This SIM Card Forces All of Your Mobile Data Through Tor

"This is about sticking a middle finger up to mobile filtering, mass surveillance."

|
Oct 22 2018, 4:40pm

Image: Shutterstock

We all are constantly on our phones, but maybe you want to visit that website or check that social media account without revealing more information on where you are.

Using the Tor anonymity network on a mobile phone, which would mask your IP address from the site you’re browsing, is fairly painless nowadays, with a connection being simply an app away. But that sort of software is typically designed for web browsing, and not for use with other apps such as Twitter, which still could leak your IP address.

With that in mind, one UK grassroots internet service provider is currently testing a data only SIM card that blocks any non-Tor traffic from leaving the phone at all, potentially providing a more robust way to use Tor while on the go.

“This is about sticking a middle finger up to mobile filtering, mass surveillance,” Gareth Llewelyn, founder of Brass Horn Communications, told Motherboard in an online chat. Brass Horn is a non-profit internet service provider with a focus on privacy and anti-surveillance services.

Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

Tor is a piece of software and a related network run by volunteers. When someone runs Tor on their computer or phone, it routes their traffic through multiple servers before reaching its final destination, such as a website. That way, the website owner can’t tell who is visiting; only that someone is connecting from Tor. The most common way people access Tor is with the Tor Browser Bundle on desktop, or with the Orbot app on Android.

But, in some cases, neither of these totally guarantee that all of your device’s traffic will be routed through Tor. If you’re using the Tor Browser Bundle on a laptop, and then go to use another piece of software, that app is probably not going to use Tor. The same might stand for Orbot running on older iterations of Android. Nathan Freitas, from The Guardian Project which maintains Orbot, said with newer versions of Android, you can lock down device traffic to only work if a specific VPN is activated, including Orbot’s.

This SIM card, however, is supposed to provide a more restricted solution in the event that other approaches don’t quite work.

“The key point is that it is a failsafe, if you don’t have Tor up then nothing can get to the internet,” Llewelyn said.

Brass Horn has previously offered customers a Tor-only service, but at the ISP level, designed to make it impossible for Brass Horn to keep any logs of a subscriber’s web browsing. This was largely in response to the UK’s recently passed mass surveillance legislation The Investigatory Powers Act, part of which compels ISPs to keep so-called internet connection records—browsing and usage data—of their customers for 12 months.

The new SIM card, which is still in a beta testing stage, takes that idea mobile. It requires some setup; users need to create a new access point name on their device—essentially so the device can connect to the new network—but Brass Horn provides some instructions to do this. The SIM also requires Orbot to be installed and running on the device itself, and it currently only works in the UK (Llewelyn provided Motherboard with one of the SIM cards for testing purposes; Motherboard confirmed that the SIM does transfer data).

“At a high level, I think a Tor-only SIM card is a great idea,” Freitas added. “If Facebook can sell SIM-cards that only connect to their approved 'Zero rated' sites, then why not have a privacy-oriented alternative that only allows Tor?”

“Technically, this is also the correct approach—don't auto-tunnel all connections through Tor, but instead ensure non-Tor traffic doesn't leak. Unfortunately, this would only provide that assurance on a mobile data connection, and not WiFi,” he added.

It won’t be for everyone—as Freitas also points out, some users may need to use some apps through a non-Tor connection (Twitter, for instance, could block a user connecting from Tor, mistaking it for suspicious activity). But for those who still want to mask their traffic, and essentially movements, while using data on the move, it may be useful.