Going Dark

March 14, 2019

Not literally, of course, but shutting off some of the lights, at least, and changing the color of others.

Sometime since the first of the year, my cell number was added to a scammer mega-list, and my phone has essentially not stopped ringing. I’ve tried all the usual remedies and even went so far as blocking all incoming calls except those in my contact list, but it’s not been as successful as I’d hoped.

This, combined with pre-existing SS7 network infrastructure flaws and the recent rise in sim-jacking attacks, was enough to drive me toward making serious changes in how I communicate with companies and businesses.

Cell phone numbers have become a de facto form of identification and authentication by many institutions and corporations: banks, government agencies, utility companies, social media applications, email providers, and countless other services have adopted users’ cell phone numbers as the primary means of verifying identity. The issue here is there is no standard to which all users adhere. There is no requirement (legal or otherwise) for these organizations to maintain confidentiality of a user or customer’s cell phone number; they are free to sell or advertise the number to anyone they wish, and, as I mentioned in the opening paragraph, many of them do.

The staggering lack of care in user, client, or customer data by these companies and the resulting endless wave of data being released in breaches and unsecured databases has left a gaping hole in many people’s lives. Whether they are victims of identity theft, swatting, doxxing, impersonation, brushing, or any other type of electronic harassment, people’s lives are truly being affected by how little care is given to their personal details.

What if there was a better way? What if people took an active role in the management of their electronic footprint? We don’t have the same key and same lock to our house, car, office, post office box, gym locker, and tool shed, do we? Nope. Then why do we have only one phone number that we give to anyone and everyone who asks?

I don’t anymore. I decided to change things up and move away from the single lock/single key solution. It hasn’t been the easiest thing to do but it wasn’t super difficult either, taking some directed attention and creative imagination.

My wife thinks I’m crazy (I’m not). My friends and coworkers think I probably wear a tinfoil hat when they aren’t nearby (I don’t). But guess what? My phone’s not ringing anymore, and the only people who have my contact information are people who I want to have it.

Signs – It’s not paranoia if they’re actually listening, right? RIGHT?

The unfortunate and unnecessary side effect of this project is likely going to impact my communication with friends and family who won’t shift gears and entertain doing the same thing. This makes me sad but it isn’t deterring me and won’t stop me from trying to teach people about privacy and security.

Over the next couple of days, I’ll be summarizing the changes I’ve made and why I’ve made them. I fully anticipate there being issues along the way as I move from free-to-me services (are they really free?) to services I pay for but, in turn, value and respect my privacy.

The first thing on my list is the phone. I’ve been a fan of Android OS for quite a while and as a long-time AT&T subscriber, I had been rotating through the flagship of Samsung’s Galaxy line roundabout every other generation. I started with the Galaxy S3 before moving to the S5 Active and most recently using the Galaxy S8+.

These phones have been fine performers with solid battery life and high-quality builds, but they all came with some problems as it pertains to those interested in privacy. Both AT&T and Samsung have pre-loaded these phones with bloatware – apps that are often not removable but also rarely used by the user and definitely not by me whenever a choice to opt-out presented itself.

Android is also created and run by Google, the world’s largest data machine. They are top-notch in security, but privacy is another issue.

Phone Hardware

Formerly Used: Galaxy S8+ from AT&T

It’s been a great phone from the time I bought it and continues to be so. The issue I’ve run into is the degree AT&T and Samsung have embedded their software and applications into the basic Android operating system. From day one, I’ve not cared to use any of the AT&T or Samsung-native apps or services, including Bixby, Samsung Health, Samsung Pay, Samsung+, Samsung Connect, Samsung Gear, Samsung Health, Samsung Notes, Samsung Internet, Samsung Email, Samsung Phone, Samsung Messages, Samsung Contacts, Samsung Calendar, Samsung Clock, Samsung Gallery, AT&T Call Protect, AT&T Smart Wi-Fi, DirectTV, DirectTV Remote, Lookout, myAT&T, DriveMode, Smart Limits, Facebook,

Now Using: iPhone 7

Apple is notoriously strict about the apps and products they allow to exist within their ecosystem, and over time, I’ve come to admire and appreciate Apple’s dedication to their customers’ privacy when weighed against other large companies. As you can see from the graphic below showing attempted interactions between journalist Kashmir Hill’s devices during her Blocking the Tech Giants series for Gizmodo, the number of attempts from Apple to interact with her device is far, far, far different than the normal behavior exhibited by Amazon, Facebook, Google, and Microsoft.