This is something I’ve been thinking about for a while. I’ve decided to get a Pixel with GrapheneOS as my next phone and I’m trying to decide the pros and cons of putting a SIM card in it. Convenience vs privacy, public wifi with a VPN vs using phone data, etc.
I can’t get a SIM card where I live without ID and I’m looking to reduce being tracked as much as possible. Does anyone else do the same thing?
If I had to go WiFi-only, there would probably be hours-long gaps when I am unreachable. So my compromise is to use a non-KYC data-only SIM. Even if VPN is left off, it routes traffic first to a datacenter far from my actual location, and there is no longer a route for unencrypted calls and SMS and the associated spam. I don’t have a habit of streaming media on the go, so the data lasts quite a while and there isn’t much of an urge to use public WiFi.
Doesn’t fully eliminate the problem as IMEI is still sent and the cellular modem is still a rogue black box, but a step in the right direction. Knowing that the cellular modem can run whatever code with deep privileges as it wishes, I try to keep as little of my business on my phone as I can, with the bulk of my workflow centered around my laptop. Don’t get me wrong, I don’t think this automatically makes me immune, but I do think it’s a neat little exercise. Perhaps one could abstract the problem of the modem by getting a separate wireless hotspot.
My friends and family have accepted that they either need to get Signal, XMPP, or Matrix or I will be largely unreachable. The only remaining need for SMS and GSM voice calls stems from work, which is all handled by my work phone that is powered down, or at least disconnected, once I leave for the day. It sucks that this is not the norm, but it looks like I am quite fortunate that my friends, family, and employer all tolerate this workflow.
Take a look at “IoT” SIM cards, they’re a bit expensive and data-only, but might not be subject to the same KYC regulations.