Title says it. Like something that has no relation to my identity that I can buy in cash. Thanks :)
Best burner phones with no GPS location tracking?
Title says it. Like something that has no relation to my identity that I can buy in cash. Thanks :)
[10 Points] davidson34:
[6 Points] fuqboi1738:
This guide will show you:
how to create a new Gmail address without an existing phone number,
create a new Google Voice phone number with your new Gmail address,
and then using your new Google Voice number to setup Signal.
After you complete this guide, your new phone number can send/receive Signal calls and instant messages using Wi-Fi. Persistent SMS capabilities will also be available using Google Voice. Baseband and SIM card exploits will be a thing of the past.
Anonymity is relative in this context. Yes, you’ll be creating a phone number that you’ll probably be giving to other people. Those people will probably know who you are. Pay special attention to step 14. If you follow this guide, you’ll be in a position to maintain communications anonymity in a massive passive-surveillance network.
The following was tested on a Motorola “Moto G” running Android 4.4.4. You will need a laptop to perform the Google Voice aspects of this procedure. Like most guides, you may want to read through the whole thing before starting. Please email or Tweet me if you have any suggestions.
1.1. To further distance your connection to device IDs and location-based IPs, take a bus (pay with cash) to a different city than the one you live. Don’t bring any other personal cell phones. Go to a mall and buy a used Android from one of the kiosks. Perform this guide in that city. Do nothing else in the city; don’t go and get your face on a bunch of cameras, and don’t pay for things with debit/credit cards.
Go to a public library or coffee shop with free Wifi with your Android, laptop, and Tails Linux (USB or DVD). Make sure it’s a place that you’ve never been to and one which you’ll never return to. Order a coffee with cash, be nice, and avoid interacting with people.
Remove any SIM cards from the Android. Turn on then restore the Android to factory defaults. Skip all activation settings and enable Airplane Mode as soon as possible. Disable or uninstall all possible apps that aren’t needed, especially ones that sync. You need, at a minimum, Google Play Store, Google Play Services, and Google Services Framework. With Airplane mode still enabled, turn on Wi-Fi and connect.
Open Google Play Store. Create a new Gmail address when Android prompts you to log in. Don’t use any words or phrases in either your email address or your password that you’ve used before. And don’t use a password that you’ve ever used before.
Using your laptop, boot up Tails Linux. Open the “insecure” browser that is not Iceweasel to log in to your Gmail address. Do not use Iceweasel or Tor, Google will lock you out of the new account, and you’ve already shown Google where you are in steps 3 and 4.
5.1. Make sure you do not proceed if you are prompted to accept bogus SSL/TLS certificates.
5.2. Booting up Tails has two advantages despite not using Tor: 1) the Wifi MAC address is spoofed, and 2) when you shut down your laptop, no history is saved. Do not use Tor to log in to your Google account until after you have two-factor authentication set up.
5.3. If you ever need to enter an alternate email address, simply open the Gmail Android app and create a new address. You can use it as the backup for your new primary address.
Use your Android to download “Talkatone“, a free VoIP Android app that gives you a temporary phone number. You will use it to receive phone calls over Wi-Fi. Register for a new account for a new number using your new Gmail address. You may need to search various area codes to find one that has numbers available.
Log into google.com/voice with Tails’ insecure browser. Enter your Talkatone phone number and receive its call to verify the number. Go into settings and verify that both “Receive text messages on this phone” and “Notify me of new voicemails via text” are checked. Turn Call Screening off in the Calls tab.
7.1. You can stop here if you don’t need Signal. You may only need a WiFi connected Android with Google Voice to privately receive access tokens via SMS.
Never use this phone from any place you routinely go (anchor points) unless you are behind Tor. See (*) below. Signal configuration and Android configuration
Download “Signal” and register it with your Google Voice number. The SMS verification will fail. Wait and then verify via phone call. Your temporary Talkatone number will receive a call, so prepare to write down or remember the six-numeral verification code. Enter the code to verify Signal.
Encrypt the phone (Settings > Security > Encrypt phone).
Only use this device for Signal (and maybe Google Authenticator, see #13) from now on to minimize its exposure. Especially do not use apps that have in-app ads. Uninstall Talkatone. Uninstall or disable all web browsers. Uninstall or disable all Google apps and services except Google Play Services (and maybe Google Authenticator, see #13). You will need to enable Google Play Store again at some point to keep apps updated, but only at another random, public Wifi location. Always keep all syncing disabled, you do not want Google to have your contacts.
11.1. “NetGuard” may be a useful solution for keeping network activity minimized.
12.1. When preparing to IM someone with Signal, be sure to first add a contact in your Contacts. When you’re looking at your Signal contact list (or lack thereof), tap the refresh symbol to force a refresh. Now you should be able to see Signal users that can receive your IMs.
