When I was working at EFF, I started writing (but never finished) a couple of essays along the lines of "the degree of trackability of mobile phones is an unfortunate accident, and we should fix it".
It basically comes from routing requirements (especially to receive incoming phone calls) combined with billing requirements (to make people pay for their connectivity) combined with the empirical requirement to see which base station a device is connected to, and which other base stations can see it at a given moment.
If you aggregate all of that data, then you know a (geographically moderate-resolution) complete history of where almost all people have been at almost all times, and patterns of their habits and whom they probably recurrently spent time with.
Not all of this data has to be collectable, because these things could be disaggregated by introducing different protocol layers. For example, you could pay the mobile company for data connectivity, but use cryptographic blinding mechanisms so that it doesn't know which specific subscriber obtained connectivity at a particular place and time. (Those blinding mechanisms could be implemented inside of SIM cards, so the SIM card's task is to cryptographically prove "I am a SIM card of a current paying subscriber of carrier X" rather than "I am SIM card number 42d1b5c0".) You could have device hardware IDs be ephemeral rather than permanent. Actual messaging and call services could all be "over the top" (as phone industry jargon puts it), provided by people who are not the phone company itself.
This disaggregation is a straightforward improvement from a privacy point of view because it prevents companies from knowing things about you that they didn't need to know in order to provide services.
Meanwhile, in the world we live in, we see governments trying to make it harder to make phones less trackable, by putting legal restrictions on changing hardware addresses, or requiring legal ID in order to establish service. I imagine that an additional cryptographic indirection layer in SIMs to prevent carriers from linking a permanent identifier to a network registration (or specific data use) would also be banned in some places if it were invented.
This shouldn't be inevitable. One thing that made me think about this was when there was a little scandal (which I was a small part of) about companies tracking device wifi MAC addresses for commercial purposes. There was a little industry that would try to recognize people and build commercial profiles based on recognizing that the same device was present (in fact, at the time, even if it didn't actually connect to the wifi -- because a typical wifi-enabled mobile device was sending broadcast wifi probe packets that included its MAC address). So Apple was like "this is a bad use of MAC addresses, which only exist to distinguish devices that happen to be on the LAN at the same time, and perhaps to allow network administrators to assign permanent IP addresses to specific devices", and they made iPhones randomize wifi MAC addresses for some purposes, mostly fixing that particular issue.
We could think just the same way about GSM networks: "these identifiers exist for specific protocol reasons; using them for device or user tracking is an abuse that should be mitigated technically".
If you need to communicate with people in your area and not be tracked; MeshCore software with LoRa hardware like the this https://lilygo.cc/en-ca/products/t-lora-pager is something to consider. Text only, completely offline
Yes!!! I've been wanting to make something like this for a long time. But unless the firmware is open source I wouldn't trust this for anything secure. But this looks like a dev kit so I can do whatever I want.
I’ve tried them on snowmobile trails. With the vegetation the range was about a mile.
Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.
One thing I didn't see covered is to never have your "real phone" and your "burner phone" on you (or in the same location) at the same time while powered.
Easy enough to say "Gee...these 2 phones are always together or nearby when activated" or "this phone shuts off right before this one powers up".
Although, I suspect there are a few other ways to determine identity easier. Such as tracking the device identifier and then looking up nearby public facing cameras.
In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Unless you bought a pixel, graphene’d it and then paid a homeless person to activate a pre-paid data only sim which you would top up with vouchers paid in cash and used a von and international voip service…
Silent link esims are quite good for getting your phone to work on any country or network. I have one, not for privacy but more for better phone coverage and it works pretty well. No ID and you pay in crypto - btc/monero etc. (https://silent.link/)
For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
Not from the UK but in Germany we have the same issue where there is T-Mobile (best coverage), Vodafone (good coverage) and o2 (worst coverage) and there are simply some remote areas where anything but T-Mobile doesn’t have coverage.
And the easy answer is that T-Mobile, or rather the parent Telekom, is a terrible company best known for right now for getting the government to agree that they can cancel your existing internet contract to make switching easier when they want to catch you as a fiber customer but actually all they’re doing is sending a marketing company around Germany (Raider Marketing) to lie to your grandma to sign contracts for the Telekom or just cancel your existing internet contract because they think with a bit of pressure they can get you to sign up with them.
Alternatively, they are also known for the worst peering on existence because they have the crazy idea that they can charge tenfold what other ISPs take for peering because they are the Telekom…
In summary, the Telekom is such a terrible company that I’d rather not give them any money and if I needed T-Mobile coverage I’d rather get a foreign eSIM and rely on roaming than giving them a single cent.
