I find this a fascinating way to handle privacy that we have only seen done a handful of other times. I don’t think this fits the threat model of most users here, but I am curious more about IEMI number rotation as those are usually tied to the physical device and used for “blacklisting” stolen phones on most networks.
EDIT: Website of the company for those who care https://www.cape.co/
I was just going to post this article. This seems like a much more fleshed out product than INVISV’s, addressing my main concerns by seemingly rotating all identifiers instead of just the IMSI.
I would still need more details about the phone itself though.
For the offering to high-risk individuals at the moment, those users can get all of the IMSI, IMEI, and MAID rotations. Cape said when it rolls out more broadly to the public, that offering won’t include a physical phone or the same degree of identity obfuscation.
This will make it useless compared to the rest of the market though, if you can’t convince them you’re a “high-risk individual.”
IMEI is not the only hardware identifier for the device available to the cellular network. Changing the IMEi alone isn’t enough to hide the device identity from the network. It will only hide one commonly used ID rather than making the device not uniquely identifiable.
Carriers often detect device model via IMEI and multiple other ways as part of their standard operating procedure. They change how things work based on the detected capabilities but also hard-wired quirks for device models, etc. Devices send a lot of info on capabilities.
It’s possible to detect the devices with an IMEI not matching their capabilities/configuration or to detect that there’s a device with the IMEI changing repeatedly but the other device identifiers remaining the same. You could end up drawing attention to yourself by doing it…
This concept is inherently flawed. The cellular network is designed in such a way that is fundamentally hostile to privacy. Any attempt to ‘game’ the cellular network into being private consists of flawed half-measures providing a false sense of security at best. This article from CitizenLab (granted it’s a bit old at this point) gives some insight into identifiers beyond IMEI and IMSI. Also see this relevant thread from the GrapheneOS team.
Best I can tell, they are using Nothing phones (see clock font and glyphs quick settings tile), which doesn’t bode well for their focus on security, but at least they plan on expanding availability to other devices eventually.
The whole ‘prove you’re a high-risk individual like a celebrity but also you totally don’t have to give us any personally identifiable information’ thing is bizarre to me. Proving you are a high-risk individual would basically inherently require providing PII.
As others are getting at, use Airplane mode and Wi-Fi if you don’t want to be tracked. If Cape wanted to, they could easily correlate your various identifiers and still track your location over time.
If you’re a high-risk individual. If not, then just keep using cellular and don’t be paranoid.
If it works as-advertised, realistically, a service like this fits far more regular “concerned about mass surveillance” threat models than security solutions you’ll typically hear in the mobile phone space. This is a pretty clear cellular network privacy improvement that nobody else seems to be working on solving at all.
I think the percentage of people who are concerned about their device being tracked while they’re walking out and about is a lot higher than the percentage of people concerned they’re doing to be targeted by a 0-day Android malware from the NSA 
If it works, and is within what I am willing to pay for service, I would try it out. Just worried it might break things lol
Except that it’s completely flawed.
According to the article, you have a handful of IDs you can change through, either on a schedule (with randomness in time waited if wanted), or that change through geofencing. Cape is the one handling these IDs, and they are an MVNO so at the very least they wouldn’t do this if they knew they were breaking the law. I would also assume they are smart enough to not let 2 users have the same ID at once
I don’t know what to tell you besides that if you would actually read the article first and the resources already posted in this thread you would see these concerns have been addressed. There’s 0 reason to be making unfounded claims on this forum like you are doing.
Why would a new identifier in an area be more suspicious to observers than the absolutely normal occurrence of someone turning on a new phone they just bought?
Another interesting feature I’ll note:
In the first, users can set geofences around a particular area, meaning that when they enter that location—such as their home, place of work, or commute—the device automatically switches to a particular IMSI, IMEI, and MAID.
Regardless of identifiers, if you have a certain routine and/or use the devices near your home and/or other places you usually frequent, that device can still be associated with you. The only sensible solution to handle cellular modems’ privacy invasive nature is to keep the device powered off until you really need to use it, and to not ever turn it on near your home.
No, this is something that more people need to care about. As the article in the OP states, these companies were caught before selling user location data.
This includes the US Govt apparently…
In what way?
Perhaps fingerprinting based on network traffic. I am also concerned about whether a network observer can see you’re connecting to Cape’s mobile core and narrow it down that way, because Cape is obviously an incredibly niche carrier, or if it will appear as if you are connecting to US Mobile.
Definitely a lot of potential problems to worry about. I also noted this line from their website which seems to imply they don’t yet do the following (like INVISV did):
We are also studying the use of blinded tokens and zero-knowledge proofs to disaggregate subscriber information.
It’s a pattern. If a device goes from e.g. :near your home: to :near your workplace: daily, chances are that it belongs to you.
Even if you do this, if device A goes offline and device B immediately goes online in the same area, the devices are also immediately correlated. Might not be a certain thing on the first time you do this, but over time the degree of certainty can only increase
It still has to be identified somehow before you can do any of these things though…
Simply put: You’re covered, and secure no matter where life takes you.
unless life takes you outside the US
Sorry, but I don’t understand what you mean by this
If a device goes near your house and near your workplace there still has to be a way to tell that it is the same device before someone can say it belongs to you. If the identifiers are randomized, who’s to say that the device by your house and the device by your workplace are the same in the first place?
if I understand correctly, the identifiers are rotated periodically but not every 10 steps so there is enough time to create a pattern. And even if they were to be changed very frequently, an attacker should still be able to connect the dots, unless there was a crowd to blend in with (e.g if everyone also used a similar technology in their phones). If your identifiers change only on certain areas, that in itself creates a pattern too.
