36
submitted 6 months ago* (last edited 6 months ago) by LoveSausage@lemmy.ml to c/privacy@lemmy.ml

ordered a new phone so I wanted a new SIM for a clean slate. My country require KYC for SIM cards. So i ordered this https://www.ebay.com/itm/295938085941 I see now that the card is being shipped from Israel.

(I'm in another EU country)

Cloning, swapping etc , how bad idea was this on a scale from 1-10? Even if the package is unbroken , I assume someone with physical access (and resources) can do a lot of stuff?

Miss being able to go get one from the corner store. But idea was to load it up by cash bought giftcards.

Also played with the idea of getting a gl-inet portable router and skip SIM card in phone but it is quite a bit of hassle to have another device to maintain and carry...

all 28 comments
sorted by: hot top controversial new old
[-] Vendetta9076@sh.itjust.works 13 points 6 months ago
[-] blubdibub@feddit.de 19 points 6 months ago

Know Your Customer - Meaning that the user somehow needs to identify themselves to the provider and thus the provider knows who is using the SIM card

[-] Vendetta9076@sh.itjust.works 4 points 6 months ago

Thats wild.

[-] mp3@lemmy.ca 13 points 6 months ago

Acronym for Know Your Customer, requiring some kind of identity verification before enabling service.

[-] Darkassassin07@lemmy.ca 10 points 6 months ago* (last edited 6 months ago)

Why would you ever be buying a sim card seprate from the carrier servicing it...?

Honestly asking, that's incredibly unusual to me. Where I live, the mobile carrier always provides the sim card. Usually free with a monthly phone plan, or as a part of a pre-paid plan. (pre-paid you can usually buy from a corner store like seven eleven. monthly you'll actually have to visit their store/mall booth)

[-] LoveSausage@lemmy.ml 9 points 6 months ago

Here I have to go to an office show passport , green card and sign paperwork . To get any simcard.

[-] delirious_owl@discuss.online 1 points 6 months ago* (last edited 6 months ago)

Green card? Which country?

Don't you mean blue card?

[-] Hildegarde@lemmy.world 2 points 6 months ago

In the US the permanent resident card is green, and its often called the green card. Sometimes americans use the term for equivalent documents in other countries.

[-] delirious_owl@discuss.online 2 points 6 months ago* (last edited 6 months ago)

OP said they were in the EU. My EU residency card is called a blue card. I thought that was the name across the EU

[-] LoveSausage@lemmy.ml 6 points 6 months ago

Nope Spain has a green one

[-] Scolding0513@sh.itjust.works 8 points 6 months ago
[-] LoveSausage@lemmy.ml 1 points 6 months ago

Stealth.net sounds promising for topping up the card. Just USD Any other options for EUR cards?

[-] Scolding0513@sh.itjust.works 1 points 6 months ago

did you look at this? it was in the list I gave you lol https://simsup.net/shop/

[-] LoveSausage@lemmy.ml 1 points 6 months ago

Yea out of stock and lack of info though

[-] Scolding0513@sh.itjust.works 2 points 6 months ago

ah okay, i didnt check.

i know JMP.chat has physical sims now, maybe you could contact them or look on their site. im sure of they get enough requests they might provide european cards

another option is to use eSIMs. have you looked into this? there are tons of esim providers that take cryptocurrency. all new phones can do eSIMs i think.

also check out monero market, there is a bunch of physical sims in there https://moneromarket.io/?q=sim

[-] LoveSausage@lemmy.ml 1 points 6 months ago* (last edited 6 months ago)

Thanks. yea simXL seems not like bad option , will check the esim statuson GOS nowadays. :( Seems the E- Sims have a 30 day limit...

[-] Scolding0513@sh.itjust.works 2 points 6 months ago

look into PGPP. amazing stuff

[-] LoveSausage@lemmy.ml 1 points 6 months ago

Damn that do looks interesting. Ty

[-] delirious_owl@discuss.online 8 points 6 months ago

I like security meetups where everyone brings a SIM card and you put it in a hat, shake it up, and pass them back out again at random.

[-] gomp@lemmy.ml 5 points 6 months ago* (last edited 6 months ago)

You should ask the seller to make sure, but I'd assume those cards will require KYC on activation? I mean, if Romania requires KYC it's difficult to think someone can sell anonymous cards on ebay.

[-] LoveSausage@lemmy.ml 9 points 6 months ago* (last edited 6 months ago)

Actually no , Romanian cards are non KYC , one of the few countries left in Europe. I'm in another but can live with a foreign number

[-] clmbmb@lemmy.dbzer0.com 5 points 6 months ago

You could have asked me for one. I'd send you one for free. ๐Ÿ˜Ž

[-] LoveSausage@lemmy.ml 4 points 6 months ago* (last edited 6 months ago)

Thanks :) start selling on ebay seems to be a good business :)

[-] j4k3@lemmy.world 3 points 6 months ago

(Assuming Android) IIRC a sim is a full microcontroller. I'm not sure about the protocols and actual vulnerabilities, but I can say no phone has a trusted or completely documented kernel space or modem. The entire operating system the user sees is like an application that runs in a somewhat separate space. The kernels are all orphans with the manufacturer's proprietary binary modules added as binaries to the kernel at the last possible minute. This is the depreciation mechanism that forces you to buy new devices despite most of the software being open source. No one can update the kernel dependencies unless they have the source code to rebuild the kernel modules needed for the hardware.

In your instance this information is relevant because the sim card is present in the hardware space outside of your user space. I'm not sure what the SELinux security context is, which is very important in Android. I imagine there are many hacks advanced hackers could do in theory, and Israel is on the bleeding edge of such capabilities. I don't think it is likely such a thing would be targeting the individual though. As far as I am aware there is no real way to know what connections a cellular modem is making in an absolute sense because the hardware is undocumented, the same is true of the processor. I'm probably not much help, but that is just what I know about the hardware environment in the periphery.

[-] LoveSausage@lemmy.ml 2 points 6 months ago* (last edited 6 months ago)

Yea I'm looking in do network monitoring when first connecting the phone. Will need root it seems. But since I will install GOS and reset it afterwards it would probably be my best bet for verifying no bad connections . Long time since I used wireshark but should be possible.

[-] j4k3@lemmy.world 3 points 6 months ago

You would need a well designed Faraday box and a lot more of a test setup to verify that all possible communications are indeed reported by the device. No interface on the device itself can be trusted.

this post was submitted on 09 May 2024
36 points (95.0% liked)

Privacy

31874 readers
405 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS