this post was submitted on 18 Mar 2024
83 points (92.8% liked)
Privacy
31990 readers
467 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You seem to be asking for telephone calls and SMS messages to be end-to-end encrypted. The underlying technologies were not designed with encryption in mind, so the only way for it to work would be for all the participants in a conversation to use an additional software layer. That was the method used by TextSecure.
The authors of TextSecure eventually figured out that a purpose-built Internet-based messaging protocol would be a better transport layer for secure messaging. If you're interested enough in secure messaging to be asking this question, you may be familiar with TextSecure's successor.
As for why a carrier wouldn't do this, I'll ask the inverse: why would they put in the effort when anyone who cares about secure communication just uses an encrypted messaging app?
This is the right lead, but also OP asking the question doesn't seem to understand encryption in general, or PFS. We're all running on a decades old system now. Just move to something more modern like the Signal protocol if you're so freaked out about who is listening to your shit.
I swear, this thread just invites so many militia psychos and preppers...
I have some degree of knowledge in how encryption works, not so much how cellular carriers work (on a low level).
This comment screams “why worry if you have nothing to hide?”
I mean, I’m sure that wasn’t your intention, but that’s the sense I got from it. I think they were trying to find out from someone more knowledgeable on the subject why a privacy-centered cell company, selling a phone that doesn’t track you with bloatware, and the extra layer of software, as mentioned above, isn’t standard.
I mean, I think the answer is money and pressure from regulators. Any time a privacy issue comes up, they start handwringing about “a safe haven for terrorists” and shit.
Also, while more people are becoming concerned with their privacy, it’s met with a lack of technical knowledge from most people. The question definitely hints at a lack of technical knowledge, but most people don’t possess that that aren’t in IT/tech themselves. I think that’s completely understandable.
Id put it this way. Until lack of encryption is an issue for carriers and not a source of revenue, there wont be an incentive.
Because not all traffic sent through cellular is messaging. People visit websites and whatnot when they're out-and-about. Not to mention that not everyone uses secure messaging apps.
P.S. I am very aware of Signal, thanks!
Browsing most websites is E2EE. When it's not, that isn't something a phone carrier or ISP can fix because they don't control the web server. The traffic will be in the clear between the ISP and the server.
For secure messaging without a third-party app, phone carriers in the USA seem to be pretty onboard with Google RCS, though I think I'd recommend anyone who's serious about security use Signal instead.
Thanks for elaborating! I'm curious about two things
How are DNS queries handled over cellular?
Is traffic E2EE between the phone and the cell tower, or could anyone with a laptop sniff packets of phone calls OTA with Wireshark?