Is a prepaid SIM-card with 3G data anonymous?

Question

Say I buy a prepaid sim-card with 3g data and put it in a used 3g modem (dongle) or a used smartphone and then create a Hotspot.

How would it technically be traced back to me? The ISP should see a Mac/IMEI of a device that isnt linked to me, and the IP is linked to an anonymous SIM-card.

Am I missing something here?

Answer 1

many of the large mobile (internet) providers use huge NAT to manage internet access for their customers. I recently was doing a forensic job and was surprised to learn that some don't keep any track of their IP assignments to "handsets" against time/source port.

So if a web connected resource is trying to establish who was using an IP address associated with a 3G connected device (direct; no VPN etc) then some telecoms provider will not be able to satisfy their request simply because they don't store the information - at all.

This is interesting information for those that wish to have privacy online but what is not clear is exactly which mobile providers do this. Also, with the 3G provider that I dealt with (through a legal team) some of their devices/customers are monitored for IP address assignment and others aren't - e.g. the prepay USB 3G dongles are monitored, but prepay handsets aren't.

good for privacy - but a bit frustrating when you're an investigator!

Answer 2

If you purchased any of these items with a creditcard or debitcard, and the serial numbers were recorded as part of the transaction, that chain of information could lead back to you. I am not certain how easy the backtracking would be; it depends on the retailers, their inventory and sales tracking, and the zealousness of the investigator. It is more likely -- given the scenario you describe -- that a system using this connection might leak information to the Internet that could be captured and cross-referenced with the ISP/wireless providers logs to identify the system owner/operator. Data leakage could include things of this sort:

• Google account info (using Chrome browser, which is authenticated to the Google account)
• Website or webapp credentials (logging in to a website, without a separate VPN/TOR/e2e encryption tunnel -- not just relying on server-side SSL/TLS)
• Any one of a number of "phone home" utilities, protocols, or applications. (zombie/bot-net infection, calling to the CNC server; Windows Update; Red Hat Update Network)

A good starting point to learn what info may be used to identify someone is the EFF: https://panopticlick.eff.org/
https://tor.eff.org/about/overview.html.en#stayinganonymous

Answer 3

If any piece of this setup was bought with anything but cash (or is in some way traceable to you - e.g. you use an old smartphone you own), then you may be leaking some data that would allow identifying you (phone IMEI and MAC notably).

As other have pointed out, location is in all cases recordable (and very, very, very likely is being recorded). As would be the location of your current cellphone if you have one. Consider, too, that unless you make a point of disabling your tethering phone (e.g. remove battery, SIM) after each use, there may already be a link to your home, etc.

In conjunction with a fair bit of other opsec, this could be reasonably effective, and to a point, how well the efforts protect you might also depend on what you are using all this for.

Finally, consider that if you do USB tethering, then if you had very serious adversaries, you might be opening yourself to certain forms of compromise.

Answer 4

A 3g modem or any kind of modem, act like a phone to connect to the internet.

Every phone can be tracked by the authorities or anyone whom got an access to a SS7 network (the operator's network) with a single SMS type 0 (http://www.phonearena.com/news/Did-you-know-that-silent-text-messages-can-be-used-to-track-your-whereabouts_id53557) and many other ways.

In addition the modem has a mac and ip addresses which can be used to track it down.

In addition to all one can setup a fake BTS (even script kiddies) and track you down by the IMEI - as the phone transfer it to the network.

After the person or party that tracking the modem/phone has the geolocation, it's pretty easy to determine which data is sent from the phone and recieved to it.

So I'll say that it half anonymous - people can track it down but it can be thrown away.

BTW 1 - the geolocation can be estimated with 10 meters radius.
BTW 2 - the above doesn't include hacking the modem or to tge sim card (which both possible) BTW 3 - there are the payment tracking methods as mentioned before.

Answer 5

It's also good to note the following:

1. Was it purchased using cash and without anyone knowing you made the purchase(Surveillance footage, etc)
2. WiFi capable devices can be identified through its MAC Address and although prepaid is essentially not easy to trace, prolonged use of a number and MAC address can lead to a "pseudo ID"
3. The Regulation of Interception of Communications and Provision of Communication-Related Information Act (South Africa). Where any phone number is only activated after its been registered with your ID document and proof of residence.