arrow-left arrow-right brightness-2 chevron-left chevron-right circle-half-full dots-horizontal facebook-box facebook loader magnify menu-down rss-box star twitter-box twitter white-balance-sunny window-close
Managing your privacy: Cell Phones, pt. 1
5 min read

Managing your privacy: Cell Phones, pt. 1

Managing your privacy: Cell Phones, pt. 1

Note: This post is written from a US perspective.  Some information may not be the same in other countries.

Cell phones are an integral part of modern day life and for good reason. Communicating with your family from across the world in the blink of an eye, access to the world's information at your fingertips, the ability to capture life with clarity people wouldn't believe 20 years ago.  It's truly amazing what these devices are capable of.

But as phones transitioned from merely being able to connect a call to becoming a literal computer in our pockets, we slowly began to give up excessive amounts of our privacy bit by bit.  Now, complete privacy on our phones has never truly been a reality but we've reached the point where your Android device is sending location information back to Google every 4 seconds without any user interaction¹ and a flashlight app has 30 different permissions that include polling your precise location, able to view all of your photos and videos, connect to the internet.

Even though our mobile privacy is in a constant state of peril, there are numerous actions we can take to mitigate the damage. There are three key points to tackle:  the service provider, the device itself, and the applications.  To make things easy, we'll split this into three parts so we can dedicate a full, detailed post for each one.

In this first post of the series, we're going to start with the service provider.

The provider you choose will vary depending how what service works best in your area.  If you have strong coverage with AT&T or T-Mobile, it's recommended to use a company that utilizes their networks.  This is because they offer slightly more flexibility when it comes to device choices compared to Sprint and Verizon.  At the end of the day, you have plenty of options regardless of who you choose.

Carrier recommendations

SIM cards for most of these services are fairly easy to come by and can be picked up at places like Amazon, eBay, BestBuy, or from the provider themselves.

Don't make this more difficult than it needs to be.  Just because a specific company wasn't recommended doesn't mean it's a terrible choice.  You can, generally, pick any prepaid option that meets the criteria in this post but avoid picking something that would blatantly make your privacy worse, such as Google Fi.

ID

In the US, none of these providers require an ID to sign up for their (prepaid) service.  Registering online is simple but if you find yourself in an AT&T store, for example, you may run into some resistance as the salesperson might ask for a drivers license "to make the account creation easier" but it's not mandatory.  If you stumble across a representative who says that it's required, you should thank them for their time and either talk to someone else or do it yourself online.

What name should I use?

Since prepaid service doesn't require an ID, you're free to use any name you want.  It may be tempting to punch in the name Bruce Wayne, Miley Cyrus, or Bob Ross but part of maintaining privacy is blending in with the crowd and these names do anything but.

When considering an alias, try use a gender neutral first name and a common last name when creating the account.  Some examples of this would be:

  • Alex Smith
  • Cris Williams
  • Kelly Miller
  • Shannon Johnson
  • Taylor Wilson

All of these names can be used by a man or woman and aren't unique in a way that would bring attention if noticed.

What address should I use?

Since there are no bills or paperwork of any kind on prepaid service, you're free to use any address you desire.  If allowed, try to use a made up one like 123 Main St in Beverly Hills.

Some providers verify addresses to make sure they're real but that doesn't change much.  You can use a public address such as the New York Public Library.  

What about the phone number?

Never retain your current phone number.  Even with alias information, keeping the same phone number will effectively ruin this set up.

When it comes to picking a number, try to grab one from a state that's different than the one you currently reside in.  The annoyances of long distance calls are a thing of the past so there shouldn't be any show stopping hurdle to an out of state number.

If you must use a local number, try to pick one from a different city in your current state.  Live in Miami?  Get a Tallahassee number.  Minneapolis?  Grab one from Rochester.  Most people will just assume you've moved and won't bring any scrutiny since relocation is so common nowadays.

What kind of phone should I get?

Similar to the phone number, you want to get a new (or new to you) phone the same time you make this move.  Most people have used the same device for 12+ months and have had their unique device ID, IMEI, etc shared with numerous services they regularly use, including the carrier.  Keeping the same phone with all of the same, unchangeable IDs can have all of the information correlated directly back to you.

Which phone you should specifically get is debatable and will be in its own separate post.  In short though:

Privacy at all costs:  Pixel w/GrapheneOS > iPhone > LineageOS Android > Stock Android (Samsung/LG) > Linux based device (PinePhone, Librem 5) > Dumb phone

Best out of box: iPhone > Android > Linux based device (PinePhone, Librem 5) > Dumb phone

If you opt to purchase a phone from the provider, either pay for it in cash (if in person) or use a prepaid card (if online).  Never finance a phone or provide an ID to get a phone at a discount.

Am I anonymous if I do this?

No.  Following these steps will improve your privacy but it won't make you entirely anonymous.  Taking the actions in this post will help prevent carriers and private parties from knowing who you are, it'll keep your real information safe if (more likely when) their systems are breached or leaked, and it gives you the peace of mind knowing your name and location aren't out in the hands of God knows who when they sell your data.

Of course, if you were the specific target of the government or some other entity that had unlimited time and money, there are patterns that could be seen to identify you.  For example, even with this new number, name, and address, your actual phone usage probably won't change.  You'll still use it at same old house.  You'll still drive the same roads to the same old job.  You'll still make the trip to the same old stores for groceries.

Again, this isn't something anyone here needs to be concerned about.  It's simply an illustration that we aren't truly anonymous.

Any other considerations I should make?

When making this switch, take the time to vet the applications and services you have on your device.  These often give away more information about you than the provider you're using.  Consider using this time to move to a more private text/email communication method and scrutinize all of the third party applications you have but don't actually use.


¹ Douglas C. Schmidt, 2018: Google Data Collection (page 5, section D)

Both Android and Chrome send data to Google even in the absence of any user interaction. Our experiments show that a dormant, stationary Android phone (with Chrome active in the background) communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour.

Want to join the discussion?  Check out this post, and others, over at the CupWire subreddit and leave a comment.