Shadow Wiki

browsers
darknet
email
hosting
im
mobilecomms
software
uspol
xmpp
namac/index
This page uses valid XHTML 1.0! This page uses valid CSS! Use any browser. I2P Tor XMPP Monero/XMR Spyware Watchdog. Digdeeper. Nuegia Novaburst Theundercoverman (archive) EldritchData Kallist Society Kyoko Net ToothyHoneypot Be Paranoid
Comment on the forum thread about this page, I respond to all comments!: [Tor/Onion] [I2P/Eepsite]

           Prologue           

       Introduction       

Mobile communications are a big thing. Most people have a cellphone. Problem is, cellphones spy on people. What phones spy the least and what are some alternatives? Well let's see if we can answer that question. The most private phone option is to not have one at all, use SIP (with ZRTP encryption). Prepaid dumbphones can be traced only with a 10 mile accuracy. Radios can be potentially tracked back to their origin, especially if transmitting for a long period of time. There's also pagers, which are broadcast only. All these devices are actually radios, just with limited functionality. Sometimes this is due to regulation, but also because of the limited scope of the task which a device needs to perform.

       Chapter 1       

      Encryption      

Encryption is subject to lots of strange regulation, usually requiring that if you do use any "encryption" it be essentially for purposes other than obscurity, and you would probably have to put the decryption key somewhere public. More information is needed on this subject.

      Digital Radio      

Many protocols other than the standard Simplex exist on top of radios, such as DMR and D-STAR. They can be used for transmitting data (including with IPv6 and IPv4), and having multiple conversations on the same band.

      STANAG 5066      

https://www.isode.com/markets/military-xmpp.html

STANAG 5066 is form of communication standardized by NATO that generally uses either Email or XMPP over HF radio. The main implementation, the Isode server, is proprietary and Windows-only (unclear if it works on Wine or ReactOS). There exists an open source implementation, Open5066. A company called RapidM appears to make equipment. Some have suggested using XMPP over LoRaWAN instead of HF.

      Table of Radios      

Obviously I cannot cover all radios here, but I will try to include either some very common ones (such as the UV-5R) or ones that offer an unusual feature set (such as the two BTECH's).

The only known US manufacturer (please tell us about more) is Motorola, which does not support CHIRP and is proprietary. They conform strictly to regulations which makes them hard to use for even just listening to "restricted" bands.

hamradio.com (JS warning) if buying online is worth a look outside of Ebay and Amazon.

      Radio Notes      

Brand & Model Mhz Made In
Baofeng GT-3WP VHF 130-176 MHz, UHF 400-520 MHz China
Baofeng UV-5R VHF 130-176 MHz, UHF 400-520 MHz China
BTECH GMRS-V1 VHF 136-174 MHz, UHF 400-520 MHz China
BTECH MURS-V1 VHF 136-174 MHz, UHF 400-520 MHz China
Yaesu FT-60R Japan (battery made in China)

Baofeng GT-3WP

Uses a different programming hookup than the UV-5R. Waterproof.

Baofeng UV-5R

Not waterproof & cheaper.

Baofeng FT-60R

More expensive and discontinued. (sources needed)

BTECH GMRS-V1

Similar to the UV-5R except the device is licensed for GMRS.

BTECH MURS-V1

Similar to the UV-5R except the device is licensed for MURS.

       Chapter 2       

       Phones       

The first and most major issue is that all phones are back doored by a radio that is on the board, ones with hardware switches such as the PinePhone and Librem 5 can turn this off however.[source needed, heard it from baobab].

People are way to distracted by their phones, walking around like zombies and not interacting with anyone. A third problem is the massive spyware inherent in the concept of a phone. That your location can be (and is) tracked (by the likes of Google, as well as tower triangulation and other methods) and logged, as well as voice recording call tapping and SMS triggered backdoors being present.[source needed]

A large amount of this nonsense can be disabled by changing the phone OS. Unless you buy one pre-flashed, this is a process you will have to undertake yourself. Not every phone is supported, so check before buying.

If you go to a big store such as maybe Target or Wallmart you can get a so-called "dumbphone" for as little as $20 (and you can pay in cash!), such as the Alcatel A405DL (of course buying minutes from, say, Tracfone will cost another $20 minimum unless you buy more). However, there are no known ROMs for it, and the pre-installed KaiOS is said to contain spyware. So it is important part to choose your hardware before hand, unless you are willing either put in the time or pay someone to port a ROM for you.

Purchasing a SIM outside the US and Canada without an ID is frowned upon in most other places.

