Cape.co alters a user’s IMSI daily, which helps to cover the IMEI. It’s a telco started by one of the old heads at CalyxOS and their main focus is “defense in depth.” But after the $30 initial month promo, it’s $99/month. However, the layers of protection they provide to obfuscate their customers maybe worth it, depending on your threat model. Here’s a fantastic interview they did with TheHatedOne: https://inv.nadeko.net/watch?v=ZsHZSbNu3CE

Yup, tracking mobiles from towers is a transmitter level vulnerability, pretty unavoidable (although gOS airplane mode and some other airplane modes actually works against this) if you’re using the network. Maybe open hardware at the modem level would give an option to spoof, but that doesn’t exist in the wild to my knowledge.

The article goes deeper into persistent international (state level threat operators, SLOs) tracking, and it’s actually somewhat reassuring in so much as they need to use SMS exploits to embed trackers (so gOS updating the image every week or so would likely bork it as described if a rootkit is not available). Paranoia suggests this is well below the actual capabilities of the SLOs but you do what you can. If there’s a significant threat to life or liberty, leave the phone at home. If your threat model also includes international usage (wherein these exploits exist), burner at each country.

Disclaimer : I am not an expert, just a rando interested in liberty.