Nostr Web Client

Pokémon Go is fundamentally hostile to privacy. It's a real-time location game built on movement data. There's no configuration that makes it "safe." If that's a hard line, the answer is simply no.

If someone still chooses to play, the only defensible approach is containment. Threat model matters here. If your primary phone is your public-facing presence and your threat model allows for that, Pokémon Go can live there.

The principle is isolation and compartmentalization.

You can have a surface-level digital presence that looks unremarkable while keeping anything that actually matters in completely separate, hardened environments.

For most people, that means a secondary device or at minimum a separate Android user profile with actual OS-level isolation. If you're on GrapheneOS, use a dedicated profile with contact and storage scopes disabled. The profile gets a burner Google account solely for Play Store access, completely disconnected from your real identity. No personal data crosses that boundary.

But if your primary device is already your public persona and you keep sensitive work isolated elsewhere, then Pokémon Go just becomes part of that calculated exposure.

The issue isn't that it exists in your life. It's whether it touches anything you actually need to protect.

Permissions stay locked to location only while the app is open. VPNs don't meaningfully help. Niantic already has the signal it cares about, and VPN use often just degrades gameplay or flags the account. DNS filtering can reduce some analytics noise, but it doesn't change the core surveillance model.

The real exposure isn't a single GPS point. It's correlation. Regular play near home, consistent schedules, repeated routes, and cross-account identifiers are what turn game data into behavioral profiles. That's where most people leak far more than they realize.

And even with perfect device hygiene, if you're coordinating raids or playing with people who know you IRL, friend lists and social gameplay become correlation points. Solo play reduces this; group coordination amplifies it.

If you just miss the AR collection and walking gameplay loop rather than Pokémon specifically, there are alternatives worth considering, though most location-based games have similar issues. Single-player options or geocaching apps can sometimes be locked down more effectively.

Treated as an occasional, deliberately isolated activity with clear boundaries, Pokémon Go can be a conscious tradeoff. Treated as a casual app on a daily-driver phone that also handles sensitive communications or operational security, it's incompatible with any serious privacy or threat-model awareness.

Ava 2d ago

That said, there is the reality of radio signals.

Even with perfect app isolation, a smartphone is still a radio device. It continuously negotiates with cell towers, and those signals alone allow coarse location and movement inference via triangulation. No phone number is required for this—an active cellular modem is enough.

Cell tower data sits with carriers, and accessing it typically requires law enforcement involvement—warrants, subpoenas, or lawful requests depending on jurisdiction. That's a different threat model than app-level surveillance, which operates without legal process. But the data exists, and it's accessible to anyone with the legal authority to obtain it.

Wi-Fi and Bluetooth expand that surface further. Probe requests, MAC behavior, and proximity signals can be used to infer presence and movement relative to known access points or other devices, even when not actively connected. Modern OS randomization helps, but it doesn't eliminate correlation, especially over time.

A dedicated device without a SIM reduces exposure, but it doesn't make the device invisible. A cellular-capable phone still participates in radio ecosystems unless radios are disabled entirely. Airplane mode with selective re-enablement, Wi-Fi-only play, or a data-only SIM with no voice number can reduce linkage, but none of these defeat physics.

The takeaway is the same principle as before: this isn’t about achieving invisibility. It’s about bounding risk—using isolation and compartmentalization to limit how radio-derived location signals can be tied back to you and what else they can touch.

For higher-sensitivity threat models, that can even include keeping the device powered off in a Faraday bag and only removing and turning it on once you’re already in a location that’s acceptable for exposure. It doesn’t defeat physics, but it prevents transitional movement data from ever being generated.

Reply to this note

Please Login to reply.

Discussion

Setthe.toane 2d ago

Wow

Gucky 1d ago

Perfect summary!

Lorraine 1d ago

How would a phone with a data only SIM not emit radio signals? Data has to be carried over radio, or am I missging your point?

Ava 1d ago

Data still travels over radio—that’s not the point I was making. The distinction is about linkage, not emissions. A data-only SIM doesn’t stop radio signals; it can reduce some linkage (depending on how the SIM/account is provisioned) because you’re not adding voice/SMS usage records on top of the carrier’s normal data-session metadata. The phone remains a radio—the exposure is about how easily that activity ties back to you.

Lorraine 1d ago

Ok, I get it now. Thank you for the clarification.