Some time ago I read an amazingly good article on using an iPod Touch as a secure/private phone. I love the idea, and I have thought about it for quite a while. An iPod Touch is remarkably similar to an iPhone, but potentially far more private and secure. Recently I decided to try it for myself and see how easy (or hard) it would be to set up. I also had unanswered questions about its actual use. Part 1 of this article will cover device procurement and the lengths I went to for anonymity’s sake. Part 2, 3, and 4 will cover setup, and Part 5 will cover actually using my new, ultra-secure and private iPod phone.
Why an iPod is More Private and Secure Than a Phone
Why would I go to all this trouble to setup a device that is far less capable than an iPhone, even one that is three or four generations old? It is the very lack of capability that makes an iPod desirable. First it does not have cellular connectivity. Mobile phones are tracking devices. They must “know” where they are in relation to towers to provide you with service, which means they can be easily tracked. Secondly, mobile phones – even when powered off – can be remotely controlled by sophisticated adversaries. The iPod Touch is a far less complicated device. It has neither an IMEI, the unchangeable number associated with a mobile phone, or SIM card (or MEID, ICCID, SEID, etc.). The screenshots below illustrate this far more succinctly than I can. It cannot attach itselt to a cellular network, or be tracked by one. I does have a MAC address that will be associated with the Wi-Fi networks I use, but I can carefully manage those, which we will discuss more in later in this series.
Procuring the Platform for My Ultra-Private iPod Phone
My first step was to find an iPod Touch†, the platform for my private iPod Phone. With the speed of technology I wanted to the latest model possible. To do things as anonymously as possible, I initially wanted to get a used one. Though this might create linkage with the original owner, I thought this was preferable to purchasing in-store. There would be no security cameras, or at least not ones that are directly correlated to purchase date/time stamps. I could also find one in the major city an hour from my home to meet the seller, and meet her at a big shopping center to prevent my vehicle from being seen. To minimize any risks associated with me, I would also thirty days after my purchase before beginning my setup. This would ensure that the owner’s memory of me would have faded sufficiently.
Finding and contacting a seller without creating linkage proved to be a challenge. Obviously I couldn’t call from my “real” number. This would create a permanent record with my cell provider, and hers. I could buy a burner, but I would have to be very careful not to create linkage between it and my real phone. A burner would also increase my investment by at least $25. Even searching for the device online was problematic. (Perhaps it shouldn’t have bothered me since I planned to blog about it). Even using a VPN there was some level of me that worried about creating a trail. My computer would be littered with records of my Craigslist searches. I could have asked a surrogate to make the purchase for me, but this created additional complications that I’ll not go into here.
With all of this considered, I decided to buy a new one from Wal-Mart, even though it would cost a bit more up front. I would still pay in cash. I would let the iPod “cook” for 30-60 days and be reasonably certain any security footage of me would be gone by the first time I turned the device on. So that is what I did. Before doing it I debated heavily on two strategies. The first strategy would involve me stopping at a Wal-Mart somewhere between two points (i.e. while driving from Seattle to Portland). The other strategy involved me driving an hour (or more) from a fixed point. The fixed point would be either my home or hotel at which I was staying for a week or two. I chose the latter (fixed point) option becasue it allowed me to leave my phone at the fixed point. This prevented cellular location data from placing me in the same location, and at the same date and time, as the purchase.
While I was on a trip for one of my trainings, I found a Wal-Mart about 45 minutes from my hotel. I purposely chose one that was not the closest. I left my phone at the hotel and drove out the the store. I paid cash for a 6th Generation iPod Touch with 16 GB of storage. Because this device will only serve as my “private iPod phone”, it will not contain photos, music, or anything else, so 16 GB should be more than sufficient. I also purchased a $20 iTunes gift card, the smallest denomination I could find. To download any apps I would need to fund the iTunes account for the device. Unlike Google Play, iTunes allows you to fund your account without providing a credit card – an important feature. Like the device, the gift card would also “cook” for 30-60 days because it, too, could be linked back to the purchase.
If my life depended on it, I probably would have purchased a Faraday bag and used it at this point. Since I am writing about this on a blog post, and since the device was powered off in the box I was not overly worried, so I sat it on top of the refrigerator. And then I played the waiting game. I actually ended up waiting 38 days before beginning to setup my private iPod phone. Thirty probably would’ve been plenty, but my schedule got in the way. Now that I had the device and it had cooked for a while, I had to set it up. The next article in this series will cover the first steps in the process of creating my ultra-secure and private iPod phone, so stay tuned!
†As the original article points out, an iPad will work equally well for this task, though it is more expensive and less portable. If you choose to use an iPad, ensure that it is not cellular-capable.
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.