How to buy and use a burner phone

I wasn’t stopped at border control last time I came back into Britain. Either GCHQ isn’t doing their job or I’m not viewed as a threat.

That is correct, you don’t.

(Or if you do then there’s a hole in your pocket!)

Features not required, this is true of any phone.

There should definitely be a separate category for “Stay the fuck out of my life!” stuff.

Yup. People can be IDd by a constellation of as few as 3 locations. Doesn’t even have to be work or home.

Buying from more places may just make it more likely that they’ll get a good hit on surveillance, on you, on your car, on your regular phone being in the area when you buy the phones or air time.

That is actually one of the things the government automated burner phone tracking program searches is for, phones that are turned on and off in proximity to each other.

You left out the most important one though; never call any numbers you call on any of your regular phones. The constellation of who you call can id your burner phone and associate it with you easily, and in a way automated metadata programs are built to track.

I think the take home should be that burner phones are an expensive waste of time for most people. Few people have the hygiene needed to prevent tracking by state actors, and instead, burners just attract attention.

Apologies, i was unclear. The video claimed that because old-style flip “feature” phones lacked GPS they are harder to locate. This is untrue. We know that the tracking data can tell if 2 phones are traveling the same speed and direction, making it pretty sure they are in the same car, even if one can only be pinpointed within 100’. For most (US) suburban homes 100’ is close enough to show what house the owner is in. Apartment buildings and high rises are harder, but remember that the people doing the surveillance are already interested in a target. And that they can most likely collate different pieces of information (You entered the building at 10:18, the phone entered the building between 10:15 and 10:20) to tie a phone to a person of interest.

Agreed, you should never, ever, ever mix contacts between identify phones and “burners”. You need to also never access burner accounts on other computers or devices for the same reason. It’s probably a good idea to use 2 factor authentication if you use any additional accounts with your burner to prevent other infiltration. And to remember that if it’s in the “cloud” your adversary has it. Thus use end-to-end encryption when communicating between burners.

There was a Wired article some years ago about a gang of drug dealers who changed SIMs every day to communicate. But the “this network is up on Wednesday” network is probably as big a glowing flag as can be. Plus, if you compromise one member, you have the whole network. Yes, definitely have space and time between your burner and your identified phone. that’s why I said to remember to forget your phone. And don’t use the burner where you have habitually been.

People compromising the network cannot be overstated. As much as protection from SIGINT is important, every major bust or arrest is ultimately accomplished with HUMINT. A person in the organization or related to the target who is giving information to the investigators. this problem can’t be solved with burners or encryption.

People who need burner phones:

Medical Marijuana Club members. Those who sell their marijuana to clubs as well as caregivers and patients who buy it. The employees of the club/location as well.

Activists organizing protests.

And various criminal enterprises.

Finding a place with “no cameras” is next to impossible. But most security cameras are terrible. A hood or hat and not wearing distinctive, easily identified clothing is important. As far as the clerk identifying you, don’t stick out and buy somewhere that sells a lot of minutes. 7-11. Grocery stores, Walmart, Target, so many places sell minute cards. There is no reason to ever buy cards in the same place twice. And or course if you are part of an organization with these burners you can put all the minutes cards in a deck, shuffle them and then your separated from the purchase randomly.

Switching phones on a irregular basis also helps defeat this as minutes are just credit until tied to a phone’s number. Buy your minutes a month in advance, and even if the phone is subject to scrutiny, most places have already gone over the tapes. Be advised some minutes “Expire” after being put in a phone, some expire after purchase. Read the terms and conditions.

When I lived in Europe, prepaid phones were extremely common, totally normal, and provided readily by both corner shops and major companies - they were so commonplace that the school I worked for gave all of its teachers re-up cards for our phones every quarter or so as part of our pay package (and to compensate us for using our phones for work).

