So let me get this, phone was wiped and a new SIM installed. That article is a piece of garbage. Phones have a IMEI that won’t change, so when she puts the new SIM card it will be identified as the same phone. We also know that Google - let alone authorities - was ways and deals to get IMEIs from Android phones and carriers so… so much for taking a phone off the grid.
It’s not a great guide, but it’s a decent article. The journalist doesn’t understand enough to give advice, but to tell their story. Their adversary was identifying them by phone number, they got a new number and that worked for them. So it worked for their threat model.
They just don’t realize there is so much more to the story.
One key part you missed was that she got used phone, so the IMEI is not tied to her identity. It’s far from perfect execution, but for the stated goal of not being able to be identified by the phone number, it’s adequate.
It’s a fun article, the author trying to dip their toes and removing their identity from the phone.
I think one key here, that the original authors missed, if you don’t want the phone to be traceable, don’t tie it to the cellular network, leave it in airplane mode all the time, don’t even put a SIM card on it. Just use Wi-Fi only with Mac randomization and a always on vpn.
Additional reading:
https://ssd.eff.org/en/playlist/privacy-breakdown-mobile-phones
https://blog.torproject.org/mission-improbable-hardening-android-security-and-privacy/
How is it a phone then?
It’s a portable pocket computer, when attached to a network, it can send and receive messages on encrypted platforms like signal. It could even engage with a VoIP phone service like Google voice or VoIP.MS. it could be the gateway to the world. But it doesn’t have to be tied to your personal identity.
The cell phone network, IMEI, IMSI, whatever, trivially gives your location away. With just a phone number there’s data brokers that will sell your location within meters. We’re not even talking about government surveillance yet.
If you have a phone tied to your identity, and you use it at home, which most people do, and then you get a phone that’s not tied to your identity, but you also use it at home because again it’s a phone and that’s where you are. It’s pretty easy to say oh this is your phone, it’s at the same locations as this other phone many times. It must be the same person.
All of this comes down to your threat model and how much you want to distance identities.
If you use the pocket computer, only over a VPN, only over Wi-Fi, it makes it a lot harder to say oh this is you at this location. Especially if your VPN is a popular one
For security purposes, Face ID and Touch ID are a no-go.
Why? Data is exclusively stored on the phone and it’s incredibly difficult to spoof either method. Unless you’re trying to defend yourself against law enforcement forcing you to authenticate with biometrics (remember to hit the iPhone power button a bunch of times when you’re approached by cops, to turn off biometric authentication!) I don’t see the point.
After using public Wi-Fi, go into Network Settings, and “forget” the network, so you leave no digital trail.
Lol. That’s like trusting incognito mode. There’s a reason to do this (your phone will send out known WiFi networks when it’s looking for WiFi signals, so past WiFi networks can be used by nearby scanners to form a profile), but “not leaving a trace” isn’t it.
All of this work, and then one friend or family member uploads their contacts to WhatsApp/Telegram/Skype/whatever and your number is attached to your phone. Someone stores your name in their contacts and installs some shitty clicker game? That data is now available for purchase.
What removing moet normal identifiers does, is concentrate your identity onto your phone number alone, and now you need to treat your phone number like your social security number or it will all be for naught.
Once they have your name and phone number, the authorities or your carrier can geolocate your phone on demand. There’s a special network command that will make your phone turn on GPS if it’s off, find your location, and transmit your exact GPS coordinates back to the carrier. This is generally used for locating people calling emergency numbers, but many (most?) implementations of this standard don’t require the phone to even be on a call.
Several American carriers have also been caught selling live location triangulation location data to bounty hunters. You set up an account, pay the rather large fee, and enter a phone number. After a short while, the last known location of that phone just appears on the map. The more recent the connection technology, the more accurate the location information will be.
Buy new SIM cards often and don’t share your number with anyone, and you should have a decent chance of not being tracked. Getting a new SIM every week or month is quite expensive, though.
Because of the way it’s used as an identifier, having any kind of phone number is a threat to your “off the grid” device. The best off-the-grid phone is an iPod. You can use VoIP services and a wide range of apps to get that set up. Some services will require a phone number, but if you set them up after driving to a specific place with a burner phone that only turns on to receive the text message, you’ll be able to use those services with minimal information leakage. Staying connected throughout the day is more of a challenge, but a VPN and WiFi/Bluetooth being off by default should help a lot with that.
For almost everyone, you can’t mix “having a normal smartphone” with “living off the grid”. You’ll have to give up either your fancy smartphone or your attempts at absolute privacy, anything in between is an impossible feat.
Privacy on a device that’s connected to the internet and cellural network is bit of an oxymoron. There’s ways to configure it to be slightly less intrusive but not by much. These tweaks are equivalent to taking off your hi-vis vest; you no longer stand out from a mile away but you’re still visible.
How to Take Your Phone Off the Grid: “I set up accounts with […] Apple”. How does this combine?
Nothing, Android nor iOS are never private 100%
you can’t get a sim card anonymously here, and i believe that’s the situation in other places. and even individuals selling their phones make some ownership transfer papers.
it’s very hard to stay anonymous on mobile. our best bet is still desktop/laptop.
Try silent dot link
Where is here?
You can always get a esim and pay with crypto or a prepaid credit card. Airalo etc
But even getting the sim is only the start of the battle. Being on the cellular network builds up a time and location profile of the phone which can highly correlate to an identity / house / activities.
Not to mention once the phone is logged into the network it’s phone IDs won’t change even if you change the sim card / esim.
you can’t get a sim card anonymously here, and i believe that’s the situation in other places.
It varies by country: https://en.wikipedia.org/wiki/Prepaid_mobile_phone#Privacy_rights
In the US you can still get a prepaid mobile without showing ID and pay with cash.
Here you can’t do so legally either, but in some places (one I hear most often is train stations, but seen some in random kiosks) you can get a “gray” simcard registered to another person (I don’t fully understand how, but apparently it’s either sims from other countries or just those purchased in bulk “for a company”). But your ownership of it is dubious, and it wouldn’t really be as reliable as a legal prepaid one.
She doesn’t mention turning off location services. That shit is granular and used as part of the way companies track us.
And even if you turn it off, your location can still be derived by triangulating via cell towers; I’m not sure if that access is widely available or just for law enforcement…. But it I absolutely would not be surprised if it was for sale.
If I were doing this the phone would be turned off when I’m at home, and only used in public or moving in a car; nowhere near my home.
I use InVizible Pro and don’t use apps from Google Play, review and adjust the Permissions of all installed apps (see also Exodus privacy) and put it to the minimum needed. It is very limited the possibility to make a Phone private, less without Root access. Because of this i don’t use it with important data (eg. banking or medical threats)