531 comments

[ 3.7 ms ] story [ 349 ms ] thread
Thank God, the current versions are just so thick, I can barely hold it. I really hope they can remove some more stuff and make it thinner.
Though imagine if they actually replaced it with microsd support.

It would certainly be against the industry as a whole!

Several of my android phones have come with a slot that can take either a microSD or a second SIM, so they wouldn't have to remove it if that's what they were going for.
Hopefully they make the battery smaller and the glass thinner, all the current iPhones are too heavy and durable and I miss charging.
Is there a good reason why mobile phones still have SIM cards, besides the historical reasons?
Yes, so you can switch providers easily
FTA:

> iPhone 13 models already support multiple eSIM profiles, allowing users to subscribe to several cellular plans digitally and switch between them, […]

In some countries eSIM is basically illegal (for example in Russia up until 2019)
One I can think of is operator providing you a software package to make use of his special services (and whatnot).

Did you know your simcard contains Java Runtime Environment?

Oh JavaCard, you have succeeded despite being horrific. It's also used for ATM cards, credit cards, etc. And Apple Pay :D

I wonder if any environment uses log4j? (jk I hope. The JavaCard spec is fairly limited so maybe it's accidentally safe :D )

(comment deleted)
Why do you think it is horrific? Haven’t had the chance to look into it so all I know about it is that it uses Java ME which is a very limited subset of Java SE.
I would much rather a defined protocol rather than arbitrary code. It also means you can require multiple distinct applets on your phone for each card provider.
China still doesn't allow eSim, so Apple made special iPhone model with dual SIM slots for them.
I guess that's the reason why they took eSim away on the iPhone 12 in Hong Kong, despite previous models having it.

I used to have my main number as an eSim, and then inserted a travel SIM. Had to convert my eSim back to a real SIM card. Luckily it has dual SIM.

Progress for the sake of progress... SIM cards have plenty of advantages, all of which relate to control of your hardware. With a physical SIM card you retain control of the number and can swap it easily. As other comments have shown, with an eSIM, you rely on the provider to provision it for you.

I hated having to call the provider when I was with Sprint and Verizon Wireless in the US, when I wanted to change the phone I was using. And that was mostly free and they had 24-hour hotlines. If you have to pay and can only call during business hours, it is a huge regression.

This is stupid, your carrier could IMEI lock physical SIMs if they want. eSIMs change nothing, the control you speak of is just a delusion.
They could, but they (mostly?) don't. On the other hand carriers do charge for moving eSIMs between phones.
I only use eSIMs and have yet to have trouble with this. I guess all you can do is vote with your wallet and switch to a less shit carrier.
Unfortunately they are the only eSIM supporting carrier in the country. Maybe this will help, but looking at the other comments here mine is not the only carrier that does so.
Try airalo, they’re available in almost all countries.
many advantages, If your phone dies, you just move sim card and the new phone works has your old phone number.

You buy a new phone, say you have an android and buy an iphone or reverse... you can easily move the sim card as you want. I'm not even sure how you would do that with eSIM.

Couple of years ago I went to Africa, bought two local SIM cards from children on the road while sitting in a car, they had to take a picture of my passport with their mobile phone and activate the cards, but it worked. Having esim being sold like that would probably not be possible.
Esim is a mature and excellent technology. This is overdue.
In my country the third major provider still doesn’t support it, the second (Vodafone) started supporting it in 2021. (EU member state.)
They will if Apple does this.
Let me guess: Germany?
Some providers in DE also don’t allow eSIM on prepaid plans - you have to be on a contract to be able to use eSIM at all (looking at you, Telekom).
<Telekom shows middle finger and charges your account 15 EUR processing fee>
Well, if Apple really goes this way, you will see them support it pronto.
> Esim is a mature and excellent technology. This is overdue.

And this is the first time I've heard of it. (and in with https://xkcd.com/1053/ before someone else does)

so, anything one can do if one wants to work with this technology on their own. I suppose an Asterisk extension or something, I tried searching for eSim on github but seems it's a pretty generic acronym for people to pick.
Nope, nothing you can do on your own. It still requires being a carrier and operating physical infrastructure. It's not VoIP.
Not everywhere, as others in this thread have mentioned. As a frequent traveler I'll be probably holding onto the last physical sim iPhone for many years until everywhere I travel to has it all ironed out.
They’ll iron it out pretty quickly if iPhones can’t use their network.
As a frequent traveler I can’t imagine going back to physical SIMs, now I can carry all my data plans on my phone and don’t have to waste time looking for a place to buy a prepaid plan.

There are a ton of websites where you can immediately get esims for almost every country, why bother with physical sims?

Thanks. I never knew, plus I haven't troubled in 2 years :). What is a good recommendation?
Airalo is the one I find myself using the most, amazing coverage and great support.

I’ve probably used their sims in 30+ countries at this point, they’re even available in more exotic places like St Barthelemy or Moldova.

In some places the e-sim plans are inflated and poorer value compared to the deals on physical sim cards sold. For example the unlimited data plans might be only available by sim rather than purchasing data packs
They’re rarely poorer value if your time is worth anything, if getting a prepaid SIM costs me a 30min detour I might as well be setting $100 on fire.
As a traveler you can have 10 or more eSIM profiles. That means you can have a great 130 multi-country eSIM like the AIS eSIM2Fly or if you go to a single country you could get their local travel eSIM ( for example the Thailand DTAC Tourist eSIM ). Just switch between your active eSIM as needed. iPhones have more than enough eSIM slots to accommodate your travels, with no more need for plastic chip fiddling.
Out of half dozen of mobile service providers I have used in 3 different EU countries, ONE provides eSIM.
Thanks to Apple, this industry won't make any progress otherwise. You can watch all 3 service providers finally waking up and provide eSIM. You can even watch all the Android manufacturer follow the suit. I am tired of using u-pins to change sim cards. Buying physical circuit to put in the phone just to communicate some numbers is barbaric.
Whilst I wholeheartedly agree, I have to say that 'barbaric' is top-tier hyperbole.
I’d recommend making your point without resorting to name calling.
You mean if someone uses a million dollar zero day to hack an iPhone? You can still set a SIM pin on an iPhone eSIM as well, btw.
Plus if the concern is extraction of SIM keys from the iPhone, the iPhone already has some more valuable keys stored on it: those for Apple Pay cards.
True, I could not figger why attack me?, a retired 82YO geezer, in this way? See above as the only answer I was able to discover
Android here. Not much of a sim hacker here - but I once suffered an over the air sim hack. Phone ceased to work, gmail accessed, PW changed and phone was changed to another number. Freedom advised there was no human engineering involved - they reverted the phone reverted to my control and I selected a 7 digit PIN and my file was locked so it needs me in person as well as that new PIN. gmail was recovered and a USB dongle was added at home to secure that. No problems since. Police and Federal(RCMP) police investigated. I could not figure why me? - apparently it was a hack aimed at the Australian ambassador to Canada, whose gmail ID was the same as mine with a 1 digit numeric suffix on his. Was this - Chinese?? They got nothing from me or him as he had a secure embassy hardware secured and encrypted message system he used for all embassy business. Gmail was just for online shopping, friends etc. He has since retired and I often get, in error, emails intended for him, which I dutifully forward and erase and we occasionally chat.
Are there existing phones which support more than one eSIM?
iPhone 13 and newer do.
I don’t think that’s correct. You can have 1 nano sim and 1 esim, but not 2 of either simultaneously.
They are correct, and you are not. The 12 is as you say. With 13, you can have either 1 nano and 1 esim or two esim simultaneously. You can also have other esim plans stored and not in use.
Also, you can have 9 (or more) inactive eSIMs installed and one active eSIM and switch between them at will.
My Pixel 4a supports multiple eSIMs being installed, but I don't think you can use two actively.
> With iPhone 13 Pro Max, iPhone 13 Pro, iPhone 13, and iPhone 13 mini, you can use Dual SIM with either two active eSIMs or a nano-SIM and an eSIM. iPhone 12 models, iPhone 11 models, iPhone XS, iPhone XS Max, and iPhone XR, feature Dual SIM with a nano-SIM and an eSIM.

