Most people in the United States—and increasingly, around the world—carry the most sophisticated surveillance devices ever created in their pockets day in and day out. Although smartphones have enabled governments and corporations to track our movements and monitor our conversations with unprecedented ease, these devices are also an incredibly useful personal tool and have become an indispensable part of modern life.
It’s a crappy trade off, but evidently one that most of us seem OK with. But Denver Gingerich, a programmer based in New York City, doesn’t see why we can’t have our smartphones and our privacy, too.
For the past few years, Gingerich has been laying the groundwork for Sopranica, an open source, DIY cell network that allows smartphone owners to make calls, send texts and eventually browse the internet with total anonymity.
In January, Gingerich published the code for the first part of Sopranica called JMP. This is essentially a way of using a secure instant messaging protocol called XMPP, better known as Jabber, to communicate over voice and text from an anonymous phone number. JMP is the first phase of the Sopranica network.
The next phase—called WOM—will create the physical infrastructure for the cell network with a community radio network. This will essentially involve people hosting small, inexpensive radio devices in their home that plug into their routers to provide internet access points to Sopranica users in the area.
In October, Gingerich presented the first part of his plan for Sopranica at Radical Networks, an annual conference celebrating creative and subversive approaches to the Internet. Gingerich said that he and 15 others have been collaborating in a chatroom to continue developing the network since its initial launch earlier this year.
After hearing about Sopranica during this presentation, I was eager to sign up for the cell network and give it a try.
Getting set up with JMP is easy. First, you need to create a free and anonymous Jabber ID, which is like an email address. I had already created a Jabber ID with the Chaos Computer Club (a German hacking group), but there are a lot of other servers you can register with as well. The only difference will be the web address in your Jabber ID will be different—for example, email@example.com or firstname.lastname@example.org.
Next, you need to install a Jabber app on your phone. I use Android and opted for Xabber, but again, there are plenty of options to choose from (Conversations is a good choice if you want to use Sopranica for picture messaging, for instance). You’ll also need to install a Session Initiation Protocol (SIP) app, which allows your phone to make calls and send texts over the internet instead of the regular cellular network. For Android users, the best choice is probably CSipSimple and for iPhones your best bet is Linphone.
Finally, it’s time to get your phone number. If you navigate to Sopranica’s JMP website, there is a list of numbers at the bottom. These phone numbers are generated by Sopranica’s Voice Over IP (VOIP) provider which provides talk and text services over the internet. Click whichever number you want to be your new number on the Sopranica network and enter your Jabber ID. A confirmation code should be sent to your phone and will appear in your Jabber app.
Once you’ve entered this code, you’re ready to use your new, anonymous number. To do this, use your SIP app and send a text or dial a number just like you would otherwise. This communication will be made through your new Sopranica number, rather than whichever cell carrier you normally use.
In many ways, JMP is kind of like getting a free VOIP number with Google Voice and then using that number to register for an account on the encrypted messaging platform Signal.
The downside of this, of course, is that the VOIP number you get from Google is registered under your name with Google, so even if the people who you communicate with using that number can’t trace it to you, Google can. On the other hand, all aspects of JMP are anonymous—neither the Jabber ID nor the JMP phone number require identifying information to register.
Once I had set up JMP on my phone, the first thing I did was use it to call Gingerich to learn more about how Sopranica works and about his plans for the network’s future.
Motherboard: What’s the simplest way to describe Sopranica?
Denver Gingerich: Sopranica is a project intended to replace all aspects of the existing cell phone network with their freedom-respecting equivalents. Taking out all the baseband firmware on the cellphone, the towers that track your location, the payment methods that track who you are and who owns the number, and replacing it so we can have the same functionality without having to give up all the privacy that we have to give up right now. At a high level, it’s about running community networks instead of having companies control the cell towers that we connect to.
How does JMP protect against surveillance?
A conventional way of tracking people is with their phone numbers. So the government can—maybe with a warrant, maybe they don't need one—ask the cell carrier to tell them where the person who has this phone number happens to be right now. If you're communicating with someone using your JMP number, your cell carrier doesn't actually know what your JMP number is because that's going over data and it's encrypted. So they don't know that that communication is happening.
Does JMP only work on the cellular network?
You can use JMP today without using a cell carrier at all if you're fine using your phone and texting when you're in range of Wi-Fi and get rid of all that tracking. For some people that would be fine, they spend most of their time at home or work. But other people that are out a lot more that might not work as well for them. That's why we have this WOM component that would give you that service even when you're not near Wi-Fi.
At Radical Networks, you described WOM gateways as the physical infrastructure for the Sopranica network. So these are essentially cell towers that provide access to the internet for people using the Sopranica network?
Hosting a WOM gateway would just be buying a radio device and plugging it into your router. Ideally you'd position this radio somewhere where it can see a lot of the outside. Hopefully on the exterior of whatever building you’re in, but if not then by a window or something. You could operate it as a repeater if you wanted to, in which case you wouldn't have to plug it into your router, but ideally you'd plug it into your router so that it would be able to provide that internet connection to people who connect to the WOM node, which would then be a gateway.
But you’d also want people on the Sopranica network to mesh between their phones to route data locally, too?
The idea is to have a lot of infrastructure that is fixed, but also having mesh in the phones themselves so that we can extend the range when possible.
Do these radio units for WOM nodes exist yet?
Right now it's just local and a few prototypes at this point. We don't really have all the protocols we'll be using long term all solidified yet. I’ve been doing testing on two radios. They are fairly simple boards with an Arduino chip and a 900 MHz (radio) chip. They also have this nice antenna connector so you can get some decent range on them.
Once you’re done testing these units, how much do you anticipate them costing if someone wanted to buy one and run a Sopranica node?
It would be less than $100.
If total strangers are connecting to Sopranica WOM access points through people’s personal routers at home, won’t that also make them vulnerable to network attacks on their personal home network?
That is a concern. There are a few ways that we're looking into solving that. That's partly why the protocol stack isn't solidified yet. One of the major ways that we're considering doing that is through Cjdns. That kind of provides a layer on top of IP that allows you to communicate with trusted neighbors and encrypting your data in that way. Ideally, forcing people onto Cjdns so that they can't see anything outside of this.
You also spoke a bit at Radical Networks about developing SIM cards specifically for the Sopranica network. How’s that going?
I've read a lot of information about how to program a SIM card, but a lot of it is kind of gated on having access to certain keys you'd only get from your carrier. So until I find someone who knows a lot about how to do this, it's the sort of thing where it's hard to make a lot of progress. The main option I would see for this is either becoming a MVNO (mobile virtual network operator) to issue your own SIM cards with your own information and keys on them. The other aspect would be to try to use a little thin strip that has some electronics on it that you literally stick onto your SIM card and it intercepts a lot of the stuff going on between your SIM card and your phone.
Besides finalizing the protocols for the WOM nodes, what’s the biggest challenge for Sopranica going forward?
Getting people to be motivated to switch away from their existing cell carriers. I think it will be hard to convince average people to move away from the cell carriers they're using until WOM is at a fairly mature point. A big part of it is because the cell carriers have significant coverage and substantial bandwidth. That's one of the long term things that will be tricky for Sopranica generally: competing with the multi-megabit speeds of most carriers.