this post was submitted on 18 Mar 2024
75 points (92.1% liked)

Privacy

32177 readers
531 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

All questions are in bold for ease of use.

The major carriers in the United States participate in NSA surveillance (except for T-Mobile apparently, because it's based outside of the US. Except they bought Sprint, which participates.) and that, along with other major privacy issues, means that the market for private carriers is incredibly slim. When I found out that some carriers, such as Mint Mobile, piggyback off of Verizon, I wondered: What's stopping a carrier from simply E2EE everything from Verizon, and then using Verizon to transfer the data? Obviously, the encrypted data could still be collected and sold, but it wouldn't matter if the encryption was setup properly, right? I'm looking to better understand how this works, and, if a solution exists, potentially be the first to make it happen. The reason I'm not suggesting creating a carrier without piggybacking is due to the sheer cost and lack of support it would have, which would lead to poor adoption. Also, if carriers simply don't support E2EE, couldn't carrier locked phones install the software (since most install software anyways) required to make E2EE work?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (2 children)

What's stopping a carrier from simply E2EE everything from Verizon, and then using Verizon to transfer the data?

Nothing, if you're talking about using them as an internet connection. You're describing Signal and other E2EE applications, basically. If you're talking about SMS and traditional phone calls, no, those protocols don't support encryption because they're not built to. You can jury-rig it which I'll get to later, but otherwise, it's just not possible due to the tech.

the encrypted data could still be collected and sold, but it wouldn't matter if the encryption was setup properly, right?

Correct, as all they'd see is gibberish with no way to decrypt it.

if carriers simply don't support E2EE, couldn't carrier locked phones install the software (since most install software anyways) required to make E2EE work?

Yes, but not with "phone" functions like SMS and PSTN (Public Switched Telephone Network) calls. SMS character limits are arbitrary and make it impossible to encrypt content in a single message. Signal, back in the Text secure days, used to use MMS to carry encrypted text, or where MMS wasn't available they'd send encrypted chunks and decrypt in the app on the other end. There's a reason they stopped doing that, and a reason it's a rare feature in messaging apps: it's hard to build and maintain and have it be reliable.

PSTN, I don't know of any way to encrypt the call. Edit: Actually I guess over a traditional copper wire you could encrypt a voice call with an eletronic device that could encode your speech into audio, so it’d sound like a dial-up modem if you listened to it, and only another device with the decryption key could decode the audio back into speech, but there’d probably be some delay and I don’t even know if that’d be legal or allowed by the carrier’s TOS. We're still extending bits of the PATRIOT Act, right?

[–] [email protected] 2 points 8 months ago (1 children)

PSTN, I don't know of any way to encrypt the call

Many calls are VoIP nowadays though, which could be encrypted depending on your provider and upstream SIP trunks. It's probably not end to end though, so your carrier can still spy on you.

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Right. I was just thinking after I'd posted that over a traditional copper wire you could encrypt a voice call with an eletronic device that could encode your speech into audio, so it'd sound like a dial-up modem if you listened to it, and only another device with the decryption key could decode the audio back into speech, but there'd probably be some delay and I don't even know if that'd be legal or allowed by the carrier's TOS.

[–] [email protected] 2 points 8 months ago

There have been encryption systems for analog channels dating back as far as World War II.

https://en.wikipedia.org/wiki/Secure_voice

[–] [email protected] 0 points 8 months ago

This was very helpful, thank you! While I'm well aware of encrypted messaging apps, it seems more beneficial to encrypt all traffic, since not all traffic is just messaging and not everyone uses encrypted messaging apps.