Nameless Tor Cellphone

I used to be all the time interested in all that dangerous guys (criminals, drug sellers, hitman’s, thief’s and so forth.) utilizing not excellent and safe communication channels. Forgetting about entire OPSEC stuff. There may be a variety of tales about mafia or different criminals the place individuals get caught due to cell phone monitoring, or as a result of utilizing unencrypted communication. I perceive that is a part of society with no good training, or technical information, however why they don’t rent some nerd to configure them entire atmosphere? After all there are tales the place for instance “IT guy“ configured safe communication utilizing BlackBerry smartphone for El Chapo and his “buddies”. However everybody could make a mistake, or simply take bribe, or turns into a witness in alternate for a low sentence. There may be a variety of tales like that. In such a case I’d use a method from Egypt, anybody constructing my pyramid can be eradicated upon completion of the contract 😉
There are additionally tales when feds get entry in authorized/unlawful strategy to some app and will monitor homeowners. Instance: EncroChat. Humorous proper?
In at the moment’s world smartphone operate like calling or sending SMS might be final operate of the cellphone that’s checked, as it’s in all probability most important operate which is used final. I suppose it additionally is determined by nation, area, age, gender and lots of different stuff, however in most very nicely developed international locations in all probability sending SMS or calling somebody is final possibility. So criminals are in all probability final guys on earth who ought to name or SMS one another.
For instance me, since I configured spam safety in my cell phone I don’t keep in mind when somebody known as me final time. Humorous is that I even forgot how my ringtone sounds. When my cellphone is ringing I’m not positive if that is mine, or another person, and I want a minute to understand that – oh shit it’s my cellphone!
I talk with my buddies, and household largely utilizing some type of chat apps like, Telegram or Sign, when I’m on vacation I’m utilizing WhatsApp (as in some international locations it’s virtually like official nationwide app). So messages and calls are over the Wi-Fi or Cellular Knowledge utilizing third social gathering apps. Relaxation communication is utilizing some platforms or emails. Every firm like Web supplier, electrical energy/fuel firm, financial institution and so forth. has personal web sites, on-line kinds, emails and apps. I actually don’t keep in mind after I needed to name somebody.
I believed okay, what if I’d be a prison, with IT information, and the way would I arrange my communication, with my gang members, clients or contractors? I do know it relies upon very a lot of shoppers and kind of group, as if I’d be a drug seller instructing a junkie the right way to use PGP encryption I’d in all probability don’t have any shoppers 🙂 however let say normally, I want to have a tool, smaller than a laptop computer, to have chance all the time verify my communicator app and electronic mail. Smartphone might be best choice. Every little thing encrypted and torified.
On this article I’ll describe how I configured my take a look at smartphone to make it as a lot as attainable safe, with some OPSEC steps within the background like keep away from follow the money monitor or password security. I suppose many readers might discovered some points or errors, however hell yeah, please share them within the feedback as I’d like to know the place I did a mistake. Possibly I might replace this text sooner or later to make all steps much more safe.
After all I didn’t invented or found something new. I simply setup cellphone, utilizing varied current options and put it into one instruction. It’s only a smartphone with customized rom and app to torify entire visitors. Don’t count on magic.
Select a system
Undoubtedly we’d like a customized, actively developed, up to date system. Customized rom to decide on are LineageOS, E, GrapheneOS, CylaxOS, Replicant, DivestOS, and if you happen to Google some Android alternate options targeted on privateness one can find far more.
I belief LineageOS, I carry again to life a variety of previous smartphones that was not up to date anymore by official model, and was nonetheless adequate to make use of. I used it even previously when it was known as CyanogenOS. This undertaking is mature, and by no means had any huge safety downside. After all you are able to do your individual analysis and select no matter you need.
Select and purchase a cellphone
Selecting a cellphone is simple, you simply want to select up one supported by your customized rom developer. In my case I select one from this list. I used to be on the lookout for one thing quick, small and never very costly. Google Pixel 3, was best option.
Now necessary a part of getting the cellphone, is to purchase it in the best way that nobody can join you with the transaction. Bear in mind? We’re bosses of the prison world, we will use our magical energy, and somebody will purchase it for us. However once we are on our personal, we will discover some homeless man, and for bottle of whisky inform him to purchase it for us in some pawn store, or purchase it utilizing stolen playing cards, bitcoins, far-off from dwelling and so forth. I imply choices for purchasing one thing for money or construct a pretend id profile is simple nowadays. With pretend ID we will register some crypto debit card, and exchange our bitcoins to USD, and pay in on-line store sitting behind Tor and VPN, with supply to some pretend spots, or pickup machines, the place one other jake for cash can choose it up for us, to keep away from road/store/pickup factors cameras. Holy shit, what a narrative. Yeah, however that is one other story for an additional article, we must always give attention to most important steps.