I'm happy to give them (telekom) money because their service works. Vodafone was constantly inferior in my experiences (dsl vs cable as well as their mobile networks). At least i don't have to call vodafone every month like my neighbors do when the internet is down, worth every penny.
True on the Government ID document but most of the times the portal to activate would allow for any sort of numbers as long as it was in a proper format - whether or not it was valid.
These allow for self activation, have a lockout of 5 failed attempts or so and can be done via sim card codes (not SMS, but you interact with a program on the simcard and low level carrier services.)
I was surprised when a SIM I purchased on Amazon was not only able to connect in China but was also able to bypass the great firewall. I wonder how these travel sims get round the government regulations.
It's because the government regulations only apply to Chinese citizens. My first trip to China was back in the '00s, and I went for work. I was also surprised to find that my home SIM worked just fine there without any interference from the Great Firewall.
Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!
So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.
They just don't enforce the exact same restrictions on roaming users. I suppose there are risks of tourists spilling the beans, so to speak, they just don't view that as a severe unmitigated risk.
When you ROAM, you traffic abroad is routed to your home country ( for security reasons among other things) and then off to the internet from there. You can check that your public IP, when roaming, is an IP from your cellco.....unsure if there are any changes with 5G though.
You are not bypassing any firewall as your traffic is actually happening at home. If you access local sites, traffic is coming from home.
> which means burners do not really exist in those places.
This is very wrong. In Germany you can go to any shady kiosk in a big city and buy a pre activated SIM card invariably registered to some Arabic or Pakistani name.
You can buy it in cash. Completely untraceable if you take care of CCTV.
Once they know to look for you, sure, which is why you use a disposable phone and actually dispose of it before anyone has a reason to look for that specific one. That’s literally the whole point.
They might go an ask Achmed some hard questions later, but he’s long since left the country and never met you anyway.
It doesn't specifically help with obtaining a SIM without presenting ID, but it does help make it easier to avoid later leaking your true identity to Google/Apple/etc. once you start using the phone.
I have the feeling that whenever you are on an airport (and maybe railway stations too) they cross your IMEI with the boarding pass info. I believe that in the UK police use some middle-man towers, which name I have forgotten, to collect as much data as possible.
While I like the sentiment of the article, I think most people are not aware of how hostile baseband firmwares are implemented on most SoCs that phones come with. Usually the cell tower handshakes that make you trackable can't be put off, meaning the modem will run in sleep mode even when you are in airplane mode (which is kinda funny considering the dangers of air travel, right? Right?).
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
meaning the modem will run in sleep mode even when you are in airplane mode
AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.
I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.
Are there actually smartphones without an IMEI
Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.
How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).
I think part of the issue is that cell tower antennas are designed for talking to devices on the ground or at very low altitudes (like those you'd experience in a tall building). So a cell tower's capacity for talking to lots of somethings directly above it, thousands of feet up, is much lower than talking to lots of somethings below it or adjacent to it.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.
Since then, plane electronics are better insulated making it less of a problem.
Can you please give any sources? While it sounds plausible and interesting it's nothing more than a wild conspiracy theory without some background information.
Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.
Funny how airplane mode didn't work.
That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.
I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.
Saying more words and then linking to a page from an IMSI catcher's wiki (where it doesn't talk about radio on/off states) isn't exactly "providing sources".
You made the assertion that basebands remain in contact with towers even in airplane mode, and so can be tracked. Someone asked for supporting evidence for that claim. You've responded with examples and links to different issues. It's a fairly extraordinary claim (it's not one I'd heard before - it's clear that other radios may remain alive for various purposes even when airplane mode is switched on, given that you can use wifi and bluetooth on planes, but you're the first person I've heard make this claim about the cellular radio), and you haven't provided any evidence to back it up at all.
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS
I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.
It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.
The Dumphone Finder (https://josebriones.org/dumbphone-finder) referenced there is useful, too, if you need to get a phone a 90 year old person has a chance of being able to use.
Downloading GPS assist data obviously isn't, and plenty of phones use wifi scanning as a way to augment GPS position fixes, but this seemed a strange callout. Am I missing something?
When I was working at EFF, I started writing (but never finished) a couple of essays along the lines of "the degree of trackability of mobile phones is an unfortunate accident, and we should fix it".
It basically comes from routing requirements (especially to receive incoming phone calls) combined with billing requirements (to make people pay for their connectivity) combined with the empirical requirement to see which base station a device is connected to, and which other base stations can see it at a given moment.
If you aggregate all of that data, then you know a (geographically moderate-resolution) complete history of where almost all people have been at almost all times, and patterns of their habits and whom they probably recurrently spent time with.
