A new research study reveals vast majority of travel e-sim providers like Airalo and Holafly could route your traffic through Chinese-owned servers. Often, this happens regardless of your physical location; you do not need to be in China for this to happen.
Researchers from Northeastern University tested dozens of popular eSIM services and discovered that user traffic frequently passes through Chinese infrastructure, regardless of the customer’s actual location.
These e-sim resellers are not regulated at all. Not only is it easy for someone to start a similar travel e-sim business, they also gain substantial access to your personal information.
eSIM resellers gain extensive access to user data, including International Mobile Subscriber Identity (IMSI) numbers, and in one case, device location information accurate to within 800 metres, along with the ability to send SMS messages directly to users.
With the Pixel 10 and iPhone set to ditch the physical SIM cards, is there a way for someone to reliably obtain travel e-sims without going through these third-party resellers?
I recently tested a dirt-cheap eSIM here in the US, which routed my internet through Hong Kong. Some websites that are not blocked in the USA were blocked as if I was in HK. Weird.
Are these worse than traditional cell providers given this? The location information based on the Telnyx screenshot in the paper appears to be incredibly imprecise, and traditional cell providers can see location info as well. I guess you could argue that there are more parties involved handling your location data with the esims, but many esim companies allow you to sign up with essentially no personal information unlike traditional providers. I feel that this offsets a lot of the concerns.
The only new potentially worrisome info here seems to be that traffic is sometimes routed through foreign countries which you may trust less than your own, and the general lack of regulatory limitations on who can create one of these providers. But I’m not sure this is enough to convince me that traditional cell service providers are better from a privacy perspective. If you’re worried about traffic being routed through China, just check your ip address and ping or use a VPN. And at least here in the US, there’s barely any regulatory oversight over traditional providers as well.