Purism SIM on other carriers

Is it possible to use Purism SIM cards on other carriers that could possibly accept it. Better yet are there “armored” “firewalled” SIMS out there that can act as a first barrier or deterrent for intruders in particular. Of course malware and viruses too.

I’m trying to avoid 2-3 years of Computer Science study because honestly I’d rather study something else. But the leak of information is getting all to real and will only continue to populate in popularity.

Thank you
Best

1 Like

Good question. I also would like to know this too.

A sim card just stores information. It can’t really protect you from anything. Its somewhat analogous to a driver’s license, it serves to identify your phone to the tower.

2 Likes

If this is true then how do you go about actually securing a device from any form of a threat? be it intruder malware or virus? Right now the best I can do is just hope and wish that Apple does their job and I can call in frequently to have them scan/search my accounts on phone devices. But this is no way to live what so ever. Studying comp sci for years is a waste of time if I wish to study something else. However how can you ensure the protection of your privacy and personal information from said intruders.

Purism’s SIM identifies itself to Purism’s MVNO and is then authorized to connect to their network; Purism’s MVNO is financially contracted to use a specific network (AT&T at present, I believe) as it’s infrastructure. Sometimes an MVNO is also authorized to roam on other compatible national networks when primary network coverage is lacking, e.g. AT&T on T-mobile, or vice versa. I don’t know if Purism’s MVNO is authorized to roam in that way.

In other words, the SIM (which carries the phone number) is locked to a specific network (and any MVNO/reseller of the same network). To use a different network, you would need a different SIM from a different carrier, resulting in a different phone number.

I wouldn’t think a SIM is a vector for attack. The biggest threats to mobile are probably malicious apps, infection through the web browser, incoming messages or emails that deliver links to malware, and, above all, weak online phone subscriber account security, either by the network provider, or the user him/herself. (If it’s easy for a thief/hacker to take over your phone account by convincing customer service to transfer your number to a new SIM in a different device, they can take over many, if not all, of your most critical online accounts.)

So what your suggesting is I would have to go to a completely random carrier store. Swap out the shipped SIM card as it is most likely logged under your account name & then have to randomly pick a new phone with a new IMEI while simultaneously changing your phone number at the same time?

What about your old networking system? It is obvious that you wouldn’t or should be highly advised to never log into any old email/social media account that is/was tied to the compromised phone. But what about friends and family and their phone devices? wouldn’t their network be suspect to attack when a new device is registered under their device through email/text/incoming call/social media/etc?

Your name would then be attached to some other sim card and phone number. What is it, exactly, you’re trying to avoid? Or prevent?

1 Like

About SIM cards:

To be blunt.

My phone slipped out of a set of pajama pants that had shallow pockets in public. This happened in one of the not so nicest of neighborhoods in Massachusetts Boston. By the time I noticed I traced back, found the people who more then likely picked it up but who admits to stealing. Big lesson learned there already, do not ever live in low income neighborhoods ever, I was only there temporarily and this was a huge breach. My pass code was 1212 due to the frustration of having a cheap phone with bad accuracy. What happened next was a complete rape of my own private information and it was clearly posted on social media as within 24 hours I had become public enemy #1. I wish I was making this up. Some skeletons in my closet were brought to life. Not to mention a phone number to an innocent girl was exposed and god knows what happened to her.

I know for complete 110% sureness that this current device is clearly hacked and continuously monitored by self proclaimed social justice hero’s who in all honesty, have no idea who I am at heart. I’m going to skip over a large chapter of sensitive information as why the hell would I explain myself even more to random strangers?

A hidden camera was installed in the cheap ass moldy room I was renting and I was aware of it entirely but was going through a huge bout of MDD (major depressive disorder). So it pretty much looked like I wanted to die, with no care of the hidden camera (hence depression) and rumors unfortunately spread so far it spread to other towns.

