Disclaimer — all the tools mentioned in this article will be useful mainly for people in Central Europe, especially in the Czech Republic and Slovakia.
In my previous blogs, you may have read something here and there about internet privacy. I explained a little bit about cookies, browser fingerprinting, I compared different VPN services or browsers.
This time, however, I decided to apply privacy beyond the Internet — specifically to phone numbers. I think that those who are interested in privacy on the Internet can find their interest here as well – the Internet as such is not everything after all, and curious eyes or ears lurk in the GSM network environment as well.
And again — you won’t find any “bests” in this blog. You won’t find here a tip on the best operator, the best SIM card or the most impressive way to anonymise yourself. You’ll only find relatively common and simple options that you have that might be able to help you navigate the world of phone numbers intelligently. So let’s get to it.
Thousands of SIMs (and phones) a week
The basic hack for phone numbers is, of course, not to use the same number for everything. This should hopefully be clear.
This philosophy involves using one SIM to buy shoes, another SIM to register on the XY site, etc. You probably understand the principle.
However, anonymity can be quite a problem in this case. As you probably already know, most countries in the EU require mandatory registration of SIM cards on either an ID card or a passport.
However, there are still countries (such as the Czech Republic, the UK, the Netherlands or Lithuania) where it is possible to buy an anonymous SIM. I would therefore recommend getting an anonymous SIM card in one of these countries.
Personally, in our area, I recommend the Czech O2 SIM card with a Ukrainian package, which is probably the best you are able to buy anonymously.
However, if you only want to use a certain number for purchases or to register on the web and you don’t want it to be linked to your identity, you have a problem – you have to put it in your phone, which is also not linked to your identity. If your phone has ever had a SIM linked to your name, or if you paid for your phone with a card and had it delivered to your address, you can easily de-anonymise your new “anonymous” SIM by sticking it in your phone. Why? Simply because the mobile operator already knows the IMEI (International Mobile Equipment Identity) of that phone and has simply linked it to your identity.
So you need a new phone.
For the needs of calling/receiving SMS you will need an ordinary piece of rubbish for pensioners, which you can find on Alza for up to 20 euros. Of course, you can order in another name, pay by cash/credit and not have it delivered to your home address, but pick it up in a box or in a shop. If you really want to go to the extreme with anonymity, you can ask another person to come to the store to pick up the phone for you (and you won’t be caught on cameras when you go to pick up the phone).
To make it not too easy, even a phone used in this way may not remain anonymous for very long. And why is that? Well, if you carry and use an anonymous phone with an anonymous SIM card repeatedly in the same places (e.g. your apartment and its surroundings), the mobile operator can easily predict who you are. The operator simply sees the IMEI of the same anonymous phone that is on the same route every day. Unless you happen to have a cheap piece of rubbish from Alza but even a phone that can connect to your home Wi-Fi network, you can forget about any anonymity.
So achieving anonymity in this style is extremely difficult. One solution is to buy lots of SIMs and lots of phones, use them in different places, and keep an eye on what phone and what SIM was used where. You can fiddle with it a few times, but as a solution to all your online activity it’s probably not – so at least I wouldn’t call it a smart solution.
Having a SIM at home for such and such use doesn’t hurt. Personally, however, I’m not a fan of the theory of thousands of SIMs and phones.
Anonymous phone
If you want to get a phone that will be your primary device and not just a “trashy” SMS receiver, I recommend the same purchase and delivery procedure. For an iOS device, you can’t avoid registering/connecting to AppleID, and you’ll also need a phone number for authentication.
Again – it will be handy if this number is not tied to your identity, but again, no need to be unnecessarily stressed. Personally, I find the AppleID phone number to be much less of a problem than a SIM card with my identity on it, which I carry with me at all times and whose location is therefore visible to the mobile operator. If someone wanted to link your identity in this way, they would have to do cross-checking between Apple and the mobile operator, which is not that easy. Among other things, I recommend having an AppleID in a made-up name and in a separate email.
For an Android device, I recommend first checking if it can be re-flashed with a FOSS secure OS (e.g. GrapheneOS or LineageOS) and if so, do that 🙂
What to do with an old phone number – when we don’t want to leak the location
Of course, we probably don’t want the mobile operator to know our location, but at the same time we don’t want to buy one mobile phone and one SIM card a day. Therefore, SMS forwarding can be an ideal solution.
SMS forwarding is the process of automatically sending incoming SMS messages to another phone number, email address or other device.
There are several options for forwarding SMS depending on the type of device and service used. For example, iPhone users can forward SMS/MMS messages from their iPhone to other devices using the Text Message Forwarding feature. While this particular case doesn’t really blur your digital footprint, you can get a rough idea of how it works.
Many times, all it takes to keep a mobile operator from having your location is to “forward” your messages to another phone number, or to an email, or even to the Matrix using a bot. There are many mobile apps for this – just google and see which one suits you. Many of them support, among other things, call forwarding, which will definitely come in handy. All you need to make it work is to have a device on a charger with the SIM card whose incoming messages we’ll be forwarding and the device to which the messages are arriving tucked away. That’s how simple it is.
If you have the option, a GSM gateway can be used for this purpose, among others.
In this way, we can also play around with a phone number that is linked to our identity (e.g. a number for a classic flat rate from a mobile operator) – if we want to use the number all the time, but we do not want to reveal our location to the GSM network by carrying a SIM card with us all the time, this is the ideal choice.
However, there are some disadvantages to this approach. First of all, it is possible that traditional operators may decide to block the registration of your number with the VoIP client/GSM gateway. Something like this is the privilege of the so-called “banana operators”, which can be found in Slovakia or the Czech Republic, among other places. These include Vodafone, among others. However, this problem can be solved by using a VPN.
What a VPN doesn’t solve, however, is if you want to call someone from your VoIP number. For example, a disaster can happen many times when the VPN doesn’t allow port forwarding (in practice, it looks like you dial a number and after a few seconds it hangs up on you). If this happens to you, you can use a VPN that allows port forwarding, or choose Skype.
A slightly more conspiratorial theory to explain the cause of this “hang up” is that it is also blocked by a “banana operator”. The theory takes into account a situation where, for example, you have a working eSIM (e.g. from KeepGo) on your mobile with a VoIP client that has a contract with similar “banana operators”. If you decide to call someone from your VoIP number, the mobile operator with which your eSIM has a contract may cancel the call (and therefore hang up on you).
Whether the issue is a conspiracy with the eSIM bypassing the VPN or the VPN being incapable of forwarding, a situation like this can really trouble a lot of us, so you need to think carefully about your choice of eSIM, your choice of VPN (if there is one that can solve this), and whether you really need the ability to make calls from your VoIP client.
To give you an idea, this is what registering and setting up iOS accounts with Zoiper VoIP client might look like (Zoiper supports both IAX and SIP protocols, but only with SIP protocol you can subscribe to the so-called “push notification”, through which you will receive incoming calls even if the Zoiper application is not actively running at the moment):
Call forwarding to Skype
If we don’t like forwarding calls to the VoIP client and find it too complicated, we can leave it that way. But what do we do if we are left with SMS forwarding only?
A solution to this problem can be, for example, a number forwarded to Skype. Via Skype you can buy a VoIP number to which you can forward your current number. It will cost you about 7 euros per month/20 euros for three months/50 euros for a year. There is certainly an anonymous way to purchase, but you don’t need to deal with it if you’re only concerned about hiding your location in this case – you can link it to your Microsoft account.
Microsoft won’t know your location but it will see your IP – if you’re using a VPN, it will only see the VPN endpoint you’re using.
However, Skype doesn’t support Slovak numbers – it only supports Czech numbers. Additionally, beware – if you buy a VoIP number on Skype, you have a wide variety of countries to choose from – however, many mobile operators will not allow Slovak or Czech numbers to be forwarded to a non-Slovak or non-Czech number (so you need to buy a Czech number as Slovak is not supported). In addition, you pay the same for forwarding as you do for calling; even with some operators, such forwarding does not count towards “free minutes”.
Another disadvantage is the impossibility to forward SMS – that is why it is necessary to use SMS forwarding.
Portable hotspot
Obviously, from the point of view of a location not leaked to an operator, it’s always ideal to be connected only and exclusively on Wi-Fi (not home Wi-Fi, of course), and a portable router or a hotspot from another device will come in handy for that. But what about a SIM router? In what way is it safer to stick a SIM in some other box than in a mobile?
First of all, we can set our own VPN on the portable router, which ensures that the operating system of the phone on which we have the VoIP client cannot “bypass” the VPN (e.g. thanks to the autonomy of the SIM card that is in it, or thanks to its baseband processor), similarly to what (very) theoretically did e.g. eSIM in the conspiracy case, if we wanted to call a contact from our VoIP number and the “banana operator” cancelled the call.
Another important point is also that in the case of a hotspot internet connection, it is the IMEI (and IMSI) of the hotspot that is in contact with the mobile network – not the IMEI of your mobile device. And that’s an advantage, since your hotspot device only connects to the internet and doesn’t hold as much sensitive data as your mobile phone.
Even though the hotspot device collects significantly less data about you than your mobile phone, there is still a problem – can’t the operator make a tracking device out of your hotspot thanks to your IMEI?
Yes. But not if you’re using a device that supports changing IMEI.
One of these devices may be, for example, the classic Nokia 8110 4G “bananaphone”. However, those who would prefer a real router instead of a mobile hotspot can use e.g. the Mudi 4G LTE device (GL-E750). Just download the blue-merle module on it, which allows either completely random IMEI randomization or deterministic IMEI randomization, where the IMEI generated by the pseudo-random generator is always the same for a given SIM card IMEI. Details can be found on the GitHub of blue-merle itself.