Not all of this data has to be collectable, because these things could be disaggregated by introducing different protocol layers. For example, you could pay the mobile company for data connectivity, but use cryptographic blinding mechanisms so that it doesn't know which specific subscriber obtained connectivity at a particular place and time. (Those blinding mechanisms could be implemented inside of SIM cards, so the SIM card's task is to cryptographically prove "I am a SIM card of a current paying subscriber of carrier X" rather than "I am SIM card number 42d1b5c0".) You could have device hardware IDs be ephemeral rather than permanent. Actual messaging and call services could all be "over the top" (as phone industry jargon puts it), provided by people who are not the phone company itself.
This disaggregation is a straightforward improvement from a privacy point of view because it prevents companies from knowing things about you that they didn't need to know in order to provide services.
Meanwhile, in the world we live in, we see governments trying to make it harder to make phones less trackable, by putting legal restrictions on changing hardware addresses, or requiring legal ID in order to establish service. I imagine that an additional cryptographic indirection layer in SIMs to prevent carriers from linking a permanent identifier to a network registration (or specific data use) would also be banned in some places if it were invented.
This shouldn't be inevitable. One thing that made me think about this was when there was a little scandal (which I was a small part of) about companies tracking device wifi MAC addresses for commercial purposes. There was a little industry that would try to recognize people and build commercial profiles based on recognizing that the same device was present (in fact, at the time, even if it didn't actually connect to the wifi -- because a typical wifi-enabled mobile device was sending broadcast wifi probe packets that included its MAC address). So Apple was like "this is a bad use of MAC addresses, which only exist to distinguish devices that happen to be on the LAN at the same time, and perhaps to allow network administrators to assign permanent IP addresses to specific devices", and they made iPhones randomize wifi MAC addresses for some purposes, mostly fixing that particular issue.
We could think just the same way about GSM networks: "these identifiers exist for specific protocol reasons; using them for device or user tracking is an abuse that should be mitigated technically".
If you need to communicate with people in your area and not be tracked; MeshCore software with LoRa hardware like the this https://lilygo.cc/en-ca/products/t-lora-pager is something to consider. Text only, completely offline
Yes!!! I've been wanting to make something like this for a long time. But unless the firmware is open source I wouldn't trust this for anything secure. But this looks like a dev kit so I can do whatever I want.
These look pretty fun, have you played with them much? What kind of range can you get?
I’ve tried them on snowmobile trails. With the vegetation the range was about a mile.
Range can be 100+ miles though if you can establish line of sight. Depending on the scenario, a high elevation repeater could give several mobile devices pretty significant range.
One thing I didn't see covered is to never have your "real phone" and your "burner phone" on you (or in the same location) at the same time while powered.
Easy enough to say "Gee...these 2 phones are always together or nearby when activated" or "this phone shuts off right before this one powers up".
Although, I suspect there are a few other ways to determine identity easier. Such as tracking the device identifier and then looking up nearby public facing cameras.
In many countries you need a valid government ID document to activate a mobile service which means burners do not really exist in those places.
Unless you bought a pixel, graphene’d it and then paid a homeless person to activate a pre-paid data only sim which you would top up with vouchers paid in cash and used a von and international voip service…
A lot of effort though
Silent link esims are quite good for getting your phone to work on any country or network. I have one, not for privacy but more for better phone coverage and it works pretty well. No ID and you pay in crypto - btc/monero etc. (https://silent.link/)
For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
>For me the main use is that I'm on o2 in the UK, but if in some dead spot with no signal I can flip the sim settings and connect via EE or whatever.
Why not just get an EE SIM if that's your main use?
Not from the UK but in Germany we have the same issue where there is T-Mobile (best coverage), Vodafone (good coverage) and o2 (worst coverage) and there are simply some remote areas where anything but T-Mobile doesn’t have coverage.
And the easy answer is that T-Mobile, or rather the parent Telekom, is a terrible company best known for right now for getting the government to agree that they can cancel your existing internet contract to make switching easier when they want to catch you as a fiber customer but actually all they’re doing is sending a marketing company around Germany (Raider Marketing) to lie to your grandma to sign contracts for the Telekom or just cancel your existing internet contract because they think with a bit of pressure they can get you to sign up with them.
Alternatively, they are also known for the worst peering on existence because they have the crazy idea that they can charge tenfold what other ISPs take for peering because they are the Telekom…
In summary, the Telekom is such a terrible company that I’d rather not give them any money and if I needed T-Mobile coverage I’d rather get a foreign eSIM and rely on roaming than giving them a single cent.
I'm happy to give them (telekom) money because their service works. Vodafone was constantly inferior in my experiences (dsl vs cable as well as their mobile networks). At least i don't have to call vodafone every month like my neighbors do when the internet is down, worth every penny.
Don't they get paid at the end when you are roaming?
True on the Government ID document but most of the times the portal to activate would allow for any sort of numbers as long as it was in a proper format - whether or not it was valid.
These allow for self activation, have a lockout of 5 failed attempts or so and can be done via sim card codes (not SMS, but you interact with a program on the simcard and low level carrier services.)
I was surprised when a SIM I purchased on Amazon was not only able to connect in China but was also able to bypass the great firewall. I wonder how these travel sims get round the government regulations.
It's because the government regulations only apply to Chinese citizens. My first trip to China was back in the '00s, and I went for work. I was also surprised to find that my home SIM worked just fine there without any interference from the Great Firewall.
Roaming works somewhat unintuitively from what you'd expect. You do indeed connect to the local mobile network, but all of your data traffic is tunneled back to your home wireless provider's PoP. I realized this once I checked what websites I was visiting saw as my public IP address, and it was an address from a network in Texas!
So China's Great Firewall can't actually inspect or block your traffic while you're traveling, and using roaming on your home mobile network's SIM. It's all sent over the equivalent of a VPN to your home soil before going out to the public internet. This iswhy latency can be pretty bad while roaming.
They just don't enforce the exact same restrictions on roaming users. I suppose there are risks of tourists spilling the beans, so to speak, they just don't view that as a severe unmitigated risk.
When you ROAM, you traffic abroad is routed to your home country ( for security reasons among other things) and then off to the internet from there. You can check that your public IP, when roaming, is an IP from your cellco.....unsure if there are any changes with 5G though.
You are not bypassing any firewall as your traffic is actually happening at home. If you access local sites, traffic is coming from home.
Just track the hardware. A couple of days of normal usage and should be able to assign a 99% probability on you being the owner of that phone.
You should never turn on your burner in a place where you use your regular phone, duh.
Even using it in the same city, would only require time and maybe a bit more correlation to identify an individual.
> which means burners do not really exist in those places.
This is very wrong. In Germany you can go to any shady kiosk in a big city and buy a pre activated SIM card invariably registered to some Arabic or Pakistani name.
You can buy it in cash. Completely untraceable if you take care of CCTV.
Going to buy a prepaid SIM registered under an arabic name in europe is probably the safest way of getting traced by a government
IMEI + cell tower triangulation easily makes it traceable. If the authorities want to find you, they can.
Once they know to look for you, sure, which is why you use a disposable phone and actually dispose of it before anyone has a reason to look for that specific one. That’s literally the whole point.
They might go an ask Achmed some hard questions later, but he’s long since left the country and never met you anyway.
How does GrapheneOS help in that?
It doesn't specifically help with obtaining a SIM without presenting ID, but it does help make it easier to avoid later leaking your true identity to Google/Apple/etc. once you start using the phone.
Seems like an excellent business model for the homeless.
[dead]
I have the feeling that whenever you are on an airport (and maybe railway stations too) they cross your IMEI with the boarding pass info. I believe that in the UK police use some middle-man towers, which name I have forgotten, to collect as much data as possible.
You are probably thinking of a stingray https://en.wikipedia.org/wiki/Stingray_phone_tracker
While I like the sentiment of the article, I think most people are not aware of how hostile baseband firmwares are implemented on most SoCs that phones come with. Usually the cell tower handshakes that make you trackable can't be put off, meaning the modem will run in sleep mode even when you are in airplane mode (which is kinda funny considering the dangers of air travel, right? Right?).
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
meaning the modem will run in sleep mode even when you are in airplane mode
AFAIK this is not true at least for the Mediatek 65xx and early 67xx platforms; I've analysed the firmware and hardware on those. They actually power off the modem and rest of the RF system when in airplane mode. The modem only boots up and starts searching for a signal when you take it out of airplane mode, which is why it takes a noticeable time (10-30 seconds, depending on how many bands are enabled) to get a signal. If your phone goes from airplane mode to having a signal and immediately capable of calling, then I suspect it's one where the modem is not truly turned off.
I haven't inspected Broadcom, Qualcomm, or Spreadtrum in any detail to say whether they do things differently.
Are there actually smartphones without an IMEI
Look for a "tablet" or anything else without the word "phone" in it if you just want a touchscreen portable computer. An IMEI is obligatory to connect to cellular networks, in much the same way as a MAC address is to Ethernet and WiFi.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
The risk was that mobile networks could not handle moving many devices from one cell to another at high speeds (during takeoff and landing).
