Conversation

IMEI is not the only hardware identifier for the device available to the cellular network. Changing the IMEi alone isn't enough to hide the device identity from the network. It will only hide one commonly used ID rather than making the device not uniquely identifiable.

1
1
0

Carriers often detect device model via IMEI and multiple other ways as part of their standard operating procedure. They change how things work based on the detected capabilities but also hard-wired quirks for device models, etc. Devices send a lot of info on capabilities.

1
1
0

It's possible to detect the devices with an IMEI not matching their capabilities/configuration or to detect that there's a device with the IMEI changing repeatedly but the other device identifiers remaining the same. You could end up drawing attention to yourself by doing it...

1
1
0

Similarly, using a very niche hardware device to connect to the network such as a standalone hotspot device stands out. Those devices are also far less secure than simply using a Pixel with GrapheneOS. They typically don't get proper updates and lack basic security measures.

1
1
0

If you really want to have cellular done from a separate device, a used Pixel with GrapheneOS is a good option. If you want a fresh identity for the cellular network, there isn't really much alternative to using both a fresh device and SIM. Wi-Fi has a much more private design.

1
1
0

To summarize:

1) IMEI randomization is a poor way to improve privacy and will draw attention to yourself in practice.
2) Dedicated Hotspot devices aren't good for privacy/security.
3) Use airplane mode + Wi-Fi with our default per-connection MAC randomization for better privacy.

2
2
0

@GrapheneOS the joys of closed source firmwares and not actually owning our devices / radios.

edit: At least, my understanding is that we have no real control, or way to tell which tower we're on and such, from the cellular radio; but I am by no means an expert about cellular.

0
0
0
@GrapheneOS 1) Still does not mean that people should not randomize IMEIs. If randomized IMEIs will become common, world will improve. In 1995 Linux was uncommon and would "draw attention". Today, it is very good idea. 3) agreed. IMO we should still try to improve cellular privacy.
1
0
0

@pavel It will not work without also dealing with the other identifiers including EID for eSIMs and radio-specific identifiers shared with the cellular network. It's also not really meant to be allowed by the radios or the networks, and a lot of countries make it illegal, so it's not realistic to have it widely deployed. Choosing the same IMEI as other people would also be a problem. You're essentially messing with the network in an unintended way, so it does more than draw unwanted attention.

1
0
1

@pavel Cellular as a whole needs a major overhaul for privacy. IMEI randomization would only address one part of the device identifiers and will not turn it into a particularly private protocol. You'd still need to keep cycling SIMs every time you change the IMEI and other identifiers. EID can't really be changed considering that system involves hardware attestation so you'd be stuck with physical SIMs. Carriers will likely increasingly stop offering physical SIMs in the near future.

0
0
0