Guide to burner phones: How to buy, use, store, and dispose anonymously : OpSec | Torhoo darknet markets

I have been researching burner phones for some time now and have used them successfully in various operations. For some reason there seems to be a good deal of gatekeeping when it comes to this topic, which is why I aim to shed some light on the practices I use and would recommend to others.

Thanks to https://torhoo.cc/go.php?u=TDNVdmIyNXNlV1p2Y25Oc1lYTm9aSE5zWVhOb2IzQnpaV009# for his comment on this post : /post/4ce056f907fea0444e13/#c-7264ddf8e4baa21625. This guide is a combination of my knowledge as well as his, gotta give credit where it is due.

1. Buying phone:
a) craigslist in the largest city near you will usually have dozens of phones available for cheap, especially after holidays when people get new phones as gifts. Look for google pixel 6+ phone, as they are the only type that can use grapheneOS. Contact the seller via VOIP number and meet in an area without cameras such as a public park or nature preserve
b) [ALTERNATE] you can order some shitty Chinese android dual sim phones via alibaba but they might not be capable of running graphene, so try to search for pixel phones. Also shipping to your address is unwise, so this method is discouraged.

2. SIM:
a) stealths.net has a massive selection of inexpensive eSIM phone plans, although they do not allow for top-up nor will they allow you to make or receive text; they are LTE only which is why you need to rent a phone number for monero elsewhere (see monerica com) or use VOIP
b) [ALTERNATE] Find a pre-paid physical sim, but don't use big-box stores which take your ID and have facial recognition software. You can find good ones in poorer areas of town, especially at foreign grocery stores. As slash d mentioned, Mexican ones are the best. I can personally attest to that, they ask zero questions, although you should know some spanish to blend in.

3. Installing OS: use GrapheneOS or CalyxOS (Graphene is the only device that has proven difficult for the forensics companies to crack).
***NOTE*** This is only possible with carrier unlocked phones. Carrier locked, especially verizon, will never allow you to unlock boot loader
- Download GrapheneOS from grapheneos.org/install/ on your PC via tails
- Go to phone settings > about phone > tap "build number" multiple times until developer mode is unlocked
- go to settings > system > developer options > turn on "OEM unlocking" so that you can boot in an outside OS (Graphene)
- on tails or other linux-based system, install the android-sdk-platform-tools-common package (debian and ubuntu)
- turn the phone off, then press both volume down button and power button together > bootloader screen opens
- use the volume buttons and power button to navigate the bootloader menu
- flash graphene img to the phone [ALL PREVIOUS DATA ON PHONE WILL BE LOST]
- boot into graphene and go to settings > system > developer options > turn OFF "OEM unlocking"

4. Downloading apps: Replace Google Play Store with F-Droid or Aurora Store ; AVOID ALL GOOGLE SERVICES
- maps: organic maps ; OsmAnd
- email: morke dot org is the only email I know of that doesn't glow, especially after proton sold out to the feds. rise up is basically impossible to get in to. Pissmail and cock li have not been loading for me recently
- NOTE: all the providers can see the content of your emails. Always pgp encrypt sensitive data
- messaging: briar or simplex; signal is for limp-wristed leftists apparently

5. VPN: Orbot, installed via F-Droid or github repository. Configure to connect over whole device by doing the following: in Graphene or Calyx go to Settings > Network > Advanced (at the bottom) > VPN > settings wheel next to Orbot > "Always On and Block Connections without". You can also just do this in the app itself

6. Tor: come on bro, why would you use tor browser on your fucking phone. Tor Browser on Android makes you stand out heavily, and when paired with the Orbot could cause Tor on Tor situation. If you want tor, buy a PC from craigslist, and boot from tails USB after deleting the windows installation from the internal drive and removing NIC and HDD/SSD. Use the PC only for tor.

7. General hardening:
- Never enable Bluetooth, NFC or Location. Disable it completely for all non personal profiles on the phone.
- Never ever ever use a PIN code for your phone. The phone forensics companies such as Greyshift, Cellebrite and MSAB can defeat the ARM based security chips rate limiting already. The RISC based chips are holding out better, but assume they will be broken too.
- Treat the phone code as if it were an encrypted volume key. At least 25 characters alphanumeric login
- Never use biometric locks, obviously. Have something to cover the selfie camera at all times. IMPORTANT: modern phones all have the ability to read your fingerprints from the phone screen. Invest in a stylus or wear gloves. Although graphene should not have this problem
- for Graphene, set a reboot time of two hours or less to bring the phone into BFU state. Always assume a copy of your flash storage can be taken by the forensics team and placed into the cloud to be brute forced. Even if the rate limit chip on the Pixel is defeated it should not be possible to brute force your code.

*****
NOTE: THE FOLLOWING ARE FOR THOSE WITHOUT GRAPHENE INSTALLED. Graphene protects, hides, or spoofs all of the following by default.

8. Location spoofing: plenty of open source GPS spoofing apps on F droid, all of which require a rooted device. Rooting gives full control over the system but increases attack surface. Only do this if you understand the risks.

9. Device Fingerprint: Root your phone with Magisk or Xposed. Change IMEI, Android ID, and Serial Number using spoofing modules

10. Change IMEI: sim cloning ; Look up an app called App Cloner.
- If you pay for the premium you can spoof new IMEI/IMSI etc.
- Can change or hide Android ID, IMEI / IMSI, Wi-Fi & Bluetooth MAC
- Can change Google Service Framework (GSF) ID, Google / Amazon Advertising ID & Facebook Attribution ID (although this is irrelevant for graphene, it is useful for carders, so I'm including it)
- Can change WebView User-Agent
- Can hide Wi-Fi info, GPU info, hide SIM & operator info
- Can customize build props to prevent device fingerprinting
*****

11. Storage and Usage: Don't take your regular phone anywhere with your burner. They should never be able to be correlated closer than a block away AT LEAST. Store your burner in a faraday bag when not in use, and only take it out when you've gained sufficient distance from your home. Some people (read: idiots) like to place their personal phones in Faraday bags when using their burner phones and vice versa. It is trivial for anyone with access to the cell tower such as LE to demonstrate the correlation. Instead, leave the personal phone at home and switched on at all times.

12. Disposal: When shit hits the fan or when you feel you need another phone, disposal is essential. Wipe the phone. Take out physical SIM, smash it with a hammer. Do same with battery. Now do the same with the phone. Drop it in the sewer after wiping your prints. Burn any remaining shards/pieces or flush em down the toilet.

13. Dealing with Cops:
a) Never talk without a lawyer
b) immediately invoke your right to silence. If you do not, cops may try to trump up non-compliance charges
c) always deny access to the home and personal property
d) don't let them scare you with their lies and manipulation

Hope this helps guys!