Don’t overlook to purchase one with unlocked OEM. To have chance set up customized rom’s. Typically telephones are bought by some model like Verizon or one thing and are locked.
I purchased mine on AliExpress for about 162 USD. As I’m not a prison.
OS Set up
Normally in my case it was simply following steps from two directions:
Briefly, what I precisely did, and it’s best to if you happen to select similar cellphone:
- Obtain and extract newest construct: https://download.lineageos.org/devices/blueline/builds
- Obtain and set up USB drivers: https://developer.android.com/studio/run/win-usb
- Obtain and extract ADB instruments: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
- Allow developer choices on the cellphone and in developer choices allow USB Debugging + OEM Unlock.
- Open Settings, and choose About.
- Faucet on Construct quantity seven occasions.
- Return, and choose System -> Developer choices.
- Scroll down, and verify the USB debugging entry beneath Debugging.
- Plug cellphone into laptop utilizing USB cable. On the pc, open up a terminal/command immediate in place the place you have got extracted adb binaries and kind
.adb.exe units
. A dialog ought to present in your machine, asking you to permit USB debugging. Test all the time enable, and press OK. If the dialog is just not showing or the listing of units is empty, verify if you happen to put in adb correctly.- If all the pieces works use command:
.adb.exe reboot bootloader
. You can even boot into fastboot mode by way of a key mixture: With the machine powered off, maintainQuantity Down + Energy
. - As soon as the machine is in fastboot mode, confirm your PC finds it by typing:
.fastboot.exe units
- Now sort the next command to unlock the bootloader:
.fastboot.exe flashing unlock
If the machine doesn’t routinely reboot, reboot it manually. It ought to now be unlocked. - For the reason that machine resets fully, you have to to re-enable USB debugging to proceed. When you enabled USB debugging reboot it to bootloader once more.
- Boot a customized restoration utilizing fastboot. Flash a restoration in your machine by typing (present path to boot.img you downloaded):
.fastboot.exe flash boot "C:buildboot.img"
- Now reboot into restoration to confirm the set up. Use the menu to navigate to and to pick out the Restoration possibility.
You need to boot to restoration with LineageOS. - Now you may set up LineageOS from restoration. Faucet Manufacturing facility Reset, then Format information/manufacturing facility reset and proceed with the formatting course of. It will take away encryption and delete all recordsdata saved within the inner storage, in addition to format your cache partition (when you have one).
- Return to the primary menu. On the machine, choose Apply Replace, then Apply from ADB to start sideload.
On the host machine, sideload the bundle utilizing:.adb sideload "C:buildlineage-19.1-20230411-nightly-blueline-signed.zip"
- As soon as finished, click on the again arrow within the prime left of the display, then Reboot system now.
- If all the pieces works use command:
- Configure cellphone after reboot. Strategies in subsequent step.
System configuration
Through the configuration:
- Don’t enable apps to make use of your location.
- Don’t ship diagnostic data to LineageOS.
- Set 8 digit PIN and add fingerprint if you need (however as you might be prison, higher is to setup solely robust PIN, it’s simpler to hit you within the head and use your finger to unlock when you’re unconscious than pressure you to say what the PIN is. At the least once you’re unconscious, you gained’t say what’s the PIN). Symbols/patterns to unlock cellphone are additionally weaker than PIN.
- Set PIN keyboard to be displayed in random sample so nobody will keep in mind the place if peeps over your shoulder.
- Disable delicate content material when locked in Settings/Notifications.
- In Settings -> Privateness, disable digital camera and microphone entry for apps.
- Test if encryption for machine is enabled. It must be by the default.
- Disable USB debugging in developer choices.
- Pressure every app to be locked by PIN (it’s attainable in LineageOS defend each app by system PIN and even disguise from the menu). Do it even for cellphone settings.
- Set lockout coverage to very brief time.
- Disable location, Bluetooth, NFC, flip of digital camera and mic entry
Root or to not root
I rooted my machine, and I management which apps has entry to the basis. It’s not essential to root, extra like optionally available.
I did these steps to root Pixel 3 with customized LineageOS, could also be helpful for somebody:
- Allow USB Debugging.
- Obtain and set up newest Magisk app.
- Copy boot.img (file downloaded in OS Set up step) to the cellphone reminiscence.
- Press the Set up button within the Magisk card.
- Select Choose and Patch a File in methodology, and choose the boot picture.
- Begin the set up, and replica the patched picture to your PC utilizing ADB:
adb pull /sdcard/Obtain/magisk_patched_[random_strings].img
- Flash the patched boot picture to your machine, reboot into fastboot mode and flash with command: .
fastboot.exe flash boot "magisk_patched_[random_strings].img"
- Reboot and launch Magisk app, and you will note a immediate asking for atmosphere repair; click on and anticipate the reboot
- Disable USB Debugging.
