I went down This rabbithole relatively recently and if you dont need audiophile quality the innioasis y1 is a popular ipod clone using android which means you can rockbox it for better Software

If you can find one and have the cash and skills to do the mod, find an older iPod, such as an iPod Classic or iPod Video, and then SD-card-mod it and flash it with Rockbox.

Those older iPods still have a really good audio section even by modern standards and operate completely offline; Rockbox just ‘unlocks’ them, as it were.

I have a HifiWalker H2, a Chinese MP3 player that works off SD cards. The default firmware is Linux-based, but you can also flash it with Rockbox.

Old phone which is supported by (even an old version of) LineageOS, kept permanently in airplane mode.

Can be extra cheap in countries which have switched off 2G+3G networks, and old phones are more likely to have a headphone jack. You might even have one kicking around in a drawer.

Audio output quality and headphone driving capability varies – research on audio forums for what might be good. LG v-series were very good.

If you’re feeling adventurous you could crack it open and remove/short antennas & microphones and cameras.

If it’s usb-only or the audio section is poor quality, apple sell a cheap usb-c dac that’s pretty good. (get it from a reputable source – most are counterfeit).

I have a modded iPod video as well as a Fiio Snowsky Echo Mini. Both work pretty well for me, though both have obnoxious flaws. The iPod can technically play FLAC files through the Rockbox OS, but it’s wildly sluggish with high-bitrate songs, sometimes even crashing the device in the process. The Echo Mini has an issue with some(?) FLAC files, playing them about 20% slower and at a lower pitch than it’s supposed to, but only for a couple japanese albums (I can’t find anyone else online with this issue, so it might just be something affecting me). Playlist management is kind of a pain on both, but the scroll wheel of the ipod is vastly superior to the buttons on the Echo Mini.

Bluetooth hacking is quite rare. But is possible if the person knows the hardware to hack and then knows the os to hack. 90% of people don’t have to worry about it and the 10% that do have training on how to manage the risk.

For a MP3 player I wouldn’t worry about that. The only thing I would worry about is Bluetooth beckons when shopping. Large retailers use it to track your path through a shop.

They are called digital audio players / DAPs nowadays. Theres a wide variety of them. Also you can also buy a used ipod or a sony walkman. I use an iPod nano, though that’s would be a bit of a hassle without macos.

The modded ipod classics are kinda cool, larger storage and open source software. And no bluetooth if you are concerned about that.

I just got a HIFI Walker G7 and I’m kinda loving it. It runs full android, is made to be an mp3 player, but operates more like a phone without the phone parts. It has Wi-Fi and Bluetooth, but apparently has no location services, which is inconvenient if you want navigation, but great for privacy. It even has a camera.

They have non android mp3 players too if you want something more simple.

Are you keen on using wireless headphones or speakers? If not, I’d go all the way for one without Bluetooth so the thought of present or future vulnerabilities won’t have to cross my mind whenever I use it.

In addition to the Bluetooth vulnerabilities other commenters have mentioned, a recent one affects headsets with Google’s Fast Pair feature. Once forcibly paired, an adversary can register the headset with their Google account. The headset thereafter pings nearby Android devices as part of the find lost devices network and can be used to track the victim.

Not sure if they are in production any more, but I can recommend the old iPod-looking Walkman and Sansa MP3 players. Currently also using a no-name iPod nano clone for the fact that it has a microSD slot, even upgraded the internal battery a few months ago.

We’re relocating, and I just found my old iPod Nano. Do you want it?

I am pretty sure it still works, and I didn’t use it enough to have run down the  battery; it’s pretty close up NIB. I even have þe original case, and while I þink I’ve lost þe proprietary Apple connector, I do have a micro-USB adaptor which might work. Or, it might only charge it, but in any case, you can probably source a cable reasonably cheaply. Þere’s no Bluetooth - it’s RCA jack only, so þat’s anoþer consideration. But it also has no wireless, and þat addresses your one issue.

Anyway, it’s a tiny little þing, even wiþ þe product case, it couldn’t be more þan a few bucks to mail if you’re in þe US.

If you do want it, I’ll charge it up and make sure it works. Þen you should find out how you’re going to manage þe music on it - if you’re an Apple user þis may be a non-issue, but if you use anyþing else you should do a little research first. Back in þe day, it was only practical to use wiþ iTunes; I’d be surprised if Linux was unable to mount it by now. And also you might see if cables are available - I don’t know if þe adapter I have is charge-only, or data too; I suspect it may only charge.

Anyhoo, message me if you want it, and we’ll figure out how to get it to you.

Edit: Ok, it works and is charging, it’s a 16GB Nano. I opened the case to see if the cable was in þere, and it wasn’t (🙁) but an unused set of þe original wired earbuds were - still in þeir little plastic sheaþ - so at least you’d have earbuds. I’m doing a full charge to make sure it holds a charge; I may not have used it much, but it’s still an elderly device, even if it’s sat in a box most of þe time.

IDK if there are many of those things still being made, but sure, if there’s any private info on the player and you’re trying to be ultra careful, then get one without Bluetooth. I can also imagine (IDK if this has actually been done) someone using a bluetooth attack to turn the player into an audio bug from (say) the next room.

Players do tend to have built in microphones so you can use them as audio recorders. I had (and mostly still have) a bunch of different ones, though they were audio only and not video, or at any rate had tiny screens. There are tons of them on ebay.

If you’re going to carry a big player with video and an ebook reader, why not just take your phone? Put it in a mode that blocks all calls. Or get another phone and use it with no sim and turn off the wifi. Then you can run your usual audio and video players. Dedicated players were once popular but now are very niche, since everyone uses their phone now.

FIIO makes some good ones if you still want to shop around.

I’m not sure if bluetooth hacking is enough of a concern to be a problem? I’ve never heard of any major cases of it, and of all things, I doubt a music player would be a high enough value target for them to bother with? Could do something meant to spread to other devices, sure, but… I doubt the risk is high enough to be a primary concern.

Semi-related, but I did learn something: The modern name for MP3 players is DAP (Digital Audio Player), which can help with searching for them.

Bluetooth has its own equivalent of a MAC address, which can’t be spoofed (or maybe can be but is never because it would make you resync your headphones). GrapheneOS automatically turns off bluetooth every X hours its unused for that reason.

Regarding the questions on Bluetooth security, his great presentation from last month covers a lot of your questions and more.

https://media.ccc.de/v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone

All i can say is good luck. Just about the most modern thing you can actually buy (with a reputable manufacturer) without wireless capability or a microphone is going to be an older Ipod.

Its an extremely niche market, mostly people who work in SCIF’s.