web.de and paypal are related. You figure out the rest lol

You are aware that they do not need to save the data to your device to track you, right?

No, but I'd be interested in a better screen for the 13 inch.

I don't think you understood half of what I wrote correctly. Feel free to skip the next paragraph if you already know about triangulation in the context of cell towers.

Your phone, when connected to a cellular network, can be tracked by cellular towers. Take a single tower to which you are connected. The tower has a multitude of devices which are connected to it. Since latency is a large issue due to distance, communication is less trivial. To prevent waiting for packets from a device for too long, the cell tower will divide a certain time into sectors. In each of these sectors, one device is supposed to send it's packet. To hit this time window however, the device has to send it's packet in advance, as to cancel out the latency of the transmission. By how much is determined by the distance between the cell tower and the device. This system requires knowledge of distance. This distance has to be close enough to the real distance, to cancel out latency and maximize the time a device can send data. With obstacles that may reflect the waves, the preciseness of the distance determined is correlated to the stability of the connection. Given that a lot of people can be using a cell tower at once, there are towers which are segmented. These work slightly differently than non segmented ones, in that they have multiple antenna sending and receiving signals in different directions. A segment of a tower with 6 segments would then be responsible for all devices which are in the area of 60 degrees from the tower. The distance together with the general direction already gives us a pretty accurate depiction of the user's location. However, since most towers are neither segmented, nor would a say 6 segmented one give as accurate of a reading if the device is 3 miles away (that would be a possible curve of pi(≈3) miles which the device could be on, given a perfectly flat ground), let's make this even more interesting. With a simple, rough time stamp, we can find out the location of a device up to an accuracy of a single point. Add a second cell tower, make the device connect to the towers one at a time and you have the exact position of the device. Well, pretty close to exact at least.

With that said, the reason why a sim card is the issue in this constellation is the unique identifier. If a network of cell towers can determine where you are located and the imsi is tied to your identity, then your location is tied to your identity. And if you think, even for a second, that mobile internet providers would not take advantage of this, think again. A very popular example of this are malls wanting to know where their customers came from.

Now, if you have a device with GrapheneOS (DivestOS too I think, don't know) for example, then you will have the ability to entirely switch off the cellular antenna of your phone (which one should likely do if they don't have a sim anyways). This is supported by hardware due to airplane mode, where the airplane requires least interference.

Now that I have explained in more detail, do you understand better why a sim card is a privacy concern?

Well, if you want to activate an esim on any other Android rom, you need to use Google services and have an internet connection. DivestOS is the first rom to implement an open source version of eUICC, which is used for activation, called OpeneUICC. It also does not need an internet connection, so nobody knows that the esim is installed on your device. That is, until you actually use it, of course. This is in line with DivestOS actively trying to "deblob" (remove binary, closed source parts of) Android.

The second part, about why sim is not very private, well it has a unique identifier and the technology was specifically designed to pinpoint your location, as this helps keep a good connection.

Also, why did my comment get downvoted?

Also, privacy fruendly esim activation anyone? (Am aware of privacy issues with sim)

Honeypot

I'd recommend a searxng instance.

deleted by creator

Of course I recognize the idfference. And I hate brave for somewhat abusing their users like they do. Still, that is not what op said. I won't repeat it again, but that fundamental difference you are speaking of was not highlighted by them. Possibly leading other people to believe that cryptocurrency is bad to use as a whole, which as yourself has said is not right if one repsects privacy.

And of course, my mistake. Didn't mean to falsely accuse you.

How did I make a false equivalency when the op literally called any project that "dabbles in crypto" a possible scam? That includes Signal as well as Mullvad. Op's comment does not in any way indicate the use of one's own currency, simply abolishing all services using crypto.

Well then maybe don't call anyone who "dabbles in crypto" sketchy

Mullvad and Signal support crypto

Why would you watch popcorn. Just eat it.

I just said I agreed

You are indeed correct. Whoops.

And yet he did not mention he does not own one. Am I supposed to withhold information because I'm not sure which information helps him? Am I supposed to play government?

