How can I setup and use my pixel 10 completely anonymously?

p1xel_p0etry

Goal: Setup and use pixel 10 with grapheneOS as anonymously as possible.
Threat model: avoid big tech surveillance, spyware, tracking.

Context:
I am somewhat new to privacy, I started around summer 2019 but only really got into it almost 2 months ago.
I am coming from a full Apple ecosystem.

I bought the Pixel 10 from a retailer in cash without sharing any info, in person. On the phone, I skipped through the setup to get through without provided any info. I have not inserted any sim card or turned on wifi or BT even once.

My understanding is that first per-requisite to installing GrapheneOS is to update the phone. That would require internet. My plan is to do that using a VPN.
I have 2 choices here, but maybe just 1:

Add VPN to my network/router (If suggested, I could use some resources or instructions for this as I have never done this before but do have the technical skills to do it)
Add a client to my Pixel by transferring an APK from my laptop to the phone via cable. I don't think this would work as I can't turn on the VPN until I login which would require internet. I could be wrong about this.

The VPN I plan to use is Mullvad. I am planning to trade Monero with Bitcoin on Bisq. I have never used Bisq before or bought Monero. I am open to suggestions if there is a more private or secure way.
Then use the Monero to pay for Mullvad.

Also, my big assumption is that I can download the update my phone on VPN, please correct me if that's not possible. I haven't used an Android as primary phone in 12 years.
I will turn on kill switch / lockdown mode on Mullvad VPN, so even after restart, there's no IP leak.
I am considering doing this at a coffee shop just to be safe, maybe a Starbucks wifi would likely be reliable enough.
Also, maybe I should use Orbot instead of Mullvad?

Once it's updated. I will unlock the bootlocker from settings. then follow the rest of the instructions as per website.

Let me know if there is a step during I should be careful about.

Once GrapheneOS is installed.
disable OEM Unlocking in developer options

I plan to never insert a sim card. Not a need for me. I will just Signal/Molly and if needed, my VOIP number. I am still researching VOIP apps, recommendations are welcome.

My phone usage is very minimal, I plan to use the 12 apps it comes with. And only if needed, install OpenSource and E2E apps. The app stores I plan on using are based on the GrapheneDeveloper & SideOfBurritos YouTuber's recommendations: "Graphene store > Accrescent > Obtainium > google play store anon > aurora anon > F-droid". Based on availability on the app, I would just first first to the second. Please let me know if the order needs changing.

install Futo keyboard / Open board; revoke network permissions
enable auto-reboot
disable nfc
I am deciding between Vanadium / Firefox Focus / Firefox for the browser.
make use of storage scopes under individual app settings as often as needed
Maps: OSMAnd.
Photos: Immich (eventually)
Self host apps: I am thinking about NextCloud's apps.
Banking on Desktop or phone's browser.

For the user's on the OS, I was thinking making them per corporation. So hypothetically, for all Google or Alphabet apps, 1 user account; for all Meta apps, 1 user. For reddit, 1. I don't plan to use any of these, these are just examples. I am okay with upto max 6 users, though if it's not too hard to switch, I could make more.
I am wondering if I should use owner for daily, or make a new one. Currently leaning towards making a new one for VOIP app and Signal and use that as my Daily user profile.
Somehow, I was able to move all my friends and family to Signal.

For most media and data. I plan to host on my own server. This is a project I will pursue in Dec or Jan. I don't really want to store anything locally on the pixel. So even Contacts, Calendar, Files, Photos. I want to self host, and just have 1 source of truth between my computer and the phone.

I am gonna try as hard as I can to not install Play Services at all. I hate Google now so much. And I am gonna try using websites over app. And I am always on my computer for almost everything.
Today, I was creating a new gmail account for work and now it's impossible to do it on the web. You need to scan a QR from a phone and send an sms to a +44 number.
IF I make a new account on the phone, I will get a temporary phone number from smspool's website, pay by Monero (suggested by sideofburritos youtube).

My day to day will be using my pixel 10 offline or using wifi to connect to my portable hotspot device with VPN especially when I go out. My understanding is that, it is also okay to connect to public wifi as long as I have a VPN.

My old sim card with old phone number is in my dumbphone that i will keep on for the first 2 months, for those once in a while 2FA and moving any incoming calls/text to new VOIP number. Then the dumbphone would stay off. It will always remain at home.

