My paranoia phone wishlist

Can’t find one, if you are looking for mobile security with reasonable
anti-exploit measures, but hey, you can get even one of those gold
plated phones, or some other unheard brand, just enjoy it.
This is the wrong audience to convince anyway, the majority of whom
are just afraid of their own shadow. Real security people don’t touch it,
show me one researcher or technical person who is excited about it.

To be clear about this, I’m not in favor of actively seeking IMEI conflicts for attack purposes. That’s criminal. What I’d like to see is the ability to alter my network footprint for personal privacy purposes. The user interface could reflect these intentions by only allowing unpredictable IMEI changes, and perhaps require a power cycle for each of them.

The moment you start being different among the general crowd, you will
defeat the whole concept of what -you- call privacy.
You network footprint can already be low if you use VPNs and avoid
plain-text calls and SMS.
Check the history of Blackphone and why it was a flop, but with a few
million marketing budget.

If you are going to drop (silently) all outbound traffic from an app then the TCP handshake won’t work (i.e. would be unable to establish a TCP connection to any host on the internet) which means that many pieces of software would just error out - but some crappy pieces of software might not check for errors at all and would blindly continue. :slight_smile:

If an app is using UDP exclusively and does not require a response at the application level then this might work.

By contrast, the iPhone is horrible. If you don’t “forget” the network while it is still in range, there is no obvious way to forget it ever. At least with a typical Linux system, you can presumably edit some text file somewhere in order to wipe out obsolete SSIDs, whether they are in range or not.

However I was suggesting something different: whether the obsolete SSID is remembered or forgotten, just don’t broadcast for it.

Whole concept? No. Is that a relevant consideration? Yes.

To that end, there would be improvements over typical Linux installs as to how well “browser fingerprinting” works (i.e. we want it not to work). Perhaps PureBrowser already deals with that out-of-the-box better than in a typical Linux install but if not, that is something to add to the original wishlist.