How to be UNTRACEABLE and anonymous online - spoiler alert, it’s basi...
Original video: https://vm.tiktok.com/ZGd9shV7d/
Fact checked on: July 12, 2026
Video Transcription
Fact Check Analysis
Overall assessment
The text makes a broadly accurate point: perfect anonymity on the internet is extremely difficult and, in realistic circumstances, probably unattainable. However, several statements are overstated, technically imprecise, or presented as certainties when they depend heavily on the device, network, service provider, jurisdiction, and adversary involved.
The text also conflates several concepts:
- Anonymity: hiding who you are.
- Privacy: limiting collection or exposure of information.
- Pseudonymity: using an identity not directly linked to your legal identity.
- Security: protecting data from unauthorized access.
- Untraceability: preventing reliable reconstruction of activity.
Using a burner phone or VPN can improve privacy, but neither guarantees anonymity.
Claim: Buying a phone with cash does not make the purchase anonymous
Generally accurate, with qualifications.
Paying cash avoids direct payment records associated with a bank account or credit card. It does not necessarily eliminate other records, such as:
- Store surveillance footage
- Inventory and point-of-sale records
- The phone’s IMEI or serial number
- Retailer loyalty-account information, if used
- Records of activation by the mobile carrier
- Nearby-device or location data, depending on the circumstances
However, the text implies that a store can always connect a particular serial number to a specific cash purchaser. That is not necessarily true. Many retailers record that a product was sold, but do not always record the purchaser’s identity or retain a direct association between the individual customer and the device serial number. Linking the phone to a person may require combining inventory records, timestamps, surveillance footage, and other evidence.
The claim that surveillance footage could be retrieved for “register 3 at 2:14 p.m.” is plausible in a well-equipped store, but footage retention periods and camera coverage vary substantially.
Claim: A phone’s serial number and other identifiers can be used to trace it
Accurate in principle.
Mobile phones generally have several identifiers, including:
- An IMEI, identifying the cellular device
- An IMSI, identifying the subscriber identity associated with a SIM or eSIM
- A SIM card identifier
- A device serial number
- Advertising and app-specific identifiers
Carriers can associate cellular activity with device and subscriber identifiers. A phone’s IMEI can also help identify repeated use of the same physical handset, although it does not by itself reveal the person holding it.
The text sometimes treats these identifiers as if they automatically identify the owner. They do not. They become identifying when correlated with purchase records, subscriber information, location history, account logins, surveillance footage, or other data.
Claim: A random person or disguise would be needed to buy the phone anonymously
Partly accurate but overstated.
Having someone else buy a device, or disguising oneself, could reduce the evidentiary value of store surveillance. It would not guarantee anonymity. The purchaser might be identifiable through their own records, later contact with the buyer, communications, transportation data, or other surveillance.
A disguise also does not necessarily defeat modern identification systems, and attempting to evade identification can itself attract attention or create additional evidence. The practical effectiveness of these measures depends on the adversary and the investigation.
Claim: Phones can use GPS to map an exact location
Partly accurate.
Phones can obtain highly precise location information using GPS or other satellite-navigation systems, particularly outdoors with a clear signal. But “exact” is too strong. Accuracy varies with signal quality, buildings, weather, device hardware, and processing methods.
Phones also determine location through:
- Cell-tower measurements
- Nearby Wi-Fi networks
- Bluetooth beacons
- Sensor data
- IP-address-based geolocation
- App or operating-system location services
Location data may be collected by the operating system, carriers, apps, advertisers, or other services. Turning off location services can limit some collection, but it does not eliminate all forms of location inference.
Claim: A burner phone can be correlated with a person’s normal phone based on geographic proximity
Accurate in principle, but not automatic.
If two devices repeatedly appear together at the same locations and times, an analyst may infer that they are associated. This could be based on:
- Cell-tower location data
- Wi-Fi association or scan records
- Bluetooth observations
- App-collected location data
- Physical surveillance
- Shared travel patterns
Such correlation is a recognized investigative and analytical technique. But proximity alone does not prove that the same person owns or carries both devices. A phone may be near another device because its owner is traveling with a companion, living with another person, working nearby, or simply visiting the same places.
