I think the main advantage is that if a state actor wants to Pegasus you, they can always get into a normal iOS/Android device until the next reboot. It's not feasible, even with the resources of the Israeli state that Pegasus can support ALL models of random dumbphone that has ever existed, so there is a fair chance that while the security may not be modern on an old Nokia, they would need to burn 1000 development hours to deploy bugging malware into it that already "just works" with iOS and Android.
this post was submitted on 02 Oct 2025
275 points (95.1% liked)
Privacy
42291 readers
661 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
If you have to connect to an intermediary to make a call, you can be heard and traced. GPRS is only marginally better if you and the one you call are on the same uncommon frequency
I think you're conflating security with privacy. Not that they are unrelated, but something can be e.g. unencrypted but lack telemetry.
Not that dumbphones are inherently private, but I don't think they're less private either. They're just what you use if you have no need for all the smartphone functions.
Idk, being locked in to using only communication protocols that are known to be roughly wide open seems like kind of a privacy non-starter, right? Sort of fails the attempt before you even start, no?
Edit: a wiser person than me reads the rest of the thread before a comment like the above, but I'm not them sadly. (AKA, plenty of good points made by others)
I suppose that begs the question of whether or not privacy (as used by this community) inherently means private in the colloquial sense, like the way a diary is private. Because to me, a e.g. public static website with no kind of profiling of its users is privacy-respecting, but obviously not private in the colloquial sense—it's a public resource.
I do use SMS sometimes and I use it strictly for things that I'm happy to be basically public. Same for using other protocols like unencrypted email.
A stock smartphone is also locked in to mandatory telemetry, like a stock dumbphone. The practical difference is that there's a much smaller community for installing custom FOSS OSes onto dumbphones compared to smartphones.
It's not about having a device that's secure, it's about having a device that you use less, to the point that it's not much of an attack surface for surveillance capitalism or (possibly) hostile governments.
It's much harder to profile someone if they aren't fed a steady stream of what you say and what you click upon.
I would argue that phone that a phone that runs Android is not a dumb phone. Not having a Google account logged into your phone is a huge step towards privacy.
See:
- Mudita Kompakt
- Punkt MP02
- etc.
Also don't fall into the trap that privacy is a binary issue. There's a massive spectrum.
Yes, I've only ever seen the term dumbphone used to mean a phone that's just a phone, not a computer. No OS, software, internet, etc.
I can't speak for everyone, but if I'm using a dumb phone, I'm not going to be doing any of the things that I'm worried about them hearing.
If ICE grabs my phone right now and beats me until I lock it. They're going to be looking through my lemmy history.
I'm not going to hold a long political dissertation over SMS or during a phone call.
What I really want to at this point is a pager, a cellular Wi-Fi access point, and an 8" tablet that can run Linux and sip power so I can just pretend I don't have a device.
What I really want to at this point is a pager, a cellular Wi-Fi access point, and an 8" tablet that can run Linux and sip power so I can just pretend I don’t have a device.
This is basically what I was thinking. Where can I find a fully functioning 8" Linux Tablet? I feel like the rest of it is easy peasy.
Edit: In my head, I am imagining a steam deck but with the side controller bits snapped off. Someone pls make this. lol
Okay, it's no steam deck, but the GPD-4 6xxx model looks like it supports Linux reasonably well.
https://gpdstore.net/blog/gpd-pocket-4-review/
It's an 8.8 inch 180 degree touchscreen and it has a keyboard built in.
It's a pricey sausage, but not more expensive than my flagship phone.
That is very interesting indeed, thank you for bringing it up!
Pine64 has something I think. I don't know if it's any good though.
I've mostly just heard they are a little under-spec'd in general, so performance is not great.
I keep hoping the Halium project will pick up support for some small tablet, but those are almost all bootloader-locked. I don't love Halium, but anything is better than what we have, I could deal with some UBPorts.
I even looked at DIY. There's no lack of 7" touchscreens, but Pi's are apparently bad on power. There are a couple of mini clone boards that might work, but they all have tradeoffs and red flags.
