What I also have in mind is to switch from using a Smartphone with built in SIM to just use it in flight mode and connect to a mobile Router. A mobile Router is cheaper to replace to keep sure that also your IMEI changes when changing the SIM. Also, there is a Router I found where it's possible to change the IMEI (if you are planning to do that, first check if it's legal in your country). Here is an article describing how it works: https://www.srlabs.de/bites/blue-merle. Another way and probably less risky would be to look for a mobile Router where you can easily change the LTE Module. With that you keep sure that your IMEI is changing and you won't run into issues where you maybe set an IMEI that is blacklisted or is already active in the network. Anyone knows if that is illegal in country's where it is illegal to change the IMEI? The LTE Module in the article is available for about 80$. Maybe it also works with cheaper mini PCIE LTE Modules. There a plenty of them available for like 20-30$. Also it could make sense to buy used ones and change it frequently even if you maybe run into other issues caused by it. Would of course still be difficult to also replace your SIM that often. Hopefully we will soon have an eSIM compatible mobile Router where you can also easily replace the LTE Module cause eSIMs are easier to buy anonymously through silent.link. The guy from silent.link I linked above also talks about that it might be possible to change the IMEI of the eSIM in the future so that would be easier way. So much to think of here. It's crazy how much time you need to spent this days just to be able to keep your location and personal information privat.

7 months later

I hope this isn’t thread necromancy, if so, sorry, this just seemed to be the best place to ask.

So GOS has this sandboxing profiles thing, right? Kinda like a virtual machine? Can each sandbox profile have its own SIM and phone number, etc?

From what I’ve read here it sounds like they can’t exist separated / independently from the IMEI, right?

I am currently on an iPhone 8 on Verizon (yes I know) and now that it’s no longer supported for regular software updates and will soon not even be supported for security updates, I’m going to take this as an opportunity to get a Pixel (haven’t decided on 7, pro, or 7a yet), a new network, a new number, and put GOS on it.

There’s… a lot in this thread.

I’m not Snowden or Assange or, I dunno, James Bond or whatever. I’m also not rich or a politician or whatever. If I was, I’d be paying someone else to deal with this, lol.

I just think that big companies get targeted by hackers is scary, and the fact that those same big companies just hand over info on their customers to governments willy-nilly is also scary. Dragnet search warrants are not something I want to get tangled up in.

And I also just think all this data collection is just plain creepy.

So hopefully that gives you a vague idea of my threat profile. I’m literally just some guy who just wants to be safe.

The Silent Link data only + VoIP calls/texts (mmo.chat?) seems like a gigantic hassle for a level of privacy and security that I’m not sure if it is either overkill or just “security/privacy theater”… aka a gimmick that doesn’t actually do much more than what GOS does on its own? I’ve seen a lot of conflicting opinions here.

What about Efani? It’s a bit expensive but I’d still like to know if it’s of any use, I’m just kinda trying to get my bearings.

What about invisiv? https://invisv.com/pgpp/ The Mobile Core plan is waaay more in my budget. I know privacy comes with a premium but that doesn’t mean I’m not allowed to shop around.

Or is there a regular-ol’ MVNO that isn’t operated by a bunch of slimy data brokers who bow and kowtow the moment any government asks?

Again I’m not building a fusion reactor in a clandestine subbasement under my neighbor’s garage, I’m just a dude who feels icky about modern privacy norms. (And who is extremely tired of spam calls :P )

Thanks.

  • de0u replied to this.

    GlytchMeister Can each sandbox profile have its own SIM and phone number, etc?

    Not really. User profiles separate apps from each other, but there is still one phone. The app sandbox also restricts and separates apps, but less - roughly similar to iOS.

    You can run VoIP apps, which can have phone numbers, in one or more user profiles.

    GlytchMeister There’s… a lot in this thread.

    True. It should arguably be read with/after a careful reading (or three) of the material on the GrapheneOS web site (which discusses user profiles, storage scopes, etc.).

    Thanks, genuinely.

    Re: No separate SIMs for profiles: ok, gotcha. So if I want to have actually effective privacy/security, I’ll need to fully commit to Silent Link and VOIP from the start, then, right?

    Or is Invisiv ok for my purposes? Or some other MVNO option that isn’t crap?

    Re: “Read the Manual”

    Yeah I…

    I tried. :/

    But it seems a bit over my head. I’m known among my friends for being good at finding glitches and like screwing around with them in videogames (thus, my username), but I’m not really knowledgeable enough to know how to navigate through the weeds of software engineering. I’m more of a mechanically-minded guy, overall.

    GOS’s manual has a lot of info but it’s generalized for all users, and it doesn’t really advise what settings or options to use except “this is the most private / secure option, but you can choose not to use this”. I understand why - they can’t really recommend anything because someone will see that, do that, think they’re perfectly safe, and then get mad when they aren’t. Because people are dumb.

    Anyway… My general standard operating procedure is “find some folks smarter than me, and listen to them.” This generally works fine - I have a pretty good handle on how to stay relatively safe and private (enough for someone like me) on a pc.

    Unfortunately, when there isn’t a consensus… this method doesn’t help me much. For a long time, I could t tell if iPhones or androids were more secure, so I’ve at least narrowed it down to “Pixel with GOS” but things get fuzzier if I start digging deeper.

    Is there a “GOS for Security/Privacy-conscious-but-otherwise-Average-Joes” anywhere? Doesn’t need to be GOS for Dummies, but that’ll work, too. It’ll at least give me a starting point.

    Or is there a guide online somewhere for “here’s how to determine your threat profile and how to figure out how to secure yourself based on that”?

    Sigh…

    I guess maybe my real question is “where do I go to learn enough to be able to make smart decisions?”

      • [deleted]

      • Edited

      GlytchMeister Is there a “GOS for Security/Privacy-conscious-but-otherwise-Average-Joes” anywhere? Doesn’t need to be GOS for Dummies, but that’ll work, too. It’ll at least give me a starting point.

      Or is there a guide online somewhere for “here’s how to determine your threat profile and how to figure out how to secure yourself based on that”?

      https://www.privacyguides.org/en/basics/threat-modeling/?h=threat+model
      https://www.privacyguides.org/en/basics/common-threats/?h=threat#anonymity-vs-privacy
      https://privsec.dev/posts/android/android-tips/
      https://www.privacyguides.org/en/android/
      https://madaidans-insecurities.github.io/security-privacy-advice.html
      https://www.youtube.com/@sideofburritos/videos

        Since my POS Samsung Galaxy went down, almost seven weeks ago now, I have left the computer to use the restroom and, sometimes, to eat, and occasionally, to sleep. The further I went down the lack of privacy rabbit hole, the more angry and obsessed I became. I believe that for every problem, there is an answer, but I'm afraid that the answer is very inconvenient. As far as carriers are concerned, they are all the devil, because if you use them to transmit any data; talk, text, videos, pictures!!!, it all now belongs to them, as per their "privacy" policies, all data is collected and stored in their servers and it is all tied to "your device's unique identifier." You can run, but you cannot hide. Resistance is futile and all that. If we want our privacy back, our inherent human right to share our personal details with whomever we decide to share it, or not share it with, we will either have to go back to writing letters and interacting with each other in person, or we are going to have to pursue legislation that amends our Constitutional rights (U.S. specifically, if you believe in the validity of such things) to include the word "privacy" as it is the lack of that solitary word that gives license to anyone and everyone to collect and exploit whatever they want. I hate to be the proverbial wet blanket, but the fact is changing law is the only way we will ever achieve what we are trying to achieve in a meaningful way. And, anyone who has studied any holocaust should know that none of the people who were destroyed had anything to hide. Contact your local Congressman and Representatives and let them know how you feel about being violated... be a squeaky wheel, for our children and our children's children! And in the meantime, run GrapheneOS and be selective about what you sent to whom and how you send it. The best sounding option for carriers out of this entire thread, in my opinion, was the Librem AweSIM. However, any MVNO is under the umbrella of one of the primary carriers, so I'm supposing they have access to your data as well. As far as Google Fi, are they not running through fiber optics? An entirely different system?

        … Ok. So. I mean this with nothing but the best intentions: Take a deep breath, step back, and have a conversation with some folks IRL about your frustrations and concerns. Unless you are in very extraordinary circumstances, you most likely do not need to expend quite this level of time, energy, and peace of mind on privacy and security. I know having security and privacy gives peace of mind, but the pursuit of it can be very stressful and frustrating. You are but one person, after all, and you are indeed trying to combat giant super corporations and corrupt governments. I have no argument there. But there is a middle-ground where you can get a lot of privacy and security without sacrificing too much of yourself and the things and people you love, and still be able to call attention to the problem of privacy to your local representatives.

        Ya gotta find that happy medium, that balance. “Moderation in all things,” etc.

        Best of luck. I know you’re fighting the good fight, but always remember to take care of yourself, so you can wake up every morning and keep it up without burning yourself out.

        Anyway.

        [deleted]

        Thanks for these links. Would it be appropriate to make a new thread with my attempt at a threat profile and a rough draft on my plan, to ask for more detailed advice?

          GlytchMeister “where do I go to learn enough to be able to make smart decisions?”

          It's not as if there's an article that you can read which will tell you what you wanna know. As you spend time on privacy-oriented subreddits and boards such as this, you'll gradually gain a sense of which actions you can take that'll suit your use case.

          Once you have a Pixel with GOS installed onto it, you'll be able to play with features of the OS while also reading about these features in the GOS documentation. The documentation will become clearer for you one you have the phone in your hand and can play around with the features a bit.

          You're not gonna get it right the first time. Get a Pixel, install GOS onto it and start experimenting with any sort of setup. As you move forward you'll tweak this setup, refining it until you land somewhere that's both reasonably secure and usable.

          Likely thousands of people have moved from iOS to GOS and blindly jumped in - it's not that complicated. Create some user profiles to compartmentalize whichever apps you think are troublesome and take it from there.

          • [deleted]

          GlytchMeister Thanks for these links. Would it be appropriate to make a new thread with my attempt at a threat profile and a rough draft on my plan, to ask for more detailed advice?

          @spiral advice here is on point. You're unlikely going to get it just right on the first try, so just jump in and figure out as you go. If you want to explore other people's threat models first you can just use search function above. If you feel you still have questions after reading through those, community here is awesome and very helpful. If you're still looking for some hand-holding, then Side of Burritos videos on GOS (linked above) are a good starting point.

          2 months later

          Kenny33 Imo this helps nothing. The imei is the same, by switching sims and using the same phone he will just be suspicious if anyone is monitoring. Should change the phone also when he changes the sim.