From https://support.apple.com/en-us/HT209044

eSIMs are good but it doesn't eliminate the bureaucracy/paper work involved with acquiring an actual network connection, esp for those traveling across countries. Unless ofcourse you are willing to pay those listed roaming charges(some of which appear as hidden charges). Not sure what eSims or even Apple as a company can do about that?
Here in Switzerland eSIMs are actually massively worse - you can't swap them around on most operators without calling (!) their support line to manually release and regenerate the eSIM token.

Meaning that swapping between phones now requires calling, possibly expensive, support lines and you better hope your phone issue didn't happen during holidays. And that you have a working backup phone. And you're not in a foreign country trying to put your SIM back.

It's a massive regression of convenience against simply swapping a small chip.

> It's a massive regression of convenience against simply swapping a small chip.

Yeah it's beginning to sound like replacing wired headphones with BT ones

yes iff you would need to contact a support hotline everytime you switvh the audio source or the headphones itself.

if you are mocking the notion that it was courage to get rid of the headphone. Then you are correct But then again I got a phone with headphone jack but still prefer Bluetooth. Especially now when wearing masks,... no cables that get in the way of.taking off and putting on a mask.

I noticed this is a bone of contention among the HN community. It is clear why: both wired and wireless headphones have their advantages and inherent problems that had been discussed ad nauseam. In general, there is no problem as we are free people able to choose what we want and need. The problem appears when a company with a dominant position in the market declares one of these technologies dead and pushes their users towards the other one.

It's not just wireless audio. The same happened with the Ethernet: while most people use WiFi, Ethernet (especially Gigabit and faster) also has its advantages. Removing an Ethernet port is not an improvement: it is a statement.

The ethernet jack is too big, I wouldn't want a thicker laptop just for that. Just get the ethernet dongle if you need it.
I think this battle is long over and done with, but the Ethernet jack is not that big. A Thinkpad T470s/T480s has it and it is plenty thin. There are even some laptops with a collapsible RJ-45 port which allows it to be even thinner.

A USB port is also not that thick yet it has been dropped on many recent laptops, although a Thinkpad X1 Carbon shows it is possible to have USB, HDMI etc on a 2lb / 1kg machine.

The T480 is 30% thicker than the new Macbook pros. I just got the 14" macbook pro and personally I think it's already a bit beefy.
The parent doesn't mention the T480, but the X1 Carbon which comes with a full range of USB and HDMI ports. The Macbook Pro is 1.55cm thick, the X1 Carbon is 1.49 cm thick.

Lenovo also sells the T480s, those are not substantially thicker (1.6 cm high) and beefier and come with a built-in ethernet (!) port.

A serious question: what is the advantage of thinness for you, personally? I have several laptops and I'm on the move all the time. The only disadvantage of thicker ones for me is weight - but it's negligible, even when I'm cycling and my laptop is in my backpack (or, sometimes, laptop bag). Weight aside, the thinness itself has zero advantage for me. I'd much rather have all the functionality removed at the cost of it (not just Ethernet - I care much more about user-replaceable SSDs and RAM).
Some fans value what their preferred brand tells them to value.
I mentioned the T480s. The T480 is much more user-serviceable than a Macbook Pro, with upgradeable RAM, SSD, Battery etc, and much cheaper, so not a valid comparison.
It is awful in Taiwan too.

As per telecom regulation, you cannot get a new eSIM online. The only way is visiting telecom service center in person, verify your ID, pay the fee (about 10 USD), finally got a printed eSIM QR code.

It implies you must pay $10 when you switch to a new phone every time. worse than Physical SIM card.

I believe it depends on the provider - in Italy there are three that currently support esims. A couple (Tim, Vodafone) let you rescan the qr-code multiple times with different phones. The third (Wind) provides a one time use qr-code, you need to show up at the shop and buy a new code (no idea if the serial is the same or not).

In every case you still need to wait for the qr-code to be posted at your mailbox (even if you can sign the contract online).

A potential security weakness as well - they will need to make it more "easy" than it currently is to swap the eSIM between phones.
My carrier in Canada has one-time use eSIM tokens that you can only buy in-store and only from select stores and it costs four times as much as an actual SIM card (20$ for an eSIM token QR code vs $5 for SIM card). If you need to use the eSIM on another phone, you need to buy another 20$ QR code.
If a sim is digital, couldn't Apple put the eSim into your 'wallet' for example? I appreciate that it's not currently designed like that, but given we are just talking bits, just because it's not a fully baked system yet, it can't be?
How is an Apple proprietary wallet an improvement over a tiny chip that works in every phone brand?

You're looking for a solution created for a problem that doesn't need to exist.

You get it. And this IS how it works now. You can have 10+ eSIM profiles on your iPhone with one of them active at a time. Just active the eSIM based on the country you are in. No more tracking plastic bits.
> eSIMs are good but it doesn't eliminate the bureaucracy/paper work involved with acquiring an actual network connection

Of course they do, eSIMs allow companies like airalo to exist. Surely Apple moving fully to eSIMs will bring even more competition to this space.

Finally all the carriers in the world will be forced to introduce eSim. Thanks Apple
Finaly OTA. What can go wrong when everybody can program your SIM remotely ?
> What can go wrong when everybody can program your SIM remotely?

That's bollocks. An eSIM module is exactly the same chip as in a normal SIM card - right down to the electric specifications and communication protocols, so you can hook up a provisioned eSIM module to a phone or a SIM card to a device using an eSIM chip and it will Just Work (tm).

The only difference is that the eSIM module is allowing the baseband chip to flash a new set of cryptographic keys, a process that will (usually) require the cooperation of the main SoC to get and transmit said keys.

The only scenarios where an attacker could reprogram your SIM remotely is either a malicious actor in the provider network (at which point there is the question why an attacker would want to reprogram your SIM at that point, given all they can do is give your SIM card access keys to another network) or a malicious actor with an IMSI catcher.

In both scenarios the attacker would require an exploit in your specific baseband and the correct cryptographic keys (or yet another exploit) for the eSIM to accept the new profile... and at the degree of knowledge, hardware and the actual exploits required to get to the point a successful attack requires, your attacker will be a government or an NSO-scale enterprise. And seriously, at that point you already have lost anyway because they have exploits for the OS you're running on whatever device you use, they don't need to deal with taking over your SIM card.

I think that the risk is more about stealing the number more than reprogramming it. If I can move my eSIM to a new phone, so can an attacker.
This is already a problem with regular SIM cards and people social-engineering customer support reps into getting their SIMs provisioned with other people's numbers.

Carrier incompetence will exist regardless of if the SIM is physical or virtual.

> If I can move my eSIM to a new phone, so can an attacker.

No, they can't - there is (at least for modern SIM cards and eSIM modules, see [1]) no way short of decapping the chip to extract the secret keys once they are on the chip, and even de-capping is something that the chip industry has gotten pretty good on defending against.

An attacker would have to request a new eSIM profile (aka, new keys) from your provider to hijack your number, which is an entirely different threat model.

[1]: https://www.kaspersky.com/blog/sim-card-history-clone-wars/1...

I don’t know how you can say they can’t. The eSIM is just a number. An attacker can install it exactly the same way I did: I copy-pasted some numbers from an eSIM provider’s app.

I’m not talking about getting the number from the phone, but directly from the operator.

Yes exactly, thank you.

A lot of phones already support eSIM. Apple will claim they invented it and some will copy the no Sim slot but there are still carriers that don't support eSIM so I don't see this taking off like removing the headphone jack.

Carriers without eSIM support will be dragged into the future if they want it or not.
I love eSIMs I have my main card on it but I rely on a physical card for the company since they aren't issuing eSIMS just yet.