Now about OSs.

Most privacy oriented mobile OSs are based on AOSP. Ubuntu touch may qualify as an option that is not, but due to it's lack of the added security layer that Android provides, I would strongly advise against it.

The "golden standard" for Security and Privacy on a smartphone is GrapheneOS. GrapheneOS has extensive hardening, uses their own servers for services that are usually provided by Google and if a vulnerability is detected they are the first to patch it. I remember reading Kuketz's security blog, where he contacted the Graphene devs about the fact that at system start, their OS, by default, asks Google servers for the time. He analyzed a few OSs and all had this issue iirc, but it took the team of Graphene mere hours to make the device call their own Server and roll out an Update. They regularly patch vulnerabilities before Google does. What's the catch? It currently is only developed for Google devices due to their superior security. This includes the tablet. While GrapheneOS has a lot of amazing stuff, my favorite is the fact, that by default, no app has any permissions and I have even finer control over those permissions than I have on stock Android. The big one here is internet access permission. I would play Graphene badly though by just leaving it at that, so I would advise you to check the feature page. Graphene will support a device, as long as it gets security updates by it's vendor and fulfills their device requirements. This includes new Android versions and is another reason why the Graphene team chooses Google devices, as these logically always have the newest version first.

CalyxOS is a rom often compared to GrapheneOS. I believe this could be, because Calyx and Graphene favour Google devices. Calyx however is nowhere near as secure and as hardened as Graphene, though it is hardened well. The people behind Calyx are incredibly good at networking and by default you get an incredibly fine tunable firewall. It is often used to block certain IPs, say a Google Server. Unlike Graphene, Calyx has support for Microg, which all of the following roms have. This is bad for security and good for usability. Choose your poison. Calyx is also more performant than Graphene, as it is not quite as hardened. Taking Kuketz's blog as an example again, the answer of the Calyx institute on the question about the Google server call for time was that it is "intended behaviour". While I don't doubt that it is, I do not like this at all, especially as this service is easily replacable without consequence. The Calyx institute has a very friendly community and is more than just the OS. They have other tools at their disposal, most of which focus on networking, including the free VPN, that is not a scam, but really slow. Calyx works on the Fairphone, Pixels and the Shift phone. Please do check out the feature page.

Lineage is a rom that was created out of the need to bring devices that have lost update support from their vendors back to life. As a result, it is neither specifically made for security or privacy nor should it really be used for other reasons than it's reason for creation. It is supported over a wide range of devices and as such does not support specific security features offered by the hardware. It is made to just work on everything.

DivestOS is one of the few mobile OSs that is not built on top of AOSP. It is only by extension, as it is built on top of LineageOS. It too has a wide range of supported devices. What sets it apart from LineageOS is that it has a lot of the hardening that Graphene has. It still has the issue of the widely treaded support, but it would be my second choice for security. The "team" of this project is only made up of one very knowledgeable guy though, so as always be careful. Divest also has incredibly useful resources on their website where they e.g. compare browsers in privacy and security in a concise manner. As Divest does not have a singular feature list, just look through their website to find out if it's a match.

iodé is an OS created in one of the nordic countries. I believe it was sweden? They have a giant, system wide ad and tracker blocker that is incredibly configurable. This approach is not very beneficial, as this is not privacy friendly but ad reducing. The issue is, that there is one point of defense. That is not enough. Calyx has something like this with its firewall on top of it's great hardening and google reduction. While iodé does reduce the use of proprietary apps, their goal was never to provide a private experience, but to provide an adless one.

