| ▲ | Privacy and Security Risks in the eSIM Ecosystem [pdf](usenix.org) |
| 218 points by walterbell 11 hours ago | 110 comments |
| |
|
| ▲ | mrb 8 hours ago | parent | next [-] |
| They used cool hardware to do this research: the sysmoEUICC1 (https://shop.sysmocom.de/sysmoEUICC1-eUICC-for-consumer-eSIM...) which is a physical SIM card onto which one can load an eSIM, and they put it in a SIMtrace 2 device (https://osmocom.org/projects/simtrace2/wiki) to trace the data packets to/from the eSIM profile, which is normally not easily doable as modern phones load the eSIM on a chip soldered onto the phone's motherboard. So you end up with a goofy contraption (see figure 4 on page 8) but you have full visibility into the communications to/from the eSIM profile. Fun! |
|
| ▲ | flowerthoughts 10 hours ago | parent | prev | next [-] |
| > We first show how travel eSIMs often route user data through third-party
networks [---] Second, we analyze the implications of opaque provisioning
workflows, documenting how resellers can access sensitive user data [---]. Third, we validate operational risks such as deletion failures and profile lock-in using a private LTE testbed. So not about eSIM the technology, but the business landscape inviting opportunistic business people when the bar of entry is lowered. Table 1 is worth a read. The outrage bait about traffic being routed through China shouldn't matter too much to the common person, since we're mostly using TLS. If you're on DoH (DNS over HTTPS), you're even using it for host lookups. |
| |
| ▲ | jacquesm 4 hours ago | parent | next [-] | | > The outrage bait about traffic being routed through China shouldn't matter too much to the common person, since we're mostly using TLS. That should matter a lot to the common person, TLS or not doesn't matter, what matters is who talks to who, and who talks when. That information alone can give you many useful insights. | | |
| ▲ | jdsnape 4 hours ago | parent | next [-] | | It’s a bold assumption that only China is tracking this info though. Mobile operators are some of the worst at selling ‘anonymised’ data on their users | | |
| ▲ | serbuvlad 2 hours ago | parent [-] | | Is it not worth it to keep private data flowing through companies which we could hold to account and, perhaps later on, restrict from such practices, than flowing through a jurisdiction over which we have no control and which does not much care about our opinion? |
| |
| ▲ | 1970-01-01 an hour ago | parent | prev [-] | | Like saying 'It should not matter too much to the common person if most of their shit makes it into the toilet.' |
| |
| ▲ | pixelesque 8 hours ago | parent | prev | next [-] | | It might not matter hugely to most people, that's true, but as someone who's used eSIMs while abroad in both Australia and Canada earlier this year (from Airalo and Nomad - they seemed at the time to be fairly well regarded), I was surprised to see my traffic routed through Hong Kong in both cases. Google and Duck Duck Go both on the phone assumed I was in Hong Kong when searching, even though I was in Sydney and Vancouver respectively, which did make searching for local places a tiny bit more frustrating. | |
| ▲ | tgsovlerkhgsel 6 hours ago | parent | prev | next [-] | | What matters very much in practice is the latency. It's fine if you just need a little bit of connectivity to occasionally send a message or be able to find something on Google Maps, but just browsing the web can be painfully slow with some of the providers. | |
| ▲ | itake 9 hours ago | parent | prev | next [-] | | 1/ ISP or the website Youre accessing can see the DNS queries and block traffic. My eSIM routes through Hong Kong, which means no ChatGPT. 2/ iPhones don't get you set the DNS provider / DoH for cellular 3/ DoH breaks wifi redirect walls, making it tedious to enable/disable. Like you cant just enable DoH for certain apps or disable it for others. | | |
| ▲ | bdhcuidbebe 8 hours ago | parent | next [-] | | > 3/ DoH breaks wifi redirect walls, making it tedious to enable/disable Since this is a security focused discussion, why do you see wifi hijacking your dns lookups as something desirable? | | |
| ▲ | avhception 7 hours ago | parent | next [-] | | Because there are a lot of situations, like being in a hotel, where you simply can't do anything to avoid it and have live with it / work around it. And while we all would like to live in that perfect ivory tower of CIA-level security, we mostly live in the real world and have to make do with what we have. | |
| ▲ | londons_explore 6 hours ago | parent | prev | next [-] | | wifi hijacking is here to stay. The solution is to detect it happening, and then switch to a different 'mode' where you ignore all https certs but never send any private data and never trust any data received. | | |
| ▲ | nerpderp82 4 hours ago | parent [-] | | You have use a client side app firewall to prevent all traffic until you have acquired your session. This is extremely difficult to do even for skilled people. | | |
| ▲ | londons_explore 3 hours ago | parent [-] | | Android has the ability to isolate the network stacks for different apps/connections till you have cleared the wifi portal. |
|
| |
| ▲ | pjc50 7 hours ago | parent | prev [-] | | Often the wifi will not let you "out" until you've been through their landing page, and there's no other mechanism to do this other than hijacking DNS? |
| |
| ▲ | cube2222 8 hours ago | parent | prev | next [-] | | 2) I believe you can using profiles like those available here[0]. [0]: https://github.com/paulmillr/encrypted-dns | |
| ▲ | IshKebab 9 hours ago | parent | prev | next [-] | | > DoH breaks wifi redirect walls Is that really true? I would have thought all the automatic detection features try with unencrypted DNS? They should anyway. | | |
| ▲ | astafrig 8 hours ago | parent [-] | | Ideally it’d actually be RFC 8910 detection (and subsequently RFC 8908 API) but standards usage is generally incompatible with giving POs something to do |
| |
| ▲ | Gigachad 9 hours ago | parent | prev | next [-] | | Just get a VPN and then you can route your traffic wherever you want and not have to worry about what the carrier is doing. | | |
| ▲ | coderatlarge 8 hours ago | parent [-] | | vpn appears to only work sporadically in china. | | |
| ▲ | lazycatjumping 8 hours ago | parent [-] | | All VPNs work without problems with China if you roaming into their network with a foreign (e)SIM. You will get unfiltered western internet as a tourist. | | |
| ▲ | hdgvhicv 7 hours ago | parent [-] | | Which cost me a fortune once when I plugged my phone into laptop to charge (before free global roaming). Dropbox had been blocked for a week, suddenly a flurry of sms arrived (out of order). I’d spent £250 in 3 minutes. | | |
| ▲ | mynegation 3 hours ago | parent | next [-] | | I feel for you. Why would you allow laptop traffic to be routed through the phone though? At least in iOS plugging the phone for charging or backup does not automatically tether. | | |
| ▲ | hdgvhicv an hour ago | parent [-] | | I often tether off my phone so has tethering enabled, just hasn’t charged from the laptop in all that time Wasn’t a lot in the end scheme of things - less that the cost of a night in the hotel, let alone the full trip |
| |
| ▲ | zx8080 6 hours ago | parent | prev [-] | | > Dropbox had been blocked for a week Why was it blocked for a week? Not sure I understand what happened to you. | | |
|
|
|
| |
| ▲ | jb1991 8 hours ago | parent | prev [-] | | I’m a little confused, are you physically located in China or is your data getting routed through China despite you live somewhere else? I can’t figure out what’s being said here. |
| |
| ▲ | yard2010 7 hours ago | parent | prev [-] | | What if TLS won't be relevant in a few years to a decade? Bad actors can hoard encrypted traffic and have the data decrypted when the time comes? | | |
| ▲ | perching_aix 6 hours ago | parent [-] | | Nothing. If you want perfect secrecy, you gotta use one-time pads with a one-time MAC, which is not really practical. Think having to buy disposable SD cards with 1 TB of randomness on them from your ISP, making your data cap very literal. Even then, you'd be relying on the randomness source being good, which is not trivial. What if the ISP colludes, how would you ever know? The most secure way to communicate is to not communicate at all, as always. Or to be more specific, to at least not involve an intermediary if you can choose so. Short of that, all that remains is the unproven hardness assumptions. | | |
| ▲ | flowerthoughts 4 hours ago | parent [-] | | I'm actually surprised that steganography isn't talked about more yet. Tor and Monero are conrete examples of systems that work as long as they have enough traffic. But being able to overlay Tor on normal traffic would be really annoying for those trying to listen. |
|
|
|
|
| ▲ | pjmlp 10 hours ago | parent | prev | next [-] |
| I will keep using SIM as long as it is possible, not only is eSIM a way for operators to impose restrictions on unlocked pre-paid phones, some really like to take their cut every time that eSIM gets moved, for something free of charge and doable under a few seconds with a regular SIM. |
| |
| ▲ | tgsovlerkhgsel 6 hours ago | parent | next [-] | | So far, the main effect of eSIM was creating a lot of competition and forcing prices down. If your provider is trying to charge you every time yo need to move your SIM, have you considered a different provider? | | |
| ▲ | pjmlp 4 hours ago | parent [-] | | Maybe that is an US thing, there has alway been enough pre-paid competition in Europe, and I bet on other continents as well. |
| |
| ▲ | stavros 7 hours ago | parent | prev | next [-] | | I've bought a 9esim, which is a physical SIM you can download eSIMs to. It's the best of both worlds for me, and I can move my data eSIM between phones, routers, and car. | | |
| ▲ | sunnybeetroot 6 hours ago | parent [-] | | This is interesting, does it only work with specific mobile providers though? | | |
| ▲ | stavros 6 hours ago | parent [-] | | No, since eSIMs are basically just programmable SIMs literally soldered onto the motherboard, I imagine it works with all providers that support eSIMs. | | |
| ▲ | dataflow 20 minutes ago | parent | next [-] | | Not really true. I definitely failed to get one of these cards working with a provider. Some providers insist on only allowing device models they're familiar with, based on the IMEI/EID/etc. | |
| ▲ | sunnybeetroot 6 hours ago | parent | prev [-] | | Thanks, that makes sense. I’m curious how this works when it comes to the sim management in the phone. For example on iOS, one SIM and one eSIM have independent on/off switches. If you have one SIM but it contains multiple eSIMs inside of it, I wonder if iOS displays only one SIM or multiple eSIMs. | | |
| ▲ | stavros 6 hours ago | parent [-] | | The OS only ever sees one SIM on this SIM, you have an app to program the SIM you want to actually be active on the card, and that's how you switch. | | |
| ▲ | sunnybeetroot 6 hours ago | parent [-] | | Ahh I see makes sense. So it’s not entirely a replacement if you wish to utilise the feature of having multiple eSIMs enabled at the same time. Thank you for the details. | | |
| ▲ | stavros 6 hours ago | parent [-] | | I don't think you can do that with any phone, though. Given that the eSIM is a programmable SIM soldered onto the motherboard, you can always only have one connection active on it at a time. | | |
| ▲ | sunnybeetroot 5 hours ago | parent [-] | | On iOS you can have 2 active at the same time: https://support.apple.com/en-ae/118227 > You can have two eSIMs active at the same time on supported iPhone models. For example, you can use one eSIM for your home phone number and another eSIM for the place you're visiting. | | |
| ▲ | stavros 5 hours ago | parent [-] | | I think that's because the phone has two eSIM modules, same as if you have a two-SIM phone with two of these eSIM SIMs. | | |
| ▲ | sunnybeetroot 5 hours ago | parent [-] | | That would make sense, but it does indicate that 9eSIM isn’t a 100% replacement. If you wish to use multiple eSIMs at the same time, you will need to stick with the phones feature, instead of 9eSIM. | | |
| ▲ | drewbug 2 hours ago | parent [-] | | If your phone has two physical SIM slots you can fill them both with removable eSIM cards. |
|
|
|
|
|
|
|
|
|
| |
| ▲ | userbinator 9 hours ago | parent | prev | next [-] | | eSIM seems like a gradual return to the device-locked model that was IS-95/CDMA in the 90s and early 2000s, where it contrasted with the openness of GSM. | |
| ▲ | sherry-sherry 8 hours ago | parent | prev | next [-] | | I agree. Thankfully in my country (Australia) eSIMs are handled pretty well, no charges for updates/changes and can be done without interacting with a customer service rep. You can also switch back from eSIM to a new physical SIM (say if preparing to travel). This is a place where I really think Apple, Google, etc could throw their weight around for good. If Apple just said to carriers: "You can't sell any iPhone's unless eSIM activations, changes, and updates are free for everyone, and take less than one hour." I think many would follow suit. | | |
| ▲ | Gigachad 8 hours ago | parent [-] | | The iPhone transfer process actually tries to transfer the eSIM automatically, but it seems to require the carrier to support it. I suspect Apple is still in the process of forcing every carrier to just support eSIM in the first place, before trying to push making it work well. The second part might end up being implemented through law though. | | |
