> If your communication is encrypted it shouldn't matter if it passes AT&T networks.
That assumes metadata is irrelevant. The destination, time of day, and volume of the traffic all have value separately and especially so when together. The destination can be masked if you control both sides and AT&T is a go between, but timing issues are subject to analysis unless you are a large enough player to give safety in numbers or you push noise across your pipes.
Hear, hear. The stream of encrypted packets that makes up someone's web browsing traffic is a very telling one and transactions of various web apps have telling signatures, which can be then correlated with eg social media updates or other signals that ripple to the target's contacts.
Cellphones are a pain, that's true. I was mainly thinking about Internet metadata.
If you really care, one option is having multiple phones, under different identities. Each one only gets used in a distinct set of locations, for distinct projects, with distinct recipients. When not in use, you store phones in labeled Faraday bags. That is, compartmentalization.
Another option is to nuke the radio in your phone, use only WiFi and VPNs for internet access, and use hosted cellphones from multiple providers. You can still compartmentalize, but need only carry one phone. But you depend on WiFi access.
That assumes metadata is irrelevant. The destination, time of day, and volume of the traffic all have value separately and especially so when together. The destination can be masked if you control both sides and AT&T is a go between, but timing issues are subject to analysis unless you are a large enough player to give safety in numbers or you push noise across your pipes.