Every aspect of your life is tracked, logged, measured, analyzed, and acted upon. Your so-called ‘pattern of life’ is up for sale to the highest bidder, and often provided for free by companies cooperating with host-nation governments. And at any point it might be stolen and suborned by nefarious actors with their own agendas. Agendas which are always to your detriment and their benefit.
In the golden days of espionage operations, spies and case officers utilized increasing levels of tradecraft to hide their movements and activities, or at least obscure their true purpose. From a simple glance at the reflection in a shop window to look for a tailing agent, all the way up to multiple disguises and hours spent on a preplanned surveillance detection route. Spies know to tailor their personal and operational security to the threat level they are facing.
What a No-Carrier Phone Could Look Like
Whether you are living and working in a high-threat environment or period of civil unrest, worry about being vulnerable to hacking of your financial data or online profiles, or are simply an advocate for personal privacy and liberty, it’s important to understand the methods by which you are tracked, and by whom, and for what purpose. Once you understand this, you can start working to mitigate your personal vulnerabilities. You may even be able to disappear entirely. Or better yet, build an alternate persona which can draw attention away from your real life, family, and goals.
It is important to understand up front that much of modern tracking is not done specifically for nefarious purposes and can in some ways improve your lifestyle. Using a smartphone app to track your biorhythms during exercise can provide you with extremely useful data to improve your health. Cookies installed in your web browser save you time when you log into websites for normal internet searches or interactions.But time and time again we are shown that any-and-all data can be accessed by persons or organizations to which you would never knowingly consent. Nearly every organization in the world with an online presence has been targeted by hackers at one point or another. The bigger the entity, the more frequent and more potent the attacks. Yahoo.com revealed in 2017 that all its user accounts had been hacked in 2013 by an unknown, possibly state-sponsored hacker or hacking team. The personal data associated with three billion accounts was stolen. That is billion with a ‘b’.
The bottom line is that you cannot entrust any entity to successfully protect your personal data for all time. You are the only person who can mitigate your own risk. I will provide you with some tools and techniques originally developed by intelligence agencies for protecting their agents. Implementing these techniques for your own personal security will help you stay ahead of your adversaries. And in this world, you have many adversaries, and everything to lose.
We will start with the most effective tracking device ever created. The smartphone. You likely have one within arm’s reach or are possibly reading this post on your smartphone. How many apps have you installed? How many did you think you deleted, but are still there, just hidden? What level of permissions have you provided to every single app in question? Who developed those apps, and were those developers later bought out by a larger corporate entity? To whom are they selling your data? These are all questions you likely want to know the answer to, as they comprise a major portion of your searchable online profile.There are many privacy-minded smartphone applications now available for more secure communications. These apps generally utilize end-to-end encryption to obfuscate the content of messages and phone calls. The primary drawback of these apps is that they are still tied to your primary phone and were likely downloaded by an account tied to your main identity and method of payment. They are available on the Apple and Google Play stores… both of which are run by the largest aggregators of personal data in world history. If you want to divorce all your activities from corporate data collection, you can’t really do so through your primary smartphone, no matter what app you use.
An easy way to circumvent a wide variety of active and passive tracking is to disengage from your primary phone and start using a secondary or temporary phone purchased for cash. These are often known as burner phones. I’m going to cover several advantages and pitfalls inherent in using a burner phone. It is important that you know exactly what you’re getting into with a burner phone, and how to truly guard your privacy when using one.
1. Know Who You Are Up Against
First, consider what threat or vulnerability you are trying to mitigate. For example, wanting to hide an illicit affair from your significant other represents a drastically different threat level when compared to, for instance, involvement in organizing protests against a government which is likely to try to identify all participants via signals intelligence. In the first scenario, simply turning the phone off and hiding it well when not using it will provide ample protection. In the second scenario, significantly more thorough countermeasures will need to be employed.
Burner phones are useful in a wide variety of non-nefarious situations. For example, if you conduct online sales via Facebook Marketplace, Mercari, or other similar apps, you may not want to give out your personal number to every interested buyer. A quick Google search will reveal a huge number of situations where interactions with interested buyers went sideways and turned into a bizarre or frightening situation for the seller.