I am happy to edit post and add any missing details as needed. Thank you!

nandohyphen1

p1xel_p0etry Goal: Setup and use pixel 10 with grapheneOS

Just a heads up, GrapheneOS isn't supported on the Pixel 10 Series yet - it should be soon though. Read this thread
https://discuss.grapheneos.org/d/25099-pixel-10-production-support-for-grapheneos-coming-soon/409

gos79732

p1xel_p0etry I bought the Pixel 10 from a retailer in cash without sharing any info, in person. On the phone, I skipped through the setup to get through without provided any info. I have not inserted any sim card or turned on wifi or BT even once.

As Probably9857 said, IMEI is still recorded by cell towers even without a SIM. See https://discuss.grapheneos.org/d/2509-are-cell-identifiers-leaked-on-first-android-boot-before-installing-grapheneos. More discussions:

https://discuss.grapheneos.org/d/9874-is-phone-trackable-without-a-sim-card
https://discuss.grapheneos.org/d/19535-does-imei-get-sent-to-towers-on-gos-without-a-sim

There is unconfirmed speculation that there could be a small amount of Bluetooth radio activity at during boot for both stock Android and GrapheneOS. If this is true, it's unclear what this activity is and what identifiers are involved. See https://discuss.grapheneos.org/d/26586-brief-note-on-mobile-phone-measurements-with-airplane-mode-onoff and https://github.com/GrapheneOS/os-issue-tracker/issues/6469.

p1xel_p0etry My understanding is that first per-requisite to installing GrapheneOS is to update the phone.

While recommended as a best practice, this is not required. From the Web installer guide:

It's best practice to update the device before installing GrapheneOS to have the latest firmware for connecting the device to the computer and performing the early flashing process. Either way, GrapheneOS flashes the latest firmware early in the installation process.

The Pixel 6a is the only phone that requires an update before installation, as documented later in that same guide:

For the Pixel 6a, OEM unlocking won't work with the version of the stock OS from the factory. You need to update it to the June 2022 release or later via an over-the-air update. After you've updated it you'll also need to factory reset the device to fix OEM unlocking.

A stock OS update can take a long time to install, especially if downloading over a slow connection. I never updated the stock OS and I haven't had issues installing GrapheneOS on a new Pixel device. Stock OS collects telemetry data, so you may want to minimize how long the stock OS is running.

p1xel_p0etry Add a client to my Pixel by transferring an APK from my laptop to the phone via cable. I don't think this would work as I can't turn on the VPN until I login which would require internet. I could be wrong about this.

You're going to need to connect some device to the phone to ultimately perform the installation. Both stock Android and operating systems such as Windows collect lots of telemetry. It's possible that USB identifiers from your computer or phone are collected by the other and stored remotely. That's something to be aware of if this is a concern. See https://discuss.grapheneos.org/d/27314-privacy-risk-of-booting-on-an-idd-device. If using a laptop, booting a live Linux distro is an option.

p1xel_p0etry Also, my big assumption is that I can download the update my phone on VPN, please correct me if that's not possible. I haven't used an Android as primary phone in 12 years.

I haven't heard of issues with downloading stock OS updates on a VPN.

p1xel_p0etry I am considering doing this at a coffee shop just to be safe, maybe a Starbucks wifi would likely be reliable enough.

Starbucks Wi-Fi typically requires a name, e-mail, etc. to connect. You can provide alias information, but be aware of what you provide and how it is associated to you if this is a concern.

p1xel_p0etry Let me know if there is a step during I should be careful about.

The Web installer requires you to download the GrapheneOS image, which is almost 2 GB. The installation image cannot be downloaded ahead of time with the Web installer. The download will take a long time from a slow internet connection. If using public Wi-Fi, you may want to speed test the network ahead of time so you're not stuck in the middle of an installation waiting for hours to download the file. It is possible to download the image ahead of time with the CLI installer, but the Web installer is much easier to use.

p1xel_p0etry Once GrapheneOS is installed.

Once GrapheneOS is installed, it will boot with factory settings with airplane mode off. This means the phone will connect to cell towers again until airplane mode is enabled.

p1xel_p0etry disable OEM Unlocking in developer options

This step is now integrated into the initial setup during installation: https://grapheneos.org/install/web#disabling-oem-unlocking. This no longer needs to be done through Developer Options.

p1xel_p0etry My day to day will be using my pixel 10 offline or using wifi to connect to my portable hotspot device with VPN especially when I go out.

