eSIM is brought by many as the best invention for convenience ever. No more swapping SIM cards when moving to another telecommunications provider. Cutting cards, using adapters, losing the tiny card, not being able to remove the card, inserting it the wrong way or having bad contact between a phone and the SIM card. Well, that is only one side of the story, and how hard is it really? Most people only have to swap SIM cards every couple of years. Most people don't have to do this themselves, you can have it done, often free of charge, at a phone store. And about all the different cards sizes? That is both our own fault and that of phone manufacturers. You won't really notice a sub-gram weight difference. If you claim you do, you either have the most extraordinary hands ever or you're the only owner of a phone that ways less then a grain of rice in total. And phone size? The battery is about a factor of a thousand larger and most of the space lost is due to the type of connector the SIM and SD cards fits into. The more bulky connectors are for your convenience of swapping.
An embedded SIM is integrated into the phone or other IOT device. Where as with a physical SIM card the manufacturer knows nothing about the SIM card and it's associated identifiers; the manufacturer can only track you and collect data about you, through their operating system and apps. With eSIM they have a new data mining tool. Both for themselves but also to sell this tool to others. They have yet another vector of selling your identity. As soon as you buy the phone or some IOT device with eSIM, the manufacturer has both your data, like your name and address, and a predefined known identifier to attach to your data. Often even if you don't buy directly from the manufacturer.
What happens if we, as a society, keep accepting these 'new order' of technologies out of convenience and ignorance? With eSIM, manufacturers will soon stop producing phones with a SIM card slot. Mobile network service providers will stop selling physical cards. Chip and connector manufacturers will stop making the chips and connector.
A win right? No more shipping physical cards through the postal service. No more waiting for a card to arrive or being lost in the mail. No more fiddling around with tiny cards. But also, no more ability to prevent tracking and data mining. No more private ICCID, IMEI and IDFA numbers. This is a good thing, no more burner phones criminals can use? No, burner phones, or better: anonymized phones, are essential to the freedom of mankind. What about news reporters, whistleblowers, activists, freedom fighters or people on the run from a totalitarian regime? They will be cut off from communicating with the rest of the world. A news reporter would not be able, or at extreme risk, to get a news article out to the rest of the world, when reporting on crimes against humanity committed by a totalitarian regime. Criminals will just steal a phone and use your identify for their crimes.
With the introduction of embedded SIMS, criminals have received new means for their crimes. And a good one it is. Without the extra security of the need to ship a physical SIM card to your address, a can of worms has been opened. With modern technology of social media, phishing email and selling of databases with personal data, it has never been easier to obtain large quantities of personal data.
Europol has already reported on criminals exploiting eSIM as being the key trend in crime. Criminals can easily get around two-factor-authentication by obtaining control over your telephone number. Through buying or stealing collected data about thousands of individuals, they have everything they need. They ring up mobile network service providers to report loss of their phone. With the data about you, they impersonate you. With this data, they can often get through all of the security questions. What is your name, your address, the last figures of your bank account? All data present in the databases of mined personal data.
The mobile network service provider has little doubt that they’re not talking with you. Within a few minutes your phone number has been transferred from your eSIM to the eSIM of the criminal. The only thing you will notice, is your device loosing it’s connection to the mobile network. It can take multiple hours for you to notice and detect that it's not an issue with cellular reception. In the meantime, the criminal has access to everything that is secured with phone or SMS verification. He has no trouble getting around two-factor authentication. He has access to all of your social media, your amazon account, credit card, bank account, insurance and often even government websites. He can change your address to a hotel or motel and purchase expensive goods on your costs. He can transfer money from your bank account to the account of a straw owner. He can collect information about you and sell that information to others. He can obtain material about you to blackmail you. That all this is possible through our own fault by claims like "Go ahead invading my privacy, I've got nothing to hide, I'm not a criminal". And by choosing convenience and instant gratification which has empowered big tech and made all this possible. And by thinking about "Me, myself and I" and thereby loosing sight over the big picture; the 'us' of society.
We've been warning people about SMS being a weak network, terrible for authentication purposes, sending passwords et cetera for about 20 years. SMS messages are easily intercepted and spoofed.