At this point, my ultra-private iPod phone is setup and ready to use. If you choose to follow a similar course, it is important to define how you will actually employ the device before you start to use it. This will also dictate the tradecraft you should undertake to support your use case. As I see it, there are essentially two ways this device can be used. Both will make you more private and secure. It is up to you to decide how far you need – or want – to take it.
Use Case 1: Total Anonymity
Total anonymity is a very hard act to pull off. Users in this category have immediate concerns falling into the “life or liberty” category. They are operating against an adversary and use would use this device to protect both their identity and the content of their communications.
I have previously mentioned that Signal (or any other encrypted messenger, really) cannot hide your metadata. Using an iPod, rather than an iPhone, takes a lot of players out of the loop, but metadata is still being created…somewhere. If you start calling your usual Signal contacts on your new device, the metadata will very quickly reveal the owner of the device. For this tool to be a truly effective tool for anonymity requires two-party participation. This means that those with whom you communicate will have to take similar measures. This may be cost prohibitive. You should also be aware of other factors that may pierce your anonymity. Public Wi-Fi hotspots without attending security cameras may be difficult to locate. If your life depends on anonymity, you should scout these locations well in advance of connecting your iPod phone.
OPSEC for this threat model: There are a couple of operational security measures you may wish to take with a similar device. Some of these I have covered previously in this series but they are worth reiterating.
- Do not connect to your home, office, or other network to which you have associated your true-name devices.
- Do not turn Wi-Fi or other interfaces on within range of your other devices. A sufficiently sophisticated adversary could access this which would reveal your true identity. Even if your other devices are not in your true name they could be turned into eavesdropping devices by certain adversaries.
- Be wary of security cameras at public Wi-Fi hotspots.
- Leave Wi-Fi off when the device is not in use. It can – and already is – used to track your location.
- Don’t forget to “forget” Wi-Fi networks you have used prior to turning Wi-Fi off. If you consistently use the same networks I recommend storing their SSIDs and password managers elsewhere, like in a password manager or Notes (which can now be encrypted).
Use Case 2: Enhanced Privacy
This is a much more realistic goal for most. My iPod phone, while not completely anonymous, does offer an outstanding privacy layer – even though I have blogged about its existence. I can now give out a phone number that is not tied to my name, cellular account, or any other account, and that can be reached only through Signal Private Messenger. I can turn the device off and have high confidence that it cannot be tracked by cell towers or remotely activated.
My After-Action Review
First, this is a fully workable solution. From start to finish, I was able to do every purchase with cash or gift cards (which I purchased with cash). The device functions as a phone, but requires me to be constantly tethered to Wi-Fi.
Mistakes: Even though I was extraordinarily cautious, I still made a major mistake. I turned the device on at my house. This was a ham-fisted move, but one I thought I could get away with. This was the initial power-up, where I stupidly forgot about the setup screens I would have to navigate. I assumed I could immediately put the iPod into Airplane Mode, and then manipulate the settings at my leisure before taking it into the wild to connect with the internet. I didn’t connect to the network, but the iPod did, if only briefly (a very relative term) “see” the network. Does Apple have this information? The short answer is: I don’t know but probably. If my life or liberty depended on true anonymity I could not trust this device and would be forced to start from scratch. There is a good lesson to be learned here: privacy and security are hard, and anonymity is even harder. If you pursue these phenomena long enough and hard enough, you will make mistakes.
Compromises: In addition to allowing the device to see my home network, I also had to make compromise. Due the writing about it with screenshots, I had to make a compromise and connect it to my MacBook. This was for photo transfer only (through AirDrop). I am sure this creates a log in both devices, but again, I am no longer shooting for total anonymity with this iPod.
Additional Apps: This is another compromise. The orignator of this concept only installed and used Signal. I wanted slightly more capability out of my ultra-private iPod Phone, so I added two additional apps. First, I installed a VPN application. This gives me a bit more security, routing my Signal traffic first to a remote server through an encrypted tunnel. It also ensures that at least some of the data that is being sent in the background (which I attempted to minimize through device settings) is encrypted. It should be noted, however, that iOS devices do not route certain data through a VPN, including push notifications and iMessage/FaceTime.
The other applications I installed is MiniKeePass. This is an iOS-friendly fork of the well-known KeePass password manager. This allows me to securely keep up with my iCloud and Apple ID login information, VPN credentials, and any other sensitive information I may need to store on my ultra-private iPod phone.
Usability: I was somewhat surprised to find how easy this setup actually is to use. Despite requiring a set of headphones with an inline mic. Finding public Wi-Fi hotspots is not difficulty, and Signal calls are not overly data intensive and work even on relatively slow networks like those in hotels.
This was an incredibly rewarding experiment. In the near future I will probably set up another ultra-private iPod phone and reserve it for totally anonymous usage. Or will I…? Just kidding – I most likely will. Not only is this device incredibly private, it is also convenient and relatively inexpensive. Being thinner and lighter than an iPhone (and much less expensive) the iPod Touch would make a great backup phone (with iMessage and FaceTime capability) or phone for your “go bag”.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.