>How is it possible that in 2026 we're not notified by default when we connect to a cell tower with no certificate so our communications is being broadcast into the air completely unencrypted?
5G added that with Subscription Concealed Identifier (SUCI), but it's still optional. Certificates also don't work because you need to be able to roam, and doing certificate management for every carrier on earth is fiendishly hard. Not to mention that it's not feasible to hide IMEI before authentication could begin, imagine hiding IP or MAC addresses before a connection can be established, for instance.
>All of these problems have been solved on the web
Have they? The solution to IP addresses is basically "use a VPN", which you could do also on a phone. SNI leaks have been around since forever, and despite eSNI, still isn't close to being widely fixed. There's MAC address randomization, but only because LANs and wifi networks are basically an unregulated free for all, so spoofing doesn't really matter. It's far less viable with controlled access networks like cellular. Some countries even have regulations banning spoofing/changing IMEIs.
They haven't been solved on the web. Mobile phones have to authenticate themselves with the carrier to ensure someone is paying for their connectivity. Therefore they can't be anonymous. On the other hand, indeed, most of the time you don't have to identify yourself to connect to a web server — but once you have connected, you may face a paywall that requires authentication! Also, you are certainly authenticating yourself somehow with your ISP for your home internet connection.
5G added that with Subscription Concealed Identifier (SUCI), but it's still optional. Certificates also don't work because you need to be able to roam, and doing certificate management for every carrier on earth is fiendishly hard. Not to mention that it's not feasible to hide IMEI before authentication could begin, imagine hiding IP or MAC addresses before a connection can be established, for instance.