209 comments

[ 4.2 ms ] story [ 240 ms ] thread
One should be concerned about privacy and digital footprints , but more or less it depends on how many people are looking forward to adapt this concept. People still use Gmail and facebook .
It would be nice to order Chinese food anonymously with this phone. Looking forward to the release!
No mention of the thing being completely open sourced - or did I overlook something? If not, seems like something they should mention (I am assuming it IS open source?)...
For a project concerned with privacy and anonymity the news subscription form is asking way too much.

Also, why is domain on .ch ?

I believe the company is Swiss.
Doesn't seem to be.

  Domain name:
  blackphone.ch

  Holder of domain name:
  Geeksphone S.L.
  Geeksphone Rodrigo S
  calle Manuel Silvela 1
  ES-28010 Madrid
  Spain
It's just very curious that they feel like they need to pass for a Swiss company.
It’s not that curious: Switzerland through their history and neutrality policy have a reputation for being secure and unlikely to bow to foreign influence.
No, I realize that. I just don't understand what they are trying to gain by using .ch domain name. That people who are interested in privacy and security wouldn't notice that they are a Spanish company and proceed to think of them of a Swiss project? Seems pointless at best and misleading at worst.
I think it's just a (clever) part of their branding; Switzerland has long had an explicit policy of neutrality.

Not a super-reputable source, but succinct: http://www.wisegeek.org/why-is-switzerland-regarded-as-a-neu...

Official Swiss propaganda, but has more info: http://www.vbs.admin.ch/internet/vbs/en/home/documentation/p...

There's also a strong branding presence of Swiss products in UAE and China (including some brands you'd never hear of in Switzerland itself), there seems to be a very strong association of "Swiss Made" with luxury product. I've even seen opticians advertising "Swiss Glass"(?) in Hong Kong. Thinking back to a talk by the founder of Virtu, I wouldn't be surprised if the middle and far east are key markets for this type of product.
I wondered that as well, could entirely just clever branding because of neutrality.

They state in the video: "Blackphone is a Swiss joint venture between Silent Circle and Geeksphone"...

Still doesn't reveal much, as both companies in this joint venture aren't swiss and in the swiss company register I couldn't find an entry for them.

How does this protect me from my carrier? No matter which phone I use they still need to record who I call for "billing purposes" and know which cell is closest to route my calls.
You could use p2p VoIP.
Not in Germany, where opening your WIFI makes you liable for all the things that might happen with this.

But only if you are a private person (or a small cafe/venue). If you are an ISP, you can operate hotspots wherever you want and charge whatever anyone is willing to pay. And you do not need to fear being held liable for your users actions.

[Edit] Meant to say, that since this change of law we do not have a lot of open WIFI-Spots anymore.

They could still track you though. You'll need a sim card, and you'll need to attach to the network - which means the carrier can track your location.
1) Buy prepaid card with data plan.

2) Access Internet (and VOIP) only via VPN or better yet TOR.

3) Only give out your VOIP number. No one must know your direct number, it’s only for emergencies.

This severs all the important connections to make any use of that data, assuming you don’t have any leaks.

To expand on this, does anyone know of a reliable service provider (accepting bitcoins is a bonus) for SIP Trunking[0]? Or any VoIP workflow that can perform calls to PSTN[1] (the regular landline/mobile telephone network). Or even any VoIP provider that offers a basic answering service, where the voice mail box can be checked over the internet a la google voice/skype voicemail?

[0] https://en.wikipedia.org/wiki/SIP_Trunking

[1] https://en.wikipedia.org/wiki/Pstn

Edit: A quick search gave me this[2] by Plivo. Does any one know of any other options?

[2] http://plivo.com/blog/sip-trunking-to-replace-my-landline-ph...

Don’t have any recommendations here, just thought I’d mention that for the stated purpose—​preventing the tracking of the cellphone location (i.e. where you go)—​running your own VoIP to PSTN/​ISDN/​GSM bridge at home would be sufficient.

Completely anonymous hosted PSTN bridge would be very open to abuse, so I imagine not many of them are/will remain accessible via Tor. But for completely secure and/or anonymous communication you don’t need or want PSTN, all you need is (encrypted) VoIP–VoIP that you control, and can optionally expose via Tor (as a hidden service).

Bonus points: GSM bridge at home raises less flags. You could even “take it for a walk” from time to time to make it appear even less suspicious.

build your own ostel or asterisk server, I think asterisk does voicemail.
>> "Enabling revolutionary communications"?

Eh? Wouldn't "Enabling secure/private communications" be a better, albeit less grand, descriptor?

