this post was submitted on 26 Dec 2024
76 points (100.0% liked)

Privacy

32506 readers
791 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I’m looking into getting a flip phone with a separate number so that I can sign up for a few apps that without associating them with ~~the complete identity profile in the data marketplace that is linked to~~ my actual phone number.

To be clear, the apps will still be downloaded and utilized on my primary smartphone. But the phone number through which I receive verification codes during registration will be a separate device.

Has any one done this? Tips for selecting a cheapo phone and prepaid service?

all 46 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 2 days ago* (last edited 2 days ago)

Yes, I do this plenty. I have some SIMs I continue to pay for in cash (pay as you go) so I keep having access to the phone number, and it's not easily tieable to my identity (ie you'd figure out who it was probably through watching CCTV of me buying it which seems like quite a lot of effort, so good enough for people with lower threat models).

I don't know where you are but in terms of selecting a service or phone, I would just walk into a local shop and see what they have on offer. I can't imagine prices would vary that wildly between shops.

Edit: also no need to buy a whole new phone if you don't have a state threat model and just want to make it harder to track you for eg data mining corpos. You can just swap out the sim in your normal phone to receive texts then put your regular sim back in afterwards. Or if you have a dual sim tray. You could also anonymously buy an esim so it doesn't take up a physical sim slot.

[–] [email protected] 2 points 2 days ago

Prepaid is the same as Postpaid in my country (USA). I can't speak for your country, but here, banks accepted my prepaid number just fine. My Google Voice (VOIP) number, however, got rejected by my bank. So banks here seem to treat prepaid as just a normal number.

The only way to test if that work is to buy the cheapest plan and try it. Don't give up if it fails, sometimes you get a number that was misused by the person who has it before and they got the number flagged, try again by contacting customer service of your cell service and requesting a number change.

[–] [email protected] 1 points 2 days ago (2 children)

Yes, I created an entire fake identity with it that I'm now using here so I can say what I want without worrying about loosing my job.

One thing to keep in mind is that most prepaid providers require you to use the phone every once in a while, or you loose the number (don't ask me how I know and don't ask me what happens if I forgot my password)

[–] [email protected] 1 points 2 days ago

That is good advice, thank you! Is there a particular brand you’d recommend (DM me if you don’t want to share publicly). I was looking into a few major retailer flip phones but they both required the retailer to scan it for activation and I wasn’t entirely sure what that does tracking-wise, so I stopped to do some more research.

[–] [email protected] 1 points 2 days ago (1 children)

But Lemmy doesn’t require a phone number? Unless you’re saying you used the phone number to register an email, then used that email for Lemmy. I have a hard time believing your job would jump through that many hoops to track down your Lemmy comments. Seems like it wouldn’t be worth their time. Maybe the NSA.

[–] [email protected] 1 points 2 days ago* (last edited 2 days ago)

I assume they mean that this Lemmy is part of their fake persona, so maybe links to another social media account they use for this persona, or an email address, or the personal details they mention in their comments matches with their fake persona's personal life and not their real personal life. But yeah seems like overkill if your threat model is only your employer, unless you're employed by some military intelligence agency, in which case it's probably not enough.

[–] [email protected] 1 points 2 days ago

Yup, it works in the Czech Republic and it's fully anonymous. How would they know it's prepaid?

I use phones from e-waste, 2G still works here so there's plenty of Nokias (even 3310-like ones) I can use.

[–] [email protected] 17 points 2 days ago (2 children)

A bit out there, but I plan on doing this soon:

  • Get a SIM
  • Grab an old Android phone
  • Relay SMS to Matrix via the SMS bridge

I already use Matrix bridges for Signal, Discord, IRC, etc, so this means the number is never tied to my location, but I can use it for things like banking 2FA.

[–] [email protected] 1 points 2 days ago (1 children)

Umm, how does this protect your privacy?

SMS messages don’t include your location. The cellphone towers know your location. Getting a transmission from sms to matrix means it’s going from old phone over the Internet to a cell tower to your real phone/or cellular enabled laptop.

[–] [email protected] 1 points 2 days ago (1 children)

The provider of the SIM on the old phone who provides the phone number, and data brokers associated with them, will never be able to associate that number with my actual location, because the old phone will be in a static location.

The provider of the SIM in my main phone will have a number that is never used, and it's location can never be tied to the number that is actually used because the old phone relays VI's matrix.

Is it better than avoiding SMS altogether? No. Does it obfuscate? Yes.

I also plan on having VNC on the old phone for running banking apps that GrapheneOS may not support in the future.

