August 16, 2021

Network security researchers unveiled a plan called Pretty Good Phone Privacy that can hide the locations of wireless users so that carriers would not always know where users were.

This is done with a basic software upgrade that can be performed by any operator without the need for major infrastructure changes.

To make it more difficult to always track a user, wireless standards assign each device a random, rotating ID after the initial International mobile subscriber identity (IMSI) exchange. This means that protection functions are already integrated into the system.

Pretty Good Phone Privacy, whose name is a tribute to the pioneering communication encryption program Pretty Good Privacy of 1991, aims to do just that by reinventing the billing verification that networks perform. Researchers suggest installing portals on every device and using an app or operating system function that regularly checks with a billing server whether a user is in good condition.

The system would then release digital tokens that do not identify the specific device, but only indicate whether the connected wireless account has been paid for. If the device connects to a cell tower, the exchange through this portal would duly take place for a “yes” or “no” about whether a service should be provided.

The researchers also found that if the system has a different way of validating billing status, it can accept the same IMSI number or random ID for each user.

The plan was revealed Thursday at the Usenix security conference by network security researchers Paul Schmitt of Princeton University and Barath Raghavan of the University of Southern California.

Overhauling some billing systems and distributing an app to users would be much more manageable for mobile operators than major network overhauls. Raghavan and Schmitt are turning their research into a start-up to facilitate the marketing of the project among U.S. mobile operators.

For more information, read the original story from Arstechnica.