Two Birds, One Hotspot: Saving Money while Improving your Mobile Privacy

Or: I Bought a VPN, Stopped the Government from GPS Tracking my Phone, and Still Cut $8/Month off my Phone Bill

A broken SIM card, image by DeviantArt user ishaque87

Phone Plans in Canada are Expensive

Ok, so, here in Canada where I live, cellular plans are expensive.

To demonstrate: in the USA, with unlimited texting and calling, you can get 5GB of data for $14 USD ($18.81 CAD), or 1GB for $9 USD ($12.09 CAD)1, all at 5G speeds.

In Canada, the closest I can get is $24 CAD ($17.87 USD) for 4GB (and only as a special offer, meaning there’ll be some restrictions), or 1GB for $19 CAD ($14.14 USD), both at 4G speeds. If I want 5G, the cheaptest plan I can get is $35 CAD ($26.05 USD) for 15GB.

Data-only plans, which are even cheaper, are simply not available in Canada.

This sounds depressing, right? Well, it is, but there’s hope: everything I’ve just said only applies to SIM-based phone plans.

eSIM

While normal Canadian phone plans are expensive and have a lack of options, there is an alternative: eSIM. eSIM is a type of SIM card that’s embedded as a part of the device, and can be reprogrammed with different SIM information on-the-fly. This means that the restrictions on who can provide service with eSIM are significantly lower, and that increased market means cheaper plans.

To compare to the prices in the previous section, I can get a 5GB plan for $14.25 CAD ($10.61 USD), or 1GB for $3.77 CAD ($2.81 USD).

There are two catches, though:

  1. Only some phones have eSIMs, and you can’t use an eSIM plan on a phone without one
  2. Most Canadian eSIM plans are data-only, so no texting or calling

But, that aside, if your phone has an eSIM, and you only need data, you can find much cheaper plans, with much more granular options, than any SIM plan.

If you want to look for cheap eSIM plans, the site I used was esimdb.

VOIP

“Ok, but what if I do need to text and call people?”

I’m so glad you asked.

VOIP is a group of technologies that allow you to call and receive calls over the internet, and many of them include a real phone number that you can use to make and receive calls and text messages just like you were using a regular phone.

VOIP has several benefits:

Firstly, it’s much cheaper than a regular phone plan. I estimated the cost of a few plans based on my current usage, and found I’d be paying about $1.50/month at my highest usage estimates.

Secondly, VOIP isn’t limited to just your phone: you can send and receive calls and text messages from your desktop, which, for me, would be extremely convenient.

Thirdly, it means you don’t have to transfer your phone number anytime there’s a better deal for your eSIM plan! You can just buy the new plan, activate it, and use the same number immediately!

However, there is a downside:

Many mobile apps and websites require mobile authentication via SMS, and some of those will refuse to send authentication text messages to VOIP numbers.

In some cases, such as with Google, you may have the option to receive an authentication call instead, which should work on VOIP numbers. However, many services don’t have a call-authentication option, so there may be services you simply cannot authenticate with.

However, there is a solution to this potential problem:

A Second, Bare-Bones SIM “Plan”

There are very few bare-bones pay-as-you go plans in Canada that don’t require you to pay monthly, but there is one: 7/11 SpeakOut.

7/11’s SpeakOut service doesn’t have a plan that charges less than monthly, but with a SpeakOut SIM card, you can load a balance (at what I’m lead to believe by outside sources is a $25 minimum) without buying an actual plan, and pay $0.35/minute for calling and $0.20/message for SMS, out of that balance (plus $1.25/month in “regulatory recovery fees”), and the balance doesn’t expire for 365 days!

That means that you can buy a SpeakOut SIM card from a nearby 7/11 for $11.25, top it up for $25, and effectively pay $2/month for the number (not including the cost of the SIM card, which, of course, you only need to buy once). If you top it up before the existing balance expires, you should even be able to roll your remaining balance over into the next year.

For avoiding the potential hassle of not being able to receive authentication text messages, this is pretty cheap - we’re still paying slightly less than we would for the American plans (albeit not for unlimited texting and calling). However, it might not be necessary for you, so it’s up to you if you go with this option.

You could also, I suppose, just use the 7/11 SIM instead of the eSIM and VOIP number, but the voip text/call rates are much cheaper, and this way you get data.

