Thanks for clearing up my WiFi mix-up. From my understanding the same attack path still applies even to https://grapheneos.org/features#lte-only-mode and respectively https://grapheneos.org/usage#lte-only-mode correct?
https://en.wikipedia.org/wiki/International_Mobile_Subscriber_Identity states the phone would send a https://en.wikipedia.org/wiki/Mobility_management#TMSI most of the time? But your point about the IMEI still stands. So there is no real way to protect yourself other than to turn off cell tower roaming?
https://github.com/mumble-voip/mumble-docker
myself, I run a docker container of mumble in casaOS