/e/ os is weird. I like it, but it's weird. I will call it æ from now on as that is faster to type. Project æ, the project behind æ OS, has the right goal. They want you to have a google free experience. I believe the OS has some hardening. Not on the same level of Graphene, Calyx and Divest however, which themselves are on differing levels. With this OS, you get some benefits. Project æ has created an app store. Inside this app store are reviewed and approved apps, which they apparently did by hand. I have never had an æ os device, but I believe that in this app store proprietary software is also available. You get a similar rating to the software that F-Droid and Exodus provide, just done by humans, so they have given the apps points in different categories and explain why, which is indeed more advanced than the alternatives. æ OS also comes with a possible cloud subscription. I do not recommend this, as it just seems to be a Nextcloud reskin. Nextcloud does not have a good encryption method, as the key for decryption of the files that are encrypted at rest is saved in clear text. Murena, which I think is the same group behind æ also sells phones with æ OS preloaded. They have partnered with fairphone to make the newest Fairphones available at their shop. All of this capitalism is not important for you though, that's to keep the project going. æ OS supports a wide range of devices which, again, is not desirable for security purposes. Check it out here.

A note on Copperhead. The creator of CopperheadOS and the creator of GrapheneOS used to both develop for Copperhead. The current Copperhead owner has made bad choices back then, so the creator of GrapheneOS has split himself from the project and made his own. Do not trust Copperhead, it may still be recommended in some old post.

If you know german, please take a look at Kuketz's blog, where he currently is comparing these custom ROMs. I am not in any way affiliated with him.

Yes. To explain this further to you I will first define some jargon for you, as you seem to be new to this.

FOSS means "Free and Open Source Software". Here, free does not mean free as in beer, but means that the software is free to download, use, modify or study. This is different from just open source software, as this only means that the source code is publically available in some way.

Libre refers to the same concept as free, just in an edgy, viva la revolucìon, kind of way.

Privileged apps have a nasty amount of permissions and can access most of the device. They are always treated extra and are often the ones that get you.

Microg is an open source alternative for google services. It can directly replace them and only connects to the google servers when necessary for an app to function. This is also why Microg exists, as it keeps better compatability for apps, than just removing google services completely. It is not perfect though, so some apps might still not work. It can often times be completely disabled, so to have no Google API calls at all. The issue here is, that it is a priviledged App and can most times not be simply removed.

Sandboxed google play services are specific to GrapheneOS. Instead of using the rather incomplete and sometimes unstable Microg, they simply removed all privileges from Google services and made it an untrusted, sandboxed app, that may not even have internet access. This has the best "degoogled" implementation for compatability of apps using google services, but has obvious drawbacks of having closed source Google software on you device, though that device is the most secure device you will likely ever lay your hands on, so no biggie. GrapheneOS comes by default without any implementation or alternative of Google services, so it has incredible privacy with some incompatability issues, although if you use FOSS software, this should not really be an issue in the first place.

A proxy is essentially a server(1) you ask to ask another server(2) for some data. This way, the server(2) does not get your IP. It is different from a VPN you pay a subscription for, as not all your requests are run through a proxy. Only the specific app that uses the proxy will decide for which part of it's traffic it will use the proxy. There is also no fancy adblocking or other extra features like some VPNs provide.

F-Droid is an app store for FOSS apps. By default, it only lists the official F-Droid repository, which already has a bunch of good software. You can however add other repositories, as for example to add an app that is not quite FOSS, but still very private. The Proton E-mail client is an example, as it uses a singular proprietary library for popup notifications. IzzyOnDroid is a great example for a third party repository you can add for some more apps. Remember, the repositories can not hurt you, but the software you install from them may. Nothing is stopping anybody from distributing malicious software. Do not trust blindly.

Alternative front ends are nice if you want to access a service that has disadvantages you do not like. Libretube is a very nice Piped client. What does that mean? Well Piped acts as a middleman between Youtube (Google) and you, asking the Youtube Server for Videos, while your IP remains hidden. So, Libretube is basically a Youtube client with none of the tracking. Social media has frontends, but there are others. F-Droid has two popular front ends, Droidify and Neo Store. Why? Well, F-Droid is no bad guy. However, the app is rather old and developed for an old Android version. This is bad, as new Android patches and security updates may not hold. There are alternative front ends for a lot of stuff. There is this timetable client called Untis, which has an alternative frontend called BetterUntis lol. It's important to note though, that not every alternative frontend hides your IP by default. BetterUntis for example directly accesses Untis APIs from your phone. To hide your IP, use a VPN or configure the used app to use a proxy if the app provides an option for it.

