I like blogs. I like them a lot.

One of the things I like the most about blogs is that I don’t have to read them in my browser! Sure, frequently I do, so I can see the nice formatting you put so much work into, but, just as often, I’ll read them in my RSS reader.
With an RSS reader, I can subscribe to your blog, get updated whenever you post something new, and keep track of exactly what posts I’ve read!

However, unfortunately, most blogs and feed generators, by default, only put the newest 10-or-so posts in the RSS feeds! This means that I don’t have a local copy of your old posts and I can’t easily keep track of which posts I’ve read!

I recently ran across a random blog while looking into Gemini protocol stuff (I’m considering mirroring this site on Gemini and ActivityPub), and I was delighted to see, upon adding it to my feed reader, all 105 posts listed right there! You should do this! It’s great!

Additionally, many blogs will only include some of the post’s content in their feed! So in many cases, I can have the backlog, and I can keep track of what I’ve read, and I can get notified of new posts, but I can’t read posts offline! This is even more annoying for webcomics (most of which also have RSS feeds), because most of them will include a thumbnail version of the comic, instead of the actual comic! Infuriating!

Hugo, the static-site generator I use for this blog, has no feed length limit by default. However, by default, the feeds it generates only contain post summaries. Awful!

So, this is a call-to-action. If you run a blog, and the software/service you use has any option to include full content in your feeds, and not limit those feeds’ lengths, please turn those options on!
If you run a blog, and your software doesn’t have those options, consider switching to something that does. I get it if you have reasons for using whatever you use, but consider making this a reason why you’d prefer to switch. If it’s a small platform, also consider reaching out to the developers and asking for this option.

Or: I Bought a VPN, Stopped the Government from GPS Tracking my Phone, and Still Cut $8/Month off my Phone Bill

Phone Plans in Canada are Expensive

Ok, so, here in Canada where I live, cellular plans are expensive.

To demonstrate: in the USA, with unlimited texting and calling, you can get 5GB of data for $14 USD ($18.81 CAD), or 1GB for $9 USD ($12.09 CAD)¹, all at 5G speeds.

In Canada, the closest I can get is $24 CAD ($17.87 USD) for 4GB (and only as a special offer, meaning there’ll be some restrictions), or 1GB for $19 CAD ($14.14 USD), both at 4G speeds. If I want 5G, the cheaptest plan I can get is $35 CAD ($26.05 USD) for 15GB.

Data-only plans, which are even cheaper, are simply not available in Canada.

This sounds depressing, right? Well, it is, but there’s hope: everything I’ve just said only applies to SIM-based phone plans.

eSIM

While normal Canadian phone plans are expensive and have a lack of options, there is an alternative: eSIM. eSIM is a type of SIM card that’s embedded as a part of the device, and can be reprogrammed with different SIM information on-the-fly. This means that the restrictions on who can provide service with eSIM are significantly lower, and that increased market means cheaper plans.

To compare to the prices in the previous section, I can get a 5GB plan for $14.25 CAD ($10.61 USD), or 1GB for $3.77 CAD ($2.81 USD).

There are two catches, though:

1. Only some phones have eSIMs, and you can’t use an eSIM plan on a phone without one
2. Most Canadian eSIM plans are data-only, so no texting or calling

But, that aside, if your phone has an eSIM, and you only need data, you can find much cheaper plans, with much more granular options, than any SIM plan.

If you want to look for cheap eSIM plans, the site I used was esimdb.

VOIP

“Ok, but what if I do need to text and call people?”

I’m so glad you asked.

VOIP is a group of technologies that allow you to call and receive calls over the internet, and many of them include a real phone number that you can use to make and receive calls and text messages just like you were using a regular phone.

VOIP has several benefits:

Firstly, it’s much cheaper than a regular phone plan. I estimated the cost of a few plans based on my current usage, and found I’d be paying about $1.50/month at my highest usage estimates.

Secondly, VOIP isn’t limited to just your phone: you can send and receive calls and text messages from your desktop, which, for me, would be extremely convenient.

Thirdly, it means you don’t have to transfer your phone number anytime there’s a better deal for your eSIM plan! You can just buy the new plan, activate it, and use the same number immediately!

However, there is a downside:

Many mobile apps and websites require mobile authentication via SMS, and some of those will refuse to send authentication text messages to VOIP numbers.

In some cases, such as with Google, you may have the option to receive an authentication call instead, which should work on VOIP numbers. However, many services don’t have a call-authentication option, so there may be services you simply cannot authenticate with.

However, there is a solution to this potential problem:

A Second, Bare-Bones SIM “Plan”

There are very few bare-bones pay-as-you go plans in Canada that don’t require you to pay monthly, but there is one: 7/11 SpeakOut.

7/11’s SpeakOut service doesn’t have a plan that charges less than monthly, but with a SpeakOut SIM card, you can load a balance (at what I’m lead to believe by outside sources is a $25 minimum) without buying an actual plan, and pay $0.35/minute for calling and $0.20/message for SMS, out of that balance (plus $1.25/month in “regulatory recovery fees”), and the balance doesn’t expire for 365 days!

That means that you can buy a SpeakOut SIM card from a nearby 7/11 for $11.25, top it up for $25, and effectively pay $2/month for the number (not including the cost of the SIM card, which, of course, you only need to buy once). If you top it up before the existing balance expires, you should even be able to roll your remaining balance over into the next year.

For avoiding the potential hassle of not being able to receive authentication text messages, this is pretty cheap - we’re still paying slightly less than we would for the American plans (albeit not for unlimited texting and calling). However, it might not be necessary for you, so it’s up to you if you go with this option.

You could also, I suppose, just use the 7/11 SIM instead of the eSIM and VOIP number, but the voip text/call rates are much cheaper, and this way you get data.

Saving Money

Ok, so if you’re only interested in saving money, this is where you can stop.

Here’s the tl;dr for how to save money on your phone bill:

• Buy an unlocked phone with an eSIM (the cheapest of which without a contract is the Google Pixel 3a, which costs about $250 at time-of-writing)
  • Cellphones cost a lot of money, so if you don’t actually need a new phone, I’d recommend reading further to Portable Hotspots, since the solution there will cost you much less up-front than almost any phone.
  • You can also buy an “eSIM SIM card” from eSIMme for €24.95 (about $36 CAD), which apparently allows a wider range of previously eSIMles phones to use eSIM plans.
• Search esimdb for a plan that fits your needs, and buy it
  • Scan the QR code you’re given with your phone and setup the eSIM
• Sign up for whatever VOIP service is cheapest for you, where you live (for me, that’ll be voip.ms, but they don’t have their own app: see below)
  • Either use whatever app they provide, or sign up with a provider that provides SIP information and use an open-source alternative
• Optionally, buy a 7/11 SIM card and top it up with $25 yearly (but not an actual plan)
• Throw away your old SIM card, and rejoice at saving a lot of money on your phone bill
  • In my case, assuming I bought the 7/11 SIM, I’ll have saved about $15/month, which is more than half as much as my old plan cost, total.
    • This is, of course, not counting the one-time costs of $11.25 for the 7/11 SIM itself, and however much the phone/hotspot/eSIMme cost if you didn’t already have one.

Privacy

Alright, but what if you care about your privacy? I care about my privacy.

SIM cards have low-level access to much more of your phone than you might realise:

• Sure, your provider can spy on your calls and text messages, we all know those aren’t secure (we… do all know that, right?),
  • but what about…
• Turning your microphone or camera on and recording you without your knowledge?
• Turning your phone on when you’ve turned it off?
• What about tracking your every move?

Those are all things that your SIM card can absolutely do², and you only have your provider’s word that they aren’t doing it - and they’re very cagey on the topic of what data your SIM card is sending them over encrypted channels.

eSIMs… have all of these same problems, and you can’t remove them from your phone.

Now, that’s not a major privacy concern for most people: if you own an Android phone, Google Play Services is constantly sending Google a “seemingly unending stream of user information”, and while Apple might be collecting slightly less data on their users, we mostly only have their word to go on for it.

However, if you want to take your privacy seriously, and you’re already using (or willing to switch to) a non-Apple phone that doesn’t have Google Play Services installed, there is an option:

Portable Hotspots

You know how I said you need a phone with an eSIM to use eSIM plans? Well, that was a lie. Sure, the device you use has to have an eSIM in it, but that doesn’t have to be a phone.

Portable hotspots are effectively tiny routers with SIM card slots. They provide internet to your phone or other devices using a SIM card’s data.

The benefit of a portable hotspot is that instead of having direct access to the low-level systems of your phone, the SIM card only has access to the hotspot, which doesn’t have cameras or microphones, and doesn’t house any of your apps.

Now, there are lots of portable hotspots out there, but we need one with an eSIM.

Not only that, we need one with an eSIM that we can use with any eSIM plan:
Because portable hotspots are simple devices without cameras, you can’t scan a QR code with one to switch the eSIM’s information.

Luckily, while most portable eSIM hotspots are locked to a single provider’s eSIM plans, a Chinese manufacturer by the name of Sunhans or eSunFi³ sells exactly what we’re looking for. Their customer-facing page is a little sparse on details, but their product page on globalsources confirms that it supports most Canadian cellular bands, and can be setup with pretty much any eSIM plan using an app.

The app is not open-source, and may require Google Play Services to work (although I was able to install and run it without, so it may work with just microG). However, you shouldn’t need to keep the app on your phone after setting up the eSIM, and if it doesn’t run on your setup, you can either use the GSpace app (which is free, with some intrusive advertisements in the launcher) or use someone else’s phone to set it up.
If you do use GSpace to set it up, I would recommend also uninstalling GSpace after use, because it does all of the tracking Google Play Services does, just without all the information from direct system-level access.

The device itself, which is apparently called the “SHFiEL40”, is about 3 by 3 inches, and about 3/4 of an inch thick. That’s only slightly larger than my phone, and my phone is smaller than yours. It should be extremely easy to carry around in a purse or pocket, and since we’re using VOIP for texting and calling anyway, you don’t actually need to keep it on you you while you’re at home or otherwise in range of WiFi (which is most of the time, where I live).

So, for privacy, we should use a phone that doesn’t have an eSIM built-in, and then use the SHFiEL40 for our data, instead of the phone itself.

VPN

“Ok,” you say, “but how do we keep the cellular service provider - along with anyone whose public WiFi I use - from snooping on what sites I visit?”

Well, with all the money we’re saving on our phone plans (my calculations have me saving about $17 CAD from my previous plan⁴), we can afford to spend a little of it on a VPN!

VPNs route all of your traffic through their servers, so no websites can recognise your IP, and no internet providers can see what sites you access.

Bonus: you aren’t limited to using a VPN on just your phone. Most VPNs allow multiple devices per account, so you can use one for your phone, laptop, desktop, and likely at least a few other devices.

Now, of course, the VPN provider can see those things, but, Mullvad requires no personal information to sign up, and can be paid for using, among other things, cryptocurrency⁵ and cash! This means that your internet activity won’t be readily traceable back to you.

Sunhans/eSunFi claims on another of the company’s websites⁶ that the SHFiEL40 has a built-in Wireguard VPN (an open-source VPN solution that many companies use), so you should be able to setup Mullvad on the device itself, using the device’s WebUI as described in its manual. According to their help centre, Mullvad supplies preconfigured Wireguard configuration files to customers, so the process should be relatively simple.

There are privacy benefits to having your VPN on an external hotspot, as both Android and iOS devices can and do bypass your VPN settings for some system traffic, so this is a great feature.

Additionally, while Mullvad has a limit of 5 devices connecting at a time, the SHFiEL40 only counts as one device toward that limit, and the SHFiEL40 supports up to 10 devices at a time, so you can theoretically expand the number of devices simultaneously using your account to 14 while using data (if you need that many).

Mullvad only costs €5 ($7.22 CAD right now) per month, so we’ll still be saving plenty of money on our bill.

Saving Money and Improving Your Privacy

Alright, so here’s the tl;dr for those of you who do care about privacy:

• Make sure your phone doesn’t have an eSIM
• Either root your phone and uninstall Google Play Services, or install a privacy-oriented ROM onto your phone (such as e/OS, GrapheneOS, or CalyxOS)
• Sign up for Mullvad
• Search esimdb for a plan that fits your needs, and buy it
• Buy the SHFiEL40 from their customer-facing website or from their GlobalSources page (unless another, better or cheaper option has become available after I’ve published this post)
  • Setup the eSIM on the SHFiEL40 using the app
  • Setup Mullvad on the SHFiEL40, likely using the Wireguard configuration files that Mullvad supplies
• Sign up for whatever VOIP service is cheapest for you, where you live (for me, that’ll be voip.ms)
  • Make sure you sign up with a provider that provides SIP information, so you can use an open-source SIP app
• Optionally, buy a 7/11 SIM card and top it up with $25 yearly (but not an actual plan)
  • If you’re going the privacy route, you should ideally leave the SIM card out of your phone when you aren’t using it.
• Enjoy significant savings, and significantly improved privacy
  • The SHFiEL40 costs significantly less than any model of phone that supports eSIM, so the up-front cost will be lower than if you went the money-saving-only route.
    • This is somewhat offset by the fact that the VPN eats into the cost-saving-over-time, so you’ll be saving slightly less money than the cost-saving-only route after about 5 years.

Ok, But What If I Really, Really Care About Privacy?

“Sure, that’s all great, but look at all those purchases! Surely those can be tracked! What if I need the absolute best privacy for my phone?”

I’m so glad you asked!

Here’s the more complicated set of steps that one might take if they’re trying to do this with as little information leakage as possible⁷:

• Put on a mask (much more common these days) and sunglasses, as well as a hat to cover your hair if it’s recognisable, and baggy clothing to hide your form (this will be much less weird if you do it in the winter)
• Go to a convenience store and purchase a prepaid credit card, using cash
  • If you don’t want your purchases to be connected to eachother, buy multiple cards, and use different cards for each online purchase
    • If you really don’t want your purchases connected to eachother, buy them from different convenience stores (this is excessive, even for this section of the guide)
• Install Linux on your computer, and use it for every subsequent stage of this process
  • If all you care about is privacy, you should use Tails or Qubes, otherwise I’d recommend Ubuntu (or one of its spins), or an arch spin like EndeavourOS
• Download and install the Tor browser (probably through your package manager, now that you’re using Linux)
• Go to Mullvad’s website using the Tor browser, and Purchase Mullvad using cash (I’d recommend paying by the year or longer, to make your life easier)
• Setup Mullvad and use it during every subsequent stage of this process
• Download a privacy-hardened browser such as Librewolf
• Download e/OS or CalyxOS
  • e/OS is available on more devices, whereas CalyxOS are limited to a much smaller selection. CalyxOS is a fork of GrapheneOS, but while GrapheneOS is limited to newer Google Pixel devices (all of which have built-in eSIMs), CalyxOS supports the Moto G32, G42, and G52, as well as the Shift6mq and Pixel 3, all of which seem to be eSIM-free.
• Purchase a new phone supported by the ROM you’ll be using, using one of the prepaid credit cards
  • If you’re- ok, no, if you’re actually following this guide at this point, you definitely care about privacy enough to take weird, excessive steps like this:
  • Set the address to which the phone will be sent to the address of someone who lives near you (and ideally is rarely home)
  • Sign up for email alerts on your package using a temporary email service like GuerrillaMail
  • Request that the package is left in front of the front door
  • When you receive an email alert for the package, wait near the address you sent it to, and after the delivery vehicle leaves, “steal” your package
  • Gloat at how extremely private you’re being
• Flash the new ROM onto your new phone
• Search esimdb for a plan that fits your needs, and buy it using a prepaid credit card (and a private or temporary email address, if it requires one)
• Sign up for whatever VOIP service is cheapest for you (for me, that’ll be voip.ms), using a prepaid credit card and a private email account
  • Make sure you sign up with a provider that provides SIP information, so you can use an open-source SIP app
  • Private email is actually not trivial, but my best recommendation at the moment is cock.li, which is apparently no longer invite-only. Use a separate email address for every account.
• Buy the SHFiEL40 from their GlobalSources page using a prepaid credit card and a temporary email address
  • Again, if you’re going the absurdly privacy-scrupulous route, send the package to someone else’s address and “steal” it
• Using your old phone, or the phone of someone else you know, install the app, and setup your eSIM plan with the SHFiEL40
• Setup Mullvad on the SHFiEL40, likely using the Wireguard configuration files that Mullvad supplies
• Feel like a badass, until you realise that most of this was probably unnecessary unless you’re actually on-the-run from one or more governments.
• Still end up saving money, even if you’ve probably wasted a lot of time.

Future Updates

So, if you hadn’t guessed from some of my wording, I haven’t actually tried this yet. I’ve done all the research, and all the numbers work out, but this has seen zero real-world testing.

However, I like saving money, and I like improving my privacy (though perhaps not enough to follow all of the steps in the previous section), so I do intend to try this out! So, I’ll be purchasing the SHFiEL40 sometime in the next few days, and I’ll post updates (and likely update this post as well) with how it goes!

If this works out, I should end up spending noticeably less money on my phone bill. Not only is this good for me, but I’d argue that giving less money to Canadian telecom companies is a direct moral good: everybody wins!

Update 1: 911

It seems that maybe I was mistaken about needing a SIM to call 911 in Canada, so I’ve removed any references to that.

Update 2: Initial Impressions

Everything has arrived!

Porting my old phone number to the VOIP plan took a little longer than I was expecting, because I missed the confirmation text the first time. Unfortunate, and that meant it took long enough to transfer that it rolled over into the next month (I had started late in the month, to get the most of the last month I’d already paid for with my old provider). I was able to preemptively switch my old plan to renew on their cheapest plan, but that’s still $15 extra in initial costs I wasn’t planning on spending.

The VOIP plan itself is working extremely well, except that the app I want to use (Linphone) has issues with the somewhat-nonstandard way the provider I chose (voip.ms, and apparently literally just them) handles SMS messages. There’s a setting to still show the incoming messages despite that issue (disable Chat>Hide chat rooms from removed accounts), but it does still group incoming messages separately from outgoing ones. This is definitely fixable by either switching SIP apps or VOIP providers, but it’s still annoying.

The eSIM plan I was looking at apparently has really poor-quality service, so I’m currently on one that’s about $13 CAD, instead of the $7 I was expecting (for 3GB/month). Luckily, it’s very easy for me to switch the eSIM plan for a cheaper one when I find a better deal.

I have not yet gotten around to purchasing or setting-up the VPN plan.

The eSIM router was relatively easy to setup, although the app did not function without Google Play Services or GSpace.

Because the router is on a limited data plan, it’s a good idea to set it as a “metered connection” in your phone’s WiFi settings. This will make your phone prefer other, non-metered networks over the hotspot, so you can avoid accidentally using more data than you intended to.

The router has a 3060mAh battery, which will generally last it about as long as my phone (with a similar battery capacity) will. However, while the router itself is generally pretty simple to use, it requires me to login to its webui to enable cellular data every time after restarting it. Additionally, the webui login interface is inexplicably broken on mobile (even in browser desktop mode). This makes it very difficult to save power by turning the device off while not in use.

However, I’m smart, and the router’s security isn’t particularly complex, soooo:

Fixing The Annoying Issue with the eSIM Router

I watched my network traffic through the browser tools while logging into the router’s interface and while enabling the data connection. Turns out, it’s very simple!

• Both actions send an HTTP POST request to a specific path in the router interface’s ip (http://192.168.0.1/cgi-bin/ajax_get.cgi).
• The only piece of data that matters in either is the content value, which is html-encoded xml data.
• The login request sends the following (non-html-encoded, so you can read it more easily - except for %01, because that won’t print right in this context): which_ajax=api/user/login%01xmldata=<?xml version="1.0" encoding="UTF-8"?><request><Username>USERNAME</Username><Password>PASSWORD</Password></request> (obviously with my username and password replaced with the strings USERNAME and PASSWORD).
• The request to enable the data sends which_ajax=api/dialup/mobile-dataswitch\u0001xmldata=<?xml version=\"1.0\" encoding=\"UTF-8\"?><request><dataswitch>1</dataswitch></request>.

So, all I need is something that’ll let me easily send HTTP POST requests from my phone - ideally from somewhere convenient like my homescreen.

Something that’ll let me easily send HTTP POST requests from my phone’s homescreen.

Oh, great! And it’s open-source!
So then, we open that app, and create three shortcuts:

• First, a “Regular HTTP Shortcut” with the POST method and the http://192.168.0.1/cgi-bin/ajax_get.cgi URL, a body value of which_ajax%3Dapi%2Fuser%2Flogin%01xmldata%3D%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%3Crequest%3E%3CUsername%3E<<YOUR_USERNAME>>%3C%2FUsername%3E%3CPassword%3E<<YOUR_PASSWORD>>%3C%2FPassword%3E%3C%2Frequest%3E, a content type of text/xml, and “Response Handling” options that aren’t too intrusive (I went with toast popups on failue).
• Second another “Regular HTTP Shortcut”, with the same method, URL, content type, and response-handling options, but with a body value of which_ajax%3Dapi%2Fdialup%2Fmobile-dataswitch%01xmldata%3D%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%3Crequest%3E%3Cdataswitch%3E1%3C%2Fdataswitch%3E%3C%2Frequest%3E.
• Last, a “Multi-Shortcut” with both of the previous shortcuts.
• Now just add the widget to your homescreen, and after whenever you connect to the hotspot, click that button to enable it!

Great! Problem solved!

Overall, there have definitely been some hurdles, but it’s looking like there’s only one minor one left to overcome (the SMS issue), and then I should be issue-free!

See you in the next update!

Hiii! So, I’ve finally added comments to this thing!

That’s right, no more will you have to message me personally if you have thoughts about mine!
Now, we can discuss my posts in public, with everyone! What fun!

Please note that alternate-language versions of posts have their own, separate, comments sections.

I’m immensely looking forward to talking to you!