@dianea @iode doesn't help in places like the #USA where carriers sell #IMEI & #ICCID data to anyone able to pay their prices.

• Shit that is so illegal in the #EU that businesses can be glad if their CTO doesn't get jailtime for it!

https://infosec.space/@kkarhan/115675597387128140

@adisonverlice even if an #MVNO isn't demanding any #KYC whatsoever (i.e. #prepaid are offered OTC in most juristictions) it's NOT "#Anonymous" but merely #pseudonymous as it's trivial for governments to utilize existing and mandtory "#LawfulInterception" appliances to create that #PII chain.

#PhoneNumber <=> #ICCID (#SIMcard) <=> #IMSI (SIM profile) <=> #IMEI (Phone/...).

So if #Anonymity is important, NONE of these details have to be linked somehow even circumstantial.

• Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.

• Use the SIM in any device? Consider them circumstantially connected forever: #ICCID <=> #IMEI.

• Same applies to #eSIM|s: #EID <=> #ICCID <=> #IMEI.

Add to the fact that most places have #CCTV, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.

• I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing *104*1234567890123456# )...

So any #privacy-based service should never ever & under no circumstances demand a Phone Number!

• Instead any privacy-focussed service should use #OnionServices, host their own #OnionService or at least #DontBlockTor and allow users to use it via @torproject / #Tor to use and signup. (But don't forget circumstantial connections there either!)

• Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.

@cryptgoat ja, nur ist es quasi illegal @signalapp / #Signal #anonym (also faktisch nur #pseudonym, weil stets korrelierbar qua #Rufnummer -> #ICCID -> #IMSI -> #IMEI -> #Location) zu nutzen.

• Seit 07/2017 sind anonyme #SIM-Karten faktisch illegal und ne SIM mir Rufnummer ist ne #Paywall die faktisch teurer ist als nen @monocles - Abo.

Allein die notwendigen #Workarounds sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...

• Von den Problemen die Signal hat ganz zu schweigen...

https://fedifreu.de/@cryptgoat/114705198216850106

@landley @jschauma @ryanc @0xabad1dea yeah, the exhaustion problem would've been shoved back with a #64bit or sufficiently delayed by a 40bit number.

Unless we also hate #NAT and expect every device to have a unique static #IP (which is a #privacy nightmare at best that "#PrivacyExtensions" barely fixed.)

• I mean they could've also gone the #DECnet approach and use the #EUI48 / #MAC-Address (or #EUI64) as static addressing system, but that would've made #vendors and not #ISPs the powerful forces of allocation. (Similar to how technically the #ICCID dictates #GSM / #4G / #5G access and not the #IMEI unless places like Australia ban imported devices.

I guess using a #128bit address space was inspired by #ZFS doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...

• Personally I've only had headaches with #IPv6 because not only do I only have #IPv4only #Internet but my #ISP refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of #IPv4's in with my contract!)and stuff like #HurricaneElectric / #HEnet's #Tunnelbroker fail face first due to #Geoblocking and the fact that #ASNs get geolocated, not their #PoPs...

If I was @BNetzA I would've mandated #DualStack and banned #CGNAT (or at least the use of CGNAT in #RFC1918 address spaces) as well as #DualStackLite!

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

• Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

@tauon

1) #CloudAct is just #CyberFacism, look it up!
https://en.wikipedia.org/wiki/CLOUD_Act

• And with #Trumpism ravaging the #USA must be considered as #hostile as #Russia and the "P.R." #China by anyone who takes #OpSec, #InfoSec & #ComSec seriously!

-

2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

• Plus their #App doesn't allow #ReproducibleBuilds (if Signal was #FLOSS it would be on @fdroidorg / #Fdroid) but alas it isn't!

-

3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained beforetwice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...

• They have no "#LegitimateInterest" demanding said #PersonallyIdentifyingInformation to begin with!

-

But don't take my word for it.
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Ask yourself if you'd trust someone peddlibg #Shitcoin #Scams like #MobileCoin with your data!