I've recently started exploring GrapheneOS and have begun learning about best practices for privacy and security when using mobile phones generally. Since one of the most important reasons to have a mobile phone instead of just using a computer for everything is for the ability to contact people quickly and conveniently from wherever, it's unfortunate and somewhat problematic to my preferences and threat model to put a SIM card in my phone to broadcast my location to cell companies 24/7 via tower triangulation.
So, I've been learning and thinking about VoIP systems and how they can bridge the gap between being able to communicate using a phone number while also keeping one's location behind a VPN as is possible with pretty much all other internet communication channels and services. My understanding of phone networking is still very limited as I've only just begun learning about it, but below are my ideas and questions regarding using it as a more private way to have a phone number on GrapheneOS.
There are multiple ways to implement such a VoIP system as far as I'm aware. At the opposite ends of the spectrum, you could:
- Go through a third-party service that handles most everything and just allows you to connect your phone to them to receive communications over the internet. In this setup, you have the benefit of not being triangulated with a SIM card since you're using the internet, but you are still heavily dependent on your provider's policies, available features, and practices to keep your communications safe, etc. There are more opportunities for them to log your usage and track you than when using something more like this next setup.
- Self-host call/message routing software and only pay for a "trunk router" provider to convert digital communications to the traditional telephony network to interface with everyone else who have "regular," non-VoIP phone numbers. In this setup, the trunk router forwards all communications to/from your phone number to your own server which then handles (additional) encryption, DoS protection, behavior of voicemail, connecting to your endpoint devices, etc. One major tradeoff with this setup being that your server has to always be online to route communications, else you'll be unreachable and your number won't work.
Generally, I'm curious whether this might be a good privacy-supporting hobby project to attempt, even if just to learn and experiment with and not use for a main personal phone number if the risks, required expertise, and difficulty outweigh the added privacy benefits (and cost savings over paying for a phone number with a traditional cell company).
So I ask, has anyone else considered or tried a VoIP setup with GrapheneOS instead of using a traditional SIM number? Are there other tradeoffs, besides the setup and maintenance difficulty, that using such a setup has that I'm not considering?