31 comments

[ 2.9 ms ] story [ 70.3 ms ] thread
A guide on anonymizing your phone, so you can use it without it using you
While these are pretty much traditional burner phone guidelines, they don't really work. For instance, when traveling in some countries, you have to e.g. give a copy of your passport when buying a SIM card.
most actually
In the EU this is trivial to bypass via the Roam-like-at-home policy and pre-paid Eastern European sim cards. In the US one is able to order a sim card via mail and while one has to submit PII I don't suspect it is checked rigorously. (versus EU photo ID schemes that cannot be fooled without significant effort and criminal energy)

So here's two of the worlds largest economies out - I can't imagine it's much harder in the "rest" of the world.

I'd consult a lawyer before doing that. Al Capone got busted for tax evasion, not murder. If they want to get you, providing a false identity may or may not become a problem. Also, having the card shipped to your home address makes it super tracable.
There are ways to anonymously receive mail in my country. Surely such mechanisms must exist in the great US of A.
> y and pre-paid Eastern European sim cards.

Unfortunately in much of Eastern Europe you can't purchase a SIM card without showing an ID, for sure you need to show an ID here in Romania. They've changed that relatively recently, I'd say during or just after the pandemic. I don't know about how things stand in neighbouring Bulgaria. In fact, a quick web-search confirmed that Bulgaria also has the same policy.

> You will be required to show an ID document in most stores.

[1] https://maukatravels.com/bulgaria/prepaid-sim-card-bulgaria/

> most actually

So what you'd do is to forget the whole SIM and only connect to WiFis in those bungaloos or wherever you're staying in your travels.

I don't know the legal specifics, but in some countries I've noticed all public WiFi requires PII. It's become more and more common. I mean you can still find open ones at like small hipster coffee shops, but it's to the point where it's quite rare/inconvenient

You usually know if a country's wifi will be a pain in the ass by going to a Starbucks and seeing their wifi portal. Some places you need nothing and some they want a birth-certificate/blood-sample

> I don't know the legal specifics, but in some countries I've noticed all public WiFi requires PII. It's become more and more common.

I wouldn't bother thinking about this in Europe already due to the free cross-border roaming. But for instance in Southeast Asia, it was pretty common that all the bars and whatnot had a WiFi that was granted to you with a mere password, although guesthouses' WiFi was to my memory linked to your room registration. And there were still a lot of WEPs and whatnot, and the cyber crime is booming there anyways so the requirement to disclose your details sounds like a security theater anyways.

At least here in Poland you can buy a sim card no questions asked, but it will not work until you register it - an action that requires you give up PII, including a valid PESEL[1].

I assume the legal basis for all of this is "terrorism!", which would imply that cheating on this could result in... nothing enjoyable.

[1]: https://en.wikipedia.org/wiki/PESEL

> it will not work until you register it - an action that requires you give up PII

what i meant.

> I assume the legal basis for all of this is "terrorism!

the "low hanging fruit of terrorism" aka nuisances, but yea

Except that changing your sim card doesn't anonymize you because your phone still has the same IMEA number and that's logged as well. That's just a joke you see in movies.
Yeah you need to physically twist the phone and break it in two halves! /s
And throw it in the nearest trashcan without looking at it.
This.

Came here to comment this.

Additionally, Apple has on-firmware-level trackers implemented. So the use case of avoiding governmental oversight is already defeated by deciding to use an Apple device.

So reusing an old Apple device is pointless advice, because they're still linked as contacts in Gotham. And forget newer iPhones, which have GPS always active and already integrated their parts authorization network stack that sends all the identifiers of those parts to Apple's service. Forget Samsung, too, as the Mexican incident showed.

Honestly the article is kind of bad advice all around when it comes to the phone.

> reusing an old Apple device is pointless advice, because they're still linked as contacts in Gotham

What if I buy a used one with cash?

You still don't control what's installed on the device, which is the core problem behind owning an Apple device. You effectively don't own it, you only own the license to use it which can be revoked any time, remotely, by Apple.

Also can't change the IMEI as grandparent comment already mentioned, which means that the movement profile (aka your flat, your workplace, etc) is still there, everywhere, for governments to see. Can't really disable GSM/GPS module, because it is still active even when your phone is shut off.

Interesting. It is possible to disable GPS on Android. But yeah - cell towers will still know roughly where you are.
What Mexican incident?
> What Mexican incident?

[0] https://www.reddit.com/r/samsung/comments/16pgliq/samsung_bl...

[1] https://www.youtube.com/watch?v=Ln4rsxWq3WM

[2] https://www.silicon.co.uk/mobility/smartphones/mexico-orders...

[3] https://linustechtips.com/topic/1537307-android-phones-disab...

They tried to stop "illegally imported devices" from working, but basically killed/bricked all devices that were sold privately as well as all international phones that were e.g. used by tourists or visa workers. But now the cat is out of the bag, Samsung having a remote administrative toolkit implemented on all of its Galaxy devices (at least). Samsung was not the only vendor that did this. Motorola, Oppo and ZTE did that, too.

Oh dear. And my bank somehow thinks that putting both the bank app and the verification code app on these rootkited malware devices is A-OK.
According to them, it's the pinnacle of security. Just to be clear: "security" means "against you"!
One way to actually achieve is to use AweSIM service from Purism.
> Post-setup, disable Bluetooth. This is important because Bluetooth signals can be intercepted by third-party devices within range, and that allows hackers to access sensitive information, such as your phone’s contacts and messages.

Yes, dem hackers who type really fast on the keyboard to get into the FBI. They can totally steal your contacts that you shouldn't have on this phone anyway purely by Bluetooth being enabled. /s

On a serious note, you should disable it, but it's more due to tracking than some elite hacker stealing your data.

> opt for a six-digit security code

Even better: use a code with n digits, where n is something other than 4 or 6.

Better even use a long password 15 characters or more
This is someone larping as a security professional who has watched too many movies...
This is BS. You can't anonymize a phone! Even if you could, you would need a voice synthesizer to use it, too.
Instead of an iPhone, use a Pixel with GrapheneOS.