Video Fact Check Results

How to be UNTRACEABLE and anonymous online - spoiler alert, it’s basi...

Original video: https://vm.tiktok.com/ZGd9shV7d/

Fact checked on: July 12, 2026

Video Transcription

How to be untraceable on the internet. Spoiler, it's basically impossible, but it's a fun thought experiment for supporters of privacy rights. So first you're going to need a device to browse the web with. Let's call it the burner phone. You gotta buy it with cash. No credit card, no debit card, no email receipt, and you think you'd be in the clear, right? Not really, because cash doesn't erase that the event happened. It just shifts to where you gotta look for evidence. The trail is at the store you buy the phone from. The burner phone has a serial number. The store has inventory records for that phone with that serial number. The cash register then has a timestamp of when that phone was bought. So if someone wanted to check the surveillance footage for, you know, an item sold at register 3 at 2 14 p.m., it wouldn't be too hard to link you to the phone. So surveillance footage could be pulled to show you standing there buying it. Boom, not anonymous anymore browsing on your new burner phone. So what to do? Well, you'd have to go through the ridiculous lengths of having a random person who could never identify you buy that particular phone for you, or you'd have to wear a disguise. Those 15% of you who made it past the first 30 seconds, stay tuned. I have a special treat for now as a thanks for your attention. Okay, next off, you can never even power on the burner phone near any real electronic devices that you typically use inside of your home. Some phones have pinpoint GPS data to map your exact location. The system may not know who owns the burner phone yet. But if it can say this unknown device keeps appearing geographically near this known person's typical phone, then you're in trouble because you could be correlated through some person who's trying to surveil you or the government or service providers. So you activate the phone only far from your real phone in your house. You think I didn't give my name, so I'm fine. But the system still sees the SIM card, the device ID, the time, the network, the first place it connected, maybe the IP address used during activation, that becomes kind of a birth certificate from the phone, which could be connected to you if you're not careful. So now you use the device, you turn off location services immediately, but that just stops the phone from politely telling apps where it is through GPS. The phone still talks to cell towers, it still sees Wi Fi networks around it, it still has Bluetooth apps that can infer location tangentially. A phone is basically a location emitting object by design. So you definitely can't use home Wi Fi because then it could be associated with you. But it's bigger than that. You can't use office Wi Fi, gym Wi Fi, you know, Wi Fi at your favorite coffee shop, your friend's router, even the surrounding networks become kind of a habitat for identifying you. Devices don't need to say your name if they keep showing up in the place where you show up. Remember, surveillance footage can always be used to cross reference your device's presence within a Wi Fi network to your physical on camera location at the same place. So next, you might add a VPN. And a lot of people think of VPN means invisibility, it doesn't. A VPN is basically a tunnel, your internet traffic goes from your device to the VPN company first. And then the VPN company routes you to the website from their server. So the website may see the VPN IP address instead of your own. But now you're trusting the VPN company. If they keep logs of who's connecting with it, they may be able to connect your burner phone to your online activity. And some VPN companies are shady, vague, foreign or cheap, built around marketing more than privacy. So they could technically out you to government or whoever is looking for you. You've basically moved the you know, your trust from an internet provider to a company with a cool logo and a promise that they'd never identify you. And even if the IP address problem is handled well by the VPN company identity leaks elsewhere to the second you log into your real Gmail, your iCloud, your Instagram, your Tick Tock, or any account, the mask comes off. So you can never log in on your burner phone where you're browsing the web to any website you've ever used before through the login that you typically use. Even that doesn't resolve the issues. You're still identifiable by the way you use language, your your speaking style, your typing style, you use the same typos over and over again. Even the precise time it takes between typing different letters down to the microsecond can be used to match your burner accounts to you. And websites can and do keep that data to try to identify people for marketing purposes. The internet doesn't always need your name. Sometimes it recognizes your pattern and your searches, your habits betray you. So what's my point, the privacy that you would seek to obtain through, you know, browsing the web anonymously is practically unobtainable. You can be burned by one login, one time locating yourself on a Wi Fi network and then being on camera in that same location. So my point is basically we live in a crazy world where everything you do is traced, and there's really no way around it. Till next time.

