Friday, November 25, 2011

Shush, don't tell the government

For various reasons I found myself in the market for a 3G broadband dongle last week to replace the ancient Vodafone PCMCIA card version I have been using for years* and a look at the coverage maps showed my best bet was Three and a pay as you go would work out fine instead of a contract.

So off I flapped down to the Three shop and just out of curiosity I wondered if in out surveillance society you could still buy communications equipment anonymously. And it turns out that, yes, you can. Picked up a dongle pre-loaded with a 1Gb allowance for 20 or so quid cash, no names, no registration, nothing. You can buy top-up allowances at a tenner a time again for cash in plenty of places so I have an anonymous internet connection, and it's pretty fast too.

This got me thinking what would you have to do to be virtually undetectable using this, and its not that hard. There are location services, you might have seen these advertised as "find where your kids are" services that use data from mobile phone masts and triangulation to identify the location of a mobile device and the networks will of course give this information to the police but a bit of research indicates that they are not that accurate. Plod would have you believe that they could go "Yep, Dragon's on his 3G searching for ocelot porn again, he's at his house behind the water pipes, in the back bedroom" but they can't. Even in a city with a dense collection of masts it's only accurate to 100 meters at best, in rural areas that drops to kilometers.

Traffic analysis would be a way to work out its you of course. If anyone really was interested in finding me they would be able to work out the dongle gets used most mornings on a particular train into London just by watching what masts it connects to so you would probably need to use it in one space or adapt a usage pattern that makes no sense and can't be attributed to you.  Dumping the dongle every 3 or 4 months as well and getting a new one, ideally on a different network, would probably be prudent as well.

Combine this with strong encryption and the use of proxies like TOR and darknets and you're as undetectable as an undetectable thing.

I'm amazed we can still get away with this, really amazed. I would have thought that our lords and masters would have pointed at those modern horsemen of the apocalypse, Terrorist and Peedofils, and gone "waaaah! all communication equipment must be registered for your own protection citizens".

Of course all the information presented above is just a thought experiment, if you choose to act on any of this I take no responsibility. But here's a link so you can find your nearest Three store...



* "Tiamat" - my lovely old T60 is laid up awaiting repairs and the Compaq 6720 (named Voliatus as it's not the smartest lappy in the world) I've borrowed doesn't like the old card it seems.

2 comments:

Anonymous said...

It's simply impractical, Grumpers. From where I'm sitting right now, there are approx. 20 wlan signals within range. Most of them are "protected" by some form of encryption, but all of them, I suspect can be broken into, even the supposedly secure WPA2 ones by using the crackwpa site or a Backtrack CD. Aside from that, there are umpteen cafes, bars and restaurants with free wifi and the signals leak outside the buildings, so you can go there once to get the password, then use the connection from another cafe/shop whatever nearby. There again, a lot of these cafes don't even bother protecting their routers at all! THEN AGAIN, there all the internet shops where you pay for access by the hour. There's never been a better time to be seditious. ;-)

Stephen said...

This all makes it a real needle in the haystack job for the boys at GCHQ and MI5. Although our politicians do like to frighten the voters into believing that all these anonymous people are criminals or terrorists. Nice to read though that cash is still king in this plastic age.