Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22
  1. #11
    Join Date
    Aug 2014
    Posts
    3,303
    We're accustomed to instant communication and feedback. We say too much and too often.

    There's a lot to be said for face-to-face in a controlled environment.

    Life takes time.
    Warrior for the working day.

    Es una cosa muy seria. --Robert Capa

    "...I ride the range in a Ford V8...Yippy Yi Yo Ki Yay." --Johnny Mercer

    "Can I move?...I'm better when I move."

    1, 0, 10. And a wakeup.

  2. #12
    Join Date
    Oct 2003
    Posts
    5,437
    There have been people who have communicated through phone games. While relying heavily on security through obscurity, you also need to factor in who the opposition is.

    Further, nothing says that this type of message drop can't be layered with other techniques. Hell, go with a true OTP and you're literally unbreakable.
    __________

    "To spit on your hands and lower the pike; to stand fast over the body of Leonidas the King; to be rear guard at Kunu-Ri; to stand and be still to the Birkenhead Drill; these are not rational acts. They are often merely necessary." Pournelle

  3. #13
    Join Date
    Apr 2014
    Location
    Southeast Florida
    Posts
    1,764
    As a matter of good practice, there is no reason anybody should be communicating with regular texts and phone calls anymore unless you have a good reason choose to (like inability to get Grandma up to speed using anything else, business, etc.). Signal makes it very easy to transition everybody you talk to frequently to at least make everything encrypted and running over data. It's very easy to activate and it identifies everybody by their cell number, so making connections is easy. You can hold voice calls, video calls, and do everything you currently do with text messaging. It makes it very convenient if you don't have cell signal but you do have access to wifi. As a side note, though, it's very easy to set up a phone to run regular calls and texts over wifi and I recommend everybody be doing that as much as possible regardless of anything else.

    In terms of security, you've at least made it harder to track you using your phone number--if you weren't aware, recently there was a story that revealed that companies like bond agents could easily locate any cell phone number for a fee any time they wanted to. If you keep your connection on wifi and off the cell network as much as possible, it's an improvement. You've also secured the contents of your communications much better than basic phone and texting. A downside of Signal IMO is that it is designed to identify people by their phone numbers, so the next step might be something like Wire which only identifies you with a user name of your choice.

    Once you have migrated your communications to a point where you only need a data connection, it would be very easy and simple to get rid of your actual phone account and replace it with a data-only connection, preferably always routed through a VPN automatically. If you want mobile data you could purchase that, and never give anybody the associated phone number. There's no reason you have to have your real name on the account, so if somebody looking for you doesn't know the phone number associated with your mobile data connection they don't know who to track. And if you still want to conduct phone calls, there are many options available for virtual phone apps that use a real number but operate on a data connection. So if that's the number people use to identify you, but it's not connected to your mobile data account, then they have nothing to track. And all of this could be done with a burner phone if you want to add another layer to it--a smart phone isn't as cheap as a basic cell phone, but it's getting cheap enough that it's an option.

    Obviously if you want to get really serious, you need to get away from the problems inherent in any smart phone today with the myriad of sensors included--the good news is that the market is finally working on offering alternatives, and I think the Librem is the first to be ready for market:

    https://puri.sm/products/librem-5/

    But simply using something like an iPod Touch in conjunction with a mobile wifi hotspot would be a big improvement over the typical smart phone.

    All of that is just part of how we live our daily lives, but setting up much better defenses in advance of any need for them. I know technically the NSA can crack almost anything eventually, but unless you are Osama Bin Laden they probably aren't going to focus their resources on you, so for all practical purposes as far as I know the actual connections in something like Signal and Wire are impossible to intercept. Of course, there is still exposure to bad user behavior, like not deleting messages, somebody taking a screenshot, or some kind of malice on the end of the receiver. I believe that's the biggest exploit we've heard about in the news the last few years, but that's a matter for the sender to figure out regardless of the system being used.

