eSIM vs physical SIM: which is actually more private?

The shift from physical SIM cards to eSIM is accelerating. Apple removed the physical SIM slot from US-market iPhones in 2022, and other manufacturers are following. For privacy-conscious users, this raises a legitimate question: is eSIM actually more private than a physical SIM card, or does it introduce new risks? The answer is more nuanced than either enthusiasts or sceptics typically admit.

The technical difference

A physical SIM card is a small chip — a Universal Integrated Circuit Card (UICC) — that stores your IMSI, authentication keys, and subscriber profile in hardware. It is physically inserted into your device. The carrier pre-programs the card before handing it to you, and the credentials are fixed on the hardware unless the card is reprogrammed at a carrier facility.

An eSIM (embedded SIM) is a chip soldered directly into the device motherboard. It is not removable. Instead of storing a single fixed profile, it can download and store multiple operator profiles over the air using the GSMA's Remote SIM Provisioning (RSP) standard. An Activation Code (QR code or alphanumeric string) is used to trigger a profile download from the carrier's SM-DP+ server (Subscription Manager Data Preparation).

The functional result for the user is the same: a subscriber identity and credentials are loaded onto the device, enabling it to connect to a carrier network. The mechanism for getting there is fundamentally different.

Where eSIM has privacy advantages

eSIM offers several practical privacy advantages over physical SIM:

• No physical card to seize: A physical SIM can be extracted from a device, read by a SIM reader, and the subscriber identity obtained in seconds. An eSIM is soldered to the board — physically seizing it without destroying the device is not straightforward.
• Faster profile rotation: Switching between profiles or provisioning a new one takes minutes without leaving your current location. Physical SIM rotation requires obtaining a new card, which involves a trip to a shop or waiting for delivery.
• Multiple simultaneous profiles: Devices supporting dual-SIM eSIM (DSSS) can have two active profiles simultaneously, keeping a privacy-focused connection separate from a work or personal one.
• No visible hardware indicator: A physical SIM in a device confirms SIM presence to anyone inspecting it. An eSIM is invisible and its provisioning state is only accessible through software.

Where physical SIM has privacy advantages

Physical SIM cards are not simply worse — they have distinct advantages in specific scenarios:

• Anonymous cash purchase: In jurisdictions where unregistered SIM sales remain legal, a physical SIM can be purchased with cash, in person, with no digital trail whatsoever. No account creation, no email address, no activation server log.
• No digital provisioning trail: eSIM activation requires a connection to an SM-DP+ server. This creates a log entry: your device's IP address, the time of activation, and the EID (embedded UICC identifier) of your device. A physical SIM generates no comparable digital record at activation.
• Harder to remotely clone or manipulate: eSIM profiles can in principle be managed remotely by carriers (within GSMA specifications). A physical SIM has no such remote management surface.

IMSI exposure: the thing both share

Both physical and eSIM expose an IMSI (or its 5G equivalent, the SUPI) to the network. This is unavoidable — it is how the network identifies your subscription. In 5G networks, the SUCI (Subscription Concealed Identifier) mechanism encrypts the SUPI before transmission using the home network's public key, providing some protection against IMSI catchers. In 4G LTE and below, the IMSI is transmitted in cleartext at certain stages of the connection process.

The practical implication: both SIM types expose your subscription identifier to the network and, by extension, to anyone with access to the network infrastructure. The privacy gain from either type comes from the subscriber account it's linked to — or not linked to — not from the transport mechanism itself.

SIM swapping: where eSIM is more vulnerable

SIM swap fraud involves convincing a carrier's customer service to transfer a target's phone number to a SIM controlled by the attacker. With physical SIM, this results in a new physical card being issued to the attacker. With eSIM, the same attack can be executed entirely remotely — no physical card, no visit to a store. The attacker calls the carrier, social engineers the transfer, and the profile is provisioned to their device over the air.

This makes eSIM meaningfully more vulnerable to SIM swap attacks. For accounts protected by SMS-based two-factor authentication — banking, email, social media — eSIM's remote provisionability is a liability. The mitigation is to avoid SMS-based 2FA entirely (use hardware keys or authenticator apps) and to set a carrier PIN that must be verified before any SIM changes are authorised.

Legal requests and carrier tracing

From a law enforcement perspective, both SIM types are traceable through the same mechanism: a request to the carrier. If your eSIM or physical SIM is registered under your identity — as required in most EU countries — the carrier can produce your subscriber records, location history, and call data on receipt of a valid legal request. The SIM form factor makes no difference here.

The privacy-relevant variable is whether the SIM is KYC-linked or not. A no-KYC physical SIM or no-KYC eSIM both provide the same protection against carrier-level identity disclosure, for the same reason: there is no subscriber record with your name on it.

Practical recommendation

eSIM is the better choice for rotation-based privacy strategies — faster to switch, no hardware dependency, usable with no-KYC providers. Physical SIM remains useful where cash purchase without any digital activation trail is possible, or where remote SIM swap risk is a primary concern and the carrier does not allow robust PIN-based lockdown.

For most people building a privacy-focused mobile setup, a no-KYC Norypt eSIM combined with a hardened handset provides the best balance. For granular SIM management, per-profile network access controls, and the ability to disable cellular entirely when not needed, GrapheneOS phones offer capabilities that stock Android and iOS cannot match.