Now I’m dealing with a bunch of beginner hackers, hacking into my Gmail and everything personal, changing settings on my phone, the whole kit and caboodle. All thinking they were sharpening their wits on a dead mans skull. Nothing could be further from the truth, again more personal information isn’t necessary to hand out to strangers. Like mentioned above I am going to do the best I can to retrieve a new device with new service but check this out. If they cloned my phone and know contacts then once my new number is sent to one of my networking families then boom we start all over again. It’s why I’m going for an Apple phone for now as its all I can afford (unemployment). Apple and Verizon already spotted and found fraud before my new phone was sent out. Another account with the name of a bunch of random symbols (dead giveaway of a hacker) and an email that was 139@(enteremailcarrierhere) was duped to my new account. The attack was so serious that Verizon will not accept my credit for a good long time. It also is a dead giveaway of the persistence of said hacker(s) mission to continue to rape my own life and destroy my own American dream.

I wish this was made up but its unfortunately my reality. So what am I trying to prevent? I’m trying to prevent my privacy, personal life, friends and entire existence of a human being from being RAPED again. Because the story is getting old. and people just love beating a dead horse to the ground. It is why I said “Wasting time studying computer science” because I’d rather invest my intellect in other fields of study in college. So having a full proof strategy of my information never being breached and manipulated again would be a God send. So I may go to college and study what I want to study. Not Computer Science to only become another IT worker all because I have to protect myself from something that isn’t my fault.

Poor towns in Boston suck. poor people suck. They have no clue that they just almost destroyed a man, a man with a will to live, entire life for NOTHING. We all have skeletons in our closet. I don’t know why my skeletons won’t be laid to rest.

In your case, the issue isn’t the sim but rather the weak pin on the phone. That opened the door to your google account and then everything else. So, in the future, set up an actual password (a good password, not p@s$w0rd) and don’t keep anything on the phone that you don’t need.

2 Likes

Also set a SIM lock code (see the phone settings for that), so that no one can simply remove your SIM and use it in another phone without knowing the code.

1 Like

I’ll definitely look into a SIM lock once I retrieve my new device. But what should I do about my former Gmail accounts and such? Because it seems that the intrusion has leaked its way far into my social media. I also noticed many different devices logged into my Facebook.

What would you recommend? Obviously I’m going to use an Icloud.com address as my main address and keep my old device for my former addresses. But as far as a Facebook… Should I contact Facebook about the intrusions and see if they can secure my accounts before logging in?

I understand as a victim of loosing your phone and having weak passcodes and such to never do that again and that it could happen to anyone. But what are the series offensive defenses needed to use against actual hackers**?** is that just it? A whole new device with all new everything and keeping my passcodes in private? I’d imagine all my old Gmail and again Facebook is bugged to hunt down new devices that log into the accounts.

Eventually I do plan on purchasing a Purism contract or one that is similar. But for the time being it is a name brand carrier and Apple protection.

Do any of you recommend protection further by adding a firewall and/or VPN. A long discussion with apple said that their build in VPN is very strong but purchasing or using a high quality VPN wouldn’t hurt and may actually help. Although he did mention that the firewall of the iPhone is very strong and just as fraud was discovered previously with Verizon and Apple together that they are fairly swift at identifying threats and dealing with them with haste. Also that if I ever suspect any virus, intrusion or malware; even at the slightest, to not hesitate to call the tech support team to have it evaluated and possibly go in store to have a technical employee do a physical search. Saying that in some cases they will warrant a brand new device with a new SIM card and keep an eye on your identification as Apple takes intruders very seriously as it is their reputation.

However third party vendors such as Purism seem to have something that Apple cant offer. It is why I was originally asking if a Purism SIM could be identified by major carriers so I could have Purism SIM, carrier protection, iPhone with build in firewall and VPN, possible VPN and firewall service and then Apple themselves which seems like a hornets nest of IT workers just waiting to be pissed off by just one hacker period. I did want to combine all this with a Purism SIM but it seems like its overkill or unnecessary.

This is a perfect example of what happens when the wrong people decide to leak out your personal information on their own behalf and try to assume they are intelligent enough to decide what your life will be. What my past six months have been have been ironic to the definition of a man. I have stood my ground, not getting kicked out of my home and against all odds stood up to any enemy who thinks the skeletons in my closet are who I am.