    Once the cell network goes down, it gets much more difficult because FCC rules specifically forbid attempts to conceal communications on the Amateur bands. If you have the money, then a satellite data connection is compatible with everything I discussed above, and in the future it's going to be a lot cheaper, but right now it's still expensive. Perhaps if you are technical enough you could rig up your own encryption setup for 2 way radio, but I'm not aware of anything commercially available that's plug and play.

    However, one thing you can do to eliminate the pool of potential eavesdroppers is to use some of the new digital modes that are becoming popular in Amateur Radio. These are radios that are available ready to buy and use (though they're going to be a bit more expensive than the cheap stuff being discussed from Amazon). Because the protocols are open source they meet the requirements of the rules, but anybody listening without the right equipment will only hear digital noise. They know there's a signal there but nothing else. Many government entities would not be set up to decode it--once again, it would take some focus on you before the necessary resources would be used.

    -------

    ETA: it's actually to your advantage that there are multiple competing standards for digital voice communications on VHF/UHF frequencies, because people tend to pick a tribe and not try to cover all possibilities. So if you pick one to use, there are plenty of hams out there who may be doing digital, but they aren't doing the one you're doing. I'm not up to speed on all the options, but with some research you could find out what's more popular in your area (this would be focused on repeaters, so it's in a directory somewhere) and then you could pick something else. The standards I'm aware of are D-Star (exclusive to Icom), C4FM (Yaesu), AMBE, DMR (I think this is the most popular in my area), NXDN, P25 (this is used by many gov agencies but few Amateurs), and there are probably others. Here's a sample of the DMR options available:

    https://www.amazon.com/slp/dmr-ham-r...g4za63a6vb6vgw

    ----------

    If you are talking on a repeater that is designated for that specific mode, then there may be others listening. But if you are on a simplex frequency the odds of somebody with the right equipment listening would be very low. As others have mentioned, hand held radios struggle to go more than a few miles at best directly, but a higher power setup installed in a vehicle with a good antenna can extend the range to 10 miles or more. For tactical communications in a group using low power, right now it would be an extremely private setup.

    One technical note--I saw somebody mention CTCSS/DCS tones. Be aware that is only used to filter what is heard on the receiving end. Your transmissions are still open, but on the receiving side if the codes are applied they will not hear your transmission unless it includes the right code. This is used to avoid hearing interference noise, but it does not give you any additional privacy.

    The radio stuff is a fun hobby, but for all practical purposes most of us can expect the cell networks to be operational and should focus on improving our OPSEC in our daily life protocols. Another cool option that opens up more possibilities are devices that interface with the smart phone but are not using cell networks. For example, with these devices you can set up your private network off-grid that is encrypted:

    https://gotennamesh.com/products/mesh

    https://www.gotoky.com/highlights

    https://beartooth.com/

    https://www.indiegogo.com/projects/s...mmunications#/

    https://www.radacat.com/products

    Etc. These devices appear to be mostly using frequencies similar to the cell networks (800-900 Mhz) so range is going to be limited without extending the mesh, but the cool thing about that approach is that if one user can't connect with another, their messages can be routed through a 3rd who is in the middle and can connect to both. If you have a dedicated team approach to this stuff then you could have a lot of fun with this kind of device and it's going to give you almost complete privacy and anonymity, and no license is required.

    Hope some of that is useful to somebody, you've tapped into an obsession of mine.
    Last edited by mike135; 09-29-2019 at 04:35 PM.

  4. #14
    Join Date
    Mar 2009
    Location
    PG County, MD
    Posts
    816
    superb post!

  5. #15
    Join Date
    Mar 2013
    Posts
    1,168
    Securing contents of a communication by obscuring them with code words seems insufficient.

    With enough observation, time, or context a person can piece together what code words mean.