Saving Money

Ok, so if you’re only interested in saving money, this is where you can stop.

Here’s the tl;dr for how to save money on your phone bill:

  • Buy an unlocked phone with an eSIM (the cheapest of which without a contract is the Google Pixel 3a, which costs about $250 at time-of-writing)
    • Cellphones cost a lot of money, so if you don’t actually need a new phone, I’d recommend reading further to Portable Hotspots, since the solution there will cost you much less up-front than almost any phone.
    • You can also buy an “eSIM SIM card” from eSIMme for €24.95 (about $36 CAD), which apparently allows a wider range of previously eSIMles phones to use eSIM plans.
  • Search esimdb for a plan that fits your needs, and buy it
    • Scan the QR code you’re given with your phone and setup the eSIM
  • Sign up for whatever VOIP service is cheapest for you, where you live (for me, that’ll be voip.ms, but they don’t have their own app: see below)
    • Either use whatever app they provide, or sign up with a provider that provides SIP information and use an open-source alternative
  • Optionally, buy a 7/11 SIM card and top it up with $25 yearly (but not an actual plan)
  • Throw away your old SIM card, and rejoice at saving a lot of money on your phone bill
    • In my case, assuming I bought the 7/11 SIM, I’ll have saved about $15/month, which is more than half as much as my old plan cost, total.
      • This is, of course, not counting the one-time costs of $11.25 for the 7/11 SIM itself, and however much the phone/hotspot/eSIMme cost if you didn’t already have one.

Privacy

Alright, but what if you care about your privacy? I care about my privacy.

SIM cards have low-level access to much more of your phone than you might realise:

  • Sure, your provider can spy on your calls and text messages, we all know those aren’t secure (we… do all know that, right?),
    • but what about…
  • Turning your microphone or camera on and recording you without your knowledge?
  • Turning your phone on when you’ve turned it off?
  • What about tracking your every move?

Those are all things that your SIM card can absolutely do2, and you only have your provider’s word that they aren’t doing it - and they’re very cagey on the topic of what data your SIM card is sending them over encrypted channels.

eSIMs… have all of these same problems, and you can’t remove them from your phone.

Now, that’s not a major privacy concern for most people: if you own an Android phone, Google Play Services is constantly sending Google a “seemingly unending stream of user information”, and while Apple might be collecting slightly less data on their users, we mostly only have their word to go on for it.

However, if you want to take your privacy seriously, and you’re already using (or willing to switch to) a non-Apple phone that doesn’t have Google Play Services installed, there is an option:

Portable Hotspots

You know how I said you need a phone with an eSIM to use eSIM plans? Well, that was a lie. Sure, the device you use has to have an eSIM in it, but that doesn’t have to be a phone.

Portable hotspots are effectively tiny routers with SIM card slots. They provide internet to your phone or other devices using a SIM card’s data.

The benefit of a portable hotspot is that instead of having direct access to the low-level systems of your phone, the SIM card only has access to the hotspot, which doesn’t have cameras or microphones, and doesn’t house any of your apps.

Now, there are lots of portable hotspots out there, but we need one with an eSIM.

Not only that, we need one with an eSIM that we can use with any eSIM plan:
Because portable hotspots are simple devices without cameras, you can’t scan a QR code with one to switch the eSIM’s information.

Luckily, while most portable eSIM hotspots are locked to a single provider’s eSIM plans, a Chinese manufacturer by the name of Sunhans or eSunFi3 sells exactly what we’re looking for. Their customer-facing page is a little sparse on details, but their product page on globalsources confirms that it supports most Canadian cellular bands, and can be setup with pretty much any eSIM plan using an app.

The app is not open-source, and may require Google Play Services to work (although I was able to install and run it without, so it may work with just microG). However, you shouldn’t need to keep the app on your phone after setting up the eSIM, and if it doesn’t run on your setup, you can either use the GSpace app (which is free, with some intrusive advertisements in the launcher) or use someone else’s phone to set it up.
If you do use GSpace to set it up, I would recommend also uninstalling GSpace after use, because it does all of the tracking Google Play Services does, just without all the information from direct system-level access.

