Extreme Privacy: What It Takes to Disappear

You know that feeling right when your phone seems just a little too smart.

Yeah, like you mentioned something out loud.

Exactly like needing new running shoes, and bam, suddenly every ad you see is for sneakers.

It makes you really stop and think.

It really does. Just how much of these things tracking us?

It's a totally legitimate concern. I mean, our phones, they're basically pocket sized data collection machines, always sending out info about where we are, what apps.

We use, our web activity, all of it.

Yeah, and the big tech companies they use this stuff extensively.

Which brings us right to today's deep dive. We're talking extreme privacy for mobile devices. We're going to really get into the strategies to lock down your phone, drawing heavily on Michael Bizell's work, specifically a document he put together on.

This, and Bizell, well, he knows his stuff comes from years working cybercrime with the FBI. Plus he's huge in the ocent world, open source intelligence and just you know, building really solid privacy plans.

You might know his book Extreme Privacy, which is like the bible for this stuff, or maybe even from mister Robot. He was a tech advisor for the first season.

Yeah, he helped make that show feel really authentic about tech anxiety.

So this document we're looking at today, it's kind of a focused add on to his main work, just for phones exactly.

So our goal here is to pull out Bizell's key advice for setting up a mobile device that's well truly private and secure.

We'll look at cutting down location tracking, limiting what Apple and Google scoop.

Up, and just generally reducing how exposed you might be.

Okay, but let's set the stage here. Bizell is super clear this level of privacy it's not about convenience.

Oh, definitely not. There are trade offs. This is for people who are really serious about shrinking their digital footprint on mobile.

So it's not your average user setup.

Not at all. Yeah. But even if you don't think you're like a high risk target or anything, understanding these methods, it gives you incredible insight into just how much data these devices.

Handle and what's actually possible if you want to take back some control exactly.

It's valuable knowledge either way.

Okay, let's dive in then, extreme mobile privacy. Where does Bizell say we start? It feels like it has to begin with the phone itself right, getting it privately.

That's precisely it. The absolute foundation is breaking any link between the new device and you right from the get go.

So how do we do that?

Bezell's main recommendation buy it new, pay with cash at an actual store, a physical retail store, ah okay.

Avoids the credit card trail, the online order history.

Exactly, no digital breadcrumbs.

He even talks about using a nominee someone else to buy it for you. That sounds intense.

It really does show the level some people might need to go to, you know, if they're in a really high risk situation.

But for most people, just trying to up their privacy game, cash in person is a huge first step, the huge step.

And Bazill also warns pretty strongly against buying used phones. What's the thinking there.

Well, I guess the obvious stuff could be stolen, could be locked to an old account, or.

Still have data from the last person on there. Yeah, Plus that phone already has a history tied to someone.

Else, right, Factory reset doesn't just wipe its.

Past life, not entirely, And Bazill points out even if you try buying online with like fake names.

Or whatever, still leaves cracks.

Yeah, there's still a shipping address, some kind of payment, unique device ideas the seller locks a face to face cash purchase. That's the cleanest break you can get.

All right, So we've got our anonymously bought brand new phone. That's the next big layer for privacy. It's got to be the operating.

System, absolutely critical. And the key thing to grasp here is that both major players iOS and standard Android, they collect a ton of user data.

People often say iOS is more private out of the box.

And in some ways maybe it's default security settings are tighter than some Android versions. But bizeld point is when it comes to data collection, both Apple and Google are doing it a lot.

It. He actually says he thinks Apple's constant data transmissions are just as bad as Google's.

That's quite a statement, it is, and it's why he pushes hard for using a custom ungoogled Android version as the way to go for serious privacy.

And his top pick is Graffinios.

Raffinius.

Yeah yeah, So for people maybe not familiar, what is Graphenios? What makes it different?

Okay, so the main idea behind Graphenius is just stripping things down, cutting out potential ways it could be attacked or.

Leak your data, minimizing the attack surface and data leakage. Got it.

It's open source, built on Android, but really redesigned with privacy and security baked in from the start. Bizelle flags a few key things like what well it enforces a locked bootloader. That's a big security win. Stops people messing with the core system easily.

Okay, that makes sense.

And it gives you the option. It's optional to run Google Play services, but.

Sandboxed sandboxed, what does that mean? In practice?

It means they're walled off. They have very limited access to the to your phone in data.

Ah. Okay, so you could still get notifications maybe from apps that need Google stuff exactly, but.

It's contained and crucially, Graphenios doesn't need things like MicroG to handle those notifications.

That sandbox Google Services thing sounds like a pretty big deal for usability.

