Sidenote: Help us improve this tutorial by letting us know if there's anything missing or incorrect on this git issue directly!
A Simcard is what you need to put into your smartphone in order to have a phone number. These simcards, once inserted into your smartphone are always communicating their geographical position to the nearest mobile carrier antennas. Meaning the mobile carriers knows where your simcard is, at all times, and they know where this simcard has been ever since it got inserted into your phone.
Now, it is possible for you to purchase a sim card (or e-SIM) anonymously using for example this service here, but the fact remains the same, that once the simcard is active into your smartphone, there is a permanent record of where that simcard has ever been and there is nothing you can do about it.
Naturally, law enforcement agencies LOVE to keep their hands on this data. They use it all the time. For example, all it takes for LE to figure out who has been in a public protest is to record the protesters up close, while keeping track of the current time. Then, if any of the protesters did anything illegal out there, they can know who did the act by simply looking at which simcards were at the exact same time, at the exact same place.
As we discussed previously for the law to be respected, it needs to be enforced. And to be enforced, the authorities need to know:
What happened ? (lack of Privacy)
Who did it ? (lack of Anonymity)
That's why protesters make the conscious choice to not go out to protest with their phones in their pockets, as they can get deanonymized very easily while wearing them.
Because Simcards are actively used by Law Enforcement to know what is the location of a particular phone number is using tools like StingRay II, but not only them, every cellular provider also knows the location (up until present moment) of every phone number, thanks to cellular triangulation.
Let's suppose the following scenario:
You bought an old phone (let's say a google pixel) anonymously using Monero, without going on a Centralised marketplace, Peer to Peer.
You wiped that google pixel OS to install an open source host OS such as GrapheneOS
you made sure that phone never connected to the internet since you got it, and never used a simcard either.
You then purchase an e-SIM card anonymously from a non-KYC service such as silent.link, using monero, and you activate it inside the phone.
Great, you now think that you obtained an anonymous phone number right ? Did you just forget that there is a permanent record of where that simcard and phone number is, at all times ? And did you forget that this record of where your simcard is, is always consulted by LE at all times ?
Where do you plan to use that simcard ? At your own house ? The moment that simcard (and phone number) becomes active, LE knows that the simcard associated with that phone number is located your own house. And then you take it with you to go to work ? If you are seen going anywhere at anytime, and LE looks at where the simcard went, they can easily correlate that you are the owner of that simcard.
Make no mistake with cellular tower triangulation they can pinpoint the location of a cellphone down to a few meters of precision, so it is preety accurate. Let's see what that looks like by taking Bob's phone location over the course of one day:
You might think that having stringent SOPS (standard operating procedures) around the use of burner phones in your organization could solve this problem. It does help as this map shows, but it's not enough. An adversary investigating your activities will have access to a lot of data and they will be able to use tools such as PostGIS to query their datasets in order to infer relible position information from scattered datapoints.
If you have a simcard next to you, no matter how anonymous you managed to get it, the moment you start to use it, you are deanonymized
So the only way to be able to use a phone number anonymously, is to use a remote service provider, that allows you to use a phone number, anonymously (allows tor connections, and monero payments), and even then, don't expect to get privacy going that route. Examples of such services: Crypton or Smspool. (see the full list here)
If a chat service requires you to enter your phone number, it means they categorically refuse that you can use their service anonymously. Moreover, it means that they want to be able to inform the authorities of your actions, and rest assured that LE will pay big money for that sensitive info they may have of your actions.
Yes, you heard me correctly. If a service asks for your phone number, they are anti-anonymity by design. This means that you can already stop using the following services:
Signal, is a centralised service that requires a phone number upon signup[1][2], see also [3] [4]
Telegram, is a centralised service that also requires a phone number upon signup, on top of being forced to comply to EU demands as of 2024.
When you take into consideration how phone numbers harm your Anonymity as i listed above, Nothing can can possibly justify requiring a phone number upon sign up.
The only reason for such a requirement, is that the service takes bribes from LE, for successfully lying that their users are safe. Make no mistake, the bigger the service, the more lucrative it is!
Now if you want to be able to communicate anonymously with someone online, use SimpleX, and tell them to use it too with this tutorial.
Donate XMR: 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8