does not employ Perfect Forward Secrecy (PFS). PFS allows each IM or encrypted voice call to have it’s own, unique, encryption key, making your communications much harder to crack once captured. Additionally, iMessages, by default, are synced to iCloud, making them easy to obtain by Apple or any government agency with the right paperwork. iMessages stored in iCloud are encrypted, but Apple holds those private keys and can unencrypt them for anybody it chooses.