When I was working at EFF, I started writing (but never finished) a couple of essays along the lines of "the degree of trackability of mobile phones is an unfortunate accident, and we should fix it".
It basically comes from routing requirements (especially to receive incoming phone calls) combined with billing requirements (to make people pay for their connectivity) combined with the empirical requirement to see which base station a device is connected to, and which other base stations can see it at a given moment.
If you aggregate all of that data, then you know a (geographically moderate-resolution) complete history of where almost all people have been at almost all times, and patterns of their habits and whom they probably recurrently spent time with.
Not all of this data has to be collectable, because these things could be disaggregated by introducing different protocol layers. For example, you could pay the mobile company for data connectivity, but use cryptographic blinding mechanisms so that it doesn't know which specific subscriber obtained connectivity at a particular place and time. (Those blinding mechanisms could be implemented inside of SIM cards, so the SIM card's task is to cryptographically prove "I am a SIM card of a current paying subscriber of carrier X" rather than "I am SIM card number 42d1b5c0".) You could have device hardware IDs be ephemeral rather than permanent. Actual messaging and call services could all be "over the top" (as phone industry jargon puts it), provided by people who are not the phone company itself.
This disaggregation is a straightforward improvement from a privacy point of view because it prevents companies from knowing things about you that they didn't need to know in order to provide services.
Meanwhile, in the world we live in, we see governments trying to make it harder to make phones less trackable, by putting legal restrictions on changing hardware addresses, or requiring legal ID in order to establish service. I imagine that an additional cryptographic indirection layer in SIMs to prevent carriers from linking a permanent identifier to a network registration (or specific data use) would also be banned in some places if it were invented.
This shouldn't be inevitable. One thing that made me think about this was when there was a little scandal (which I was a small part of) about companies tracking device wifi MAC addresses for commercial purposes. There was a little industry that would try to recognize people and build commercial profiles based on recognizing that the same device was present (in fact, at the time, even if it didn't actually connect to the wifi -- because a typical wifi-enabled mobile device was sending broadcast wifi probe packets that included its MAC address). So Apple was like "this is a bad use of MAC addresses, which only exist to distinguish devices that happen to be on the LAN at the same time, and perhaps to allow network administrators to assign permanent IP addresses to specific devices", and they made iPhones randomize wifi MAC addresses for some purposes, mostly fixing that particular issue.
We could think just the same way about GSM networks: "these identifiers exist for specific protocol reasons; using them for device or user tracking is an abuse that should be mitigated technically".
I absolutely understand the sentiment and the goals that citizens should, by default, not be tracked. However, how do you square that with the proof, time and again, that truly secure and encrypted networks are primarily use by criminals (drug/human traffickers, and plenty of other people) who, through their trade, make the world a shittier place for the rest of us?
If we accept that the right to privacy is real, that not being followed, watched, and monitored every hour of my life, is something democratic societies should strive for:
I have no technical knowledge about these, and being cryptocurrency related there will be lots of exasperated huffs, but there are a couple of alternative mobile network related projects: World Mobile and Helium.
World Mobile claims 99% coverage of the US, although I think it uses existing networks where there's no native coverage.
They're "interesting", but only early days, and I don't know how close they come to what you describe for privacy and opposition to data aggregation. Large-geographic-area comms coverage isn't something that there's ever going to be a lot of options for.
I was imagining mobile operators that cooperated to some extent with the changes I was proposing, or at least didn't obstruct them. If it's using existing GSM protocols, the IMEI would have to be rotated frequently (and it's not that obvious how to do that without making the connection between the old IMEI and the new IMEI apparent), and the SIM technology would have to change. (What it's trying to prove in a privacy-friendly communications system is more like subscriber entitlement, not subscriber identity!)
There's also the "netheads and Bellheads" theory from the 1990s which can be taken to say that phone companies would never make technical changes to make themselves collect less data, or to be less helpful to government surveillance. Sometimes I think this is right. I still remember how I took part in a meeting with a mobile phone industry association or industry consortium of some sort about a year before the Snowden stuff. Someone on my side said "so, let's talk a bit about surveillance issues", and someone on the other side replied "sorry, that's something we don't talk about". Imagine an industry meeting with privacy advocates where the industry people are completely precommitted to not talking about surveillance!
Did you ever get to the point of hypothesizing good ways to align incentives to make this happen? It is hard to tell (having not thought much about it) whether this is a “smart well meaning engineers need to make new standards” problem, a “we need to harness the power of corporate greed problem,” or something else.
I seem to remember a discussion here on HN a few years back about a paper which outlined ways to decouple technical identifiers from personal identifiers on mobile networks.
My memory is a bit hazy but maybe it was the whitepaper for PGPP[0] that OP mentioned?
One thing I didn't see covered is to never have your "real phone" and your "burner phone" on you (or in the same location) at the same time while powered.
Easy enough to say "Gee...these 2 phones are always together or nearby when activated" or "this phone shuts off right before this one powers up".
Although, I suspect there are a few other ways to determine identity easier. Such as tracking the device identifier and then looking up nearby public facing cameras.
Also, never power up or down, or switch in or out of airplane mode on your burner while at home (or work). Cellular network disconnection and connection events are rare and hence notable.
I am not sure I agree with this. I don't think that running out of battery or rebooting a phone is that rare.
But more importantly, if these events are noticeable and Alice does what you suggest she is probably going to highlight her location. Especially if she naively waits till she is 15 minutes from home to switch her burner on. Over time there will be a circle around her house of no burner phone network attach events.