| ▲ | sherry-sherry 4 hours ago | parent [-] | | That's true. I think carriers always need to be pushed via law. Australia mandated carriers to support number portability (including transfer time-frames) in 2001-ish. It suddenly became so easy to shop around, keeping your number was super easy. Some started charging 'port out' fees, but that was squashed too. |
|
| |
| ▲ | amatecha 8 hours ago | parent | prev | next [-] | | Yeah plus you can take out the physical SIM to (mostly?) guarantee your cellular service won't be utilized by the phone. I mean, barring some hidden back-door eSIM, I guess. | | |
| ▲ | em500 8 hours ago | parent [-] | | At least in Europe and the US, you can call emergengy numbers (112, 911) without any SIM card installed. So your phone can certainly connect to the cellular network without a SIM. | | |
| ▲ | pests 7 hours ago | parent | next [-] | | To piggyback, the SIM card is only needed for identify/authentication/billing. Your phone is already in contact with all the towers nearby. Emergency calls, by law in the US, go out to the strongest towers in reach, get tagged high priority, any bypass any authentication/billing. | |
| ▲ | tgsovlerkhgsel 6 hours ago | parent | prev [-] | | Some countries (e.g. Germany) disabled this because there was too much abuse. | | |
| ▲ | Aachen 3 hours ago | parent [-] | | Wtf! Why do I need to find this out via HN? I live in Germany and all info I've ever seen says you can always call 112 in Europe with any phone you have on hand, active subscription or not, and worldwide potentially a different number but that it's part of the GSM standard that it lets you call via any carrier because your emergency call is treated differently, always gets accepted and routed with priority Also considering you're required to authenticate to the government before being allowed to have a mobile phone number in Germany, some people might choose to mainly use their device on WiFis and with downloaded maps and other data. It's not like mobile data is that reliable in Germany anyway. That'd be an unpleasant surprise if you are subsequently denied emergency services in the life-threatening situations that 112 is for I didn't believe you, or that it was possibly a temporary thing, but I checked and it seems to be true since 2009 with no news since. I'm curious to try it (if there were a test number like 117 and 119 in Belgium¹) because I'm still a bit in disbelief, or to know if it e.g. works with a data-only SIM, or if an expired SIM works (if it ran out yesterday and you haven't had time to fix it or charge up the prepaid card), or if you forgot the SIM PIN due to stress (happened to me once when the phone needed a reboot, so I spent my trip abroad without mobile service until I got home and could reset it). Is it that easy to change the IMEI of a device, that pranksters abuse the service with it constantly if not blocked outright? Why isn't this a thing in other countries? I have so many questions What a backwater this is in terms of communications infrastructure ¹ https://nl.wikipedia.org/wiki/Noodcentrale_112#Testnummers_n..., English translation on https://www.reddit.com/r/belgium/comments/191hryo/comment/kh... |
|
|
| |
| ▲ | leakycap 10 hours ago | parent | prev | next [-] | | > not only is eSIM a way for operators to impose restrictions on unlocked pre-paid phones Are you outside the US? I've used eSIM on iOS many times with a number of carriers and MVNOs and never noticed a fee (unless you're talking about a postpaid carrier's line activation fee, usually around $36, not related to esim or not) | | |
| ▲ | nottorp 9 hours ago | parent | next [-] | | It's not only the fee. eSIM simply needs too many entities to cooperate just so you don't have to look for a paper clip. | | |
| ▲ | testdelacc1 8 hours ago | parent [-] | | An eSIM only phone could have a bigger battery, if the manufacturer replaces the sim tray with a larger battery. That’s what Apple has done in the iPhone 17 series released last week. The US versions are eSIM only, and have better battery life. That’s a trade a lot of people would gladly make. | | |
| ▲ | antonyh 8 hours ago | parent [-] | | The iPhone 17 in the UK still has the SIM tray, something I'm glad about. Knowing I can pull the SIM and slot it into my old iPhone 8 where there is no eSim support is valuable to me. | | |
| ▲ | nottorp 8 hours ago | parent [-] | | And how about knowing that it takes a minute to swap a physical sim and there is no server to take its sweet time and at worst not respond like for eSIM? Say you arrive somewhere where your regular provider doesn't have signal so you get a prepaid sim from the one provider that does have signal. How do you install it if it's an eSIM? You don't have connectivity on your regular. | | |
| ▲ | JumpCrisscross 8 hours ago | parent | next [-] | | > Say you arrive somewhere where your regular provider doesn't have signal so you get a prepaid sim from the one provider that does have signal. How do you install it if it's an eSIM? One, you can plan ahead. Two, most of those spots have Wi-fi for this purpose. There are legitimate reasons to prefer a physical SIM. This isn't one. | | |
| ▲ | nottorp 7 hours ago | parent [-] | | I just think your mountain holidays aren't remote enough :) | | |
| ▲ | JumpCrisscross 7 hours ago | parent [-] | | I'm not saying your scenario is unrealistic. I'm just saying it's avoidable. I'll generally buy an eSim, if I need it, before taking off for my destination. In the cases where I forgot and was somewhere I couldn't get it, the SIM vendor let me hotspot to activate. |
|
| |
| ▲ | hdgvhicv 7 hours ago | parent | prev [-] | | Only time I’ve used an eSIM was a potential problem with roaming on our corporate deal (was supped to be free roaming but they stop said $1.80 a meg) when I landed in New York. I was connecting before we’d finished taxiing. I have no idea where to get a local sim from, but it would mean I wouldn’t have my normal phone number (unless I had a phone with two physical sims - very rare), and presumably would have had to find a shop at 3 am body clock time and 10pm local time. Maybe there was one post customs, I don’t know as I was autopiloting to the taxi. |
|
|
|
| |
| ▲ | pjmlp 9 hours ago | parent | prev [-] | | In Europe, in the past it used to cost about 5€ and there was a limitation on the amount of swaps. As it is nowadays, I am not up to date. | | |
| ▲ | vladvasiliu 8 hours ago | parent [-] | | Bouygues France still charged a 10€ fee as of September 2024. Didn't need to move it to another phone though, so I don't know how that works. That 10 € fee is exactly the cost they would have charged for a physical SIM, shipping included. Bouygues was one of the companies lamenting the change. They viewed it as a "loss of connection with their customers", whatever that means. I haven't set foot in a phone store in I don't even remember how long, but at least 10 years, so I have no idea what the hell they're talking about. |
|
| |
| ▲ | FollowingTheDao an hour ago | parent | prev [-] | | I bought an iPhone 16e which I am about to sell, not only because of iOS 26 (horrific looking and battery drain), but I did not know they switched to only eSIMs. I have a flip phone which I like to use when I have no need for a smart phone. Now there is no way for me to switch. Plus, I know when I take out my SIM there is no way any one is tracking my phone. eSIMs just another way these companies are trying to control, and as you said, profit, off of their customers. I see this as taking ownership away from the customer as well. I no longer own the SIM in essence. |
|
|
| ▲ | daft_pink 9 hours ago | parent | prev | next [-] |
| The fact that Chinese domestic cell users can only use phones sold in China on eSim, and as soon as they leave China the eSims no longer work, gives me pause that there is some nascent security hole in them. Why would they take such extreme measures if there wasn’t some issue with the security? |
| |
| ▲ | uni_baconcat 9 hours ago | parent | next [-] | | Incorrect. Chinese mobile carriers only issue eSIM to their approved models, which are devices sold in China. Once the eSIM is activated, users can roaming with their Chinese phone number to any country just like a physical SIM card. Also, iPhone and iPad sold in China can install and activate an eSIM from foreign carriers when the device is not located in China. They only banned activating foreign eSIM within China. | | |
| ▲ | daft_pink 26 minutes ago | parent | next [-] | | Thanks, It seems I misunderstood the restrictions when they were first introduced. The purpose appears to be preserving the Great Firewall by preventing Chinese citizens from easily bypassing it with a foreign eSIM. Unlike a physical SIM, which must be imported and activated abroad, a foreign eSIM could be downloaded directly onto a domestic phone, making circumvention much simpler. By restricting eSIM activation, authorities effectively require someone to import a separate device, such as an iPhone purchased overseas, and keep it alongside their domestic phone if they want to activate and use a foreign eSIM within China. I had first read about these restrictions when the iPhone Air was announced but not yet released, and at the time the rules were not clearly explained, which led to my initial misunderstanding. Thanks so much! | |
| ▲ | kube-system 8 hours ago | parent | prev [-] | | > They only banned activating foreign eSIM within China. Is that even a ban? I didn’t think eSIM activation typically roams — I thought it only worked on home networks. | | |
| ▲ | bux93 8 hours ago | parent | next [-] | | I activated a Thai SIM (True) inside of Europe before traveling no problem, so it's not a technical limitation. I think brands like Saily that specifically target travelers are also activated beforehand, so when you arrive you immediately have data. | |
| ▲ | wkat4242 8 hours ago | parent | prev | next [-] | | True, both networks I have in Europe don't allow it. It's one of the reasons I don't like eSIM, there are a lot more restrictions than with real SIMs. With those I can simply pull one of my cards out of my phone and put it in my tablet or 4G modem for an hour while travelling. With eSIM I have to unregister it and get a new QR every time, registering it doesn't work abroad, and they can deny activation based on the device. | |
| ▲ | alibarber 8 hours ago | parent | prev [-] | | Mysterious - I have downloaded UK eSIMs over WiFi, and then activated/connected as if I were roaming, from other parts of Europe. |
|
| |
| ▲ | numpad0 8 hours ago | parent | prev | next [-] | | I did come across non-English article that all-eSIM policy is destroying grey market imports into primarily China and also into Russia. Previously one could easily flip iPhone at or above MSRP to milk carrier subsidies, but those flippers aren't taking iPhone 16/17 as it's harder for the clientele in totalitarian and/or sanctioned countries to use it. I'm not sure if it's an undisclosed security hole or a backdoor, but there does seem like the eSIM push has something to do with China. | |
| ▲ | okanat 9 hours ago | parent | prev | next [-] | | It could be simply IMEI tracking. Turkey also has it. Without being registered in the country registry, the modem just stops getting answers from cell towers. | |
| ▲ | notpushkin 9 hours ago | parent | prev [-] | | To prevent them from using Hong Kong eSIMs to bypass site blocks? | | |
| ▲ | thenthenthen an hour ago | parent [-] | | It is interesting, my EU iPhone can use Chinese eSims unrestricted in Mainland (via trip.com), advertised as HK/Macao/Mainland travel eSims. As other have said, iPhones for the Chinese market can not. So the phone smuggling is still big business. Also, there is a quota on the amount of sims given out each month, but dont er quote me on that (at least that was the case with physical HK/Mainland sims sold in HK Shamshuipo etc). |
|
|
|
| ▲ | lazycatjumping 10 hours ago | parent | prev | next [-] |
| Thanks to Wireguard and basically 0% battery overhead on Android I always keep it activated. If you don't have a Wireguard endpoint just use Orbot to route it through Tor. Did that several times using cheap eSIMs while traveling. Never had a single problem with it (but increased latency because of weird routings around the world). |
| |
| ▲ | riobard 5 hours ago | parent | next [-] | | > Never had a single problem with it (but increased latency because of weird routings around the world). UDP (which WireGuard uses to encapsulate your data) traffic is often de-prioritized. You won't notice it when the network load is low, but it will seriously degrade experience during high load periods. | | | |
| ▲ | 8fingerlouie 8 hours ago | parent | prev | next [-] | | Wireguard is amazing. I have an "always on" VPN routing back home. Anything destined for my home network gets routed that way, and there's literally zero battery drain. I'm not paranoid enough to route everything through VPN though. | | |
| ▲ | lazycatjumping 8 hours ago | parent [-] | | For me it's not paranoia.. more like: I have a ton of unused GBit/s left.. so routing a few kBit... MBit/s of mobile data doesn't hurt. |
| |
| ▲ | berdario 7 hours ago | parent | prev | next [-] | | FYI, most of your comments show up as [dead]. I assume that the ones that didn't (like this one) have been vouched by others. Not sure if dang see this, but it might be worth asking hn@ycombinator.com otherwise | | | |
