Phone Proxy 2: the SIM card boogaloo
Table of Contents
I have some news about the SIM card setup, which may be interesting to no one, but if you are going this way, here are some snags I encountered along the way.
SIM cards are (not) optional
There are certain things no amount of money can buy. One of these is to have a physical SIM card phone number to a virtual phone line. I can transfer my number to a VoIP provider, but even then, I will need to have a physical SIM card. I contacted the potential provider, and the laws of my country forbid a phone number to be VoIP only.
However, there are some ways to bypass this, thanks in part to the saviour of all mankind: A group of open-source developers toiling away to make life easy for me.
With a SIM card, but without
So now I have a problem: SMS forwarding is not a thing where I live, some services have no other option but to send SMS for their verification. I may not want a SIM card, but if I’m forced to have one, how can I use it and not have it with me? Am I going to be forced to carry a SIM card around and put it in my phone every time I need a text message?
The answer, surprising no one, is no. It involves some hardware, software, and a lot of dreams. For this privacy recipe, you will need:
- A SIM card with a number you let into your home before (like the one in your phone right now)
- A USB modem (one that’s usually used for remote work, when you plug it into a laptop and get network coverage)
- Any device you want/have and that can run (a Raspberry Pi will do, I have a home server)
The software you will need is much more simple: A Linux OS and a simple tool called smstools. This is a piece of software that can receive and send text messages from a USB-connected modem. Furthermore, it can run programs based on what SMS it receives!
Once you have all the tools, please feel free to follow the Installati.one smstools tutorial. It’s simple enough and describes everything better than I could. After you’re done, come back.
You’re back? Good! Now the issue is what we want to do with an SMS when it comes in?
The magic of notifications
I personally don’t need an easy way to respond to texts. Most of the time, it’s some 2FA thing that I want, but nothing more than that. What I do care about is receiving text messages in a way that is reliable, and not via sending another SMS (guess what, I don’t have a SIM in my phone by the time this all goes into effect.) Luckily, I played around with a toy that does just that: ntfy.sh. It’s a simple notification server that sends push notifications, can save them for later, and can be triggered with a simple cURL request. The beauty of this is that it does exactly what I need it to: it takes a text message and forwards it over data/WiFi over a secure channel.
The next step after setting up smstools is to set a hook for incoming messages that will take the file and pipe it into a curl command for a specific ntfy thread of your choice. The ntfy server can run on the same device as the modem, so it’s a one-device solution. Combine this with a VPN solution (Tailscale if you’re lazy, Wireguard if you build your own stuff), and your texts will be periodically sent to your notifications as if you had a SIM card inside!
Dirty numbers, what about ’em?
Now, we have discussed this as a scenario where you need a text message sent to a burned number, i.e. a number associated with you as a person. This number can be stored in your house, that’s no problem, it has been there before, and if it doesn’t move from your house, it cannot be used to track you on the go. Now, what if you have a different number you don’t want associated with your identity, but need for receiving text messages?
One way would be to make a mobile version of this. A USB modem is really simple to use this way, if you have a Linux laptop, you may just pop into a café, run this tool, and get your text message! No problem, right?
Well, the problem is you have to activate the service as well, and if it’s a phone app, you may need to have your device in the same place, potentially connected to your other, personal modem. If you really want to get an untraceable system, you can spend some more money on a dedicated dirty line. Get a Raspberry Pi or anything not power hungry, a solar panel, and a USB modem/SIM card combo. Set it up in some waterproof case, and you got a system that you can pop in the woods for all I care! Put it up a tree, near a lake, or on the roof of some apartment building you got access to (I keep secrets, but don’t tell me how you did that.)
Once this is set up, you can use the same SIM card for both data and SMS reception. Combine that with a VPN or a way to forward those texts in a way that’s not tied to you, and you can have all your texts forwarded to your device from anywhere. Personally, I can see this working on battery power only. There are USB battery packs, you can charge them at home, take them to your SIM spot and give the box a few hours of free charge before it dies again. You will need to visit the SIM card spot from time to time, if only to exchange SIM cards, so why not tie these two together?
One warning about this strategy: Treat the dirty box as something more important than your home. If you turn off your phone signal a few minutes from your home, I suggest going to this spot completely offline, both for setup and renewal. You don’t want this trip in your location history, ever. It’s a dirty number, after all. Another issue is that whenever you go to your secret spot, you will have to activate the SIM somehow. Usually, this is just by inputting a PIN, but you can’t do that with a headless system. There are two ways around this:
- Bring a keyboard and screen with you to the box, run the device and set up the PIN so you can connect to it remotely afterwards.
- Activate hotspot mode on the device, connect to it using a laptop and set up the thing over short-range wireless signals.
After this, you can do the following every time you need a new verification number (provided it’s not running on solar):
- Grab your soon-to-be-dirty SIM card and some batteries
- Go to your spot without any network-connected devices, but you may need something to connect to WiFi
- Put the new SIM card in the SIM box, pop in batteries
- Set up using one of the methods listed above.
How to use this
This strategy is getting more complex by the minute, but let me cook for a bit more. The way I plan to use this strategy is as follows:
- When I get a text, the SIM at home will forward it via ntfy to my phone (or keep it in the notification backlog until I am capable of receiving it).
- When I need a dirty service set up, I take a trip in the woods to set up my dirty SIM, and when I get home, I activate a service, the SIM forwards my text to my phone the same way.
- My travel modem goes with me in a Faraday bag, and when I need it on the road, I can take it out, boot it up and have data wherever I am.
- The first rule of travel modems is it never goes inside my house or my place of business. It gets turned off 10 minutes before I get to either of those places.
- The second rule of travel modems is it has to have a removable battery in case I don’t have my Faraday bag with me.
- The third rule of travel modems is that once you get a data-only SIM card, you read the number, forget it, and never use it again.
- If you need to recharge your data SIM, you can, but consider that a new SIM card may actually offer you a better deal than keeping an old one charged. Every provider wants to lock you in with a good deal, relying on the fact that you will give out your number and get your name attached to it. If you don’t attach your number to it, you’re not tied to the SIM, you can just toss it and get a new one!
- The last rule is the modem never, never ever ever goes inside my home powered on.
In closing
Well, I hope you enjoyed this rant, and I hope you take some of this to heart. WiFi is everywhere, we can use it, with a VPN or Tor, it can be quite easy, and you can lose your SIM-card shackles. I hope you enjoy the rest of your day, and while you do, I’ll be here, test-driving an old-school MP3 player.