When I moved back to the States, I was pretty gobsmacked at how different it was. Exploitative contracts were expected, and the norm, and prepaid phones existed, but not from any major companies, and not using any major phones. Most phones didn’t let you access the sim cards (and most phone users didn’t even know what those were), and you got charged for receiving calls and texts as well as making them. It’s pretty bonkers.

Prepaid phones are a bit more commonplace here now, but still far enough outside of the mainstream, and outside of the packages the telcos here push down our throats, that a tutorial video kinda of makes sense, even just to alert people to the fact that this is an option.

If your threat model is a state-level agency, OPSEC (operations security) is hard. Not “pinpointed to 100’” hard ; your OPSEC against a state-TLA is much stronger: "don’t even put the battery in the phone until your are several towns away from any place you normally leave a data trail.

Oh, and make sure to leave your actual pone with someone, because both law enforcement and the intelligence agencies look for correlations between a phone leaving the network shortly before another phone enters the network .

Anyone interested in OPSEC at that scale - and is fine with some potentially NSFW language - should watch Zoz’s fun talk at DEFCON 22, “Don’t F— It Up!”

It’s a bit easier to avoid cameras and what have than you think. Flea markets and swap meets are notorious as sources for burners. Typically no security features or other systems that would let you leave an inadvertent trail. All cash sales. Transient merchants, and big varied crowds so you don’t have to worry about being recognized or remembered. And hell I saw prepaid phones and minutes for sale at a yard sale last year.

I bought one of these. Not for any subterfuge, I just wanted a contractless phone. But they wouldn’t activate it until I called from another phone and gave them my address and an email. Not an insurmountable obstacle, but certainly more complicated than they make it look on TV.

The amount of focus on you determines how hard it can be. Part of the idea is to prevent close monitoring and direct targeting. If you are already high priority with clos monitoring, (like say Jason Applebaum) this probably won’t help. If you take a regular delivery job for a cannabis club, it’s more helpful.

We know that with the massive amount of people the number being directly surveilled and record by a person is low. The idea is that you can keep your personal accounts and phone from closer scrutiny and trash phones that you have to use in a suspicious way.

It is really hard. But it is doable, at least for people that are not under close scrutiny already.

What about the part where you duct tape it to the bottom of a semi trailer when you’re done with it?

What I find amazing in this thread is that no one has pointed out that in most of the world this is normal. You can buy a cheapo phone on any street corner – often when you buy a used phone it already has a SIM card. Or you just buy another SIM card for your existing phone.

Within a five minute walk of where I live in Phnom Penh there are literally at least 20 places I can buy new and used phones, and every little shop that sells beer as well as the Western Style minimarts sell phone cards. Because of the low average wages for people here, it’s common to buy $1 or $2 dollar top up cards. When I first moved here I remember seeing 50 cent cards. There are more than 10 carriers in town – perhaps even 15-20, and yes we have 3G and 4G networks. Cheap pay as you go phones are part of the fabric of life in much of the world.

Last time I was in the States – 6 years ago – I remember feeling how un-free the phone system was there. It wasn’t that hard to get a cheap phone – usually I’d go to a Walmart to buy a cheapo GSM phone for the SIM, throw away the phone and put the SIM in my quad-band phone from home I bought in Hong Kong. And you can buy time from Seven-Elevens. But it’s not the same, ubiquitous freedom you have in many countries in Africa or SE Asia. Even in Singapore you can get a SIM at the airport – though you have to show your passport.

Burner phones are fine if your are trying to fool Gmail or fb into a new account so you can troll. Not if you want real clandestine communication.

The OPSEC involved in even legal operations is crazy. I often play fast and loose, and my superiors give me rants that could come from a Die Hard monologue. (Yeah, I do enjoy those :D)

Do burner phones get a signal in the Black Rock Desert?

I haven’t tried, but my Spidey sense says yes.

And if you discuss burners online, I guarantee (myself included) they aren’t as… Burnereree… As expected.

But, but I bought a discount VPN from Boing Boing Store!