1

I am aware that governments, organizations and hackers can do a plethora of things to your device (i.e. track your location, tap calls, etc.), but I can only assume that they can only do these things if they know for sure that the device they are tracking belongs to you.

Let's say that you bought a brand new Android/iPhone and a PC/Mac. At what point is that device irrevocably linked to you as a person? When you put in a sim? If you download Instagram and log-in? Logging in to the app/play store? Adding the contacts of your family/friends? At the very moment you buy it (if you pay with card)???

For the sake of simplicity, let's assume that the people trying to link you to your device are super hi-tech government/hacker with lots of cash.

Cobie Fisher
  • 135
  • 4

2 Answers2

3

Based on the PRISM disclosures, I think you're conceiving of it backwards. Powerful governments track the services you use, not the hardware. To them, it doesn't matter what device you used, only the account activity matters. The other things you mention like credit card activation can certainly be found out by a 3-letter investigation, but they don't (afaik) pre-collect that kind of info because they don't need it and it's easy to side-step by crooks.

Only if you enter into an active investigation (as opposed to broad surveillance) will device activity be actively captured, in the present and the future. This takes a higher legal standard than mass surveillance, which looks only at things done in the recent past. Non-US countries might have different policies of course.

While we don't have full details about how they actively track, it's safe to assume they would track any devices used by the account (skype/gmail/fb/apple/etc) they identified as belonging to you. I don't think their resources are finite so they don't really need to prioritize which phone you "use most"; they just monitor all of them. Later on in court they have to sort times and devices out for a jury, but I don't think that's what you're asking about.

dandavis
  • 2,658
  • 10
  • 16
  • Their resources are technically finite, as Schneier said; "they're not made of magic". But you are of course correct in that they do not have to prioritize between a few phones when doing targeted interception. – J.A.K. Aug 04 '18 at 20:17
2

In a normal investigation (opposed to a covert one which may use the NSA data), they simply contact the phone companies and get the info that way. They of course have to have some legitimate suspicions and will first contact a judge to get a warrant. At least, that's how this works in most Western countries.

For higher importance cases they may cross check with credit card information to see whether a pre-paid phone was purchase too, although I've not heard of such being done.

They can also get some information of your use of the Internet. Again, only if they had a warrant first and thus causes for suspicions. However, if you use HTTPS, they can't track much more than the websites you go to because all the rest of the data leaves your computer already encrypted (So they see the first connection to a known IP address and that's it.) Of course, on social websites, they may track your account there and befriend you and track your posts that way...

Alexis Wilke
  • 862
  • 5
  • 19