It's a major feature. It dramatically cuts down what data Google Services can actually see and Phone Home about.

So it limits Google's view right.

And Bazell also notes, look, while he focuses on Graphenios, a lot of these privacy ideas apply to other custom de googled Android ROMs to and he.

Mentions buying unlocked phones. Why is that so crucial here?

Freedom? Simple as that an unlocked phone means you can use any cell carrier you want, all right, And as we'll get into later, Bizell's strategies for private cell service often involve switching carriers or using specific plan types. You need an unlocked phone for that flexibility.

Okay, unlocked new phone acquired privately. Now the slightly skilled part for some Yeah, installing Graphenios. This isn't like just downloading an app.

No, definitely not. You're basically replacing the phone's entire original brain with Graphenio.

As to how's it done, Bizell walks through it for Pixel phones.

Yeah, He focuses on compatible Google Pixel devices. First, you have to prep the phone, unlock the OEM setting, and turn on USB debugging. He mentions he's covered this before elsewhere.

And he gives a couple of ways to do the actual install starting with a web based method.

Right, the web installer that's designed to make it easier, more accessible.

How does that work?

You use a web browser? He suggests a chromium based one like Brave, which is more private than chrome itself, connect the phone to your computer, and the Graphenis website basically walks you through it.

Okay, what are the steps?

Roughly, you boot the phone into what's called bootloader mode, plug it into the computer. On the website, there's a button click that it unlocks the bootloader. Temporarily confirm it on the phone. Right Then the installer downloads graphingios, flashes it onto the phone. That's the install part, and then crucially use the web tool again to relock the bootloader.

Relocking is important for security.

Absolutely essential. Then the phone reboots and boom, you're running Graphy in THEOS.

He also mentions doing it via command line Yeah.

For the more technically adventurous, yeah, gives you more control, but you need to be comfortable with Android command line tools like fast boots. The web installer is way easier for most people.

And once Graphius is up and running, any immediate next steps for security?

Yes, definitely go straight into settings and turn off OEM unlocking and developer options. You needed them for the install, but leaving them on is a security risk.

Got it Okay? Fresh GRAFANIOS install. He says it's private by default, but are there things we should tweak right away.

Yeah, it's a great starting point, but Bizell does point out some useful adjustments. One really neat feature is the quick settings toggles for the microphone and camera.

Oh like quick kill switches exactly.

Software kill switches lets you instantly block access.

Super handy day to day, but it's software, not a physical block.

Right, important distinction. Good for everyday use, but maybe not fool proof if you need absolute certainty. He also suggests doing the initial device setup while you're on Wi Fi.

Wi Fi not cellular data.

Why well, during setup, the phone's doing a lot of initial communication checking for updates. Connecting to servers using a trusted Wi Fi network is just a more controlled environment.

And ideally behind a VPN, even.

On Wi Fi, that's the extreme measure. Yeah, it masks your IP and encrypts everything during that sensitive phase, but he concedes for some just using your home Wi Fi might be okay.

He also mentions a couple of other optional things.

Yeah, like setting the screen to grayscale if you want fewer distractions, or switching back to the old three button navigation if you prefer it. A little usability tweaks.

Okay, Browsing that's a big one for privacy. Graffinios comes with its own browser, Vanadium.

Right, Vanadium, it's built on chromium but hardened for privacy.

What do we need to know about using it privately?

The main thing Bazell points out is, unlike some other privacy browsers, Vanadium doesn't automatically wipe your history in cookies when you close it.

Ah, so you need to clean up after yourself manually exactly.

He advises going into settings periodically and clearing browsing data to help minimize what it keeps. You can turn on settings like closed tabs on exit and maybe open external links in incognito mode.

Okay, makes sense, Keep it tidy.

Yeah. He also gives a quick nod to checking the camera app settings, just making sure they're figured how you want.

Contacts another big data source usually sync straight to Google or Apple. What's the Bizell way to handle contacts on Grafinios without the cloud?

The whole idea is just keep your contacts off those big cloud servers, completely under your control.

So no sinking. How does it work?

Then it's a manual process. He suggests keeping your master contact list on an encrypted computer, ideally Linux. Then you export them as a VCF file.

VCF like a standard contact file format exactly.

You export from your computer, copy the VCF file to your pixel using a USB cable, and then import it into the basic contact app that comes with Grafiniosh sounds a.

Bit more involved than automatic sinco.

It definitely has. It requires delibered action. He suggests maybe doing it monthly. But the payoff is your contact list never touches Googles or Apple servers.

And you could get that vcfile from other places too, like proton mail.

Yeah, if you manage contacts there, you can export a VCF from services like that as well.

Okay, device is set up, contacts are handled locally. Let's talk network level stuff. Zell recommends next DNS. What is that and how does it boost privacy?

So think of DNS as the Internet's phone book. It turns website names like Google dot Com into IP addresses your device can connect to. Right Normally, your internet provider or mobile carrier handles those lookups and they can log everything. Next dns is a private DNS service you can tell grafenios to use instead.

So you bypass your ISPSDNS. What's the advantage to.

Ones First, next DNS can log all the connections your phone tries to make you get.

Visibility, see where your data's going exactly.

And second, even better, you can set up blocklists. Tell NEXTDNS don't let my phone connect to these known ad servers, these tracking domains, these malware sites.

Whoh okay. So it's like a filter for the whole phone's Internet access at the DNS level.

Precisely, he specifically suggests enabling the main next DNS ads and trackers blocklist. It stops a lot of unwonded stuff before the connection even happens.

What if it blocks something I actually need, like a banking app stops working.

Good question. It can happen occasionally. Bazell's advice is simple, temporarily switch the phone's private DNS setting back to automatic. If the app works again, you know next DNS was blocking something, and you check the logs. Yep, go into your next DS logs, figure out which domain got blocked, and you can add it to an allow list if needed. Or if you see an app constantly calling home to some sketchy domain, you can add that domain to your denialist. Very granular control.

And you can turn off a logging in next DNS itself eventually for max privacy.

Right, once you get your blockless dialed, and you can disable logging entirely in your next DNS account settings or just clear the logs whenever you want. He also shows how to double check that your phone is actually routing through.

Next DNS notifications. They seem harmless, but they mean constant pings back to app servers. Right. What's the extreme privacy take here.

It's that classic privacy versus convenience trade off turning off push notifications. Definitely more private apps aren't constantly checking in. You only get updates when you actively open the app.

Plus better battery life probably often.

Yeah, but you lose the instant alerts. You have to be more intentional about checking things.

He mentioned. Some apps like Totonota and Signal have their own notification methods.

Right. Some privacy focus apps try to handle notifications themselves, avoiding Google system to to Noda Signal do this, but as Bazell notes, sometimes that can actually drain more battery because the app has to keep its own connection.

Open, and some VIP apps only work when they're open.

Yeah, things like Sypnetic or my Pseudo might only ring for incoming calls that the app is actually running in the foreground. So a totally Google free setup might mean you miss stuff unless you're checking actively.

It seems like you really have to want that level of disconnect.

You do, which leads to the compromise. Bizelle discusses Graffinius is sandboxed Google Play services for push.

Ah, the sandboxed option again, how does that help with notifications?

It lets you get notifications from apps that depend on Google system, but without needing a full Google account logged in on your phone, and it restricts what Google can see.

How restricted?

Well, Google might know that an app is sending a notification via their service, but they shouldn't see the content of the notification. It's encrypted, and since you're not logged in, it's harder for them to tie that activity directly back to you.

Okay, so it's a middle ground exactly.

Bazel himself prefers no Push services for ultimate privacy, but he admits most Graphinios users enable the sandboxed version because frankly, it makes the phone much more practical for daily use.

If you do want to use it, should you install it before your apps?

Yes, that's the recommendation install the sandbox play services first, then install the apps that need it. He walks through how to install the necessary components and importantly, how you can always uninstall them later if you change your mind, Plus how to manage notification permissions per app?

Of course, right, Okay, os is set up, network is filtered, notifications handled. We need apps. The regular Google play store is out. If we're avoiding Google, how do we install apps privately on graphinios.

Yeah, this is a key challenge. The goal is to get apps without feeding data directly back to Google via the playstore. Bizell mentions Aurora Store first.

Aurorer Store. That's like an anonymous front end for the playstore exactly.

It tries to fetch you apps anonymously, but he notes it can be buggy sometimes have connection issues. So he lays out a kind of highhierarchy of methods from best to worst privacy wise. What's the order best option? First? F droid that's a repository specifically for free and open source software FOSS. If the app you want is on f droid, get.

It there, Okay, f droid first.

If it's not there, then try Aurora Store first. Attempt to use its built in anonymous log in.

See if that works, and if the anonymous login fails.

Then reluctantly you might need to log into Aurora Store using a burner Google account when you created just for this with no real info tide to it and saw the apps you need, then log out of the burner account and Aurora immediately.

Still better than using your main Google account.

Much better, And the absolute last resort if none of that works is manually finding and downloading the APK file for the app from a trusted third party source like APK miror or APK Pure, but that requires careful vetting of the source.

So the preference is clearly f Droid, then Aurora anonymous, then Aurora Burner, then manual APKs.

That's the flow, and he stresses keep froid and Aurora store themselves updated, preferably manually checking for updates rather than letting them auto update, just for more control.

He acknowledges there's some debate about fdroid and Aurora.

Yeah, within the privacy community. There are always discussions about trust and potential risks, but Bizell's take is basically they're flawed, but still vastly better privacy wise than using the official Google Play Store logged in with your real account. His advice is simple, only install apps you really need and trust.

Okay apps are installed. We talked about next DNS blocking domains. Can we use that to block trackers within specific apps? He mentioned Blockingbrais dot com.

Yes. Absolutely, This is where next DNS becomes really powerful for app privacy. You use the next DNS logs to watch what connections your apps are making in the.

Background, like spying on your own apps kind of.

Yeah. So you install an app, use it a bit, then check your next DNS logs if you see it constantly talking to domains like Braise dot com or appash analytics dot com.

Or whatever, which are known tracker domains.

Right, you can just copy that domain name and added straight to your next DNS denihilist blocked.

He gave another example with the privacy dot Com app.

Yeah, showing that you might see connections from a legitimate app you do want to use, but maybe you don't want it talking to certain third party services it uses. You can review those connections in the logs and decide, Okay, I'll allow the main app function, but I'll block this specific analytics domain it's trying to reach super granular.

That's powerful. Okay, navigation. Google Maps is obviously the default for most, but it's a privacy nightmare. What are the alternatives Bazelle likes?

He points to a few solid privacy respecting options, mostly based on openstreet map data, Organic Maps, os Man plus often written osman, and Magic Earth.

What's the big advantage of these offline maps?

All of them let you download map data for entire regions or countries directly to your phone, so you.

Don't need a data connection while navigating, and you're not constantly pinging your location back to Google.

Exactly, huge privacy win. Magic Earth also tries to do live traffic, but Bizill finds it less reliable than Google's.

Which one does he lean towards currently.

He mentions preferring Magic Earth finds it a good balance of features and usability. He downloads maps for whole country, so he's covered offline, and if.

You absolutely positively need Google Maps for something specific.

His suggestion is maybe install it in a secondary user profile on graffinios. Keep it totally separate from your main stuff. We'll touch on profiles later, gotcha.

He also brings up adding extra pins to specific apps.

Yeah, another layer of security. Some apps lete you set their own separate PI in or password beyond just your main phone lock screen PI.

In, so even if someone gets past your phone lock, they hit another wall trying to open that specific app.

Precisely. He lists examples like standard notes, my pseudo privacy dot Com wire off for this. Unfortunately, some big ones like Signal and tooted Noda don't. They just rely on your device lock.

Okay, devices locked down apps are chosen carefully. Now connecting to the outside world cellular service, this feels like a major tracking point. What's the approach, especially thinking about the US market.

The absolute core principle here is break the link between your real identity and your cell service. The Zell's blunt all cell phones track location period. You can't stop that entirely. The goal is to make the service account pseudonymous.

Not tied to your real name and address.

Right. He briefly mentions the hard core option just don't have cellular service at all, relying only on Wi Fi rare but.

Possible for most people needing cellular. What's the plan?

Prepaid SIM cards bought with cash using alias information for any activation details required here you get them retail stores. Ideally, if you have to order online like ver An e SIM, sometimes use alias info and maybe shift to something like an Amazon locker using a temporary address like a hotel you're not actually staying at. Always pay with cash or a mask payment method if possible.

Physical SIM versus AESIM any privacy difference.

Physical sims are maybe slightly more anonymous to acquire with cash and easier to swap between phones. eSIMs are convenient for activation, often done online. He gives a detailed example of activating a Mint Mobile free trial eSIM using alias info over public Wi Fi, notes that renewing those trials anonymously is tricky.

Though what about Tello, He mentions them too.

Yeah, Tello's another T mobile reseller, often has more flexible plans, maybe cheaper data only options. Crucially, he says, you can often buy a plan and get the ESIMQR code right from their website, making the anonymous set up potentially easier if done carefully with alias info and masked payment.

What if you use Wi Fi calling, does that hide you from the carrier?

Not really, Bizell says, even over Wi Fi, your calls and texts using the carrier number are still logged by the provider. Minimal privacy gain there. Maybe useful for making a quick call in your carrier number while you're on secure WiFi, but that's about it.

He advises not disabling SMS entirely right.

