{"id":51037950,"url":"https://github.com/pablo-chacon/camo","last_synced_at":"2026-06-22T08:01:42.759Z","repository":{"id":365315039,"uuid":"1270566628","full_name":"pablo-chacon/camo","owner":"pablo-chacon","description":"Decentralized onion routing at the cellular radio layer via private APN infrastructure","archived":false,"fork":false,"pushed_at":"2026-06-16T19:39:41.000Z","size":59,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-16T21:21:55.885Z","etag":null,"topics":["anonymization","apn","cellular","distrubted-systems","go","gsm","infosec","m2m-protocol","mobile-privacy","onion","privacy","protocol","proxy-chain","telecommunications","tor","wireguard"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pablo-chacon.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-15T20:55:53.000Z","updated_at":"2026-06-16T19:39:45.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pablo-chacon/camo","commit_stats":null,"previous_names":["pablo-chacon/camo"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/pablo-chacon/camo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablo-chacon%2Fcamo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablo-chacon%2Fcamo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablo-chacon%2Fcamo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablo-chacon%2Fcamo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pablo-chacon","download_url":"https://codeload.github.com/pablo-chacon/camo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pablo-chacon%2Fcamo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34639715,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-22T02:00:06.391Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymization","apn","cellular","distrubted-systems","go","gsm","infosec","m2m-protocol","mobile-privacy","onion","privacy","protocol","proxy-chain","telecommunications","tor","wireguard"],"created_at":"2026-06-22T08:01:41.896Z","updated_at":"2026-06-22T08:01:42.752Z","avatar_url":"https://github.com/pablo-chacon.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CAMO\n### Cellular Anonymization and Mobile Onion-routing\n\nA discovery: standard GSM and IoT industry infrastructure, composed in a specific architecture, produces onion routing at the cellular radio layer.\n\n**Author:** Pablo Chacon  \n**Status:** Specification complete — reference implementation v0.1  \n**License:** CC BY 4.0\n\n---\n\n## The discovery\n\nThis protocol was not designed toward a known goal. It was found by following a chain of reasoning through GSM signaling architecture — from how carriers route calls, to how forwarding chains produce partial visibility at each node, to how M2M private APNs create jurisdictional breaks, to how these properties compose into a distributed anonymization network.\n\nThe result: GSM call forwarding, private APN routing, M2M eSIM pools, and WireGuard inter-node encryption, assembled into a permissionless distributed network, produce onion routing at the cellular radio layer. No single node has visibility of both origin and destination. The carrier is reduced to a radio access substrate.\n\nNone of the components are new:\n\n| Component | Standard / Product | Age |\n|---|---|---|\n| GSM call forwarding | ITU-T / 3GPP | 1987 |\n| Private APN routing | Standard M2M carrier product | ~2000s |\n| GTP-U tunneling | 3GPP TS 29.281 | GSM era |\n| M2M eSIM provisioning | GSMA SGP.02 | 2016 |\n| WireGuard | Linux kernel 5.6+ | 2017 |\n| Signed gossip protocol | Distributed systems standard | — |\n\nCAMO is the recognition that these components, composed in a specific way, produce mobile onion routing as an emergent property — and the formal specification of that architecture so anyone can implement it.\n\n---\n\n## Why this matters\n\nExisting anonymization networks, including Tor, operate above the cellular radio layer. They protect data content and IP routing. They do not address what the carrier sees: IMSI, IMEI, physical location, and traffic metadata — regardless of what software runs on the device.\n\nCAMO closes that gap. The carrier provides radio access and nothing more. Routing, encryption, chain topology, and node discovery are defined by the protocol, independent of carrier infrastructure.\n\nThe two are complementary. Tor protects the IP layer. CAMO protects the radio layer. Running both covers the full stack.\n\n---\n\n## The enforcement-resistance property\n\nCAMO is built exclusively from infrastructure the global carrier and IoT industry already operates and depends on commercially:\n\n- Private APNs are standard enterprise products sold for IoT fleet management\n- M2M eSIM remote provisioning is a GSMA standard deployed at scale globally\n- GTP-U tunneling is how mobile data has functioned for decades\n- WireGuard is in the Linux kernel\n\nDisabling CAMO requires disabling these components. Disabling these components collapses enterprise IoT, M2M carrier infrastructure, and the mobile data layer itself.