So many online services use the proximity of phones to determine things like related persons and related accounts. Facebook is notorious for this. In one building I lived at Facebook would constantly show me the names of everyone coming in and out as "You might know this person" even though I had no idea who they were.
I have no idea how this isn’t illegal. I’ve experienced the same horrifying loss of anonymity before. People I met long ago and definitely do not want knowing my real name showing up as Instagram suggested friends.
"If you're going to keep your phone in a bag of potato chips, then keep your phone in a bag of potato chips" --Terminator: Dark Fate (2019) Carl the T800.
If you need to communicate with people in your area and not be tracked; MeshCore software with LoRa hardware like the this https://lilygo.cc/en-ca/products/t-lora-pager is something to consider. Text only, completely offline
Yes!!! I've been wanting to make something like this for a long time. But unless the firmware is open source I wouldn't trust this for anything secure. But this looks like a dev kit so I can do whatever I want.
I’ve tried them on snowmobile trails. With the vegetation the range was about a mile.
Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.
Range is line of sight. If you can see it, even if 100 miles away, odds are it'll work. Seattle area has one of the better networks for MeshCore. Tacoma to Vancouver BC is the range for semi reliable messaging
Yes you can get decent reception inside buildings. It operates in the 915mhz band. Similar frequencies to old school pagers. Lora is an interesting RF protocol, it has really good properties for operating below the noise floor.
If you need to do this then start by figuring out why you need to do it, and adjust your approach too your threat model.
Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.
Turning on any sort of radio transmitter is just turning on a big flash light into the sky.
Turning on anything relatively uncommon is even worse: normal people have cellphones and use them. They don't use LoRa devices, there aren't a lot of LoRa devices and someone who only uses LoRa devices will stand out in any dataset.
> Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.
How many cameras did you just go by? did you have your cell phone on you? how many networks did it connect too? how many bluetooth broadcasts did it passively send out? Not being tracked and being in public are slowly becoming an untenable duo.
In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Unless you bought a pixel, graphene’d it and then paid a homeless person to activate a pre-paid data only sim which you would top up with vouchers paid in cash and used a von and international voip service…
Silent link esims are quite good for getting your phone to work on any country or network. I have one, not for privacy but more for better phone coverage and it works pretty well. No ID and you pay in crypto - btc/monero etc. (https://silent.link/)
For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
Not from the UK but in Germany we have the same issue where there is T-Mobile (best coverage), Vodafone (good coverage) and o2 (worst coverage) and there are simply some remote areas where anything but T-Mobile doesn’t have coverage.
And the easy answer is that T-Mobile, or rather the parent Telekom, is a terrible company best known for right now for getting the government to agree that they can cancel your existing internet contract to make switching easier when they want to catch you as a fiber customer but actually all they’re doing is sending a marketing company around Germany (Raider Marketing) to lie to your grandma to sign contracts for the Telekom or just cancel your existing internet contract because they think with a bit of pressure they can get you to sign up with them.
Alternatively, they are also known for the worst peering on existence because they have the crazy idea that they can charge tenfold what other ISPs take for peering because they are the Telekom…
In summary, the Telekom is such a terrible company that I’d rather not give them any money and if I needed T-Mobile coverage I’d rather get a foreign eSIM and rely on roaming than giving them a single cent.
I'm happy to give them (telekom) money because their service works. Vodafone was constantly inferior in my experiences (dsl vs cable as well as their mobile networks). At least i don't have to call vodafone every month like my neighbors do when the internet is down, worth every penny.
And yet realistically you also probably don't turn it on except when you're within about 50 miles of your home.
And this is while you're flagging yourself heavily by (1) using a phone which is easily identified as a burner and (2) using it intermittently which means you're trying not to be tracked.
So you've already substantially identified yourself in any dataset.
I'm not sure how many people would get any use out of a burner phone that they need to be 50 miles away from home top use?
One of my hobbies is Recreational Paranoia. I used to have (probably still do in a drawer here somewhere) a 3G WiFi hotspot, with an Arduino and GPS module that powered down the battery within a few km of home (actually, within a few km of a public library that's a few km from home, so plotting all the power up & down locations would centre on the library not my house). I could then leave home with that in my backpack and instead of my phone take a wifi only device - I mostly used an iPod Touch but also sometimes Android tablets. I wouldn't get actual phone calls sir SMS that way, but those are both rare for me, most of my social comms are via Signal which worked just fine.
I figure wifi cellular hotspots are "not easily identified as a burner phone" and that intermittent use of them is the most common case. It would still have been able to be tracked as being a thing that turned on and off in my surrounding suburbs, and I'm sure I slipped up last least a few times and had it with me while I also had my phone with me - but like I said this was for my hobby, not running an international drug cartel or doing journalism critical of Saudi Royal houses...
> In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Buying prepaid SIMs from tourists or foreign students returning home is a reasonable easy workaround for that - at least if you're the sort of person who meets and befriends those sort of people.
True on the Government ID document but most of the times the portal to activate would allow for any sort of numbers as long as it was in a proper format - whether or not it was valid.
These allow for self activation, have a lockout of 5 failed attempts or so and can be done via sim card codes (not SMS, but you interact with a program on the simcard and low level carrier services.)
> which means burners do not really exist in those places.
This is very wrong. In Germany you can go to any shady kiosk in a big city and buy a pre activated SIM card invariably registered to some Arabic or Pakistani name.
You can buy it in cash. Completely untraceable if you take care of CCTV.
Once they know to look for you, sure, which is why you use a disposable phone and actually dispose of it before anyone has a reason to look for that specific one. That’s literally the whole point.
