CELL PHONE COMPANIES
TOPICS BELOW
Privacy, Other Topics,
T-Mobile, AT&T,
T-Mobile Hacks, T-Mobile Home Internet
While SIM Swaps are probably the biggest danger when dealing with cellphone providers, there is also the issue of their wanting to spy on
you.
PRIVACY
- January 5, 2025: Data Privacy: Your Carrier Knows a Lot About You. Here's How to Take Back Control by Eli Blumenthal for CNET. The article has instructions for configuring better privacy for customers of ATT, T-Mobile and Verizon.
- November 21, 2024: I Don't Own a Cellphone. Can This Privacy-Focused Network Change That? by Joseph Cox of 404 Media. A small tech company called Cape has been selling a privacy-focused cellphone service to the U.S. military. Now Cape will be offering its product to high-risk members of the public. This service is only for people with extraordinary needs for privacy and it requires a dedicated phone. In the future, they will offer a service that can be used on any phone but will not have nearly the privacy protection of the current service. Cape is an MVNO (think Google Fi and Mint Mobile) that uses US Cellular's infrastructure.
- October 15, 2024: Data Privacy: Your Wireless Carrier Knows More Than You Think. Here's How to Take Back Control by Eli Blumenthal for CNET. All three major US wireless providers collect data, here is what they gather and how you can turn it off.
- AT&T: check your privacy settings by logging into your account and going to Profile followed by Privacy Choices. There are 4 configurable options.
- T-Mobile: log into your account -> My account -> Profile -> Privacy and notifications -> Privacy dashboard. There are 6 configurable options.
- Verizon: log in -> Account -> account overview -> edit profile and settings -> manage privacy settings. There are 7 configurable options.
- August 2022: Cell carrier privacy settings to change now by Tatum Hunter for the Washington Post. About how to stop the cellphone companies from targeting you for ads.
- Cellphone companies want to show you ads and sell your information. In March 2021, the tl;dr sec Newsletter published instructions for opting out for T-Mobile, Metro, Sprint, AT&T and Verizon. The instructions were based on this article: T-Mobile to Step Up Ad Targeting of Cellphone Customers by Drew FitzGerald for the Wall Street Journal (March 2021).
- Verizon ad targeting is now called Custom Experience Plus, it used to be called Verizon Selects. See Verizon Custom Experience programs FAQs from Verizon. To opt out on their website, go to Privacy preferences page and look for the Custom Experience and Custom Experience Plus sections. To opt out in the My Verizon app, go to "Edit Profile and Settings" -> Preferences -> Manage Privacy Settings. (as of Aug 2022)
- Verizon Wireless customers can review their marketing settings at vzw.com/myprivacy or by calling 800-333-9956. I suspect that most people will not want
their CPNI shared with Verizon "affiliates and agents".
December 2021: Verizon had a program called "Verizon Selects" where they spied on their customers. It has been renamed "Verizon Custom Experience" seemingly to let them spy on everyone who opted out of the first program. Details on how to opt out here: Verizon overrides users' opt-out preferences in push to collect browsing history by Jon Brodkin of Ars Technica. The best solution is to use a VPN which blocks Verizon from seeing anything.
- AT&T calls their ad targeting "relevant advertising" and "enhanced relevant advertising". You control this on their website at the cmpchoice page which has a section for both the regular and enhanced "relevant advertising". While on the page, also look for
the "Third Party Services" section where you can stop some data sharing. Finally, review the "External Marketing and Analytics Reports" section too. Here is a
screen shot of the relevant section of the AT&T website. (Verified Aug 2022)
- March 2023: Michael Bazzell, who focuses on privacy, recommends Mint Mobile because they let you open an account anonymously. They may not brag about this, but he has opened accounts with them using fake names and they do less verification of the information you provide than other cell carriers. They use the T-Mobile network and their prices are start at $15/month. Around March 2023, however, they were in the process of being purchased by T-Mobile, so things may change.
OTHER TOPICS top
- Free Trials: In the US, there are three cell phone networks and each one offers a free trial so you can test the coverage in the places you go. T-Mobile, Verizon offer it directly, for AT&T, you had (prior to October 2024) to test using their sub-contractor Cricket (see update below). In all cases you need an unlocked phone that supports an eSim. Start by downloading the app for whichever carrier you want to try. The trial periods differ: T-Mobile is 3 months, Verizon is 1 month and Cricket is 14 days.