A portable hotspot device has an IMEI and will allow tracking of your location. I'm sure you're aware of that, but it's unclear what you gain by using a portable hotspot instead of a data SIM in your GrapheneOS phone.

Probably9857

I see no mention of Airplane mode there.

Be aware that your phone will still connect to cell towers even without a SIM, if you are not in airplane mode.

That has likely already happened during initial setup. Unless you were somewhere without a signal.

If so, the cell operator(s) will be able to associate your device with any location(s) where it communicated with their network.

p1xel_p0etry

Probably9857 Thank you, I forgot to mention that. I heard that it is possible to completely disable the functionality of Airplane mode and bluetooth to avoid accidentally toggling them. I plan to do so. I am not sure currently how and would love to learn.
That is crazy, I did not know that. The first place I turned on my phone was my home, and it has been turned on twice, both times at home. I suppose resetting the phone doesn't help anymore for this. I wish i knew this before. I suppose cell carriers are more secondary threat for me compared to big tech. This does suck. Then in this case, I should do Graphene installation in a library or coffee shop for sure, right?

23Sha-ger

p1xel_p0etry Then in this case, I should do Graphene installation in a library or coffee shop for sure, right?

Not really. That is an extreme measure. Do you really want to avoid your ISP from knowing you connected to GOS
servers to install it? Because it will later still connect to some servers for updates, etc. So not really an advantage.
The cell tower tracking is only valid when you have a SIM installed. If you just scan for towers without a plan, they
have no real identity to correlate that IMEI to. This is what happens when you travel around the world or roaming.

Probably9857

p1xel_p0etry I heard that it is possible to completely disable the functionality of Airplane mode and bluetooth to avoid accidentally toggling them. I plan to do so. I am not sure currently how and would love to learn.

This is not a feature of GrapheneOS. It may be possible with some other tools, but doing so would significantly compromise security, and it can cause other problems if you don't understand what you're doing. Would strongly advise against this.

p1xel_p0etry I suppose resetting the phone doesn't help anymore for this

No, it doesn't.

p1xel_p0etry I should do Graphene installation in a library or coffee shop for sure, right?

No. Just turn on Airplane mode, enable WiFi, and use a reputable VPN.

p1xel_p0etry

23Sha-ger The library is not too far and it seems, it might be better just to be safe? I am either gonna have network wide VPN or VPN client on all devices, so either way, ISP wouldn't know. And for my day to day, I am thinking of just connecting the Pixel to my personal hotspot device, even at home. So either way, ISP will never know. The other commenter said the IMEI and location have been linked, not identity. But I suppose, someone could be just passing by, if a device even reaches out without a sim

p1xel_p0etry

Probably9857 Understood. I am gonna have to find the resource but it was mention in some Graphene YouTube video or Reddit post. I am not gonna try unless it's a built-in feature.
Cool, I will just set it at home then!

p1xel_p0etry

nandohyphen1 Yes, I am aware. Based on all the tweets, I get the feeling of 7-10th Dec tentatively. These dates are my guess and not from devs. I am just trying to be proactive on prep :)

nandohyphen1

nandohyphen1 Just a heads up, GrapheneOS isn't supported on the Pixel 10 Series yet - it should be soon though. Read this thread
https://discuss.grapheneos.org/d/25099-pixel-10-production-support-for-grapheneos-coming-soon/

Edit on this post ^^^ :

Thought you may like to know that experimental support for the Pixel 10 is now available! If you click on that link the title is now changed! So you won't have to wait until December to start testing, @p1xel_p0etry !

p1xel_p0etry

nandohyphen1 Yes, I saw! I am gonna do the prep tmrw that I need to do. Do you have any resource or link I can verify what the process is to go from an experimental to stable version? And how seamless it is?

nandohyphen1

p1xel_p0etry no, I don't know where you could go to verify the process from experimental to stable or how seamless it is. But @skim said this in the other thread that I linked nandohyphen1

We now have experimental support for the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL and Pixel 10 Pro Fold.

Our initial 2025112500 release for these is available through our web installer or releases page on our staging site

https://bsky.app/profile/grapheneos.org/post/3m6ipiv6bzc2m

So it looks like more details are on the web installer or releases page. If I can find any more info I'll add it.

p1xel_p0etry

gos79732 As Probably9857 said, IMEI is still recorded by cell towers even without a SIM. See https://discuss.grapheneos.org/d/2509-are-cell-identifiers-leaked-on-first-android-boot-before-installing-grapheneos. More discussions:

https://discuss.grapheneos.org/d/9874-is-phone-trackable-without-a-sim-card
https://discuss.grapheneos.org/d/19535-does-imei-get-sent-to-towers-on-gos-without-a-sim

There is unconfirmed speculation that there could be a small amount of Bluetooth radio activity at during boot for both stock Android and GrapheneOS. If this is true, it's unclear what this activity is and what identifiers are involved. See https://discuss.grapheneos.org/d/26586-brief-note-on-mobile-phone-measurements-with-airplane-mode-onoff and https://github.com/GrapheneOS/os-issue-tracker/issues/6469.

gos79732 Thank you for the links. They were very informative reads.

gos79732 While recommended as a best practice, this is not required. From the Web installer guide:

gos79732 The Pixel 6a is the only phone that requires an update before installation, as documented later in that same guide:

Okay, I understand. Thanks for providing all the context.

gos79732 A stock OS update can take a long time to install, especially if downloading over a slow connection. I never updated the stock OS and I haven't had issues installing GrapheneOS on a new Pixel device. Stock OS collects telemetry data, so you may want to minimize how long the stock OS is running.

I got it. The research paper/study is interesting.

gos79732 ou're going to need to connect some device to the phone to ultimately perform the installation. Both stock Android and operating systems such as Windows collect lots of telemetry. It's possible that USB identifiers from your computer or phone are collected by the other and stored remotely. That's something to be aware of if this is a concern. See https://discuss.grapheneos.org/d/27314-privacy-risk-of-booting-on-an-idd-device. If using a laptop, booting a live Linux distro is an option.

I wasn't worried about connecting the phone to the laptop. I didn't think about that before. I am on a Mac still unfortunately. My only option would be to go to a library and boot a live Linux distro. This may be not as necessary?

gos79732 Starbucks Wi-Fi typically requires a name, e-mail, etc. to connect. You can provide alias information, but be aware of what you provide and how it is associated to you if this is a concern.

That's a great point.

gos79732 The Web installer requires you to download the GrapheneOS image, which is almost 2 GB. The installation image cannot be downloaded ahead of time with the Web installer. The download will take a long time from a slow internet connection. If using public Wi-Fi, you may want to speed test the network ahead of time so you're not stuck in the middle of an installation waiting for hours to download the file. It is possible to download the image ahead of time with the CLI installer, but the Web installer is much easier to use.

This is really good to know!

gos79732 Once GrapheneOS is installed, it will boot with factory settings with airplane mode off. This means the phone will connect to cell towers again until airplane mode is enabled.

Okay!

gos79732 This step is now integrated into the initial setup during installation: https://grapheneos.org/install/web#disabling-oem-unlocking. This no longer needs to be done through Developer Options.

Cool! Thanks again!

gos79732 A portable hotspot device has an IMEI and will allow tracking of your location. I'm sure you're aware of that, but it's unclear what you gain by using a portable hotspot instead of a data SIM in your GrapheneOS phone.

The device does have an IMEI and it has an E-SIM. I can change the ESIM carrier from plan to plan to not rely on 1 carrier get my data. I looked into ESIM carriers that take Monero, there are a few but they were more expensive. I will switch to them later next year.
The main benefit of using a SIM in an external device vs inside the phone is that the SIM collects as much telemetry data as possible and sends to cell towers. On a hotspot device, the info that the ESIM has is minimal or negligible compared to a SIM inside a phone. Now, the argument is not as strong on Graphene compared to Android or iOS but my understanding is that, it still stands.

gos79732

p1xel_p0etry I wasn't worried about connecting the phone to the laptop. I didn't think about that before. I am on a Mac still unfortunately. My only option would be to go to a library and boot a live Linux distro. This may be not as necessary?

I don't know what information Mac OS collects. When a phone is connected to the computer, its serial number, USB ID, etc. are visible. In the best case, nothing is collected. In the worst case, identifiers are collected and associated with the Apple ID signed into your Apple device.

p1xel_p0etry The main benefit of using a SIM in an external device vs inside the phone is that the SIM collects as much telemetry data as possible and sends to cell towers. On a hotspot device, the info that the ESIM has is minimal or negligible compared to a SIM inside a phone. Now, the argument is not as strong on Graphene compared to Android or iOS but my understanding is that, it still stands.

What data are you referring to here?

The SIM collects similar data from a hotspot device or from a GrapheneOS phone. Obviously, It will collect unique identifiers such as IMEI and other device information. The cellular network operators will also be able to collect information about network traffic, which a VPN can help with.

p1xel_p0etry

gos79732

gos79732 I don't know what information Mac OS collects. When a phone is connected to the computer, its serial number, USB ID, etc. are visible. In the best case, nothing is collected. In the worst case, identifiers are collected and associated with the Apple ID signed into your Apple device.

I am leaning towards booting a live linux distro in a library.

gos79732 What data are you referring to here?

The SIM collects similar data from a hotspot device or from a GrapheneOS phone. Obviously, It will collect unique identifiers such as IMEI and other device information. The cellular network operators will also be able to collect information about network traffic, which a VPN can help with.

GPS, phone's IMEI, OS version perhaps, information about texts or calls like frequency possibly.
The main difference is that, at least in the country I live. It is very hard to get a SIM card that is not linked to your identity. And when you use it in your phone, the identity gets linked to the device immediately. Even if I use the ESIM with a phone plan that is linked to my identity on my hotspot device. My identity is linked to the IMEI of the hotspot device which at this point, it already is. And when connecting the phone to the hotspot via wifi, the phone remains unlinked to my identity. I hope that makes some sense.
I will definitely be using a VPN for sure.

gos79732

p1xel_p0etry GPS, phone's IMEI, OS version perhaps, information about texts or calls like frequency possibly.
The main difference is that, at least in the country I live. It is very hard to get a SIM card that is not linked to your identity. And when you use it in your phone, the identity gets linked to the device immediately. Even if I use the ESIM with a phone plan that is linked to my identity on my hotspot device. My identity is linked to the IMEI of the hotspot device which at this point, it already is. And when connecting the phone to the hotspot via wifi, the phone remains unlinked to my identity. I hope that makes some sense.

What privacy benefits are you gaining by carrying around a cellular hotspot linked to your identity while connecting to it using a phone unlinked to your identity?

Some GrapheneOS users keep their devices anonymous by not associating their device (and IMEI) with their identity. One main reason this is done is to prevent linking a user's location activity (through cellular tracking) with their true identity. The goal is to make it difficult to answer these two questions:

What has Person ABC's location activity looked like over some time period?
A cellular device was connected to a cellular tower at a specific point in time. Who is the owner of that device?

With your current setup, it's easy for some entities (such as a cellular carrier) to answer both of these questions. This is because you are carrying a mobile hotspot tied to your government identity that is continuously connected to cellular towers.

Depending on your threat model, this may not be a problem. Many GrapheneOS users purchase a phone using a credit card, set up the phone at their home, establish cellular service using their true identity, never turn on airplane mode, etc. They don't even consider the topics discussed in this thread. And there's nothing inherently wrong with that for users that don't feel a need to achieve "extreme privacy".

In your case, you're carrying a non-private cellular device already. I don't mean to discourage you, but going through obstacles to keep your GrapheneOS "anonymous" may not be adding much privacy benefit for cellular tracking specifically. There's nothing wrong with doing so of course, if you don't mind the inconveniences. For example, maybe there is a possibility you'd like to later establish a private cellular subscription and migrate away from the nonprivate hotspot.

gristle-cause

How anonymous? What is your threat model? Who/what are you hiding from?

To maintain true absolute anonymity, you can really only turn the device on alone, at random times & locations unassociated with the routine of your life, never repeating the same location twice.

You can never turn networking on at home, or the IMEI will be associated with your address. You can't turn it on in proximity to other devices associated with your identity, such as your current phone or near friends, or the devices will be associated as 'co-travellers'. Any location where you regularly turn on networking can be associated with the IMEI - this can threaten anonymity if it's somewhere like home, work, or a location you frequent.

Are these extreme measures necessary for your threat model? Are you prepared to take these steps? Or does your true goal fall short of absolute anonymity?

p1xel_p0etry

gristle-cause

gristle-cause How anonymous? What is your threat model? Who/what are you hiding from?

As anonymous as I can be without having to go very extreme lengths. I suppose this doesn't really answer your question. My threat model is primarily big tech, data brokers; carriers to a degree. I would like to be prepared for the government as well, as eventually it seems they all turn authoritarian lately but not concerned about state surveillance particularly at the moment. I want to be invisible to big tech, data brokers as much as I can.

gristle-cause To maintain true absolute anonymity, you can really only turn the device on alone, at random times & locations unassociated with the routine of your life, never repeating the same location twice.

So absolute anonymity is not possible for me, which is acceptable.

gristle-cause You can never turn networking on at home, or the IMEI will be associated with your address. You can't turn it on in proximity to other devices associated with your identity, such as your current phone or near friends, or the devices will be associated as 'co-travellers'. Any location where you regularly turn on networking can be associated with the IMEI - this can threaten anonymity if it's somewhere like home, work, or a location you frequent.

Absolute anonymity sounds impossible.

gristle-cause Are these extreme measures necessary for your threat model? Are you prepared to take these steps? Or does your true goal fall short of absolute anonymity?

No they are not. I am not. It does fall short.

Starch

gristle-cause You can't turn it on in proximity to other devices associated with your identity, such as your current phone or near friends, or the devices will be associated as 'co-travellers'.

What do you mean here with can't turn it on? If he has his GOS device in flight mode and Bluetooth off and connected to his mobile WiFi can it still be scanned to be able to associate as co-travellers?

gristle-cause

p1xel_p0etry yeah, true anonymity is overkill for almost everyone. We're talking nationstate spycraft techniques

In that case, your use case is fine. The carriers are the only ones that would have your identity or location, government by extension. Big tech won't see anything unless you let them

gristle-cause

Starch I don't know enough about how the low level firmware handles Airplane Mode on startup to answer definitively. It'd need to be auto disabled well before the OS fully booted, as close to bare metal as possible
I'd personally fear leakage & would need to monitor the RF spectrum on boot with an external antenna to feel assured

gos79732

Starch What do you mean here with can't turn it on? If he has his GOS device in flight mode and Bluetooth off and connected to his mobile WiFi can it still be scanned to be able to associate as co-travellers?

gristle-cause I don't know enough about how the low level firmware handles Airplane Mode on startup to answer definitively. It'd need to be auto disabled well before the OS fully booted, as close to bare metal as possible
I'd personally fear leakage & would need to monitor the RF spectrum on boot with an external antenna to feel assured

Powering on a phone with airplane mode enabled does not result in any connections to cell towers. The issue of cellular tracking only occurs when airplane mode is turned off.

Empirical research, which included GrapheneOS, using a spectrum analyzer and an anechoic chamber was published on this earlier in the year:

From https://grapheneos.org/faq#cellular-tracking:

Airplane mode is the only way to avoid the cellular network tracking your device and works correctly on the devices we support.

If there is a concern about cellular leaks when airplane mode is on (even though evidence of such leaks does not exist), a Pixel Tablet can be used as a GrapheneOS device. The Pixel Tablet does not have a cellular modem.

gristle-cause In that case, your use case is fine. The carriers are the only ones that would have your identity or location, government by extension. Big tech won't see anything unless you let them

That's not entirely true. In some countries, this information is sold to data brokers. Cellular carriers also experience data breaches. A few years ago, the Federal Communications Commission, a United States federal agency, proposed fines on all major US cell carriers for "apparently selling access to their customers' location information without taking reasonable measures to protect against unauthorized access to that information".

See Ars Technica's article "FCC issues wrist-slap fines to carriers that sold your phone-location data" and KrebsOnSecurity's article "Why You Should Opt Out of Sharing Data With Your Mobile Provider".

This 140-page document from the Federal Bureau of Investigation (FBI), a United States federal law enforcement agency, shows how investigations are performed using cellular data obtained through legal procedures: https://s3.documentcloud.org/documents/21088576/march-2019-fbi-cast-cellular-analysis-geo-location-field-resource-guide.pdf. The document is over 6 years old so newer techniques may exist by now.

Location data is sensitive and can be used to determine someone's identity. If someone is at the same location at 2 AM multiple times, it's probably the location they live at. The articles below focus on location data bought from mobile apps such as weather apps or data apps. Regardless if the location data is from apps collecting your location or from cell carriers collecting it, the concepts are the same. These articles show the sensitivity of location data and how a person can be de-anonymized just from location activity.