They might go an ask Achmed some hard questions later, but he’s long since left the country and never met you anyway.
I was surprised when a SIM I purchased on Amazon was not only able to connect in China but was also able to bypass the great firewall. I wonder how these travel sims get round the government regulations.
It's how data roaming works in general -- it's tunneled through to the SIM's home provider. Conversely, a Chinese SIM roaming overseas is still subject to the Great Firewall.
They bypass the firewall precisely because they're roaming SIMs. Their internet connection goes through the home operator.
I imagine they simply don't allow selling such SIMs in China. It would be extremely easy to track and flag any that were e.g. used for longer than a few weeks.
It's because the government regulations only apply to Chinese citizens. My first trip to China was back in the '00s, and I went for work. I was also surprised to find that my home SIM worked just fine there without any interference from the Great Firewall.
Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!
So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.
They just don't enforce the exact same restrictions on roaming users. I suppose there are risks of tourists spilling the beans, so to speak, they just don't view that as a severe unmitigated risk.
When you ROAM, you traffic abroad is routed to your home country ( for security reasons among other things) and then off to the internet from there. You can check that your public IP, when roaming, is an IP from your cellco.....unsure if there are any changes with 5G though.
You are not bypassing any firewall as your traffic is actually happening at home. If you access local sites, traffic is coming from home.
Not home country, home PLMN(~=carrier). IIRC there were changes in 4G/LTE that lets the GW be at visiting carriers.
I'm suspecting that that post-4G architecture is just formalization of actual commercial deployment. Latency for roaming data was long inconsistent with the 3G diagrams, and exorbitant roaming fees that would be consistent with the diagrams also started rapidly subsiding from late 3G era.
It doesn't specifically help with obtaining a SIM without presenting ID, but it does help make it easier to avoid later leaking your true identity to Google/Apple/etc. once you start using the phone.
Cash is likely tracked too these days, if you get it from an ATM for sure, or maybe it is for some modern tills. So learn to busk before you think about buying a burner phone.
Step one is already difficult here in Australia: to do so you must hand over your personal details and ID. At least that was true for anything with a SIM card for sale back in the 2010s
So the “step 0” was “find a retailer who didn’t follow the rules”, and they’d usually be a corner store selling handsets or SIM cards by the bucket load to all sorts of interesting characters
This was already the case in Australia as early as 2003. I distinctly remember being shocked that I had to provide ID when I bought a phone from a store for the first time.
Are satellite phones under the same microscope as cell phones? Are they broadcasting on all the different cell/wifi/bt frequencies or do they just connect to a satellite? Are they GPS tagged?
Also if you want one-way “location less” communication, the old alphanumeric pager network is still available.
I think those messages are simply broadcast across the network (which at least in the US is national). There’s evidence of a message being sent, none about whether it was received or where it was received.
There were simply too many possibly related videos on the Rob Braxman Tech channel to determine which one you might mean. Do you have a recommendation?
Here's his channel for folks who are new to his content:
I have the feeling that whenever you are on an airport (and maybe railway stations too) they cross your IMEI with the boarding pass info. I believe that in the UK police use some middle-man towers, which name I have forgotten, to collect as much data as possible.
Downloading GPS assist data obviously isn't, and plenty of phones use wifi scanning as a way to augment GPS position fixes, but this seemed a strange callout. Am I missing something?
Movies make it seem anyone can walk into any store in a trenchcoat and walk out with a burner phone ready to go. I get the service part (you can buy prepaid SIMs in cash). What about the phone?
The phone part is easier in many places. I've personally bought both a phone and SIM card in cash from a corner store in SF. I was asked to provide some legal information for the SIM, but they pointedly did not look at my ID or anything, so I was free to write whatever I wanted on the order form. They told me only the SIM required the info, not the phone.
You could have also just bought a T-Mobile SIM and then activated a pre-paid plan with just credits you buy with whatever you want. You can get them for cryptocurrency as well on a lot of places.
1. starting with threat modeling (though they don't call it that);
2. mentioning that your OPSEC affects not only you but also people connected to you; and
3. mentioning that maybe you should just leave the device at home (because it's basically a surveillance machine that you pay for).
(A more common article format would be to unload a pile of supposed security&privacy measures without putting them into context, and wouldn't properly set expectations for what that gives you. Neither of which is very helpful, and can be very counterproductive.)
The Dumphone Finder (https://josebriones.org/dumbphone-finder) referenced there is useful, too, if you need to get a phone a 90 year old person has a chance of being able to use.
And also be aware of "shoulder surfing", which is different today in 2 ways it wasn't in the past.
In the past, the risk was something like someone looking at you type in your PIN on a bank ATM, or maybe your password on an computer keyboard.
Today, shoulder surfing is mainly different in 2 ways: (1) near-ubiquitous high-resolution surveillance camera networks, which can be places/scale and capture images that humans practically didn't; and (2) with machine learning, they don't even need to see what buttons you press, only see movements of your arm.
(Randomizing button positions on a touchscreen can help, and also help fight forensics like traces your fingers leave for where they touch. But randomization means you need to be able to see your screen, which reduces the ways you have to hide your screen from the view of others.)
While I like the sentiment of the article, I think most people are not aware of how hostile baseband firmwares are implemented on most SoCs that phones come with. Usually the cell tower handshakes that make you trackable can't be put off, meaning the modem will run in sleep mode even when you are in airplane mode (which is kinda funny considering the dangers of air travel, right? Right?).
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
meaning the modem will run in sleep mode even when you are in airplane mode
AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.
I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.
Are there actually smartphones without an IMEI
Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.
How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).