If this happens though, all carriers will be forced their hand. Sometimes it's the only chance

Can anyone discuss the privacy implications here please? I assume to use eSim you'll be required to have a working internet connection - there are still many dark spots in the world. What data does eSim need? Can anyone outline the data structures being sent from my device?

It's still possible to access the network pesudo-anonomously with a physical sim, I can only assume a "selfie to activate eSim" is going to happen sooner rather than later.

What about the OS of a normal SIM that you have zero control off.

In Germany you are already required to ID yourself for normal SIMs.

My father had to download a provider app to access a video call where he had to show his ID.

I think it's a reasonable assumption that if you own an iPhone, you have access to the internet.
Owning a device that can connect to the internet doesn't mean it can at that moment.

We need to stop assuming humans can connect to an endpoint over a network 24/7 365. There are times when you may not be able to, for all sorts of reasons, make a HTTP request at a given moment.

Networks fall over, riots happen, dictators just shut it off. Dangerous precedent to set.

Yea and many authoritarian government can simply block websites and if it happens to be apple asn? I think there should be fallback otherwise its going to be debacle.
You only need an internet connection the moment you're activating the eSIM for the cryptographic keys to be downloaded. From that moment forward it acts just like a regular SIM card.
You'll need to have a connection once when you provision the eSIM. There may be some way in the spec for the device to use the network itself for that connection, similarly to how you can make emergency calls without a SIM card.

But even if you don't have a connection now and try to provision it, I'd assume the phone would just cache the SM-DP code for later provisioning in the background when a connection is available.

Privacy-wise, there is no difference. It gives the carriers more opportunities to be assholes and justify some new hostile requirements due to the switch to eSIM, but once an eSIM is provisioned it behaves just like a physical SIM.

Question: will the new AWS offerings eventually allow us to escape from mobile providers altogether? (I haven’t looked into it and even if I do I won’t understand the details well enough)
I will miss taking it off my phone whenever I want or in extreme cases: Smashing it with a brick.
What would be a specific real world scenario where you would actually smash your sim with a brick?
Changing carriers, mostly.
Well, you can still smash your phone with a brick if you really want to.
The terrible user interfaces of many iPhone apps make me want to do just that.
You should try Android. Their best apps are one tenth of worst iPhone apps.
J2ME was so bad that it once made me throw my Sony Ericsson soap bar shaped cell phone down on the floor so hard in furious anger and frustration that I smashed it, and it felt so wonderful, and was well worth it.
I threw my phone to the wall with full force when I was a kid due an argument over the phone. The screen got wrecked as a result. Had to tell my parents I dropped it accidentally because I can't explain what happened.

In one of my pubescent year, the same incident happened again; But this time, threw it to the ground and glass screen protector ate all the damage except the home button. Remember cutting my finger pressing it.

The final one is back in 2018. Threw my phone and it ended up breaking the wall instead.

Not sure why I've decided to share this. Now it's going to live on the internet/sit in a database forever.
(comment deleted)
Hopefully by removing the SIM tray, they have now enough space to put the headphone jack back.

(bit of sarcasm but I really miss headphone jacks in mobile phones)

Too optimistic, Headphone jack takes so much space, that they can't put it on even ipad pro 12.9" /s
I don't understand this sentiment, instead of pleading with a phone manufacturer to implement certain features why not put your money where your mouth is and, you know, buy any of the pleothra of phones out there that do have a headphone jack.
It's just tongue-in-cheek banter, don't take it too literally. Besides, Apple devices make a sizeable portion of the market and have 'ecosystem' buy-in features that many other phones (w or w/o h jacks) don't have.
Yes, because the ONLY feature I take into account when buying a new device that I carry in my pocket literally every day of my life is how good the headphone jack is.
Because it's not possible. I need a ~5.5" Android phone, with SD Card, OLED, 2 SIM, headphone jack and 3 years of software updates. Not sure there is a phone like that, so I don't know what I will be doing when my current phone dies.
I have more or less the same requirements and the Fairphone 3+ did it for me. Only downside is that spare parts take a long time (3+ months) to be back in stock.
Maybe check out last gen phones that are supported by LineageOS? That's what I'll do once my OnePlus 3 (still getting updates with LOS) dies or is too slow.
The Sony Xperia line up has SD card slots, headphone back, and dual SIM capability. I don't think they have OLED, but the screens get good reviews. Looks like you can expect only 2 years of updates though.
> but I really miss headphone jacks in mobile phones

Buy a USB-C/Lightning to 3.5mm dongle and leave it permanently attached. Not ideal I know.

But one benefit is that the DAC Apple designed in that dongle is so good that the sound quality far exceeds any phone with a built-in 3.5mm jack.

It's very good indeed, but last I recall it measured slightly worse than the built-in 3.5mm Jack in previous iPhones. But it still likely exceeds transparency especially for the form-factor and use case.
> ...far exceeds any phone with a built-in...

This is absolutely not true, there are a ton of phones with better DAC/amp combos than the one on the Apple dongle (and even when the dongle is better, it's frequently not better by enough to be audibly different). Unfortunately some of the best analog audio came on phones that were made by LG who threw in the towel last year.

Have you seen the 13? It is almost fat enough for a 1/4" jack.
Fantastic. Now I will have no easy way to transfer my number from one phone to another.

Currently I carry on my trips a spare phone that I can use to transfer my SIM card to and keep being able to receive various SMS messages needed for me to function at all.

So what do I do after the change?

Stop buying Apple products.
You missed the part where wherever Apple goes everybody else will follow in couple of years.
Yet to be seen. You can still buy a non-Apple camera phone with a headphone jack. There will be choices, perhaps not chic choices.
I can't understand why anyone would want this. Being able to physically swap sims so I don't ever have to deal with carrier customer service is a /good/ thing, especially when it's in the carrier's interest to make this as difficult as possible.
Maybe to avoid sim swapping? Although i am not sure if there would be an alternative attack.
SIM swapping has nothing to do with a physical SIM. It's convincing the carrier to reissue a new SIM and associate it to the previous account. It can be done just as well with e-SIMs - in that case the carrier will give you an SM-DP code instead of a physical SIM.
SIM Swapping attacks are not performed by physically stealing a SIM from someone’s phone. They usually involve having someone who works at the carrier making changes in the system to route calls/data to a different IMEI. Physical or eSIM would be irrelevant in that case.
I don’t have a physical sim in my phone, but I have 8 esims.

As far as I can tell the physical sim slot is just a complete waste of space, I can’t use it anyway without toggling one of my esims off.

If you buy a new phone to upgrade your current one, how easy will it be to get the 8 esims in the new one?
Much easier than 8 physical sims for sure!

The long term SIM cards (Virgin UAE, Three HK, Lifecell Ukraine) with phone numbers I can easily transfer by going on the carrier apps or websites.

But we’re rapidly headed towards a data-only world where the SIMs are essentially disposable, there’s nothing you’d care about transferring except perhaps some prepaid data you have left.

I feel like this is a "cars can't replace horses" kind of debate.
I mean, cars are a great example of a technological advancement that absolutely ruined lots of places around the world:

- city centers, rendered noisy, rotted out of businesses, and replaced with parking lots - rural areas rendered completely car-dependent since roads are no longer walking-friendly - small towns who lost their entire downtown strip because people would rather drive their car to wal-mart - millions of pedestrian deaths worldwide per year because cars make it very easy to "accidentally" kill people

So... I guess the lesson is that it is exactly that kind of debate, and that there are pros and cons on both sides?

I tried to activate an iPhone on an existing Google Fi plan using eSIM, and it was a nightmare. The frontline support is responsive, but can't do anything about it. The specialists I was escalated to were useless, and only reachable by email every day or two.

After a week of this nonsense, it occurred to me that maybe I could start over with a physical SIM card. I chatted with frontline support again, and he said he was positive that would work. (So why didn't anyone suggest that?!) I couldn't use the old card, because it was clearly beyond their capabilities to reactivate a perfectly good SIM card, but I was able to buy a new one at Best Buy and complete the process in about five minutes.