Fact Check Analysis

Overall assessment

The text makes a broadly accurate point: perfect anonymity on the internet is extremely difficult and, in realistic circumstances, probably unattainable. However, several statements are overstated, technically imprecise, or presented as certainties when they depend heavily on the device, network, service provider, jurisdiction, and adversary involved.

The text also conflates several concepts:

  • Anonymity: hiding who you are.
  • Privacy: limiting collection or exposure of information.
  • Pseudonymity: using an identity not directly linked to your legal identity.
  • Security: protecting data from unauthorized access.
  • Untraceability: preventing reliable reconstruction of activity.

Using a burner phone or VPN can improve privacy, but neither guarantees anonymity.

Claim: Buying a phone with cash does not make the purchase anonymous

Generally accurate, with qualifications.

Paying cash avoids direct payment records associated with a bank account or credit card. It does not necessarily eliminate other records, such as:

  • Store surveillance footage
  • Inventory and point-of-sale records
  • The phone’s IMEI or serial number
  • Retailer loyalty-account information, if used
  • Records of activation by the mobile carrier
  • Nearby-device or location data, depending on the circumstances

However, the text implies that a store can always connect a particular serial number to a specific cash purchaser. That is not necessarily true. Many retailers record that a product was sold, but do not always record the purchaser’s identity or retain a direct association between the individual customer and the device serial number. Linking the phone to a person may require combining inventory records, timestamps, surveillance footage, and other evidence.

The claim that surveillance footage could be retrieved for “register 3 at 2:14 p.m.” is plausible in a well-equipped store, but footage retention periods and camera coverage vary substantially.

Claim: A phone’s serial number and other identifiers can be used to trace it

Accurate in principle.

Mobile phones generally have several identifiers, including:

  • An IMEI, identifying the cellular device
  • An IMSI, identifying the subscriber identity associated with a SIM or eSIM
  • A SIM card identifier
  • A device serial number
  • Advertising and app-specific identifiers

Carriers can associate cellular activity with device and subscriber identifiers. A phone’s IMEI can also help identify repeated use of the same physical handset, although it does not by itself reveal the person holding it.

The text sometimes treats these identifiers as if they automatically identify the owner. They do not. They become identifying when correlated with purchase records, subscriber information, location history, account logins, surveillance footage, or other data.

Claim: A random person or disguise would be needed to buy the phone anonymously

Partly accurate but overstated.

Having someone else buy a device, or disguising oneself, could reduce the evidentiary value of store surveillance. It would not guarantee anonymity. The purchaser might be identifiable through their own records, later contact with the buyer, communications, transportation data, or other surveillance.

A disguise also does not necessarily defeat modern identification systems, and attempting to evade identification can itself attract attention or create additional evidence. The practical effectiveness of these measures depends on the adversary and the investigation.

Claim: Phones can use GPS to map an exact location

Partly accurate.

Phones can obtain highly precise location information using GPS or other satellite-navigation systems, particularly outdoors with a clear signal. But “exact” is too strong. Accuracy varies with signal quality, buildings, weather, device hardware, and processing methods.

Phones also determine location through:

  • Cell-tower measurements
  • Nearby Wi-Fi networks
  • Bluetooth beacons
  • Sensor data
  • IP-address-based geolocation
  • App or operating-system location services

Location data may be collected by the operating system, carriers, apps, advertisers, or other services. Turning off location services can limit some collection, but it does not eliminate all forms of location inference.

Claim: A burner phone can be correlated with a person’s normal phone based on geographic proximity

Accurate in principle, but not automatic.

If two devices repeatedly appear together at the same locations and times, an analyst may infer that they are associated. This could be based on:

  • Cell-tower location data
  • Wi-Fi association or scan records
  • Bluetooth observations
  • App-collected location data
  • Physical surveillance
  • Shared travel patterns

Such correlation is a recognized investigative and analytical technique. But proximity alone does not prove that the same person owns or carries both devices. A phone may be near another device because its owner is traveling with a companion, living with another person, working nearby, or simply visiting the same places.

