We answer the questions readers asked in response to our guide to anonymizing your phone
About the LevelUp series: At The Markup, we’re committed to doing everything we can to protect our readers from digital harm, write about the processes we develop, and share our work. We’re constantly working on improving digital security, respecting reader privacy, creating ethical and responsible user experiences, and making sure our site and tools are accessible.
This is a follow-up article. Here’s the first piece, if you’d like to read that one as well
It tickles me when I read of journalists protecting their privacy. You can see how far up the tree they’ve climbed.
There are many, many more ways to track that anonymous phone. These are feel-good settings to disable for that sense of false security; like you’re in control. It does have effect, don’t get me wrong.
But a big part of tracking is not what your phone sends, but other devices detect. There’s no opt out of that data collection.
Turn it off, take the battery out, snap it in half, throw it in the bin.
Throw your phone out. Get a small librebooted laptop and use an android emulator for any apps.
I have often wondered if you can take an android phone, drill and rip out all the sensors and radio transmitters, and use wired Ethernet through a VPN router and still be able to use just banking apps as that seems to be one thing I keep a proprietary phone around for.
Edit: I forgot the speaker and the mic though the mic could be classed as a sensor
you’re still traceable because every phone CPU is directly associated with it’s IMEI. Although that’s probably not an issue for you since you’re planning on using banking apps anyway.
But is that a problem for the threat model of banking as your bank logs everything you’re doing and will gladly share that with the government anyway. My question is is there any other possible data they could gather besides the VPN server’s IP address and what I’m doing with my bank?
You can change IMEI at will. IMEI doesn’t do shit.
Definitely don’t. If there isn’t a FLOSS Linux client for it, just don’t use it.
I’m not giving up mobile deposit.
Leave my house? Duck that.
Forgot to turn off Bluetooth. Apple phones activate it automatically to keep up their tracking network anywhere.
Just going from your home to anywhere and coming back with a burner phone doesnt make sense. You have to turn it off before going anywhere near your home.
Connecting your identity based on the co-location of your burner and personal phones would generally require access to data from multiple sources and may not be easily achievable without your consent or cooperation.
Okay just no.
Do not use standard SMS or iMessage.
Good advice. Flight mode too. Also disable 2G and 3G, which poorly still is impossible in Germany.
Apple’s iMessage uses end-to-end encryption, which means that messages sent between Apple devices are encrypted and can only be decrypted by the sender and the recipient. This provides a high level of security.
Now advise for that messenger again? Trust me bro.
WhatsApp, which are available on both platforms, offer end-to-end encryption for text messages and voice/video calls.
Trust me bro 2.
Both Android and Apple devices allow users to control app permissions, including access to contacts, location, and other sensitive data. If you really want to enhance your security and privacy, it’s crucial to review and manage what permissions apps have.
On Stock Android all the spyware is already installed, as system apps. They have no permissions and you are already fucked.
Advanced tracking methods can link your activity to your IP address
No that is not advanced, that is the most basic possible.
Use a VPN to mask your IP address.
“a VPN”, very good tip thanks
Overall the article is okay though, lots of good tips. We have to see people dont know shit so they need to start somewhere.
But why they dont recommend a single app apart from Signal is insane.
General
- no stock Android or iOS ever!
- GrapheneOS
- Google Pixels (probably not having a backdoor?)
- preregistered SIM cards
- good email and VPN provider
Software
- Mull, Arkenfox, Brave
- SimpleX, Briar, Anonymous Messenger
- Onionshare
- Torbrowser
- Orbot
- or i2p alternatives that work
- Monero
- a privacy friendly Keyboard like Florisboard and Openboard
- no google play services (they are a way for carriers to install malware how they like)
- …
Settings
- anonymized MAC
- encryption without fingerprint and scrambled layout
- email aliases for everything
- Fakeaccounts with your real name and matching fake pictures
- automatic reboot and updates
This is an insult to this community, and such low-effort shitposting shouldn’t be allowed.
On a serious note, this is laughable at best. Of course, there is no limit to security paranoia, and I’m hardly qualified to comment on the affairs of Cybersecurity for better OPSEC, but I wish they would be at least a little bit more informed than average. This journalist seems to have very little idea that the government knows what they are saying anyway
Step one: don’t buy a phone
You want privacy? Turn your phone off.
Doesn’t always work. Phones can turn themselves on. You can’t remove the battery anymore either.
Personally, I just accept that my privacy will always be violated using a smart phone, especially because I’m forced to use google and whatsapp. But I leave my phone at home when possible, especially if I’m thinking of attending a protest or doing stuff, and chuck it in a muffled/closed draw when I’m not using it.
The only way that a Phone don’t spy on you is turning it off