Buying someone’s real-time location is shockingly cheap

Written By Naomi Brockwell

By Naomi Brockwell, Founder and Director of NBTV

Most people have no idea how exposed they are.

Your location is one of the most sensitive pieces of personal information, and yet it’s astonishingly easy to access. For just a few dollars, someone can track your real-time location without ever needing to hack your phone.

This isn’t science fiction or a rare edge case. It's a thriving industry.

Telecom providers themselves have a long and disturbing history of selling customer location data to data brokers, who then resell it with little oversight.

In 2018, The New York Times exposed how major U.S. carriers, including AT&T, Verizon, T-Mobile, and Sprint, were selling access to phone location data. This data was ultimately accessed by bounty hunters and law enforcement, without user consent or a warrant.

A 2019 investigation by Vice showed that you could buy the real-time location of nearly any phone in the U.S. for about $300.

Other vendors advertise this service for as little as $5 on underground forums and encrypted messaging channels. No need to compromise someone’s device, just give them a phone number.

The big takeaway from this article is that if someone has your number, they can get your location. We’re going to go over how to shut this tracking method down.

Whether you're an activist, journalist, or just someone who values your right to privacy, this newsletter series is designed to give you the tools to disappear from unwanted tracking, one layer at a time.

How Cell Numbers Leak Location

Your cell number is a real-time tracking beacon. Every time your phone is powered on, it talks to nearby cell towers. This happens even if you're not making a call.

Your phone's location is continuously updated in a database called the Home Location Register (HLR), which lets your carrier know which tower to route calls and texts through. If someone has access to your number, they can locate you, sometimes within meters, in real time. Here are some ways they can do it:

1. Access to Telecom Infrastructure

Selling data / corrupting employees:

Telecom providers are notorious for selling customers' location data directly from their HLR. Alternatively, unauthorized individuals or entities can illegally access this data by bribing or corrupting telecom employees who have direct access to the HLR.

The data retrieved from the HLR database reveals only which specific cell tower your phone is currently registered to, and typically identifies your approximate location within tens or hundreds of meters, depending on tower density in the area.

To pinpoint your exact location with greater precision, down to just a few meters, requires additional specialized methods, such as carrier-based triangulation. Triangulation involves actively measuring your phone’s signal strength or timing from multiple cell towers simultaneously. Such detailed, real-time triangulation is typically restricted to telecom companies and authorized law enforcement agencies. However, these advanced methods can also be misused if telecom personnel or authorized entities are compromised through bribery or corruption.

Exploiting the SS7 Protocol (Telecom Network Vulnerabilities):

Attackers can also exploit vulnerabilities such as those in SS7, a global telecom signaling protocol, to illicitly request your current cell tower location from the HLR database. SS7 itself doesn't store any location data — it provides the means to query your carrier's HLR and retrieve your current tower association.

2. IMSI Catchers ("Stingrays"): Your Phone Directly Reveals Its Location

IMSI catchers (often called "Stingrays") are specialized surveillance devices acting as fake cell towers. Your phone constantly searches for the strongest available cell signal, automatically connecting to these fake towers if their signals appear stronger than legitimate ones.

In this method, instead of querying telecom databases, your phone directly reveals its own location to whoever is operating the fake cell tower, as soon as the phone connects. Operators of IMSI catchers measure signal strength between your phone and their device, enabling precise location tracking, often accurate within a few meters.

While IMSI catchers were initially developed and primarily used by law enforcement and intelligence agencies, the legality of their use (even by authorities) is subject to ongoing debate. Unauthorized versions of IMSI catchers have also become increasingly available on black and gray markets.

The Solution? Move To VoIP

Cell numbers use your phone's baseband processor to communicate directly with cell towers over the cellular network, continuously updating your physical location in telecom databases.

VoIP numbers (Voice over Internet Protocol), on the other hand, transmit calls and texts through the internet using data connections. They don’t keep HLR records, and so they’re immune to tower-based location tracking.

Instead, the call or message is routed through internet infrastructure and only connects to the cellular network at carrier-level switching stations, removing the direct tower-based tracking of your physical location.

So the takeaway is that you want to stop using cell numbers, and start using VoIP number instead, so that anyone who knows your number isn’t able to use it to track your location.

But there’s a catch: VoIP is heavily regulated. In most countries, quality VoIP options are scarce, and short code SMS support is unreliable. In the U.S., though, there are good tools.

Action Items:

1. Get a VoIP Provider

Two good apps that you can download where you can generate VoIP numbers in the U.S. are:

  • MySudo: Great for compartmentalizing identity. Up to 9 identities/numbers per account.

  • Cloaked.com: Great for burner/throwaway numbers.

We are not sponsored by or affiliated with any of the companies mentioned here, they’re just tools I use and like. If you have services that you like and recommend, please let others know in the comments!

