Privacy Tools #voip#privacy#phone-number

Virtual Phone Numbers for Privacy: A Practical Guide

Use MySudo, JMP.chat, and Google Voice for private SMS and calls. Learn VoIP for 2FA, SMS verification bypass, and the privacy trade-offs of each service.

7 min read

Your real phone number is one of the most persistent identifiers attached to your identity. It links to your carrier account, appears in data broker databases, and is used by nearly every online service for account verification. Using a virtual or temporary phone number for signups, 2FA, and communications reduces this exposure significantly.

Why Your Phone Number Is a Privacy Risk

When you give a website your real phone number for “security” purposes, you are handing them a cross-service identifier that is difficult to change. Data brokers aggregate phone numbers from multiple sources and sell profiles built around them. SIM-swap attacks — where a criminal convinces your carrier to transfer your number to their SIM — are a real threat to anyone using SMS-based 2FA for important accounts.

A virtual number is a VoIP number that rings to an app rather than a physical SIM. You can have multiple numbers, change them if they get compromised, and use different numbers for different contexts.

MySudo: The Most Private Option for Most Users

MySudo provides disposable VoIP numbers with end-to-end encrypted calls and messages between MySudo users. It is available on iOS and Android.

Plans:

  • SudoGo (Free): 1 Sudo (number), limited minutes/messages
  • SudoPro (~$0.99/month): 3 Sudos, more usage
  • SudoMax (~$2.99/month): 9 Sudos, full usage

Each “Sudo” is a separate identity — a number, an email alias, and a browsing profile. The browsing profile is a limited use case, but the number and email alias are genuinely useful.

Setup:

  1. Download MySudo from the App Store or Google Play.
  2. Create an account. MySudo requests a payment method for paid plans (pay with a prepaid card if you want additional separation).
  3. Create your first Sudo. Choose an area code — MySudo assigns a real DID number.
  4. Use this number for signups, deliveries, and any service you do not fully trust.

MySudo calls and texts between MySudo users are E2E encrypted. Calls to regular phone numbers go over VoIP and are as private as any VoIP call (not end-to-end encrypted, but not linked to your real number or carrier).

Limitation: MySudo is a US/Canada focused service. Numbers are US-based, which may be a limitation for international users.

JMP.chat: XMPP-Based, Maximum Privacy

JMP.chat provides a real US phone number that links to an XMPP (Jabber) account. SMS and MMS messages arrive as XMPP messages; calls work via a SIP client. It is the most privacy-respecting option because:

  • No proprietary app required — any XMPP client works (Conversations on Android, Monal on iOS)
  • Payment accepted via Bitcoin/Lightning
  • The number is a real DID that works for most verification services
  • XMPP is a federated, open protocol

Setup:

  1. Visit jmp.chat.
  2. Choose your number and sign up with your XMPP address (create one at any XMPP server, or use Cheogram’s hosted option).
  3. Pay via Bitcoin, credit card, or PayPal (~$2.99/month).
  4. Configure your XMPP client to receive SMS.

For calls, JMP provides SIP credentials you can use with Linphone or Zoiper.

JMP is more technically involved than MySudo but is the right choice for users who want no proprietary software in the stack.

Google Voice: Convenient but Not Private

Google Voice is free and widely accepted by verification services, but it comes with significant privacy trade-offs:

  • Google associates your Voice number with your Google account
  • Google can and does read SMS messages for spam filtering and other purposes
  • You cannot pay for Google Voice without a Google account linked to your real identity
  • Google Voice does not work for many financial services’ SMS verification

When Google Voice makes sense:

  • You already use Google services and are not trying to hide from Google
  • You want a secondary number for less sensitive purposes
  • You need a number that is widely accepted for service signups

When to avoid it:

  • Account verification for cryptocurrency or financial services
  • Any purpose where you do not want Google knowing you have that account

Receiving SMS for Verification: Temporary Services

For one-time SMS verification — creating an account on a service you may never use again — temporary SMS services are appropriate. These provide publicly visible numbers that anyone can read messages sent to them.

Free services (public numbers, no privacy):

Since these numbers are public, do not use them for anything sensitive. They are only appropriate for throwaway account creation.

Private paid temporary numbers:

  • Hushed (~$1.99/month): Temporary or permanent numbers, privacy-focused, no name required
  • Burner (iOS/Android): Line-based numbers you can “burn” and replace

VoIP Numbers for Two-Factor Authentication

This is where things get complicated. Many services — particularly banks, brokerages, and crypto exchanges — detect VoIP numbers and reject them for 2FA. They use carrier lookup APIs to identify VoIP vs landline vs mobile numbers.

Services that generally accept VoIP for 2FA:

  • Most Google/Meta account verifications
  • GitHub, GitLab
  • Standard web services and forums

Services that often reject VoIP:

  • Banks and credit unions
  • Coinbase, Kraken, and other regulated crypto exchanges
  • Certain US government services

For services that reject VoIP, your options are:

  1. Use your real number (accept the trade-off)
  2. Use a TOTP authenticator app (Aegis, Raivo) instead of SMS — far superior anyway
  3. Use a hardware security key (FIDO2) where supported

SMS 2FA is the weakest form of 2FA regardless of number type. Switch to TOTP or hardware keys wherever possible.

Comparison Table

ServicePrivacy LevelCostWorks for 2FAPlatform
MySudoHighFree/$0.99-$2.99/moSometimesiOS, Android
JMP.chatVery High~$2.99/moSometimesXMPP any platform
Google VoiceLowFreeSometimesiOS, Android, Web
HushedMedium~$1.99/moSometimesiOS, Android
Temp SMS sitesNoneFreeRarelyWeb

Best Practices

  • Use a different number for different risk categories: one for trusted contacts, one for commercial signups, one for high-risk verifications.
  • Enable TOTP 2FA wherever possible and remove SMS 2FA from accounts.
  • Do not tie your virtual number to your real identity by verifying it with your bank.
  • Keep a record (in an encrypted password manager) of which number was used for which account.
  • Change numbers that get into spam lists — the main advantage of virtual numbers over real ones.

A virtual phone number is not a complete privacy solution, but it is a simple, low-cost improvement to your identity hygiene that takes less than an hour to set up.

#sms #mysudo #2fa #phone-number #privacy #voip