October 22, 2024: AT&T Welcomes New Customers to Try Our Wireless Network for Free by Erin Scarborough of AT&T. The new free trial is called "Try AT&T" and it is for 30 days. No credit card is required. The trial creates a new eSIM on your phone and give you a temporary phone number. There is no change to either your current service provider or current phone number. During the trial you can switch back and forth between your current service and AT&T. When the trial ends you can delete the AT&T eSIM. The trial is only available to eSim compatible iPhones. Android support is expected sometime in 2025.
- The website istheservicedown.com offers realtime status of outages and problems. If you lose cell service in an area that should have it, maybe its your phone or maybe its the cell company. Verizon customers can track outages on their Verizon Wireless Outage Map. Here is a full list of the companies and services they track. It includes all three cell companies in the US.
- Verizon: "Email-to-text is the ability to send a text or image to any device via email. It is an email sent using your mobile number's email address (e.g. 5555555555@vtext.com or 5555555555@vzpix.com). The service is not intended for commercial or emergency purposes. It is intended for low-volume consumer use only." You can block email to text messages for a Verizon phone number by texting commands to 4040 as per: Manage email-to-text opt-in and opt-out from Verizon.
- Saving Money: We No Longer Need a Big Carrier’s Wireless Plan. Discount Ones Are the Way. by Brian Chen for the New York Times (November 15, 2023). Using an iPhone he tested Visible, Straight Talk and Cricket. He liked Visible the best, they are owned by Verizon. Data performance was consistent, initial setup using their app was the easiest,
and they were more transparent in billing. Note however, that the article is very wrong when it says you need at least 25 Mbps to stream Netflix and Hulu.
According to Netflix's own Internet connection speed recommendations Full High Definition (aka 1080p) needs 5 Mbps. Further proof that there is not one real computer nerd working for the New York Times.
T-MOBILE: ADVERTISING, PRIVACY and TRUST top
- October 23, 2024: 'I am still alive': Users say T-Mobile must pay for killing 'lifetime' price lock by Jon Brodkin for Ars Technical. T-Mobile promised users who bought certain mobile plans that it would never raise their prices for as long as they lived. This year, they raised the prices. Roughly 2,000 T-Mobile customers complained to the government. The FCC and FTC have both punished T-Mobile, in the past, for other kinds of violations, but both agencies declined to comment for this article. There is a pending class-action lawsuit. Turns out T-Mobile left themselves an out in the fine print (in the FAQ more specifically). Just last year (2023) they did something very similar. Some customers were told that they would be switched to a more expensive plan unless they called the company to opt out. The good part: "T-Mobile customer service reps were instructed to tell users, 'We are not raising the price of any of our plans; we are moving you to a newer plan with more benefits at a different cost'."
- April 6, 2024: T-Mobile's New AI 'Profiling' Privacy Toggle Is On By Default by Jman100 for The Mobile Report. Quoting: "A new toggle has shown up in the T-Mobile Privacy Center, and it appears to have first been spotted a month ago on Reddit. The toggle is for allowing 'automated profiling' of your user data to analyze and predict how a user might behave ... It's not clear exactly when the toggle showed up, but the option to disable it seems to be available now for all accounts." You can find all the Privacy related configuration options for T-Mobile in their Privacy Center Dashboard.
- August 2022: To opt out of T-Mobile’s ad business, in their app: More -> Advertising & Analytics -> turn off "Use My Data To Make Ads More Relevant To Me". To opt out on their website: My Account -> Profile -> Privacy and Notifications -> Advertising and Analytics -> turn off "Use My Data To Make Ads More Relevant To Me.".
- How to opt out of T-Mobile's creepy ad tracking campaign by Jason Cipriani for ZDnet. July 2022. The T-Mobile App Insights program collects information about the apps installed on a phone, how often they are used, the Wi-Fi networks the phone connects to and a web browsing history. You have to install a Magenta app on each device. Recommended even for non-customers of T-Mobile.
- T-Mobile to Share Customers' Web Browsing Data With Advertisers Unless They Opt Out by Michael Kan for PC Magazine (March 2021).
- T-Mobile to Step Up Ad Targeting of Cellphone Customers by Drew FitzGerald for the Wall Street Journal (March 2021).
AT&T top
- AT&T has a free security feature for wireless customers called "Wireless Account Lock" that disables 12 types of account changes.
See Learn about Wireless Account Lock Last updated: July 30, 2024.
