American researchers have launched the Pretty Good Phone Privacy (PGPP) service, which has the good idea of decoupling subscriber authentication from its connection to the network. No more geolocation by IMSI identifier!
We all have a smartphone and are therefore all permanently geolocatable via our mobile network provider. As ? Thanks to a unique identifier stored on the SIM card and transmitted to the operator when the terminal connects to the network through a relay antenna. With 4G this identifier is called IMSI (International Global Subscriber Identity), with 5G it becomes SUPI (Subscription Permanent Identifier).
Thanks to this transmission, the operator can authenticate the user and verify that he actually has the right to access the network. Incidentally, he can thus know where this subscriber is, since he knows the relay antenna to which he is connected. It’s obviously a stroke of luck for the police, as it allows them to track down suspects, whether in real time or afterwards as part of a judicial investigation. In police jargon, this is called the “telephone limit”.
The IMSI is rendered unusable
But for paranoiacs and freedom activists, this architecture is an absolute horror worthy of a Georges Orwell novel. For this reason, two American researchers, Paul Schmitt and Barath Raghavan, created another. Dubbed ‘Pretty Good Phone Privacy’ (PGPP), it breaches this surveillance and makes it much harder to detect subscribers’ movements. They presented their technology at the Usenix conference in 2021. A year later, they are already implementing it with the launch of a commercial service in beta version through their company “Invisv”.
This is a virtual cellular provider that connects to most operators in Europe and the United States and offers only mobile data service. There is neither conventional telephony nor SMS, since the routing of these two services is based on IMSI/SUPI. However, the architecture devised by the two researchers ignores precisely this identifier. It exists, but it’s useless. For this reason, Invisv can assign it a random value that changes regularly or at the request of the customer.
To manage connectivity to the network—and billing and roaming along the way—the researchers created a gateway called PGPP-GW. It obtains access tokens, called “PGPP tokens”, from subscribers that have been previously distributed and are not linked to the identity of the subscriber. An internal kitchen then makes it possible to remunerate the operators according to use.
By decoupling authentication and network connectivity in this way, it makes it much harder for the underlying mobile operators to track someone. This technology also reduces the risk of local surveillance by IMSI Catcher, although with 5G where IMSI/SUPI are end-to-end encrypted this risk should disappear anyway. But Invisv doesn’t stop there.
IP address anonymization
Its service also includes IP address anonymization thanks to the use of a double proxy. Requests are first sent to Invisv without decryption, then forwarded to the Fastly provider before going to the requested server. ” Neither Invisv nor Fastly can link your IP address to your internet traffic, which means that unlike a VPN, there isn’t a single monitoring point ‘ we can read on the company’s website.
Invisv’s service currently only works with Android devices compatible with eSIM technology. Access is easy: just install the mobile application “PGPP – Mobile Privacy” on Google Play. However, one must have deep pockets. The service costs at least $40 per month. At this price, the subscriber benefits from a traffic volume of 9 GB and 8 IMSI/SUPI switches every month. For $90 per month you get unlimited traffic volume and 30 IMSI/SUPI changes. This is the price to pay for avoiding general surveillance.