    In software we talk about "Security through Obscurity" which is universally accepted as a poor means of securing communications.

    using code words is one example. Using an unusual frequency for radio comms is another. Nothing is really secured, it's just obscured - harder to figure out.

    As with any security, the key is layers.

    One layer is encryption in transit. For you and I that would mean using VPNs, encrypted services, or expensive digital radios for communications. This takes even plain text communication and encrypts it before sending it, then the receiver decrypts it before consumption.

    A second layer is encryption of the message itself. That's different than using code words. The words in the message are scrambled using a cipher before transmission, then unscrambled using a cipher after reception. There are apps that will encrypt text for you, but you and the target will need to agree on encryption format. You will also need to learn about public / private keys for encryption/decryption.

    Add on some obfuscation through code words and unusual / hard to find communications methods and you're in a much better state.

    For real time communication, you should also take into consideration identity and authentication: verifying identity before accepting a message.

    Electronically we often do this with a username / password but that really is not sufficient anymore. Most websites have moved on to what is called Multi Factor Authentication where there is another layer to authentication that verifies your identity based on some piece of information sent by the target to you by a different means (a pin pushed to your phone for example).

    Finding a way to verify identity based on at least 2 factors would be ideal.

  6. #16
    Join Date
    Oct 2012
    Posts
    399
    I think this is relevant. I live in the Seattle area, a major metro location. Last year we had a crazy storm and lost power for 3 days. During that time we lost cell service completely. Our carrier is Verizon, so a pretty shocking development. My point is that cell service is unreliable during power loss, so alternate comms like you are describing are vital.

  7. #17
    Join Date
    Jan 2014
    Location
    Snohomish County, WA
    Posts
    1,891
    Quote Originally Posted by stankasz1 View Post
    I think this is relevant. I live in the Seattle area, a major metro location. Last year we had a crazy storm and lost power for 3 days. During that time we lost cell service completely. Our carrier is Verizon, so a pretty shocking development. My point is that cell service is unreliable during power loss, so alternate comms like you are describing are vital.
    If you are a HAM, the PNWDIGITAL.NET DMR network has a pretty good footprint in the region with some talkgroups crossed over to Brandmiester. DMR does rely heavily on the internet to link repeaters, so still some risk of outages in service during bad weather or ???.
    The government selectively enforces laws, so I selectively follow them.

    RGF-3: December 2014
    CRG-1: March 2015
    CRG-2: June 2015
    CRG-2: June 2016
    PGF : January 2017
    0-5 Feet: October 2018

  8. #18
    Mike135, incredible post.

    Digital radio is a new frontier, for sure. From what I have seen in person, D-Star is incredible. Huge capability. Fully digital encryption available. 256kbit, with integrated, software defined key switching and frequency hopping. By the time that someone can crack what you're saying, you're gone, and the information is likely too stale to act on.

    I have used PRC-148 and 152 clones to some great effect with a few buddies. We have extended the range on the 10W unit and a 4 foot whip antenna out to over six miles on relatively flat, but suburban, terrain. The 152s can also be set up as a mobile repeater, so with three (or more) units, you can effectively reach out to 18+ miles, terrain and conditions permitting. That's a pretty intense operational area.

    Next, the 152 clones also have a Cypher Text mode, where you can use a 5 (I think?) digit keycode for cypher.

    The newer model 152s can transmit at 1w, 5w, and 10w.

    Finally, the radios are not frequency limited, which lead to the FCC to recently ban their import. This means that you can operate on extremely uncommon frequencies (such as those reserved for device-to-device communication), in cypher text, with repeaters, pretty significant ranges, while mobile. By the time anyone who isn't well trained and well equipped even realizes that there is activity out there to monitor, and then determines a need to break your cypher (which isn't hard, but takes recognition and training & equipment), you may already be gone.

    Especially if you are utilizing BREVMAT and other forms of high brevity, partially encoded transmissions.

    The same can be largely reproduced with several models of Baofengs.

