alt Hacker News>Identifier Rotation
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
Replies
I saw somewhere - it's not like "I know a friend" but literally read somewhere - IMEI is just configurable with standard cracked virus-loaded copies of QXDM :p
But realistically, none of that matters. You'll be the only one in 10 miles with this SIM that always uses an never-before-seen IMEI that connects to the exact same set of domains. That's some mall ninja stuff.
Carriers don't just log IMEI/IMSI, as well as last hop cell towers and your precise location, they need those information to route packets back to the phone. You can't establish TLS with bogus IP addresses. That's why people like Stallman or unnamed friend of a friend ex-CIA guys on Internet says cell technologies are evil mass surveillance tools.
Also even if the IMSI rotates… the authentication Ki to the network doesn’t!
Whoops.
Hi -- Head of Product at Cape. This is a good question. I will say up front there is no silver bullet for privacy on cellular networks given the way they were designed to interoperate. Our strategy is to offer many different protections that collectively make it harder for your activity to be tracked.
The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.
Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.