Setting Up MySudo

Step 1: Install the App

  • You will need a phone with the Google Play Store or the Apple App Store.

  • Search for MySudo, download and install it, or visit the store directly via their webpage.

Step 2: Purchase a Plan

  • $15/month gets you up to 9 Sudo profiles, each with its own number. Or you can start with just 1 number for $2/month. You will purchase this plan inside the app store on your phone.

Step 3: Set Up Your First Sudo Profile

When prompted, create your first Sudo profile. Think of this as a separate, compartmentalized identity within MySudo, distinct from your main user account.

Each Sudo profile can include:

  • A dedicated phone number

  • Optional extras like an email alias, username handle, virtual credit card, etc.

For now, we’re focusing only on phone numbers:

  • Choose a purpose for this profile (such as Shopping, Medical, Work). This purpose will appear as a heading in your list of Sudos.

  • Create a name for your Sudo profile (I usually match this to the chosen purpose).

Step 4: Add a Phone Number to Your Sudo

  • Tap the Sudo icon in the top-left corner.

  • Select the Sudo profile you just created.

  • Tap "Add a Phone Number."

  • Select your preferred country, then enter a city name or area code.

  • Pick a number from the available options, then tap "Choose Number."

You're now set up and ready to use your VoIP number!

Step 4: Compartmentalize

You don’t need to assign all 9 numbers right away. But here are helpful categories you might consider:

  • Friends and family

  • Work

  • Government

  • Medical

  • Banking

  • Purchases

  • Anonymous purchases

  • High-risk anonymous use

  • Catch-all / disposable

Incoming calls go through the MySudo app, not your default dialer. Same with SMS. The person on the other end doesn’t know it's VoIP.

Short Codes Don’t Always Work

Short codes (such as verification codes sent by banks or apps) use a special messaging protocol that's different from regular SMS texts. Many VoIP providers don't consistently support short codes, because this capability depends entirely on the underlying upstream provider (the entity that originally provisioned these numbers) not on the VoIP reseller you purchased from.

If you encounter problems receiving short codes, here are ways around the issue:

  • Use the "Call Me" Option:
    Many services offer an alternative verification method: a phone call delivering the verification code verbally. VoIP numbers handle these incoming verification calls without any issue.

  • Try Another VoIP Provider (Temporary):
    If a service blocks your primary VoIP number and insists on a real cellular number, you can borrow a non‑VoIP SIM verification service like SMSPool.net. They provide actual cell‑based phone numbers via the internet, but note: these are intended for temporary or burner use only. Don’t rely on rented numbers from these services for important or long-term accounts, always use stable, long-term numbers for critical purposes.

  • Register Using a Real Cell Number and Port It to VoIP:
    For critical accounts, another option is to use a prepaid SIM card temporarily to register your account, then immediately port that number to a VoIP provider (such as MySudo or Google Voice). Many services only check whether a number is cellular or VoIP during initial account registration, and don't recheck later.

  • Maintain a Separate SIM Just for Critical 2FA:
    If you find that after porting, you still can't reliably receive certain verification codes (particularly short codes), you might need to maintain a separate, dedicated SIM and cellular number exclusively for receiving critical two-factor authentication (2FA) codes. Do not share this dedicated SIM number with everyone, and do not use it for regular communications.

Important Caveat for High-Risk Users:

Any SIM cards placed into the same phone are linked together by the telecom carrie, which is important information for high-risk threat models. When you insert a SIM card into your device, the SIM itself will independently send special messages called "proactive SIM messages" to your carrier. These proactive messages:

  • Completely bypass your phone's operating system (OS), making them invisible and undetectable from user-level software.

  • Contain device-specific identifiers such as the IMEI or IMEISV of your phone and also usually include the IMEI of previous devices in which the SIM was inserted.

If your threat model is particularly high-risk and requires total compartmentalization between identities or numbers, always use separate physical devices for each compartmentalized identity. Most people don't need to take such extreme precautions, as this generally falls outside their threat model.

Cloaked.com for Burner Numbers

  • Offers unlimited, disposable phone numbers.

  • Great for one-off verifications, restaurants, or merchants.

  • Doesn't require installing an app, you can just use it in the browser and never link any forwarding number.

  • Be aware that if any of the VoIP numbers you generated inside Cloaked hasn't received any calls or messages for 60 days, it enters a watch period. After an additional 60 days without receiving calls or messages (120 days total of inactivity), you lose the number, and it returns to the available pool for someone else to use. Only use Cloaked for numbers you expect to actively receive calls or messages on, or for temporary use where losing the number isn't an issue.

What to Do With Your Current Cell Number

Your cell number is already everywhere: breached databases, government forms, medical records, and countless other places. You can't "un-breach" it, and you don’t want to lose that number because it’s probably an important number that people know they can contact you on. But you can stop it from being used to track you.