The device itself, which is apparently called the “SHFiEL40”, is about 3 by 3 inches, and about 3/4 of an inch thick. That’s only slightly larger than my phone, and my phone is smaller than yours. It should be extremely easy to carry around in a purse or pocket, and since we’re using VOIP for texting and calling anyway, you don’t actually need to keep it on you you while you’re at home or otherwise in range of WiFi (which is most of the time, where I live).

So, for privacy, we should use a phone that doesn’t have an eSIM built-in, and then use the SHFiEL40 for our data, instead of the phone itself.

VPN

“Ok,” you say, “but how do we keep the cellular service provider - along with anyone whose public WiFi I use - from snooping on what sites I visit?”

Well, with all the money we’re saving on our phone plans (my calculations have me saving about $17 CAD from my previous plan4), we can afford to spend a little of it on a VPN!

VPNs route all of your traffic through their servers, so no websites can recognise your IP, and no internet providers can see what sites you access.

Bonus: you aren’t limited to using a VPN on just your phone. Most VPNs allow multiple devices per account, so you can use one for your phone, laptop, desktop, and likely at least a few other devices.

Now, of course, the VPN provider can see those things, but, Mullvad requires no personal information to sign up, and can be paid for using, among other things, cryptocurrency5 and cash! This means that your internet activity won’t be readily traceable back to you.

Sunhans/eSunFi claims on another of the company’s websites6 that the SHFiEL40 has a built-in Wireguard VPN (an open-source VPN solution that many companies use), so you should be able to setup Mullvad on the device itself, using the device’s WebUI as described in its manual. According to their help centre, Mullvad supplies preconfigured Wireguard configuration files to customers, so the process should be relatively simple.

There are privacy benefits to having your VPN on an external hotspot, as both Android and iOS devices can and do bypass your VPN settings for some system traffic, so this is a great feature.

Additionally, while Mullvad has a limit of 5 devices connecting at a time, the SHFiEL40 only counts as one device toward that limit, and the SHFiEL40 supports up to 10 devices at a time, so you can theoretically expand the number of devices simultaneously using your account to 14 while using data (if you need that many).

Mullvad only costs €5 ($7.22 CAD right now) per month, so we’ll still be saving plenty of money on our bill.

Saving Money and Improving Your Privacy

Alright, so here’s the tl;dr for those of you who do care about privacy:

  • Make sure your phone doesn’t have an eSIM
  • Either root your phone and uninstall Google Play Services, or install a privacy-oriented ROM onto your phone (such as e/OS, GrapheneOS, or CalyxOS)
  • Sign up for Mullvad
  • Search esimdb for a plan that fits your needs, and buy it
  • Buy the SHFiEL40 from their customer-facing website or from their GlobalSources page (unless another, better or cheaper option has become available after I’ve published this post)
  • Sign up for whatever VOIP service is cheapest for you, where you live (for me, that’ll be voip.ms)
  • Optionally, buy a 7/11 SIM card and top it up with $25 yearly (but not an actual plan)
    • If you’re going the privacy route, you should ideally leave the SIM card out of your phone when you aren’t using it.
  • Enjoy significant savings, and significantly improved privacy
    • The SHFiEL40 costs significantly less than any model of phone that supports eSIM, so the up-front cost will be lower than if you went the money-saving-only route.
      • This is somewhat offset by the fact that the VPN eats into the cost-saving-over-time, so you’ll be saving slightly less money than the cost-saving-only route after about 5 years.

Ok, But What If I Really, Really Care About Privacy?

“Sure, that’s all great, but look at all those purchases! Surely those can be tracked! What if I need the absolute best privacy for my phone?”

I’m so glad you asked!

Here’s the more complicated set of steps that one might take if they’re trying to do this with as little information leakage as possible7:

  • Put on a mask (much more common these days) and sunglasses, as well as a hat to cover your hair if it’s recognisable, and baggy clothing to hide your form (this will be much less weird if you do it in the winter)
  • Go to a convenience store and purchase a prepaid credit card, using cash
    • If you don’t want your purchases to be connected to eachother, buy multiple cards, and use different cards for each online purchase
      • If you really don’t want your purchases connected to eachother, buy them from different convenience stores (this is excessive, even for this section of the guide)
  • Install Linux on your computer, and use it for every subsequent stage of this process
  • Download and install the Tor browser (probably through your package manager, now that you’re using Linux)
  • Go to Mullvad’s website using the Tor browser, and Purchase Mullvad using cash (I’d recommend paying by the year or longer, to make your life easier)
  • Setup Mullvad and use it during every subsequent stage of this process
  • Download a privacy-hardened browser such as Librewolf
  • Download e/OS or CalyxOS
    • e/OS is available on more devices, whereas CalyxOS are limited to a much smaller selection. CalyxOS is a fork of GrapheneOS, but while GrapheneOS is limited to newer Google Pixel devices (all of which have built-in eSIMs), CalyxOS supports the Moto G32, G42, and G52, as well as the Shift6mq and Pixel 3, all of which seem to be eSIM-free.
  • Purchase a new phone supported by the ROM you’ll be using, using one of the prepaid credit cards
    • If you’re- ok, no, if you’re actually following this guide at this point, you definitely care about privacy enough to take weird, excessive steps like this:
    • Set the address to which the phone will be sent to the address of someone who lives near you (and ideally is rarely home)
    • Sign up for email alerts on your package using a temporary email service like GuerrillaMail
    • Request that the package is left in front of the front door
    • When you receive an email alert for the package, wait near the address you sent it to, and after the delivery vehicle leaves, “steal” your package
    • Gloat at how extremely private you’re being
  • Flash the new ROM onto your new phone
  • Search esimdb for a plan that fits your needs, and buy it using a prepaid credit card (and a private or temporary email address, if it requires one)
  • Sign up for whatever VOIP service is cheapest for you (for me, that’ll be voip.ms), using a prepaid credit card and a private email account
    • Make sure you sign up with a provider that provides SIP information, so you can use an open-source SIP app
    • Private email is actually not trivial, but my best recommendation at the moment is cock.li, which is apparently no longer invite-only. Use a separate email address for every account.
  • Buy the SHFiEL40 from their GlobalSources page using a prepaid credit card and a temporary email address
    • Again, if you’re going the absurdly privacy-scrupulous route, send the package to someone else’s address and “steal” it
  • Using your old phone, or the phone of someone else you know, install the app, and setup your eSIM plan with the SHFiEL40
  • Setup Mullvad on the SHFiEL40, likely using the Wireguard configuration files that Mullvad supplies
  • Feel like a badass, until you realise that most of this was probably unnecessary unless you’re actually on-the-run from one or more governments.
  • Still end up saving money, even if you’ve probably wasted a lot of time.

Future Updates

So, if you hadn’t guessed from some of my wording, I haven’t actually tried this yet. I’ve done all the research, and all the numbers work out, but this has seen zero real-world testing.

However, I like saving money, and I like improving my privacy (though perhaps not enough to follow all of the steps in the previous section), so I do intend to try this out! So, I’ll be purchasing the SHFiEL40 sometime in the next few days, and I’ll post updates (and likely update this post as well) with how it goes!

If this works out, I should end up spending noticeably less money on my phone bill. Not only is this good for me, but I’d argue that giving less money to Canadian telecom companies is a direct moral good: everybody wins!

Update 1: 911

It seems that maybe I was mistaken about needing a SIM to call 911 in Canada, so I’ve removed any references to that.


  1. I’ve heard tell of 1GB unlimited call/text plans for as low as $5.50 USD, but wasn’t able to confirm those. You can probably find cheaper than I did if you look harder, but I don’t live in the USA, so I didn’t have much incentive to look very hard.
  2. And the last of them - constantly tracking your location - it definitely is doing, because that’s a necessary part of connecting you to the cellular network.
  3. In my experience, a Chinese tech company going by multiple names is extremely common, and not particularly a red flag.
  4. This is actually an introductory offer I don’t qualify for: my plan is actually this one with a permanent free +2GB of data.
    You’ll notice that this is slightly more expensive and noticeably slower than the introductory offer, with less data: this is one of the many reasons I hate introductory offers.
  5. Most cryptocurrency exchanges require personal information to sign up, and can be traced extremely easily, so I’d recommend either using cash, figuring out how to buy cryptocurrency without an exchange (which is more work), or using Monero, which has measures in place which make it much more difficult to trace purchases.
  6. Really, I swear, this is just what Chinese tech companies are like.
  7. Some of these steps are rather excessive, but I might actually try out some of the less-excessive parts, just for fun.
Check out my friends!