➡ Law enforcement can easily track phone traffic if they know the phone number, and even if they don’t, patterns of calls can help identify individuals. The SS7 signaling protocol used by the PSTN has been a source of hacks into the system, allowing for interception of calls and texts, and remote control of phones. High-security phones can’t protect against this as the PSTN operates outside of the phone’s limits. The best security approach is to hide in the network’s complexity and work on invisibility, such as using Voice over IP lines that don’t require personal identification information.

➡ This article discusses the benefits of using a data-only SIM card and Voice over IP (VoIP) services for privacy. These methods allow you to make calls and send texts without leaving a trace in call records. The article also suggests using encrypted apps like Signal or Session for secure communication. Lastly, it introduces new privacy-focused products like the Brax 3 phone and a data-only SIM card with no KYC (Know Your Customer) requirements.

I hear this a lot. Please help me. I’m a targeted person and my phone is hacked. What should I do? Or something along the lines of how do I protect myself from things like wiretapping or stingray? These questions imply that the person asking is not truly understanding the communications landscape and is basically running blind without knowing where to actually go for solutions. I did a big picture video on all the threats facing phone users and there’s a lot of potential impediments to digital privacy and security. But today we’ll focus only on the phone network side of things.

This is actually pretty broad as there’s the phone network itself, which is called the pstn, the Public switch Telephone network. Then there’s the communications protocol inside this network that handles commands, text and switching that is outside of the voice traffic, and this is called S SS7. Then there’s the radio element with cell phones where your cell phone uses a baseband modem to talk to the cell towers. Then there’s the tools used by governments to intercept that cell tower traffic using IMSI catchers like a stingray type device. I will explain all this to you, but be forewarned, the phone infrastructure, with all the pieces I just mentioned, is the most heavily surveilled communication system ever in the world.

Every government has dips into this. And if you understand this, some evasion concepts like burner phones and hardened phones may be useless. On the other hand, too much fear will lead you to make assumptions about what data can be collected. This network has limits. If you understand the threat in full, it is possible to mitigate the threats, but in some cases it is impossible. So understanding is key. And if you want to be one of those don’t understand, stay right there. To set the stage, let me just say that John McAfee did not have a cell phone.

I know this because I talked to him. I’ve never communicated with Edward Snowden, but he stated many times that he doesn’t use a cell phone. And I presume Julian Assange would likely have the same philosophy, though I don’t actually know. Now, of course, these were and are highly targeted people, so they’re at the peak of those with digital security concerns. But this should give you a hint that they know something. Just keep this in the back of your head as we explain all the pieces. Public switch telephone network. The phone system we are so familiar with, which is characterized by phone numbers with country codes and area codes, is called the PSTN or the Public Switched Telephone network.

The main highlight of this system is the ability to connect to anyone using these phone numbers and the ability to do this is the switching part of the system. Back in the old days, you will see images of operators doing actual manual switching of calls using cables. Obviously this is done by computers now, but the switching today is handled by a communications protocol called SS7, which I will discuss later. The main thing I want you to focus on with the PSTN is that the phone numbers themselves are the beginning of the surveillance trail. In most cases, phone numbers are tied to identifiers using a government requirement called kyc.

Know your customer. I’m sure if you have regular phone service in the us you are aware of the requirement to show full ID and a Social Security number. They then use this to verify your identity. While listening into phone conversations, called wiretapping can easily be done. The more complex element here is knowing who is talking. The easiest way to do this of course is to track who owns the phone numbers. When you get one of these single use burner phones to call someone. That’s actually useless if the other person has a KYC number. It would be easy to identify callers just by past patterns.

And wiretapping would be done on all the people you knew. Now there are phone numbers that have no KYC and they are rare, but are usually voiceover IP lines and I’ll talk about that later. If you stick to the PSTN and you had a burner phone to talking to another burner phone, then you might think you can’t be identified. But three letter agencies have something called a voice print. So certain targeted people would be spotted by voice pattern and thus you’d still be found. Now let’s get into how you are found. The cell tower and the Internet.

It should be obvious from what I said earlier that the phone companies already know where you live since they send you the bill. But what I’m talking about here is knowing where you are when you’re not home. In the modern age, you have a cell phone and cell phone service uses cell towers. We all know this. But what is not understood is that your cell phone actually communicates via radio to the cell tower and that traffic is actually separated between Internet traffic and PSDN traffic. Let’s say you found yourself one of those data only SIM cards.

This means that your cell service is only for data and has no calling. Or to rephrase that, you only have Internet access. If you communicate with others using only the data side of the phone network, then you actually also skip the pstn. The data segment is trunked directly to the Internet versus the voice and texting side which is trunked to the pstn. Just to give you an example, if you’re using an app like signal or session which is over the Internet and these are encrypted apps, then you cannot be subject to wiretapping since you did not use the pstn.