Solution: Port your existing cell number to a VoIP Provider

Best choice: Google Voice (recommended due to strong security protections)

  • You can choose to just pay a one-time $20 fee, which turns the number into a receiving-only number. You’ll get to receive calls and texts forever on this number with no ongoing fees.

  • Or you can choose to pay an ongoing monthly fee, which will allow you to continue to make outgoing calls and send outgoing messages from the number.

The one-time fee option will be sufficient for most people, because the aim is to gradually make this existing number obsolete and move people over to your new VoIP numbers.

Google Voice is considered a strong option because the threat of SIM swapping (where an attacker fraudulently takes control of your phone number) is very real and dangerous. Unlike basically every other telecom provider, Google lets you secure your account with a hardware security key, making it significantly harder for attackers to port your number away from your control.

Google obviously is not a privacy-respecting company, but remember, your existing cell number isn’t at all private anyway. The idea is to eventually stop using this number completely, while still retaining control of it.

How to Port Your Existing Cell Number to Google Voice

  1. Check Porting Eligibility
    Visit the Google Voice porting tool and enter your number to verify it's eligible.

  2. Start the Port-In Process

    • Navigate to Settings → Phones tab → Change / Port.

    • Select "I want to use my mobile number" and follow the on-screen prompts

  3. Pay the One-Time Fee
    A $20 fee is required to port your number into Google Voice

  4. Complete the Porting Process

    • Enter your carrier account details and submit the request. Porting generally completes within 24–48 hours, though it can take longer in some cases.

  5. Post-Port Setup

    • Porting your number to Google Voice cancels your old cellular service. You’ll need a new SIM or plan for regular mobile connectivity, but you’ll ideally only use this new SIM for data, and use your VoIP numbers for communication not the associated cell number.

    • Configure call forwarding, voicemail transcription, and text forwarding to email from the Google Voice Settings page.

Now, even if someone tries to look you up via your old number, they can’t get your real-time location. It’s no longer tied to a SIM that is logging your location in HLRs.

Summary: Take It One Step At A Time

Switching to VoIP numbers is a big change, so take it step by step:

  1. Download your VoIP apps of choice (like MySudo) and set up your new numbers.

  2. Gradually migrate your contacts to your new VoIP numbers.

  3. Use burner numbers (via Cloaked or similar services) for reservations, merchants, or anyone who doesn't genuinely need your permanent number.

Keep your existing SIM active for now, until you're comfortable and confident using the new VoIP system.

When ready, finalize your migration:

  1. Port your original cell number to Google Voice.

  2. Get a new SIM card with a fresh number, but don’t use this new number for calls, texts, or identification.

  3. Use the new SIM solely for data connectivity.

This completes your migration, significantly enhancing your privacy and reducing your exposure to location tracking.

GrapheneOS Users

You can't currently purchase your MySudo subscription directly on a GrapheneOS device. Instead, you'll first need to buy your MySudo plan through the Google Play Store or Apple App Store using another device.

Once you've purchased your plan, you can migrate your account to your GrapheneOS phone:

  1. On your GrapheneOS device, download and install MySudo from your preferred app store (I personally like the Aurora store as a front-end for the Google Play Store).

  2. Open MySudo on your GrapheneOS device and navigate to:
    Settings → Backup & Import/Export → Import from Another Device

  3. Follow the on-screen prompts to securely migrate your entire account over to your GrapheneOS phone.

You can retain your original device as a secure backup for messages and account data.

To ensure reliable, real-time notifications for calls and messages, make sure sandboxed Google Play is enabled on the GrapheneOS profile where you're using MySudo.

What You’ve Achieved

You now have:

  • Up to 9 persistent, compartmentalized VoIP numbers via MySudo.

  • Disposable, on-demand burner numbers via Cloaked.

  • Your original cell number safely ported to Google Voice and secured with a hardware security key.

  • A clear plan for transitioning away from your original cell number.

You've replaced a vulnerable, easily trackable cell identifier. Your real-time location is no longer constantly broadcast through cell towers via a number that is identified as belonging to you, your digital identities are better compartmentalized, and you're significantly harder to track or exploit.

This marks the beginning of a safer digital future. What's next? More layers, better privacy tools, and greater freedom. Remember, privacy isn't a destination, it's a lifestyle. You're now firmly on that path.

Yours in Privacy,
Naomi

Consider supporting our nonprofit so that we can fund more research into the surveillance baked into our everyday tech. We want to educate as many people as possible about what’s going on, and help write a better future. Visit LudlowInstitute.org/donate to set up a monthly, tax-deductible donation.

NBTV. Because Privacy Matters.

Privacc.org

Naomi Brockwell
Next

Your TV Is Spying On You