Lmst

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

@generalx @LaF0rge yes I am aware of @PeterCxy 's developments.

I did also found competing options when it comes to managing #eSIMs on COTS #eSimCards"...

@LaF0rge yeah, that I did figure out with the whole #GSMA signing chain.

The few "vendor independent" options I've seen were mere eSIM management tools at the LPA / LPAC level and subsequent #Apps from companies that sell #eSIMcards (aka. #eSIM in Triple-#SIM form factor) like #5ber, #EIOTCLUB, #9e and others...

These do in fact work and I guess having something like lpa-gtk that can be remotely told to deploy/switch eSIMs is the closest to what I'm looking for that will be possible in the walled maze that GSMA forces everyone to walk through as they don't allow people to roll their own CI/CA and exercise control.

Granted as you hinted in your talk the reliance on having public internet access kinda defeats the purpose of a WWAN connectivity like 5G/4G/3G/2G so at best it allows for dynamically (with interruption) switch between eSIMs based off the current traffic pattern (i.e. from a narrowband flatrate or no base rate pay-as-you-go to a broadband flatrate or cheaper per-traffic plan).

Fortunately I don't even need like legacy services like Voice/SMS and a phone number so it's easy to obtain eSIMs for that which neither expire nor incure standby fees.

@Germo The problem I have is that #eSIM restricts my #FreedomOfChoice re: #Devices.

Yes, I do use multiple devices and I want to be able to pick them freely.

Same with #eSIM: I can put that on a #SIM #Card *but I can't swap the soldered-down #Chip!

#Fairphone could've offered / included an #eSIMcard (yes, these do exist!) and thus solved the entire issue: offering #eSIM & #DualSIM without the need of a #TripleSIM-capable #Baseband!

And yes, I routinely use #eSIMcards because I get the #freedom and #flexibility of choice, because it's noone's business which #device I use Which #plans on!

And whilst courts in #Germany ruled it's illegal to charge for #DeciceSwaps re: #eSIMs, that is only enforceable against #MNO|s & #MVNO|s from #Germany!

Plus many plans I want to use and/or help people to setup are #SIMonly and not available as #eSIM (i.e. #netzclub)...

No, eSIM is NOT a sufficient replacement even by the sheer fact that most of my devices can't even manage an eSIM Card unless that would he possible just with #ICCDcodes and *"#SIMtoolkit" / embedded Firmware on the #SIMcard!

I dare you to try to deploy an #eSIM on a #2Gonly #StupidPhone whereas a regular SIM can just be chugged in!

#eSIMcards

Client Info