PikaSim
A public, shareable privacy guide
How to Actually Avoid Chat Control: A Practical Guide
This page was machine-translated. Spot an error? Suggest a fix.
You do not need to be technical, and you do not need to buy anything to start. This is a step-by-step plan to move your private life off the systems that scan it, in the order that gives you the most protection for the least effort. We sell anonymous eSIMs, so we are an interested party, but the number step is one of many here and most of this guide costs nothing. Share it freely.
Who wrote this, and why
We are PikaSim. We sell anonymous eSIMs, so we have skin in the game, and you should read this knowing that. But we are not only a store: we run the privacy plumbing too, a self-hosted BTCPay Server, a public Monero node, a Nostr relay, and a Tor relay. We deal every day with the payment processors, the SIM-registration regimes, and the verification systems this guide is about.
We wrote this because when EU Chat Control hit the news, most of the coverage was either panic or spin, and almost nobody explained, in plain terms, what actually changed and what an ordinary person should do. So we wrote the guide we wished existed: honest about what each tool does and does not do, honest about the limits of what we ourselves sell, and useful even if you never buy a thing from us. It is free, it carries no sign-up wall, and it is licensed so anyone can copy or translate it.
The plan in one screen
- Tier 1 (this weekend, free, no skills): Switch to Signal, switch your browser + search, and get a private email for signups.
- Tier 2 (this month): Stop giving out your real number, add a spare anonymous number, and move sign-ups off it.
- Tier 3 (when you are ready): Take control of the device itself with a clean, de-Googled phone (GrapheneOS).
- The honest limit: Encryption stops the scanning that exists today. It does not stop on-device scanning, which is why Tier 3 (a device you control) is the real endgame if the law goes further.
Tier 1 — the three things to do first
If you do nothing else, do these three. They take a weekend, cost nothing, need no special skills, and they cover the large majority of everyday exposure. Do them in order.
Move your conversations to Signal
Install Signal, tell your close contacts you are switching, and use it for your real conversations instead of WhatsApp, Messenger, Telegram, or SMS. It is free, it works exactly like a normal chat app, and its encryption is the current gold standard.
Get a private email for new signups
Create a Proton Mail or Tuta account and start using it whenever a new site asks for your email. Keep your old inbox for things already tied to it; route the future through the private one.
That is the foundation. The sections below are the detail behind each move, plus the two higher tiers.
Messaging: what to switch to, and the honest trade-offs
Not all "private" messengers are equal, and the best choice depends on how much your contacts will tolerate. Here is the honest ranking.
| App | Best for | Needs your number? | The catch |
|---|---|---|---|
| Signal Start here | Everyone. The realistic switch your friends will actually make. | Yes, to register (you can hide it from contacts with a username). | Needs a phone number to sign up. This is exactly where a spare number helps (Tier 2). |
| SimpleX Chat Advanced | Maximum metadata privacy. No account, no identifier at all. | No. No phone, no email, no user ID. | Fewest users, so you will be inviting people in rather than finding them. Best for a small trusted circle. |
| Molly (Signal fork) | Signal users on Android who want extra hardening. | Same as Signal. | Android only; it is Signal with more locks, not a different network. |
| WhatsApp / Telegram Avoid for private | Group logistics you cannot move, only. | Yes. | WhatsApp is encrypted but owned by Meta and covered by the "voluntary scanning" debate; Telegram chats are not end-to-end encrypted by default at all. |
The realistic move
Put your everyday private conversations on Signal today, because your contacts will actually follow you there. Keep SimpleX in your back pocket for the handful of conversations that need maximum protection. You do not have to pick one forever.
Browser and search: stop the everyday profiling
This is not about the law, it is about the constant background tracking that builds a profile of you regardless. Two quick swaps:
- Browser: Brave (blocks trackers out of the box) or Firefox with strict tracking protection. On iPhone, Safari with "Prevent Cross-Site Tracking" on is a decent default too.
- Search: switch your default to a private engine such as DuckDuckGo, Startpage, or Brave Search. It takes thirty seconds and you will not notice a difference in results quality.
- Optional but worth it: a reputable VPN or the Tor Browser for browsing you want to keep off your internet provider's radar. Choose a VPN that is audited and does not log; do not use a free one.
Email: the identity you hand out by accident
Your email address is a second identifier, quietly linking every account you own. Two moves:
- A private inbox: Proton Mail (Swiss, biggest private ecosystem) or Tuta (encrypts subject lines, cheapest paid tier). Either is a strong, honest choice.
- Aliases so you never reuse the real one: tools like SimpleLogin or Firefox Relay give each site its own throwaway address that forwards to you. If one leaks or spams, you kill that one alias, not your identity.
Tier 2 — cut the phone-number cord
Your phone number is the master key: SIMs increasingly need ID, services demand a number to sign up, and the same number reused everywhere links your accounts back to you. The goal here is to stop spending your real number and to have a spare that is not tied to your identity.
Stop handing out your real number for signups
When a site "just needs a number to verify," that number becomes a permanent link to you. Use a receive-only or throwaway number for those, and keep your real SIM number for people, not platforms.
Carry an anonymous data plan
An eSIM you buy without an account, an email, or ID gives you connectivity that is not registered to your name. It will not hide your device from the mobile network (nothing sold as a SIM can), but it removes the paperwork trail that ties the line to your legal identity. This is the step we can help with directly, and we will still tell you where it does not help (see the reality check below).
Separate "people" from "platforms"
The simple habit that ties it together: your real number is for humans you trust. Everything that just wants "a number" gets a different one. Once you split those, a leak or a data-broker join on the platform side no longer points at you.