The claim that the devices must never be powered on near one another is therefore too absolute. Avoiding co-location might reduce one type of correlation, but it does not remove other identifying evidence.
Claim: A phone’s SIM, device ID, time, network, first connection, and activation IP address form a “birth certificate”
Partly accurate, but the wording is metaphorical and technically imprecise.
When a phone is activated or connects to a mobile network, relevant records may include:
- SIM or eSIM identifiers
- IMEI or other device identifiers
- Time of connection
- Cell tower or network information
- IP address assigned to the device
- Account or activation information
- Approximate location
These records can help establish the phone’s history and connect activity over time. But the exact data collected depends on the carrier, the type of activation, the operating system, and local law.
A phone may also connect to a cellular network without the user completing a formal “activation” process. Conversely, an IP address usually identifies a network connection or carrier assignment, not a person directly. The “birth certificate” analogy is useful rhetorically but should not be understood as a formal technical record.
Claim: Turning off location services only stops apps from receiving GPS data
Mostly accurate, but incomplete.
Disabling location services usually prevents or restricts ordinary apps from accessing the operating system’s location service. It does not necessarily prevent:
- Cellular-network location tracking
- Wi-Fi-based location inference
- Bluetooth-based proximity detection
- IP-based geolocation
- Emergency-location functions
- Carrier-level network records
- Device-management or system-level collection
- Inferences based on nearby devices and repeated movements
The exact behavior varies by operating system and settings. Some phones allow separate control over precise location, background access, Wi-Fi scanning, Bluetooth scanning, and emergency location features.
The statement that the phone “still talks to cell towers” is correct when cellular connectivity is enabled. A carrier can generally observe the device’s connection to the network and estimate its location from network data, even when GPS is disabled.
Claim: Phones see nearby Wi-Fi networks and Bluetooth devices, which can reveal location
Generally accurate.
A phone may scan for nearby Wi-Fi access points and Bluetooth devices. Known Wi-Fi networks can help a device determine its location, and large databases associate Wi-Fi access-point identifiers with geographic locations.
However, merely seeing a nearby Wi-Fi network does not always mean that the phone transmits a record identifying the user to a third party. Whether the information is collected, uploaded, or used for location inference depends on the operating system, settings, apps, and network behavior.
Bluetooth can also contribute to location or proximity inference, especially through beacons, tracking systems, and persistent device identifiers. Modern operating systems often randomize some identifiers to reduce tracking, though this protection is not absolute.
Claim: A phone is “a location-emitting object by design”
Broadly true as a description of ordinary cellular phones, but overstated.
A powered-on phone with cellular connectivity communicates with nearby network infrastructure. That creates network records that can be used to estimate its location. Smartphones may also communicate through Wi-Fi, Bluetooth, apps, and background services.
But the phone’s ability to emit location-related data depends on its state and configuration. Airplane mode, powering the device off, removing network connectivity, and disabling radios can change what is transmitted. Even then, claims about whether a powered-off phone can communicate depend on the model and implementation. Some newer devices may retain limited functions, such as finding features, under certain conditions.
Claim: Using home, workplace, gym, café, or a friend’s Wi-Fi can identify the user
Potentially accurate, but too categorical.
A Wi-Fi network can expose information such as:
- The public IP address visible to websites
- Router or provider records
- Device MAC addresses or randomized identifiers
- Connection times
- Network logs
- Location-associated Wi-Fi information
If someone already knows who normally uses a particular network, connecting an additional device there can create a useful association. Physical surveillance or other records could strengthen that link.
But Wi-Fi use does not automatically identify a person. Public networks may be shared by many users, may not retain detailed logs, and may use systems such as captive portals that alter the evidence available. A café’s Wi-Fi connection may show that a device was present at the café, but not necessarily who carried it.
