I’ve been doing a lot of reading of Michael Bazzell and his recommendations of never using your SIM card for legacy phone/texting due to the lack of privacy with this approach. He instead recommends all legacy non encrypted communication to be done via voip (utilizing your sim data plan). This way you can freely swap out prepaid SIM cards which keep a log of your location via cell tower proximity.

Any thoughts on this approach particularly while using graphene?
Any recommendations of solid voip options (that either do or don’t require play services to receive call notifications)?
Does this sound like overkill and should I just stick to a SIM card? I don’t have any crazy threat model, just don’t like the idea of a constant location dossier being built on me. I could buy a new prepaid anon Mint mobile sim every month and obfuscate location tracking that way…

Any thoughts are appreciated!

    Your phone has an IMEI visible to the network that does not change when you swap sims. Thus the network can track you across multiple sim cards on the same phone.

    VOIP numbers are most useful for giving many different parties different phone numbers so they can't identify you as easily, kind of like using aliases with email. It allows you to have some privacy with regards to your contacts but it isn't going to stop the cell towers from tracking you.

    I agree with the approach of using VOIP numbers for legacy texts since you can change them freely, though I'd prefer to use only one sim card for data since there's no benefit to having more.

      nodsocket

      Understood. But if I never use the phone number to call/text and simply use cellular data (with vpn), the provider can see that someone with a particular imei is swapping SIM cards monthly and can track that imei location. But importantly, they don’t know that is me. Right?

      If I used that SIM card for calls/texts it would be easy to correlate the sim to my identity and the sim number would be saved in my contacts’ lists under my name. That’s the benefit I see of using voip, if one tried to reverse engineer my location from my voip number, it wouldn’t be possible as it isn’t linked to my sim (and therefore location)

      Or perhaps I’m missing something.

        applesbana

        applesbana the provider can see that someone with a particular imei is swapping SIM cards monthly and can track that imei location. But importantly, they don’t know that is me. Right?

        They will know that the phone is yours only if you give the carrier your identity when you buy the sim. Otherwise you'd be pseudonymous. But they would be able to tell that all the sims are owned by the same person.

        applesbana if one tried to reverse engineer my location from my voip number, it wouldn’t be possible as it isn’t linked to my sim (and therefore location)

        Normally, the average person won't have access to a phone's location data, but the parties that do would see your IMEI at your house and they could use that to determine your identity. This might be a benefit of VoIP if you are worried that the parties that see that number will be able to access that location data.

        There are other pitfalls to avoid, like the fact that most VoIP services are not anonymous, and even with anonymous VoIP your calls are not encrypted and can be read by the network on the receiving end. If you share your identity over a text message, the network will see that.

        • [deleted]

        • Edited

        applesbana It all depends on your threat model. I'm fine with using a prepaid SIM for data and some calls and even listing it as my contact number with someone like my bank. Being totally unprivileged party they won't have access to my constant whereabouts. My telco does, but they won't have personal information to tie it to. However, if a bunch of these (and related) parties collude together I can of course be quickly deanonymized but it's not in my threat model.

        Additionally when I travel I pollute my clean IMEI (paid for my device in cash) by swapping out my home prepaid SIM for pesky (but very prevalent) KYC SIMs and thus accumulating a laundry list of SIM cards associated with my ostensibly clean IMEI. I haven't listened to Bazzell podcast in a while but when I did he oddly never seemed to mention it as an issue.

        If you're dead set on switching to VoIP and are from US JMP.chat over their Cherogram app is what you're looking for. Their dialer integration and no PII sign up is the closest you can get to no hassle setup. I tried a bunch of VoIP solutions prior to them and some of them were much worse (PII, KYC, no 2FAs or bad 2FAs etc.) than just using my local telco.

        And as was already mentioned by @nodsocket you will achieve absolutely nothing by regularly swapping out prepaid SIMs other standing out like sore thumb and possibly even attracting some unwanted attention to yourself.

        Cellular privacy is truly a lost cause.

          • [deleted]

          • Edited

          [deleted] The only way to gain a brand new cellular identity (and start polluting it anew) would be to buy a brand new device and new prepaid SIM, and even then, privileged actors (such as the law enforcement) can de-anonymize you almost immediately.

            Skyway

            How have you found the costs? I typically need about 2 hours of phone usage a day and around 30-50 sms for my business… seemed like it would get costly.

              • [deleted]

              applesbana They give unlimited incoming and outgoing text and picture messages, and calling credit equivalent to 120 minutes of voice to the USA or Canada per calendar month. These are included in $4.99 USD / month. Extra is billed at $0.0087 per minute.

              • [deleted]

              • Edited

              Skyway

              I use jmp.chat its a bit odd to get setup but I'm impressed with it .

              Only in a sense that you need to run XMPP client on your device which I normally wouldn't. But with more traditional VoIP setups you need to run some SIP client and these are pretty much all terrible, Play or no Play. I would rather run Conversations or Cheogram and do my calls over XMPP than deal with Linphone.

              Anything over cellular network should not be considered private .

              JMP promise not to log but your calls with them still pass "through many phone companies outside of your control or influence, including, but not limited to, the phone company of your recipient". In any case you decouple your location data from your calls which is what OP is looking to do. So instead of Bob calling Alice from Target parking lot it's "Bob calling Alice".

                [deleted]
                Yes I use the cheogram app.

                Skyway Anything over cellular network should not be considered private .

                This was a general statement nothing specific to jmp.chat
                VoIP over cellular data does add another layer but can still be tied back to you and location if someone should look into it, Most likely govt .

                You can use MUDI router to connect your phone to the internet using vpn or tor. every month/week you can change the data simcard whenever you want but before you change it, you need to reset the imei using BLUE MERLE then you can insert the new simcard.

                Here i use

                disposable DATASIMCARD(inserted on mudi) + VPN (OVPN) + GRAPHENEOS (PIXEL 6a)

                make calls for some clear-line i use (mobilevoip)/VoIp Raider
                receive calls only through simplexchat or signal (fork)

                on my laptop i use qubesos connected on ethernet port on mudi + sys-whonix + internet

                thats it.

                ps: blue merle only works on firmware version 3.215 but i have recently sent an email to nicholas farnham and hey plan to release further updates in the coming months so this may change, anyone can see the updates on theyr github repo once they have been finalized.

                  6 months later

                  mclsza Have you heard anything about blue merle updating?

                  • mcl replied to this.

                    An XMPP app to look at is Monocles Chat. IMO it's contact management is much better than Cheogram or Snikket.

                    nodsocket this is what I do. Never had legacy calls or texts on my phone. And the WhatsApp number everyone contacts me on is different to the sim in my phone.

                    2 months later

                    mucr they have released a new version of mudi (v2) and blue merle works like a charm on newer firmware you can also setup the switch button on mudi to change imei whenever you want..