[Replicant] forum: question about information known by a cellular network provider

Josh Branning lovell.joshyyy at gmail.com
Tue May 21 22:58:47 UTC 2019


I can give guesses/probabilistic answers to these questions ...

On 20/05/19 10:17, Fil Lupin wrote:
> Hi,
> 
> I forward a question concerning Information known by a cellular network 
> provider while using and not using internet asked on the forum 
> (https://redmine.replicant.us/boards/33/topics/15152) :
> 
> ------
> This topic is not related to replicant but as it related to privacy, I 
> am posting here.
> 
> I am trying to guess what a cellular network provider (or just network 
> provider) would know while using and not using internet.
> 
> I am using the term static content for details that don't change often 
> and dynamic content for details that change often. The content in bold 
> is which I am not sure whether it is known by the network provider.
> 
> 1. While I am not using the internet:
> The network provider would know Non-internet based static content such as:
> personal information including address

Probably

, occupation,

Possibly if data is linked

  proof of identity,

Possibly and if data is linked

> etc (if given/required during purchase)
> sensitive personal information including as bank account details

Possibly

, etc,
> device details such as *IMEI number?,

Likely

  Serial number?,

Dunno

  operating system?,

Dunno

> type of device (smartphone, tablet etc.)?, MAC address of the device?*

Probably

  etc.
> 
> [Note: I am not sure whether content such as IMEI number, operating 
> system, type of device (smartphone, tablet etc.), MAC address of the 
> device would come under non-internet based content or internet-based 
> content]
> 
> The network provider would know Non-internet based dynamic content such 
> as network-based location (which cell towers I use),

Yes

  call detail records

Almost certainly

> (who you called and when),

V. Likely

  text message details (who you texted and
> when),

V. Likely

text message content,

V. Likely

payment history

Extremely Likely

etc.
> 
> 2. While I am using the internet:
> The network provider would know Internet-based dynamic content such as 
> IP address,

Probably

  bandwidth consumption

Probably

, location via GPS (if GPS is turned
> on)

Possibly, though not sure.

, *browsing content and history (including the date, time and
> duration of the internet session)?

Probably. If the site uses SSL/TLS then cannot see the content on the site.

, the apps running on the device?,

Possibly, if they wanted to.

> data sent and received by the apps?*.

Probably

> 
> 3. While I am using the internet via a VPN:
> The network provider would know Internet-based dynamic content such as 
> the VPN's IP address, bandwidth consumption, *location via GPS?*.

I think VPN, they'd know the IP address of the provider.

They'd know the bandwidth, though it'd be obscured.

Within reason, they shouldn't know GPS.

A VPN is pretty much just shifting the responsibility of trust.

Ie. from the ISP to the VPN provider.

There are technologies such as VPN chains, proxy chains and other which 
can technically remove some of the responsibility of trust in third parties.

> 
> Some info I got from another forum is that *apps created using 
> technologies/terms such as JSON, TNA, SDK and GPS would receive/send 
> data while using the internet i.e. Internet-based dynamic content*
> (JSON = JavaScript Object Notation, SDK = Software Development Kit, TNA 
> = Truly Native Apps)
> 
> Feel free to comment for any modifications if required for the above 
> details.
> 
> ------
> I gave a first answer about IMEI local storage.
> 
> - Fil Lupin.
> 
> 
> _______________________________________________
> Replicant mailing list
> Replicant at osuosl.org
> https://lists.osuosl.org/mailman/listinfo/replicant
> 

Cheers,

Josh


More information about the Replicant mailing list