Anonimity and privacy is not possible in raw GSM telephony.

You can acheive a higher level of privacy by using higher abstraction communication protocols like openvpn, gpg, otr, sip+srtp etc.

It might be possible to be slightly more anonymous by using modem with an open source firmware and doing the tricks you mentioned above. But it was already said that it's possible to fingerprint a given modem, whatever the IMEI is.
Read "Forensic Identification of GSM Mobile Phones":
http://www.dence.de/theme/Cakestrap/...tification.pdf

You could increase your anonimity in GSM telephony by buying a small, trusted device like Neo900 or OpenPandora and connect a GSM modem via an USB port. Change the sim card and modem often

Welllllllll yes and no. You're thinking about this traditionally.

Think about a service like redphone and how it functions. Overview of the architecture is here https://github.com/WhisperSystems/Re...cture-Overview

Basically the idea would be to mix signaling for plausible deniability using a central server, think tor node. This in theory makes the call anonymous. Ofc the cell company can still track location while in progress, but again you can shut off radio when not in use, or spoof mac and hop around wifi.

Traditional GSM and/or SIP this is not possible. There's likely ways to improve on the protocol they use (it's very centralized and I haven't done a review) but it's an improvement from traditional lines of thought.

EDIT: and yes ofc a small low-traffic'd mixer would be subject to timing attack for correlation by a large and well funded entity.