there are a few issues on things like this; for me.
1) This phone's security features tend to rely on other people having the same phone, which is definitely not a guarantee I can make.
2) This phone (perhaps only this article) doesn't go into detail about how it was secured only that it "was deeply secured" which is too vague for a technical audience.
3) It relies on central services provided by the manufacturer; (why not use Telegram? at least telegram is cross platform).
4) By ordering this phone, it's telling people that I value privacy, which could make me a higher priority target for those that are breaching privacy on a massive scale.
This device does not enhance my privacy, but it gives me all the inconvenience. Now I'd have /another/ user account to worry about and /another/ program to get people to share their details with.
when I think of security I think of PGP (yes, I'm aware the CEO was a producer of PGP) and things like SILC- where it's controlled by users and verified by people you'd like to confer with.
1) They have software for other phones and desktop computers. Others can use those without having to buy Blackphone. Assuming the hardware does confer some security advantage, talking to people who just have the software won't negate the security advantage gained for communication between users do have the hardware.
2) Fair point.
3) Telegram is also a central service, so in that respect it's no better than Silent Circle. WhisperSystems is better in that they make some server source code public. But to be fair to Silent Circle, their offer is much more complete: Voice, Messaging, Encrypted contact storage, and outbound PSTN access.
4) By using SILC, Tor, or GPG broadcasts the fact that you value privacy, which could make you a higher priority. What are you going to do, just send everything in cleartext and hope nobody looks?
3) my point was that telegram was "no better" but has better market penetration, while being essentially the same thing.. why have more standards.
4) this is also true, but it's less real world advertising of that fact, you don't order tor, you don't order GPG, and you don't have a physical device which proudly announces that you do. If you're doing security online right, nobody can tell you're doing it at a glance.
3) Leaving aside the lack of voice support in Telegram and considering only messaging: Both SCIMP (Silent Circle) and TextSecure/Axolotl (WhisperSystems) are better protocols than MTProto (Telegram).
4) You order a privacy tool from Amazon, and you're put on a list. You emit the kind of encrypted traffic that 99% of internet users don't, you also get put on a list. In most cases, there's no difference. I suppose if your threat model requires you physically appear not to care about privacy then it matters. Like maybe you work in a sensitive position and you don't want anyone to think you might exfiltrate data, so you only carry the work provisioned device which logs everything you do.
4) Yeah, it's such a massive shame that Android/Google doesn't have end-to-end encryption between all users enabled as a default, like iOS has with iMessage.
Blackphone doesn't appear any better than an average Android in that respect. As far as I know only GSMK offers any countermeasure to protect against compromised or malicious baseband, and even their solution isn't ideal.
I can not be the only one whose faith in secure digital has been fundamentally and irrevocably altered in light of the past few years. In my estimation, anything that has been said or typed in the proximity of a connected digital device is compromised. There are just too many attack vectors.
I imagine if you had enough realtime keystroke data, you could even identify a user using nothing more than how they type on a keyboard. That's some scary stuff.
Privacy advocates would better serve the public if they instead educated people on how to communicate securely instead of producing yet another black box that users can blindly put their trust in. I suppose this is better than nothing when dealing with less capable actors, but for those who plan their future years ahead, doing something on this phone, only to have it bulk collected and stuck in a database for decryption and analysis later when it serves the political will of those in power is counter productive.
>I imagine if you had enough realtime keystroke data, you could even identify a user using nothing more than how they type on a keyboard. That's some scary stuff.
I like the idea of virtualized phones and spaces. No system is completely secure but this one looks miles ahead of anything else in the smartphone space I've seen. I want one but have to wait for the international version (assuming US version is not same bw as EU).
The problem is that who orders a Blackphone is not completely private and it is a sign that those people have something they want to hide and there isn't that many of them.
You almost need a private way of sending Blackphones so that the NSA doesn't know who is getting which phone and then if there is a enough volume of Blackphones you should be okay.
/dawns tinfoil -- I ordered a router a few weeks ago. Big upgrade for me from a refurbished buffalo ~$30 several years ago to a $200 quad antenna multi-channel 2gb sex machine. The package though shipped in the states got delayed in route do to "customs" I was informed. Took a few days before it was back on the road.
If you're the type of person who cares enough about privacy/security to want one these then frankly an NSA postal intercept is a legitimate concern (e.g. journalists, protesters, sensitive whistleblowers, etc). At the very least they will be looking at every single location where a Blackphone is shipped.
It might be safer to go to Walmart and buy a pay & go phone and gift cards with cash. Or just stay on Tor sending encrypted messages using PGP.
Plus does the Blackphone address one of the biggest security concerns with modern cellphones: The cell modem? We already know the NSA has implants that target the underlying cellular operating system, turning your phone into a bug, or injecting things into the consumer OS (Android, iOS, etc). Baseband is a legitimate security nightmare.
The NSA intercepts shipments to specific targets, not all devices manufactured. Wouldn't want to risk a security researcher getting access to the compromised version.
While I got excited about this at first, after spending some time on the crackberry forums, it seems the main intention of using grsec is to prevent rooting, not necessarily to protect the user. So that means no cyanogenmod or replicant, and users will be stuck with whatever custom bloatware/spyware blackberry decides it should have.
