Looking for an ultra robust solution to provide protections against high level targeting, but which still allows for mobile communications and relative convenience. Realistically, no I'm not a high level target, but let's experiment together anyhow.
I'm on the move frequently, so small form factors and doing away with clunky laptops is a big incentive. Think pack hacker one bag travel. This set up involves a combination of small devices.
Primary device is of course a GOS phone, with proper use of profiles, hardening and mindful, judicious practices. A yubikey (if supported) for
hardware 2fa.
No sim card in the GOS device, with all radios etc turned off and silenced as fully as possible. Connected to the Internet via an ethernet dongle into a travel router, which receivs its data stream either from WiFi or 4G.
(Still not sure how much to trust WiFi tbh)
With this set up, Sim based attacks will only allow for information associated with the travel router to be extracted and not contents of phone itself (so no GPS coords to send home for instance, see Rob Braxman). Better still, an attacker won't know the sim number and identifiers associated with the travel router because I'll practice anonymising protocols with unregistered, prepaid, data only sims. I'll associate permanent, public facing voip numbers for communications via WhatsApp, signal, Instagram, etc in the GOS device, but they'll be different to the sim in the travel router itself. So even with your 'real' number, any SS7 type attacks will only be able to invade the secondary dumb phone which exists solely to validate WhatsApp etc, and is turned on occasionally when needed for SS7 operations and calls.
So far we have a pixel, a router, a dumb phone, and a yubikey. But we're not done yet.
Another dumb phone withna sim that is used for government type affairs. You give it to the DMV/DVLA, to your doctor, to your banks. Some organisations force you to register a mobile number and send texts for 2fa. If you want to protect yourself from sim swap and cloning attacks, then use this secondary 2fa only line. It isn't ssociated with an email or any leaky apps, no one will get hold of it, this will be a spam free secret number for official, non -anonymous, secure purposes only.
The next device? A separate airgapped device for sideloading authenticator apps on to, because not everyone will take a yubikey. Store your backup pass codes on here. Any stalkerware on GOS pixel can't exfil or screen scrape stored OTPs and backup secrets from this airgapped cold storage device A pinephone with hardware kill switches might be q great solution here because it provides scope for extended use in future, could be used to boot other OS like kali, tails, and can house large SD cards for media. This way you still have essentially a separate 'ipod' and offline diary, calendar etc. This would avoid interruptions to music when switching between profiles on GOS and generally frees up ram and storage. Just need a decent DAC for best possible experience.
The hardware kill switches would also provide strong reassurances if deciding to use as a cold crypto wallet (this isn't my wheelhouse I could be wrong).
There might be comments about me using privacy invading apps like WhatsApp and Instagram. Some of these are necessary evils.
But what am I missing? Is there anything else I can do to protect myself?