Slashdot Mirror
CryptoPhone Sales Jump To 100,000+, Even at $3500
An anonymous reader writes "Since Edward Snowden started making NSA files public last year, GSMK has seen a jump in sales. There are more than 100,000 CryptoPhones in use today. How secure they really are will be determined in the future. But I'm sure that some government agencies, not just in the U.S., are very interested in getting a list of users."
For the price the company's charging for a modified Galaxy S3, it had better be as secure as they claim; otherwise, the free and open source RedPhone from Moxie Marlinspike's Whisper Systems seems like something to think about first.
...Blackphone?
Then rest assured that governments know how to get into them. Else we'd have seen some kind of harebrained reason why these phones can no longer be bought and used.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
$3500 is a lot to spend on software
$350 million (not counting the cost of the S3s or whatever is included in the '2 years of service') to harden one of the mobile tracking and advertising OSes into something actually secure probably isn't wildly out of the ballpark (and probably far less than a proper actually-verified-with-proofs-and-stuff Secure System OS of that complexity).
On the other hand, I would be shocked, shocked to hear that their security claims are...inflated... and there's a good deal of profit margin in there.
I how you are aware that it doesn't matter. Back doors are simply mandated into the service, possibly, or probably, by secret law, or it is declared illegal for use. Read the contract. Unless it specifically says the company will never, under any circumstances comply with a government order to open up its communications, then the service should not be considered secure. And even then, you still have to trust them. That is living a fantasy in today's world.
“He’s not deformed, he’s just drunk!”
At least it's not from a US company. There is another phone like this, and it's from a US based company. And I'm thinking... yeah right, NSA honey trap.
We need secure software. We cant trust hardware at all, unless it's for a single purpose, with a verifiable protocol. The Bitcoin community are coming up with some great solutions, which will help.
It's an obvious strategy for a Honey Trap. What's not so obvious is whose Honey Trap it might be. Maybe it's the NSA, but it could just as easily be Russia's SVR or Israel's Mossad or China's MSS.
Probably so that people can use the Android compatibility to load it up with privacy compromising shit. Real answer? I have no reason to think that it is, except possibly for the outfit undertaking it, who can take advantage of the fact that getting phones that are ready to run basically any Android you want, off the shelf, in quantities starting at one, is cheap and easy, while other approaches are likely to be at very least more difficult (the state of graphics drivers, say, for non-Android graphics systems is pretty dire in ARM SoC land, and you can't even fall back to VGA mode like a PC.) And if you feel like dragging something smaller than an entire Linux distribution along, (bionic or libc) prepare to enjoy the...robust ecosystem... of board support for more obscure OSes that aren't deeply proprietary.
So, fully agreed that starting with a screaming heap of complexity whose development cycle has been driven largely by competitive pressures and which runs on hardware platforms generally larded with proprietary blobs and then trying to bolt on some security and privacy is the painfully wrong way to do it. However, if you want a half-assed cash-in at relatively low risk, released quickly enough to beat any competitors to the punch, and hit the market while Snowden is still hot news, 'cook an Android ROM with some of the obviously fucked stuff removed, ship.' is an eminently logical plan, if perhaps a rather cynical one.
You deal realize that the GSM crypto was intentionality weakened at the request of EU intelligence services. The NSA had no role in making it weak.
I am becoming gerund, destroyer of verbs.
Go to the stadium in shorts and t-shirt, freshly washed (and dried indoors). Wear new style running shoes with very thin sole, as recommended in Scott Jurek's "Eat and run".
Talk while walking via woods or a park, among trees.
Not phone, no watch, no camera, no heavy clothing.
And speak quietly anyway. Still it does not guarantee privacy.
All other talk or messaging are public. It is a new brave world where there are no secrets.
There ARE phones out there that dont give the baseband processor and other hidden CPUs access to the main RAM. The Neo900 for example doesn't give the cellular radio module ANY access to the main ARM CPU or its RAM. In fact, design of Neo900 means that only the Linux software running on the main ARM CPU can touch the main RAM. And there is no reason you cant run 100% FOSS stack on that CPU.
So if your stuff is encrypted by software on the main CPU, any backdoors in the baseband or SIM or whatever have no way to compromise that.