I agree 100% with you that the network can't be trusted. I only use signal for communication over ivpn. No other ways. My idea with snoopsnitch was to be informed about targeted surveillance.
Conversation
For example you are a journalist in some shady democracy and they decide to investigate you. Like to get your phone number. If you are with a burner number the telco doesn't have it tied to your name. So when they wan't to track you. They have to use an imsi catcher first
2
2
if I understand it right. The baseband has knowledge about the 3 towers you are connected too. And it knows the distance. When in your home area a new tower pops up 30 meters away from you. And there is a van sitting in front of your house. You'll get informed about this imsi
2
and later on when you get every hour an silent sms you can be sure it is you. You are right. The telco can track you without this sms. But it helps them waking the Baseband
1
Replying to
It's completely unnecessary. Even if they had to send an SMS, which they definitely do not, it doesn't need to be a silent one. Sending a non-silent spam SMS isn't going to alert you to anything. If anything, due to people thinking like you are here, silent SMS is less stealthy.
1
Use airplane mode when you don't want the carrier (or governments / law enforcement / carrier partners) to know your location. Receiving a silent SMS doesn't mean you are being targeted since anyone can send them, and silent SMS are not even useful in the real world for tracking.
1
Media coverage of technology privacy and security issues should be viewed with a high level of skepticism. Journalists are effectively just doing press releases for companies selling products to solve problems, many of which are not real world issues, like these ones.
1
Think about it. It doesn't make any sense. Why is a silent SMS any better than a spam SMS or one of those automated spam phone calls, especially when there's all this media coverage claiming silent SMS is a real world tracking issue? Why would they even need to do any of that?
1
Anyone can send silent SMS. Having an alert for it is a nuisance and will lead to unnecessary panic / paranoia. The same goes for heuristic-based detection of interception highly prone to false positives. I don't see much use case and don't think it belongs on production devices.
1
You aren't going to change my mind about these things as there's no new argument or information. A hundred people before you have had me spend my time explaining the same things. I don't work on heuristic based alerts prone to false positives. It's not at all my field of work.
1
I work on privacy and security improvements aimed at solving real world problems with usable solutions. Features need to bring something substantial to the table or they just make things worse with added attack surface, user interface complexity, false positives and other costs.
Replying to
true. I got what you said. The only real use case I can think of is getting alert of an targeted imsi against you. But even than it could be a false positive. It's absolutely not worth if it adds attack surface. I didn't want to change your mind. Just wanted to be educated. :-)