Now obviously depending on whether your data only service had KYC or not, someone would know where you are because you are connected to a cell tower and the KYC would tell the attacker who you are. This is something that needs to be clarified. Cell towers provide a location and the cell network detects your radio transmissions. So it can switch towers depending on how close you are to certain towers. Since there are multiple records of your signal, then a carrier can perform cell tower trilateration or it is also called triangulation by comparing signal strength from each tower.

This is your radio phone announcement. Your rough location can be determined. This however is not super precise. It cannot pinpoint an exact house. For example, it is good for identifying a rough area which could be 14 mile to a 1 mile circle. The mistake is to assume that this is the main source of location tracking. It is not. The main source of location tracking is Apple and Google and your precise location within inches for Apple is sent over the Internet and to hq. The point I’m making is to state the limitations of cell phone location tracking.

So to put this in perspective, you take out your SIM card, you use your friend’s WI fi and your phone is a production iPhone or Android. While Apple and Google will know your exact location as long as you use the Internet. Apple will even know your location without the Internet since it will just communicate with other iPhones using the Airtag network called the app Mesh Network. Cell Signal Interception There are tools used to intercept cell signals from phones. This is not used much for wiretapping now as I will explain later, but the tool I’m talking about is well known by the name Stingray.

This is generically called an IMSI catcher. IMSI catchers work by fooling your phone into thinking they’re connected to an actual cell tower. And then your call traffic is intercepted with a man in the middle. MITM attack the more common use of Stingray devices is for proximity tracking. A device like this would be placed inside a building for example. Then all phones coming into the building would be identified. But even this is a secondary use scenario now because the better location tracking method for geo fencing is actually by Google and Apple, which again is more precise and uses the Internet and even third parties get locations from apps like that used by police tools such as Fog Data Science.

By the way, the only devices that are immune from this Internet based location tracking are the googled phones. The point I’m making here is that unlike a decade ago, Stingray is likely outdated and there are easier methods for surveillance and attackers who use the Stingray techniques will would have difficulty performing hacks on modern LTE networks. CALEA what changed in the last decade in the US is the advancement of the CALEA law, which is the Communications Assistance for Law Enforcement Act. This was enacted in 1994, but the main feature of the law was to change the hardware used in the PSTN to allow for interception of call and texting traffic.

And this hardware wasn’t in full use till 20 years later. Today, the capability to listen into any conversation or read any text is available to all of law enforcement. They can actually just access any call or text just by using a browser and this is enabled by equipment put in by phone carriers to allow this kind of interception. To even broaden this, the FBI itself keeps a database of all calls and texts and this is also available to law enforcement. Beyond this, it should be expected that the no such agency would have an even more detailed traffic of everything that goes on in the PSTN and would extend to the world.

So if a law enforcement official knows the phone number, then it should be a piece of cake to check the phone traffic. And if the phone number is not known, patterns of calls between individuals should limit the possibilities. Because of this, it seems like more effort to use Stingray nowadays. Although a Stingray could be used to identify unknown people in their phone numbers. For example, if there’s a gathering of unknown criminals and there’s a Stingray device, then the phone numbers can be acquired from that and subsequent surveillance can switch to using CALEA systems. SS7 I mentioned SS7 earlier and SS7 is the signaling protocol used by the PSTN.

So think of the PSTN as being segmented into voice traffic and then the switching commands to dial, hang up and send text is another segment called SS7. What makes SS7 significant is that it has been a big source of hacks into the PSTN system. For one, your cell phones are programmed to respond to commands sent via SS7 in your phones. There’s a dedicated computer or system on a chip SOC called the Cell baseband modem and several hacks actually exist, mostly used by state players, meaning governments to control things like having your phone dial out Send texts or the reverse.

You intercept calls and texts. Think of potential threats here, like being able to remotely have your phone dial out without you knowing and without a record. If your phone dials out, it turns on the microphone, so without your knowledge someone could be listening in. Another potential threat is someone intercepting your text messages, which is an obvious security threat because of the reliance on many online platforms on using SMS for for doing two factor authentication. Another procedure is to use SS7 to cause the phone to report its location to the cell tower. SS7 is a threat, it’s mostly from state level attackers.

But here’s an important trick. When you disable your SIM card, either through the phone settings or by physically removing a SIM card, then your device is no longer addressable by an SS7 attack. Myth of Hardened Phones Some communities push concepts like they have high security phones that are hardened. Now, I don’t know what their definition of hardened is. Typically they mean hardened against hackers. But just so you understand this clearly, the PSDN operates outside of the limits of the phone. So Harding a phone with whether one thinks is important for security will do nothing against the PSTN for several reasons.