    As a patch-in for comms, especially when you are specifically trying to stay off conventional (read: cell) comms / conventional comms are down, there is a lot of capability there.
    There is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never care for anything else thereafter.
    ~Ernest Hemingway

  9. #19
    Join Date
    Aug 2010
    Location
    Third Coast
    Posts
    4,273
    We were talking Satphones as an option. A couple of years ago I went to satphone store and bought a satphone. Satphone with the plan rean about $650 to get started. Monthly plan runs $60 a month with 60 minutes included and rollover of unused minutes. After 60 min they dont cut you off but it is close to a buck a minute.

    Fast forward to now and I have somewhere around 1000 minutes in rollover (phone was for hurricane and remote areas) and always worked (with sky line of sight)

    So the costs for sat phone capability have come down significantly for a system you wont use all the time

    just a thought
    NEVER CONFUSE GETTING LUCKY WITH GOOD TACTICS (unless you are at the bar)

    I'm not in the business of Losing

    A stab to the taint beats most of the mystical bullshit, most of the time

  10. #20
    Join Date
    Apr 2014
    Location
    Southeast Florida
    Posts
    1,764
    Good comments, inspired a couple more thoughts...

    Regarding satellite, I don't track it closely but I know some big companies like Google, Facebook, SpaceX, etc. are involved in efforts to dramatically increase the options available. Hopefully it will soon get to the point that it's an affordable option for all of us to have as a backup--once you get data access all of this becomes very easy and simple.

    https://bigthink.com/philip-perry/in...high-speed-web

    Regarding noonesshowmonkey's post, depending on how pirate you want to go there are a lot of options available with minimal risk. The enforcement mechanism is cumbersome and the logistics are challenging, so again unless you are Bin Laden with the Eye of Mordor on you then it's very easy to skate under the radar.

    If you are using a 2 way radio, anybody within range of the signal can see you transmitting if they are monitoring your frequency, but the only way they know where you are is by triangulating your signal. That means if you are static that one person with a directional antenna array can take a bearing from multiple locations and zero in on your location, but you have to be transmitting while they are ready and you have to stay in the same location. They would need to collect data from at least 2 and probably 3 locations before they can start tracking you. And that assumes that they are on your frequency in the right location waiting for you to transmit. Alternatively if it's a team working together they have to all be set up in the right area to be able to detect your transmission at the same time to get bearings to combine on the map.

    That kind of effort is usually only expended when somebody becomes a nuisance, for example if they are interfering with activities frequently on a ham radio repeater. The hams spend their time doing it when it affects them personally, but I can't imagine what it would take to get that kind of focus on you if you aren't bothering anybody. If you are on frequencies outside the Amateur bands that aren't owned by somebody local who is trying to use them, and you aren't having long conversations, the probabilities of somebody trying to track you down are very low. If you go further and encrypt/digitize your transmissions, then anybody who's scanning around might not even know that you are doing something illegitimate. They might just think it's just some digital device communicating with another device.

    Once you go mobile, the odds of being tracked are practically zero. People in law enforcement are familiar with the LoJack system, and that relies on the equipment being installed in lots of LE vehicles so when a signal is activated hopefully there will be somebody nearby to track the transmission, but all of those are focused on a specific frequency where they are expecting the signal. You would have to be a high value target for government resources to be deployed with the intention of tracking you down. It's much easier when they are tracking you via the mobile device in your pocket that is reporting your exact location to them!

    So if it's just a disaster or something temporary like that and you are talking locally within your group openly on a random frequency the most that might happen is somebody might show up on the radio and ask you to stop. If you are using a digital mode or encryption then for all practical purposes you would be secure/private. If it's a more adversarial scenario where you need to avoid the authorities for some reason, some combination of digital/encryption with frequency changes (coordinated in advance, perhaps with code words for various channel designations, etc.) and good radio discipline would probably be more than sufficient to stay under the radar.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •