Open in app

Sign in

Write

Sign in

Digital Anonymity: Burner Phones

Michael Bosworth
6 min readMar 6, 2019

--

Sometime after departing my job as a software engineer on one of the Big Five’s security teams, but before returning to the land of regular employment, I started to look into the practice of online anonymity. It wasn’t all that hard except for one thing. Surprisingly, the weak link in the chain turned out to be phone numbers. Here’s why.

Let’s say you want to use a common email service, such as Gmail. During sign-up, they ask you to prove you’re a human… by entering a phone number.

Above is ProtonMail. Their very raison d’être is encrypted email. They, too, force anonymous users to provide a phone number, which can be used to link identity with sign-up — even if ProtonMail is terrific (which it is) and promises they won’t do that. Donation is another alternative, but for payment they only accept PayPal or credit card, also known as “your identity.” And that’s an email service dedicated to privacy.

What’s the solution? You can try to use a free “virtual” phone number instead of your own; virtual numbers are offered by Burner, Twilio, and similar apps. It won’t work. Gmail and other great services reject virtual numbers.

So I’ve made an SMS service called Phitbone to bypass all that noise. It offers real numbers, not virtual numbers. It’s inexpensive. It doesn’t require your email, your banking info, your mother’s maiden name, or even a DNA test. The steps to use it are as follows.

Buy some Bitcoin.

This step is quite easy. Services like Coinbase make it simpler than, say, sending a wire transfer from your bank’s website, especially if your bank’s website is anything as delightful as mine.

Sign up for a cryptocurrency exchange.

Cryptocurrency exchanges are where you go to… exchange cryptocurrency. Why do this? Because popular cryptocurrencies (Bitcoin, Ethereum, Litecoin), although easy to buy and easy to exchange, are about as private as a TSA checkpoint. You need to swap Bitcoin for a cryptocurrency that can do privacy: Zcoin. One example of an exchange you could use would be Bittrex. Any functioning exchange will do, though.

What’s wrong with Bitcoin? When you send Bitcoin, it is possible, in so doing, that you reveal to the recipient every payment you’ve ever made. Oh, and also how much Bitcoin you own. Imagine if buying a coffee with a MasterCard revealed to the barista how much was in your bank account and every amount you’d ever spent on anything else. There are ways of avoiding this problem, but better to use a cryptocurrency already designed with privacy in mind.

Send your Bitcoin to the exchange.

The following steps specify Coinbase and Bittrex, but the workflow should be similar no matter the vendor or exchange.

  1. Log in to Bittrex. Use the “Wallets” link and you’ll see a list of different cryptocurrencies.
  2. Use the button for depositing Bitcoin. The button is a green circle with a downward-pointing arrow. Be careful to confirm that you’ve used the button for the right cryptocurrency. “Bitcoin” and “Bitcoin Cash” differ.
  3. An “address” (a string of letters and numbers) will be displayed. Copy this.
  4. Log in to Coinbase, go to Accounts, use the send button under the account that says BTC, and paste the address you copied.
  5. Send the Bitcoin.

You just made a transfer from Coinbase to Bittrex. After a little while, your Bitcoin will appear in your Bittrex account.

Exchange your Bitcoin for Zcoin.

Use the exchange to trade your newly deposited Bitcoin to Zcoin. The ticker the exchanges use for Bitcoin is BTC. The ticker for Zcoin is XZC. The workflow for Bittrex is as follows.

  1. Log in to Bittrex. Navigate to the BTC-XZC market. Here’s a link.
  2. Choose a Bid Price. Use the “MAX BUY” link. Use the “Buy Zcoin” button.

When the transaction completes your Bitcoin has been exchanged for Zcoin.

Transfer the Zcoin to a personal wallet.

Download and install the Zcoin wallet. (Not the Electrum light version. The regular version.) Open the Zcoin wallet app on your computer and let it finish synchronizing with the Zcoin blockchain. Synchronization takes a while.

To get an address, go to “Receiving addresses…” in the File menu. Either pick an existing address there or create a new one. Send your Zcoin from Bittrex to this address, which is a process very similar to when you sent Bitcoin from Coinbase to Bittrex. The transaction will take a little while to complete.

Make the Zcoin invisible.

Up until now you’ve been visible. Everything above was tied in some way to your identity. But you are about to go anonymous. "Minting" is what the Zcoin folks call it when this transition happens from public to private. So, in the Zcoin wallet app, mint your Zcoin. You might as well mint all of it, even (especially!) if you’re not going to use all of it at once. The minted Zcoin is your bank of invisibility. Keep it around and spend from it when you need to.

Wait a little while before spending the minted Zcoin. Zcoin’s anonymity hinges on the fact that a bunch of indistinguishable spends happen over and over again. Waiting allows those transactions to accumulate.

You can send minted Zcoin directly, but only in whole-number quantities. If you want to send a fractional amount of Zcoin, you’ll first need to send the minted Zcoin back to yourself. To do this, make sure "Spend To Me" is checked. Select the denomination (quantity) and click Spend Zerocoin. You will then have a new Zcoin address, not associated with your previous address, containing Zcoin that has no history. From this address, fractional Zcoin can be sent and the Zcoin that you send is anonymous.

Browse the Web Anonymously

To use websites anonymously, the least one must do is switch to the Tor Browser. Unlike Chrome, Firefox, or Opera, the Tor Browser is built with a primary focus on anonymity. (Skip the VPN. Tor is better.)

If you’re comfortable getting a little more technical, install Tails. Tails is to MacOS what the Tor Browser is to Safari. In other words, Tails is an operating system designed with privacy as its North Star. The difference between using Tails and using just the Tor Browser is a matter for another article. For now, suffice it to say that the Tor Browser may be enough if you trust your own computer. Tails is necessary if you don’t.

Purchase Phitbone Hours

Within the Tor Browser or Tails, navigate to Phitbone. You’ll need to enable JavaScript. Sign up and go to the Purchase page. You’ll see a Zcoin address. From the Zcoin wallet app, send your Zcoin to the address specified. When the transaction completes you’ll see that hours have been added to your balance.

Create an Email Account with Any Service

You can now anonymously use email services even if they require SMS verification. Use the Phitbone hours you purchased to rent a number, then use that number for verification when you’re creating the email account. The SMS verification code will appear on Phitbone’s message page.

Once the account is created, enable 2FA / 2-step authentication. Not the SMS kind. The Authy / Google Authenticator kind. That way, nobody else who rents the same number you rented can access your account. If the service doesn’t support that, have them disable SMS-based password recovery. Another option would be to switch to email verification and create a recovery email with a service that does support non-SMS 2FA.

Always access the email account from the Tor Browser or Tails.

You can use this approach to sign up anonymously for any service that requires SMS verification, not just email services.

--

--

Michael Bosworth

Written by Michael Bosworth

2 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams