Do eSIMs have any downsides from a privacy standpoint? - eviltoast

Compared to regular SIM cards.

SIMs are easier to swap if needing to switch phone, but I only see this as a convenience. I don’t see why it would be more private.

I have little knowledge on how eSIMs work, but something in the back of my mind, tells me that somehow, eSIMs are bad for privacy :(

Anybody care to share their views on this?

  • Elise@beehaw.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Afaik simcards run a simplified version of Java that has full hardware access and can be updated remotely. I don’t see how it can possibly get any worse than that.

          • Elise@beehaw.org
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Well if it’s anything like the IME then you can disable it on a hardware level, and an OS wouldn’t have any control over it.

      • Elise@beehaw.org
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I’m no expert in the matter however this is what I understand from it.

        Chips like the one in your debit card are fully fledged computers and do run software. When you plug it into something it receives power and interfaces with the other system. That’s why it is secure, because like a pc it can use encryption etc.

        Come to think of it, they must also be able to run with the low power provided by near field transmission, aka contactless payment.

        Anyhoots the same kinda chip is on a simcard.

        As far as I understand it they run a more limited version of Java, has full access to your hardware including being able to read all memory, and being updatable remotely.

        You might also be interested to know that modern hardware commonly has such secondary computers with full access built in. Take the intel management engine for example, which is part of every modern intel cpu. However there are privacy oriented companies that disable these.

        The real question is who has access to these things and what are their interests. It might not necessarily be a malevolent actor. It’s one of the challenges of our time to answer questions related to these topics.

        • morrowind@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yeah I knew about nfc. That’s kinda wild. Didn’t realize it could actually process anything on card.

      • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Nope, they are computers that run a Java-based OS.

        If we want to talk about smartcards in general (contactless, chip-based, dongle-based) some of them only store/retrieve data, some only store a single unchangeble identifier, but others like banking cards & transit cards tend to run a small operating system that you can talk to, and even run applications on.

        With a cheap USB card reader, you can actually interact with the operating system on a chip-based bank card using Linux