Where PikaSim fits, honestly
We sell anonymous data eSIMs and receive-only numbers with no account, no email, and no ID, which is genuinely useful for the number step above. We are one option among several, no more essential than Signal or Proton. And we will keep saying the honest part: a SIM does not stop on-device scanning and does not hide your device from the carrier network. Buy it for what it does, which is de-linking a number from your identity. There is one product link, in the footer.
Tier 3 — do you actually need GrapheneOS?
This is the advanced tier, and it is where you take control of the device itself. It matters more than anything else if the law ever moves to on-device scanning, because then your protection depends on running an operating system you control rather than one the manufacturer controls.
What GrapheneOS is
GrapheneOS is a hardened, de-Googled version of Android that runs on Google Pixel phones (yes, the irony is deliberate: Pixels have the best security hardware to build on). It strips out Google's data collection, sandboxes apps tightly, and gives you fine-grained control over what every app can touch. It is the strongest mainstream mobile-privacy option available.
Honest answer: most people do not need it yet
GrapheneOS is a real commitment: you buy a supported Pixel, install it, and adjust to life with careful control over Google apps. If that sounds like a lot, it is fine to stay on Tiers 1 and 2, which already protect your conversations. Reach for GrapheneOS when:
- You want Google off the device entirely, not just out of your chats.
- Your threat model is serious (journalist, activist, at-risk person), or
- You want to be ready for a future where scanning moves onto the device.
If you decide to do it
Buy a supported Google Pixel (recent Pixel 8, 9, or 10 generations get the longest security-update guarantee), then follow the official GrapheneOS install guide from a computer. It is a guided, reversible process. Pair it with the apps above and you have a device that is genuinely yours. If a Pixel is not an option, a de-Googled Android like /e/OS supports far more phones, with a smaller security ceiling.
What this actually does, and what it does not
The fastest way to lose the plot on privacy is to believe a tool does more than it does. Here is the straight version.
| Threat | Does this guide help? |
|---|---|
| Server-side / network scanning of your messages (what today's EU rules enable) | Yes An E2EE messenger means there is nothing readable to scan in transit or on the server. |
| Your number being reused to link and identify you | Yes Splitting "people" from "platforms" and using an unregistered number breaks the link. |
| Everyday ad-tech and data-broker profiling | Yes Private browser, search, email, and aliases cut most of it. |
| Client-side scanning (on your device, before encryption) if it ever becomes law | Partly Not stopped by a messenger or a SIM. Your defense is a device/OS you control (Tier 3). This has not passed. |
| The mobile network seeing your device (IMEI/IMSI/location) | No Intrinsic to cellular. An anonymous SIM removes the name on the account, not the network's visibility. |
| A targeted, resourced adversary specifically after you | No That needs a real, individual threat model. Start with the pros: see the links below. |
Do not just dodge it, help stop it
Personal tools protect you. They do not change the law. If mass scanning of private messages bothers you, the other half of the answer is civic:
- Follow the fight at the source, not the headlines: Patrick Breyer's Chat Control tracker is the most complete running account of where the EU proposals stand.
- Join the organized response: campaigns such as exitchatcontrol.org make it easy to contact the right representatives.
- Learn the deeper toolkit from the specialists: Privacy Guides is the best independent, non-commercial resource, and GrapheneOS for hardware.
FAQ
What is the single most important thing to do about Chat Control?
Move your private conversations to an end-to-end encrypted messenger that the scanning cannot see into, and stop using your real phone number as your identity everywhere. For most people that means installing Signal and switching your everyday chats to it this week. Everything else on this page builds on those two moves.
Do I need to buy a special phone or install GrapheneOS?
No, not to start. Switching messengers, browser, and email gets you most of the protection with zero new hardware. GrapheneOS on a Pixel is the advanced tier for people who want to remove Google from the device itself. It is powerful and we explain it below, but it is the last step, not the first, and most people do not need it.
Will an encrypted messenger stop client-side scanning?
It stops server-side and network scanning, which is what the current EU rules enable. It does not by itself stop client-side scanning, which would run on your own device before encryption. That version of the law has not passed. If it ever does, your defense shifts to the device and operating system you run, which is exactly why the advanced tier (a clean OS you control) matters. We are honest about this because pretending otherwise would be lying to you.
Why does my phone number matter so much?
Because it is the identifier that ties everything together. Many services demand a number to sign up, SIM cards increasingly require government ID, and the same number reused everywhere lets separate accounts be linked back to you. Using a messenger that does not need your real number, and having a spare number that is not tied to your identity, breaks that chain.
Is any of this illegal?
No. Using encryption, choosing private apps, and buying an anonymous data plan are all legal. Privacy is a right, not an admission of guilt. This guide is about ordinary people protecting ordinary conversations from mass, suspicionless scanning, which is exactly what most Europeans object to.
I am not technical. Where do I actually start?
Do the three Tier 1 steps in order: install Signal and move your main chats to it, switch your browser to Brave or Firefox with a private search engine, and create a Proton or Tuta email you use for new signups. That is a weekend of work with a big payoff and no special skills required.
Share this, fork it, translate it. Maintained in the open. If a recommendation is out of date or a link dies, open an issue or a pull request and we will fix it publicly. Repo: github.com/codebruinc/pikasim-privacy-guide.
Licensed CC BY-SA 4.0. We are not affiliated with any tool named here; verify current status before relying on it.
Published by PikaSim, which sells anonymous eSIMs. That is the one product link on this page.