If you’re meeting someone new off of a dating app, you may want to take the cautious approach and not give them your primary number until after you’ve vetted them a little more thoroughly. No need to expose yourself to years of stalking by someone with a ton of red flags that will become immediately apparent on the first date. Using a burner phone gives you a potentially easy way of quickly cutting them out of your life.
2. How to Buy a Burner Phone
The two simplest options for buying a burner phone are new or used. Both methods have advantages and disadvantages.A burner purchased second-hand has the immediate advantage of being far less traceable. Purchasing for cash off of Facebook Marketplace or another local classified ads app is an easy, fast way to get a phone in your hand. A phone that is not connected to you in any point-of-sale system, with no credit card receipts linking you to a big purchase at the Verizon or ATT stores.
The disadvantages, however, are numerous. All of these represent exactly the types of vulnerabilities you are trying to avoid by using a clean burner.
- You might unknowingly be purchasing a stolen phone; one which has already been reported to law enforcement or the network carrier.
- You will potentially be dealing with the kind of online seller that you are hoping to avoid with a burner phone. One you will have to meet in a public place and who you had to contact through social media or your primary phone.
- You also may not know how the phone was previously used, whether a factory reset has already been done, or what applications were installed.
When purchasing your phone, it is probably in your best interest to purchase it with cash (or a pre-loaded debit card) rather than a credit or bank card in your name. That is simply good tradecraft in general. If you’re like me and practice an overabundance of caution with your communications devices, then park your vehicle a distance from the store where you’ll be making your purchase, and leave your primary phone locked in your vehicle. You may not want location tracking software to show you walked into a phone store at any point.In 2009, the Federal Bureau of Investigation was able to track Philip Markoff, the so-called Craigslist Killer, through the use of his Tracfone. Markoff was smart enough to want to use a burner phone to contact his intended victims, but sloppy enough to otherwise leave a trail of evidence that led right back to him. While I’m certain you’re not reading this with the intent to become the next Craigslist Killer, you need to be aware that simply purchasing and using a burner phone won’t render you invisible.
Is it safe to use an old Android phone?
Since you are likely to be using multiple SIM cards with the phone you may want to purchase a travel SIM carrier, for quick changes. This may not be ideal if you’re concerned about being searched by law enforcement, but is often a good way to avoid losing the tiny SIMs, or getting complacent about not changing numbers because of not having a spare SIM on hand.
3. Understanding IMEI and IMSIIMEI is the International Mobile Equipment Identity number. All phones produced worldwide are stamped with an IMEI, and it cannot be changed or erased. IMSI stands for international Mobile Subscriber Identity. The IMSI number is located inside, and associated with, your SIM (Subscriber Identity Module) card. The IMSI number is comprised of a country code, and a network code. Why does this matter to you? Because these numbers can be used in different ways to track you. When you make a call, or send a text, your phone connects to the nearest cell tower within your network. Your phone sends the IMSI number to the cell tower to identify itself for routing. But what if that identification number could be captured along the way? Or even rerouted to a device controlled by someone other than the cellular network provider?At least 75 government agencies at varying levels within the United States use IMSI catcher devices. The most commonly known device is marketed as the Stingray. The Stingray is manufactured by Harris Corp and has been in use by law enforcement for twenty years or more. Little was known by the general public about these devices prior to approximately 2014, but since then, numerous articles have been written. Stingrays have been used for years as workaround devices to allow for electronic searches without having a signed search warrant in hand. Despite extensive media coverage, their use by the US government at all levels has only increased.
In 2013, while demonstrations and a near-revolution were underway in Kiev, Ukraine, protesters in the center of the capitol received a chilling text message on their phones.
Thousands of demonstrators as well as innocent bystanders were identified by geographic location, likely via an IMSI-catcher device, and warned by the government against further protests. They were undeterred and continued, nonetheless. But the bar had been raised worldwide, and in a very public way, for government-run mass surveillance and oppression.
If you are taking part in a similar event whether in the United States or abroad, you can bring a burner with you to reduce your vulnerability to a similar collection strategy by whoever you are opposing.
