Privacy Stacks
Threat-Model StacksIntermediate

Go Dark: The Location and Physical Privacy Kit

A threat-model stack for shutting down the digital side of location tracking — the phone OS, private numbers, network, and payment tools that stop carriers, apps, and data brokers from placing where you are.

July 7, 202625 minutesIntermediate

Go Dark: The Location and Physical Privacy Kit

Your phone broadcasts where you are — to carriers, to the apps in your pocket, and to anyone who buys the data downstream. This stack shuts down the digital side of location tracking.

Who this is for, and what it defends against

This kit is for anyone whose safety or peace of mind depends on not being physically located through their phone: travelers on hostile networks, people leaving a stalker or abuser, journalists protecting a source, and anyone who has found an unwanted tracker.

It defends against four adversaries:

  • Carrier and cell-site logging — the network knows which tower you are near.
  • App-level GPS harvesting — apps that collect and resell your location trail.
  • SIM/IMSI identity linkage — the identifiers that tie a phone number to your legal name.
  • Data brokers — companies that resell your home address and movement history.

What it does not cover, honestly: this is the digital identity and signal layer. Physical tracker sweeping — Faraday enclosures and RF-detection hardware for hidden trackers like AirTags — is a complementary physical layer and is not part of the tool set below. What most people never close is the digital layer, so that is where this stack lives.

Layer 1 — Harden the device that leaks first

Your phone is the sensor. Fix it before anything else.

GrapheneOS

Hardened Android for Pixel devices. Per-app network and sensor permissions let you cut a data-harvesting app off from GPS, Wi-Fi, and the cellular radio entirely — the software equivalent of pulling the antenna. Open-source (GitHub).

CalyxOS

A private Android build that trades some of GrapheneOS's hardening for broader app and device compatibility. Choose this if the apps you depend on will not run cleanly on GrapheneOS. Open-source (GitHub).

Layer 2 — Break the SIM-to-identity link

A SIM ties a number to you. Decouple the two.

Session

Messaging with no phone number and minimal metadata — there is no SIM identity to leak because you never register one. Open-source (GitHub).

MoneroSMS

When a service demands an SMS code, use a private number you paid for with crypto instead of your real SIM. Breaks the number-to-identity link at the source. Accepts crypto.

Crypton.sh

A cloud-hosted physical number you control without handing a carrier your ID — useful for accounts that reject VoIP numbers. GitHub.

Hushed

Disposable numbers you can burn after a single use — the lowest-commitment option when you just need one throwaway line.

Layer 3 — Hide your network location

Mullvad

A no-account VPN — no email, no profile — that hides the IP address apps and sites use to place you. Independently audited. Open-source (GitHub).

Layer 4 — Pay without signing your name to it

A card ties every purchase back to you. Close that loop.

Monero

Pay for numbers, VPNs, and services without a card that links the purchase to your name. Open-source (GitHub).

Privacy.com

Virtual, single-merchant payment cards, so a checkout never sees your real card or billing identity. (US-based accounts.)

MySudo

Bundles masked phone numbers, email, and payment cards under alias identities — a lighter all-in-one if you would rather not assemble the pieces yourself.

Layer 5 — Pull your address off the public record

DeleteMe

Finds and removes your home address and location history from data-broker databases, so the trail cannot simply be bought.

Easy Opt Outs

A cheaper, more hands-on alternative to DeleteMe for the same broker opt-outs.

Where these overlap — and what it costs

Every layer has a friction price. Name it before you buy in.

Choice              Pick for…            Alternative        Cost
─────────────────   ──────────────────   ────────────────   ────────────────
GrapheneOS          maximum hardening    CalyxOS            needs a Pixel
CalyxOS             app compatibility    GrapheneOS         less locked down
Private number      persistent line      Hushed (throwaway) crypto to fund it
Broker removal       hands-off            Easy Opt Outs     DeleteMe costs more

The honest tradeoff across the whole kit: going dark is not free and not frictionless. A hardened OS means giving up some apps. Private numbers mean funding them with crypto. This is prudence, not paranoia — you are choosing where to spend effort to shrink your exposure, not chasing an impossible invisibility.

FAQ

Can a Faraday bag alone stop phone tracking?

A Faraday bag blocks radio signals only while the phone is inside and sealed. The moment it comes out, your SIM, apps, and accounts resume broadcasting. Signal isolation is one physical layer; the durable fix is the digital layer above — a hardened OS, a number not tied to your name, and a network that does not log your IP.

How do I block GPS tracking on my phone?

Start at the operating system. On GrapheneOS or CalyxOS you can revoke location and sensor permissions per app and cut apps off the network entirely, so a data-harvesting app has nothing to collect or send.

What is the most private way to get a phone number?

Use a number that was never issued against your identity. MoneroSMS sells private SMS numbers paid for with crypto, and Crypton.sh provides a controllable cloud number without handing over your ID. For one-time use, Hushed numbers are disposable.

Will a VPN stop cell-tower location tracking?

No. A VPN like Mullvad hides your internet IP address, not your position relative to cell towers — that is carrier-side and tied to the SIM. To reduce cell-site linkage you address the SIM/identity layer, not the network layer.

How do I find a hidden tracker like an AirTag?

That is physical-layer work outside this tool set — it needs RF-detection hardware or a phone's built-in unknown-tracker alerts. This stack closes the digital exposure that lets someone locate you in the first place.

Take this stack with you

Want the complete location privacy stack as a printable checklist — every tool, why it made the list, and the order to set them up? No account. No tracking. We do not track opens, and we never share your address.

Tags

location-privacyphone-trackinggpsmobile-device-privacythreat-model

Build your stack

Browse the vetted directory to compare every tool, or run a free check on your own exposure.