I feel like every time Halium comes up it comes with qualifying statements (like "I don't love Halium"). I don't really know enough about it to know why that is. What are the problems with Halium that people don't like? Is it what it does (or how it does it) that is the problem, or something else about the project?
The primary problem we have with putting Linux on phones is a lack of drivers. Hallium is basically fishing bits and pieces out of AOSP, then feeding that data into the Linux install. The upside is that we get pretty good power management and we get working cameras and working radios and all those creature comforts you really expect a phone to have.
The downside is that Google (and nearly every hardware manufacturer) is rather aggressively heading towards locking third parties and out of things. It's not hard to envision a world where a couple of back room deals are made and some firmware updates happen. And all of a sudden, hardware that is at any updates is not capable of running Halium.
Halium's core system partition is also read-only, so there's some lack of hacking ability there that we'd really like to see. You have to put the custom stuff you want into a separate container. Not impassable, though.
Halium is at the very least private and works fine right now. Will it continue to work? Once the eye of Sauron hits it, will it survive? Will it be sued into submission? Will it be sabotaged by Google or the hardware manufacturers?
It might very well be the crutch we need for now. But it also makes sense to get the hell off of it as soon as we can.
I think the main problem is, that it solves a problem, that shouldn't exist in the first place. If OEMs would build (and ideally also upstream) proper drivers, then we wouldn't need a translation layer
GrapheneOs Duress Pin is what you are looking for in your described scenario i think
GrapheneOS provides users with the ability to set a duress PIN/password that will irreversibly wipe the device along with any installed eSIMs.
That's a good way to get locked up for 6 months while they 'investigate' you
What are you trying to hide RUMBA??? Ihre Papiere bitte
there are cases out there of people being detained for years for not providing the unlock pin/passwords to encrypted data.
yup, I want no parts of that.
Here's my license, here's my phone. here's my travel laptop.
I just stopped traveling altogether
As others have mentioned, this is a matter of threat model. To be realistic, a sufficiently determined government will always be able to access your communications, but companies like Facebook and Google can only access them if you give it to them willingly. On the other hand, if other people you communicate with do this by themselves, then you've gone through all that effort for nothing. It's also worth pointing out that it cannot be proven that a regular phone does not have corporate spyware installed, so this may be another way your information could leak to companies.
That said, it is pretty insulting that tech companies have decided that they're simply entitled to everyone's private communication data. That for me is probably the biggest motivator in trying to avoid their services as much as possible.
a sufficiently determined government will always be able to access your communications
If you use encrypted messages and both people using the messages have a phone with disk encryption then there is literally no way for a government to gain access to your messages. That is assuming the government isn't going to torture you.
You can make a smartphone (more) private, but out of the box and loaded with standard apps (eg Google), its a privacy nightmare. So I get where they are coming from. Sure using SMS isn't private, but dropping all that app addiction is.
It comes down to the hostile actor you are trying to defend against. If you are Jason Bourne and you have been burned by your agency so multiple nation-states are looking for you, then you have to go fully off-grid and live a quiet life without ever communicating with anyone in your prior life again. It doesn't matter if you are using Signal, or SMS, or even a dial-up BBS. If you are communicating with people that are also under heavy surveillance, you cannot hide.
If you want to reduce your "digital footprint," then not using google/facebook/other social media is the most worthwhile thing you can possibly do. Your phone doesn't matter. Use iOS, never install any of the social apps, use Safari in incognito mode, and you'll never be tracekd across websites again.
This. A dumbphone is private in the sense that it's not collecting and transmitting a whole lot of data to Facebook, Google, etc., which is what most people are concerned about in this community.
If you also want encrypted communications, use something built for that purpose. But keep in mind, the other person will also have to have a compatible device, and probably isn't as concerned about maintaining hygiene.
load more comments
(3 replies)
Switching from a smartphone to a dumbphone is usually not about increasing privacy in the first place.
People tend to make the switch for mental health reasons, rather than privacy ones. When your phone goes back to being a direct communication tool rather than a passtime, you tend to realize just how much time you spend during a day doing basically nothing.
load more comments
(1 replies)
You are conflating privacy and security. They're not unrelated, but generally speaking while a dumphone may be less secure than a smartphone, it's also certainly more private.
load more comments
(5 replies)
With dumbphones, you’re usually limited to regular phone calls or SMS/MMS messaging.
That's kind of the point.
Sure, you can't do much with them, but by that very fact you also won't have nearly as much data to be spied on.
Likewise, you can do much more with a smartphone, but that comes with a much higher surface of attack, and you also have to work a lot harder to keep all the data away from spying.
SMS/MMS and the PSTN are completely compromised by multiple governments. Not saying that makes smartphones any better, just be aware.
load more comments
(1 replies)
If you're willing to live with a dumb phone, you're willing to live with a Linux phone (Or an open ROM without Google apps). AFAIK they can call and text just fine without installing anything else so any Linux apps you like are just a bonus.
load more comments
(2 replies)
I guess the idea is that you wont be able to do a lon with a dumbphone, so it's basically a paperweight that sometimes receives calls and with too much luck, an SMS. You have a tool for emergencies or specific events, but you don't have your life on it, so you keep most of your privacy from ever reaching it. That's my take, at least.
Exactly, taking away tools which enable you to enhance your digital privacy, or the ability to use such tools, is fundamentally a flawed way to enhance your privacy in the long term.
Same for security with rooting, and it's the same reason why the argument that "rooting makes your phone less secure" is a fundamentally flawed argument.
Yes! I hate that companies are trying to make people think thar rooting=unsafe. Then make it work safely. Root user is safe on Linux, then why it isn't on phone?
That's just boils down to user not giving root access to every app.
Because they don't know what could potentially be running with root access and they'd rather block everything they don't know.
Earlier this year my accountant asked me to install an app on my phone to give them access to some banking details and that app would not open the login screen without the gboard keyboard enabled, because they considered custom keyboard apps = bad. It also would not let me use password managers, so I was forced to put my banking details beyond a weaker password than any of my online accounts for random sites.
load more comments
(1 replies)
I figured that the point of using a dumb phone would be that there hopefully wouldn't be meaningful accounts, information, and communication to really get at. Regular calls and SMS were already fair game, and there is basically nothing else on there. Nothing for evil megacorps to siphon up, no social media, not much of anything.
I always thought people used the term "dumbphone" to refer to old-fashioned devices that are just a phone and don't run any OS.
even all old Nokias and flipphones and the like have an OS they're just in house developed proprietary embedded software/firmware not open sourceish like android
its how almost any sufficiently complicated device that uses PCBs works even modern washing machines and such run atleast what it basically a firmware os
load more comments
(14 replies)
Your ISP can read any text message you send and view metadata logs of any phone calls you make. In lots of places (like Australia where I live) ISPs are actually required to keep logs of your messages and phone calls
Why would my Internet Service Provider have anything whatsoever to do with my dumb phone?
Yes, texts and calls aren't hidden from your mobile phone provider, they never were. I agree it's not great, and the government is likely spying on you as they have been for decades.
But alas, I don't see a solution without using a non dumb phone and encrypted apps, which will require the internet and at that point you've not got a dumb phone any more.
My Nokia 3310 still works great. Sure, the government could spy on me, but I don't discuss anything sensitive over the phone (traditionally one doesn't, for this very reason, wiretaps and the like). It's a tool for casually staying in touch and arranging to meet up ^_^
load more comments
(3 replies)
Nice thing is, usually the dumb phones have removable batteries. So just remove the battery when you're not using it. Problem solved.
GrapheneOS or nothing. We have to support them whenever we can more than ever. The battle against mass surveillance will become increasingly difficult. Many countries are heading towards neo-fascism and will use all state power to end privacy at all costs
load more comments
(2 replies)
view more: next ›