When using an Android-based mobile OS use of F-Droid instead of Google Play is recommended. If you have to use Google Play then something like Aurora Store can be used, other wise download directly from the app maker. It should be noted that F-Droid is not perfect, they censor certain kinds of applications [archive] and apps from F-Droid should be checked for Spyware using something like Net Monitor.

You can also remove the battery and put the phone in a faraday bag.

Note that doing all of this DOES NOT MAKE YOUR PHONE SECURE OR PRIVATE. There is no such thing as a totally secure or private mobile phone! There are only degrees of how bad it is. It is better to not have one and use SIP+encryption, a payphone (except they don't really exist anymore and don't have encryption), and other methods like XMPP for texting.

Keep in mind you can also install a cellular modem in most desktops, some laptops, or use a USB one if you need connection anymore (note: this isn't private but gives more freedom in hardware choice).

       Mobile OSs       

e.foundation

?

DivestOS

Exists. Fork of LineageOS.

GerdaOS

A replacement for KaiOS, with availability for about 5 specific phones.
Definitely needs more funding. Also they should switch off Goolag hosting and using something other than the botnet JabbaScript Microsoft bought surveillance network known as a Discord (XMPP, IRC or even an independent Matrix server would be massively better).
Created by a group called "BananaHackers", aside from the seemingly single officially support phone (the Nokia 8110) there other ROMs to be had.

GrapheneOS

Considered very secure, but only has official support for Google Pixel phones.

iOS

I suggest reading this webpage before considering any of Apple's products, especially the parts about spying and worker abuse.

Apple's operating system for their child slave labor produced spyware-infused phones and tablets, in all their planned obsolesce glory.
Illegal to run on anything other than Apple branded hardware, not that you'd want to, as it is integrated with cloud services and acts as a walled garden and information silo (like all of Crapple's services). Forces you to sign up with Apple to use the App Store, which has inane sets of guidelines and kicks apps off for not following them.

LineageOS

A drop in replacement for Android without the spyware. Formerly called "CyanogenMod", could be called "Ungoogled-Android", unless of course you add Gapps back in. Still a massive improvement over stock Android, though. Unofficial ROMs can often be found on the forums or the XDA forums.

Note that it isn't fully de-googled (even without microG), it still has a few Google connection which isn't adjustable from the phone's GUI settings. The ones I have known that uses Google servers are: Ntp server, default DNS server, Wifi connectivity checking/ Captive portal. For how to mitigate, you may refer to: https://teddit.net/r/privacy/comments/cldrym/how_to_degoogle_lineageos_in_2019/

The default Webview, which a few apps might depend on, could also be a concern so you may switch to Ungoogled Chromium Webview https://github.com/ungoogled-software/ungoogled-chromium-android/

However, with all the effort I've done I still got mine a "time.android.com" (owned by Google) connection made by the "netd" system process which happens at random time. Different LOS versions and builders may differ so make sure you adjust it so that you see no more weird connections before you use it in daily life.

If you are fine with the effort and still want a Android smartphone with less/no spyware (software-wise, note that the hardware very likely requires blobs), I think either buying a Pixel for GrapheneOS (expensive!), or a used phone (cheap and more support) that is officially supported by LineageOS or available on xda-developers that you trust. Also if it's a used phone, better choose the ones that are easy to bootloader-unlock (e.g. no weird unlock app required which they could end their support anytime, no phone numbers/emails required for unlocking), and better find ones that spare parts available (especially the battery).

PostmarketOS

Related to the Alpine Linux operating system, it does not run Android applications, but is designed for ARM based devices. Usually coupled with with a user interface GUI such as Phosh (GNOME) or SXMO (Suckless Mobile).

Replicant

Android without any proprietary blobs. Sadly, it only has reliable support on a few old smartphones like the Samsung Galaxy S3. And outside of Replicant, you are still usually dealing with proprietary bootloaders, firmware, etc.

       Chapter 3       

       On Pagers       

It is possible to use encryption with pagers. The provider Spok exists. More information is needed.

       Chapter 4       

       On SIP       

Use jmp.chat or similar for legacy phone calls outside of SIP addresses. Use ZRTP encryption whenever possible.

TwinklePhone for voice calls, and Linphone for larger feature set. Other clients exist as well.

It is possible to hookup PSTN phone lines to an SIP server. The SIP server software Asterisk can reportedly be used for conferencing.

           Epilogue           

Powered by NAMAC! Licensed CC0. Disclaimer.