According to 01Net’s PGPP, the mobile app that makes your trips invisible
. news, I share all my suggestions, recommendations and opinions about PGPP, the mobile app that makes your trips invisible
with you. Details are below…
American researchers have launched the Pretty Good Phone Privacy (PGPP) service, which has the good idea of decoupling subscriber authentication from its connection to the network. No more geolocation by IMSI identifier!
We all have a smartphone and, therefore, we are all permanently geolocable by our mobile operator. How ? Thanks to a unique identifier stored in the SIM card and transferred to the operator when the terminal connects to the network via a relay antenna. In 4G, this identifier is called IMSI (International Global Subscriber Identity), in 5G it becomes SUPI (Subscription Permanent Identifier).
Thanks to this transfer, the operator can authenticate the user and verify that he has indeed a right of access to the network. And by the way, he can thus know where this subscriber is, since he knows the relay antenna where he is connected. For the forces of order, it is obviously blessed bread, because they can thus locate the suspects, whether in real time or a posteriori within the framework of a judicial investigation. In police jargon, this is called “telephone boundary”.
The IMSI is rendered useless
But for paranoiacs and freedom activists, this architecture is an absolute horror, worthy of appearing in a novel by Georges Orwell. This is why two American researchers, Paul Schmitt and Barath Raghavan, created another one. Called “Pretty Good Phone Privacy” (PGPP), it breaks this surveillance and makes the movements of subscribers much more difficult to spot. They presented their technology in 2021, at the Usenix conference. A year later, they are already implementing it with the launch of a commercial service in beta version, through their company “Invisv”.
This is a virtual mobile operator that interconnects with most operators in Europe and the United States and only offers mobile data services. There is no traditional telephony, nor SMS, because the routing of these two services is based on the IMSI/SUPI. However, the architecture imagined by the two researchers precisely ignores this identifier. It exists, but it is useless. This is why Invisv can assign it a random value that changes regularly, or at the request of the client.
To manage the connection to the network – and incidentally billing and roaming – the researchers created a gateway called “PGPP-GW”. It receives from subscribers access tokens called “PGPP Tokens” which have been distributed beforehand and which are not linked to the identity of the subscriber. An internal kitchen then makes it possible to remunerate the operators according to the use made.
By decoupling authentication and network connection in this way, it is much more difficult for the underlying mobile operators to track someone. This technology also reduces the risk of local monitoring by IMSI Catcher, although this risk should disappear anyway with 5G where IMSI/SUPI are end-to-end encrypted. But Invisv doesn’t stop there.
Anonymization of the IP address
Its service also includes an anonymization of the IP address, thanks to the use of a double proxy. Requests are first sent to Invisv without being decrypted, then routed to the Fastly provider, before going to the requested server. ” Neither Invisv nor Fastly can tie your IP address to your internet traffic, which means that unlike a VPN, there is no single point of surveillance “, can we read on the company’s website.
Invisv’s service currently only works with Android devices compatible with eSIM technology. To access it, it’s simple: just install the mobile application “PGPP – Mobile Privacy” on Google Play. However, you have to have deep pockets. The service costs at least $40 per month. At this price, the subscriber benefits each month from a traffic volume of 9 GB and 8 changes of IMSI/SUPI. For $90 per month, you can have unlimited traffic volume and 30 IMSI/SUPI changes. This is the price to pay for avoiding general surveillance.