I've thought about this a bit. Consider a consortium of like-minded privacy-concerned people that has a pool of virtual SIM cards (exceeding the user base by perhaps 2x or more). The group pays for the whole pool of SIM cards (end users pay the group, perhaps through bitcoin). Participating phones check out random virtual SIM cards (using some kind of cryptographic signature perhaps similar to blockchains to assure anonymity) periodically in order to ensure apparently random distribution. All transactions flow over a VPN to a common network and the phone itself is disabled (use VoIP). Web access runs through Privoxy or similar filtering to ensure there are no traceable bits. This should be fine until you start installing other apps.
This probably requires special hardware in order to "spoof" the consortium's SIM cards and swap between them with minimal downtime.
I'm not sure I follow; just because a piece of malware comes from the internet doesn't mean your only diligence must be in your web browser (... and email client, torrent client,
Ad blockers only protect you from malvertising, not straight-up malicious web sites. These days, they're as important as A/V (and often more effective), but you really want both. Microsoft has in the past caught fewer viruses than even ClamAV (Windows Defender is lauded as "better than nothing, but it’s not a whole lot better. Most of the popular antivirus [solutions] can do better." I'd happily take the free solutions from Avira, Avast, AVG, or Panda over it. I currently suggest Avira to my friends and family, though I don't run Windows.
See also this security question on Stack Exchange, which shows how a similar misconception (protecting only filesystem edits) is similarly risky.
I couldn't see notes about how the thing is powered, but a third major benefit from this sort of thing may be that its battery usage is negligible. That means you can do so much more than an ambient light sensor. Consider a wearable that scans QR codes automatically, so it's already available when you want it (you never miss the opportunity to get it, nor do you have to fumble around with lining it up or getting it in focus). Now consider the same for facial recognition. This clearly has privacy implications even without being ~invisible.
If it's also cheap enough, you could even knit it into clothing (just encase it so it's water-safe and able to handle temperatures from -40 to 200F). Sensors everywhere, knowing everything you've been in contact with, helping track the spread of diseases
Also, a big thank you to the submitter, who actually linked the original academic paper in the main Slashdot story. We need more of that.
At my last job, I walked a coworker through setting up a LinkedIn account. As soon as he had created the account, but before he had entered any information (beyond an email that had never been shared with coworkers), he was getting suggestions from lots of coworkers, not including me. Why? Presumably because our network was behind a NAT, so these people had all connected from the same IP address. (I wasn't suggested because I used a proxy to surf the web.)
IP addresses are decently telling. If I were Facebook or LinkedIn, I'd certainly leverage IP CIDRs (or else ASN + GeoIP) as a part of the friend suggestion algorithm, and if it was the only data available, it'd end up being decently obvious to anybody thinking about where their suggestions come from. Of course, I'd also filter that list of suggestions by perceived "social hubs," people who tend to be well connected, as that's the best way to grow a social network.
Phones' locations may be too specific for this sort of thing – unless they're kept in a database to note the places you frequent (are you at the festival, or are you passing by it to go to the store? are you regularly at auto parts stores, or do you just need new tires?). There's enough information from photo geotagging, check-ins, likes, and IP CIDR/ASN/geolocation to sufficiently boost the more informative social network itself.
Decaffeinated coffee? Just Say No.