I’m growing very tired of this. I know who I am and someone or people in general want to psychologically cut short or stunt my future growth as I age into an adult human being. I’m sorry I have a life to live and tired of rumors and build up false accusations of who I am attempt to stunt or shorten my growth. If anything it proves just how disgusting the American society is as a whole. So desperate to be a hero saving the princess that they are willing to sacrifice a good mans life, paint and tattoo him as a monster, in order to get into the princesses life. If you can read in-between the lines on that.

It’s actually kind of pathetic as I am just one human being. I feel that forces this strong trying to stop me or trying to predict what my behavior will be based on google definitions. View me as a threat of who I may become or the potential I still have left once I graduate from an institute and decide to continue study for the next 9-14 years of my life. For if I did not have the potential or the threatening ability to instill fear in other males; Then that could conclude that I would just be another brick in the wall, number, sheep, passerby. Excuse me but I don’t want my growth stunted by a bunch of stupid people who read the definition of psychopath on google and automatically think it applies to me. The human brain is diverse and is still being explored as we still do not know entirely how the mechanisms of the brain operate. I rest my case.

With that said
What are some really good firewall/VPN brands I can purchase or use on top of having an Apple phone until I am able to purchase a phone plan like Purism?

Thank you for all the help and understanding exactly why and where I am coming from in simple human basics of terms.

A VPN will help you from getting hacked in that your location is hidden and your traffic is encrypted. That will help while you’re surfing, but your real issue is how to secure your accounts. Go ahead and contact whatever services (google, Facebook, etc) and plead your case, worse thing that can happen is nothing changes (ie, it won’t make anything worse for you). Whether you get your accounts back or need to start new ones, set up 2FA but that doesn’t use SMS/texting (if your phone gets jacked again, SMS 2FA won’t help you). Also use different good passwords for your different accounts. Don’t use practices like logging into service X with your Facebook login. The more separation you have between your accounts, the better. A password manager is good for all this, provided that that password is as bulletproof as you can stand.

It’s a pain to be more secure and that’s why most people don’t do it, but I think you’ll agree that the inconvenience is worth it.

3 Likes

While your summary of the situation is fine … the SIM itself is a vector for attack. The SIM card has a surprising amount of functionality and, sadly, like so much in IT, is itself a vulnerability. In that scenario though, I don’t think a Purism SIM is much different from anyone else’s and, as you say, there are many more likely attack scenarios.

No.

The benefits of a Purism SIM are two-fold.

  1. Purism holds such personal information as US law requires.
  2. That makes it more difficult for the underlying MNO to sell as personalised information anything that the MNO gleans from your call or internet usage.
1 Like

About your mention on the attack scenarios. Do you have any suggestions for the best possible protection? Or is this something that is going to be ongoing until it dies down? If that is the case then bringing in IT forces that rival if not completely level any hacker (Federal Borough of Investigation) might be my only option here for freedom. Which is something that I will do if I have too.

What I fear is that as collateral damage, my entire ID and network of friends has become target practice for hackers due to some idiot leaking my information or some group of people thinking I was trying to die.

How disgusting it is to witness the destruction of someone’s American dream based on rumors and accusations

It seems to vary by country, presumably depending on how initial provisioning is done by carriers in that country. Here’s your reading starting point: https://en.wikipedia.org/wiki/Simjacker

Forum discussion (found using “search” but that was easy for me because I knew what to look for): SIMjacker: does it affect Librem 5?

Blog post from Purism itself as to how this does or does not apply to the Librem 5: https://puri.sm/posts/sim-application-toolkit-avoid-being-exploited/

NB: All of these are discussing a specific exploit. I was making a more general point: Rich functionality, overengineered, in a lightweight platform (the SIM itself) with potentially no possibility of underlying software update, and all closed source (both the applications and the underlying software) … is a toxic combination.

And a more general point to @‍amarok: Do not rule out the SIM card as an attack vector, which I’m sure he understood.

But let’s come back to … there are many, many ways in which mobile phones are attacked and most of them are more likely than directly attacking the SIM. You, as the target, of course need to defend against all of them. :wink: