eSIM for travel: the discreet digital passport

An executive hands me his phone in a hotel lobby in Ho Chi Minh City, irritated. His bank has just blocked a login “from an unusual device.” I look at his screen: he gave the number of the local eSIM he’d just bought as a contact number to three people, and he’s surprised that his verification codes no longer arrive. The Vietnamese number doesn’t receive international SMS reliably, and it expires in nine days. Meanwhile, his home number has stayed in active roaming in his pocket — visible to his carrier, billed by the megabyte, and still capable of receiving the codes he thought he’d moved. He had everything backwards.

The usual trap

The dominant discourse on travel connectivity boils down to two sentences, and both cost you dearly. The first: “I turn on roaming, it works everywhere.” That’s true, technically. It’s also the most expensive, the most traceable, and the least controlled option that exists. Outside the European Union, roaming is sometimes billed between 5 and 15 euros per megabyte on some networks, and your carrier’s “travel” plans cap quickly or throttle beyond a few hundred megabytes. A local eSIM for 10 GB in Asia costs 8 to 20 euros. The gap is a factor of 10 to 50. But the bill is only the visible part.

The second sentence, more modern, comes from people who have understood the first trap: “I buy a data eSIM, and I become invisible.” False. An eSIMIntegrated reprogrammable SIM card supporting multiple carrier profiles.See glossary changes the carrier that sees your traffic, not your device. Your IMEIUnique 15-digit hardware identifier of a mobile terminal.See glossary — the fifteen-digit hardware identifier soldered to your phone — stays rigorously the same whatever profile you load. The eSIM solves a problem of cost and carrier visibility. It does not solve the problem of device identity, and it does not make you anonymous. Confusing the two leads to absurd decisions, like buying an eSIM “for discretion” while keeping the main number in active roaming, which cancels out the intended effect.

The real subject is neither price nor fantasized anonymity. It’s the separation of uses. A well-used data eSIM gives you fast, cheap local connectivity that doesn’t tell your usual carrier about your movements minute by minute. But it only makes sense within a thought-through architecture: who receives your authentication codes, which number you give as a contact, which line stays reachable in an emergency, and what you’re willing to leave visible in which country. Without this reflection, you buy an eight-euro gadget and think you’ve settled a security question.

How it works, and what it really exposes

The physical SIM is a removable card carrying a single carrier profile. The eSIM is an integrated, reprogrammable chip: the profile — the configuration that authenticates the device on a network — becomes a file you download. Concretely, you buy a data plan from a provider, you receive a QR code, you scan it in the settings, and the profile activates in under two minutes. The iPhone XS and later, the Pixel 3 and beyond, the Galaxy S20 and later all support eSIM. Recent iPhones store several profiles (five to eight), but only one stays active for data at a time, except on simultaneous dual-eSIM models like the iPhones sold in the United States since the 14.

What the eSIM really changes for you is the visibility on the carrier side. When you turn on roaming, your home carrier — Orange, SFR, Bouygues, Free — learns in real time that you’re in such-and-such a country, on such-and-such a partner network, at such-and-such a time, with what aggregate volume. This data exists, it’s retained, and in some jurisdictions it’s accessible. With a local eSIM, your usual carrier only knows that you’re not using its network. The local network, for its part, sees your traffic — but it’s a different actor, with no link to your twelve-year history of bills, your bank details, and your carrier address book.

What doesn’t change is everything else in the hardware layer. The IMEI stays visible to the local network, and it’s more persistent than any number: changing SIM or eSIM profile in the same chassis never modifies it. If your threat model includes a complete dissociation between your known identity and your activity on the ground — and for most travelers, that’s not the case — you need a dedicated device, not a different eSIM profile in your usual phone. Likewise, in zones where IMSI catchersFake mobile base station forcing nearby phones to connect to intercept communications.See glossary are deployed, the eSIM doesn’t protect you: these fake relays capture the device independently of the carrier profile loaded. The eSIM is a connectivity and cost management tool, not a counter-surveillance tool.

There’s a third level of exposure that almost no one mentions, and which is nonetheless the most insidious: the data eSIM profile doesn’t address the behaviour of the rest of your phone. Your applications carry on running exactly as at home. Your mail client syncs, your cloud backs up, your messengers receive, your mapping apps report your location, and each one talks to its usual servers — often in the United States or Europe — from a local IP address in the country you’re in. To a local network observer, this accumulation draws a portrait: a foreign device talking to Microsoft 365, to a French bank, to a corporate VPN, to identifiable professional services. The eSIM has erased your French carrier from the equation, but it has changed nothing about what your applications tell the network that carries them about you. That’s precisely why the eSIM is thought of as a low layer, and why the confidentiality of transit — VPN, encrypted DNS, sorting through apps before departure — is handled separately, on top.

Last technical point that trips up people in a hurry: the eSIM is less agile than a physical SIM in case of compromise. A plastic card, you remove it and throw it away in ten seconds. An eSIM profile is deleted via the settings, which assumes the device works, is unlocked, and is not under someone else’s control. If your scenario includes confiscation of the device — a hard border crossing, a police check — the eSIM offers you no quick decommissioning gesture. Here too, the answer isn’t in the profile, but in the architecture: what the device contains, what it can reach, and whether it has the right to travel at all.

The right approach: separate uses before leaving

The pragmatic shift fits in one rule: the local eSIM carries the data, your home line carries identity and emergency. You buy and download the eSIM profile before departure, on trusted Wi-Fi — at home or at the office, never on airport Wi-Fi or on the plane’s roaming. On arrival, you activate the local data profile, you cut data roaming on the main line, and you decide consciously what that main line continues to do.

Test the activation before D-day, and not the night before in a rush. Some profiles will only install on a device not locked by the carrier, or require eSIM support to be enabled on the original carrier’s side — two checks that take five minutes at home and turn into a nightmare at the airport if you discover them too late. Also check the plan’s trigger rule: some start at purchase, others at the first connection to the destination network. Buying three days ahead and watching your credit melt while you’re still at home is a banal and avoidable mistake. The discipline isn’t in the sophistication of the setup, it’s in having tested it once, calmly, before it really counts.

The point that tips most trips is MFAMulti-factor authentication: combining two independent proofs of identity to log in.See glossary by SMS. If your verification codes arrive on your home number and you cut all roaming, you no longer receive them, and you find yourself locked out of your own accounts at the worst moment. The parry isn’t to keep full roaming for a few overpriced SMS. It’s to migrate your critical accounts to a TOTP6-digit code generated every 30 seconds by an app (Google Authenticator, Authy, etc.).See glossary authentication app before leaving — a code generator that works offline, without any network, and that makes your phone number irrelevant for authentication. It’s the only measure that truly removes the problem instead of moving it. If a few services resist and accept only SMS, you keep the SMS reception of the main line active (often free or cheap, unlike data roaming) solely for those cases, and you leave the phone in airplane mode with the data eSIM reactivated manually.

The choice of provider matters less than people think, but here’s the grid. Airalo is the universal starting point: coverage in over 200 countries, competitive prices, data-only in most cases, sign-up by email — use a disposable alias if traceability bothers you. Holafly sells “unlimited” data at a fixed price, handy for long stays, but read the conditions: there’s almost always throttling after a daily volume, and tethering is sometimes restricted. Saily (published by NordVPN) offers good value for money and a clean interface. The eSIM directly from the local carrier gives the best network quality, sometimes the best price, but often requires an identity verification with a passport — data that enters the local state’s registers. To avoid except when necessary: eSIMs sold in an airport shop or by resellers with no reputation, two to three times more expensive. Whatever the provider, keep in mind that the eSIM does not replace a VPNEncrypted tunnel between your device and a server, masking your IP and traffic from your ISP.See glossary or encrypted DNSSystem resolving domain names to IP addresses. Vastly underestimated surveillance vector.See glossary: the local network still sees your connection metadata, and in filtering countries, you’ll need those layers on top.

Country realities and the multi-eSIM strategy

Not all destinations are equal, and the “a data eSIM everywhere” reflex quickly hits the ground. In the European Union, the question barely arises: roaming there has been billed at the domestic rate since 2017, your French plan works without surcharge, and a local eSIM brings only a marginal gain. It’s outside the EU that everything plays out, and outside the EU, network filtering changes the equation as much as price. In China, the Great Firewall blocks the majority of Western services; a local Chinese data eSIM gives you fast access, but to the Chinese internet, not yours — without a VPN preconfigured before arrival, you won’t reach your corporate mail or your usual tools. Some international eSIMs that rely on a partner network outside mainland China partially get around this filtering, because your traffic exits through an interconnection point in Hong Kong or elsewhere. It’s a detail that decides the success or failure of a mission, and it’s checked before leaving, not on the ground.

The second country axis is registration. In a significant part of the world — China, Russia, Saudi Arabia, Pakistan, and others — getting a local SIM or eSIM requires an identity verification with a passport, data that enters a state registry. International eSIMs bought before departure, from Airalo or equivalent, often escape this obligation because they rely on a wholesale agreement and not on a nominative local subscription — it’s one of their real operational advantages. But don’t generalize: the rule depends on the country and the provider, and it evolves. The good practice is to know, before buying, whether your connectivity on the ground will be nominative or not, and to decide whether that’s acceptable given who you are and what you’re going to do.

For frequent travelers, the answer isn’t a one-off purchase but a permanent multi-eSIM strategy. You keep in place a main profile — your work or personal line, present permanently in the device, most often in airplane mode or with data disabled depending on the context. You add a local data profile per destination, bought before each departure, which carries all the traffic and exposes nothing to your usual carrier. On dual-eSIM devices active simultaneously, you can even route calls and SMS on the main line and data on the local eSIM: your correspondents see your usual number, your traffic passes through the country’s network. This separation, thought through once and reproduced on each trip, turns an airport chore into a ten-minute routine the night before departure. And it lays the groundwork for the next level up — the dedicated travel number, or even the disposable device — without having to relearn everything each time.

What this means concretely

Mistakes we see all the time

• Keeping data roaming active “just in case” alongside the local eSIM. You pay twice, you cancel out the discretion gain, and some devices automatically fall back to roaming as soon as the eSIM signal weakens, generating charges no one is watching.
• Giving the eSIM number as a contact number. It’s data-only or ephemeral, doesn’t receive international SMS, and will be recycled after expiry. Your correspondents — and your banking services — end up writing into the void, or worse, to someone else.
• Activating or downloading the eSIM on airport Wi-Fi. Installing a profile requires the network; doing it on public Wi-Fi on arrival means entrusting the operation to the least reliable environment of the trip. Buy and load the profile at home, beforehand.
• Believing the eSIM replaces a VPN. The local network sees your metadata, and in filtering countries it blocks or inspects. The eSIM settles connectivity, not the confidentiality of transit nor circumventing censorship.
• Forgetting the local registration obligation. In China, Russia, Saudi Arabia, and elsewhere, getting a local SIM or eSIM goes through a passport verification. It’s not a dealbreaker, but it’s a piece of state data to integrate into the threat model, not to discover at the counter.

Actionable checklist

• N1 Check eSIM compatibility and the absence of carrier locking before departure
• N1 Subscribe and download the data eSIM profile on trusted Wi-Fi, before arrival
• N1 Migrate critical accounts (bank, mail, cloud) to a TOTP app before leaving
• N2 Cut data roaming on the main line as soon as the local eSIM is activated
• N2 Never circulate the eSIM number as a contact number
• N2 Use a disposable email alias for sign-up with the eSIM provider
• N2 Check passport registration obligations in the countries concerned
• N3 Provision a dedicated travel number, separate from the corporate number, for frequent travel to a risk zone
• N3 For a sensitive mission: dedicated device (burner) with a fresh IMEI + number pair, with no link to the usual identity

Going further

The GSMA’s eSIM specifications describe the remote provisioning mechanism and its guarantees — useful for understanding what the profile carries and what it doesn’t. The NCSC’s guidance on travelling abroad with work devices frames the separation of uses and the dedicated-device doctrine, beyond connectivity alone. And the real network coverage of a provider like Airalo is checked destination by destination before purchase: the list of partner networks varies sharply from one country to another, and it’s that list that determines the quality of your connection, not the brand on the app. On the authentication side, read in addition the briefing on SIM-swap: it explains why moving your accounts off SMS is the real subject behind the choice of a travel number.