I think part of the issue is that cell tower antennas are designed for talking to devices on the ground or at very low altitudes (like those you'd experience in a tall building). So a cell tower's capacity for talking to lots of somethings directly above it, thousands of feet up, is much lower than talking to lots of somethings below it or adjacent to it.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.
Since then, plane electronics are better insulated making it less of a problem.
There are another two issues that aren’t technical, which are starting to come up again now that Internet access is rapidly becoming available and good onboard aircraft:
- People not paying attention to/ignoring the instructions of the FAs during safety briefings and emergencies due to being engaged in a phone call.
- People being assholes and talking on the phone, bothering the person stuck in the seat next to them.
On all of the flights I’ve been on recently the preflight brief has been crystal clear that you can do whatever you want on the internet connection except have voice calls.
Can you please give any sources? While it sounds plausible and interesting it's nothing more than a wild conspiracy theory without some background information.
Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.
Funny how airplane mode didn't work.
That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.
I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.
You made the assertion that basebands remain in contact with towers even in airplane mode, and so can be tracked. Someone asked for supporting evidence for that claim. You've responded with examples and links to different issues. It's a fairly extraordinary claim (it's not one I'd heard before - it's clear that other radios may remain alive for various purposes even when airplane mode is switched on, given that you can use wifi and bluetooth on planes, but you're the first person I've heard make this claim about the cellular radio), and you haven't provided any evidence to back it up at all.
Saying more words and then linking to a page from an IMSI catcher's wiki (where it doesn't talk about radio on/off states) isn't exactly "providing sources".
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS
I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.
Interesting, but you should probably use a control. Two phones, same hardware, same software. One inside the faraday cage, one outside, both in the same room with the same conditions otherwise.
Repeat the experiment a few times. Then cross over: liberate the caged phone, cage the free phone, and repeat the experiment a few more times. Or alternate the phones' positions between experiments. This mitigates hardware and software differences that might've been overlooked (such as a faulty battery, etc).
Analyze the results, draw your conclusions, publish, and encourage others to reproduce.
It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.
eSim erodes privacy? Well, that sucks, because how long until Apple, Samsung, and Google decide the Sim slot should go the way of the 3.5mm headphone jack?
I feel like any article on burner phones that glosses over acquisition with "buy phone and service in cash" misses the point.
Buying a phone anonymously is much harder than "just cash". Most places demand name & address for sign-up, and if you're unlucky want to see an ID.
You really should think through where and how you buy, how to find the "off the back of a truck" places, where to get SIMs, how to pay for renewal in untraceable money and without a CC, etc.
When I was working at EFF, I started writing (but never finished) a couple of essays along the lines of "the degree of trackability of mobile phones is an unfortunate accident, and we should fix it".
It basically comes from routing requirements (especially to receive incoming phone calls) combined with billing requirements (to make people pay for their connectivity) combined with the empirical requirement to see which base station a device is connected to, and which other base stations can see it at a given moment.
If you aggregate all of that data, then you know a (geographically moderate-resolution) complete history of where almost all people have been at almost all times, and patterns of their habits and whom they probably recurrently spent time with.
Not all of this data has to be collectable, because these things could be disaggregated by introducing different protocol layers. For example, you could pay the mobile company for data connectivity, but use cryptographic blinding mechanisms so that it doesn't know which specific subscriber obtained connectivity at a particular place and time. (Those blinding mechanisms could be implemented inside of SIM cards, so the SIM card's task is to cryptographically prove "I am a SIM card of a current paying subscriber of carrier X" rather than "I am SIM card number 42d1b5c0".) You could have device hardware IDs be ephemeral rather than permanent. Actual messaging and call services could all be "over the top" (as phone industry jargon puts it), provided by people who are not the phone company itself.
This disaggregation is a straightforward improvement from a privacy point of view because it prevents companies from knowing things about you that they didn't need to know in order to provide services.
Meanwhile, in the world we live in, we see governments trying to make it harder to make phones less trackable, by putting legal restrictions on changing hardware addresses, or requiring legal ID in order to establish service. I imagine that an additional cryptographic indirection layer in SIMs to prevent carriers from linking a permanent identifier to a network registration (or specific data use) would also be banned in some places if it were invented.
This shouldn't be inevitable. One thing that made me think about this was when there was a little scandal (which I was a small part of) about companies tracking device wifi MAC addresses for commercial purposes. There was a little industry that would try to recognize people and build commercial profiles based on recognizing that the same device was present (in fact, at the time, even if it didn't actually connect to the wifi -- because a typical wifi-enabled mobile device was sending broadcast wifi probe packets that included its MAC address). So Apple was like "this is a bad use of MAC addresses, which only exist to distinguish devices that happen to be on the LAN at the same time, and perhaps to allow network administrators to assign permanent IP addresses to specific devices", and they made iPhones randomize wifi MAC addresses for some purposes, mostly fixing that particular issue.
We could think just the same way about GSM networks: "these identifiers exist for specific protocol reasons; using them for device or user tracking is an abuse that should be mitigated technically".
I absolutely understand the sentiment and the goals that citizens should, by default, not be tracked. However, how do you square that with the proof, time and again, that truly secure and encrypted networks are primarily use by criminals (drug/human traffickers, and plenty of other people) who, through their trade, make the world a shittier place for the rest of us?
If we accept that the right to privacy is real, that not being followed, watched, and monitored every hour of my life, is something democratic societies should strive for:
Why do criminals have more rights than I do?
That's very easy to square by just accepting that people are allowed to have private communications.
That's only the case because the truly secure and encrypted networks are not the default.