Because carriers sometimes send important alerts via SMS, like warning about potential simswaps. Better to leave it functional, just don't use it for personal communication. His own setup, he mentioned using a Mint physical sim for testing some data only e sims, and then heavily relying on.

VoIP Okay VoIP Voice over Internet protocol. This seems key to his strategy for calls and texts. Why move away from the regular cell number.

Several big reasons. One, your carrier logs all calls and texts on that number permanently. That cell number is a huge identifier links back to you, used for data breaches boxing. Three, simswapping is a massive threat tied directly to your carrier number. Four, you just don't control who gets where shares your main cell number, so.

VoIP offers more anonymity and control.

Exactly the goal Bezelle lays out is setting up your own personal VoIP system on your secure Graphenios phone, making and receiving calls without needing Google services or exposing your real cell number.

Before picking a VoIP provider, he recommends getting your own domain name. Why.

It's about having a stable, controllable identity for signing up for services. Lots of free or anonymous email services get blocked these days. If you own my dash private dash domain dot com, you can create unlimited email addresses like voipe sign up at my dashprivate dash domain dot com or whatever.

Makes you less dependent on throwaway emails that might get flagged, right.

And it looks more legitimate to services like VoIP providers, potentially helping bypass their fraud filters.

He suggests cloud Flare for this. How does that work?

Yeah? Create a free cloud Flare account using maybe a proton mail address, register a domain name through them. Costs about nine dollars a year. Pay with the masked card like privacy dot com, and then set of cloud Flares free email forwarding. You can forward emails send to any address at your domain to your secure proton mail inbox.

Super flexible, so not strictly required, but a good foundation.

Recommend it, Yeah, especially for dealing with telephony providers.

Okay, domain ready, let's set up a VoIP number. He uses Twilio as the main example. How do you set up Twilio privately?

Key is avoiding your real identity. He suggests creating the account without a VPN if possible. They sometimes block vpn ips. Use an existing VoIP or maybe even a landline number for verification if you have one separate from your main mobile And when Twilio inaffably asks what are you using this for give a plausible, maybe slightly business sounding reason, don't you say anonymous calls?

Okay? Account created? Then you buy a number yep.

Purchase a phone number from Twilio and the area code you want. Then comes the slightly tricky part. Configuring twmml bins sounds technical, it's Twilia's simple code language. You create little snippets of code called twmlbins that tell Twilio what to do with incoming calls, like connect them to your LSIP client, and outgoing calls roll them through Twilio. You link your purchase number to these bins.

He mentions nine one one calls.

Yeah, Twilio warns about emergency call fees and reliability. Bezell's advice for nine to one one always use your phone's native cellular dialer, not the VoIP app.

Got it. So Twilio handles the number and the routing logic. How do you actually make or receive a call on the Graphinus phone.

That's where a sepubowl client app comes in. He recommends Sypnetic.

Sypnetic.

You install Sypnetic from f troid or aroor store granted permissions, and then manually add an account. You'll put in your Twiliophone number the Torio server address, your number dot SIP dot us one, dot Twilio dot com or similar, and then use your main Twilio account SID as the user name and your off token as the password within sypnetic.

Okay, so sybnetic connects to Twilio using those credentials exactly.

Then Sybnetic acts like your phone dialer for that Twilio number. He notes, you can pour numbers into Twilio two and make international calls. Just remember standard VoIP calls usually aren't end to end encrypted. The win here is control and anonymity of the number itself on your ungoogled phone.

What about SMS texts? Can we get those on the Twilio number?

Yep, similar process, create another twemlbin, this one specifically for incoming SA. The code basically says, when a text comes in, forward the message body and the sender's number to this other phone number I specify. Then you can figure your Twilio number to use that twinm mail bin for messaging.

Okay, so texts get forwarded somewhere else. What about voicemail?

Same idea. Another twemmel bin, This one tells Twilio, if a call isn't answered, play a greading record a message, and then email a link to the recording to this email address.

So voicemails end up as audio links in your email.

Right. You then set your Twilio number to use that voicemail bin when calls timeout or are busy. Big caveat. Though those voicemail recordings are stored on Twilio servers, not.

Private ah, so you need to manage that definitely.

Bizell advises going into your Twilio dashboard regularly and deleting the recordings and transcripts. He also suggests disabling a setting in Twilio called Daily Calls log Archives for better hygiene, and remember each extra Twilio number costs extra money per month.

He also gives tel Nix as a Twilio alternative. Quicker setup maybe ye, and.

It mentions Telnickx briefly says monthly number costs might be slightly lower. Set up maybe a bit easier, but big drawbacks. No built in voicemail. You apparently can't delete call text logs from their system, and their fraud detection might be stricter, potentially leading to account freezes.

