Is graphneOS less safe when used w/o sim?
This is not a jab against Telegram hitting them when they are at their lows despite what a disappointing amount of users on Twitter have reacted to this with. All of us are GrapheneOS have used it in some way. However, it's founder being arrested is a very important time to remind people that because messages are not end-to-end encrypted except in a very specific circumstance, many users and average people are at risk. Telegram has almost a billion users and many do not understand this concept. If you hold something sensitive on Telegram and it's not encrypted, you MUST take appropriate action. This is a PSA to our users who use Telegram because we care about the safety of our users and community. The climate surrounding Telegram is moving towards being hostile, so talking about this is more important than ever.
There are many messengers not just Signal that are safer than Telegram simply because end to end encryption is mandatory. Signal is mentioned here because they are an unfortunate subject of Telegram's marketing campaigns. Influencers taking jabs at Signal when they are proven to only be able to provide only a timestamp of when an account was registered and last used in court is simply throwing stones from a glass house. Both require phone numbers yet Telegram gives away far more information about you.
Encryption and preventing access to metadata doesn't just protect users, it protects developers. You cannot be compelled to give away what you cannot access and you cannot be accountable to protect against what you aren't able to moderate. Develop unstoppable software that can survive without you.
https://signal.org/bigbrother/santa-clara-county/
We recommend only SimpleX for messaging outside of Signal/Molly at this time. For high risk GrapheneOS users who use it as a WiFi-Only device with no SIM, it is the best choice. Molly also allows multiple devices to use one Signal account, register on another device and link and you still won't need the number if you need Signal. If Session had PFS it would also be considered further, there is a tradeoff.
We aren't in a place and time to assess every communication method available to us, the market for messaging apps is becoming way too large.
Discussion
Using GrapheneOS without one AND aeroplane mode enabled (which turns off the cellular radio) is more secure since you are reducing remote attack surface from the cellular radio, SMS and others. SIM card is just used as authentication to that network and you are still taking part in it so you need both. Even if you have a SIM, using Aeroplane Mode but still using WiFi except when you need data is good practice (you're still connecting to your mobile network provider for WiFi calling and more). This also helps against cellular network tracking.
This has a huge usability cost for some users. High risk individuals are expected to disable radios (Bluetooth, UWB, WiFi, Cellular) when they aren't using them. It's an added measure from people with added caution.
Obviously messengers like Signal are out of the question with no phone number, so SimpleX is the first choice for this.
Thank you. A lot to learn here.