> However, how do you square that with the proof, time and again, that truly secure and encrypted networks are primarily use by criminals
Do you have a URL for this proof?
(If it's true, that would be good to know.)
This is nonsense. By your logic me and the majority of people using Signal are criminals.
As the other commenter mentioned please provide proof for these hyperbolic claims.
I have no technical knowledge about these, and being cryptocurrency related there will be lots of exasperated huffs, but there are a couple of alternative mobile network related projects: World Mobile and Helium.
World Mobile claims 99% coverage of the US, although I think it uses existing networks where there's no native coverage.
They're "interesting", but only early days, and I don't know how close they come to what you describe for privacy and opposition to data aggregation. Large-geographic-area comms coverage isn't something that there's ever going to be a lot of options for.
I was imagining mobile operators that cooperated to some extent with the changes I was proposing, or at least didn't obstruct them. If it's using existing GSM protocols, the IMEI would have to be rotated frequently (and it's not that obvious how to do that without making the connection between the old IMEI and the new IMEI apparent), and the SIM technology would have to change. (What it's trying to prove in a privacy-friendly communications system is more like subscriber entitlement, not subscriber identity!)
There's also the "netheads and Bellheads" theory from the 1990s which can be taken to say that phone companies would never make technical changes to make themselves collect less data, or to be less helpful to government surveillance. Sometimes I think this is right. I still remember how I took part in a meeting with a mobile phone industry association or industry consortium of some sort about a year before the Snowden stuff. Someone on my side said "so, let's talk a bit about surveillance issues", and someone on the other side replied "sorry, that's something we don't talk about". Imagine an industry meeting with privacy advocates where the industry people are completely precommitted to not talking about surveillance!
Stellar reasoning.
Did you ever get to the point of hypothesizing good ways to align incentives to make this happen? It is hard to tell (having not thought much about it) whether this is a “smart well meaning engineers need to make new standards” problem, a “we need to harness the power of corporate greed problem,” or something else.
I seem to remember a discussion here on HN a few years back about a paper which outlined ways to decouple technical identifiers from personal identifiers on mobile networks.
My memory is a bit hazy but maybe it was the whitepaper for PGPP[0] that OP mentioned?
[0]: https://invisv.com/pgpp/
I don’t think it’s possible to align incentives in favor of rolling out such a statement in the US without another coup.
One thing I didn't see covered is to never have your "real phone" and your "burner phone" on you (or in the same location) at the same time while powered.
Easy enough to say "Gee...these 2 phones are always together or nearby when activated" or "this phone shuts off right before this one powers up".
Although, I suspect there are a few other ways to determine identity easier. Such as tracking the device identifier and then looking up nearby public facing cameras.
Also, never power up or down, or switch in or out of airplane mode on your burner while at home (or work). Cellular network disconnection and connection events are rare and hence notable.
I am not sure I agree with this. I don't think that running out of battery or rebooting a phone is that rare.
But more importantly, if these events are noticeable and Alice does what you suggest she is probably going to highlight her location. Especially if she naively waits till she is 15 minutes from home to switch her burner on. Over time there will be a circle around her house of no burner phone network attach events.
So many online services use the proximity of phones to determine things like related persons and related accounts. Facebook is notorious for this. In one building I lived at Facebook would constantly show me the names of everyone coming in and out as "You might know this person" even though I had no idea who they were.
I have no idea how this isn’t illegal. I’ve experienced the same horrifying loss of anonymity before. People I met long ago and definitely do not want knowing my real name showing up as Instagram suggested friends.
Airbnb as well, at least in principle, if not in implementation.
Airbnb Is Banning People Who Are ‘Closely Associated’ with Already-Banned Users - https://news.ycombinator.com/item?id=34983871 March 2023 (119 comments)
h/t HN user dmitrygr
"If you're going to keep your phone in a bag of potato chips, then keep your phone in a bag of potato chips" --Terminator: Dark Fate (2019) Carl the T800.
If you need to communicate with people in your area and not be tracked; MeshCore software with LoRa hardware like the this https://lilygo.cc/en-ca/products/t-lora-pager is something to consider. Text only, completely offline
Yes!!! I've been wanting to make something like this for a long time. But unless the firmware is open source I wouldn't trust this for anything secure. But this looks like a dev kit so I can do whatever I want.
There are other alternatives https://meshtastic.org
It's mostly open source. https://github.com/meshcore-dev/MeshCore They have a couple minor things that are paid features.
These look pretty fun, have you played with them much? What kind of range can you get?
I’ve tried them on snowmobile trails. With the vegetation the range was about a mile.
Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.
Range is line of sight. If you can see it, even if 100 miles away, odds are it'll work. Seattle area has one of the better networks for MeshCore. Tacoma to Vancouver BC is the range for semi reliable messaging
Don't the different frequency bands change that a lot? iirc these are all lower frequency so they can cut through foliage better than say 5ghz wi-fi
Yes you can get decent reception inside buildings. It operates in the 915mhz band. Similar frequencies to old school pagers. Lora is an interesting RF protocol, it has really good properties for operating below the noise floor.
Or just ham radio (not anonymous though)
And illegal to obscure/encrypt: http://www.arrl.org/part-97-text
It's a shame how neutered ham radio is.
If you need to do this then start by figuring out why you need to do it, and adjust your approach too your threat model.
Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.
Turning on any sort of radio transmitter is just turning on a big flash light into the sky.
Turning on anything relatively uncommon is even worse: normal people have cellphones and use them. They don't use LoRa devices, there aren't a lot of LoRa devices and someone who only uses LoRa devices will stand out in any dataset.
