Using existing phone number without (e)SIM?

I’m new to this forum, so I’m sorry if I’m doing something wrong here, but I had something on mind I really wanted some opinions on…
So I’ve been exploring the idea of using my phone without (or with limited) cellular connectivity, and that got me down a rabbit hole of wondering how I can get contacted if my phone’s cellular connection is disabled (Just for the record, I would be using GOS with airplane mode).

In my country (Norway), I am practically required to have a phone number mainly for public or financial services, and it’s important that I can be reached by phone calls.
I tried exploring some similar topics here, but a lot of it isn’t available in Norway, or makes me question the reliability…

What I really want to know is what my options could be here?
Obviously there are VoIP providers I could move my number to, but I have ZERO experience with that and how reliable that could be… Options appear to be VoipVoip.com and Voip.ms

I also heard there are android apps that can forward calls & texts? Anyone have experience with that? The idea being to leave a second phone at home to forward everything?

via WiFi on chat apps like Signal messenger.

In this case I don’t recommend giving up your cellular connectivity if it means giving up your phone number. If you have a plan where you can get phone calls and basic texts but without data, that’s okay.

This would be a balancing act that you’ll have to do for how you want your smartphone set up to be and why. Threat model and go from there.

I don’t have any apps I can recommend for forwarding things because that’s just increasing your attack surface.

Why do you even want to have it be this way? Either way, you learn by trying things out so I would recommend give any option that you deem to be good enough a try and see how it fares.

I should mention that some essential government and financial entities would absolutely need you to have a real phone number from a cellular service within the country for you to continue to be able to use those “public or financial services” you mentioned. So, you may need to have a number for these purposes anyway. Of course, for everything else, you can use other services.

Thanks for your answer! I really appreciate it.
You do make good points..
The main reason I wanted to disable cellular was to avoid triangulation, but it might not be worth it here for my threat model in this case

Unless you’re at a whistleblower treat model where a nation state is after you, ensuring of this is very hard as there are other means to track you if anyone really wanted to. Given your post and questions, I don’t think you are at risk of anything that would warrant what you think you need/want.

So, you’re fine. Going to the extremes for the sake of it is never sustainable. Even Snowden today I would imagine would want to be offline more than online albeit Qubes, Whonix, and Tails OS are tools always available for anyone to use.

Yeah that makes sense. It was mostly to avoid any potential “was near the crime when it happened”, but this is purely hypothetical.

Thanks!

What? I am never picking up phone calls because I don’t like to waste my time receiving spams in a synchronous way while working/spending time with family.
I also don’t see why anybody would need me live at the end of the line with them.
Just send me an email, there is no urgency.
Hence I would be very curious to know what’s the need for constant 24/7 reach-ability by a bank or administrative office here (or at least, how those entities justify such matter).
On top of it not being secure anyway. Like, is my bank calling me to double-check that a payment is mine a valid use case? Because hearing “yes” over a phone call is far from being a justifiable or secure approval so far.

More of a personal note but I also consider either:

• rushing their phone call and throwing 20 different things in the first 3s while I am still trying to figure out who they are or what they want (maybe I’m just slow here)
• accent/quality of the mic/surrounding noise (on either ends) is very variable and makes the whole thing quite a problem too, I don’t like to say “yes” or “no” in those environments without proper consideration at a more slow paced rhythm
• an email just solves all of those issues and is black on white transparent/easy to understand

I would still probably avoid any kind of KYC or your regular ISP’s plan for this one so that you’re not 24/7 tracked by a random company ready to sell your location to anybody just to justify receiving some call from time to time.

I’m still quite new when it comes down to uncluttering my phone situation and slowly removing bonds from services tied to my current phone number. Still, I would be very interested to know why this is a mandatory thing.
Or even if it is legal. I had a french number for quite some time here in Netherlands and it was never a problem.
What is the necessity? There is no increased security or benefit of such thing. Maybe not having any phone call fees? But again: just don’t call me in the first place.

If a person failed at planning a delivery/appointment, that’s on you: don’t expect me to pick up the phone and move all my plans of the day for you.
You’re free to schedule it for another day and no, it shouldn’t be a reason for me to give up my personal^[1] info just because you F’ed up.

