I love the feeling of privacy I’ve gained after moving from iOS to graphene with fairly little friction. However, one nagging feeling I haven’t been able to get over is carrier privacy. I do use a vpn to mask IP address however it seems there are still possible security issues like:

1) carrier constantly tracking location which seems to be fairly easy for ppl to obtain. This location data seems to be available, often without a warrant, for private investigators and law enforcement. It also can drag innocent ppl into trouble because you happened to be close to the location where a crime occurred.

2) the carrier/SIM card seems to have privileges/access and independent computing ability that are outside of the OS (similar to intel management engine on their chips)

The only possible mitigations I can think of are to buy an anonymous SIM card but never use its phone number but rather just it’s data service and utilize a separate voip type number over the data connection.

Carriers will always be able to obtain a coarse location when you use mobile networks, that's just how it works. Put the phone in aeroplane mode if you want to avoid this.

(e)SIMs are just secure elements with keys in them which authenticate you to the network. They can have tiny STK applets on them written in JavaCard. That's all handled under the umbrella of the modem which is under an IOMMU and the STK interface to the OS is highly limited.

Given the niche nature of the entire stack here, its likely an adversary would be able to find a more trivial vulnerability to leverage rather than exploiting an STK applet.

Please read the FAQ.

https://grapheneos.org/faq#cellular-tracking

2) the carrier/SIM card seems to have privileges/access and independent computing ability that are outside of the OS (similar to intel management engine on their chips)

This is not true. Please ask questions instead of stating things you don't know as facts.

I imagine most carriers have something like this available, whether they tell us or not. And taking their word that they’ve disabled it is little comfort.

Same as above.

    strcat

    Thanks for your response, certainly makes me feel more comfortable!

    Also, note I did use the word ‘seems’ to indicate my lack of expertise, certainly was not meant to come off as fact.

    Can you help me understand if grapheneos mitigates against something like the Verizon ‘supercookie’:
    https://www.cnet.com/tech/mobile/how-to-opt-out-of-verizon-supercookie-tracking-program/

    Thanks!

      Kenny33 super cookies are added to your network traffic (http header), which GrapheneOS has no control of. You would need to opt-out in your account settings.
      Is Verizon still using supercookies?

        Most of the internet is now using HTTPS. I would imagine that this approach doesn't really work anymore.

        nrt

        My understanding is they do but you can call them and ask to opt out

        11 days later
        akc3n locked the discussion .