Secure smartphone, untraceable?

[KDX]

very well explained, thank you.

What software would you suggest to use, for a noob it's impossible to discover the right one??

Depends on the device. There are lots of stuff out there.

And, it also depends on what is your goal. Do you want to be untraceable or just secure? If you just want to be secure, then a compatible device with strong encryption with a password that has to be entered every time you lock the device along with a messaging app that is End to end encrypted will be sufficient.

Computers are the easiest devices to lock down properly. Phones and tablets on the other hand have security built-in but you can't really tune it to your needs. I'd suggest full disk encryption on computers for starters, I recommend Veracrypt.

If you want to be untraceable, then it gets more complex. You cannot let your IP leak at all. If it does, then they can start using the legal framework to subpoena ISPs and so on to give your info/location etc. So, a VPN would be one of the things you should use, and this should have the necessary features like a kill-switch etc. And remember, the VPN company will have access to your real IP so if the authorities crack down on them, you might be in trouble. So, make sure the laws of the VPN company and the hosting company & the server (important to check all!) are in jurisdictions where there are laws to prevent disclosure. I think Switzerland may be one of them, but you should double check. Mullvad is also a great VPN, they have 0 KYC and you can buy access by mailing money or via crypto.

All in all, it's not easy if you're not an IT person. It's best to just go for the tried and tested methods. And remember, this stuff is almost always free except VPNs etc. But being completely untraceable is hard. All ot takes is one mistake and its all shattered.

If you have more specific questions, please ask away.

 

[void]

plausible deniability for computer is generally easy even for an average person - use veracrypt and hidden operating system feature

with phone it's far more complicated unfortunately - does anybody know a comparable solution?

 

[KDX]

plausible deniability for computer is generally easy even for an average person - use veracrypt and hidden operating system feature

with phone it's far more complicated unfortunately - does anybody know a comparable solution?

There are similar features for phones. I'd take a look at enterprise features if they exist for your phone platforms. For example Samsung Knox etc. Not sure about Apple.

Plausable deniability is usually something that's considered as a last resort... If you're at that stage, you're done for.

 

[void]

There are similar features for phones. I'd take a look at enterprise features if they exist for your phone platforms. For example Samsung Knox etc. Not sure about Apple.

will have a look at it
if you know other solutions for Android please share

Plausable deniability is usually something that's considered as a last resort... If you're at that stage, you're done for.

not exactly necessary but for crypto hw wallet it's a must nowadays when traveling by airplane and same applies to my laptop

phones are practical problem though... especially if you carry 5+

 

[KDX]

will have a look at it
if you know other solutions for Android please share

https://docs.samsungknox.com/admin/knox-platform-for-enterprise/kbas/kba-360039577713.htm
Here if you're interested in Knox. I'm unfortunately not familiar with other platforms But I'm sure there's plenty in the Enterprise market. It just may be kind of hidden.

not exactly necessary but for crypto hw wallet it's a must nowadays when traveling by airplane and same applies to my laptop

phones are practical problem though... especially if you carry 5+

Ah, yeah. If you're just travelling about then it's great. I'm talking more about if you get your home raided, at that point you're pretty much done.

 

[aage]

Do you want to be untraceable or just secure?

What if one want both? does it mean you have choose between untraceable and secure or is there an option to get a phone that is both?

 

[KDX]

What if one want both? does it mean you have choose between untraceable and secure or is there an option to get a phone that is both?

No, you can get both. But for some only one is important. If you just want any contents to be unreadable, that will be easier than making your communications untraceable.

 

[clemens]

how would you be abl to make both, or shall we say, buy both in once device?

 

[Jerry1911]

how would you be abl to make both, or shall we say, buy both in once device?

untraceable = prepaid SIM card

secure = XMPP over Tor/VPN over 4G/5G

 

[clemens]

untraceable = prepaid SIM card

secure = XMPP over Tor/VPN over 4G/5G

that makes good sense.

 

[lostguy]

second the last question, if you don't mind.

 

[Kato]

very well explained, thank you.

What software would you suggest to use, for a noob it's impossible to discover the right one??

There is a company called SecureCRYPT. they have been around for a while. Bigger in Europe. They sell private app, high grade encryption, and secure SIM cards. No location, they run their own cellular network but SIMs pricey. $150 USD/month for SIM only. Total like 1500 USD for 6 months for everything. The owner is privacy type. They don’t disclose or collect data. No phone number required, no location, accept BTC/Monero/USDT. I’ve used all of them, Sky, Ciphr (RIP) etc. these guys are the best.