I would have swapped the card in the first place and been blissfully ignorant of the eSIM fiasco, but I somehow had it in my head that the iPhone used a smaller card than the five-year old phone it was replacing. It may not be eSIM's fault, per se, but if the design is dependent on carrier competence, it's fatally flawed, as far as I'm concerned.

You are aware you can have 10 or more eSIMs plans on an iPhone, right? You are free to swap between them as you wish? You are only locked into a single carrier if you purchase the iPhone thru that carrier. Always purchasing and unlocked phone is what solves this.
All of this depends on the good graces of the company that wrote the software, and I don't see how they can be trusted over good ol' physically removing a card and putting a different one in. Especially when they have a track record of being abusive to customers.
I am very worried about this.

While I love (and sometimes use) eSIMs, the physical SIM has a huge advantage in that it gives me freedom. It's the revolution that GSM brought: just take your SIM and move it to a different phone. No permission required.

Arguably we've become slaves to ecosystems of either Apple or Google at this point, as pretty much nobody uses a phone as "just a phone", you need to have an account with one of those behemoths in order to use just about any app. But still. The physical SIM is (was?) one of the last remnants of the freedom we had to switch phones.

I am sorry, but what? You can just remove the association of the eSIM with the telephone and activate it in another. There is no lock in here.
Yet.
The SIM vendor lock in does exist with the physical SIM card already, with the vendor sold phones.
Carriers can also configure physical SIMs to only work with certain equipment.
It exist, yes. But isn't used much in practice (where I live at least). I think it is illegal to charge to unlock them so the incentive for them to exist disappeared entirely.

Which kind of highlighted that it was a dark-pattern that only served to trick customers.

Kind of reinforces the notion that we should be worried...

Sorry, you can't.

The e-SIM provisioning process is under the control of the carrier. They give you a QR code (or SM-DP string) which you scan/enter, your phone then contacts the carrier and after some back and forth acquires cryptographic keys which are stored in the eSIM chip.

There is no way to extract these cryptographic keys and enter them into another phone. Instead, you have to repeat the whole process and get a new QR code from the carrier. They may charge for this, or just be a pain in general and make it difficult or refuse for whatever reason.

I can see them taking advantage of this to prevent travellers using local SIMs for example - sure you can delete your eSIM and get a local one, but getting your own eSIM back will be difficult or outright impossible if you're still travelling (they may require physical ID verification, etc).

Could Apple permit you to store multiple provisioned eSIMs on one device, and switch between via UI?
That’s literally how it works… You can have as many eSIMs as you’d like, I currently have 8 on my phone and can choose which two I want to have active at any time.

I’m not sure why nextgrid is constructing this weird technological strawman.

Apologies - I was not aware you can have multiple eSIMs stored. If that's the case it lessens the impact, though switching between phones is still a problem.
Not any more than with regular physical SIMs, if your carrier wants to be shit they can lock a physical SIM to a specific device too.
True - my point was that the carrier can't prevent you from physically switching SIMs and locking them at the network-level to an IMEI would cause backlash as it would break long-established conventions.

With eSIM, not only are they in control of switching eSIMs between devices but it also gives them a clean slate to introduce the aforementioned network-level restriction under excuses such as security (though again since they're in control of switching eSIMs they can just block it there or be annoying in other ways - some carriers already charge for reissuing eSIMs despite it being a completely automated process).

eSIMs significantly reduce the friction of switching between carriers and will inevitably force carriers to suck less. Especially in a world where people increasingly only care about data.
> There is no way to extract these cryptographic keys and enter them into another phone. Instead, you have to repeat the whole process and get a new QR code from the carrier. They may charge for this, or just be a pain in general and make it difficult or refuse for whatever reason.

Even worse, in many real cases. Let me give you an example, happened to me this October:

I get a new phone. I browse my carrier's website to find out how to transfer the eSim to the new one, but find nothing. I call them, they tell me it's impossible. I ask them to double check because this doesn't seem realistic - after one day of internal checks, they contact me saying they found a way! I just have to request to be migrated back to a physical SIM (costing me 15 EUR and 1 week of waiting), and when it will arrive I'll be able to migrate it to an eSIM again!

Isn't technology amazing?

This was in Germany, the operator is Congstar, an MVNO using Deutsche Telekom's network.

In all fairness, this is Congstar being shit, a low-cost MVNO. They could also be shit by locking your SIM to the first IMEI they see on their network, so the only difference is that they need to establish a porting process for eSIM but haven't done so.
It is noteworthy that Congstar is a brand of Telekom Deutschland GmbH.
> Instead, you have to repeat the whole process and get a new QR code from the carrier

Utter nonsense. There's no technical requirement to get a new QR code, this is up to the carrier.

Why are there so many people spreading straight up lies in this thread?

Exactly. I did not wanted to respond anymore, as the downvotes discouraged me to continue the discussion. I believe the “they are taking our freedoms!” do gather more attention.

When I wanted to move to a new phone, I simply deleted the data profile from my old phone and scanned the QR code on the new one, as the provider suggested. It just worked.

This assumes the provider wants to be nice and make it that way - yours does in this case. eSIM however gives them the option to make the QR codes single-use and require payment or additional verification before giving out another one.

Some commenters here are correctly saying that the carrier could technically prevent physical SIMs from being moved between phones by restricting which IMEIs are connecting to the network, but that's not usually done and there's an established convention that SIM cards can be moved around. eSIM gives them a blank slate to start over and break that convention without much backlash.

This was my thoughts as well. It seems like we just drove around in a circle and ended up back where we have to contact the provider when we change phones.
There’s still IMEI locks. A lot of prepaid carriers in Europe won’t or can’t sell you a SIM card for a US phone (one man claimed it was due to carriers trying to reduce phone theft). Note, my phone was fully paid for, and therefor unlocked.
With my Samsung Android phone I had to call my carrier's customer support and obtain the unlock code from them. So it wasn't unlocked automatically after it was fully paid for. When I traveled to Europe I just bought a local carrier SIM from a vending machine at the airport.
Automatic unlocks is mostly an iPhone thing. iOS manages SIM locks differently (in fact on modern devices the modem itself isn't even locked, instead it's all done at the OS-level; Apple has a mapping of serial number to authorized carrier(s), to which the carriers can request changes remotely without having to provide an unlock code or requiring any user action).
I've never encountered this, which country are you talking about?
I share your concerns but at the same time I think, why would we even need a SIM? Isn't it simply a device for accessing account on someones system?

We don't have SIMs for ADSL or Fiber internet? We don't have SIMs for Reddit ot Twitter? Why would we have SIMs accessing GSM networks? There's no fundamental reason why we simply don't sign in into these networks like signing in to HN.

Surely, it adds a layer of anonymity and freedom where you simply use the system by paying it however there's an ongoing trend all over the world of de-anonymisation. In many places they are asking for ID and other documents in order to provide you with a SIM.

Physical SIM now means, it's yet another obsolete tech that costs money and takes space inside the devices only to sustain anonymity that is no longer desired.

SIM is just another causality on the way towards the tightly controlled world.

IMHO, it needs to happen at some point but we also need to rethink our rights in a world that is run by these huge networks.

Wouldn't be nice if our phones could have simply scanned for the networks, receive the offers from the available networks, pay and start using it?

Because SIMs require the physical card. You cannot forge a SIM without the SIM itself. There's a physical second factor. Usernames and passwords get leaked all the time, and since Reddit et al are meant to be accessed by multiple devices, device-locking them would be antithetical and anti-consumer.

A phone service is implicitly device-locked (well, doesn't have to be, but it doesn't make sense to allow multiple devices per number anyway). Just using device credentials could allow anyone to log in with that information and use your subscription or pose as you.

As for ADSL or other forms of internet, there is already a second factor - ISPs generally know from which vicinity you are connecting from, and when you log in with your account information in your modem, they can match what's on your account to your physical "drop" and assert that it is at least within the same neighborhood - again, creating a physical second factor. This is also why your internet service generally needs to be "moved" whenever you change your residence.

A SIM card allows the freedom as the GP mentioned, without requiring someone from the centralized authority to process the request somehow.

There is a huge difference if you think about it for a bit.

I think you are confused. SIM cards are not a second factor. SIM swaps are proof of this.
SIM is the second factor when it comes to proving that this device with this physical SIM is indeed accessing the network.

Fraudulent SIM swaps are attacking a different layer of the system, they are social-engineering underpaid idiots to associate a new SIM with a given account & number.

You could in theory social-engineer a bank to reissue someone's payment card and somehow intercept it in the post or steal it from their mailbox. That doesn't mean chip & PIN is insecure.

(comment deleted)
But Esim already exists. Nobody needs to steal your SIM card to start using your phone number.
And from my understanding, these social engineering and sim swap problems are mostly ( if not all ) US specific. I have never heard anything near the order of magnitude of US sim swap from any other country. Most countries have Personal ID that are required and issued by government as verification. But even places like UK will require address and Driving License / Passport proof along with security questions.
> But even places like UK will require address and Driving License / Passport proof along with security questions.

I was a phone store monkey in the UK a few years back and a dedicated attacker can absolutely bypass this: https://news.ycombinator.com/item?id=29714400

I can only assume it's not more common because other scams are more profitable and/or not enough targets (banks, etc) use SMS 2FA as their only method of authentication so a SIM swap wouldn't give you much.

SIM cards are famously the weak link in the 2FA. They have all kind of security issues as they are computers themselves.

The way forward is to get rid of the SIM and access those carrier networks through credentials, ideally I would love to see it as a cryptographic receipt that you get from your payment provider and pass it to the the carrier as a proof of right for account and usage of their networks.

SMS-based 2FA's weakness is not due to SIM cards. It's due to carriers being shit.

SMS-based 2FA is not exploited by breaking any cryptography or exploiting some software vulnerability. It's by "asking nicely" the carrier's customer support idiots to associate a new SIM to the target account & number.

Replacing the SIM with username/password wouldn't do anything - instead of the attackers having to associate a new physical SIM they'll just associate a new set of credentials.

Those SIM engineers should build other unhackable systems too!

Anyway, it's not only social engineering but even if it was it simply means that it's useless for security.

Just yesterday, a friend of mine got a fringe hacking incident or a bug. We are not still sure if it was hack but somehow the SIM card in her phone identified as another number from another carrier. Who knows what happened, her SIM wasn't swapped it simply think that it's another number as she found out when started receiving notifications about her new number. Maybe it was Apple's bug or something but who cares, the physical SIM did not change anything.

> Those SIM engineers should build other unhackable systems too!

They did - see EMV payment cards for example.

> it simply means that it's useless for security.

It's not - SIMs close one attack vector where credentials can't be stolen by malware/bruteforced. Current SIM-swap attacks don't scale well; imagine how worse the problem would be if any Android malware could silently take over your number even after you've wiped the device clean.

The solution is to close the social-engineering attack vector by making carriers liable for any losses, not to remove a different layer of security because it's currently being bypassed by a different flaw.

> Who knows what happened

I doubt it was nefarious, I'll place my bets on misconfiguration somewhere. The telephone network is a massive mess and it could very well be that some carrier/equipment in the path rewrote the caller ID as something else.

> They did - see EMV payment cards for example.

To drive the point home - this is a SIM card: https://upload.wikimedia.org/wikipedia/commons/5/55/Thuraya_... (although you can remove the mini-sim in this revision, originally they were exactly like modern EMV cards).

Again, if you're skeptical of the government itself and allowing them to tap your communication lines, then I understand your hesitation here (although 2FA won't protect you against warrants), but outside of that it's actually simple incompetence of the carriers - SIM swap fraud attacks are common in North America but surprisingly fewer outside despite having the exact porting capabilities, probably because there's a waiting period (usually 48 hours) enforced where the current holder of the SIM card gets warnings about the impeding deactivation in other countries. Annoying if you lost your SIM card, sure, but is much better than having an unauthorised person getting a shiny new SIM card without warning.

> probably because there's a waiting period (usually 48 hours) enforced where the current holder of the SIM card gets warnings about the impeding deactivation in other countries

Not sure what's going on in other countries, but back when I was a phone store monkey in the UK this was not the case. A SIM swap could be done immediately and the previous SIM doesn't get any notification. If I remember right we needed to check ID, but we had no way nor proper training to tell a potential fake ID, nor what counts as an acceptable ID (the UK doesn't have mandatory ID cards, so a lot of people don't have ID) - I would defer to my manager in this case but I'm pretty sure the whole process was really at their discretion and whether the whole thing "feels" legit. Making it look like we'd get a sale is an easy way to sway the odds in your favour (we'd need to access the account anyway to make the sale, so you can play along and buy a new plan, and once we pulled up the account you can mention "oh BTW I need a new SIM" and we would oblige).

Fun fact: to access someone's account in-store we had to either text them a code and enter it in the web UI (good!) or provide knowledge-based answers such as amount of last bill, some digits of the ID/driver's license number or a security question answer. There was bruteforce protection, but here's the fun part - it was presumably implemented on the frontend only because you could reload the page on the last attempt and reset the counter of attempts! There were no consequences that I know of (neither from the company nor a notification/follow-up with the customer) to locking out an account either.

At least part of the system was Java-based (it blew up occasionally displaying a full stack trace full of PII) and was available over the Internet (there was a site-to-site VPN for the store, but the URL nevertheless loaded on a standard internet connection when I tried it probably due to misconfiguration, so it's very likely all of that was exposed during the Apache Struts or Log4J vulnerabilities).

I think the reason SIM Swap fraud isn't as common in the UK is either because getting the money out is more difficult or because other scams (authorized push payment fraud, scammers pretending to be tech support or tax authorities, etc) are just more profitable.

> There was bruteforce protection, but here's the fun part - it was presumably implemented on the frontend only because you could reload the page on the last attempt and reset the counter of attempts! There were no consequences that I know of (neither from the company nor a notification/follow-up with the customer) to locking out an account either.

Back when I had to use AllScripts EHR software, if I messed up my password three times, I'd just restart the client application. Bam, three more attempts, no need to wait ten minutes.

(I don't know if this is still the case, but I sure hope it's not.)

If you are skeptical of government, live off grid.

Sure are a lot of rugged individuals who can do it all (they claim) yet seem to not notice they hardly accomplish any more than anyone else without the help.

I’m skeptical of other humans period. You’re regurgitating the most reinforced rhetoric in your experience. You’re decoupled from the actual work implementing solutions to these problems, and the ease at which theft and fraud occur without technology.

There’s no such thing as a 100% secure system. Physics doesn’t allow it. Accept it. Lean into your biology to self soothe.

I may mistrust the government but like everything else it’s just people, not a black box.

Come on internet geniuses; open source and hardware are right there for you to make this happen. Get funding. Prove you can do better. Show you’re more than syntactic and semantic drivel.

The collective of people making your phone work are incompetent, says the person whose probably never tried. What a joke.

Do you remember the Syniverse breach?
Yes - carriers managed to find a company even more incompetent than themselves and outsourced sensitive data to them. It doesn't make SIMs insecure. No amount of authentication will help if the party you're authenticating to then decides to send your data to a compromised third-party.

By the way, CDR processing (aka parsing CSV files and figuring out how much to charge - rocket science I know) is also routinely outsourced to the lowest bidders with no doubt terrible security practices: https://berthub.eu/articles/posts/5g-elephant-in-the-room/

> but it doesn't make sense to allow multiple devices per number anyway

Why not? This is a useful behavior that is currently emulated by forwarding calls to laptops and tablets with the same account when the devices are on the same Wi-Fi. You could get rid of the Wi-Fi requirement if those devices all simply had an eSIM with the same number.

Number assignment is handled at the network level. I have the exact functionality you speak of (single number to multiple devices) on my company's good old physical SIMs.