To not misplaced root on every LineageOS replace comply with these steps:
- Disable Computerized system updates in developer choices. So it gained’t set up OTAs with out your acknowledgement.
- Apply OTAs as you usually would (Settings → System → System Replace).
- Look forward to the set up to be totally finished (each step 1: putting in replace, and step 2: optimizing your machine, of the OTA), don’t press the Restart now or Reboot button! As a substitute, go to (Magisk app → Set up → Set up to Inactive Slot) to put in Magisk to the up to date slot.
- After set up is completed, press the reboot button within the Magisk app. Underneath-the-hood, the Magisk app forces your machine to change to the up to date slot, bypassing any attainable post-OTA verifications.
- After reboot information system shall be put in and you’ll nonetheless have root.
Apps
Major app it’s best to set up is F-Droid. To put in different secure and good apps and to maintain them updated. Then utilizing F-droid set up different helpful apps like:
You need to follow the open-source, secure, lengthy developed apps. Principally each android app has it personal different in F-Droid retailer. You possibly can all the time search for different on web site like Privacy Tools, and set up apps from the supply.
All the time confirm hash of apps you might be putting in with hash supplied by developer to ensure they weren’t modified by third social gathering. Earlier than you configure each app, verify subsequent step.
Torify all the pieces
InviZible Pro is nice app lets you torify all cellphone community visitors. When you’ve got root use root mode, if you happen to determined to not root you cellphone use VPN mode. In each case in Widespread Settings allow kill-switch. It will block web connection when Tor, DNSCrypt and Purple I2P are stopped. In Quick Settings allow DNSCrypt, Tor and I2P on boot and Route All Site visitors via Tor. Firewall choices ought to enable solely reference to Wi-Fi or VPN is determined by InviZible Professional mode.
This software combines Tor, DNSCrypt, I2P, Firewall, Kill switch and lots of extra choices.
I attempted configure all the pieces by my very own utilizing Orbot and AFWall+, however all the time one thing didn’t work, or was terminated. Then I discovered InviZible Professional app and all hours spent on configuration and tutorial I wrote for Orbot and AFWall+ feels ineffective. Somebody already did it accurately and put multi function.
You need to undergo all possibility in app and resolve what else you need to allow/disable.
I analyzed visitors on the router and I didn’t discovered any connection slightly than Tor visitors. I actually tried to broke issues on the system and app itself, however kill change all the time has labored.
Up to now I used to be utilizing customary cellphone which was related solely to the Tor router. Now due to that superior app I can do the identical straight on the cellphone.
More information
So, normally I’ve a smartphone related to the Wi-Fi, the place all visitors is routed via Tor. If Tor connection is damaged, web is reduce. I’m utilizing Riseup and Tutanota as electronic mail supplier. Riseup lets you join and use onion addresses for mail client, so even when there can be difficulty with configuration, if my visitors wont be torified I gained’t be capable to hook up with the mail server. Tutanota permits to disable IP logging. If you don’t belief any electronic mail supplier you may setup your individual mail server, and harden it correctly. For communication I select Session communicator and encrypted emails. Utilizing this configuration I might additionally set up for instance Signal app, or some jabber consumer with OTR or OMEMO assist like aTalk. Don’t overlook to decide on safe XMPP server. Listed below are some lists: Jabber.at, Jabberes.org, Jabberworld.info, or if you happen to belief nobody, setup your individual jabber server solely in your prison group xD.
I resigned completely from utilizing cellphone as cellphone itself, I’ve no bodily quantity, or sim card, and I can solely talk securely utilizing varied channels like apps or emails. It’s simply pocket PC with entry to the Web. Not a smartphone, however a anonymousmobileprivacysmartnetdevice. Yeah smartphone with out cellphone… so simply good xD.
It’s going slightly bit more durable relating to have cellphone quantity, with web information bundle, as for now I’m restricted to the working Wi-Fi. If I’d be touring and there shall be no Wi-Fi I’d in all probability be offline. However that’s could be additionally a part of technique. Don’t be on-line on a regular basis, however solely when in secure locations. Sadly, this additionally generally is a weak level, if a number of the location shall be compromised, or if somebody learns that that is the way it works, that when I’m in any of my locations I’m on-line, and after I journey I’m offline. This is the reason I’m including further chapter about cell information.
Cellular information
There are two strategy to deal with this. Utilizing cell hotspot on the opposite machine with nameless sim card, or utilizing nameless sim card within the cell phone itself. As I resigned completely from having cellphone quantity on this state of affairs I’m comfortable to make use of first methodology.
