I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
You might check out who the CEO is here and how he runs the company and then consider whether you'd trust them. And look at the infra providers they use. Not what I would call the most upstanding bunch.
Do not fall for a word of this. If you've spent any time dealing with actual SIP providers (ie not the shit you'd hook an app up to, the ones debt collectors use), you'll know exactly how much you can trust them. Same difference
Peel really only protect your privacy at the level of purchase. Not associating your name address or any other data with your phone number. Cape seems to be doing something far more technical so that no one can locate you by your phone number using ordinary triangulation.
> Enjoy unlimited high-speed data; after 50GB, speeds may slow to 256 kbps.
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
Unfortunate that it doesn’t seem to support Linux phones. Phreely or Purism’s AweSIM would be a better fit for anyone running a non-Android/non-iOS setup. Hopefully they add this in the future.
So it's an MVNO mostly on the AT&T network with extra privacy features? I think it still all then comes down to how you use your phone and how much you can trust the whole pipeline. I use Credo Mobile which doesn't seem totally different. https://www.credomobile.com/our-story
That made me very weary about this service. But I like the connections they have with other trusted organizations like the EFF and GrapheneOS. Still sketchy though.
There’s a chance this catches on with some folks with blacklisted IMEI’s due to a quirk on AT&T MVNOs where service works for a few days before getting halted per IMSI.
I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.
It would be more useful and beneficial to have a privacy oriented twilio than a privacy oriented carrier.
If we treat the carrier as adversarial, dumb pipes we can move the security and all of the capabilities into the cloud platform. A personal comms stack like this should be carrier-agnostic, phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
eSIM, global, variable pricing per country with per-GB billing, anonymous crypto payments and no KYC. Although it seems to not have some of the additional security features of the OP.
Maybe have an onion web service and add direct Monero payment support. This will help privacy LARP'ers get into the mood. Truth be told, if you're paranoid by any measure and use a cell phone -> YNGMI. It's not cheap enough for average person to care and not private enough for ulta-paranoid to pay and use. The whole mobile infrastructure is utterly broken in terms of security and privacy so it's still refreshing to see any kind of attempt being made in this area.
FYI, I had to walk through the first dozen or so steps of the signup form to figure out that it's available in the US only. I suspected as much, but I figured I'd post it here, since it's not in their FAQ.
Hold on. Cell towers still know where the device is. If a group of people in an area have stable ismi’s and one person’s ismi is rotating daily, it doesn’t take a genius to figure out who’s now using cape. Using it for travel makes sense, but again being a device that doesn’t a have an owner is, as the kids say, sus.
Does cape use its own cell towers, or do they rely on third parties to provide the actual infrastructure? And if they do use third parties, are they sure that they aren't also storing data about the connected devices etc?
49 comments
[ 3.6 ms ] story [ 55.1 ms ] threadhttps://www.cape.co/blog/product-feature-secondary-numbers
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
> Minimal Data Collection
> Identifier Rotation
> Secondary Numbers
> Disappearing Call Logs
> SIM Swap Protection
> Network Lock
> Encrypted Voicemail
> Private Payment
> Last-Mile Encrypted Texting
> Secure Global Roaming
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
1: https://www.phreeli.com
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
Whoops.
How does this compare to silent.link?
Look at who Doyle has worked for previously and what connections he has. Palantir and the military, to start.
Looks like a pretty sweet honey pot.
I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.
If we treat the carrier as adversarial, dumb pipes we can move the security and all of the capabilities into the cloud platform. A personal comms stack like this should be carrier-agnostic, phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
eSIM, global, variable pricing per country with per-GB billing, anonymous crypto payments and no KYC. Although it seems to not have some of the additional security features of the OP.