Somebody knows my imei

[Slug]

As this 'discussion' has now strayed beyond the confines of Android I'm moving it to The Lounge, where more general topics are appropriate.

 

[A.Nonymous]

When you say "lookup", which database are you interested in? Start there.

You said it was possible to use my IMEI and find out my SSN, address, phone number, etc... You made it out like this is something any stalker can do. I'm wanting to know how this is done. I'm honestly curious to run a search on my IMEI and see what information about me pops up.

No, of course not - not with data they don't need. If your bank asks you who you are meeting for dinner, don't trust them -- they don't need that information to be a custodian of your bank account. Again, the rule of least privilege trumps.

Sheer paranoia. If I'm doing business at the bank and the teller asks me what I'm doing that evening, I'm going to tell them. I guess I'm just to trusting.

It's mitigation of needless information disclosure. Submitting a needless information disclosure is not street wise - it's naive from an information security standpoint.

You're under the belief that all your information is extremely important. It's not. Some of your information is. Some isn't. Your address? Not important. I can look that up in the phone book. Same with your name. Same with your phone number. Your license plate? Also public information. The thing is this information is available about anyone in town so you have security through obscurity more than anything.

Except Google. Except your phone carrier. Except some other non-google apps that harvest the data, needlessly.

As pointed out earlier, Google has a good reason. Your carrier certainly does. Who says non-Google apps don't? Who makes that determination? Also, none of these places track you specifically. They track your phone. There's a big difference.

[quote[Of course they are. These are single user devices. They supply data to their single user, who produces data. This data is linked to the IMEI of the device. The device is associated to the IMEI.[/quote]

Exactly my point. The data is linked to the device. The data is not linked to a person. Huge difference.

Actually you are issued multiple different slave surveillance numbers potentially from one government and certainly from different other governments you have a relationship with. One SSN in the US, another number like an SSN in another country, just as you are issued one IMEI per device per person. Your point?

I only have one Social Security Number. It belongs only to me and it's for life. This is far different from your IMEI number. According to Google Dashboard I've had 5 of them in the past 1.5 years. Which one are you going to track me with? A couple of them don't belong to me any more.

Logs don't care whether you've died or not. A number can last till death, or it can last for a year, either way it's still a primary key linking you to data for a duration of time.

You are completely wrong because the IMEI can change tomorrow and Google has no clue. Will you address that point please? People change their phone all the time. Google will track you by your e-mail address long before they track you by your IMEI.

Of course there is varying degrees of uniqueness. The SSN 078-05-1120 is used by many. Uniquely issued, but this can be manipulated. MAC addresses are also uniquely issued - no two are the same. MAC addresses can be altered, but what's issued is unique. Anyone can decide to start using uniquely issued MAC addresses as a primary key, and collect whatever data they want under that key. Same for VINs. These are unique numbers, and can be utilized to reference the data of an individual person (even if it perverts the original intent). You're letting intent control how you view the number, instead of understanding how utilitarians are making use of it.

You have no presented any proof at all that Google is tracking ME by my IMEI. Since it's not practical to do so, I'd be interested in any evidence you've got that they're doing things the hard way instead of the easy way.

How do you figure "easier"? It depends on the context. It's far easier for google to harvest an IMEI from device they have code running on, than to surreptitiously harvest an SSN. With SSNs already the centerpiece of identity theft, it would be a stupid legal risk for Google, as opposed to simply re-purposing something else to creep in as their own kind of SSN.

Once again, your IMEI is not tied to you. It's tied to your phone. Big difference. Google tracks you by your email address which is unique to you, not your IMEI which can change hands all the time.

What part of the chain in the linked data are you having trouble accepting? We'll go from there.

You said that you can find someone's SSN from their IMEI. Ok. Prove it. Please show me some place where I can enter my IMEI and find my SSN. Please show me anywhere at all in fact where I can enter my IMEI and find out anything about me. You're saying that stalkers can use my IMEI to track me. Where are the easily available tools?

Actually what you're replying to is fact. It's verifiable. Paranoia is a mental state, not a defense for objecting to facts. The data is traceable, or it's not. Try not to rely on emotional arguments. Tell us why you think the traceability is absent, and we can go from there.

You state that you can track someone by IMEI. Logically, this makes no sense at all and is impractical at best. Yet you claim it's true. The scientific method would demand that you provide prove that this is true.

You're presuming you've found your target to begin with. In some cases that's the end game, and the most difficult bit of information to get. Online stalkers start with much less than your present location.

Fine. Let's say you are online stalking me. Go find my IMEI. I'll give you my permission to go locate my IMEI. You can post it here or PM and I'll confirm if it's true or not. There is no way you can find my IMEI and there is no way you can use my IMEI to find my SSN. You can't do it. Yeah, I said it.

The system is can be complex, but the adversary needs not be. One can break into a WEP-secured wifi AP without knowing the first detail about the system. The work has been done by others.. insiders, or skilled hackers, those with more patience.. you just need to be able to use whatever mechanism is made available to you. Or hire someone else to go through the "level 10 difficulty" process.

Why? Why? Why? Why would I spend thousands and thousands of dollars to hire someone to hack a Google database and commit all kinds of criminal fraud just to get an IMEI which is incredibly difficult to tie to one person when there are far easier ways to do things?

Frequency is only part of a threat assessment measurement. I might have a higher frequency for spilling coffee, that doesn't make it a greater damage. Getting hit by a train is pretty damaging, even though the probability is low. I'll favor 100 coffee spills over one single train hit.

There is a greater chance of a train hitting you than someone tracking you with your IMEI. Let's be honest here.

Not sure where you get "extreme" concern from. Should you lose sleep over it? No. But should you be foolish enough to needlessly disclose a unique number to all apps that ask, linking a significant portion of your social life to a number, of course not. It's just being street wise- just like you don't sign your messages on this forum with your real name and SSN.

It's not a unique number. That's all I'm saying. It changes every time you change your phone.

Now you're using appeal to probability logic, and failing to balance cost with risk. You can use this flawed logic to justify any number of security-naive choices.

Risk of you having your SSN stolen because someone got your IMEI and linked the two of them? Extremely close to zero.

Someone who has pics of you drunk and nude while harassing someone posts them publicly with the caption "model employee of XYZ employer", and it gets a big spotlight. Perfectly legal, as is the termination of your job that follows.. yet quite damaging.

Not sure where they're going to get those pics from getting my IMEI.

 

[Dark Jedi]

Thats not an angry ex. Thats a psychopath. I would be far more worried whatelse shes capable of doing if she will copy your phones IMEI number. Like breaking in to your house and cutting your throat or run you down with her car. What ya do cheat on her? Sounds like she has some real issues and if your that worried about her a restraining order might be a good idea. I wouldnt worry about her knowing that number.

 

[TxGoat]

Is it true that crazy GFs are wild in bed....and steal IMEI numbers?

 

[9to5cynic]

You could create a database of people who are in a particular political party, using the IMEI as a key (harmless in itself). Someone else could make a database of employees using IMEI as a primary key (again, harmless in itself). Someone could then put the two databases together (buy, sell, trade them), and in aggregate decide who to let go when it comes time to do layoffs. It doesn't take much imagination to realize how far data collection and aggregation goes when the same primary key becomes a part of multiple databases.

Personally, I think it'd be *way* easier for any of those agencies to just assign some dummy PK. That's what I've done in *every* database I've ever worked on. And how would a political party get the IMEI? And who really cares if my employer gets my IMEI in a database, because the only way they'd do that is if it was a work phone. Not associated with the personal me, just at that place of employment....

I'm a bit lost with that...

I can see all y'all's IP addresses. Be afraid.

So, you see me bouncing all around the globe then...What's that, on your street stealing wifi?!!?

Thats not an angry ex. Thats a psychopath. I would be far more worried whatelse shes capable of doing if she will copy your phones IMEI number. Like breaking in to your house and cutting your throat or run you down with her car. What ya do cheat on her? Sounds like she has some real issues and if your that worried about her a restraining order might be a good idea. I wouldnt worry about her knowing that number.

 

[alostpacket]

I can see all y'all's IP addresses. Be afraid.

Yes but we know your wife's AF username!

 

[mikedt]

I see this has suddenly become a tinfoil hat thread.

 

[A.Nonymous]

I see this has suddenly become a tinfoil hat thread.

Suddenly?

 

[mikedt]

Suddenly?

Yes, as of the 10th November, with LibCivil's conspiracy stuff. I think the OP's question seemed reasonable though. I also see that every other IMEI related thread that LibCivil was posting to has now been locked.