Phones & SIMs don't even know nor care about their own number. The SIM has a field for that but in fact it's often left empty (iOS devices discover their own number by texting a known Apple number and getting the response via the Internet, they'll then populate this field out of courtesy but it's not necessary for functionality).

When a call comes in, the carrier decides which SIM it should be routed to. When a SIM makes an outbound call, the carrier decides which number to set as caller ID.

The functionality you speak of has nothing to do with SIM vs eSIM, it's about carriers having to actually innovate and do some engineering. Their current oligopoly means there's no commercial pressure for them to do so, and there's no reason why they would suddenly do this with the switch to eSIMs.

> iOS devices discover their own number by texting a known Apple number and getting the response via the Internet, they'll then populate this field out of courtesy but it's not necessary for functionality

TIL! Is that why in some countries and some SIM cards my iPhone can automatically report its own phone number (when I look at my own profile under 'Contacts') and in some countries it doesn't do that?

Yes!

Carriers who assign numbers to SIMs in advance could set that field directly. Others, either because they don't assign a number at the time of the SIM manufacture/personalization or just because they can't be bothered as it's not functionally necessary will leave it blank - in that case from my experience iPhones will populate the field with the number they get back from the iMessage & FaceTime provisioning step but again that's not actually necessary for functionality. The field is also user-editable in Settings -> Phone if you wish.

Nextgrid, you're all over this topic providing high quality answers. Just wanted to say thanks for helping justify my still reading HN comments.
> Because SIMs require the physical card. You cannot forge a SIM without the SIM itself

Your SIM provider certainly can issue a duplicate. Also, SIMs can be spoofed.

I didn't say either of those things weren't true. Perhaps I should have used "cloned" instead of "forged" to be clearer. You can't remotely clone a SIM unless you use an OTA exploit or something. It's not the 'normal' case.
But what's the point in cloning a SIM card if SIM swapping is possible without them? SIM cards have shown to have no extra security than an eSIM.
SIM swapping is an exploit of humans. Not of SIMs.
The SIM card is even less secure than a username and password because someone just calls the carrier, reads out some sob story and gets your sim credentials transferred over to them.

The sim is nothing more than an auth token which can easily be duplicated.

(comment deleted)
> I share your concerns but at the same time I think, why would we even need a SIM?

In the Before Times: handy for travel. Having a (e)SIM for your personal number (but perhaps disable data), and when you arrive at your destination just pop in a new physical SIM for local data (and calling).

> We don't have SIMs for ADSL or Fiber internet?

I wish we did. At least for ADSL you can use PPPoE to login into a network with whatever hardware you wish to use instead of the telco's often janky, underpowered stuff. With fibre (GPON) they often lock in the MAC of the optic, so good luck using something else besides whatever is provided. If you're lucky you can remove the SFP module and put it into whatever you want.

This may not be useful for 99% of the population, but given this is HN we're on, I think a lot of folks can appreciate being 'hardware agnostic'.

Otherwise we're back to the 1960s when only Officially Approved™ equipment can be connected:

* https://www.cybertelecom.org/notes/att_antitrust.htm

AFAIK PON based system needs encryption/decryption by ONU because it separates single fiber passively so downlink can be tapped. Encryption key is burned to each ONU.
(All? Most? Many?) ONTs support 802.1X for authenticating network access, which supports EAP. And EAP-SIM is one available mechanism, though usually used on the wireless side of networking.

In Canada, Bell had their "Home Hub 3000" and plenty of folks took out the optic and put it in their own hardware; this possibility was 'discontinued' with the Home Hub 4000, which no longer has a removable optic. There is nothing inherent on the ONT that limits connectivity except the arbitrary telco design choices.

> We don't have SIMs for ADSL or Fiber internet?

Fiber is actually quite complex. Most residential fiber going in today is GPON, and those systems are authenticated by the ONT, which is somewhat analogous to a hardwired SIM. Theoretically, you could reverse engineer the ONT and create your own, but you can expect to get your account closed if they catch you.

Then you have companies like AT&T who also force you to use their godawful routers and actively work to close off methods that allow using your own router.

And if you have metro-E, chances are the ISP provides their own media converter. Doesn't matter that they charge a $12k install fee and $1200/mo (for 500/500 - actual Comcast bill in Nashville, TN), they still won't hand you an SFP+ module.

> We don't have SIMs for ADSL or Fiber internet?

The reason for it is because they are physically provided to your house so it would be redundant, but if that wasn't a case, imagine if we did have SIM for ADSL or Fiber. Getting access to your Internet service wherever you go without extra charges.

> We don't have SIMs for Reddit ot Twitter? > Why would we have SIMs accessing GSM networks? There's no fundamental reason why we simply don't sign in into these networks like signing in to HN.

We have login and password, which are like SIM, but you can memorize them.

Imagine if your access to Reddit, Twitter, HN was tied to your computer, because that's essentially what you're advocating for.

> Imagine if your access to Reddit, Twitter, HN was tied to your computer, because that's essentially what you're advocating for.

You have missed the point. OP is talking about how ridiculous having a physical bit of plastic to log in to the cell towers is. The physical sim provides next to no value.

And it comes at a heavy cost in space inside the phone as well as annoyance waiting for a new sim to ship in the mail. While esim providers email you a QR code and you are good to go immediately.

> Arguably we've become slaves to ecosystems of either Apple or Google at this point

I’m far more worried about the SIM cards than Apple or Google.

Did you know that SIM cards run Java? Or that they can send text messages from your phone directly to the baseband without going through the phone itself? Your SIM is probably sending data to your carrier without you knowing. ( https://scribe.rip/telecom-expert/what-is-at-t-doing-at-1111... )

Get rid of SIM cards and let’s move everything to purely digital number porting. That doesn’t mean you can’t add or change your provider when you travel, it just means you do it through the user interface instead of removing a little card that runs Java and has access to your baseband.

> move everything to purely digital number porting

There's a common misconception that SIM == number. That's not the case. The SIM is simply the identity of your device to a carrier.

> a little card that runs Java

I believe (it's now been a few years since I've skimmed the spec) that the eSIM chip can also run Java and download applets.

Sure, but the sim doesn't have access to the main CPU, main memory, storage, or sensors (without help from an app which can just as easily leak data without help from the sim) I fail to see how it compromises security any more than an eSIM.
The full portability won't be the same across multiple regions, especially internationally. Also, there is a good chance it gets tied to the device/contract you are on, similar to how the phone contracts in the US were a few years ago.
> Get rid of SIM cards and let’s move everything to purely digital number porting. That doesn’t mean you can’t add or change your provider when you travel, it just means you do it through the user interface instead of removing a little card that runs Java and has access to your baseband.

Here a different perceptive on this.

SIM: Great! my phone just broke and I need to call my insurance to get it replaced. Oh lucky I saved my older phone! That is so perfect because I can take the SIM from my primary phone and put it in the older phone. viola it works! all of that take within 5 mins.

Without SIM: Great! my phone just broke and I need to call my insurance to get it replaced. Oh lucky I still have my older phone... oh wait, they don't have a SIM. So I am stuck without my phone for a week and need to have access to my phone now! Wait let me see if I can open my older phone and see what I can do. turns on yay it still works... no cellular signal? Oh right right, I forgot this phone don't have SIM. Oh ok I guess I have to go through the internal app to get it over to this phone. Why this app kept failing?! C'mon I just need my phone to work because I am expecting calls for potential future job that I might get it! two weeks later with new phone at the door Great... I didn't get the job because the mobile company and insurance been dragging this long as possible. All of this might take two weeks.

This is why people favors SIM because it can be taken out and put in other phone within minutes. In other side, people will be stuck without phone for a while because of this stupidity.

> It's the revolution that GSM brought: just take your SIM and move it to a different phone. No permission required.

In virtually all countries sans a couple of dictatorships and other authoritarian regimes, you have many network providers to choose to buy an eSIM from - the US alone has 109 MVNOs plus the five network providers per https://en.wikipedia.org/wiki/List_of_United_States_mobile_v.... You also have the right to have your phone number ported.

When you want to switch your phone and your provider does not allow you to request a new eSIM profile, you can switch both the phone and the provider.

There are many things to criticize about modern phone markets - the lack of a right to root your phone and the lack of portability between app stores (not just purchases, but also stuff like game progress!) are the most important ones - but the switch to eSIM is not a problem at all.

Realistically when was the last time you switched your SIM card? I only change it when i change phones.
Last time I was in SE Asia it wasn't uncommon to see people carrying multiple SIM cards. They were sold cheap and providers were constantly undercutting each other on mobile data. This was almost a decade ago now, but given how Asian variants of phones still have dual SIM slots I'm guessing it's still common.
Asian eSIMs are common now. For example the Thai travel sim you would get at the BKK airport can be purchased online as an eSIM - so you can skip that local queuing and currency exchange experience.

Discloser: I sell eSIMs.

Travel. It’s dramatically cheaper to get a local SIM. Some even come with extra benefits, like a pass for use on local mass transit.
I live in SE Asia and I do this all the time. Pretty much several times a year when I move around. So does everyone else I know here.
I've changed SIM cards twice in the past week. I travel all the time.
airalo is literally made for you.
That's really helpful. I hadn't heard of Airalo. Thanks for the recommendation!
I just heard about it a month ago. Ping me if you want a referral so both me and you get $3 or so.
I have 4 SIM cards from 4 different countries that I need to keep. Mostly because I have bank accounts in those countries and banks either dislike foreign mobile phone numbers or accept them but then are unable to send any 2fa tokens quickly enough to those foreign phone numbers for the 2fa tokens to still be valid.

So, I actually wish I had a quadruple sim phone, as it is I have two dual sim phones to handle this (with one that mostly stays at home).

The viewpoint of never needing to change sim cards is very US centric (or better said, affluent people in a lot of other countries tend to need multiple SIM cards).

Presumably this will be an inflection point for eSIM availability and you'll be able to add all 4 plans to your phone and switch to any 2 of them on the fly.
You can't do quadruple esim, but arguably the experience with 4 esims on a single device is much better than carrying 4 sims.

"You can store more than one eSIM in your iPhone, but you can use only one at a time. To switch eSIMs, tap Settings, tap either Cellular or Mobile Data, and then tap the plan you want to use. Then tap Turn On This Line." [1]

On the iPhone 13, you can actually use two esims at the same time.

[1] https://support.apple.com/en-us/HT209044

I think people like to complain for the sake of complaining. If you bothered to look, eSIM would suit you perfectly. https://support.apple.com/en-us/HT209044
Out of the 4 sim cards I have, only one provider supports eSIM. And yes, I'm aware that some iphones can use dual sim with an eSIM but the HK model which is better is dual SIM (with no eSIM).
Need to send my phone to repair soon, if they say it will take more than a day then I will rent a phone from them. I can put my current sim in their replacement phone in a few seconds. Can't imagine how long it would take with the eSim.

"You don't do it so often" is not an argument for eSims

> It's the revolution that GSM brought: just take your SIM and move it to a different phone. No permission required.

This is not really true:

1. SIM-lock is a thing, where providers prevent you from using the phone with another SIM (because they sold you the phone below cost and you're paying it back through your subscription cost)

2. IMEI lock is a thing too, unfortunately. The situation might be different now but in 2011/2012 it was near impossible to use a local SIM in your phone in Japan because phone providers wanted to sell you a phone with a SIM so you can't use your desired phone.

Is that the fault of GSM the standard, though, or the anti-consumer carriers?
In EU, an eSIM gives you the same "rights" as a physical SIM.

The biggest difference is that a physical SIM gives you a slightly higher level of security, at least in theory (then, phone carriers do a lot to screw this up anyway).

> eSIM gives you the same "rights" as a physical SIM.

What does this mean in practice though? Some carriers already charge to reissue an eSIM.

With a physical SIM you can use the same one until you break it. An eSIM is "consumed" when it is provisioned into a phone and you need the carrier's cooperation to get a new one which gives them the option to charge or just be assholes in general.

Where I live (Germany) this is completely unfeasible and untrustworthy for yet another reason: telcos and ISPs (the big telcos here are ISPs as well). There are not many industries where contract agreements are handled by electronic and manual processes so unreliably, erroneous and intransparently as they are at ISPs and telcos. I wouldn't trust them with managing an eSIM for me ever. Given how important a phone number is these days, again, never. When the simplest processes don't work (point in case: wanted to change a prepaid plan online (should be possible) -- it was not possible, buttons simply greyed out for no reason and/or missing, customer rep totally clueless).
You don't need a google account to use an android phone, there are fantastic open source apps on f-droid, and you can even access the play store without a google account using aurora store. If you have root you can fully degoogle (PITA but gratifying), even without it's a big privacy upgrade to just disable the google apps and log out of google.
I'm actually more worried about a different problem - I don't care about removing the physical SIM slot but I'm really concerned about halving the amount of numbers someone can have on a single device.

Phone numbers are an utterly terrible system. Having to give a single number out to everyone is a stupid beyond belief design that we just tolerate year after year. That SIM-based 2FA exists makes this even worse.

Apple has already shone a light on this and basically shown their customers that having a single primary-key-for-contact circulate to everyone is insane - which is why they now have the private relay for e-mail. I have my own reservations about the relay, but we really should move to single-number-per-contact and make that the norm.

And yes, I realise this wouldn't be supported by the current phone networks, which is why Apple/Google need to be the people to introduce a vendor-agnostic system as a layer above the current phone networks (akin to a private relay for phones).

This is not unprecedented - they've collaborated on a lot of standards before (matter is a recent example that comes to mind).

Multiple numbers is already technically possible and does not require eSIM. It does require the carrier to innovate and actually do some engineering though, and there's no market pressure for them to do so.
Vodafone UK still associates your contract with a phone number. That is, if you wanted to keep the contract and re-associate your phone number with a new contract that is not possible without paying for the remaining months on the contract.
Potentially, but my point is that it's a commercial decision or incompetence (maybe the number is used as the primary key for the contract record?) - technically there is no reason for this.
It’s incompetence driven by the market conditions: nobody on the market can do that and therefore no one is motivated to do that. I can understand that maybe not many customers ever need this too. AFAIK the engineer on the other side of the call said nobody provides such a service in the UK.
FYI, iPhone 13 generation devices already have 2 eSIMs, as in you can have dual standby without a physical SIM. I'm not a fan of this direction but I don't think we're going to lose dual SIM support.
I haven't thought about this too deeply, but I was thinking if you can have every phone come with "free" global network access - just data. i.e. get rid of the current tech for voice calls, so that all phone calls will be over a VOIP type service. And you can't use the phone without an active account with one of the providers that participate in this global access program. Each provider can bill other providers on the backend when a roaming subscriber uses their network.
This is exactly how I imagine it would work, albeit with a standard provision being made by Apple and Google as a starting point, something like a universal federated VOIP (they'll come up with a decent brand name for it obvs). If you're on Android you can get UFVOIP in your Google One subscription, or with Apple I'd assume it would be an iCloud+ feature. And then obviously slick contacts integration at the O/S level so that it's seamless to add a new contact - something like when you want to add someone you click "Add Contact" and it gives you a QR code for them to scan on their device to add you.

This could even generate a new relay e-mail for them in the same process so that a single QR code gives them the name and both a unique-to-them phone number and e-mail address to contact you, and adds it to their contacts automatically.

Sharing of contact details could be done by a side-channel:

1) Someone I already know and trust asks to share my contact details to a third party.

2) I get a prompt on my device asking to confirm I want to connect with this new person.

3) A diffie/hellman exchange sets up a secure channel between myself and this new third party.

4) We both confirm we want to add each other.

5) A unique e-mail address and phone number is generated on each device and sent across the channel to the other party.