Presumably they mean that literally: enabling the type of communications you need during a political revolution.
To even have the theoretical possibility of "privacy & security", both software and hardware must be fully open. And then there must be some way to check that the hardware and software you got in that box is actually the hardware from the spec, without extra chips. Those are pretty hard to accomplish.
Well, this is just a splash page and says very little.

It's in partnerships with http://www.geeksphone.com/ which is FirefoxOS based. But yet the Blackphone splash has an image of a phone with Android buttons.

They claim no hooks to vendors, so if it's Android I can't imagine this is going to carry the Play store.

I'd be interested in knowing how they will secure and make private the core functionality of being a phone and sending email and text, all of which are insecure.

On that, I'd speculate that this is just pre-loaded with Silent Circle apps, and maybe will be announced as having DarkMail and a choice of RedPhone.

But... there's no info at all really, so who knows what this is.

The only problem they really have to solve is the eternal question of: Is it possible to provide real security and privacy whilst providing convenience?

From the video: "PrivatOS is the Android you are familiar with"
Geeksphone actually made Android phones originally.
(comment deleted)
> Use the apps you know and love.

Ok, so how do they stop Facebook et al from abusing our contact lists and location data as they do on existing smart phones?

Completely useless web page. All wooly 'feel-good' words and no hard, concrete information. So I guess we just have to take it on trust then?

Also, their privacy policy is laughable:

We turn the logging level on our systems to log only protocol-related errors - great!

the pages on our main web site pull in javascript files from a third party. This allows our web developers and salespeople to know which pages are being looked at - so instead of keeping your own logs, you are outsourcing this to a 3rd party with worse privacy policies, and who can now aggregate your website usage with other sites.

Why didn't they just keep logging on and get rid of the 3rd party bugs?

Expecting people to write their own metrics stack for a promo site is a bit OTT - there are a lot of good analytics stacks out there which let you get up and running very quickly, complete with dashboards, metrics, etc.
Well, Silent Circle is based in Washington DC, so even if they were keeping logs themselves, it wouldn't be much of a privacy reassurance...
This web page is clearly marketing page not technology information page. They simply try to gather information if there is interest/demand for something like this. LEAN startup :-)
"Blackphone is re-shaping the landscape of personal communications. Pre-ordering begins..."

How is it re-shaping anything before it's started shipping?

Come on, this can't be the first time you've encountered shitty marketing lingo.
"Pre-ordering begins..." is letting folks their idea validating strategy. I wonder what the threshold is going to be, 100, 500, 1000 or more pre-ordered phones.
It also helps to build a list of people who have something to hide ;-)
They should have s/re-shaping/disrupting/g if/when the referrer is HN.
I'm weird enough to be interested in these kind of things, but the whole site is really .. just fluff. Ignoring that and focusing on the sparse details of the actual thing:

- High-End Android device

- Privacy features in the (custom) Android version

- "Secure communication builtin"

Again, I like the idea. But so far the details match CyanogenMod (with TextSecure for SMS, maybe XPrivacy on top)?

Yes, looks like an Android powered device. So, at the end is just another OS right?

One of the big drawbacks when I first started my nexus5 was that I was being spyed. Why the hell do I need a gmail account to get started?!

I wonder if it would be possible to install this Android flavour in a Nexus device ?

You don't actually need a gmail account for what its worth - Google just makes it difficult. On the screen where it requests a login you (seriously) need to tap each corner of the screen in clockwise order starting from the top left. That should skip the step.
That's useful, and user-hostile. On iOS you can just tap "Skip this step" if you don't want to use an Apple account with it.
Yet you need an Apple account to download anything from the App Store or iTunes... An iPhone without apps is barely useful.
Unless someone forks it, and builds support for your phone's drivers in it - then it's not possible.
This maybe a bit off topic but, why did Switzerland get the .ch domain instead of china. China seems to have a lousy CN domain ,( which reminds me of cartoon network for reasons that are irrelevant here).
CH is Switzerland's ISO-3166 code. The full country name is Swiss Confederation (which is Confoederatio Helvetica in latin).
I think it stands for "Confederatio Helvetica", and is the official abbreviations (eg : on licence plates)
Same reason the abbreviation for the Swiss Franc is CHF.
How difficult is it really to make a truly open source phone ? All it takes is one dedicated hardware company and a software company coming together.

Hackers have built some amazing hardware in past and we all know about how open source communities have built some of worlds best software. Google, Apple etc. are building devices where they act as gatekeepers and charge us for all nonsensical stuff. If you make a website there are a gazillion ways to promote it but there is only one way to promote and app. Pay some advertiser and you are totally at mercy of Google or Apple.