4. How to Use Your Burner Phone
The most important thing about using a burner is it is not just another phone. You must always be disciplined and conscious with its use. in some ways, using it actually makes you MORE vulnerable than sticking with your primary phone. A person who is known to have more than one phone is notable in this day and age. If a friend or family member discovers it in your bag, or glove box, what might be their reaction? If this is a concern of yours, have a cover story rehearsed and ready to go. For example: that’s your old phone that you’ve been meaning to sell; or perhaps you use it for dealing with online sale listings exclusively. Whatever will best fit your lifestyle.
Earlier I recommended that you purchase a phone with a detachable battery and easily removable SIM card. The reason for this is, when not in use, your phone should not just be turned off, but fully deactivated. The capability exists to turn on a phone remotely and activate it as a microphone and recording device. If one government has this capability, multiple governments have it. If the government has it, private industry created it. If private industry has it, hackers and criminal organizations have gleaned it and appropriated it to their own needs.
Don’t save any numbers in the phone that you don’t want to be associated with you. For example, if your purchased the phone because you’re planning to leave an abusive, controlling spouse who monitors the phone bill, or checks your location via Find My iPhone, you don’t want them to discover a second phone where the most recent number called is a divorce attorney. That could be a disaster.
If you are deeply concerned about being targeted, or just maintaining total privacy, do not use the phone inside your home. Do not leave it turned on during the commute between your home and your job; especially not multiple times, thereby establishing a pattern.Do not maintain the same phone number or SIM for very long. SIMs are cheap and easily replaced. Get a new one as often as you feel necessary. Perhaps that’s after every ten calls, or every three months, or for every new first date. Only you can decide but understand that the longer you maintain and the more you use the same number, the more closely it becomes associated with you. As tempting as it may be, do not simply purchase a handful of SIMs all at the same store, on the same day. Not only will it appear suspicious during the moment of purchase, but an investigative or surveillance entity would see that as anomalous behavior. If a series of SIMs which were purchased together are all used in connection with the same IMEI-numbered phone, you might as well wave a red flag over your head.
Ideally you have a defined purpose for owning and using the burner. You keep to an informal schedule in your own head for how, when, and why to use it. When it’s time for your call or text, you insert the SIM and the battery, power it on, use it to complete your task, delete the call and/or text history, and then power it down and disconnect the battery again. A somewhat onerous series of tasks, but this is one of the safest methods for anonymous calls around.
5. Adding Minutes and DataThere are several options for adding minutes and data to your burner phone. You must purchase minutes that correspond to your phone brand; Tracfone, Verizon, AT&T, etc. Your own personal security mindset will determine the best method for adding credit to your phone.
- You can purchase minutes online from a wide variety of vendors, including the big-box stores like Target or Best Buy. This option is the most convenient but also most easily connected to your online profile. Creating a guest account on the sales website, using an anonymous email for delivery, and/or using a prepaid Visa card to purchase will help you create distance between yourself and the purchase, but that may not be enough for you.
- Purchasing minutes via text message to the carrier. This is a better option but will still require an electronic payment method. Again, a prepaid Visa card is good, but is yet another step.
- The best option is purchasing a prepaid card for cash in a physical store. Minutes are available in any urban or suburban area, from a wide variety of merchants from big box stores, convenience stores, and of course phone stores.
6. Burning Your Burner Phone
The whole point of a burner phone is it is temporary. The longer you keep it around, the higher you raise your profile regardless of the situation. Whether your concern is someone finding the phone and raising questions you don’t want to answer, or an organization gradually honing in on you, you need an exit plan.
In film, whenever someone finishes with a burner, they dramatically snap it in half and throw it on the ground, walking away. This is a terrible plan and one that does little to reduce your risk. If you think hitting the phone with a hammer or breaking a clam-shell phone in half solves the problem, you are in for a surprise.
Here is the best process for burning your burner:
- Manually delete information from the phone’s native menus and from the SIM itself. Don’t make it easy for anyone. In some cases, it’s probably best to delete information after every usage. It is a good habit to form to minimize your exposure, particularly to a casual search.
- Do a factory reset of the phone. This will make the information virtually unrecoverable. Each phone will have a different method of resetting so be sure you know how to do so before it is necessary.
- Remove and destroy the SIM. A strong digital forensics team can capture data from a broken SIM, particularly if they have all the pieces. If you are overly concerned, destroy it but don’t dump all the pieces in the same place.
- Physically destroy the phone if you are that concerned, but only the most capable and well-funded organizations will be able to recover anything at that point.