How would that be different for trains? Trains would have similar numbers or more devices, moving at a similar speed (for high speed trains compared to planes at take-off/landing).
I think part of the issue is that cell tower antennas are designed for talking to devices on the ground or at very low altitudes (like those you'd experience in a tall building). So a cell tower's capacity for talking to lots of somethings directly above it, thousands of feet up, is much lower than talking to lots of somethings below it or adjacent to it.
As far as I remember, the whole 'turn off your phone on a plane' was just a precautionary measure and is not a real technical problem nowadays.
My memory is that it was necessary at the time when lots of people started taking phones on airplanes because the wiring/navigation wasn't shielded against a transmitter that might be actually inside the aircraft.
Since then, plane electronics are better insulated making it less of a problem.
Are there actually smartphones without an IMEI and with a Wi-Fi card only, preferrably not a Broadcom one?
Maybe an old iPod Touch that can still run a VOIP program?
You might be looking for an android based Media player device.
But they are likely not ideal for the use case...
Can you please give any sources? While it sounds plausible and interesting it's nothing more than a wild conspiracy theory without some background information.
Buy a broadcom smartphone. Turn bluetooth off, and set it to airplane mode. Then Bluepwn your device, with bluetooth turned off.
Funny how airplane mode didn't work.
That's just one of the quirks. Baseband and what qualcomm is tracking is way worse.
I recommend buying an old Motorola Calypso device and fiddling with osmocomBB, you can DIY an IMSI catcher pretty easily. And you'll be mind blown how many class0 SMS you'll receive per day, just for tracking you. Back in the days you could track people's phones remotely but the popularity of HushSMS and other tools made cell providers block class0 SMS not sent by themselves.
This wiki article is a nice overview: https://github.com/CellularPrivacy/Android-IMSI-Catcher-Dete...
Saying more words and then linking to a page from an IMSI catcher's wiki (where it doesn't talk about radio on/off states) isn't exactly "providing sources".
You made the assertion that basebands remain in contact with towers even in airplane mode, and so can be tracked. Someone asked for supporting evidence for that claim. You've responded with examples and links to different issues. It's a fairly extraordinary claim (it's not one I'd heard before - it's clear that other radios may remain alive for various purposes even when airplane mode is switched on, given that you can use wifi and bluetooth on planes, but you're the first person I've heard make this claim about the cellular radio), and you haven't provided any evidence to back it up at all.
Baseband SoC running their own OS independent from Android/iOS and staying asleep (while still listening for incoming signals) is very much no longer in conspiracy theory territory and more an established fact now. I don't have the source at hand but it's in one of the standards. And the purpose is very clear: LEA like Interpol must be able to locate any IMEI at any point if in tower range, regardless of the power state of the "main" OS
I don’t doubt SoCs have their own micro-OS, but I too would love to see a reliable source showing phones connect to towers when powered off. Wouldn’t this, at a minimum, violate FAA/EASA rules? Google tells me the cellular radio in an iPhone has no power when in airplane mode or when off.
Surely this is really easy to prove by putting a phone into an anechoic chamber and using a spectrum analyser to show that it's still TXing?
The phone isn't going to connect to a tower it cannot see.
It can't just scream out into the void and hope a tower picks it up, it needs a few pieces of timing information & cell configuration beforehand.
Even in airplane mode?
I dare you to do the following:
Charge phone to full 100%. Turn it off.
Put it into a faraday cage, e.g. a steel box, for 7 days.
Take it out again and wonder why the battery is empty.
(The faraday cage has the effect of making the modem have to switch bands constantly, which costs more electricity than sleep mode in LTE)
Batteries naturally drain slowly when not used. What would this little experiment prove, exactly?
It would still be simpler for you to link to a credible source. A bit strange that you seem uninterested in doing so, and prefer to tell people to do their own experiments, in this case one that requires an extra phone and a week of time.
The Dumphone Finder (https://josebriones.org/dumbphone-finder) referenced there is useful, too, if you need to get a phone a 90 year old person has a chance of being able to use.
> Radios off (GPS/Wi-Fi/Bluetooth) unless needed
GPS is a passive technology, no?
Downloading GPS assist data obviously isn't, and plenty of phones use wifi scanning as a way to augment GPS position fixes, but this seemed a strange callout. Am I missing something?
if the phone is confiscated it could be saving GPS automatically, i guess
This stood out from me as odd from the article too, but that's definitely a plausible explanation.
I could easily see a phone with some sort of location tracking saving GPS data points internally until it can reach a network again to send them out.
The guide recommends PGPP to rotate IMEI numbers, however, the service shut down more than a year ago. https://invisv.com/articles/service_shutdown.html