6) Both parties have now established a new contact for the other party with contact details completely unique to them.

This would entirely resolve a whole class of issues around data protection/harassment/privacy.

If anyone at any time wishes to rescind contact permission they can just burn that contact link. Sure, you could be contacted via someone else that also knows both of you but there's a massive disincentive to pass along your details without your consent - you'll know who passed along your details because they'll be the same unique details you issued to someone else, and you can freely burn their contact link too.

https://support.apple.com/en-gb/HT212780:

Transfer an eSIM from your previous iPhone

To transfer an eSIM to your new iPhone, you can scan the QR code your network provider gave you, use your network provider's iPhone app or install an assigned mobile data plan. When your mobile data plan is activated on your new iPhone, the plan on your previous iPhone will deactivate.

There’s also https://support.apple.com/en-gb/HT210655: Find out how to transfer an eSIM or physical SIM from your previous iPhone to an eSIM on your new iPhone. You can also convert your physical SIM to an eSIM on your iPhone.

I think phones still can be SIM-locked, but AFAIK nothing changes there with eSIMs.

I just got a new iPhone and transferring a prepaid T-Mobile (US) eSIM from my old iPhone was not supported. T-Mobile say it themselves on their website.

> but AFAIK nothing changes there with eSIMs.

For all the advantages of eSIM, this is absolutely not true.

Oh you think the cookie bs right now is bad for your privacy, can't wait for this eSIM shit show to come to light in a few year, it will be absolute privacy nightmare.
You are sadly already going to have problems with this in the near future anyway :/.

https://www.xda-developers.com/t-mobile-att-require-volte-ph...

> If you have purchased a recent smartphone directly from AT&T or T-Mobile, then you very likely have nothing to worry about here. However, if you’re using an unlocked device or a device on a custom ROM, then you’ll want to pay attention to what’s coming. Since AT&T whitelists devices for VoLTE compatibility, you won’t be able to BYOD to the carrier starting February 2022 unless the carrier changes its practices or whitelists a lot more devices.

Get a Huawei !! It's actually liberating: nothing Google made works on those, so you're forcefully put on a Google diet, it's not Apple, Huawei stuff are only really good if you'in China: you're stuck with F-Droid and the Aurora Store, surviving as you can without ANY integrated ecosystem.

It seems silly but I never felt so free, esp after I turned on an all-blocking firewall that only whitelist the apps I want, when I want.

But it's so easy to move an eSIM to a different phone - if this suddenly stopped you'd get a lot of public backlash, much like if moving a physical SIM stopped working. In the meantime, this works just fine switching eSIMs between devices, so your concern is just hypothetical, or have I missed something?
Could we use that space for an SD card?
Could? Probably.

Should? Maybe not. One goal of removing SIM and headphone jack is to reduce opportunities for water intrusion.

But my phone with USB-C, 2 SIM, SD card and headphone jack is alraedy waterproof. I literally wash it with soap and water to clean it...
Waterproofing is a spectrum (https://support.apple.com/en-us/HT207043), and seals fail over time. The fewer holes from the outside of the device to the inside, the fewer points of failure for the waterproofing. It was an openly stated reason for the move, and the first Apple phones to ditch the jack were the first to hit IP67 as a result.
They just said that to make people feel better. My Samsung A8 2018 with jack port is IP68/IP67.
Sure, and those standards are immersion "up to 30 minutes" sort of scenarios. Do it day in and day out and the seals will fail over time.

Fewer seals, fewer seal failures. (Salt water can be fun on the metal contacts, too.) I expect Apple to go induction-only charging at some point, for similar reasons.

Yeah, but throwing away lot's of good features so that you can keep your phone underwater all day just doesn't make sense.

Waterproofing is possible right now and works for almost all normal use cases. No need to remove features.

What Apple is doing is definitely not for waterproofing.

> first to hit IP67

I don't know why you believe.

The first Apple phones to meet it, yes. I linked the Apple doc elsewhere in the thread about which ones meet which standards.
I think we'll see a big rise in phishing attacks if this comes to pass. Unlike physical SIMs where you can move them about yourself, you often have to call support to change an eSIM. So, mobile companies are going to have to make it even easier to change eSIMs. And it's not like mobile providers are known for security. T-Mobile gave up my personal details to the world along with 50 million others a few months back.
It really makes no difference one can trick the support to deactivate your physical sim and move the number to theirs
Depending on the country they cannot, in mine there are regulations, where they cant/wont move my number without my fingerprint verification and otp verification from an existing device
Presumably Apple executives, by virtue of working for a global company, are more likely than average to use dual-SIM or swap between SIMs when travelling. Don't they see that for a large segment of their existing market not having this feature might make it a deal-breaker when upgrading?
> In China mainland, Hong Kong, and Macao, certain iPhone models feature Dual SIM with two nano-SIM cards. [1]

So are you going to venture that Tim Cook is using an iPhone built for the American or Chinese market?

[1] https://support.apple.com/en-us/HT209086

> Presumably Apple executives, by virtue of working for a global company, are more likely than average to use dual-SIM or swap between SIMs when travelling.

I’d imagine it’s the opposite. Presumably the company pays for their roaming charges so swapping SIMs is a foreign concept for them.

It's most profitable to get people on a weekly/monthly plan and every industry is trying to do this. In the future you will rent everything (phone included), and own nothing.
(comment deleted)
People are saying this is bad because you won't be able to swap phones without relying on the carrier to provision a new eSIM for you. I have the same gut reaction, but with my current physical SIM, I have to install the carrier's app, and there are many phones which don't work with my carrier, despite being unlocked phones and unlocked SIMs. And let's not forget that locking phones and SIMs has been common practice for awhile. So, while I don't have a good feeling about this, I'm not sure that the freedom of choice argument really holds water.
Your mobile network provider demands you to install an app? Thats… unique in my UK based experience. Over here any provider apps are entirely optional and just a convenience AFAIK; and phones you’ve bought outright (or reached the end of the contract period on) are unlocked (or you have the right to have them unlock it).

Thats why this is a big change and potnetially bad news for many smaller UK operators who don’t currently have eSIM support baked into phones

That's highly dependent on where you live though. Never even heard of it in many many years.
I have literally never had to worry about my phone not taking the SIM out of the box. Put the SIM in, maybe reboot, and I'm off to the races. Is this a USA carrier thing??
Not with any carrier I've ever used in the US. Maybe it's a Canada thing.
Don't think so, I'm Canadian and used 3 different carrier. Never heard of this.
It's an AT&T thing in the US. They don't allow non-AT&T locked phones (except for iPhones...) to access VoLTE/wifi calling. It's complete bullshit.
You should be worried because every other phone manufacturer has a nasty habit of copying whatever Apple does.
that's because of carrier companies practices in US. I don't have deal with that bullshit in my country (India)
This is not a good thing. I have an old phone I put my sim in when I go fishing, boating, beach, etc.

Apple keeps making it very difficult for me to want to keep purchasing their products.

One of the nice things about the internet is that IP addresses can't be (legally) tied to the person using it.

Smartphones are personal devices, and without SIM cards a network connection can be tied to the person using it. This is a fundamental change and we should think hard if we want that to happen.

This doesn’t make any sense. The basic assumption of your comment doesn’t correlate with the real world.
>One of the nice things about the internet is that IP addresses can't be (legally) tied to the person using it.

FBI does it all the time. They send in an IP, then we track the MAC to the device. Seen a few arrested based on this.

I'm sure it's not all the evidence they had. You can definitely use an IP to aid an investigation but there's too much plausible deniability for "beyond a reasonable doubt" if all you have is a computer or an IP associated with a crime.
Yes, but what does any of this have to do with eSIMs?
That'd be great for some specific countries or markets. One gateway to a network being removed isn't bad news. More traffic and bandwidth is used by Wi-Fi nowadays.

Just in case that future phone will be connected to a headset or IOT devices, it makes sense to give less priority to GSM functionality.