• Off Topic

  • How can a person be deannonymized if he carries a normal phone?

Next to a grapheme os phone?

Scenario1:
-the normal phone has google/apple account logged in and the sim card is not anonymous. Social media apps are tied to the persons real I'd.

Scenario2:
-the normal phone has a non grapheneos customrom
-the normal phone has no google/apple account
-the normal phone has WhatsApp and other accounts logged in, but with no personal information about the user in the accounts,no profile pictures ect and the acc's are registrated with an anonymous sim card number. The contacts in the apps and the phone are normal people in the social circle of the user, who have all normal google/apple phones with no sense of privacy.

scenario 3:
-the normal phone (android) has no google account,
-the normal phone has an anonymous sim card
-the normal phone has no permanent logins on meta, google or other big tech accounts.
-the normal phone does not use mostly Foss apps
-the normal phone has all disabled from google what is possible.

The pravicy settings like location toggle are all set to off in scenario 2 and 3.

Is it really a thread to the anonymity of the user when he carries around a second normal phone with him?
And if so, please enlighten me with some details.
In scenario one in get it a bit with the location. But in scenario two I don't think so.
But what do the experts say?

    CrabPerson edit: the grapheme is device has no sim card but a mobile sim router with an anonymous sim card in all scenarios.

    Also in all scenatios, the user has the grapheneos device at home where his totally non annonymous wifi router is. (But never connect to it)
    It was not the question about a WiFi router but it's a similar case.

      CrabPerson phones where gplay services are installed continuously transmit signals to nearby devices to provide location indoors (this is even if your location toggles is off, is a network for others phone).

      but this is just an example, as long as there is a closed source application on your phone with admin privileges, there are infinitely many ways one cloud be de-anonymized, assuming you was anonymous at first.

        CrabPerson Define 'deannonymize',

        Are you talking about someone who is able to be queried in exact location based on IMEI via LE? Then assuming they have the IMEI it would be easy to triangulate based on cell signal.

        Are you talking about Joe Normal Guy trying to find personal data? Then its fully dependent on what you share online and where. Not much about that will be effected by being logged into Google or using a SIM card without a name to it.

        Are you talking about Google trying to query a user? Then its going to be based on what applications you run by Google and what information might be taken from that.

        Cybersec and Opsec are not black and white 'you are protected now'/'you aren't protected now' things, nor is GOS a magic wizard that makes your phone instantly unhackable and all personal data ever online about you is gone. Its deciding who you want access to what and how to enforce that. What risks are you willing to take? Who do you trust? What do you need in your life and what information are you willing to give away for it?

            OfflinePuffin

            One thing that sorta irks me is when people on here ask "how do I make myself unhackable"/"how do I have ultimate security"/"how can I 100% hide myself online"

            I really doubt these people need Snowden level Opsec to do their daily activities, even then, the questions they ask are literally not possible to answer. I cannot tell you how you can have an 'unhackable' device for the same reason I can't give you a 4 sided triangle, the question invalidates itself. That or just unanswerable questions in general.

            I feel like people see projects like GOS or Tor and think "wow, now I don't have to worry anymore!" They don't know what Tor even does, but they think by using it some kind of magic will happen and Google will forget about their very existence as a user.

            This is most evident with people on this forum unironically saying, "why have GOS if you install Google Services." Even a moderate understanding of what GOS is attempting to do as a fork of Android would answer this question.

            I think its irritating to me probably because I am a sysadmin for multiple heavily targeted sites. My job is making sure we don't get hacked (among other things.) There is no 'no more hacking ever' switch I can flip and never have to worry about a misconfiguration, exploit, etc.

            No, its a lot of stress, a lot of things to consider, a lot of tests, and a lot of questions that I have to find answers for. It's a constant battle. This effort may not be needed for the average guy who mostly uses his phone to check the weather, but there are still some very basic considerations people should be making which they just...don't.

            Most of this rant has nothing to do with the actual question in this thread, other than it being unanswerable, but I felt the need to get it out.

                raccoondad I like those
                ehh "how do I make myself unhackable"?
                and next question like "and, btw, tiktok app playback is stuttering, i demand you to fix that, gos".

                  Even if you create a Google account without providing personal info (notice the change to the term, they no longer call it anonymous Google account), it is very hard maintaining anonymity going forward. Yes, installing Google Play will give you ability to receive notifications and run apps you otherwise may not be able to, but this usually comes with a heavy cost of tracking and fingerprinting your device. So you are the one who is in charge and needs to work out the set tools that will do the job for you. I personally will cope with a little incovenience in order to reduce tracking and achieve greater privacy, you may want something different.

                  raccoondad Snowden level Opsec

                  You answered it right there: they just need Opsec. An overwhelming majority of "I've been hacked" is due to user error, either because of social engineering or bad practices when it comes to security. Few weeks ago I saw a video by Eric Parker who demonstrated a new 'exploit' on macOS of some info stealer. It was disguised as a PDF file while actually being an app. To get it to work you need to accept like 5 prompts and enter your password 3 times to install additional helpers. If that doesn't raise any suspicions, no one and nothing can help you. But exactly this kind of people will get their system infected and blame the OS for being insecure. So my best advice is: educate yourself and use common sense. As the average Joe (untargeted attacks) it's already hard enough to get breached even on Stock Android.

                    raccoondad I asked this question because in another (closed) thread in this forum, a user wrote

                    " The golden rule of phone privacy is that you never turn on your WAN anywhere near places attached to your name, or other devices that have ever connected to the internet in such places, or those of your social connections, or even taxi drivers who collect you from such places. Otherwise I can offer a mountain of ways that you can be deanonymized, sometimes down to your passport number.

                    And this "mountain of ways" I would like to know in a detailed way so I can know what he means

                      Most people have entirely too much crap on their phone, and are their own worst enemy.