 

[Jerry1911]

There is a company called SecureCRYPT. they have been around for a while. Bigger in Europe. They sell private app, high grade encryption, and secure SIM cards. No location, they run their own cellular network but SIMs pricey. $150 USD/month for SIM only. Total like 1500 USD for 6 months for everything. The owner is privacy type. They don’t disclose or collect data. No phone number required, no location, accept BTC/Monero/USDT. I’ve used all of them, Sky, Ciphr (RIP) etc. these guys are the best.

I would always pick an "open source" solution such as Pixel + GrapheneOS + prepaid SIM + Signal over something proprietary like this.

Btw I checked out their MX records and it seems like they're using Google Workspace as their email provider.

 

[KDX]

lol. Looks like the link in the original post is now dead. GL to all those who bought

 

[sergeylim88]

i remember when nord vpn's kill switch had a bug that prevented it from working
you as a user couldn't really tell it is not working, so staying hidden is a very difficult task, and most important question is who is after you.
i honestly don't believe in anything being private, there are so many different vectors of attack that it is not even funny(ex malware implemented in bios, evil maid attacks...)

 

[Kato]

I would always pick an "open source" solution such as Pixel + GrapheneOS + prepaid SIM + Signal over something proprietary like this.

Btw I checked out their MX records and it seems like they're using Google Workspace as their email provider.

Nahh Signal uses a phone number, but Graphene is okay.. kind of buggy tho. And SecureCRYPT doesn’t offer email services… so I dunno what you mean by Google. Maybe it’s for communicating with the public or something. They have an encrypted chat application with a secure OS. No email. Why would they offer Gmail? Confused by what you’re saying here.

 

[void]

i remember when nord vpn's kill switch had a bug that prevented it from working
you as a user couldn't really tell it is not working, so staying hidden is a very difficult task, and most important question is who is after you.
i honestly don't believe in anything being private, there are so many different vectors of attack that it is not even funny(ex malware implemented in bios, evil maid attacks...)

forget third party vpn services - no need to trust anyone

just buy one of thousands of 5 usd/month vps servers with fake personal data and one-off email address for crypto
setup a wireguard peer on the server and same on your desktop/phone and you're done

if you're paranoid or have serious reasons buy couple of these around the world and make a chain (easy with wireguard)
use prepaid LTE/5G simcard for your primary internet connection to be sure

even if you one is no IT expert this is no brain surgery and almost anyone can do it

 

[Kato]

Yea good in theory, but bro, in practice these shitty VPS providers will eventually go down, have major operational issues, or they’re scammers from the start. Or if, you find one.. won’t accept crypto and will disclose info. Also doesn’t fix issue of needing protection from the telecom provider. Not many can do this properly unless you buying secure SIMs / paying for those SIMs without ID. Bottom line is nothing is perfect, but there are those who offer a multi layered approach to security which does give the option to pay anonymous and communicate anonymous.

 

[void]

Yea good in theory, but bro, in practice these shitty VPS providers will eventually go down, have major operational issues, or they’re scammers from the start. Or if, you find one.. won’t accept crypto and will disclose info. Also doesn’t fix issue of needing protection from the telecom provider. Not many can do this properly unless you buying secure SIMs / paying for those SIMs without ID. Bottom line is nothing is perfect, but there are those who offer a multi layered approach to security which does give the option to pay anonymous and communicate anonymous.

I own and manage about two hundred VPS servers hosted by about 15 different providers - locations like Italy, Malta, UK, Spain, Czech republic, Bulgaria etc. - most of them paid by crypto, some (pennies) by fake nonKYC paypal account - all fake personal/company data (no forged docs involved, sometimes simply using John Doe name, why should they care, right?)
all used for production purposes, you can easily find decent quality providers and connectivity

I totally agree that nothing is perfect but almost everything has more than acceptable solution (unless you're messing up with professional hacker groups or NSA which is not my case)

security via obscurity is a pretty cheap and powerful strategy

 

[Kato]

I own and manage about two hundred VPS servers hosted by about 15 different providers - locations like Italy, Malta, UK, Spain, Czech republic, Bulgaria etc. - most of them paid by crypto, some (pennies) by fake nonKYC paypal account - all fake personal/company data (no forged docs involved, sometimes simply using John Doe name, why should they care, right?)
all used for production purposes, you can easily find decent quality providers and connectivity

I totally agree that nothing is perfect but almost everything has more than acceptable solution (unless you're messing up with professional hacker groups or NSA which is not my case)

security via obscurity is a pretty cheap and powerful strategy

Yes very well said. I do agree on most everything.

I would be interested if can pls DM me some info on VPS? Would be much appreciated. I don’t pose as expert here.

Logically in terms of trying to avoid all threats, good SIM required. And yes, good communication form. Some require this.

There are some technical means like you describe, there are others easy. Many options. For many purposes besides anything illegal of course.