[–] [email protected] 1 points 2 days ago (1 children)

That’s, not defeating anything.

Your actual location is still being sold. They weren’t tracking you through sms in the first place. The phone company doesn’t need you to make phone calls to know where you are.

Data brokers share data. All that changes is that you are now worth €0.015 vs €0.010.

Your plan is a lot more effective if you just ask for paper statements from your bank and keep your cellphone at home. Or just turn off your cellphone and check for messages and VM like the ancients used to do on occasion.

[–] [email protected] 2 points 2 days ago (1 children)

Your cell phone company associates SMS with your location all the time, and sells that data to brokers who overlay it with app data associated with a phone number.

I'm not sure what you're not following. Just because another provider has my location, doesn't mean a broker can associate that location to a phone number on another provider (and thus connected apps).

[–] [email protected] 1 points 2 days ago (1 children)

I’m not sure what you are t following. They’re associating your location with your phone number non stop. The sms message is just you sending a message.

Another provider has you location, another broker can pay for your information. Brokers clean up all the data they receive and match it to specific individuals. That’s how they do their job.

Broker 1: hey got any data on person01?

Broker 2: hey I got data on person01, how much you willing to pay?

Broker1: sweet, I’ll pay this much.

[–] [email protected] 1 points 1 day ago (1 children)

OK, let's do this step by step. We're going to use a prepaid SIM like op mentions:

  • Buy SIM prepaid at Walmart with cash
  • Activate that SIM in a phone at a static location, not your home
  • This is sold to broker 1
  • Buy SIM from normal provider using your CC
  • This data is sold to broker 2
  • Broker 2 asks broker 1 for into on person
  • Broker 1 has no discrete match due to lack of payment data
[–] [email protected] 1 points 1 day ago (1 children)
  1. Broker 1 is stuck with cheaper data on somebody they know exists. The phone is in a static location switched on and proving location data.
  2. Periodically broker 1 asks other brokers for information on people who also are in the same place at the same time.
  3. Broker 2 says they have a match and sells it to broker 1.
  4. Broker 1 & 2 are able to resell much more valuable data on some privacy freak.

Data isn’t some silo locked up. They have data sharing agreements allowing them to look at each others data and pay for transfers of useful information. Their profit comes from making initial collection agreements with the phone companies/banks/stores giving them sole access to raw data.

At the end of the day OP wants to do all of this for his bank’s 2fa codes. The bank that knows who he is and where he lives due to know your customer laws.

Just disable internet banking, paper statements, stops all data from being made in first place.

Cash only phones only work from a privacy perspective if they are your single phone. As a secondary phone they’re just another number on your data broker profile.

[–] [email protected] 1 points 19 hours ago

"Not your home".

And nope again, OP did not mention banks.

[–] [email protected] 10 points 2 days ago (1 children)

You should publish a guide once you do it. That sounds pretty interesting.

[–] [email protected] 9 points 2 days ago

I could, but honestly the guides for Matrix and then for the mautrix (not a typo) bridges are pretty good if you click through to them: https://matrix.org/ecosystem/bridges/sms/

[–] [email protected] 3 points 2 days ago

smspool seems like a much simpler / cheaper solution.

[–] [email protected] 21 points 2 days ago (2 children)

This is standard practice for me. You don't even need another flip phone. Most phones come with a dual sim tray. I keep the 2nd sim in my phone and keep the sim switched off in the settings. I do all signups with this number.

[–] [email protected] 1 points 2 days ago (1 children)

Got flip phone recommendations?

[–] [email protected] 1 points 2 days ago

Nope. I've never used one.

[–] [email protected] 5 points 2 days ago (2 children)

This is the answer I was looking for! Thank you!

[–] [email protected] 3 points 2 days ago

The IMEI number on the phone is essentially locked to the device, swapping sims won't change it. So a phone activated under your real name on one network could technically get traced back to you even when using a different SIM card.

Also, carrying a phone with both SIMs active is completely unprotected from correlation attacks by anyone with access to the cell tower data. It'd be blatantly obvious that the location of one SIM is the same as the other all the time.

All depends on the threat level you expect, but if you're worried about a VOIP account being compromised to get your real number, you are talking about pretty sophisticated actors.

[–] [email protected] 8 points 2 days ago

Just be careful about the sim expiring. Each network will have its own rules. The sim I have stipulates that it needs to be topped up at least once every 6 months and a call or SMS sent every 3 months to keep it active.

