I’m looking into getting a flip phone with a separate number so that I can sign up for a few apps that without associating them with the complete identity profile in the data marketplace that is linked to my actual phone number.

To be clear, the apps will still be downloaded and utilized on my primary smartphone. But the phone number through which I receive verification codes during registration will be a separate device.

Has any one done this? Tips for selecting a cheapo phone and prepaid service?

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 day ago

    Yes, I do this plenty. I have some SIMs I continue to pay for in cash (pay as you go) so I keep having access to the phone number, and it’s not easily tieable to my identity (ie you’d figure out who it was probably through watching CCTV of me buying it which seems like quite a lot of effort, so good enough for people with lower threat models).

    I don’t know where you are but in terms of selecting a service or phone, I would just walk into a local shop and see what they have on offer. I can’t imagine prices would vary that wildly between shops.

    Edit: also no need to buy a whole new phone if you don’t have a state threat model and just want to make it harder to track you for eg data mining corpos. You can just swap out the sim in your normal phone to receive texts then put your regular sim back in afterwards. Or if you have a dual sim tray. You could also anonymously buy an esim so it doesn’t take up a physical sim slot.

  • cRazi_man@lemm.ee
    link
    fedilink
    arrow-up
    21
    ·
    2 days ago

    This is standard practice for me. You don’t even need another flip phone. Most phones come with a dual sim tray. I keep the 2nd sim in my phone and keep the sim switched off in the settings. I do all signups with this number.

      • Thetimefarm@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        2 days ago

        The IMEI number on the phone is essentially locked to the device, swapping sims won’t change it. So a phone activated under your real name on one network could technically get traced back to you even when using a different SIM card.

        Also, carrying a phone with both SIMs active is completely unprotected from correlation attacks by anyone with access to the cell tower data. It’d be blatantly obvious that the location of one SIM is the same as the other all the time.

        All depends on the threat level you expect, but if you’re worried about a VOIP account being compromised to get your real number, you are talking about pretty sophisticated actors.

      • cRazi_man@lemm.ee
        link
        fedilink
        arrow-up
        8
        ·
        2 days ago

        Just be careful about the sim expiring. Each network will have its own rules. The sim I have stipulates that it needs to be topped up at least once every 6 months and a call or SMS sent every 3 months to keep it active.

  • fmstrat@lemmy.nowsci.com
    link
    fedilink
    English
    arrow-up
    16
    ·
    2 days ago

    A bit out there, but I plan on doing this soon:

    • Get a SIM
    • Grab an old Android phone
    • Relay SMS to Matrix via the SMS bridge

    I already use Matrix bridges for Signal, Discord, IRC, etc, so this means the number is never tied to my location, but I can use it for things like banking 2FA.

    • Claudia@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      1
      ·
      1 day ago

      Umm, how does this protect your privacy?

      SMS messages don’t include your location. The cellphone towers know your location. Getting a transmission from sms to matrix means it’s going from old phone over the Internet to a cell tower to your real phone/or cellular enabled laptop.

      • fmstrat@lemmy.nowsci.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        The provider of the SIM on the old phone who provides the phone number, and data brokers associated with them, will never be able to associate that number with my actual location, because the old phone will be in a static location.

        The provider of the SIM in my main phone will have a number that is never used, and it’s location can never be tied to the number that is actually used because the old phone relays VI’s matrix.

        Is it better than avoiding SMS altogether? No. Does it obfuscate? Yes.

        I also plan on having VNC on the old phone for running banking apps that GrapheneOS may not support in the future.

        • Claudia@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          1 day ago

          That’s, not defeating anything.

          Your actual location is still being sold. They weren’t tracking you through sms in the first place. The phone company doesn’t need you to make phone calls to know where you are.

          Data brokers share data. All that changes is that you are now worth €0.015 vs €0.010.

          Your plan is a lot more effective if you just ask for paper statements from your bank and keep your cellphone at home. Or just turn off your cellphone and check for messages and VM like the ancients used to do on occasion.