| ▲ | hippich 8 hours ago | parent | prev [-] | | Recently I was looking for solution to have multiple VPN running at the same time, and without work profile I am limited to one. I want to run two (or more) and be able to tell which app uses no VPN, which routes through vpn1, which routes through vpn1, etc. so far it looks like I need multiple profiles, and that requires root, which Google actively discourages. Maybe someone knows better alternatives? | | |
| ▲ | lazycatjumping 8 hours ago | parent [-] | | I think "WG Tunnel" should be able to do that. You can add multiples profiles and link apps to it. |
|
|
|
| ▲ | Derbasti 8 hours ago | parent | prev | next [-] |
| Last vacation, one of our phones broke. We bought a new one, popped in the old SIM, and went on vacationing. How does that work with an eSIM? |
| |
| ▲ | JumpCrisscross 8 hours ago | parent | next [-] | | > How does that work with an eSIM? Same, except you download it. | | |
| ▲ | mbirth 6 hours ago | parent | next [-] | | Ha, you say that. When my wife’s German T-Mobile eSIM vanished during transfer to a new phone, their portal for downloading a new one required a token sent to that very phone number we just lost access to. This meant we had to do a trip to their store where they said that there’s no process for the store to supply us with an eSIM, but they’ll setup a new traditional SIM which we could then convert to eSIM. Ridiculous! At least it was all free - apart from the time spent. That was a few years ago, though. So, I very much hope they’ve improved on the process. | |
| ▲ | Aachen 3 hours ago | parent | prev [-] | | How do they know it's you, what makes you able to download the subscription token onto your device but not me? Do you need to receive a letter, or email via WiFi somewhere? Do mobile carriers accept unauthenticated devices to let them download SIMs, or does it require WiFi always? |
| |
| ▲ | jiqiren 7 hours ago | parent | prev | next [-] | | Install phone company app, login, and click migrate eSIM to this phone. Whole process can take up to 5min depending on how fast wifi is to connect to your phone company. | |
| ▲ | sherry-sherry 7 hours ago | parent | prev | next [-] | | The flip-side to that is what if your phone had been stolen or lost? You're out of luck with a physical SIM, but eSIM could be transferred to a new device. | |
| ▲ | pests 8 hours ago | parent | prev [-] | | Connect to Wi-Fi and download your service providers mobile app. Load eSIM via that. |
|
|
| ▲ | elAhmo 8 hours ago | parent | prev | next [-] |
| This is a weird title and IMO should have included "international resellers" to emphasise the risks are sourced from there, not really due to the eSIMs themselves. Those online-only, travel-oriented resellers, are incorporated or using providers from unregulated or less regulated markets. If you use an eSIM provided by your own domestic carrier, which I do and many of my friends, especially when having more than one phone number, almost none of the risks in the paper are applicable. |
|
| ▲ | negative_zero 8 hours ago | parent | prev | next [-] |
| Calling it "eSIM" is BS marketing. Every time I've used them it's been painful. I don't know the details but it absolutely is not "SIM technology". "eSIM" is something completely different. A regular SIM: you just pop a SIM card into your phone and it just God damn works. But eSIMs? I've used eSIMs from five carriers in three different countries and every time there is some issue: * "Oh you need our god awful app to install an eSIM" (of course I couldn't easily download it because Google play geo hides apps). * "If your phone is stolen overseas you can simply use this QR barcode again to register an eSIM to a new phone" (I couldn't). * "Works with all phones". (It didn't because phone manufacturers have to bake Telco specific data into your phones firmware. Not supported? You're shit out of luck). I could go on.. The fact that there are now privacy and security issues is not surprisingly at all. This isn't teetching issues. The drafters of the eSIM standard should be publicly flogged. |
| |
| ▲ | Y_Y 7 hours ago | parent [-] | | It's an emulated sim card, it really does emulate that weird little Java processor and everything. It's totally "SIM technology" in that sense, even if it's not conventient because of the restrictions of the emulation device. |
|
|
| ▲ | riobard 5 hours ago | parent | prev | next [-] |
| The paper is somewhat title-bait: most of the data flow and privacy concerns (section 3) isn't caused by eSIM but by MVNO and business practices which applies to physical SIM as well. Additionally, it's expecting too much from _travel_ SIM cards (physical or embedded) where the primary consumer concern is cost. |