[–] [email protected] 6 points 2 days ago

i've been using prepaid for almost a decade now and i only buy $100 androids with the latest release and i use my voip number for everything.

i started doing the prepaid plan because i don't always renew each month since i only need the data connection and i'm almost always at home. the $100 androids are a thing for me because i'm klutz with all personal electronics. so it's more like i accidentally stumbled upon this form of privacy rather than seeking it out from the onset.

[–] [email protected] 2 points 2 days ago

I don't see why it wouldn't work. Just VoIP numbers often get rejected.

[–] [email protected] 20 points 2 days ago (2 children)

Honestly, if you don't want a separate device, I'd sign up for a VoIP number. I use voip.ms, it's a dollar or two a month for the number, and you pay per minute and per text (about a penny each, IIRC). You can forward calls to your primary number, or set up a SIP app (I'm using one called ZoiPer). I usually load it up with $20 per year or so.

[–] [email protected] 20 points 2 days ago (1 children)

A lot of services block known voip numbers. I remember my Google voice number not working on a lot of sites

[–] [email protected] 3 points 2 days ago (4 children)

I use Google voice for everything so I wonder which you’re thinking of

[–] [email protected] 4 points 2 days ago (1 children)

Lots is US banks reject VoIP numbers.
Discord rejects them as well but I doubt many here use it.

[–] [email protected] 1 points 2 days ago

I don’t use it for those cases. Mostly use it when I don’t want a website to have my data. I use my real one for gov and banking

[–] [email protected] 7 points 2 days ago

GV doesn't work anymore for many services, such as banks.

[–] [email protected] 4 points 2 days ago

I can’t remember at this point, as google stealthily reclaimed my number at some point because the decided it wasn’t being used enough

[–] [email protected] 2 points 2 days ago

Possibly the public ones, that don't require an account or payment.

[–] [email protected] 3 points 2 days ago (1 children)

The problem I have with this is that it still links to my primary number through data profiling. Seems like a good option if I just want to keep my personal number separate from my work clients. But for data privacy, idk.

[–] [email protected] 3 points 2 days ago (1 children)

Through data profiling? Not sure what you mean.

[–] [email protected] 1 points 2 days ago (1 children)

Every person has a massive profile (table / database) built all about them. This isn't conspiracy. This is big business. There are a few data brokerage companies focused on people:

-Acxiom (worlds biggest broker, pretty much every piece of junk mail you get drives from a company purchasing data from them)

-TransUnion (credit, such as if you pay the minimum bill or are late on payments)

-CoreLogic (all real estate purchase information)

-FourSquare Labs (location broker which i find to be particularly insidious)

There are also databases built specifically for business entities, such as Data Axle.

And companies will purchase packages from ALL of these data brokers when they want to target a specific audience.

[–] [email protected] 1 points 2 days ago

Ah, gotcha. I kinda figured that was out there, but didn't have names to associate with them.

I guess I'm wondering how a VoIP number would differ significantly from a burner phone. Obviously the burner is more private (assuming you pay cash, there'd be zero way to trace it anywhere). Signing up for a VoIP number with an alias seems almost as untraceable, assuming the VoIP company isn't selling your data?

[–] [email protected] 5 points 2 days ago (2 children)

Depends on country. In the United States, you might look at something like the T-Mobile Connect prepaid plan and the Nokia 225 4G. And yes, prepaid numbers absolutely do work for app registrations. I've been on prepaid for years and had no issues. It's voice over IP numbers that have problems.

[–] [email protected] 5 points 2 days ago (1 children)

A way around that is to port a prepaid number to a voip service. I've kept old numbers that way when moving

[–] [email protected] 3 points 2 days ago (1 children)

I have been thinking about going with JMP chat and if I do that's probably what I would do just port my current number to them so that I don't lose it since that's my primary number and I don't really want to deal with getting a new one and giving it out to everybody.

[–] [email protected] 2 points 2 days ago* (last edited 2 days ago) (1 children)

Get a prepaid with an eSIM with AT&T/Rogers (or any of their MVNO's) for maximum compatibility; cheapest the better. You need an eSIM compatible phone. You can verify this through the carrier's site from your phone.

Only need the IMEI and Account number essentially

Port the number to voip.ms

Do whatever you want with that number for like pennies a year.

VoIP.ms has an SMS app for android that I know of

[–] [email protected] 1 points 2 days ago

Even if it's more expensive, I will probably go with JMP because it's open source and open source to me is a hill I am willing to die on. I do absolutely everything I possibly can to use only open source software at any time that it is feasibly possible to do so.