79·
3 months agoYes, well stated. This is why I usually skip reading people’s comments. The vast majority see everything through their own agendas and just echo words they hear.
Jerry on PieFed
Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)
I also own these publicly available applications:
Mastodon: https://hear-me.social/
Alternative Mastodon UI: https://phanpy.hear-me.social/
Peertube: https://my-sunshine.video/
Friendica: https://my-place.social/
Matrix: https://element.secure-channel.net/
XMPP/Jabber: https://between-us.online/
Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social)
Mobilizon (Facebook Events Alt): https://my-group.events/
and more…
- 16 Posts
- 26 Comments
Joined 1 year ago
Cake day: September 29th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
11·3 months agoIt’s worse than you think. An IMSI catcher is not even needed to find out what phones are in an area:
Section 3.4.1: Presence Testing in LTE
https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networksPassive Presence Testing
The simplest way to do presence testing in LTE doesn’t actually require someone to have what we usually consider a CSS (e.g. a device that pretends to be a legitimate cell tower). Instead, all that’s required is simple radio equipment to scan the LTE frequencies, e.g. an antenna, an SDR (Software Defined Radio), and a laptop. Passive presence testing gets its name because the attacker doesn’t actually need to do anything other than scan for readily available signals (Shaik et al, 2017).
RRC paging messages are usually addressed to a TMSI, but sometimes IMSI and IMEI are also used. By monitoring these unencrypted paging channels, anyone can record the IMSIs and TMSIs the network believes is in a given area . In the next section, we’ll see how an attacker can correlate a TMSI to a specific target phone, as right now collecting TMSIs simply means recording pseudonyms.
There are descriptions in the article of other ways to find phones without using an IMSI Catcher or fake tower.
2·4 months agoEdward Snowden claims the NSA knows how to do it.
It doesn’t mean they are wrong. Anyway, here:
“Based on documents leaked by Edward Snowden, the National Security Agency (NSA) had already developed a technique in 2004 to locate cell phones even when they were turned off, called “The Find”, mostly used to locate terrorist suspects [36]. This was accomplished through the use of IMSI catchers, which could wirelessly send a command to the phone’s baseband chip to fake any shutdown and stay on [37]. The phone could then be instructed to keep just the microphone on, in order to eavesdrop on conversations, or periodically send location pings. The only hint that the phone was still on was if it continued to feel warm even though it had been shut off, suggesting that the baseband processor was still running. IMSI catchers used by London’s Metropolitan Police are also reportedly able to shut down targeted phones remotely [38].”
Seems to depend on what you read: https://godarkbags.com/blogs/news/imsi-catchers-the-hidden-threat-to-your-mobile-privacy-and-how-to-stop-them
Quote:
Can I Be Tracked With My Phone Off?
Yes, even when your phone is turned off, it’s not entirely inactive. The radio system, controlled by a separate subsystem called Baseband, can still transmit signals. This design allows for features like remote device tracking but also means that simply turning off your phone doesn’t protect you from IMSI catchers. Using a Faraday bag completely isolates your device from any external signals, providing robust protection.
The most effective defense against these threats is to block the signals that IMSI catchers rely on. This is where Faraday bags come into play. These specially designed bags create a barrier that prevents radio waves from reaching your device, effectively neutralizing IMSI catchers and other surveillance tools.
They can triangulate from the 8 readings that they did and know my location. They also know it’s T-Mobile and they can subpoena T-Mobile and Google to get the information (the IMSI code will identify the dealer) to identify who bought the phone and what phone account pays for the service.
IOT, your utility company, sensors that report information …
I think T-Mobile still has 2G service in some parts of the U.S. https://www.androidpolice.com/t-mobile-2g-network-is-still-active/
In the U.S. it’s illegal to do anything that would interfere with these devices because it also cuts off emergency services. Sort of like using a hospital to store weapons during a war?
A cell phone repeater is a passive device. It just extends the range of an existing signal. They don’t act as cell towers. They don’t read information from the phone.
My understanding is that the phone requires a modem that supports version 3.0 of Android’s IRadio hardware abstraction layer (HAL). Older phone’s modems do not support version 3.0.
According to the documentation, turning off 2G will not block emergency calls. But, yeah, having said this, definitely, it’s best to remember how to switch it back on, just in case.
It’s a new feature in Android 16, but older phones don’t have the hardware to support it.
It’s in Android 16 for the first time, which is what the Pixel 10 ships with, but older phones don’t have the hardware: https://www.androidcentral.com/apps-software/android-os/android-16-can-tip-you-off-if-someone-is-snooping-on-you-using-stingray-devices
4·5 months agoMy Mastodon instance is on the list. I try hard to block them.
The problem with the list is that it’s a target list, but not a list showing how much content, if any, they manage to process from any of the sites.
When I read the article, it seemed they were very careful not to mention who the 3rd party Cloud provider was who really caused the outage. It was Google Cloud.
https://www.crn.com/news/cloud/2025/multiple-cloud-services-down-as-google-cloudflare-resolve-issues
6·8 months agoCoincidentally, there’s this post today about Yunohost: https://my-place.social/display/db471d1f-c06c03be288f78d7-ad573aef
Elena Rossini, well known for her help in growing the Fediverse, raves about Yunohost, https://news.elenarossini.com/my-year-of-fediverse-explorations/. You should be fine using it.
Well said
Depends on the application for me. For Mastodon, I want to allow 12K character posts, more than 4 poll question choices, and custom themes. Can’t do it with Docker containers. For Peertube, Mobilizon, and Peertube, I use Docker containers.