I am meanwhile still in the process of figuring out a way to be reached for actual real emergencies. Like if a family member is in an accident, I would need to be able to be reachable. Currently, I’m reachable on Signal while being on WiFi but if I do go out, then the connectivity drops to a “is there a public WiFi spot somewhere” kind of level.

I agree that a 5G router with a GL.iNet Mudi router or alike with a prepaid eSIM bought with some Monero is probably the way to guarantee a full setup where you opt in into being able to be contacted at any time while in the wild/countryside. It would also make me reachable for emergencies like my house being on fire.

Now, if in some time I do receive an email asking me to update my phone number for a bank or alike so that they need some real phone number, I will either:

• reconsider the service altogether in favor of a competitor not needing to send me a crappy SMS verification code to access their app
• at best, provide them a very limited VOIP phone number because they could leave a message there or have the privilege of getting through my DND to then bring up a notification on my phone

People are just too kind nowadays and let themselves disturb with all kinds of nonsense.
I am since recently very hostile when it comes down to digital disturbance of any sort. If I’m on a duty (like work hours), then sure you can ping me on my work phone, yet there is no way an employer or service randomly calls me on my direct phone line.^[2]

Also, if I do give up and bend the knee to have a real regular call SIM, I’ll still try to get it through the most obfuscated way without giving away my personal info to the provider and I’ll use that number only for my family and not a service (because I don’t trust them to keep it safe^[3]).

I’m not sure about the other ways. Things that come to my mind:

• GPS or any other kind of wireless probing (disabled on my phone)
• car (can be avoided in favor of other kinds of transport)
• bank card payments (avoided if buying in cash or with a credit top-up kind of usage)
• not sure about other ones but very welcome to get this list expanded for further discussion

Also, even if most people do know your broad location: there is no need to spill it to even more parties constantly, I think that it’s fair that OP asked how to try to get there.

Just like OP, my experience with VOIP is still very limited but I do think it’s a very fair and good question to ask because there are probably good concessions that can be achieved thanks to having a good VOIP workflow.
Hence, I’d fight a bit further to get a working solution here.

1. and hard to change ↩︎

2. side comment here but this is also why I do not allow the emergency notifications from my country, they are usually scary, unnecessary and popping out at random times, if my place is being bombed I’ll figure it out myself. Hm, I might actually open a question about that topic just so I get more push-back on that position ↩︎

3. because they probably do not care or even if they do, it’s still a record in their database that can get stolen by a malicious party ↩︎

I don’t know but it reads to me that you’re commenting like you’re ticked off today and are upset at something else. There doesn’t seem to be any nuance you usually have because you’re commenting and sharing your views like life is only lived in absolutes and that its only okay to make binary decisions.

And that’s why other than what you said here reading like a person believing in the right things but only wanting to approaching it with anger or frustration or spite is why I am going to disagree and discount your comment here. It’s not a good way at all to look at this.

It’s okay to take a day/break from online discourse. This comment doesn’t read like you today. Just saying this with good intentions per my observation. I could be wrong in my assessment here but I honestly don’t feel so with this one at least.

I’m not necessarily a fan of this argument. When assessing your own threat model is difficult as it is in the first place and it’s something you have to figure out for yourself and it is never truly binary. The issue becomes just saying that all of this is hypothetical is applicable to anything discussed here including the very basic surveillance capitalism that is until you’re actually affected.

The way I do this does not necessarily affect usability overall I enable Wi-Fi calling & turn on airplane mode + disable Wi-Fi when not in use. If I’m anticipating using my phone or receiving a call outside of a Wi-Fi area, then I simply disable airplane mode I do this with an iPhone on eSIM. I don’t know how this operates on GrapheneOS. while this approach isn’t perfect it mitigate most of my concerns and has the perk of not having me be as attached to my phone, which also increases privacy.

I never meant to say or imply my way is the best way. Of course, there are several ways one can go about it and it depends on what you can do and not do to ensure your OPSEC is well set up to the limits of the inconveniences you can live with sustainably.

There’s no one right answer but for what OP is asking and their threat model, what I said is how they ought to go. It’s likely the best way. And I say that because I’ve had the same questions and concerns for myself and is similar to how I ensure my OPSEC even though not necessarily warranted.