The Aurora store is an alternative frontend for the google playstore, sharing a few google accounts between all of its users. You can also add your own account if you want, as the default accounts are often rate limited. Don't do that though.

The AOSP, or "Android Open Source Project" is exactly what it sounds like. It's simply supposed to make Android's code publically available.

Rooting is rather fun. As Android is based on Linux, Android inherits a lot from Linux. One such thing is the base of it's file system. The lowest path (imagine a folder) for Linux is called root. This makes sense, as it's the root of everything. When rooting a device, you kind of reenable the file system of the underlying Linux system that Android is built upon. Doing this used to be kewl, is rather problematic however, as this exposes the underlying system of Android, which creates a huge attack surface with a bunch of known vulnerabilities. It's kind of like stealing someone's belt, now everyone could pull down their pants.

The word ROM is a little falsely used sometimes. A ROM, or Read Only Memory, is a persistent data storage type that can not be written to, only read. Android OSs are often called ROMs. I don't actually know why, but it could be a decendant of video games, as those were often stored on ROM back in the day and maybe they still are, dunno. Android sort of runs on top of Linux, which feels similar to, say, a Nintendo game from a cartridge.

A bootloader is basically a small program that kickstarts the operating System (also called OS), a large and very complex program. For security purposes, most bootloaders are locked from the factory. This means, that you can't just change the program that is started when the device is booted without rooting the device. Some bootloaders are not unlockable however, so you would have to root the device to change the OS, which is insecure.

A secure execution environment is essentially a processer that has limited access to system resources and can thus improve security if properly used.

Google Pixels are very special devices. They are made by Google so you may think they are naturally bad for privacy. They are surprisingly not as intrusive as other devices. Take a Samsung device for example. The Galaxy has Android. Not AOSP, but Google's Android. They just take Google's Android that is meant to be installed on non Google devices and slap their own spyware on top of Google's spyware. So now, you are being spied on by an american monopoly as well as a korean monopoly. Yikes. Now, you want to install a custom rom anyways, right? So why care? I can just take any device, remove everything and use a custom rom. Well, most devices do not have good security in comparison to the Pixel, like the Fairphone. The Pixel has simply has good security. It's not all sunshine and roses though. You still support Google financially by buying a Pixel. In order to unlock a Pixel, you will also have to connect to the internet, send Google the phone's IMEI, which is unique and known by Google. So Google knows which devices have had an unlocked bootloader at least once and which didn't.

The Fairphone is my favorite. It is user serviceable, has pretty decent specs, and is supported by privacy respecting ROMs. It does not have a secure execution environment and generally has sub par security. It does not notify Google or Fairphone when unlocking the bootloader, this is, to my knowledge, Google specific.

The Shift phone is also very nice. It is very similar to the Fairphone, as it is user serviceable, has bad security, yet is just as free. It differs, in that it is not as easily repairable as the Fairphone. It is still extremely easy, but unlike the Shift, the Fairphone does not have weak little wires that can break. The Fairphone is literally just Lego at this point. The Shift phone however seems to be less talk than Fairphone, so if you want to be certain that what you pay for (in the case of these two, environmental friendliness) is achieved, the Shift has got you covered.

Hardening refers to the process of altering a piece of software in a way, that makes it more secure. It is also sometimes used to describe the process of making the software more private. This sounds very good and in theory it is. It does of course come with drawbacks. A hardened Linux kernel will bring the system to a crash on purpose, every time anything suspicious happens. That's kind of wrong, but for this example it's enough. This is incredibly secure, but brings along the con of having an artifically more unstable system than before. The biggest con of hardening is performance impact. You can often harden something to quite a high degree without performance degradation, but once you go the extra mile, things just slow down. GrapheneOS is hardened to the very most extreme. It is also a lot slower than most OSs.