> Because the most significant evidence we have lately is that in-person meetings or dead drops and other low tech means are how you avoid being tracked.
How many cameras did you just go by? did you have your cell phone on you? how many networks did it connect too? how many bluetooth broadcasts did it passively send out? Not being tracked and being in public are slowly becoming an untenable duo.
Most of the threats you've identified are enabled by carrying a location enabled radio device on you when you're out in public.
But it isn't illegal to wear a hat and sunglasseses, for example, and it is common to do so.
Except that your texts go out to everyone on the mesh network.
MeshCore has verified public key sharing; see what happened to the other network at defcon. Direct messages are encrypted.
Almost like ethernet, if only there were a way to fix that
In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Unless you bought a pixel, graphene’d it and then paid a homeless person to activate a pre-paid data only sim which you would top up with vouchers paid in cash and used a von and international voip service…
A lot of effort though
Silent link esims are quite good for getting your phone to work on any country or network. I have one, not for privacy but more for better phone coverage and it works pretty well. No ID and you pay in crypto - btc/monero etc. (https://silent.link/)
For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
>For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
Why not just get an EE SIM if that's your main use?
Not from the UK but in Germany we have the same issue where there is T-Mobile (best coverage), Vodafone (good coverage) and o2 (worst coverage) and there are simply some remote areas where anything but T-Mobile doesn’t have coverage.
And the easy answer is that T-Mobile, or rather the parent Telekom, is a terrible company best known for right now for getting the government to agree that they can cancel your existing internet contract to make switching easier when they want to catch you as a fiber customer but actually all they’re doing is sending a marketing company around Germany (Raider Marketing) to lie to your grandma to sign contracts for the Telekom or just cancel your existing internet contract because they think with a bit of pressure they can get you to sign up with them.
Alternatively, they are also known for the worst peering on existence because they have the crazy idea that they can charge tenfold what other ISPs take for peering because they are the Telekom…
In summary, the Telekom is such a terrible company that I’d rather not give them any money and if I needed T-Mobile coverage I’d rather get a foreign eSIM and rely on roaming than giving them a single cent.
I'm happy to give them (telekom) money because their service works. Vodafone was constantly inferior in my experiences (dsl vs cable as well as their mobile networks). At least i don't have to call vodafone every month like my neighbors do when the internet is down, worth every penny.
Don't they get paid at the end when you are roaming?
Just track the hardware. A couple of days of normal usage and should be able to assign a 99% probability on you being the owner of that phone.
You should never turn on your burner in a place where you use your regular phone, duh.
Even using it in the same city, would only require time and maybe a bit more correlation to identify an individual.
And yet realistically you also probably don't turn it on except when you're within about 50 miles of your home.
And this is while you're flagging yourself heavily by (1) using a phone which is easily identified as a burner and (2) using it intermittently which means you're trying not to be tracked.
So you've already substantially identified yourself in any dataset.
I'm not sure how many people would get any use out of a burner phone that they need to be 50 miles away from home top use?
One of my hobbies is Recreational Paranoia. I used to have (probably still do in a drawer here somewhere) a 3G WiFi hotspot, with an Arduino and GPS module that powered down the battery within a few km of home (actually, within a few km of a public library that's a few km from home, so plotting all the power up & down locations would centre on the library not my house). I could then leave home with that in my backpack and instead of my phone take a wifi only device - I mostly used an iPod Touch but also sometimes Android tablets. I wouldn't get actual phone calls sir SMS that way, but those are both rare for me, most of my social comms are via Signal which worked just fine.
I figure wifi cellular hotspots are "not easily identified as a burner phone" and that intermittent use of them is the most common case. It would still have been able to be tracked as being a thing that turned on and off in my surrounding suburbs, and I'm sure I slipped up last least a few times and had it with me while I also had my phone with me - but like I said this was for my hobby, not running an international drug cartel or doing journalism critical of Saudi Royal houses...
> In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Buying prepaid SIMs from tourists or foreign students returning home is a reasonable easy workaround for that - at least if you're the sort of person who meets and befriends those sort of people.
At least where I live tourist SIMs are restricted to 2 weeks, then need to be converted to a local SIM (with ID requirements).
And anyone leaving would have their immigration status expire and the SIM is turned off then unless you provide some other proof of residence.
True on the Government ID document but most of the times the portal to activate would allow for any sort of numbers as long as it was in a proper format - whether or not it was valid.
These allow for self activation, have a lockout of 5 failed attempts or so and can be done via sim card codes (not SMS, but you interact with a program on the simcard and low level carrier services.)
> which means burners do not really exist in those places.
This is very wrong. In Germany you can go to any shady kiosk in a big city and buy a pre activated SIM card invariably registered to some Arabic or Pakistani name.
You can buy it in cash. Completely untraceable if you take care of CCTV.
Going to buy a prepaid SIM registered under an arabic name in europe is probably the safest way of getting traced by a government
IMEI + cell tower triangulation easily makes it traceable. If the authorities want to find you, they can.
Once they know to look for you, sure, which is why you use a disposable phone and actually dispose of it before anyone has a reason to look for that specific one. That’s literally the whole point.
They might go an ask Achmed some hard questions later, but he’s long since left the country and never met you anyway.
I was surprised when a SIM I purchased on Amazon was not only able to connect in China but was also able to bypass the great firewall. I wonder how these travel sims get round the government regulations.
It's how data roaming works in general -- it's tunneled through to the SIM's home provider. Conversely, a Chinese SIM roaming overseas is still subject to the Great Firewall.
They bypass the firewall precisely because they're roaming SIMs. Their internet connection goes through the home operator.
