Even if a phone isn’t directly tied to your name, by tracking your location they can see where the phone rests for the night. In this guide, we’ll go over how to properly hide your home’s location and identity from cellphone tower service providers. And if you really want to learn how to become a ghost, subscribe for free to our new content by email, by Session messenger, via RSS feed, our Ethereum push notification channel, or on Nostr.
Get the primary phone
The first step is to root an android and install a privacy focused operating system such as Graphine OS or Calyx OS. Make sure to never put a SIM card or proprietary apps in this phone or use Google services. When you’re getting a phone to do this, make sure it’s ‘OEM unlocked’ before you buy it. Ask the vendor if you’re not sure; otherwise it won’t work.
Get the router
When you are at home, you’ll use the phone on Wifi to a router that you control. You do not want to use the ISP’s router because it sends logs and MAC addresses to the ISP. A good choice for a home router is something that enables you to root the proprietary firmware and install an open source operating system such as DD-WRT or OpenWRT. We recommend DD-WRT because it’s easier to set up.
If the phone hypothetically has any malicious backdoor in the hardware itself, like a Google Pixel might, then you want to have a VPN on the router itself to hide your location.
Get faraday bags
The next step is to get faraday bags. Faraday is a material that blocks cellphone and Wifi signal.
Many companies sell faraday bags, which are just big enough for cellphones or car key fobs.
Get Wifi hotspots
Next you’ll go in person (or send someone for you) to get a Wifi hotspot for cash and to sign up for service. You could order the hotspot online via Purse.io (but only if you have an anonymous shipping address set up). We covered Purse.io in our previous article on Amazon.
When you’re out
Inside your home, the Wifi hotspots stay inside faraday bags. But when you’re out of your home, you’ll pull them out of the faraday bags and connect the degoogled phone with no SIM card via Wifi to the Wifi hotspot with service paid for in cash.
Degoogled Phone → Wifi hotspot → cell tower
Be aware that the hotspot will see not only where you’re using it, but also whose SIM cards are around you. So you want to avoid using this around all your buddies. If you’re at a friend’s home, then ask to use his or her Wifi.
When you’re done using the Wifi hotspot, put the hotspot back in the faraday bag. Never take it out of the faraday bag in your home or close to it.
Optional portable router
Another option is to have a portable router in-between you and the hotspot.
Degoogled Phone → Portable Router → Wifi hotspot → cell tower
There are a few advantages of having a router in-between you and the Wifi source. First, you’d be able to put a VPN on the router and then use Tor (with the Orbot app) on your phone. This will prevent the cellphone tower from knowing you’re using Tor.
While yes, you could set Tor’s Orbot to bridge mode to avoid being detected, it is not as reliable for hiding Tor use as using a VPN. VPNs are much more common and less suspicious than Tor use.
And second, you’d have a better second firewall to protect you against a malicious hack. If you set up Calyx OS as your degoogled phone’s operating system, then it has an internal software firewall already. Or Graphine OS has a hardened Linux kernel to resist memory buffer overflow attacks. But now the packets are hitting your device to test compromising the settings. (In contrast, with an external firewall router, you’re not even letting the malicious packets touch your operating system.)
The OpenWRT router’s firewall will bounce everything except the VPN. This is basically shutting down all incoming activity that isn’t encrypted from that exact port number from that exact VPN company’s IP.
On the other hand, the degoogled phone’s Calyx OS firewall is going to evaluate if the packets are some of your approved software. This has a wide range of ports open.
A VPN or Tor app on your phone is not designed to bounce incoming packets. It’s designed to make sure nothing escapes outward. An external router’s firewall is your best defense from an outside actor attempting to hack data or control of the device.
Our #1 recommended choice for a portable router is a Rasberry Pi with OpenWRT because it’s open source and therefore completely trustworthy. A second option is a Gl.inet Slate “Travel” Router, but it has both a closed source web interface and mobile app that’s “based on” OpenWRT.
Another possibility is additional Wifi hotspots, faraday bags, and maybe even routers. This would make the use of one Wifi hotspot completely separate from the others.
Using additional hotspots is not that inconvenient because your single phone is being used the whole time. But you’d have to keep track of which hotspots you use around which friends or locations.
Q: What is a MAC address?
A: It’s a unique identifier for getting an internal IP address on an internal network.
Q: Does Android change MAC addresses?
A: Yes, every time you connect to a new Wifi source, Android will automatically generate a new random MAC address by default. So someone could NOT track your degoogled Android (Calyx or Graphine OS) across multiple different hotspots just by its MAC address. But other things might give you away, such as using the same VPN or even being the only Tor user in a small town.
Q: Does a portable router change MAC addresses?
A: Not by default so you’d be tracked across different hotspots, but it can be spoofed fairly easily. You’d have to manually spoof it each time. The Slate and Rasberry Pi both have options to do this, and it would take about 1 to 2 minutes to set up and execute each time, which is somewhat inconvenient. The Slate router is a little faster to spoof MACs right out of the box.
Q: Can my internet service provider (ISP) see my phone’s MAC address?
A: Only if you use their router. Instead, you should turn the ISP’s router into “bridge mode,” which means turning it into a modem. Then get a new router rooted with Open-DD or OpenWRT.
If you have a degoogled phone then they would get the same random MAC each time it connects to the ISP’s router and thus not hide it.
If your primary fear is a well funded, powerful adversary hacking you, then you want to stick to a Wifi hotspot and not use a second phone connecting to the cellphone tower. We are referring to this setup:
Degoogled phone 1 → Degoogled phone 2 → cell tower
The reason we do not recommend this setup is because there’s attack called Pegasus that works if the cellphone can receive SMS text messages. Pegasus allows an adversary to take remote control of the device and see all content. You could potentially turn off SMS ability, but it’s unknown if that would work.
On the other hand, if your primary fear is hiding the use of encryption to begin with because of some form of passive mass surveillance, then a second phone would actually be better because you could use SagerNet. SagerNet is a phone app designed to allow the use of a VPN without the ISP realizing it.
SagerNet works by disguising VPN encryption as regular website https encryption. So whenever you go to any website, the contents of that site are encrypted via SSL https.
If you go the second phone route, the microphones on these devices should be disabled through the operating system’s permissions. Another option is to have them physically removed (burned off), as Edward Snowden recommended, using a desoldering tool.
In conclusion, you can hide your location and identity from cellphone towers through Wifi hotspots or second phones in faraday bags. This allows you to keep the primary phone that you use outside the faraday in your home for normal use on Wifi.
With the services we recommended in our other articles, you can receive incoming calls and texts through VoIP paid for in cryptocurrency.
If your primary fear is specific targeting of you by a rich and motivated adversary, then we recommend Wifi hotspots over second phones in the faraday bags to avoid Pegasus.
If your primary fear is mass surveillance, then we recommend second phones over hotspots in the faraday bags to use SagerNet to hide VPN encryption.
Don’t miss out, subscribe for free to our new content by email, by Session messenger, via RSS feed, our Ethereum push notification channel, or on Nostr. At Simplified Privacy, our team is ready to help you with your transition to freedom respecting phones and apps and cater advice to your specific needs. If you have any questions about how to avoid location tracking and surveillance, please reach out and book a custom consultation.