One of the goals of mobile telephone protocols is to deny third parties the ability to link communication sessions with subscribers' identities. We have been investigating security and privacy in mobile telephone protocols, both in theory using formal methods and in practice by capturing real network communication.