The myAT&T app is the only way to enable/disable this feature. This is what gets disabled:
- Device changes: Device upgrades, SIM and eSIM swaps and changes, IMEI changes
- Line changes: Phone number changes, Transferring number to or from another wireless carrier
- Account and billing changes: Adding or removing wireless lines, Changes to authorized users,
Changes to billing info (account number, contact name, address, email, or billing responsibility)
- October 10, 2024: Using inside info, iPhone thieves arrive at your house right after FedEx by Jon Brodkin for Ars Technica. Two reasons are given for this. 1) AT&T typically does not require a signature on delivery, whereas Verizon and T-Mobile do. 2) The bad guys know where and when the phones are being delivered. How they get this information is not known, perhaps a company insider. In one case, FedEx trucks were tailed by bad guys just waiting for the new iPhones to be dropped off. The defense here is obvious, pick up your own AT&T phone.
- AT&T has behaved miserably in regard to a data breach they suffered in 2019. Simply put, the company is a lying weasel.
It took them almost five years to confirm that the stolen data actually belonged to them and to alert their customers.
And, they have said nothing about how the data was stolen. See
AT&T now says data breach
impacted 51 million customers by Bill Toulas of Bleeping Computer April 10, 2024
The article details how AT&T said as little about this as they could get away with.
In 2021 they told BleepingComputer that the data did not belong to them and that their systems had not been breached. In March 2024 they again told Bleeping Computer
that the data did not originate from them and their systems had not been breached. Then it was confirmed that the data did belong to AT&T (and DirectTV).
Only then, did AT&T come clean. They are facing multiple class-action lawsuits in the U.S.
T-MOBILE HACKS and DATA BREACHES top
It seems that T-Mobile has poor internal security. Between August 2018 and May 2023, the company suffered nine, count them, 9, data breaches. A reasonable person might chose to not use their services, just for this reason. Details below:
- October 9, 2024: FCC Fines T-Mobile $31.5 Million After Carrier Was Hacked 8 Times In 5 Years by Karl Bode for Tech Dirt. Quoting: "...T-Mobile gets hacked a lot. In fact, the company has been hacked eight times in the last five years, with several of the intrusions exposing the sensitive personal data of millions of T-Mobile customers. The last hack, revealed in a 2023 SEC filing, exposed the names, addresses, social security numbers, and other sensitive information of over 37 million T-Mobile subscribers. It took half a decade, but the FCC has finally taken action ... T-Mobile has agreed to pay $15.75 million to ramp up its security standards and practices (money it should have already spent on the issue), and another $15.75 million civil penalties to the U.S. Treasury."
- September 20, 2023: Not a hack, not a data breach, just an old-fashioned screw-up. T-Mobile users say other people's account information is appearing in their app by Jess Weatherbed for The Verge. T-Mobile admitted the error and claimed the bug was fixed quickly. This next article on the same topic says the mobile app problem has been ongoing for two weeks. It also has a good history of T-Mobile hacks/breaches: T-Mobile app glitch let users see other people's account
info by Sergiu Gatlan for Bleeping Computer.
- May 1, 2023: T-Mobile discloses 2nd data breach of 2023, this one leaking account PINs and more by Dan Goodin for Ars Technica. This was the second network intrusion this year for T-Mobile and the ninth since 2018. As for details, the hack affected 836 subscribers and lasted for just over a month.
- February 28, 2023: Hackers Claim They Breached T-Mobile More Than 100 Times in 2022 by Brian Krebs. Krebs came to this conclusion after researching Telegram chat logs from three different cybercrime groups that are known to be particularly active in "SIM-swapping". Each group periodically offers SIM-swapping services for other mobile phone providers too, but those solicitations appear far less frequently than T-Mobile swap offers.
- January 19, 2023: T-Mobile hacked to steal data of 37 million accounts in API data breach by Sergiu Gatlan for Bleeping Computer. Bad guys stole the personal information of 37 million current postpaid and prepaid customers. T-Mobile did not share how their API was exploited. The attacker started stealing data around November 25, 2022. The company first detected this on January 5, 2023.
Not stolen: driver's licenses or other government ID numbers, social security numbers, passwords/PINs, payment card information or other financial account info. Stolen: customer name, billing address, email, phone number, date of birth, T-Mobile account number and other account information. This article provided the breach history below.
- January 19, 2023: New T-Mobile Breach Affects 37 Million Accounts by Brian Krebs. Quoting: "Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach. The company pledged to spend $150 million of that money toward beefing up its own cybersecurity ... T-Mobile reported revenues of nearly $20 billion in the third quarter of 2022 alone. In that context, a few hundred million dollars every couple of years to make the class action lawyers go away is a drop in the bucket."