All I really want is a fully open source phone that I have control over, is that really too much to ask?
While not quite specifically security minded -- you should look into FirefoxOS -- it's completely open source, built on a fork of android.
Unfortunately high spec firefoxos-pre-installed phones aren't really available in the US right now, but you can also convert an existing phone to run FFOS.
Depends on your definition of secure - last I heard, default BBM was still using a globally shared key and logging your messages; BB has on several occasions handed messages over to governments at request (such as during London riots etc).
BBM is only secure in combination with a self-hosted BES server (and on which you have installed your own CA certs).
I don't understand how they can include Google's app ecosystem and still claim to be privacy-oriented. Google Play Services is basically a firehose of information straight to Google.
It seems to me like setting up your own disk encryption and secure SIP calling on a phone with an AOSP ROM without any Google apps installed (and just using f-droid as your app store) would be far superior to using this device as far as privacy goes.
31 comments
[ 3.6 ms ] story [ 80.1 ms ] thread1) This phone's security features tend to rely on other people having the same phone, which is definitely not a guarantee I can make.
2) This phone (perhaps only this article) doesn't go into detail about how it was secured only that it "was deeply secured" which is too vague for a technical audience.
3) It relies on central services provided by the manufacturer; (why not use Telegram? at least telegram is cross platform).
4) By ordering this phone, it's telling people that I value privacy, which could make me a higher priority target for those that are breaching privacy on a massive scale.
This device does not enhance my privacy, but it gives me all the inconvenience. Now I'd have /another/ user account to worry about and /another/ program to get people to share their details with.
when I think of security I think of PGP (yes, I'm aware the CEO was a producer of PGP) and things like SILC- where it's controlled by users and verified by people you'd like to confer with.
2) Fair point.
3) Telegram is also a central service, so in that respect it's no better than Silent Circle. WhisperSystems is better in that they make some server source code public. But to be fair to Silent Circle, their offer is much more complete: Voice, Messaging, Encrypted contact storage, and outbound PSTN access.
4) By using SILC, Tor, or GPG broadcasts the fact that you value privacy, which could make you a higher priority. What are you going to do, just send everything in cleartext and hope nobody looks?
3) my point was that telegram was "no better" but has better market penetration, while being essentially the same thing.. why have more standards.
4) this is also true, but it's less real world advertising of that fact, you don't order tor, you don't order GPG, and you don't have a physical device which proudly announces that you do. If you're doing security online right, nobody can tell you're doing it at a glance.
4) You order a privacy tool from Amazon, and you're put on a list. You emit the kind of encrypted traffic that 99% of internet users don't, you also get put on a list. In most cases, there's no difference. I suppose if your threat model requires you physically appear not to care about privacy then it matters. Like maybe you work in a sensitive position and you don't want anyone to think you might exfiltrate data, so you only carry the work provisioned device which logs everything you do.
I imagine if you had enough realtime keystroke data, you could even identify a user using nothing more than how they type on a keyboard. That's some scary stuff.
Privacy advocates would better serve the public if they instead educated people on how to communicate securely instead of producing yet another black box that users can blindly put their trust in. I suppose this is better than nothing when dealing with less capable actors, but for those who plan their future years ahead, doing something on this phone, only to have it bulk collected and stuck in a database for decryption and analysis later when it serves the political will of those in power is counter productive.
This was on HN a while ago! https://news.ycombinator.com/item?id=9973329
And what they typed - acoustic snooping.
https://freedom-to-tinker.com/blog/felten/acoustic-snooping-...
Excellent point. A secure phone should either have a GSM module that can be removed or a hard switch to disable it.
http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-...
The problem is that who orders a Blackphone is not completely private and it is a sign that those people have something they want to hide and there isn't that many of them.
You almost need a private way of sending Blackphones so that the NSA doesn't know who is getting which phone and then if there is a enough volume of Blackphones you should be okay.
Should I be worried?
It might be safer to go to Walmart and buy a pay & go phone and gift cards with cash. Or just stay on Tor sending encrypted messages using PGP.
Plus does the Blackphone address one of the biggest security concerns with modern cellphones: The cell modem? We already know the NSA has implants that target the underlying cellular operating system, turning your phone into a bug, or injecting things into the consumer OS (Android, iOS, etc). Baseband is a legitimate security nightmare.
All I really want is a fully open source phone that I have control over, is that really too much to ask?
An open baseband is the missing piece and that appears to be rocket science.
If only someone would leak the specs of a modern baseband the same way calypso was leaked ... anyone ? Anyone ?
Unfortunately high spec firefoxos-pre-installed phones aren't really available in the US right now, but you can also convert an existing phone to run FFOS.
https://copperhead.co/android/
We already have a working alpha build on github which includes PaX hardening and various other security patches.
https://copperhead.co/android/
We already have a working alpha build on github which includes PaX hardening and various other security patches.
BBM is only secure in combination with a self-hosted BES server (and on which you have installed your own CA certs).
It seems to me like setting up your own disk encryption and secure SIP calling on a phone with an AOSP ROM without any Google apps installed (and just using f-droid as your app store) would be far superior to using this device as far as privacy goes.