The statement that “surrounding networks” constitute a “habitat for identifying you” is rhetorical rather than a precise technical claim.
Claim: Surveillance footage can connect a device’s Wi-Fi presence to a person
Plausible and sometimes accurate.
If a device connects to a network at a known time and surveillance footage shows a particular person using or carrying it at that time, the two sources can be correlated. Similar correlation can be made using cell-site data, Bluetooth observations, access-control records, or payment records.
However, this requires:
- Suitable surveillance coverage
- Accurate timestamps
- Retained network records
- A reliable way to associate the device with the connection
- Sufficient image quality or other evidence
It is not guaranteed that such evidence exists or that it would be legally usable.
Claim: A VPN routes traffic through the VPN provider, so websites may see the VPN’s IP address
Accurate for ordinary VPN use.
In a conventional VPN arrangement, the device establishes an encrypted connection to a VPN server, and internet traffic is sent through that server. The destination website will generally see the VPN server’s public IP address rather than the user’s ordinary network IP address.
A VPN does not make the user invisible. The VPN provider can potentially observe metadata such as:
- Connection times
- The user’s source IP address
- Amount of traffic
- The VPN server used
- Possibly destination information, depending on the protocol and configuration
The VPN provider may not be able to read the contents of properly encrypted HTTPS traffic, but it can still observe some connection information. Websites can also identify users through logins, cookies, browser characteristics, tracking scripts, and other signals.
Claim: A VPN merely shifts trust from the internet provider to the VPN provider
Generally accurate.
A VPN reduces the amount of browsing information visible to the local internet service provider, but it creates trust in the VPN operator. The provider may be able to associate the subscriber’s source IP address and connection times with traffic passing through its infrastructure.
The exact visibility depends on technical design, encryption, logging policies, legal jurisdiction, and whether the traffic uses HTTPS. “No-logs” claims are difficult for users to verify unless supported by credible audits, technical architecture, or legal history.
The characterization of VPN companies as “shady, vague, foreign or cheap” is not a factual standard and is overly broad. A company’s location or price alone does not establish poor privacy practices. Conversely, a prominent brand does not guarantee trustworthy behavior.
Claim: VPN providers can reveal users to governments
Accurate as a possibility, but not universal.
A VPN provider may disclose information in response to legal process, cooperate voluntarily, suffer a breach, retain logs, or be technically capable of identifying a user from stored data.
But whether it can identify a user depends on what data exists. If the provider truly does not retain relevant logs, it may have little useful information to provide. “No logs” policies vary, and some providers have faced disputes over whether their marketing accurately describes their practices.
The text should therefore say that a VPN may be compelled or able to disclose identifying information, not that it necessarily can.
Claim: Logging into Gmail, iCloud, Instagram, TikTok, or a previously used account destroys the separation
Accurate.
Logging into an account directly links activity on the device or browser to that account. Even without a login, services may use cookies, app identifiers, device fingerprints, recovery information, advertising identifiers, IP history, behavioral patterns, or other data to associate sessions.
A login does not necessarily reveal the device owner’s legal identity to every observer, but it gives the service provider a strong identity link and may expose that link through records or lawful requests.
Claim: Language, speaking style, typing style, and repeated typos can identify a person
Supported in principle, but effectiveness varies.
Stylometry can analyze writing vocabulary, grammar, punctuation, spelling mistakes, formatting habits, and recurring expressions. Researchers and investigators have used linguistic patterns to attribute anonymous or pseudonymous writing, particularly when there is enough text and a suitable comparison sample.
Voice characteristics can also be analyzed through speaker recognition, although the text’s phrase “speaking style” is vague and could refer to either voice or writing.
These techniques are probabilistic. They can be weakened by short texts, deliberate style changes, multilingual writing, collaborative authorship, changes in context, or a lack of comparison material. They should not be presented as reliably identifying every person.
Claim: The precise time between keystrokes, “down to the microsecond,” can identify someone
Partly supported, but substantially overstated.
