[Elucalidavah]

Using an eSIM data on a physical sim is relatively straightforward; getting the keys from a physical SIM to use as an eSIM is relatively non-trivial, as "the card is designed to never divulge this key to the outside world".

[porphyra]

I wonder if there's a way to use a dongle (or a small wireless Bluetooth device or something) to connect a physical SIM to a phone that doesn't have a physical SIM slot.

[Elucalidavah]

For internet access - sure. For messages - sort-of. For calls - troublesome.

As far as I know, smartphones don't have a protocol for accessing a remote cellular network connection in the same way as if it was internal, so the only viable way is to have a hotspot device that shares the connection over wi-fi.

[kccqzy]

It sounds like a regular SIM is more secure than an eSIM. Are there any implications to the user?

[Elucalidavah]

There doesn't seem to be that much extra attack surface: https://security.stackexchange.com/a/271953

With an eSIM activation, the only possibility is that someone else e.g. reads the QR code from your screen and activates the eSIM on their device; but you'll notice that since eSIM activation will fail on your end, and will likely request a new one. But that does provide some window for a targeted attack.

With a physical SIM, there's a much easier attack available, in form of extracting the SIM itself from your phone. It isn't a remote attack, but it might even take you longer to notice.

Arguably, an operator's support of remote eSIM activation (whether you use it or not) is the biggest attack vector, since it allows an attacker to impersonate you and request a new eSIM.