The claim that the devices must never be powered on near one another is therefore too absolute. Avoiding co-location might reduce one type of correlation, but it does not remove other identifying evidence.

Claim: A phone’s SIM, device ID, time, network, first connection, and activation IP address form a “birth certificate”

Partly accurate, but the wording is metaphorical and technically imprecise.

When a phone is activated or connects to a mobile network, relevant records may include:

  • SIM or eSIM identifiers
  • IMEI or other device identifiers
  • Time of connection
  • Cell tower or network information
  • IP address assigned to the device
  • Account or activation information
  • Approximate location

These records can help establish the phone’s history and connect activity over time. But the exact data collected depends on the carrier, the type of activation, the operating system, and local law.

A phone may also connect to a cellular network without the user completing a formal “activation” process. Conversely, an IP address usually identifies a network connection or carrier assignment, not a person directly. The “birth certificate” analogy is useful rhetorically but should not be understood as a formal technical record.

Claim: Turning off location services only stops apps from receiving GPS data

Mostly accurate, but incomplete.

Disabling location services usually prevents or restricts ordinary apps from accessing the operating system’s location service. It does not necessarily prevent:

  • Cellular-network location tracking
  • Wi-Fi-based location inference
  • Bluetooth-based proximity detection
  • IP-based geolocation
  • Emergency-location functions
  • Carrier-level network records
  • Device-management or system-level collection
  • Inferences based on nearby devices and repeated movements

The exact behavior varies by operating system and settings. Some phones allow separate control over precise location, background access, Wi-Fi scanning, Bluetooth scanning, and emergency location features.

The statement that the phone “still talks to cell towers” is correct when cellular connectivity is enabled. A carrier can generally observe the device’s connection to the network and estimate its location from network data, even when GPS is disabled.

Claim: Phones see nearby Wi-Fi networks and Bluetooth devices, which can reveal location

Generally accurate.

A phone may scan for nearby Wi-Fi access points and Bluetooth devices. Known Wi-Fi networks can help a device determine its location, and large databases associate Wi-Fi access-point identifiers with geographic locations.

However, merely seeing a nearby Wi-Fi network does not always mean that the phone transmits a record identifying the user to a third party. Whether the information is collected, uploaded, or used for location inference depends on the operating system, settings, apps, and network behavior.

Bluetooth can also contribute to location or proximity inference, especially through beacons, tracking systems, and persistent device identifiers. Modern operating systems often randomize some identifiers to reduce tracking, though this protection is not absolute.

Claim: A phone is “a location-emitting object by design”

Broadly true as a description of ordinary cellular phones, but overstated.

A powered-on phone with cellular connectivity communicates with nearby network infrastructure. That creates network records that can be used to estimate its location. Smartphones may also communicate through Wi-Fi, Bluetooth, apps, and background services.

But the phone’s ability to emit location-related data depends on its state and configuration. Airplane mode, powering the device off, removing network connectivity, and disabling radios can change what is transmitted. Even then, claims about whether a powered-off phone can communicate depend on the model and implementation. Some newer devices may retain limited functions, such as finding features, under certain conditions.

Claim: Using home, workplace, gym, café, or a friend’s Wi-Fi can identify the user

Potentially accurate, but too categorical.

A Wi-Fi network can expose information such as:

  • The public IP address visible to websites
  • Router or provider records
  • Device MAC addresses or randomized identifiers
  • Connection times
  • Network logs
  • Location-associated Wi-Fi information

If someone already knows who normally uses a particular network, connecting an additional device there can create a useful association. Physical surveillance or other records could strengthen that link.

But Wi-Fi use does not automatically identify a person. Public networks may be shared by many users, may not retain detailed logs, and may use systems such as captive portals that alter the evidence available. A café’s Wi-Fi connection may show that a device was present at the café, but not necessarily who carried it.

The statement that “surrounding networks” constitute a “habitat for identifying you” is rhetorical rather than a precise technical claim.