First, the cell baseband modem on your phone is a black box SoC. It runs its own operating system and as already proven, has backdoors that allow it to be controlled and is beyond the control of Apple or Google. The baseband modem is controlled by Qualcomm and Mediatek. They have never open sourced their code and there are a ton of secrets hidden in their soc tied to patents they controls. So when it comes to the PSD inside, which is the main function of the baseband modem, no third party has control. Some insiders apparently have knowledge of the inner workings or secret code that makes these devices operate.

But commands to baseband modems are sent using something called hidden text, so there’s not even a record of the text being received. One of these threats is called the simjacker attack and the company that discovered it speculates that it is specifically a government backed door. For this reason, needing high security should really just skip the PSTN altogether as there is no way to protect against it via hardening. Security by obscurity The PSTN is an example of a case where a security approach often called security by by obscurity is likely the only workable solution. Security by obscurity means that instead of trying to block attacks through the pstn, using digital cybersecurity means that you just learn to instead hide in the murkiness of the network and work on invisibility.

As I stated, it is impossible to protect against the mass surveillance capabilities of the state inside the PSTN as it has many decades of laws, equipment and resources to perform this surveillance. For example, you really disconnect from the PSTN simply by disabling your SIM card or physically removing the SIM card. Why does this work? Well, the addressability of your device on the PSTN is based specifically on the phone number and the phone number is both an identity tied to KYC and it is also a direct link to a cell phone. Now here’s an interesting detail. If you use a voiceover IP line that has no kyc, then there is no hardware, there is no cell tower, there is no hardwired landline, so SS7 cannot be used to control or manipulate the device in any way.

Those surveillance can continue as far as intercepting calls and texts, but this is where you apply the security by obscurity. If the VoiceOver IP phone number is not known to belong to you, then the result is that the PSTN cannot report a cell tower location, an identity of a device using IMSI or imei, or an ID tied to kyc. This at least erases the mass surveillance threat. Just to make it clear though, this cannot be used by those who are high value targets. Like in the previous case of Osama Bin Laden, their voice prints were used extensively, but for normal people this is enough obscurity to retain privacy.

No KYC Voice over IP Lines There are many options available to do calling and texting outside of the pstn. For example, very common products people use are Google Voice and Viber. These products allow you to have a phone number, which means you can get calls over the pstn, but they’re a little insulated from the pstn, they work over the Internet and sometimes even using a computer instead of a phone, you’re still sending the calls through the pstn, but since there is no cell phone device then you’re insulated from hacks on that front like getting cell tower location or doing SS7 attacks on a device.

Just as a theoretical use case, you could have a phone that you connect on only to WI fi, meaning it has no SIM card. Then you use the Internet to make calls and text via some voiceover IP product that supports calls and texts. The problem here is that sometimes, like in the Google Voice case, you just exchange one surveillance system for another. Google Voice is heavily tracked and is connected to your other Internet actions and they can share even More information with government systems related to location, search, activity and every click on the Internet. And with the knowledge of your credit card, they got it directly tied to KYC anyway.

And this is true of the vast majority of VoIP providers. They almost universally require KYC info. But there are a few exceptions, very few. Over a year ago we released a no KYC product called Brax Virtual Phone and this allowed you to have phone numbers where we do not share any identity information with the carrier. This became the ultimate solution for security by obscurity, since without identity information, any kind of surveillance cannot be successful. For example, if two people were using brac’s virtual phone numbers and talked to each other on that, there would be no record anywhere about who those two people are, unless voice printing is used.

And that really is not a threat for normal people. Yet it is possible to still wiretap any conversation occurring over the PSTN as long as the parties and their phone numbers are known. Otherwise, without identities, that’s pretty hard to do. Now here’s an additional trick. VoIP lines are actually quite common in businesses. The vast majority of internal phone networks actually run on voip and then they connect to the PSTN via some trunk which they pay for separately, but inside the VoiceOver IP system. Let’s say you’re talking to an office mate in the same building, you would be on the same network and actually you would just call people by extension.

Well, since you did not use a public PSTN number, your conversation did not even enter the PSTN. So extension to extension calling does not access the PSTN. It is completely internal to the VoIP system. In some cases, if their voiceover IP system is internal hardware, it doesn’t even enter the Internet. Our Brack’s virtual phone service has this little trick available. Extension to extension calling. You could in fact use that shorter number and have pretty much secret communications. Data only SIM cards. One of the options available today is the use of data only SIM cards. I have to explain clearly what this does in as it can be a confusing concept to beginners.

First, as I said, the traffic on your cell phones actually are split into two segments. Segment number one is the data side which goes to the Internet, and segment number two is the calling and texting side which goes to the pstn. So if you’re understanding what I just said here, it means that a data only SIM card does not really use the pstn. It doesn’t announce a callable number. Since there are no incoming and outgoing calls registered to A number tied to the SIM card. Then the whole CALEA system would have no traffic associated with calls and texts.