Yeah.

He gives a referral link if people want to try it. Set up with Sypnetic is similar, but uses Tellnik's credentials and servers, and they don't have native SMS forwarding. You'd have to build your own forwarder.

And my Pseudo that's another VIP option he uses, right.

My Pseudo is different. It's an app that gives you multiple pseudos, basically profiles, each with its own private phone number, email, and contacts, all managed within the app.

Can it run on Graphenius, Yes.

He says. It installs via Aurora Store. He personally uses it, finds outgoing calls texts reliable, but because he disables push notifications, he often misses incoming calls texts unless the app is open.

But for someone who enables the sandboxed push notifications.

Then my pseudo should work normally for incoming alerts too. He does. He's an advisor and shareholder for a nonimal labs, the company behind my pseudo.

Okay, lots of yp options, but what about the phone number? Most of us already have our main cell number. We can't just ditch it. Usually, how do we handle that?

Good question? He lays out the options. One, cancel it, lose the number forever. Two, keep the old plan on an old phone inconvenient expensive. Three port the number to a VoIP service usually the best option if.

You want to keep it porting like moving the number.

Exactly, and the crucial thing, do not cancel your old cell service before the port is complete. The porting process itself cancels the old service automatically once it succeeds.

Where should you port it to? He mentions Google Voice.

Yeah. He gives detailed steps for porting your old cell number to Google Voice recommends using a VPN. For setup. You basically sign up to Google Voice, get a temporary gv number, then initiate the porting process for your old cell number, which replaces the temporary one, pay the porting fee, wait for it to finish.

How do you use the number. Once it's on Google Voice.

You can make receive calls and texts via the Google Voice website or app. But the goal here isn't necessarily to use Google Voice daily, but to park the number securely.

He also mentioned porting to Twilio as an example.

Right shared his own experience porting a Mint Mobile number to Twilio took a few days. An interesting side effect was that, at least initially, many online services still saw the number as a regular mobile number, not VoIP, which helped for things like bank verification codes. But that might not last forever as databases update.

What about that weird idea of LINKINGIP back to Google Voice forwarding calls.

It sounds counterintuitive, yeah, but it's a strategy. If you want to receive communications set to your old number now parked on Google Voice without actively using Google services. You could say, forward calls from your Twilio number to your Google Voice number, then say Google Voice to forward voicemails and texts to your encrypted email like proton mail, so.

You get notified via email about stuff sent to your old number without needing the Google Voice app installed or constantly checking the website exactly.

It's an indirect way to keep tabs on the old number while minimizing direct interaction with Google. He details steff to further disconnect Google Voice from other devices too.

Data only cellular plans. Why would someone want just data no voice text plan?

Primarily to dodge risks associated with a traditional phone number like simswapping and tracking link to that number. It's for people who mostly communicate oversecure encrypted data apps like signal Wire or VoIP and just need the Internet connection that it benefits often shorter commitments. Sometimes you can access multiple carriers via resellers, potentially more anonymity from the carrier itself since there's no voice number tied to you in the same way.

What providers offer this He.

Mentions basic options from Tello and US Mobile. Again also touches on international data sims often run out of places like Hong Kong. They offer global coverage but can have issue is like data expiring quickly or limited private payment options. Keep Go's mention is maybe more flexible, bit pricier.

So data only is maybe a niche thing.

Yeah, valuable, Maybe is a secondary SIM for travel or for really high target folks who manage all their comms over data and are good at managing data usage less practical for the average person.

Okay, we have secure devices, private numbers, careful app installs. Now the actual communication, end to end encryption is paramount, he.

Says, absolutely critical. E two E ensures only you and the person you're talking to can see the message here the call, etc. Not the provider, not anyone in the middle. Applies to email, voice, video messaging standard SMS.

Text messages are out.

Then definitely not encrypted. Carriers can see content. Metadata is logged risky. You want apps that offer E to EE ideally zero knowledge, meaning the provider can't decrypt even if they wanted to, and ephemeral messages.

Auto deleting signal comes up first, widely used. What's the privacy A.

Signals encryption is top notch. The main privacy wrinkle, Basil points out, is needing a phone number to register.

Ah, so don't use your real cell number.

Never use one of your VoIP numbers, Twilio, my pseudo, maybe the number you ported to Google Voice register's signal. With that, he walks through installing signal via Aurora, verifying with the VoIP number, and basic privacy settings inside signal, like hiding the typing indicator, deciding if anyone can contact you. He admits Signal isn't perfect, but its wide adoption is a huge plus for actually communicating securely with people.