Keystroke dynamics research examines timing patterns such as:
- Dwell time: how long a key is held
- Flight time: the interval between key presses
- Rhythm and typing speed
- Error and correction patterns
These patterns can sometimes help distinguish users, especially in controlled conditions with large samples. Some websites or monitoring software may collect keyboard-timing data.
However, “down to the microsecond” is misleading. Ordinary web applications often do not receive reliable microsecond-precision timing, and browser security features, operating-system scheduling, network delays, hardware differences, and measurement limitations reduce accuracy. Keystroke profiling is generally probabilistic and context-dependent, not a universal identity mechanism.
The assertion that websites routinely use this data to identify people for marketing purposes is too broad. Some sites and tracking systems may collect interaction or typing data, but the prevalence and purpose of keystroke-dynamics identification in ordinary advertising are not established by the text.
Claim: Websites can identify users from patterns, searches, habits, and browsing behavior
Generally accurate.
Online services commonly use combinations of:
- Cookies and local storage
- Account identifiers
- IP addresses
- Browser and device characteristics
- Advertising IDs
- Location data
- Search history
- Click and browsing patterns
- Network and behavioral signals
These can support identification, linking of pseudonymous accounts, personalization, fraud detection, and advertising. Such identification may be probabilistic rather than certain, and users may be grouped into profiles without the service knowing their legal name.
Claim: One login or one Wi-Fi location can “burn” a person permanently
Overstated.
A login can create a strong association, and a Wi-Fi connection combined with surveillance or other records can be highly informative. But “one time” does not necessarily create an irreversible or conclusive link. Data may not be retained, may be inaccurate, may be inaccessible, or may not be sufficient to identify the individual.
The claim is better phrased as: a single mistake can substantially weaken pseudonymity and provide an important lead for correlation.
Claim: Everything you do online is traced, with no way around it
False as an absolute statement, though directionally understandable.
A great deal of digital activity produces records somewhere, but not every action is recorded, retained, or successfully linked to a person. Data collection varies by:
- Device settings
- Application behavior
- Network configuration
- Service-provider policies
- Encryption
- Jurisdiction
- Data-retention practices
- The capabilities and resources of the observer
Privacy-enhancing tools can meaningfully reduce exposure. Examples include end-to-end encryption, privacy-focused browsers, limiting unnecessary permissions, separating identities, avoiding account reuse, using secure operating systems, and reducing dependence on centralized services. None provides perfect anonymity, but “there is really no way around it” is too absolute.
Important omissions
The text focuses heavily on phones, Wi-Fi, VPNs, and writing style, but omits several relevant sources of identification:
- Browser fingerprinting
- Cookies, local storage, and tracking pixels
- App telemetry and push-notification infrastructure
- Mobile advertising identifiers
- Email and phone-number recovery links
- Cloud backups and synchronization
- Payment and delivery records
- Metadata in uploaded files and photographs
- Social graphs and contact uploads
- Operating-system updates and diagnostic telemetry
- Malware or device compromise
- Physical access-control systems
- Public databases and data brokers
It also does not distinguish between different adversaries. An ordinary website, an advertising company, a telecommunications carrier, a private investigator, and a well-resourced government may have very different capabilities and legal access to data.
Final verdict
The text is substantially correct in its central warning: a burner phone and VPN do not guarantee anonymity, and identity can be inferred by combining technical, behavioral, commercial, and physical-surveillance data.
Several supporting claims are accurate or plausible, especially those concerning:
- Device and SIM identifiers
- Cellular location records
- Wi-Fi and Bluetooth-based inference
- VPN trust relationships
- Account-login exposure
- Behavioral and linguistic correlation
However, the text repeatedly uses absolute language—“never,” “always,” “exact,” “down to the microsecond,” and “everything”—where the evidence supports only conditional or probabilistic claims. The most significant inaccuracies or exaggerations concern guaranteed linkage from a cash purchase, the precision of GPS and keystroke identification, the inevitability of surveillance-footage correlation, and the claim that online activity is always traced with no meaningful privacy measures available.