Claim: Surveillance footage can connect a device’s Wi-Fi presence to a person

Plausible and sometimes accurate.

If a device connects to a network at a known time and surveillance footage shows a particular person using or carrying it at that time, the two sources can be correlated. Similar correlation can be made using cell-site data, Bluetooth observations, access-control records, or payment records.

However, this requires:

  • Suitable surveillance coverage
  • Accurate timestamps
  • Retained network records
  • A reliable way to associate the device with the connection
  • Sufficient image quality or other evidence

It is not guaranteed that such evidence exists or that it would be legally usable.

Claim: A VPN routes traffic through the VPN provider, so websites may see the VPN’s IP address

Accurate for ordinary VPN use.

In a conventional VPN arrangement, the device establishes an encrypted connection to a VPN server, and internet traffic is sent through that server. The destination website will generally see the VPN server’s public IP address rather than the user’s ordinary network IP address.

A VPN does not make the user invisible. The VPN provider can potentially observe metadata such as:

  • Connection times
  • The user’s source IP address
  • Amount of traffic
  • The VPN server used
  • Possibly destination information, depending on the protocol and configuration

The VPN provider may not be able to read the contents of properly encrypted HTTPS traffic, but it can still observe some connection information. Websites can also identify users through logins, cookies, browser characteristics, tracking scripts, and other signals.

Claim: A VPN merely shifts trust from the internet provider to the VPN provider

Generally accurate.

A VPN reduces the amount of browsing information visible to the local internet service provider, but it creates trust in the VPN operator. The provider may be able to associate the subscriber’s source IP address and connection times with traffic passing through its infrastructure.

The exact visibility depends on technical design, encryption, logging policies, legal jurisdiction, and whether the traffic uses HTTPS. “No-logs” claims are difficult for users to verify unless supported by credible audits, technical architecture, or legal history.

The characterization of VPN companies as “shady, vague, foreign or cheap” is not a factual standard and is overly broad. A company’s location or price alone does not establish poor privacy practices. Conversely, a prominent brand does not guarantee trustworthy behavior.

Claim: VPN providers can reveal users to governments

Accurate as a possibility, but not universal.

A VPN provider may disclose information in response to legal process, cooperate voluntarily, suffer a breach, retain logs, or be technically capable of identifying a user from stored data.

But whether it can identify a user depends on what data exists. If the provider truly does not retain relevant logs, it may have little useful information to provide. “No logs” policies vary, and some providers have faced disputes over whether their marketing accurately describes their practices.

The text should therefore say that a VPN may be compelled or able to disclose identifying information, not that it necessarily can.

Claim: Logging into Gmail, iCloud, Instagram, TikTok, or a previously used account destroys the separation

Accurate.

Logging into an account directly links activity on the device or browser to that account. Even without a login, services may use cookies, app identifiers, device fingerprints, recovery information, advertising identifiers, IP history, behavioral patterns, or other data to associate sessions.

A login does not necessarily reveal the device owner’s legal identity to every observer, but it gives the service provider a strong identity link and may expose that link through records or lawful requests.

Claim: Language, speaking style, typing style, and repeated typos can identify a person

Supported in principle, but effectiveness varies.

Stylometry can analyze writing vocabulary, grammar, punctuation, spelling mistakes, formatting habits, and recurring expressions. Researchers and investigators have used linguistic patterns to attribute anonymous or pseudonymous writing, particularly when there is enough text and a suitable comparison sample.

Voice characteristics can also be analyzed through speaker recognition, although the text’s phrase “speaking style” is vague and could refer to either voice or writing.

These techniques are probabilistic. They can be weakened by short texts, deliberate style changes, multilingual writing, collaborative authorship, changes in context, or a lack of comparison material. They should not be presented as reliably identifying every person.

Claim: The precise time between keystrokes, “down to the microsecond,” can identify someone

Partly supported, but substantially overstated.

