chushpan
Professional
- Messages
- 735
- Reaction score
- 471
- Points
- 63
I like the idea of using USB LTE modems with an anonymous SIM card instead of or together with Tor.
Now I will go through each point and answer the questions:
1) How is LTE better in general, how much more difficult is it to deanonymize such IP addresses in comparison with regular home Internet;
2) Why a USB modem and not Wi-Fi LTE modems;
3) Why I don’t like using anonymous eSIM modems (especially considering that getting an anonymous eSIM is tens of times easier);
4) What are the non-obvious nuances and recommendations when using and configuring these modems to get better anonymity, as well as possible schemes for building anonymous chains. For example, a ban on switching from LTE to 3G / 2G, regular replacement of the modem and SIM, combining with routers, DoubleVPN and KillSwitch, etc.;
Criminals, I ask you to close the article and not read it, the article is exclusively for journalists who are persecuted by the government of authoritarian regimes and for whom anonymity is critically important.
1. I worked in the cyber police and I know firsthand what an operative or investigator faces when an IP address of mobile operators appears in the logs, it never causes joy. Let's get specific:
All IP addresses of mobile operators are NAT IP addresses, i.e. one IP address can be used simultaneously by hundreds of people together with you, and if the investigator sends a request to the operator and asks to name the user's phone number with the IP address and even indicates the exact time to the minute, he will be given 50 numbers in response and choose any)). Therefore, in such requests it is necessary to indicate the time accurate to the second (which may also not help), as well as the connection port, which by the way you will not find in any logs, so special sniffers are needed for this, and it would be good to indicate the IP address to which you connected, for example, the address of the resource from which these logs were taken, and only in this case the output will be the SIM number from which the connection was made. I will draw attention to the word PHONE NUMBER, not the person's home address, not their full name, but simply a phone number. And you know what's most interesting, this information is stored by the mobile operator for only a month, and this is not because they do not want to store it longer, but because storing such logs for the entire country, for each subscriber is simply unrealistic, too large a volume, and according to the Law they are not required to store it for more than a month.
A separate story of sending such requests, there are conditionally 2 types of requests, one that the investigator himself wrote and sent, for example, when you need to look at some passport data, and the other type of request when you need to go to court and get permission from a court decision to access this information, which of course is much more difficult and takes longer, because in court you need to argue why this is necessary and at least you need to go to court and draw up such a request, which, by the way, can take about a week / month due to the workload of the investigator, judge and prosecutor, who must approve such a request and sign it, and I remind you that the information is stored for only a month by the operator, + the operator has a period of 30 days to fulfill it, do you understand?)) This is a separate story how many movements the employees need to make in order to successfully obtain a number for such an IP.
Of course, this is very bad if the SIM number was deanonymized, and this SIM with a modem continues to work. But this does not even come close to comparing with the simplicity of deanonymizing the IP of the home Internet and the consequences of such deanonymization.
For example, it will not be difficult, even with the IP log of the home Internet six months ago, to establish the exact address of this device, including all subsequent data. At the same time, similar data, including the exact address, cannot be obtained when using an LTE modem.
2. Why a USB modem, and LTE modems on Wi-Fi. Do you know why the device asks you to turn on Wi-Fi if you turn on the geolocation function on your Android or iPhone? Smartphones, when they have the geolocation function and Wi-Fi turned on, scan all Wi-Fi networks around them and save this information in CSV and regularly transfer it to their servers, and transfer them together with a link to a specific geo and the signal strength of this Wi-Fi network, you do this so that when you turn on the geolocation function, for example, when you were driving somewhere using the navigator, so that your location is determined in a split second, and it is thanks to the already installed accurate geo data about the Wi-Fi networks around you that your location is simply determined with an accuracy of several meters based on only the data about the networks around you. This information is collected by many companies, Google, Yandex, Apple, Meta (Facebook), etc. Apple devices generally scan Bluetooth networks and identify all Apple devices around and transmit this data to their servers, this is how they, by the way, can block a lost iPhone that is in flight mode, because they receive a command from a nearby Apple device (which has Internet) to block or even clear. Therefore, you need to understand that a WiFi adapter is, in fact, a geotag for all large companies that allows you to be tracked, so here you decide for yourself whether you need such a tag or not.
3. Why I don't like using anonymous eSIM modems (especially considering that it is dozens of times easier to get an anonymous eSIM). We all know about unique modem identifiers - IMEI, and SIM also has its own identifiers IMSI and ICCID, and if IMEI can be easily changed in the modem, if IMSI and ICCID can be changed simply by changing the SIM card, then eSIM has another identifier EID, it is hardware-linked to the device and does not change when changing the SIM card profile, and I personally have not found a way to change it, i.e. in fact, we get the same IMEI that cannot be changed and by which it is possible to track all past and future eSIMs that were and will be used in this modem.