I imagine they simply don't allow selling such SIMs in China. It would be extremely easy to track and flag any that were e.g. used for longer than a few weeks.
It's because the government regulations only apply to Chinese citizens. My first trip to China was back in the '00s, and I went for work. I was also surprised to find that my home SIM worked just fine there without any interference from the Great Firewall.
Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!
So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.
They just don't enforce the exact same restrictions on roaming users. I suppose there are risks of tourists spilling the beans, so to speak, they just don't view that as a severe unmitigated risk.
When you ROAM, you traffic abroad is routed to your home country ( for security reasons among other things) and then off to the internet from there. You can check that your public IP, when roaming, is an IP from your cellco.....unsure if there are any changes with 5G though.
You are not bypassing any firewall as your traffic is actually happening at home. If you access local sites, traffic is coming from home.
Not home country, home PLMN(~=carrier). IIRC there were changes in 4G/LTE that lets the GW be at visiting carriers.
I'm suspecting that that post-4G architecture is just formalization of actual commercial deployment. Latency for roaming data was long inconsistent with the 3G diagrams, and exorbitant roaming fees that would be consistent with the diagrams also started rapidly subsiding from late 3G era.
How does GrapheneOS help in that?
It doesn't specifically help with obtaining a SIM without presenting ID, but it does help make it easier to avoid later leaking your true identity to Google/Apple/etc. once you start using the phone.
Seems like an excellent business model for the homeless.
> in cash
Cash is likely tracked too these days, if you get it from an ATM for sure, or maybe it is for some modern tills. So learn to busk before you think about buying a burner phone.
Always remember the three Cs of OPSEC (credit to grugq): compartmentalisation, cover, and concealment.
Most OPSEC failures are due to leakages which is a failure of compartmentalisation.
> Buy phone & service in cash
Step one is already difficult here in Australia: to do so you must hand over your personal details and ID. At least that was true for anything with a SIM card for sale back in the 2010s
So the “step 0” was “find a retailer who didn’t follow the rules”, and they’d usually be a corner store selling handsets or SIM cards by the bucket load to all sorts of interesting characters
This was already the case in Australia as early as 2003. I distinctly remember being shocked that I had to provide ID when I bought a phone from a store for the first time.
Are satellite phones under the same microscope as cell phones? Are they broadcasting on all the different cell/wifi/bt frequencies or do they just connect to a satellite? Are they GPS tagged?
Also if you want one-way “location less” communication, the old alphanumeric pager network is still available.
I think those messages are simply broadcast across the network (which at least in the US is national). There’s evidence of a message being sent, none about whether it was received or where it was received.
Problem is the utility of a phone is mostly in the things that are problematic. Email, cloud etc.
It’s either got too much stuff on it or not enough stuff on it.
Mental Outlaw and Rob Braxman on youtube have more comprehensive overviews on how to get burner phones
How to Get a Private Phone, Number, and Cellular Data - https://www.youtube.com/watch?v=XaHWcttD0tM (Mental Outlaw)
There were simply too many possibly related videos on the Rob Braxman Tech channel to determine which one you might mean. Do you have a recommendation?
Here's his channel for folks who are new to his content:
https://www.youtube.com/@robbraxmantech
I have the feeling that whenever you are on an airport (and maybe railway stations too) they cross your IMEI with the boarding pass info. I believe that in the UK police use some middle-man towers, which name I have forgotten, to collect as much data as possible.
You are probably thinking of a stingray https://en.wikipedia.org/wiki/Stingray_phone_tracker
> Radios off (GPS/Wi-Fi/Bluetooth) unless needed
GPS is a passive technology, no?
Downloading GPS assist data obviously isn't, and plenty of phones use wifi scanning as a way to augment GPS position fixes, but this seemed a strange callout. Am I missing something?
if the phone is confiscated it could be saving GPS automatically, i guess
This stood out from me as odd from the article too, but that's definitely a plausible explanation.
I could easily see a phone with some sort of location tracking saving GPS data points internally until it can reach a network again to send them out.
Is there any sim you can buy internationally without an ID? Here you need an ID.
In Mexico you can buy prepaid SIM cards with cash, and without an ID, at convenience stores such as 7-11 or Oxxo.
That's far, but good to know.
UK you don't need ID and can pay in cash. They'll ask for your name and address but you can make it up
> Buy phone & service in cash
Movies make it seem anyone can walk into any store in a trenchcoat and walk out with a burner phone ready to go. I get the service part (you can buy prepaid SIMs in cash). What about the phone?
The phone part is easier in many places. I've personally bought both a phone and SIM card in cash from a corner store in SF. I was asked to provide some legal information for the SIM, but they pointedly did not look at my ID or anything, so I was free to write whatever I wanted on the order form. They told me only the SIM required the info, not the phone.
You could have also just bought a T-Mobile SIM and then activated a pre-paid plan with just credits you buy with whatever you want. You can get them for cryptocurrency as well on a lot of places.
What are the latest tips and best practices for acquiring a phone and service without having to deanonymize?
For example, can you just walk into Best Buy with cash?
> without having to deanonymize
> Best Buy
Cameras are everywhere in big box stores. Anonymity is not sold in stores.
Kudos to this article for:
1. starting with threat modeling (though they don't call it that);
2. mentioning that your OPSEC affects not only you but also people connected to you; and
3. mentioning that maybe you should just leave the device at home (because it's basically a surveillance machine that you pay for).
(A more common article format would be to unload a pile of supposed security&privacy measures without putting them into context, and wouldn't properly set expectations for what that gives you. Neither of which is very helpful, and can be very counterproductive.)
