Every time you connect to the internet, you're leaking information. Your IP address, your DNS queries, your metadata—it's all visible to someone. The question isn't whether you're being watched, but who's watching and what they're doing with that data.

In this guide, we're going deep on network privacy. I'll show you how your phone tracks you, why encryption isn't the silver bullet people think it is, and how to set up a more secure network stack.

Your Phone Is a Tracking Device You Carry Everywhere

Let's start with your phone. That device in your pocket? It's a surveillance tool that happens to make calls. Your mobile carrier—and anyone with access to cell tower data—can track your every move.

Here's how it works. Every time your phone connects to a cell tower, it broadcasts several identifiers:

• IMEI — Your phone's unique hardware serial number. Permanent. Tied to the device forever.
• IMSI — Your SIM card identifier. Tied to your carrier account and phone number.
• TMSI — A "temporary" ID that's supposed to rotate, but implementation varies.
• MAC address — Used by WiFi and Bluetooth. Modern OSes can randomize this, but not all do.

Your carrier sees your IMSI/IMEI every time you connect. They know your phone number (linked to your IMSI). They can triangulate your position using cell towers. They log every call, every SMS, metadata on who you contacted and when.

The uncomfortable truth: your identity is tied to your SIM (IMSI) and your device (IMEI). Anyone with access to cell network infrastructure can track you. That's your carrier, law enforcement, and potentially hackers with the right equipment.

What Can You Do?

• Use GrapheneOS or a hardened mobile OS
• Turn off your phone when you're not using it
• Use airplane mode in sensitive situations
• Consider a Faraday bag (signal-blocking pouch) for truly sensitive scenarios

Encryption Isn't Enough—Here's Why

Here's something that surprises most people: using HTTPS doesn't make you anonymous. I know, I know—your browser shows that little lock icon. You're "secure." But let's unpack what encryption actually protects and what it doesn't.

What encryption hides:

• The actual content of your HTTPS traffic
• Form data and passwords
• File contents

What encryption doesn't hide:

• Your IP address (visible to every server you connect to)
• Domain names via SNI (Server Name Indication)—that lock icon doesn't hide which site you're visiting
• DNS queries (unless you're using encrypted DNS)
• Metadata: who, when, how much data, how long

Your carrier knows your IMEI/IMSI, which ties to your phone number, which ties to you. They see every IP address you connect to. They can correlate traffic timestamps with your subscriber account. They can hand all of this over with a subpoena—or sell it to advertisers.

The math behind encryption is solid. But metadata can still identify you even if the content is encrypted. This is the uncomfortable truth of network privacy.

ISP vs VPN: Who Should You Trust?

This is a fundamental question of privacy architecture. You're shifting trust either way. Let's be clear about what each party can see.

Your ISP sees:

• All unencrypted traffic (HTTP, DNS in plaintext)
• Every domain you visit (DNS queries)
• Metadata: who, when, how much, how long
• Your real IP address
• Your home address (subscriber info)
• They can sell your data to advertisers
• They must comply with government surveillance requests

A reputable VPN like Mullvad sees:

• Only encrypted traffic (can't read it)
• Connection to their server (not your real IP)
• No logs by policy (verified by audit)
• No connection to your identity (anonymous account, no email required)
• Swedish jurisdiction (strong privacy laws)

You're shifting trust from your ISP to a VPN. But you're shifting to a service specifically designed for privacy, not one whose business model is surveillance and data monetization.

Hotspot Security: Phone vs Laptop

If you're running a Linux laptop and want cellular internet, here's the key insight: use your GrapheneOS phone as the gateway, not the other way around.

Here's why:

• GrapheneOS is a hardened OS with minimal attack surface
• Your phone acts as a security gateway between the cellular network and your laptop
• Linux desktop has more running services, more attack surface
• Phone sandboxing isolates network traffic better

Keep your laptop off cellular networks entirely. Let your hardened phone handle that exposure. Your laptop connects to your phone via USB—simpler, more secure.

Direct Tethering vs Router: Keep It Simple

I've seen people set up elaborate configurations: phone → router → laptop. Here's the uncomfortable truth: you're adding complexity, not security.

• USB tethering is more secure than using a router
• Fewer devices in the chain means smaller attack surface
• USB is a controlled, wired interface
• Adding a DD-WRT router adds firmware vulnerabilities you need to manage
• WiFi exposure—even if your laptop uses ethernet, the router is broadcasting

The phone is already your security gateway. Adding a router between phone and laptop doesn't strengthen that—it extends the attack surface.

The Bigger Picture

Network privacy isn't about achieving perfection. There's no such thing as perfect security. It's about making yourself a harder target.

Most surveillance is automated. Mass collection systems grab everything they can. If your traffic is encrypted and routed through a VPN, you bounce off those automated systems. A human has to specifically target you to read your messages.

That's the difference between mass surveillance and targeted surveillance. That's the difference between being data and being a person.

Start with one change. Use your phone as a hotspot instead of your laptop. Set up a VPN. Enable encrypted DNS. Every step reduces your attack surface.

The goal isn't perfection. The goal is progress.