4. Nuances and recommendations, possible schemes for building anonymity:
Change SIM and modem once a month, treat it the same way as changing underwear and socks, without exception. If $50 a month is expensive for you, then why do you need anonymity at all, you are clearly doing something wrong?
Regarding changing IMEI, why I do not recommend changing it - you cannot reliably make sure that you have changed it, i.e. it may be displayed to you already changed, but the operator may continue to see it in the unchanged form in which it was. I really knew cases when people's anonymity was built on changing SIM and IMEI, but as it turned out, the IMEI did not change for the operator's system. The logic here is that if you cannot be 100% sure that the operator is really receiving a changed IMEI, and the change of IMEI itself can already be classified as a separate crime, so I recommend simply changing modems.
In the modem settings, force it to work only in LTE/4G mode, no transitions to 3G/2G networks, if the modem does not provide such a setting option, just do not use it. I do not know what this is connected with, but I assure you that in the modem operating in LTE/4G, it is impossible to establish its exact location to the apartment/house, just a square of 500 meters and that's it, but this does not apply to 2G and 3G networks, if the device operates in these networks, it is possible to establish the location up to the apartment. If anyone knows the reason for such features, write in the comments.
Regarding the uses and connections, for example, you can use Double VPN and LTE USB Modem, for example, you can organize this either by directly connecting the modem to the PC, or by using a router with modem support and fine-tuning, for example, the MikroTik hEX RB750Gr3 router.
If we talk about an approximate connection, then this router allows you to install Double VPN directly on it and configure Kill Switch, for example, here is an approximate working instruction for such a setup for VPN from NordVPN https://support.nordvpn.com/hc/en-us/articles/20398642652561-MikroTik-IKEv2-setup-with-NordVPN.
Of course, there is no recommendation to use NordVPN as well as any other VPN, the choice here is entirely up to you, I only recommend treating any VPN with zero trust. The router itself in this case performs a lot of functions, at least, for example, there is no need to configure Kill Switch on the PC itself, there is no need to search for drivers and install drivers for the modem, which by the way is a problem with some modems, for some OS based on some processors, for example, Linux on arm64
I do not advocate abandoning Tor. I consider using Whonix to connect exclusively to ".onion" resources - an excellent solution for anonymity.
My practice may not apply to your countries and your telecom operators that are available to you.
Now I will go through each point and answer the questions:
1) How is LTE better in general, how much more difficult is it to deanonymize such IP addresses in comparison with regular home Internet;
2) Why a USB modem and not Wi-Fi LTE modems;
3) Why I don’t like using anonymous eSIM modems (especially considering that getting an anonymous eSIM is tens of times easier);
4) What are the non-obvious nuances and recommendations when using and configuring these modems to get better anonymity, as well as possible schemes for building anonymous chains. For example, a ban on switching from LTE to 3G / 2G, regular replacement of the modem and SIM, combining with routers, DoubleVPN and KillSwitch, etc.;
Criminals, I ask you to close the article and not read it, the article is exclusively for journalists who are persecuted by the government of authoritarian regimes and for whom anonymity is critically important.
1. I worked in the cyber police and I know firsthand what an operative or investigator faces when an IP address of mobile operators appears in the logs, it never causes joy. Let's get specific:
All IP addresses of mobile operators are NAT IP addresses, i.e. one IP address can be used simultaneously by hundreds of people together with you, and if the investigator sends a request to the operator and asks to name the user's phone number with the IP address and even indicates the exact time to the minute, he will be given 50 numbers in response and choose any)). Therefore, in such requests it is necessary to indicate the time accurate to the second (which may also not help), as well as the connection port, which by the way you will not find in any logs, so special sniffers are needed for this, and it would be good to indicate the IP address to which you connected, for example, the address of the resource from which these logs were taken, and only in this case the output will be the SIM number from which the connection was made. I will draw attention to the word PHONE NUMBER, not the person's home address, not their full name, but simply a phone number. And you know what's most interesting, this information is stored by the mobile operator for only a month, and this is not because they do not want to store it longer, but because storing such logs for the entire country, for each subscriber is simply unrealistic, too large a volume, and according to the Law they are not required to store it for more than a month.
A separate story of sending such requests, there are conditionally 2 types of requests, one that the investigator himself wrote and sent, for example, when you need to look at some passport data, and the other type of request when you need to go to court and get permission from a court decision to access this information, which of course is much more difficult and takes longer, because in court you need to argue why this is necessary and at least you need to go to court and draw up such a request, which, by the way, can take about a week / month due to the workload of the investigator, judge and prosecutor, who must approve such a request and sign it, and I remind you that the information is stored for only a month by the operator, + the operator has a period of 30 days to fulfill it, do you understand?)) This is a separate story how many movements the employees need to make in order to successfully obtain a number for such an IP.
Of course, this is very bad if the SIM number was deanonymized, and this SIM with a modem continues to work. But this does not even come close to comparing with the simplicity of deanonymizing the IP of the home Internet and the consequences of such deanonymization.
For example, it will not be difficult, even with the IP log of the home Internet six months ago, to establish the exact address of this device, including all subsequent data. At the same time, similar data, including the exact address, cannot be obtained when using an LTE modem.
2. Why a USB modem, and LTE modems on Wi-Fi. Do you know why the device asks you to turn on Wi-Fi if you turn on the geolocation function on your Android or iPhone? Smartphones, when they have the geolocation function and Wi-Fi turned on, scan all Wi-Fi networks around them and save this information in CSV and regularly transfer it to their servers, and transfer them together with a link to a specific geo and the signal strength of this Wi-Fi network, you do this so that when you turn on the geolocation function, for example, when you were driving somewhere using the navigator, so that your location is determined in a split second, and it is thanks to the already installed accurate geo data about the Wi-Fi networks around you that your location is simply determined with an accuracy of several meters based on only the data about the networks around you. This information is collected by many companies, Google, Yandex, Apple, Meta (Facebook), etc. Apple devices generally scan Bluetooth networks and identify all Apple devices around and transmit this data to their servers, this is how they, by the way, can block a lost iPhone that is in flight mode, because they receive a command from a nearby Apple device (which has Internet) to block or even clear. Therefore, you need to understand that a WiFi adapter is, in fact, a geotag for all large companies that allows you to be tracked, so here you decide for yourself whether you need such a tag or not.
3. Why I don't like using anonymous eSIM modems (especially considering that it is dozens of times easier to get an anonymous eSIM). We all know about unique modem identifiers - IMEI, and SIM also has its own identifiers IMSI and ICCID, and if IMEI can be easily changed in the modem, if IMSI and ICCID can be changed simply by changing the SIM card, then eSIM has another identifier EID, it is hardware-linked to the device and does not change when changing the SIM card profile, and I personally have not found a way to change it, i.e. in fact, we get the same IMEI that cannot be changed and by which it is possible to track all past and future eSIMs that were and will be used in this modem.
4. Nuances and recommendations, possible schemes for building anonymity:
Change SIM and modem once a month, treat it the same way as changing underwear and socks, without exception. If $50 a month is expensive for you, then why do you need anonymity at all, you are clearly doing something wrong?
Regarding changing IMEI, why I do not recommend changing it - you cannot reliably make sure that you have changed it, i.e. it may be displayed to you already changed, but the operator may continue to see it in the unchanged form in which it was. I really knew cases when people's anonymity was built on changing SIM and IMEI, but as it turned out, the IMEI did not change for the operator's system. The logic here is that if you cannot be 100% sure that the operator is really receiving a changed IMEI, and the change of IMEI itself can already be classified as a separate crime, so I recommend simply changing modems.
In the modem settings, force it to work only in LTE/4G mode, no transitions to 3G/2G networks, if the modem does not provide such a setting option, just do not use it. I do not know what this is connected with, but I assure you that in the modem operating in LTE/4G, it is impossible to establish its exact location to the apartment/house, just a square of 500 meters and that's it, but this does not apply to 2G and 3G networks, if the device operates in these networks, it is possible to establish the location up to the apartment. If anyone knows the reason for such features, write in the comments.
Regarding the uses and connections, for example, you can use Double VPN and LTE USB Modem, for example, you can organize this either by directly connecting the modem to the PC, or by using a router with modem support and fine-tuning, for example, the MikroTik hEX RB750Gr3 router.
If we talk about an approximate connection, then this router allows you to install Double VPN directly on it and configure Kill Switch, for example, here is an approximate working instruction for such a setup for VPN from NordVPN https://support.nordvpn.com/hc/en-us/articles/20398642652561-MikroTik-IKEv2-setup-with-NordVPN.
Of course, there is no recommendation to use NordVPN as well as any other VPN, the choice here is entirely up to you, I only recommend treating any VPN with zero trust. The router itself in this case performs a lot of functions, at least, for example, there is no need to configure Kill Switch on the PC itself, there is no need to search for drivers and install drivers for the modem, which by the way is a problem with some modems, for some OS based on some processors, for example, Linux on arm64
I do not advocate abandoning Tor. I consider using Whonix to connect exclusively to ".onion" resources - an excellent solution for anonymity.
My practice may not apply to your countries and your telecom operators that are available to you.