It wouldn’t be in any records. The data side of course would connect to the cell tower in the usual way. There will be an imz, IMEI and all that, but all they would have is a continuous stream of Internet traffic. An interception of this Internet traffic is mostly a wasted effort on the cell network side because 99% of Internet traffic is encrypted by TLS. Now my last video talked about this kind of risk when someone plants fake root certificates on your device. But ignoring this, your normal Internet traffic would be protected. And if you add a VPN to the equation it would obscure things even more.

So what would be the point of a data only SIM card? Well, well it means you can have your typical expected services like texting and calling while on the road. But in order for this to work you must have only voiceover IP numbers since there is no direct connection to the pstn. Also it allows you to use an app like signal or session at any time and everywhere since you always have Internet. By the way, this is a service we will be adding soon as well as it is clearly an advantageous solution. If the service provides has no kyc.

This means another layer of protection but no exposure of identity. Landlines One of the big losses to privacy is the abandoning of telephone landlines. We are all tied to the cell network and hardly anyone uses landlines. But most homes are directly connected to the Internet via cable DSL which means you are still wired in some way. Now one of the best methods to circumvent a PST and surveillance is actually to have the combination of a no KYC service like PRAX virtual phone and physical phones used for VoIP called SIP phones. This would then be the equivalent of the old landlines.

This is actually not that far fetched now because practically all landlines now are based on VoIP though typically you get it from your KYC based cable provider. So let’s say two households both have this but using a no KYC provider, then they would have two non identified phone numbers and then if these parties call each other using the extension, then they’re not even sending traffic to the PSTN at all and you do not have records that show up in the FBI or CALEA databases limiting PSTN traffic. For most of us who are tied to the PSTN there is actually no reason to use the PSTN for most things.

Most families can communicate using a pre agreed upon app like all my family members know to use only Signal to talk to me. Signal, Session and other encrypted apps like these do not use the PSTN at all though I do not like that. Signal still ties identities to phone numbers but that doesn’t matter to family. Think about this though. While the PSTN is necessary with people you don’t know well, I don’t really think there’s much reason to put your life’s data on the pstn. The biggest concern here actually is texting or sms. If your family is using iPhones entirely then your phones automatically shift your traffic to imessage and that texting traffic disappears from the pstn.

This is also happening with Androids with with the use of the new RCS messaging, but I don’t personally want to entrust even these communications to a non trustworthy provider like Apple, Google or even Meta. The best is to just use some third party app that are publicly known as end to end encrypted apps and don’t belong to Meta like Signal and Session. Remember that all SMS traffic is stored in government servers. Every single conversation on text is captured and in most cases tied to a known identity. Sometimes you all need to go back and read what’s in your text messages and then you can evaluate for yourself if sending those text messages were a good idea.

Sometimes you need to tell the other party to move your conversations to a safer platform. Final Thoughts the solutions I give here are very important to the privacy conscious as it basically causes the majority of our activities to disappear from the mass surveillance grid. And in most of my teachings this is really all I’m shooting for. I’m really not interested in debates with people who claim they have nothing to hide and where this is not important to them. Back in the old days having privacy was considered important. Starting with the millennials, Big tech has convinced people that privacy is not necessary and mass surveillance both by big tech and government is a normal fact of life.

So everyone agrees with the mass surveillance built into the pstn and this is where the mass surveillance is most rampant. Now I will tell you some truths here. While what I’ve said here protects normal people who just want to live private lives without someone watching, the advice I give here will not help criminals. I will tell you in truth that the surveillance capabilities of the state are extremely advanced and this government surveillance is directly tied to big tech surveillance as well. So there are things that I did not say. This advice is for normal people. If you’re a high value target.

It is best to just disappear from the Internet completely. Best to move to Iceland. Best to Best not to have a phone Folks, in this video I mentioned several solutions that are actually directly tied to this topic. Again, for those that don’t know this channel, I don’t spend much time asking for donations. I instead just create products that compete in the open market and hopefully you find them of value. One of the newest products is the the Brax 3 phone which is an open source phone and is a community project. This phone uses open source ESIM code, no identity and does not connect to Google.

A future product we will offer soon is a data only SIM card with no KYC. Both these products will be handled on the site braxtech.net we have our main social media site braxme. Now this site has a store offering several important other services. There’s the Brax Virtual Phone. This is a recently launched product that offers VOIP numbers with SMS but is KYC free, no identity and it is very inexpensive. You can use this for two factor authentication to keep your numbers private. We have other products that are important in the privacy battle. We have bytesVPN to protect your IP address and and encrypt your traffic.

We have Brax Mail to allow you to create unlimited aliases and we have Brax routers. Please visit our social media site braxme. The store is there after you join. There’s a large group of people in the community who are there to help you in your privacy journey. Thanks for watching and see you next time.
[tr:tra].

See more of Rob Braxman Tech on their Public Channel and the MPN Rob Braxman Tech channel.