The guide recommends PGPP to rotate IMEI numbers, however, the service shut down more than a year ago. https://invisv.com/articles/service_shutdown.html
I wish the article you linked wasn't so thin on details:
> Unfortunately, due to technical issues outside of our control, we have to shut down our subscription services.
The Dumphone Finder (https://josebriones.org/dumbphone-finder) referenced there is useful, too, if you need to get a phone a 90 year old person has a chance of being able to use.
> Strong PIN, not biometrics
And also be aware of "shoulder surfing", which is different today in 2 ways it wasn't in the past.
In the past, the risk was something like someone looking at you type in your PIN on a bank ATM, or maybe your password on an computer keyboard.
Today, shoulder surfing is mainly different in 2 ways: (1) near-ubiquitous high-resolution surveillance camera networks, which can be places/scale and capture images that humans practically didn't; and (2) with machine learning, they don't even need to see what buttons you press, only see movements of your arm.
(Randomizing button positions on a touchscreen can help, and also help fight forensics like traces your fingers leave for where they touch. But randomization means you need to be able to see your screen, which reduces the ways you have to hide your screen from the view of others.)
While I like the sentiment of the article, I think most people are not aware of how hostile baseband firmwares are implemented on most SoCs that phones come with. Usually the cell tower handshakes that make you trackable can't be put off, meaning the modem will run in sleep mode even when you are in airplane mode (which is kinda funny considering the dangers of air travel, right? Right?).
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
meaning the modem will run in sleep mode even when you are in airplane mode
AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.
I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.
Are there actually smartphones without an IMEI
Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.
Phones with MediaTek basebands are able to change their own IMEIs. Do with this information what you will.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
The risk was that mobile networks could not handle moving many devices from one cell to another at high speeds (during takeoff and landing).
How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).
I think part of the issue is that cell tower antennas are designed for talking to devices on the ground or at very low altitudes (like those you'd experience in a tall building). So a cell tower's capacity for talking to lots of somethings directly above it, thousands of feet up, is much lower than talking to lots of somethings below it or adjacent to it.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.
Since then, plane electronics are better insulated making it less of a problem.
There are another two issues that aren’t technical, which are starting to come up again now that Internet access is rapidly becoming available and good onboard aircraft:
- People not paying attention to/ignoring the instructions of the FAs during safety briefings and emergencies due to being engaged in a phone call.
- People being assholes and talking on the phone, bothering the person stuck in the seat next to them.
On all of the flights I’ve been on recently the preflight brief has been crystal clear that you can do whatever you want on the internet connection except have voice calls.
You might be looking for an android based Media player device.
But they are likely not ideal for the use case...
Sony BRAVIA
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
Maybe an old iPod Touch that can still run a VOIP program?
Can you please give any sources? While it sounds plausible and interesting it's nothing more than a wild conspiracy theory without some background information.
Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.
Funny how airplane mode didn't work.
That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.
I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.
This wiki article is a nice overview: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Dete...
>Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.
???
You made the assertion that basebands remain in contact with towers even in airplane mode, and so can be tracked. Someone asked for supporting evidence for that claim. You've responded with examples and links to different issues. It's a fairly extraordinary claim (it's not one I'd heard before - it's clear that other radios may remain alive for various purposes even when airplane mode is switched on, given that you can use wifi and bluetooth on planes, but you're the first person I've heard make this claim about the cellular radio), and you haven't provided any evidence to back it up at all.
Saying more words and then linking to a page from an IMSI catcher's wiki (where it doesn't talk about radio on/off states) isn't exactly "providing sources".
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS
I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.
Surely this is really easy to prove by putting a phone into an anechoic chamber and using a spectrum analyser to show that it's still TXing?
The phone isn't going to connect to a tower it cannot see.
It can't just scream out into the void and hope a tower picks it up, it needs a few pieces of timing information & cell configuration beforehand.
Even in airplane mode?
I dare you to do the following:
Charge phone to full 100%. Turn it off.
Put it into a faraday cage, e.g. a steel box, for 7 days.
Take it out again and wonder why the battery is empty.
(The faraday cage has the effect of making the modem have to switch bands constantly, which costs more electricity than sleep mode in LTE)
Interesting, but you should probably use a control. Two phones, same hardware, same software. One inside the faraday cage, one outside, both in the same room with the same conditions otherwise.
Repeat the experiment a few times. Then cross over: liberate the caged phone, cage the free phone, and repeat the experiment a few more times. Or alternate the phones' positions between experiments. This mitigates hardware and software differences that might've been overlooked (such as a faulty battery, etc).
Analyze the results, draw your conclusions, publish, and encourage others to reproduce.
It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.
Batteries naturally drain slowly when not used. What would this little experiment prove, exactly?
eSim erodes privacy? Well, that sucks, because how long until Apple, Samsung, and Google decide the Sim slot should go the way of the 3.5mm headphone jack?
That has already happened. iPhones since the 14 don't have sim slots.
only in US.
Just a note, Android and iPhones have abysmal security once police have physical access after first unlock (AFU) once your phone is rebooted.
https://blogs.dsu.edu/digforce/2023/08/23/bfu-and-afu-lock-s...
I feel like any article on burner phones that glosses over acquisition with "buy phone and service in cash" misses the point.
Buying a phone anonymously is much harder than "just cash". Most places demand name & address for sign-up, and if you're unlucky want to see an ID.
You really should think through where and how you buy, how to find the "off the back of a truck" places, where to get SIMs, how to pay for renewal in untraceable money and without a CC, etc.