Wire is the second option he likes.

Yeah, Wire big advantage. You can sign up with just an email.

Address, no phone number needed, right use a.

Proton mail address. It does E two EE for text, audio, video works, cross platform free for personal use. You can even have multiple wire accounts easily. He notes a minor occasional glitch where messages might not sink instantly across all your devices, but still recommends it highly.

VPNs virtual private networks? How do they fit into the mobile picture?

Main benefits on mobile? According to the zell hiding your activity from your cell carrier they see you connecting to the VPN server or not the final websites, and masking your phone's IP address from the websites and services you visit.

Which VPN does he recommend.

His primary recommendation is Proton VPN. He also uses PIA Private Internet Access, sometimes specifically for their dedicated IP address feature, which can help get around sites or services that block known VPN ips. He explicitly says he doesn't use or recommend MOLVAD due to bad experiences.

Does he keep the VPN on all the time on mobile?

Not necessarily always on for his computers. Yes, on mobile, he uses it when he feels it's needed. He's realistic. Your carrier and email provider can still often see which domains or IPS you connect to, even with a VPN. Depends on your threat model.

So Proton for general, use PIA for dedicated IPS if needed for tricky sites like.

Banks, that's his setup. Yeah, he trusts Proton's business model and Swiss jurisdiction.

Custom Simizing the look and feel launchers, he mentions lawn Chair two.

Yeah, launchers change how your home screen looks and functions. Nova is popular, but Bizell prefers lawn Chair two, the version on Aurora Store, not the old Defroid one simple customizable. He walks through setting it as default, changing icon grids, hiding docs, et cetera.

Isn't Launcher two kind of old, not updated anymore?

It is. Yeah. He acknowledges that, but still likes its stability and simplicity for his needs. His workaround for potential security concerns is to install it, configure it, and then immediately block its network access in the graffinios settings.

Okay, what about other essential apps? Notes, music, podcasts.

For notes, standard notes, encrypted sinks or simple notes local good for widgets music, simple music player, froid, basic MP three's or power ramp or features Equalizer podcasts and tenepod f droid. If you need to track stocks, maybe stock widget, Arora store. All privacy focused alternatives.

Managing all these different phone numbers, YP, signal etc. Gets confus using. He suggested a widget.

Yeah, a cheat cheat widget. Simple idea. Create a note in simple notes pro afteroid version listing all your different numbers example Twoliot five FI five one two three four signal. Then put the simple notes widget displaying that note right on your home screen for quick reference.

Handy. Now, Graphenemus has multiple user profiles, how can we use that for privacy isolation.

That's the key benefit. You can create a completely separate space in your phone for certain apps or activities.

Like as Google Maps.

Example, exactly, create a secondary profile called travel or whatever. Install only Google Maps and maybe Sandbox play services if needed for Maps features. Inside that profile, your main profile stays completely Google free.

Are these profiles totally separate, like anonymous from each other?

Not completely. Bazell is clear. They share the same hardware, same Wi Fi connection, same cellular radio, same GPS, so it's not true anonymity between profiles and apps running at a background profile can still use RAM and battery, so.

Good for isolating apps, but not a magic bullet for anonymity, right.

He recommends rebooting the phone after using a secondary profile, or at least using the n session feature for that profile, and probably don't create more than one extra profile due to storage and hassle.

Two factor authentication two FA crucial for security. What's the best approach here?

Software authenticator apps? First? If starting fresh, he suggests paid standard Notes, which has a built in authenticator, or free Bitwarden, which also does. Hardware keys like ubikey are even better if the service supports them. Standard notes does.

What about sites that only allow SMS two FA.

Ugh Yeah, annoying but common. Try the Google Voice number first, the one you ported. It's generally more reliable for SMS verification than PUREVOIP and can sometimes work with hardware keys linked to your Google account for extra security. If that fails and you must use a real cellular number like for some banks, you'd have to fall back to the strategies for getting a private prepaid SIM we discussed earlier.

Keeping this all running smoothly maintenance.

What's key updates and backups? Graphinios is great with frequent direct security updates. Keep those installed for backups, especially photos doo. Not rely on Google Photos.

Or iCloud manual backups.

Then, yes, weekly routine. He suggests. Plug in the USBC drive format at FA thirty two. Use the files app on the phone to move not copy photos from the camera folder bcim camera to the USB drive. Eject the drive, plug it into your secure encrypted computer, copy the photos there, then erase the photos from the USB drive. Long term storage is only on the encrypted computer, which itself should have backups.