|
| ▲ | futurecat 9 hours ago | parent | prev | next [-] |
| Used an eSim on a trip to Japan recently. I wasn't happy when I realized my IP was in Hong-Kong. |
| |
| ▲ | vachina 7 hours ago | parent | next [-] | | The telco is probably from Hong Kong, and using home-routed roaming, that is subscribers access the visited network through the home PDN gateway (H-PGW). When I roam with mine my IP is always from my home country. There is nothing insidious happening. | |
| ▲ | lazycatjumping 9 hours ago | parent | prev [-] | | Just switch on a VPN. No reason to avoid cheap providers. | | |
| ▲ | neilalexander 5 hours ago | parent | next [-] | | Routing through another country unexpectedly already makes your latency worse. Adding a VPN on top possibly worsens it again. | |
| ▲ | dboreham 4 hours ago | parent | prev [-] | | Which goes through HK and somewhere else.. |
|
|
|
| ▲ | unixhero 7 hours ago | parent | prev | next [-] |
| In this aspect, what does people on here think about the eSim provider Saily[0][1]? [0] Website, https://saily.com/ [1] Actual operator is 1GLOBAL alias TP Global * Provision of Services The Services to Customer will be provided by our Technology Partner - TP Global Operations Limited, a limited liability company incorporated and registered in England and Wales with company number 14109189 whose registered office is at 109 Farringdon Road, Farringdon, London, EC1R 3BW, UK (“1GLOBAL”). * https://saily.com/legal/b2b-terms-of-service/ |
| |
| ▲ | Y_Y 7 hours ago | parent | next [-] | | They have a lot of obnoxious advertising which makes me not trust them. I've used Airalo without much hassle, but I can't say that they're any better. I did have an incident where the phone I was using broke, and I was unpleasantly surprised to find that I couldn't just load the eSIM onto the replacement phone, seems like you only get one shot at downloading it. (Dragonpass is pretty good though, I recommend getting that through a credit card or whatever if you spend a lot of time habging around airports.) | | |
| ▲ | unixhero 6 hours ago | parent [-] | | I had to edit and take out my reasoning for asking (I said why I liked it), as it seemed like I was shilling the service, which I wasn't intending to do.
Thank you for the insights! |
| |
| ▲ | philipwhiuk 42 minutes ago | parent | prev [-] | | 1 GLOBAL is owned by 1GLOBAL Holdings B.V. Registered address:
The Valley - Beethovenstraat 505 North tower, Level 6. Amsterdam 1083HK, Netherlands So we're at 3 levels of indirection on ownership already. In practice, 1 Global is the trading name of TP Global because it's the successor company to 'Truphone': > In 2022 the Company was selected in a competitive bidding process, conducted by a UK court appointed administrator
of Truphone Limited (“Truphone”), to acquire all the business and assets of Truphone (the “Acquisition”). And this company was an investment option for Russian oligarchs: > In December 2024, German Manager Magazin revealed that Russian oligarchs Abramovich, Abramov and Frolov, who had previously owned 96% of Truphone and invested more than €360 million in the company, could still benefit from any success achieved by 1Global. So yeah, maybe avoid. |
|
|
| ▲ | 2rsf 8 hours ago | parent | prev | next [-] |
| I read some of the article and stil not sure what is so unique about eSIM compared to physical SIMs. Is routing user traffic through third-party infrastructure unique to eSIM? The other risks mentioned are mostly rare edge cases |
| |
| ▲ | tgsovlerkhgsel 6 hours ago | parent [-] | | Removing the need to ship a physical SIM card created an entirely new ecosystem. There is very little difference between a physical SIM from provider X and an eSIM from provider X (except that one requires an available physical slot and the other is a pain to move between devices), but eSIM allowed many new provider and reseller business models. In practice, this means much more choice, much lower prices, but often also lower quality because everything is optimized to be as cheap as possible and often involves roaming agreements where your traffic gets sent on high-latency world tours. |
|
|
| ▲ | asah 7 hours ago | parent | prev [-] |
| If you want no/less bs, I recommend Google Fi eSim |
| |
| ▲ | UltraSane 7 hours ago | parent [-] | | But then if Google's incomprehensible security algorithm locks your account you don't have a phone anymore and zero recourse. |
|
