• Off Topic

  • Long time iPhone user thinking about making the switch - good idea?

DeletedUser87

Do you mind sharing what you use for receiving phone calls? I used to listen to the Bazzell podcast before it got taken down, and I remember him always stressing how important it is to keep your SIM card-based phone number private. He'd say how it can be exploited in all these different ways, like how your location is always tied to it (unless you're in airplane mode), and how your provider keeps all your SMS and call logs forever. And then there's the risk of getting SIM swapped, which is just a whole other level of scary.

If I recall correctly, he used to use a Mint SIM card just for data, and then relied on VOIP for all his calls and texts. He'd only use his actual phone number when absolutely necessary, and would try to get people to use Signal instead. I'm curious, what's your setup like?

On my iPhone I just use mysudo for everything and no one knows my 'real' number.

      hesitantapplegal that depends on your threat model. Just having your phone number exposed doesn't automatically mean everyone will try to hack you. Location is of course tied to it, but I can't change anything about that. I would need to run airplane mode at all times to effectively mitigate the risks, which would turn my phone into an iPod. I barely use SMS, my 2FA is almost completely based on FIDO, TOTP or e-mail (for less important services) and I don't really care about call logs, I mainly use Signal to call people if I ever call them. That fits my setup and my threat model. I would suggest reading up on that topic as you're throwing a bunch of different threats into one basket, which seemingly have no clear goal. The problems a journalist in China faces are not even close to what the average Joe in the US might have to deal with. If you need some help on threat modeling, I (and probably some others here) can of course assist you.

          DeletedUser87

          I think I can summarize my concerns pretty simply: I just want to minimize the amount of non-encrypted data that's collected by companies and governments who might use it for profiling, marketing, or worse.

          I'm assuming that all this data is stored indefinitely, and with AI getting more advanced, it's not hard to imagine that it could be analyzed for who-knows-what purposes, either now or in the future.

          I remember Bazzell talking about how if your SIM card is your public number and it's tied to your identity through KYC, you could get caught up in dragnet surveillance just because you were near a crime scene. He even shared some crazy examples of this happening and how hard it is to clear your name after being wrongfully accused.

          But, I don't know if that's a good enough reason to not use my SIM card number for non-Signal/WhatsApp calls. I'm not exactly worried about being targeted by anyone, so this is more of a proactive approach to minimizing my digital footprint. I'm already pretty careful about my online presence - I don't use social media, I try to use privacy-friendly apps like Signal and Proton, and I only have about 10 apps on my phone.

          I hope that helps you understand where I'm coming from. I did read some advice I think from @matchboxbananasynergy about starting out by installing Google Play Services and using my phone just like I did my old iPhone, so I don't get frustrated and give up on the switch. I'm definitely worried about getting frustrated, especially since I'll already be adjusting to the Graphene UI, which I'm sure will take some getting used to.

          Edit: I guess I would also add that if you think with my somewhat generic and not targeted threat model, it would be perfectly reasonable to stick with an iPhone, don't hesitate to tell me that! As I understand it, the security and privacy is OK on an iPhone, but you may be losing privacy to Apple (which they allegedly don't share with others?)

              hesitantapplegal alright, that at least narrows it down a bit. Although the threat actors are a bit generic and thus the amount of hurdles is pretty extreme. Play Services is good for a start as I said. Remember that with 3rd party services you also always outsource your data to a party you have to trust. If for example MySudo ever got malicious, you would have basically the same problems you could have with your carrier. I employ a zero-trust policy, meaning all systems I use that I don't trust are considered compromised; this includes my carrier. The same goes for VPNs (it's why I just run my VPN at home and connect to that when I'm on the go). Different people have very different approaches in general. I decided to go for self hosted solutions for most of my services. I only have mail on a different provider, everything else runs on my own server at home. If you can include Apple Music, well - I can't replace that by buying a million songs. At home, my router is set to support DNS-over-HTTPS (DoH) to disguise DNS requests from my ISP. General advise: try to move as much of your communication over to Signal or SimpleX, since that is one of your main concerns. You can't really fix calls or SMS - they are outdated protocols all in all and it's better to use Signal calls or chats wherever possible.
              I think you have a good starting point by reducing the amount of apps and not using social media. Everything else - you can figure that out as you go. (It's hard to give general advise without knowing the exact needs someone has)

                  To address the most important and most common privacy problems one should get private from their ISP by using a trusted always on VPN, getting private from Google since their infrastructure has been designed around apps communicating with the platform thus allowing wide collection of data that is linked to your identity and last but not least careful selection of apps you decide to trust and use to cover your needs for mobile phone use. This will already put you well ahead of most. Then keep educating yourself and build on top of that.

                  For one I know getting private from Google is very difficult, which I go about by using Aurora Store as my source for apps (I know many may disagree that this is not the recommended way, but I stay away from apps that are suggested to be privacy unfriendly, and most of them have network disabled, thank you GrapheneOS. And knowing they can't talk to Google puts my mind at rest, because this is where majority of IPC happens).

                    DeletedUser87

                    Thank you again for the detailed response. So in your situation, if you ever needed to make/receive an old fashioned phone call (not signal), do you use your SIM card phone number? Or like if someone like your doctor or accountant or lawyer needs your phone number and they don't use signal?

                        hesitantapplegal same as every one else who doesn't rely on FCM notifications anf no self hosting. It takes getting used to but I like the way of interacting with my device in more proactive way. And I tend to stay offline where I can. This style doesn't suit most.

                          a month later

                          Just my two cents.

                          Used iPhones for a decade and recently switched to Pixel 6a and GOS. I've actually really enjoyed the switch to Android.

                          Somethings are a bit off feeling, but many things are way better. Split screen mode is awesome! Also, you may run into some hiccups because GOS is by default more locked down. So every app starts from no permissions and you have to add permissions. Some apps work without all permissions, and some don't. However I really appreciate the capability now that I've got it all configured.

                          It does have somewhat of a learning curve. I started off wanting to avoid google at all costs, but ended up installing Google Play Services. I've since switched off of Gmail and use NewPipe for YouTube. So Google gets less data now because of my choices, and merely because the Sandboxed Google Play Services that GOS implements is already by default better than a non-GOS phone with Google Play Services and still using all the same apps.

                          I would recommend it! Hardest thing is not using iMessage only because so many people default to SMS now and I have had some issues sending/receiving texts to a select few iphone users who I previously iMessaged even after deregistering my number from iMessage.

                          a month later

                          someone27281
                          Nobody knows what the behind-the-scenes system apps in iPhone are doing. We don't see them and have no idea even what they are.

                          Ditto with the Modem processor.

                          I always thought the iPhone was private, but nowadays, not so much...