Okay, daily use, How do we live with this thing? Day to day? Home strategies Faraday bags, blocking mics, cameras right.

Big consideration risk of the phone constantly connecting to cell towers near your home, revealing patterns. Some extreme users never bring their primary phone home or connect near home.

Wow, what's a more moderate approach?

Maybe use a secondary Wi Fi only device at home for secure comms Those signal only allows one mobile device. Bezel's current strategy one Graphios phone Wi Fi only at home, airplane mode plus my camera blocked went away. Maybe even remove the SIM disabled eSIM when at home for extra paranoia.

Faraday bags for blocking all signals YEP.

Essential if you need total radio silence. He recommends the output bag from Silent Pocket, gives a discount. Link stresses you must test your bag thoroughly. Try calling it, check Wi Fi, Bluetooth while it's inside, don't just assume it works.

And blocking mics and cameras software toggles plus physical.

Both use a graphin US quick settings toggles daily, but also use physical blockers for the camera, simple tape or a slider for the microphone. He recommends USBC microphone plugs.

How do those plugs work?

They trick the phone into thinking and external microphone. Like on headphones, it's plugged in, so it disables the internal mics. He warns against the tiny flush mount plugs, easy to lose, might accidentally trigger voice assistance. Get ones with a little tab. Physical blockers prevent accidental hot mic situations.

Headphones and transferring files. Anything special there.

Since most phones lack headphone jack, now use wired earbuds with an inline mic for calls. Don't use speaker phone. Get a USBC to three point five millimeters dapter if needed. Apples is cheap maybe low volume for transferring files like those VCF contacts or photos. Use a dedicated USBC flash drive like the sand Dis Ultra duel drive he likes instead of plugging phone directly into a computer. More liable, less potential driver hassle or emergencies.

Calling nine one one that.

Will reveal your true cellular number if you have an active SIMSIM no way around it. So I have a plan. Bizell keeps an old deactivated flip phone in his car, the nine to one one phone. Any cell phone even without service can call nine one one in the US.

Just in case you need to revert all this flashing back to stock Android.

Yeah, he briefly covers using the command line fastboot tool to flash the original Google Pixel firmware back onto the device. Useful if you need to return it, sell it, or just go back to stock for some reason.

Okay, last big section Apple iOS. He prefers Graphenios. But some people want or need an I phone. What's the advice for them?

Right? Acknowledging reality first, same purchase advice, buy new with

Wow, go through every single setting and turn off anything related to tracking, syncing, or phoning home.

Pretty much. The goal is to neuter iOS's default data collection as much as possible.

What about the Apple ID? Can you make that anonymous?

That's crucial too. His method get a new prepaid cellular number first activate it carefully, maybe needing carrier support initially, like with Mint. Then create a new Apple ID using that prepaid number for verification. Don't use your real name or primary email.

Use the burner phone number for the Apple ID right.

Then lockdown settings within the Apple ID itself, disable recommendations iCloud, find my sharing, and configure privacy settings within apps like my Pseudo proton Mail Signal and iOS. Keep password manager apps read only on the.

Phone backups for iPhone iCloud is out.

Absolutely no iCloud for backups. If you're serious about privacy, use a USB cable to back up to a computer. On newer macOS, use Finder, or even better for just photos videos, use the built in image capture app. He prefers that it's less likely to pay Apple servers. Imazing is a paid tool that can help transfer music code or data without iTunes Finder hassles.

So the key is manual backups zero iCloud sync.

That's the mantra for extreme privacy on iOS, disable iCloud completely.

What's his final take on iOS privacy?

Then, basically Apple collects a lot by default, but you can make it significantly more private by changing all those settings. Disabling iCloud, using an anonymous Apple ID tied to a prepaid number, and being careful. It takes effort, but improvement is possible.

Man, that was comprehensive. We've gone from buying the phone with cash to configuring VoIP Twimmel bins and navigating the labyrinth of iOS settings.

It really covers the spectrum of extreme mobile privacy, as Mozille lays it out, and like he says, it's definitely a journey. You don't have to do everything at.

Once, absolutely pick and choose what makes sense for your situation, but even just understanding what's possible what goes into this level of privacy is really valuable.

I think definitely. It makes you much more aware of the defaults and the dataflow on any device you use. Maybe you start with NEXDNAS, or try a privacy browser, or get a voy a p number for signups. Small steps add up.

So the thought to leave everyone with in this world where we're always connected, always tracked in some way, what does reclaiming your own digital space actually look like for you? And what's one step, maybe inspired by this deep dive, you could take to start creating that space