Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
gruez 16 hours ago

>Identifier Rotation

>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.

But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).

The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?

They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.

bsstoner 15 hours ago | parent | next [-]

Hi -- Head of Product at Cape. This is a good question. I will say up front there is no silver bullet for privacy on cellular networks given the way they were designed to interoperate. Our strategy is to offer many different protections that collectively make it harder for your activity to be tracked.

The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.

Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.

montyanne 14 hours ago | parent | next [-]

> We add noise to their data

It’s interesting that Apple is going down a similar path with hardware filtering location retrieval commands and neighborhood-level blurring on their C1 modems. Really awesome work from that team by making sure they’ve considered privacy as a first party feature for that chip.

How do you guys view the relative value of privacy/security at the network provider layer of the cell stack for the average user/citzen?

Even if Cape doesn’t retain metadata yourselves (eg LTE positioning info), is that data not still retained and repackaged by the tower owners themselves? Eg babel street, venntel, etc. A rotating IMEI every 24 hours might make it marginally more difficult for logical tracking, but there’s still only physically one location the phone can be in without fuzzing at the hardware level.

I should also say - I’ve been following y’all’s work for a while (and considered some of those early forward deployed engineer positions), but I’m struggling to see how this all works as a consumer product. Would be awesome to see an eventual partnership with Apple/Qualcomm to bring this to the hardware level since privacy is a tough nut to crack even at full MVNO.

bsstoner 14 hours ago | parent [-]

Appreciate the shoutout. We love what Apple is doing in this area. There is a lot of room for them to help improve things at the modem/hardware/OS layer.

On the tower question, you’re right, we can’t control what data is collected by the tower owners. Like I said above our strategy is to add noise through a variety of methods that makes it harder (not impossible) for anyone collecting data to track you. We also give you multiple phone numbers. I think this stuff adds up and is a meaningful improvement over the status quo for most average user/citizens.

I like to use the organic food analogy. If given the choice, why not choose the carrier that is actually making an effort not to track you vs everyone else who clearly doesn’t care?

ThePowerOfFuet 19 minutes ago | parent | prev | next [-]

>Subscriber SIM number (IMSI)

You mean the ICCID?

jrexilius 14 hours ago | parent | prev [-]

A sort of related question, is the user able to actually power-off the baseband carrier chip and still keep the phone powered on? I seem to recall there being some 911 regulations around that topic. But it might be a way to enable the user to at least disable that tracking vector, while still using the phone offline or via wifi?

ThePowerOfFuet 18 minutes ago | parent | next [-]

That's what Airplane Mode is for.

inigyou 6 hours ago | parent | prev [-]

[dead]

numpad0 5 hours ago | parent | prev | next [-]

I saw somewhere - it's not like "I know a friend" but literally read somewhere - IMEI is just configurable with standard cracked virus-loaded copies of QXDM :p

But realistically, none of that matters. You'll be the only one in 10 miles with this SIM that always uses an never-before-seen IMEI that connects to the exact same set of domains. That's some mall ninja stuff.

Carriers don't just log IMEI/IMSI, as well as last hop cell towers and your precise location, they need those information to route packets back to the phone. You can't establish TLS with bogus IP addresses. That's why people like Stallman or unnamed friend of a friend ex-CIA guys on Internet says cell technologies are evil mass surveillance tools.

ThePowerOfFuet 24 minutes ago | parent [-]

>You'll be the only one in 10 miles with this SIM that always uses an never-before-seen IMEI that connects to the exact same set of domains.

Always-on Mullvad solves that nicely.

kotaKat 4 hours ago | parent | prev [-]

Also even if the IMSI rotates… the authentication Ki to the network doesn’t!

Whoops.