- April 22, 2022: T-Mobile confirms Lapsus$ hackers breached internal systems by Sergiu Gatlan for Bleeping Computer. They used stolen credentials.
- August 2021: T-Mobile CEO: Hacker brute-forced his way through our network by Sergiu Gatlan for Bleeping Computer. Data was stolen for an estimated 76 million customers. The attacker was quoted in the Wall Street Journal saying their security was miserable. The initial breach was of the testing environments. Stolen data: customer names, dates of birth, Social Security numbers and driver’s license/ID information on more than 40 million current, former or prospective customers who applied for credit with the company.
- April 12, 2022: T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. by Joseph Cox. After hackers stole data from T-Mobile in August 2021, T-Mobile hired a third-party firm that went undercover and bought exclusive access to the data. T-Mobile paid the bad guys $270,000.
- February 2021: T-Mobile discloses data breach after SIM swapping attacks by Sergiu Gatlan for Bleeping Computer. Attackers accessed an internal T-Mobile application without authorization. The number of effected customers is not known. The attackers were able to port numbers, but it is not known if they gained access to an employee's account or if they did it through the compromised users' accounts.
- December 30, 2020: T-Mobile data breach exposed phone numbers, call records by Lawrence Abrams for Bleeping Computer. Roughly 200,000 customers were impacted.
- March 5, 2020: T-Mobile Data Breach Exposes Customer's Personal, Financial Info by Lawrence Abrams for Bleeping Computer. A data breach was caused by an email vendor being hacked. That, in turn, exposed the personal and financial information for some T-Mobile customers. An unauthorized person was able to access the email accounts of some T-Mobile employees. Some of the hacked email accounts contained customer information such as social security numbers, financial information, government ID numbers and billing information. It is not known how many T-Mobile customers were affected or when the breach occurred.
- November 21, 2019: T-Mobile Discloses Data Breach Impacting Prepaid Customers by Sergiu Gatlan for Bleeping Computer. The number of impacted customers is "small". Exactly how many? T-Mobile did not say. Stolen data: customer name, billing address, phone number, account number and rate plan and features. Not stolen: credit card information, social security numbers, passwords.
At the time, the company said "We have a number of safeguards in place to protect your personal information from unauthorized access, use, or disclosure." History has shown they did not have enough safeguards.
- August 24, 2018: T-Mobile Detects and Stops Ongoing Security Breach by Catalin Cimpanu for Bleeping Computer. The breach affected roughly 3.9 million customers. Rather than say that, T-Mobile said it affected less than 3 percent of their customers. Sounds better that way. Stolen data: customer names, billing ZIP codes, phone numbers, email addresses, account numbers and other account information. Not stolen: passwords, social security numbers, financial information. The company said: "We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access." We now (January 2023) know this was bullshit.
This article was written in August 2021 and then revised in January 2023: Here’s what to do if you think you're affected by T-Mobile's latest data breach by Chris Velazco for the Washington Post. Change your password (duh). Change your PIN (another duh). Freeze your credit reports. Avoid relying on your phone number for proving your identity with a text message. Instead, use an authenticator app for two factor authorization. In other words, the article just rounds up the usual suspects. To me, the most interesting thing here were some reader comments about 2FA for T-Mobile. It seems the company does it wrong. While they do offer the use of an authenticator app, at the same time, they will also offer a text message. This should have been in the article.
T-MOBILE HOME INTERNET top
- T-Mobile Home Internet Was Great, Until My Service Died And the Company Could not Fix It by Brandon Hill (August 2022). A user experience, good at first, but then error "All PDN IP Connection Failure" could not be fixed and the reporter closed his account. This story led to a follow-up: Former Employee: T-Mobile Misleads Home Internet Customers by Brandon Hill (August 2022) which claims that T-Mobile does not have the technical expertise to fix some problems. Also, other customers had similar problems and the claim that the tower is being upgraded is a common lie told by customer support reps.
- T-Mobile's 5G Home Internet: I tried it, and it tried me
by Mitchell Clark for The Verge (Dec 2021). The reporter found that the service was not sufficiently reliable. The provided router (made by Nokia Solutions & Networks) almost always had a weak cellular signal. The app showed two bars of service, but this was not reliable as it showed two bars even during service outages. The setup instructions were poor. That said, "The thing about cellular internet, though, is that my experience won’t necessarily be the same as yours, even if you live a few blocks away from me."
Again, there is more on cellphone company security on the SIM Swaps page.