However, it should not be forgotten that changing the IMEI is illegal in many countries around the world. Before you do so, be sure to check the legislation of the country where you plan to do so.
For example, this is how the procedure of changing the IMEI on Mudi can look like in the terminal via ssh after installing the blue-merle package.
Life without a phone number
Forwarding your texts from your old Android and having your number linked to Skype is easy. But what about your main device? Life without a phone number? Is it possible?
In short – yes. In terms of a non-leaky location, it’s always best to be on wifi, or making a hotspot from a device where I can change the IMEI. However, not everyone is always willing to lug extra devices with them. The data will come in handy from time to time.
The solution to this problem may be an eSIM, which is now supported by many mobile phones. The main advantage of eSIM is that you can use data without being assigned a phone number. In addition, many eSIM providers accept crypto (e.g. Bitrefill or KeepGO) so that the payment can be made anonymously. It should not be forgotten that even an eSIM purchased anonymously in this way should also be exchanged from time to time to prevent you from being deanonymised.
On the other hand, for those who would like to enjoy the benefits of an eSIM at the cost of a tax on their own privacy, KeepGO’s eSIM, unlike Bitrefill’s, has no expiration period – as long as you top it up with three dollars a year, it doesn’t expire.
However, sometimes you have to be careful with the settings. Many people’s internet over data on KeepGo’s eSIMs have suffered because KeepGo has automatically linked them to an operator with which it doesn’t have a contract itself (e.g., in the Czech Republic, it links you to O2, whereas KeepGo only has a contract with Vodafone or T-Mobile). In this situation, there is no need to panic; the internet should come back up as soon as you select a different default operator in your eSIM settings.
Besides KeepGo, other excellent eSIM providers include SilentLink or MobiMatter.
Emergency calls
Many people without a phone number also worry about whether they can call an emergency line.
You don’t even need an eSIM to call an emergency number – it’s built right into your mobile phone, which just needs to connect to a transmitter.
The SIM/eSIM is only used to verify your identity on a specific network. It also contains your account information, which allows you to either make a call or not. The phone is always theoretically capable of making any call on its own – the SIM, after verifying your identity, only allows you to connect to a specific network.
For emergency calls, no network verification is required. Whenever you make an emergency call, the network connects you directly to the emergency line without verifying your identity, bypassing the function of any SIM. In short, emergency calls are always preferred over anything. You may have also noticed that emergency calls can be made even when your provider’s network is not available. This is because emergency calls can be made through any available provider. If one network is weak, calls will be made through the stronger network that is available at the time. When all the networks are weak, you cannot even make an emergency call and you are, in short, doomed.
Other hacks
SMS
There are many things you can do with phone numbers. For example, if you are sure that you will only use a phone number once to receive one SMS, you can use SMS4Sats. The service will create a fake one-time number for you to receive SMS and you will pay for such receipt in Lightning. In addition, SMS4Sats guarantees a refund if the SMS is not received successfully.
9 sevens
For example, if you are shopping at an online store that wants your phone number (and you are desperate because all the order and delivery information will come to you by email anyway and you don’t know what to put in there!), don’t despair. There’s a simple hack that works for a lot of sellers, which is 9 sevens – if you have a Czech number, it’s +420 777 777 777.
Messengers
We should not forget about the anonymization of messengers that are linked to a phone number, such as Signal. You just need to buy an anonymous SIM card and put it in a phone that can receive SMS (e.g. a Ukrainian SIM card and a junk phone from Alza can be used for this purpose).
In the case of WhatsApp messenger, for example, there are services through which you can buy virtual numbers for WhatsApp verification (e.g. yourbusinessnumber.com). These phone numbers are guaranteed to work with WhatsApp Business. In addition, the virtual numbers are not tied to a physical SIM card or phone, which can undoubtedly bring you a lot of benefits, as long as you use this messenger.
Communication channel blocking
Of course, there is a flight mode, which I recommend to use practically always if you are not on data (no one will call you without a phone number). Flight mode disables all communication channels including cellular networks, Wi-Fi, Bluetooth and GPS (unless you manually turn them on yourself) and ensures that your device will not receive or transmit any signals. Plus, in flight mode, the phone emits reduced EM radiation (which your mitochondria will appreciate) and saves battery life.
If you still want to enjoy the “hardware flight mode”, you can still experiment with Faraday cages (called phone shields). These are sort of bags that block electromagnetic signals and prevent your phone from receiving or transmitting anything. Beware, however, that it’s very difficult to find a Faraday bag that’s universal to all types of phones, so you need to experiment and test – probably the most reliable method is to connect your device via Bluetooth to a speaker, play music, put it in the Faraday bag and close it – then repeat the same with Wi-Fi and data on.