\n\nThis enforcement-resistance is not a feature that was engineered. It is a structural consequence of what CAMO is made from.\n\n---\n\n## How it works\n\n```\nDevice (any SIM + APN config pointing at entry server)\n  → Carrier (radio access only — sees encrypted tunnel, nothing beyond)\n    → Entry distribution server\n      → WireGuard tunnel → Middle hop(s)\n        → WireGuard tunnel → Exit node\n          → Destination\n```\n\nEach distribution server sees only its adjacent hops. Chains rotate every 10 minutes. eSIM pools at each server rotate independently on a non-synchronized timer. No stable identifier exists at any layer across rotation cycles.\n\nAnyone can run a distribution server. No registration. No permission. No fee.\n\n---\n\n## Repository structure\n\n```\ncamo/\n├── README.md\n├── LICENSE                           — CC BY 4.0\n├── LEGAL.md                          — legal considerations\n│\n├── docs/\n│   ├── mobile_onion_routing_spec.md  — protocol specification v0.1\n│   ├── gsm_routing_chains.md         — foundational architecture analysis\n│   ├── gsm_protocol_ss7.md           — GSM and SS7 background\n│   └── gsm_threats_legislation.md    — threat landscape and legislation\n│\n├── camo-gossip/                      — node discovery (signed gossip protocol)\n├── camo-circuit/                     — circuit construction and rotation\n├── camo-apncore/                     — APN core interface adapter\n├── camo-simpool/                     — eSIM pool management\n├── camo-wireguard/                   — WireGuard peer lifecycle\n│\n└── deploy/\n    ├── docker-compose.yml            — single-node reference deployment\n    ├── Dockerfile.go                 — shared build image\n    └── config.example                — annotated configuration examples\n```\n\n---\n\n## Specification\n\n| Document | Description |\n|---|---|\n| [Protocol Specification](https://github.com/pablo-chacon/camo/blob/main/docs/mobile_onion_routing_spec.md) | Complete protocol — architecture, data structures, interface contracts, threat model |\n| [GSM Routing Chains](https://github.com/pablo-chacon/camo/blob/main/docs/gsm/gsm_routing_chains.md) | Foundational analysis — forwarding chains, M2M breaks, defensive stack |\n| [Protocol \u0026 SS7](https://github.com/pablo-chacon/camo/blob/main/docs/gsm/gsm_protocol_ss7.md) | Technical background — USSD/MMI, SS7 architecture, SIM Toolkit |\n| [Threats \u0026 Legislation](https://github.com/pablo-chacon/camo/blob/main/docs/gsm/gsm_threats_legislation.md) | Threat landscape — SS7 attacks, IMSI catchers, legislative context |\n\n---\n\n## Running a node\n\nFull requirements in Section 13 of the specification. In brief:\n\n- Linux server, kernel 5.6+, public IP\n- Docker or Kubernetes\n- M2M carrier agreement with private APN routing to your server IP\n- Pool of M2M eSIM cards (minimum 8, recommended 24+)\n\n```\ndocker compose -f deploy/docker-compose.yml up \n```\nor\n\n```\ncd deploy \u0026\u0026 docker compose up\n```\n\nNo registration. No fee. No central authority.\n\n---\n\n## Design principles\n\n- **Permissionless** — anyone can run a node\n- **No central authority** — no single point whose unavailability affects the network\n- **Implementation agnostic** — the spec defines interfaces, not software\n- **Free** — no payment mechanism, no token, no fee at the protocol level\n- **Built from standards** — every component is an existing industry standard or open protocol\n- **Honest** — the threat model documents limitations as clearly as protections\n\n---\n\n## Related work\n\n- [Tor Project](https://torproject.org) — foundational onion routing; CAMO complements Tor at the radio layer\n- [Open5GS](https://open5gs.org) — open source 4G/5G core, one compliant APN core option\n- [free5GC](https://free5gc.org) — Go-based 5G core, Kubernetes-native\n- [WireGuard](https://wireguard.com) — inter-node encryption\n\n---\n\n## Citation\n\n```\nChacon, P. (2026). CAMO: Cellular Anonymization and Mobile Onion-routing.\nProtocol Specification v0.1. https://github.com/pablo-chacon/camo/\nLicense: CC BY 4.0\n```\n\n---\n\n**Contact**: [pablo-chacon-ai@proton.me](pablo-chacon-ai@proton.me)\n\n*Pablo Chacon — June 2026*\n\n---\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpablo-chacon%2Fcamo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpablo-chacon%2Fcamo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpablo-chacon%2Fcamo/lists"}