          • fmstrat@lemmy.nowsci.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 day ago

            Your cell phone company associates SMS with your location all the time, and sells that data to brokers who overlay it with app data associated with a phone number.

            I’m not sure what you’re not following. Just because another provider has my location, doesn’t mean a broker can associate that location to a phone number on another provider (and thus connected apps).

            • Claudia@lemmy.blahaj.zone
              link
              fedilink
              arrow-up
              1
              ·
              1 day ago

              I’m not sure what you are t following. They’re associating your location with your phone number non stop. The sms message is just you sending a message.

              Another provider has you location, another broker can pay for your information. Brokers clean up all the data they receive and match it to specific individuals. That’s how they do their job.

              Broker 1: hey got any data on person01?

              Broker 2: hey I got data on person01, how much you willing to pay?

              Broker1: sweet, I’ll pay this much.

              • fmstrat@lemmy.nowsci.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                23 hours ago

                OK, let’s do this step by step. We’re going to use a prepaid SIM like op mentions:

                • Buy SIM prepaid at Walmart with cash
                • Activate that SIM in a phone at a static location, not your home
                • This is sold to broker 1
                • Buy SIM from normal provider using your CC
                • This data is sold to broker 2
                • Broker 2 asks broker 1 for into on person
                • Broker 1 has no discrete match due to lack of payment data
                • Claudia@lemmy.blahaj.zone
                  link
                  fedilink
                  arrow-up
                  1
                  ·
                  8 hours ago
                  1. Broker 1 is stuck with cheaper data on somebody they know exists. The phone is in a static location switched on and proving location data.
                  2. Periodically broker 1 asks other brokers for information on people who also are in the same place at the same time.
                  3. Broker 2 says they have a match and sells it to broker 1.
                  4. Broker 1 & 2 are able to resell much more valuable data on some privacy freak.

                  Data isn’t some silo locked up. They have data sharing agreements allowing them to look at each others data and pay for transfers of useful information. Their profit comes from making initial collection agreements with the phone companies/banks/stores giving them sole access to raw data.

                  At the end of the day OP wants to do all of this for his bank’s 2fa codes. The bank that knows who he is and where he lives due to know your customer laws.

                  Just disable internet banking, paper statements, stops all data from being made in first place.

                  Cash only phones only work from a privacy perspective if they are your single phone. As a secondary phone they’re just another number on your data broker profile.

  • owenfromcanada@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    2 days ago

    Honestly, if you don’t want a separate device, I’d sign up for a VoIP number. I use voip.ms, it’s a dollar or two a month for the number, and you pay per minute and per text (about a penny each, IIRC). You can forward calls to your primary number, or set up a SIP app (I’m using one called ZoiPer). I usually load it up with $20 per year or so.

    • Aslanta@lemmy.worldOP
      link
      fedilink
      arrow-up
      2
      ·
      2 days ago

      The problem I have with this is that it still links to my primary number through data profiling. Seems like a good option if I just want to keep my personal number separate from my work clients. But for data privacy, idk.

        • Adulated_Aspersion@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 days ago

          Every person has a massive profile (table / database) built all about them. This isn’t conspiracy. This is big business. There are a few data brokerage companies focused on people:

          -Acxiom (worlds biggest broker, pretty much every piece of junk mail you get drives from a company purchasing data from them)

          -TransUnion (credit, such as if you pay the minimum bill or are late on payments)

          -CoreLogic (all real estate purchase information)

          -FourSquare Labs (location broker which i find to be particularly insidious)

          There are also databases built specifically for business entities, such as Data Axle.

          And companies will purchase packages from ALL of these data brokers when they want to target a specific audience.

          • owenfromcanada@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 day ago

            Ah, gotcha. I kinda figured that was out there, but didn’t have names to associate with them.

            I guess I’m wondering how a VoIP number would differ significantly from a burner phone. Obviously the burner is more private (assuming you pay cash, there’d be zero way to trace it anywhere). Signing up for a VoIP number with an alias seems almost as untraceable, assuming the VoIP company isn’t selling your data?

  • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 days ago

    Prepaid is the same as Postpaid in my country (USA). I can’t speak for your country, but here, banks accepted my prepaid number just fine. My Google Voice (VOIP) number, however, got rejected by my bank. So banks here seem to treat prepaid as just a normal number.

    The only way to test if that work is to buy the cheapest plan and try it. Don’t give up if it fails, sometimes you get a number that was misused by the person who has it before and they got the number flagged, try again by contacting customer service of your cell service and requesting a number change.

  • Angel Mountain@feddit.nl
    link
    fedilink
    arrow-up
    2
    ·
    2 days ago

    Yes, I created an entire fake identity with it that I’m now using here so I can say what I want without worrying about loosing my job.

    One thing to keep in mind is that most prepaid providers require you to use the phone every once in a while, or you loose the number (don’t ask me how I know and don’t ask me what happens if I forgot my password)

    • Aslanta@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      1 day ago

      That is good advice, thank you! Is there a particular brand you’d recommend (DM me if you don’t want to share publicly). I was looking into a few major retailer flip phones but they both required the retailer to scan it for activation and I wasn’t entirely sure what that does tracking-wise, so I stopped to do some more research.

    • moseschrute@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      But Lemmy doesn’t require a phone number? Unless you’re saying you used the phone number to register an email, then used that email for Lemmy. I have a hard time believing your job would jump through that many hoops to track down your Lemmy comments. Seems like it wouldn’t be worth their time. Maybe the NSA.

      • communism@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 day ago

        I assume they mean that this Lemmy is part of their fake persona, so maybe links to another social media account they use for this persona, or an email address, or the personal details they mention in their comments matches with their fake persona’s personal life and not their real personal life. But yeah seems like overkill if your threat model is only your employer, unless you’re employed by some military intelligence agency, in which case it’s probably not enough.

  • eldavi@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 days ago

    i’ve been using prepaid for almost a decade now and i only buy $100 androids with the latest release and i use my voip number for everything.

    i started doing the prepaid plan because i don’t always renew each month since i only need the data connection and i’m almost always at home. the $100 androids are a thing for me because i’m klutz with all personal electronics. so it’s more like i accidentally stumbled upon this form of privacy rather than seeking it out from the onset.

  • shortwavesurfer@lemmy.zip
    link
    fedilink
    arrow-up
    5
    ·
    2 days ago

    Depends on country. In the United States, you might look at something like the T-Mobile Connect prepaid plan and the Nokia 225 4G. And yes, prepaid numbers absolutely do work for app registrations. I’ve been on prepaid for years and had no issues. It’s voice over IP numbers that have problems.

    • MaxHardwood@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 days ago

      A way around that is to port a prepaid number to a voip service. I’ve kept old numbers that way when moving

      • shortwavesurfer@lemmy.zip
        link
        fedilink
        arrow-up
        3
        ·
        2 days ago

        I have been thinking about going with JMP chat and if I do that’s probably what I would do just port my current number to them so that I don’t lose it since that’s my primary number and I don’t really want to deal with getting a new one and giving it out to everybody.

        • MaxHardwood@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          2 days ago

          Get a prepaid with an eSIM with AT&T/Rogers (or any of their MVNO’s) for maximum compatibility; cheapest the better. You need an eSIM compatible phone. You can verify this through the carrier’s site from your phone.

          Only need the IMEI and Account number essentially

          Port the number to voip.ms

          Do whatever you want with that number for like pennies a year.

          VoIP.ms has an SMS app for android that I know of

          • shortwavesurfer@lemmy.zip
            link
            fedilink
            arrow-up
            3
            ·
            2 days ago

            Even if it’s more expensive, I will probably go with JMP because it’s open source and open source to me is a hill I am willing to die on. I do absolutely everything I possibly can to use only open source software at any time that it is feasibly possible to do so.

  • ChaoticNeutralCzech@feddit.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 days ago

    Yup, it works in the Czech Republic and it’s fully anonymous. How would they know it’s prepaid?

    I use phones from e-waste, 2G still works here so there’s plenty of Nokias (even 3310-like ones) I can use.