eSIM vs physical SIM — which is more private?

For travelers, the choice between buying a local prepaid SIM at the airport and using a pre-installed eSIM looks like a convenience decision. From a privacy standpoint, it's a much bigger one. The two products live under entirely different legal regimes.

The legal asymmetry

Roughly 155 countries enforce some form of mandatory SIM registration on locally-issued mobile lines. When you walk into a kiosk in Bangkok, Dubai, Lagos, Mumbai, or Istanbul and buy a prepaid SIM, you legally have to present an ID document. The carrier scans it, ties the SIM's identifiers (IMSI, MSISDN) to your name, and reports the link to the regulator.

These laws were originally introduced to fight terrorism financing and SIM-swap fraud. In practice they create a permanent record at the carrier (and often at the national telecom regulator) for every prepaid SIM ever activated.

A foreign-issued eSIM that roams into the same country is not subject to these registration laws. The phone connects to the local network as a roaming user, the same way it would on your home plan. There is no kiosk visit, no ID scan, no SIM-to-name registration at the destination.

What the local carrier sees

For a local prepaid SIM (with ID registration):

• Your full name and ID document number, on file at the carrier
• Your nationality and passport details, in many strict regimes
• A timeline of every cell tower your phone has connected to
• Every app that has made a TCP connection (via DPI in some countries)
• Every call placed and SMS sent, in clear

For a foreign eSIM roaming in:

• A generic "roaming user" entry tied to the foreign mobile network operator
• Phone IMEI, eSIM IMSI — no name attached unless cross-referenced with the home country
• The same cell-tower trail and DPI metadata as any roaming user
• No clear association to a person at the destination carrier's level

What can still link a foreign eSIM to you

The eSIM provider holds a record of who bought what plan. Stealthsim deliberately holds almost nothing — no account, no name, no card, only a delivery email that is never verified and not retained beyond delivery. For Airalo, Holafly, Saily and the rest, the link to your real identity (verified email, payment card, account history) sits in their customer database and is exposed in every breach and every subpoena.

Your phone's IMEI is also broadcast. If you've ever used the same phone with a registered home SIM, the IMEI is on file with your home carrier. A destination carrier doesn't see this link directly, but state-level cooperation between carriers can bridge it.

The only way to defeat IMEI-level identification is to use a separate phone that has never carried a registered home SIM. For most travelers this is paranoid overkill; for some it's the baseline.

Practical comparison by country

High-friction registration regimes

China, Saudi Arabia, UAE, India, Pakistan, Egypt, Russia, Turkey: a local SIM requires passport + sometimes biometric scan + sometimes a sponsor letter. A foreign eSIM avoids all of this. Privacy gain: large.

Medium-friction

Thailand, Indonesia, Philippines, Brazil, Mexico, South Africa: local SIM requires ID but process is informal. Foreign eSIM still avoids the registration. Privacy gain: meaningful.

Low-friction

US, UK, EU, Canada, Australia, Japan: no ID required for a prepaid SIM. Foreign eSIM still wins on convenience (no kiosk visit) and on payment privacy (crypto vs cash, or crypto vs card). Privacy gain: small but non-zero.

The data-volume trap

Local prepaid SIMs often beat foreign eSIMs on raw GB per dollar in heavy-usage countries. If you're a backpacker streaming Netflix daily for two months, a local Thai AIS SIM is cheaper than a Thailand eSIM. The privacy cost is the trade.

For typical travelers (1-30 day trips, 5-30 GB total), the price gap is small and the privacy gap is large. A Stealthsim eSIM paid in Monero will cost a few dollars more than the ID-registered local SIM and leave no name on file anywhere.

Recommendation

In any country with mandatory SIM registration, a foreign anonymous eSIM is the more private choice by a wide margin. In countries without registration, the choice is mostly about payment privacy and convenience — both of which still favor a crypto-paid eSIM.