4mo ago

Questions about an existing SIM card in GrapheneOS

Hi all!

Newbie here on a privacy journey. My current objective is to create a cute little phone that limits tracking by surveillance capitalists, law enforcement, & the state.

That said, the stakes are not particularly high here. I just miss the world I grew up in & find the call of freedom enticing. So this is more of a hobby project for me to be able to put my main phone down and experience a world without tracking again.

So far I have installed GrapheneOS on my old phone. I'm absolutely in love with it and I'm 100% sold on one day even migrating my main phone to it. But thats not my main concern today.

For now, I have some questions related to SIM cards.

I understand that in order to avoid device number leaks (if that's something one cares about) it's important to not have a SIM card in the device and keep it on airplane mode.

However, years before privacy ever mattered to me I already had a SIM card and two eSIMs in this phone. And all of the advice I read talks about NEVER putting a SIM card in, but I have a hard time thinking critically about what that really means for those of us who ALREADY had one in.

If I remove that SIM card and eSIM and carry on using the phone, what are the privacy implications of such a choice?

Likewise, if I leave the SIM cards in but keep the phone on airplane mode is it really all that bad?

I assume at minimum this means that the IMEI number is stored somewhere in some cell tower logs. If the state were to seize my phone they could I suppose link the phone to things I did with my phone or accounts I used back before privacy mattered to me.

But are there other implications as well? Is this phone forever going to leak a connection to my old activity even if I remove the SIM cards, leave it on airplane mode, use a VPN and ensure it never falls into bad hands?

Thanks!

15 comments

If you want no cellular tracking: remove SIM, disable eSIM, switch on airplane mode and disable WiFi-calling if not disabled already.
Yes unfortunately your device has already been "fingerprinted", but with MAC randomization and GrapheneOS' work on preventing apps from checking software and hardware identifiers, I think you'll be fine unless you're going against the NSA. You shouldn't be using a phone if you're up against multiple 3-letter agencies
- That makes sense, thank you! I'm not expecting any issues with LEO so I'm fine. But out of principle and interest I like to still understand what I'm giving up and minimize how much privacy they take from me.
  
  As you noted in another comment, your IMEI number is out and it has already been mapped to your current location. Which means if you travel with this device and security is tight enough, in theory they will be able to find out where you live. They will then probe for associated metadata from there.
  Other than that, there's not much risk as far as I can tell. Clear your list of WiFi networks before you travel and hope Google's firmware for their modem isn't spyware (it likely is though, Qualcomm made it).
It's quite possible that even with the SIM card removed, it's still actively ending up in cell tower logs. At least here in the United States, if you dial 911 from any device, no matter whether it has a SIM card installed and no matter whether it has service or not, 911 is supposed to be able to answer, which means that it must be able to talk to the cell phone towers even without a SIM card installed. You might be able to avoid that by keeping it on airplane mode, but there's no guarantee of that.
- For sure, that makes sense and seems to be mentioned often. I'm curious to understand different risks than that though...
  
  Yeah, I don't have a good answer for that.
I am thinking of switching to graphene as well, but this is the first I am hearing about the risks of having a sim card. Apologize for my ignorance, but how would you get service on a phone without at least an esim card? I'm also interested in a high level of privacy and anonymity (within reason).
- Cell towers can use the SIM card to track your IMEI number which is specific to your device and may link to your identity depending on how you purchased it and your carrier.
  Generally there's no perfect solution to this short of not using a phone. But as a compromise some people opt to never add a SIM card and instead keep their device WiFi-only while always using a VPN, MAC randomization on in settings, and airplane mode.
  Some apps such as simplex allow you to sign up without a phone number for your texting & calling needs. Of course it's not perfect and I assume almost anybody would want a real number somewhere (perhaps on a different device or landline).
  For me it's reasonable to not have cell service on this phone because it's only one of several phones I own.
  
  Thank you for the explanation! So essentially, you use your sim free phone as a very portable laptop.
  I like the idea of having a sim free phone and have a feature phone for cellular service. I miss the aesthetic of flip phones! I would just need to find one that supports hotspot (just in case) and decent navigation.

15 comments