Firefox has been doing the right thing so far but they seem to take too much time.

Openmoko did that before Android. Sadly, it had a very lukewarm response owing to a not-so-good hardware.
Mozilla could take great strides towards this type of phone if they cared. Integrate tor, Whisper Systems RedPhone and SercureText, HTML tracking disabled, etc. I'm surprised their Firefox OS looks and works so much like every other phone out there.
The privacy issue in smartphones isn't the freaking application processor running Android. Sure, that ones terrible enough.

But the actual problem is the baseband processor running completely non-free software, with an enormous attack surface and access to all the interesting periphery (GPS, microphone). There is not just opportunity to compromise your privacy, Qualcomm and others actively implement such features at the behest of governments and carriers.

Oh, and if you plug that enormous hole, you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS):

http://www.youtube.com/watch?v=5B7XyVWgoxg

Carriers can do this today. (edit: that's a bit nonsensical, because carriers of course already know your cell id. Anyone with the ability to run a fake basestation momentarily (think IMSI catcher) can do this.)

Came here to say this exactly. The world needs an open-source baseband processor/firmware.
(comment deleted)
Osmocom baseband tried this. Works on older motorola phones, then just buy a turbosim with encrypted voice, sms and code your own OTA blocking. Or use a small tablet with no sim using wifi
> But the actual problem is the baseband processor running completely non-free software

True, and once that one will be made open-source too, there's still the NSA tracking mobile phones worldwide and generating all kinds of privacy-invading data based on it:

http://www.washingtonpost.com/world/national-security/nsa-tr...

(And until that is resolved, my mobile phone will stay in flight mode only.)

So once again, while tech may help in the short term, long-term solutions will have to be structural/systemic ones regarding government in general.

> once that one will be made open-source too

The point made elsewhere in this thread is that even an open-source implementation can be exploited. If the baseband is tightly integrated, then that exploit gains the attacker full access.

From a security perspective, even a closed-source baseband could be ok as if it has proper separation from the rest of the system (though open-source would obviously be better).

The solution is for your phone to not be a phone. Strip out the baseband entirely, use usb or wifi to a 4G LTE dongle, do VoIP. Extra benefit that you can explicitly know when you're radiating (and thus being location-tracked).

Blackphone is pretty lame, IMO. There's something better coming from a trusted source in weeks, and plenty of work being done on the "there is no phone" phone concept.

> There's something better coming from a trusted source in weeks...

Could you provide more concrete info on what you are referencing there?

Sorry, no -- it's not my product to announce. By way of validation, it's something I'm planning to use personally, even though it doesn't go as far as I'd ultimately like, until something better exists (which I might be involved in; unclear if client devices are the right focus since end users are so picky about non-security aspects of them, and for me, iOS is generally good against non-NSA threats, and NSA isn't my personal adversary.)
>There's something better

Is this IndiePhone by Aral Balkan?

I've never heard of this project or person, but it looks interesting too.
Except nobody wants to carry a dongle around in their pocket. Your security measure is useless if it's too much hassle to use day-to-day because most of the time (closing in on 100%) it does not matter.
I carry a SIM card around...
"Strip out the baseband" of a dongle and you won't have a device that can connect to the network, authenticate, shift cells or anything else. It's like stripping the firmware off your disk drive.

Fully support the initiative for an open baseband. One reason it's not open is the (fairly legit) fear that intentional and unintentional DoS attacks would occur, affecting everyone in the area. It's really really simple to be an obnoxious cellular network citizen and it's pretty damn hard to police.

Baseband bugs that impact networks are common too due to the complexity. I saw a function point analysis of GSM vs 3G once, seem to remember 1-2 orders of magnitudes difference. Ahh Function Points, you flawed devil of a management metric.

The idea is that your "high side" device is a phone, with all your apps, etc. It communicates over a well defined interface (USB seems like the best, but bt or wifi could be adequate given certain considerations) to a fully-functional mifi dongle or whatever which does normal cell/public-wifi/etc. functionality. No compromise of the external cell modem can get at high side data. The current "baseband can DMA your main device" is absurd; security processors (only on iOS and BB and maybe WP, really) help a little, but not enough.

Yes, it is two small boxes right now, but there's no reason you couldn't build a "baseband firewall" which puts baseband in one area, a firewall in between, and the regular phone, with only a well defined open interface in between.

Snapdragon and every other baseband coming out has them on an 'all in one' chip which is application CPU and baseband sharing direct memory. Unless you have a microscope you can't build a hw firewall.

Cryptophone uses an older Samsung to do this but has no SIM protection. The firewall isn't foolproof either it only detects extended use of the baseband cpu without the application cpu being busy then shuts down the device, which makes it a brick open to denial of service.

A hardened Android build is fine for most shady activity and avoiding dragnet surveillance. If you are a drug lord or foreign spy use a laptop or tablet with ostel or silent circle, internal mic removed and running hardened free software, your dongle should have TurboSIM or similar wrapper that can be coded to reject OTA updates and not reply to silent tracking SMS. Marlinespike is also working on a new Whispercore, I have a forensics resistant project, and there is of course Cryptophone GSMK. Is the project you're talking about the build that runs Xen then boots Android in phony isolation because the snapdragon chip can still access memory.

Another problem is simply walking around with 2 phones which is an opsec indicator for feds that you are up to something and req targeted surveillance. They have full automated access to every cell tower db to look for this as per snowden docs dumped on cell meta data

The idea is you don't use baseband functionality at all in the main high-side device. It can be a PDA, connected over USB to a separate radio. There's no way the radio can do anything particularly evil except if there are implementation bugs over USB (API problems with whatever interface you build between them, most likely), but at least that can be inspected by end users and problems found/fixed.

These highly-integrated devices are basically inimical to decent security.

No (that project was an earlier version of blackphone/geekphone, actually! from what I've heard)

I believe you have the right idea. To isolate audio/message encryption in one box, stream it via IP to cellular (LTE/4G/etc) towers in another box. Then, the customer puts those two boxes into one box.

It could basically be done today with an Android PDA running VoiP app only, connected over wifi to a cellular hotspot in one's pocket. The next evolution would be to replace the wifi with a wired network.

I'm probably going to submit this + some specific privacy/location/etc. protecting services as a turnkey thing to DC/BH 2014. Also looking at a kickstarter for something on the "travel router which isn't a complete piece of crap" front.
I'm curious what you'd like to see in a travel router. Is it mainly the software or hardware you think needs work, or both?

On the software front, I have an OpenWRT image which I think works pretty well for travel which I've been meaning to publish (routes all traffic over an OpenVPN tunnel and can act simultaneously as a WIFI client to the hotel network and as an access point for your own network). The hardware is nothing special (WRT54GL) and it would definitely be nice if it were more portable. I'd love to hear your thoughts and will be looking forward to that kickstarter.

Hardware. USB powered. Dual radio, ideally dual dual band (so 4 radios which can be 1-4 in use). Ethernet port. Probably a USB port for 4g. Ideally a good form factor. Probably no battery, use a USB battery or laptop.

My goal would be to never ever connect my devices to wifi, and run everything through the device.

There are lots of attempts to make current hw work for this, but while you can get close, nothing is good enough IMO. I have the tplink, the belkin, etc with different firmware.

Enough flash and ram to run sane openwrt, and maybe options for a VPN client, and a stretch of Tor. Fitting that within the power budget would be the issue.

There are also software features missing on current devices, especially in stock firmware. A really good firewall, VPN client, and other security tools would be nice. Central enterprise management and/or managed service as an option would also be wonderful. My main goal is execs who travel to China regularly.
Thanks.

Yes, it sounds like it will be challenging to fit everything in the power budget. Do you think there's a need to use this on battery power? Won't most people be using it in a hotel room? A wall wart that's compact and dual-voltage would work for me and would provide much more power than USB.

I'll also put in a pitch for at least two Ethernet ports, so you can use one for connecting to the hotel and another for your LAN, in case WIFI's not cutting it or you need to connect a non-WIFI device (in my case, a VoIP phone).

One usability problem which has vexed me is that most hotels force you through a captive portal, which doesn't work if you're routing all traffic over a VPN. (Some even make you do it every 24 hours!) My latest solution is a special Ethernet port that's on a separate subnet which isn't routed over the VPN. You use that for going through the captive portal and then you switch over to WIFI or another Ethernet port. I think a hardware switch to turn the VPN on and off would also be a good solution.

Yeah, a hardware switch for VPN/non-VPN. Two ether might make as much sense as one, and it gives you a lot of flexibility. Ultimately I'd like to see something better than dumb captive portals, too, so some kind of partnership with the roaming wifi pass providers might make sense.

For the power budget, I really want to be able to use this powered by my laptop's USB port (or a big usb battery) so when I'm at an airport or something I can safely use wifi without having to find a power socket. One option is using more power than USB, and having a battery which is charged via USB, but that would suck.

I believe everything except Tor can fit within the power budget, even with 2 normal and 2 lower power radios, though.

For a portable firewall/router, I use a cubieboard running OpenBSD. It has a USB to DC cable that powers the device (no hdd attached) and runs LTE sticks fine. Costs $50 and runs a complete install to run Tor or whatever you want. Right now I have it running pf filtered VLANs to segregate devices, an authenticated AES wireless hotspot and Jondonym mix, which I tunnel all traffic through including Tor and i2p traffic. That way the local wireless carrier who you're using doesn't see any tor traffic.
The problem with doing wifi weird bridge mode where you are on both networks leads to performance issues on busy networks because you are necessarily on the same channels.

It might be worth giving that up since then existing hardware is usable.

Yeah, it's definitely suboptimal but it seems to work. If it's easy to have a second radio then you should probably have one. On the other hand, urban areas are usually so saturated with access points that using a separate channel might not gain you much.
Have you talked to The Grugq about this? Sounds like a beefed up version of PORTAL: https://github.com/grugq/portal
Yes, I talk to The Grugq a lot, although our relationship does not involve bonds of affection and/or personal obligation, and/or where the I and the foreign national share private time together in a public or private setting where sensitive professional and personal information is discussed or is the target of discussion.

But yeah. Grugq's doing a lot of other cool stuff now too.

I just tried this with a Huawei E1762 (casing removed) and a stripped down dongle. Crammed them both into the back of a Nexus and attached it using the case I have for a Seidio Innocell 3800mAh battery extention.

Activated airplane mode to kill the baseband, PPP widget runs fine on 4.2.2. Success. (kernel module loading not avail Android 4.3+ though obviously can build your own, or get a Moto G with native USB OTG support)

> Another problem is simply walking around with 2 phones which is an opsec indicator for feds that you are up to something and req targeted surveillance. They have full automated access to every cell tower db to look for this as per snowden docs dumped on cell meta data

Do you happen to have a link? That's pretty terrible for anyone with a work phone and a personal phone.

How can having two phones be an indicator that you are up to something? It is extremely common for working professionals to have both a personal mobile and a company mobile these days.
They do really complex analysis of patterns of how phones move, how they're powered up, call history, etc. It's actually really fascinating if you think about it and dig into it a bit, just like being able to largely identify (and sometimes effectively decipher) network traffic through analysis of encrypted message flows.

Just carrying two phones with you isn't the most interesting thing; it's a pair of people who normally have one phone during normal activity, and then at some location turn that phone off and turn on another phone which isn't used for anything except calling the other person briefly and hanging up without saying anything, and then those phones moving closely together, etc.

In my proposed case, there's no actual "second phone" on the cellphone network; your "phone" is a wifi only device which talks to a box which talks over data.

Traffic analysis is one of the things NSA does exceptionally well; the open crypto world is like 5 and maybe NSA is 7, but the open traffic analysis world is more like 2 and NSA is a 9.

"Another problem is simply walking around with 2 phones which is an opsec indicator for feds that you are up to something and req targeted surveillance. They have full automated access to every cell tower db to look for this as per snowden docs dumped on cell meta data"

They, the feds, must be surveilling an awful lot of ordinary citizens because in my day job, delivery driver, I carry two phones. One issued by my company and my personal phone and on days when I'm working with another driver we'd have four phones in one vehicle. I can imagine there are quite a few people who have good reason to carry two phones regularly.

Fully support the initiative for an open baseband.

I would love to live in a world where this can happen. But we don't live in that world.

The carriers have paid billions of dollars for exclusive use of their frequency bands. And their hundreds of billions of dollars of revenue depend upon smooth operation of all devices on the network using those bands. They will use whatever means to protect this.

OK, so let's talk to the FCC (and all the other agencies around the world), and get some other frequency band we can use for our totally open phones.

Well... there aren't any open ones left in the good range of approximately 700MHz to 2GHz. This is the part of the frequency spectrum that has decent carrying capacity, good penetration, and not too high power requirements. It is basic physics. Go lower in frequency, and you can't carry enough bits to be useful. Go higher in frequency and you start getting stopped by walls and such.

All the good bands have been allocated in the USA and elsewhere for TV, existing carriers, military, satellite, and so on. At a minimum, you'd need tens of billions to lobby for and buy a decent chunk of spectrum. And you need to get the current users moved off, which they won't like.

All we have left are the 'crap' bands like 2.4GHz (microwave oven interference). 5GHz isn't too bad (not a lot of other interferers) but it is short range with the current regulations. Another open band for unlicensed use at 60GHz gets stopped by walls, air (oxygen)...

I don't understand. If I come to a carrier and say "Here's a codebase for your baseband. It's OSS, well tested, secure, and supported. Buy support from me." why won't they go for it. Surely, an OSS solution is cheaper for them than developing an in-house crap solution that I'm sure it is now.

Also, is there any harm in just open sourcing their baseband code? It seems to me that it's worthless without the license to use the frequency anyways, so who cares if the code is open from a losing business point of view. On the other hand, things like security review are to the carriers' and manufacturers' benefit, no?

Ironically, the market seems to be not optimizing for optimal net revenue (income minus costs, where here you're minimizing costs), but for control. This is partly because of the control freak nature of these companies, partly because the government demands it, but also, again ironically, because of long term thinking: if these companies can lock people out and control them, that helps to guarantee future profits. The free market can sometimes be a cruel bitch bent on the end-user's oppression.
Sounds more like the market is stuck at a local profit maximum instead of a global profit maximum. As in, they think they are making as much profit as they can, but in reality if they invested more into something that's not directly consumer facing they'd be end up making more money in the long run. Except this long term thinking is less appealing than the status quo so they just stick with what they know.
If I come to a carrier and say "Here's a codebase for your baseband.

The carriers don't want baseband code, they just want finished products to sell.

It's OSS, well tested, secure, and supported. Buy support from me." why won't they go for it. Surely, an OSS solution is cheaper for them than developing an in-house crap solution that I'm sure it is now.

OK, assuming you get a current-generation baseband chip for free (it actually costs a ton of money to develop) with full documentation, you're still talking hundreds of millions to develop that software. GSM (a 2G technology) is complicated. UMTS / HSPA (one of the 3G techs) is an order of magnitude more complex. LTE (4G) is another order of magnitude more complex than 3G. The baseband code, plus all the testing code, plus all the testing required by the FCC, standards bodies and the carriers is a ton of money.

It costs millions to take an existing chipset (which has already been approved), an existing baseband codebase (which has also already been approved for use with that chipset) and put that into a modem and get that approved.

The chip vendors have their own baseband code now, and they are all in fierce competition with each other. They aren't going to just use your code, and they aren't going to let you use their chips either.

OK, thanks for the explanation. So it sounds like this comes down to vendors competing and not wanting to have their code exposed for fear that others might copy their chip + code when the vender is the one paying all the fees to make the chip + code usable. I guess this is similar to Nvidia vs AMD (vs Intel I suppose), except perhaps even more entrenched and without much hope of a community reverse engineering a solution.

This sucks. Do we have any alternatives? Are there any completely open radio chips in development?

So it sounds like this comes down to vendors competing [...] I guess this is similar to Nvidia vs AMD (vs Intel I suppose) [...]

Yes, exactly. Sometimes just seeing how something is organized, or the API can give significant clues to how it is done. It is much harder to start from scratch.

Do we have any alternatives? Are there any completely open radio chips in development?

See my parent post. First you need a few billion dollars to buy some spectrum.

> See my parent post. First you need a few billion dollars to buy some spectrum.

So that's the tragedy of the mobile computing revolution isn't it then? That communication tech is technically a free market but realistically is controlled by very few corporations with very deep pockets. I did not realize that this is how it was set up and now I am sad.

> except perhaps even more entrenched

By a lot. On the plus side, all the specs to create a component in a cellular network(protocols, procedures, network architecture and so on). are open and free.

On the other hand, the specs that cover all the parts of a cellular system is _many_ thousands of documents - and there's patents hidden in quite a lot of them.

> without much hope of a community reverse engineering a solution.

* specs for the chipsets are not available.

* You might get the spec. for the pinouts for the chips if you sign an NDA, but not the specs for being able to run your own code on it.

* But the chipset manufacturers won't talk to you unless you're serious about buying quite a few million of them anyway.

http://bb.osmocom.org/ have managed to reverse engineer an old GSM chipset (with help from leaked documents and source code) and created an open source GSM base band for those old phones. But there's little to suggest doing the same for 3G or 4G will be possible in the near future.

Are you aware of Fabrice Bellard's 4G LTE software base station?

http://bellard.org/lte/

I was not aware of this. It is not open-source though, and it is really just for research purposes.

Its actually quite impressive how much they've implemented, though it is still a small fraction of the software you'd need to run an actual cell network.

It's not just for research purposes, as it's sold by Amarisoft as Amari LTE 100:

http://www.amarisoft.com/?p=amarilte

It's also not "they", as it's been developed by a single programmer. Certainly, Bellard is no ordinary programmer, but this should still give some perspective to your claim of the millions of dollars required for development.

If it's OSS, then users are empowered to modify the code for their own purposes in ways that degrade or deny service to others.

Code could be released for inspection, but you can't be allowed to actually run modified code on real radios outside of RF-isolated testing facilities.

I think theres a misunderstanding here. Nobody wants to buy the actual frequency spectrum or compete with carriers; we just want to control the software and processor that does the GSM, 3G and LTE communication, on whatever frequency.

(That is not to say carriers won't do everything in their power to stop actual open source software and hardware implementations; mobile only works because all the devices behave nicely according to the specification, an attacker could with very little power severely compromise the network. There is just a very large barrier to entry, and dumb, bruteforce solutions can be triangulated.)

> Fully support the initiative for an open baseband.

How do you ensure that the manufacturer doesn't modify the baseband code?

Do tell, what's coming in a few weeks?
Hmm, I'd say the real privacy issue is the user who installs and runs all those Facebook, Twitter, LinkedIn, etc. apps and freely shares his private information with everyone.

You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.

No. The problem is not the common user who just follows common hardware and software. The problem is common hardware and software, which put security last.
And Opt-Ins first.
That hardware and software are being selected by users. Unless you become the government, your "solutions" will be less preferred and will die. At best you can sell luxury products to paranoid, Howard Hughes types.
There are two different connotations of 'privacy' that are often conflated in discussions about Facebook, Google, etc. Conflating them probably obscures the more important connotation to the benefit of such companies' bottom lines.

The first connotation is the one my mother warned me about. It's Facebook photos of that tequila weekend in Tijuana and those two PM Tuesday tweets from the beach bar when I called in sick to work. These are things that require personal judgement in regard to what I say. Self-control addresses this type of privacy.

The second connotation of privacy is newer, but still nearly twenty years old. It entails concerns regarding information collected about my actions beyond what I explicitly choose to broadcast. It's cookies in the browser [and their more sophisticated descendants]. It's my browser linking my Google+ account to my browsing history at lesbiandwarffurries.com.

Privacy issues of this second type are assumed to be normal when they are considered at all - why doesn't my browser sandbox cookies for each website? Or rather why isn't there a browser that does so? The same logic underpins the Blackphone - sand boxing unrelated parts of the system so that privacy is a matter of personal judgement rather a battle against a technically sophisticated adversary.

> why doesn't my browser sandbox cookies for each website?

You can do that with Fluid.app (http://fluidapp.com/ only for MacOSX) It is a Single-Site-Browser-Generator with the option to have a separate cookie store for each SSB.

I have one instance for facebook, one for Google+ etc.

You can disable third-party cookies (I do so), and watch how many websites cease to function.
I've been running Firefox with Ghostery and NoScript for about four years. I know the consequences.

I only access Facebook from a VM or an old smartphone with no SIM. That's because browsers are designed to circumvent my attempts at privacy and to facilitate the ends of third party cookies.

Using a Git analogy, there is no reason for a single cookie repository. Suppose foo.com injects a third party cookie from bar.com into my data stream. It could sit on the foo.com branch of my cache, so that when I visit baz.com, it does not know about the bar.com cookie, and injects another one [which sits on the baz.com branch of my cache].

When I want to have a single bar.com cookie for foo.com and baz.com, then I merge them and let bar.com sort out any discrepancy. To put it another way, there might be a few websites where I wish to allow a shared persistent Facebook cookie, but I don't want to share that information with every website with a LikeUsOnFacebook widget or share all my browsing with Facebook.

But browsers thwart that process and facilitate tracking. It is by explicit design that browsers break the web when there are attempts at privacy. They are designed to mislead users and be truthful to remote websites rather than vice-versa.

The

Absolutely correct. This is why such a device should isolate the hardware components used for communication from the main CPU/device, consider the former "hostile" and communicate with them using a simple, safe interface (like USB or serial). Using a throwaway external 3G/LTE adapter (USB) would be even better. This way, a compromised baseband processor or SIM card cannot access the host's memory (using DMA like in current smartphones) and as long as the host uses secure encryption, it can still communicate securely (but of course the device will be detected and identified).
by looking at the video I know some of the people in Spain who are involved. They are in Bilbao. We did a consulting project with them in 2009. They are more in the creative educational industry.

I am not sure about the technology, however from look of the video I can say it is mostly aim at non-technology experts, with nice fancy design.

Can I ask what kind of people do we need to design all the chips hardware such as baseband processor, using open source design?

And what are HN opinion on Silent Circle?

Silent Circle is for business use to avoid industrial espionage. If you are an activist or suspected criminal I would imagine they would cooperate with any court order to feed you a malicious update that allows federal access just like Hushmail does. They swear up and down this is impossible but it's a for profit business they arent going to risk it protecting whistleblowers, wanted hackers or enviro activists. Redphone at least you can build it yourself and prevent targeted updates
the sub-OS was my immediate thought when I saw it is an android device.
I totally agree that adding privacy features to what is essentially a tracking device isn't addressing the right issues. Why not start out with simply a free, private laptop? Something that uses Coreboot and doesn't require any firmware driver blobs. This is something that so far, only one Chinese company has been able to do, albeit producing only a rather underpowered model [1]. Where are the private laptops that rival the Macbook Pro?

1. https://en.wikipedia.org/wiki/Lemote#Netbook_computers

Android having the most granular permission system ever seen on any operating system is already the most secure operating system.

The biggest security hole next to the baseband processor and the SIM is the user who installs every app in seconds without checking permissions.

Not really, iOS permissions are more granular sometimes - iOS will ask you before an app accesses your phonebook, and you can deny the access. You can't do that with Android.
> iOS permissions are more granular sometimes

Not true, http://developer.android.com/reference/android/Manifest.perm...

Android permissions are all or none at install time. iOS allows permissions to be individually toggled at any time. Some people define flexibility differently.
I can revoke permissions on any Android app with App Settings[1].

[1] https://mediacru.sh/DRUrAHvxdlfS

In which Android versions? Cyanogenmod supports this functionality, but most stock builds don't, up through the most recent Kitkat releases.

(The first shipped Kitkat builds supported a form of this, but it was quickly removed, amidst complaints from privacy advocates:

https://www.eff.org/deeplinks/2013/12/google-removes-vital-p...

So, there are a few shipped phones which can have this functionality made accessible via third party app --- but update your phone and they cease to work.)

For what it's worth, if I can't do it on a phone that I walked out of Verizon with and didn't touch again, then I consider it can't-do. Custom ROMs aren't mainstream enough yet to count (despite how awesome Cyanogenmod is), and as you correctly pointed out, Android removed it from KitKat. So, until Android natively supports it in a release, it doesn't exist.
(comment deleted)
Not even remotely granular. Install XPrivacy[1] (which is still not granular enough for me, as it lacks filtering over function arguments) and see that categories are very broad.

[1]: https://github.com/M66B/XPrivacy#xprivacy

Argument-level filtering would be awesome, but I don't know, the existing app+function level filtering seems to be working fine for me so far. The only real complaint I have with xprivacy now is the atrocious UI, and I'd really like some way for it to automatically fetch filters from somewhere so I don't have to bother with the permissions every time an app updates.
True privacy on a smartphone can only be expected when software and hardware are 100% open sourced. This of course includes the source code for the 3 Os's that typically run on a smartphone. Anything that's running server-side cannot be trusted either. So we need client-side encryption/decryption as well.
"and anonymize your activity through a VPN."

iOS and Android support VPN but it needs to be manually activated each time, making it rather useless unless you're using some public wifi. If I understand correctly there is a possibility for large companies to integrate VPN but for the average guy it's rather useless if you have to activate it. If this phone has VPN really integrated that'd be great.

I understood that this had been fixed in Android a while back so it would start up automatically? Personally, I'm still on 2.3 which requires a manual startup...
If you could tell me how to do it that would be great. I'm still stuck turning it on all the time. Auto-on would be awesome.
I know they are pre-launch and this is just a landing page, but it doesn't tell us much. Questions:

1. Is this just a stock phone with some privacy-orientated applications built-in, or is the OS and hardware contributing anything?

2. They seem to be using Android. AOSP or Cyanogenmod? Have they any work themselves to harden the OS? Are they using virtualisation?

3. Any closed binary blobs in there? What about the baseband firmware? (Does open source baseband firmware even exist?)

4. Whats the hardware like? Is it hardened in any way?

Unless they have some really special hardware in this, I don't see how its that much different than running cyanogenmod + secure applications on top, such as textsecure.
Geeksphone is doing pretty impressive for a startup that they were launch partners for Firefox OS and now have roped in PGP founders for this project.

Were they successful in delivering on the Firefox phones?, Their website always says 'out of stock'. Blackphone seems to be ambitious too. Is it possible for a startup to sail these two boats?

Also I find it odd that the PR is always just before the Mobile World Congress (MWC) which happens in Spain, last year with Firefox OS and this year with Blackphone

I am not getting it, how do you prevent the carrier from knowing where you are if you sign up to it with your number?
The website doesn't really tell me anything about the phone.