13.1. To further compartmentalize, put your Google Authenticator tokens on a separate device — Preferably one that remains in Airplane Mode all the time.
Tell people that you communicate with not to save your number with any personally identifiable name. The apps they use–like Facebook or their Google Contacts sync–will betray your privacy by recording their contact list, forever creating the digital record of your name with your new number.
Log into google.com/voice with Tails’ insecure browser on your laptop and disable forwarding to your former Talkatone number. Or alternatively, use Tails’ Iceweasel (Tor) and test access now that 2FA is configured. Optionally…
Physically remove the phone’s microphone and cameras; if possible, the accelerometer too. Rely on a corded headset when communicating with Signal (voice). Don’t leave the headset plugged in when not in use.
16.1. If an attacker is able to compromise your device, you do not want them to be able to hot-mic your Android or take pictures/video of your environments. rootkovska
An iPhone with its microphone and front camera removed. Photo credit: Joanna Rutkowska Root?
There are pros and cons to rooting your phone. Rooting might make the job of targeted attacker much easier. Should you root for more control (creating new vulnerabilities) or simply hope that Airplane Mode is doing what it promises when you are carrying your phone with you at anchor points?
(*) There are several options for getting Signal to work with Tor, but the downside is that only Signal IMs will work, not Signal voice calls. One option is to create a wireless access point for your anchor points that force all traffic over Tor, which does not need root, like P.O.R.T.A.L.. It also may be possible to leverage another Android phone that is already rooted and running Orbot to tether through. And again, InvizBox and Anonabox are simple solutions, but you have to buy them online and have them shipped somewhere, creating a lot of metadata. Lastly, there is the option of rooting and using Orbot to proxy local Android traffic.
Mission Impossible Android Hardening on Github, previously on the Tor Project blog, goes into good detail on how to root your Android device and attempt to delete the Android baseband firmware partition.
Once your Android is rooted, you would need to install a 3rd-party ROM that does not have any Google services pre-installed. Then you’d have to find the Signal APK online (plus verifying their hashes) and manually install the apps you need. There are some interesting, unsupported ways to get and use Signal on an Android. Google Cloud Messaging (GCM) is required unless another service pretends to be GCM.
Ideally you’d use an iptables-based firewall to prevent any apps or services using any network interface except Signal and Orbot. You would also need to find a different long-term VOIP provider (to receive phone calls and SMS) since you wouldn’t be setting up a Gmail or Google Voice in this scenario.
[2 Points] HowFuckedAmI99:
Guys I'm gonna ask here as I'm too fresh to make a post. (sry)
I've had some really bad opsec. Before I got into DNM's I used to talk about anything from buying drugs to selling drugs on skype facebook etc. That was a long time ago and I have obviously wisened up. If I ordered something from the DNM's right now and it got caught in the customs (scandinavia) How fucked would I be? Do they have the right to ask microsoft etc for logs just from finding something at the customs or would a CD or further suspicion be required before they can make such an inquery? Let's say they found 100 tabs at the customs and they decide to do a CD but find absolutely nothing during the CD would they continue the investigation or drop it?
Sitting here feeling like an idiot.
[2 Points] ibuydrugsonDMN:
Vendor_BMMC or whatever said there's a code you can type in your phone to permanently disable GPS's... Look it up
[1 Points] xLATINx:
A flip phone from Walmart?
[1 Points] None:
Since analog is gone that is a no go.....but this video may help you :-)
https://www.youtube.com/watch?v=g2f-MX5uCeo
http://www.pcworld.com/article/253354/ten_ways_your_smartphone_knows_where_you_are.html
[1 Points] Throughawayup:
Having no gps is difficult. Just don't use your phone in places you normally go. I know it's inconvenient and possibly not feasible depending on the size of your operation but it's something to think about.
[1 Points] None:
Every phone made since 2000 or so has gps, for 911 calls... And any cell phone can be easily triangulated anyway, so the point is moot...... Hell, 2 way radios can be as well..... Triangulation is how gps itself works....
[1 Points] methylenedma:
They use base stations to locate you anyways. Just don't take your phone with you when doing shady stuff.
[1 Points] MDMAtrebuchet:
Back in the day I looked into it and thought it was based off whether the it was GMS or not and you can get a SIM overseas and add minutes, is this still valid? Haven't got back in the game that heavy and got out before going through with it but had the double SIM slot phones bought without attaching identity
There is a smart alternative. Use VOIP on a smartphone, and ONLY get data on the phone, no voice/text plan, just use prepaid data plan (those meant for tablets will often work without issues)
Once you're on data, force a reliable openvpn connection to an anonymous service and use VOIP app to make your actual calls. That way you're behind encrypted online data and the GPS of the phone no longer matters.