One other smartphone with sim card purchased anonymously, and registered for some pretend information, or different individual, not associated to me. Simply as a hotspot, to activate when wanted. Not all international locations required private information in the course of the cellphone quantity registration. Like for instance in my county there’s a variety of affords from our neighbors Czech Republic, the place registration is just not required. So sellers in Czech supply activated card and ship it to any location you need. You simply have to top-up card, once in a while utilizing some anonymously purchased top-up playing cards, or straight by bitcoins on services like this. Czech is only one instance. Browse eBay’s affords for anonymous or registered sim cards. 1000’s of affords. Simply select the perfect one, which could be top-up simply with some antonymous possibility or cryptocurrency.
On the finish, all cell visitors shall be used for Tor connection so even when somebody would intercept in some way visitors from cell phone used as hotspot, will see simply encrypted information. Additionally cellphone quantity itself won’t be associated to any prison actions. It simply present cell information for different machine.
Many operators present additionally eSim card, which is superb different to plain sim card. As you do not want to have any drop level the place card must be ship, as eSim is digital, however all the time double verify in case your cellphone helps eSim. For instance Pixel 3 have one chip for eSim.
Cellular quantity
If you really want a cellphone quantity to register some companies that require cellphone quantity, or for some other purpose, use web sites like SMS-Activate for digital numbers, or one time registration. For second quantity Vyke app can be different or Burner. Talked about earlier eSim options can be one thing to think about. You possibly can all the time use short-term and anonymous burner phone for particular event, and supply your quantity to different individuals utilizing encrypted chat app. When all the pieces ends, simply destroy cellphone and purchase new one.
OPSEC
All beforehand described ideas are nothing if you’ll act like a dumbass. Strongest encryption won’t defend you in case your cellphone shall be left not locked within the public place 🙂 So listed here are some good observe’s.
- By no means use your safe cellphone in not trusted places, not solely unusual Wi-Fi, but additionally bodily locations.
- By no means unlock your cellphone or enter the pin, if somebody is watching your display.
- By no means do something on the cellphone when it’s attainable, that display of your cellphone is watched, or monitored by some individuals, or cameras (metro video monitoring system, metropolis surveillance system and so forth.)
- TBH by no means use that cellphone in public locations the place there’s lots of people, who can observe you, attempt to steal your cellphone, or catch it when it’s unlocked.
- Use solely encrypted communication channels, and if attainable pressure auto delete messages timer. Delete emails you already learn and don’t want for later.
- Don’t keep in mind passwords in apps and browser, all the time use password vault, and for every exercise copy and paste password from vault.
- Use robust password for password vault.
- Arrange 2fa all over the place.
- Backup your cell phone stuff in safe and encrypted location, in case it’s important to destroy it and setup new one.
- Destroy cellphone in case in case you are in a lure, its encrypted, nobody will get any data from it. But when it is going to be working, somebody all the time will discover a strategy to pressure you to supply PIN.
- If attainable, setup auto wipe cellphone if PIN is entered incorrectly 3 occasions. Setup secure set off PIN, if somebody will enter it, cellphone shall be worn out. Then if cellphone is just not in your hand you may inform false pin and your opponent will wipe it for you 🙂
- All the time have backup machine in secure location in case if first one is destroyed/broken.
- Keep in mind that cell phone is simply further machine. For fast verify stuff and communication shut at hand. Your most important digital machine or laptop computer must be most important place for all the pieces.
- By no means purchase something in individual, or by bank cards associated to your actual title and id.
- By no means purchase any particular crafted software program for thieves, or providing nice anonymity. Use solely examined, trusted software program and companies with good fame.
- By no means go away your cellphone unattended.
- Be sure to separated all customary apps, accounts, numbers, companies from the one you might be utilizing as a prison.
- By no means take cellphone on the motion 😉
- In case you are utilizing customary sim playing cards and your cellphone is said to some numbers and mobile community, have a Faraday Bag to totally reduce it off if wanted.
- You can even use apps like IMSI catchers to detect uncommon/pretend cell towers.
- Maintain all software program and system updated, use solely trusted official repositories.
Right here can be attention-grabbing e-book to verify: Mobile phone security for activists and agitators.
Finish notes
A bit of bit chaotic. But when I’d be for instance a darkish internet market proprietor, and needed to have chance rapidly contact with coworkers, and clients, I’d be capable to handle my stuff utilizing smartphone configured on this manner. I hope so.
Luckily I’m not a prison and all that description and configuration was only a take a look at and a variety of enjoyable. Simply to verify whether it is attainable to attain some type of privateness and anonymity with the smartphone. If one other El Chapo want to have a safe cell phone, I can configure it for a part of the empire and the hand of the daughter, nah simply kidding, his daughter was not in my sort, and my spouse would kill me.
I hope the above tutorial could also be helpful for some whistleblowers, or people who find themselves at risk in some way and have to hold themselves nameless, and wish to speak in safe manner.
Please add your options within the feedback.