Keystroke dynamics research examines timing patterns such as:

  • Dwell time: how long a key is held
  • Flight time: the interval between key presses
  • Rhythm and typing speed
  • Error and correction patterns

These patterns can sometimes help distinguish users, especially in controlled conditions with large samples. Some websites or monitoring software may collect keyboard-timing data.

However, “down to the microsecond” is misleading. Ordinary web applications often do not receive reliable microsecond-precision timing, and browser security features, operating-system scheduling, network delays, hardware differences, and measurement limitations reduce accuracy. Keystroke profiling is generally probabilistic and context-dependent, not a universal identity mechanism.

The assertion that websites routinely use this data to identify people for marketing purposes is too broad. Some sites and tracking systems may collect interaction or typing data, but the prevalence and purpose of keystroke-dynamics identification in ordinary advertising are not established by the text.

Claim: Websites can identify users from patterns, searches, habits, and browsing behavior

Generally accurate.

Online services commonly use combinations of:

  • Cookies and local storage
  • Account identifiers
  • IP addresses
  • Browser and device characteristics
  • Advertising IDs
  • Location data
  • Search history
  • Click and browsing patterns
  • Network and behavioral signals

These can support identification, linking of pseudonymous accounts, personalization, fraud detection, and advertising. Such identification may be probabilistic rather than certain, and users may be grouped into profiles without the service knowing their legal name.

Claim: One login or one Wi-Fi location can “burn” a person permanently

Overstated.

A login can create a strong association, and a Wi-Fi connection combined with surveillance or other records can be highly informative. But “one time” does not necessarily create an irreversible or conclusive link. Data may not be retained, may be inaccurate, may be inaccessible, or may not be sufficient to identify the individual.

The claim is better phrased as: a single mistake can substantially weaken pseudonymity and provide an important lead for correlation.

Claim: Everything you do online is traced, with no way around it

False as an absolute statement, though directionally understandable.

A great deal of digital activity produces records somewhere, but not every action is recorded, retained, or successfully linked to a person. Data collection varies by:

  • Device settings
  • Application behavior
  • Network configuration
  • Service-provider policies
  • Encryption
  • Jurisdiction
  • Data-retention practices
  • The capabilities and resources of the observer

Privacy-enhancing tools can meaningfully reduce exposure. Examples include end-to-end encryption, privacy-focused browsers, limiting unnecessary permissions, separating identities, avoiding account reuse, using secure operating systems, and reducing dependence on centralized services. None provides perfect anonymity, but “there is really no way around it” is too absolute.

Important omissions

The text focuses heavily on phones, Wi-Fi, VPNs, and writing style, but omits several relevant sources of identification:

  • Browser fingerprinting
  • Cookies, local storage, and tracking pixels
  • App telemetry and push-notification infrastructure
  • Mobile advertising identifiers
  • Email and phone-number recovery links
  • Cloud backups and synchronization
  • Payment and delivery records
  • Metadata in uploaded files and photographs
  • Social graphs and contact uploads
  • Operating-system updates and diagnostic telemetry
  • Malware or device compromise
  • Physical access-control systems
  • Public databases and data brokers

It also does not distinguish between different adversaries. An ordinary website, an advertising company, a telecommunications carrier, a private investigator, and a well-resourced government may have very different capabilities and legal access to data.

Final verdict

The text is substantially correct in its central warning: a burner phone and VPN do not guarantee anonymity, and identity can be inferred by combining technical, behavioral, commercial, and physical-surveillance data.

Several supporting claims are accurate or plausible, especially those concerning:

  • Device and SIM identifiers
  • Cellular location records
  • Wi-Fi and Bluetooth-based inference
  • VPN trust relationships
  • Account-login exposure
  • Behavioral and linguistic correlation

However, the text repeatedly uses absolute language—“never,” “always,” “exact,” “down to the microsecond,” and “everything”—where the evidence supports only conditional or probabilistic claims. The most significant inaccuracies or exaggerations concern guaranteed linkage from a cash purchase, the precision of GPS and keystroke identification, the inevitability of surveillance-footage correlation, and the claim that online activity is always traced with no meaningful privacy measures available.