this post was submitted on 02 Sep 2023

82 points (100.0% liked)

Privacy Guides

16694 readers

129 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.

You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...

Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!

This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.

Moderation Rules:

We prefer posting about open-source software whenever possible.
This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
No soliciting engagement: Don't ask for upvotes, follows, etc.
Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
Be civil, no violence, hate speech. Assume people here are posting in good faith.
Don't repost topics which have already been covered here.
News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
No misinformation: Extraordinary claims must be matched with evidence.
Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago

MODERATORS

[email protected]

Do eSIMs have any downsides from a privacy standpoint? (programming.dev)

submitted 1 year ago by [email protected] to c/[email protected]

22 comments fedilink hide all child comments

Compared to regular SIM cards.

SIMs are easier to swap if needing to switch phone, but I only see this as a convenience. I don't see why it would be more private.

I have little knowledge on how eSIMs work, but something in the back of my mind, tells me that somehow, eSIMs are bad for privacy :(

Anybody care to share their views on this?

all 23 comments

sorted by: hot top controversial new old

[–] [email protected] 50 points 1 year ago (2 children)

e-SIM cards are not more private than physical SIM cards. Both of them bind to your phone, and the carrier will now know your IMEI and IMSI. Both of these can be tied to your phone even after you remove the SIM card.

So if you have a burner phone, and you attach it to a SIM card you own elsewhere, that burner is now tied to that identity.

If you're worried about tracking put your phone into airplane mode, at least for Android devices that's pretty good at disengaging from the towers. Then you won't be tracked by the cell companies, but you're limited to Wi-Fi.

But let's go crazy, let's say you buy a burner phone, and you only put eSims on it you buy anonymously, or SIM cards you buy with cash, that will still give your identity away by geographic proximity to your house. If you have the phone on in places that are connected to you, there will be location history showing you frequent those places. So if you're going to go to this level, you better not use cellular anywhere that's associated with you.

[–] Cheradenine 22 points 1 year ago (2 children)

And of course, even on WiFi 'Google retains a detailed map of known Wi-Fi networks and access points. By knowing the exact location of these networks, and your proximity to them, its location services can gauge your location with roughly 30 feet of accuracy.'

Quote is from a Future Tense article from five years ago. https://slate.com/technology/2018/06/how-google-uses-wi-fi-networks-to-figure-out-your-exact-location.html

[–] [email protected] 7 points 1 year ago

if your going down this route, you really can't use stock android. grapheneos

[–] [email protected] 4 points 1 year ago (1 children)

I do get there are privacy ramifications to this, but the alternative is having to wait like 2+ minutes for a accurate gps lock every time your phone needs location.

[–] Cheradenine 2 points 1 year ago

I do not mean this in a snarky way, everyone has their own priorities. I don't use location for anything. If I did, having to wait would be an inconvenience.

[–] [email protected] 27 points 1 year ago (2 children)

All of your mobile traffic goes through your carrier. Assume that none of it is private, unless you're taking privacy measures like a trusted VPN.

I don't see how an eSIM is any worse than a SIM.

[–] [email protected] 12 points 1 year ago (5 children)

Totally.

I guess the privacy advantage of a regular SIM is that as soon as you pop out the sim card out of your phone, towers can't track you anymore.

With eSIMs on the other hand, I can never truly trust that an eSIM is de-activated? Feels like you actually just have a permanent sim card in your phone and your phone can just be tracked no matter the status of your eSIM. Or is this not technically possible?

[–] Cheradenine 17 points 1 year ago

Towers can still track you by the IMEI number.

One of the suspects in the Bali bombings was caught because while they frequently changed Sims, they didn't change devices. They were tracked by the IMEI.

[–] [email protected] 7 points 1 year ago

That's correct. Iphones are especially vulnerable to that since they don't shut down all the way and always keep some radios enabled. Android devices will generally shut down properly.

But in any case, do you really need to worry about tracking by a carrier? Locating a phone is possible but not easy and usually only happens when it's specifically requested by the police.

If that's your threat level, you probably don't want to own a phone at all.

[–] [email protected] 5 points 1 year ago

You can erase the eSim. You can also turn it off, but I'm not sure to what extent is it disabled.

[–] [email protected] 4 points 1 year ago

Turn it off and put it in a Faraday-cage bag.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

The SIM is just an identifier. There's nothing particularly special on a SIM card, that's why the switch to eSIM has happened so seamlessly. So, you're right; it's totally POSSIBLE that an eSIM could stick around if you delete. But it's also possible that your phone could save the info on a SIM card.

For the record, I don't think that's likely. Your phone's operating system (iPhone or Android) is built by a different company than the carriers that presumably want to track you. I doubt they're secretly colluding with carriers, because Apple and Google (especially Google) have enormous business models built around tracking you, and profiting off your data.

[–] [email protected] 4 points 1 year ago (2 children)

Really not helpful

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

What other info can help distinguish between regular sims and esims in terms of privacy?

Or alternatively what's missing from thecomments?

Asking, not trying to challenge you, I'm honestly trying to learn

[–] [email protected] 2 points 1 year ago

What other info can help distinguish between regular sims and esims in terms of privacy?

Don't know but OP asked a very specific question and this person gave a very generic answer that didn't address the question that was asked at all.

[–] [email protected] 1 points 1 year ago

OP disagrees

[–] [email protected] 10 points 1 year ago (2 children)

It depends whether you can buy one anonymously - you probably can't, I guess, as for what I know, providers tend to offer eSIM only with contracts and not prepaid options. Physical SIMs you can get on the street in many places, vending machines, eBay, wherever.

Tho there isn't really any reason why eSIMs couldn't be sold the same way, as it's just a QR code.

The other problem is that in order to move the eSIM from one phone to another, it needs to be deactivated on the first one, which requires an internet connection. That's more of a practical concern than one of privacy I guess.

[–] [email protected] 9 points 1 year ago (1 children)

Physical SIMs you can get on the street in many places, vending machines, eBay, wherever.

Unfortunately there are many countries where the law requires activation with identity documents.
Surely somewhere one can find them already activated, but I wonder what legal or other kind of problems it may cause.

[–] [email protected] 3 points 1 year ago

Most countries in fact, but you can get them if you want. Though I guess you never know if it's not a honeypot operation.

[–] [email protected] 3 points 1 year ago (1 children)

you can get pre-paid esims easily with Arlo and other travel e-sim vendors. If you use a gift card to pay, its pretty anonymous (but once you tie it to a phone, you lose that)

[–] [email protected] 1 points 1 year ago

Cool, it's still more of an exception though. Here in most of Europe it's barely a thing.

[–] [email protected] 3 points 1 year ago

The only thing it improves is data security which can in some extent resist against identity theft, financial fraud, etc. Does having an eSIM card improve my data security?

Yes, there are significant security benefits. An eSIM card cannot be stolen without stealing the phone, whereas removable SIM cards are sometimes stolen, and used in port out scams. That's when identity thieves fraudulently swap stolen SIM cards into different phones to gain access to the victim’s calls and text messages. The thieves may then try to reset credentials and gain access to the victim's financial and social media accounts.

For more information about SIM swapping, port out scams, cell phone cloning and subscriber fraud, see our consumer guide on cell phone fraud. https://www.fcc.gov/consumers/guides/esim-cards-faq