Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ars Takes an Early Look At the Privacy-Centric Blackphone

Posted by timothy on from the all-voice-calls-should-be-encrypted dept.

Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.

67 comments

  1. Apps which require location? by by+(1706743) · · Score: 4, Interesting

    Obviously, if you're concerned about privacy, you should avoid apps which require location, etc., information. However, it would be neat if you could get PrivOS to spoof things like location (and possibly calls, contact lists, etc.).

    Location information could still be very useful for apps that need it, if you have a sane spoofing policy (either manual or automatic). If you, say, travel to another city for a week, you could have the OS spoof a single location in that city for the duration of the trip. The privacy implications of, "Bob is in San Francisco" are somewhat different than, "Bob is at 14th and Valencia."

    Of course, I didn't RTFA, so I have no idea if something like this is implemented/in the works/impossible...

    1. Re:Apps which require location? by Anonymous Coward · · Score: 3, Insightful

      But you give away your location by just connecting to a base station? (if anyone has solutions to this, please share!)

      Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies.

    2. Re:Apps which require location? by EmperorArthur · · Score: 2

      Take a look at Xprivacy. If you have a rooted android phone you can do that and more today. I think Cyanogenmod also has some sort of permission control built in now. Even Iphone's have basic permissions. The only thing that doesn't is stock Android and Windows.

      Google knows there's a market for it, but they're worried about ad revenue or apps breaking because it would be "too much of a burden" on developers to make sure there apps behave when permissions are denied.

      --
      So lets pretend that we've just completed writing this code, as opposed to having just completed sabotaging it -Altera
    3. Re:Apps which require location? by AHuxley · · Score: 2

      Re AC and "Most countries track the location of your cell phone (mandated by law), and then shares the information gathered with intelligence agencies."
      Thats the problem. At some hardware and software level all your text entry is fair game to the telco that allows you to connect to their gov granted network.
      You can run all the apps you want but your still walking around with a beacon that has a mic and other neat features to offer any interested city/state/federal/mil/.com

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:Apps which require location? by StripedCow · · Score: 1

      Therefore, you should always use a tor-like algorithm to connect to the cell tower.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    5. Re:Apps which require location? by Travis+Mansbridge · · Score: 5, Informative

      The FBI has been able to listen to any cell phone mic, even when off (as long as it has battery power) for quite some time now.

    6. Re:Apps which require location? by qbast · · Score: 5, Interesting

      From Silent Circle homepage: "Silent Circle is a global encrypted communications service headquartered in Washington, DC [...] " . This is good enough to suspect that phone is backdoored (even assuming that Silent Circle is not simply NSA honeypot). Nice touch about putting blackphone homepage in .ch domain, it may actually fool somebody.

    7. Re:Apps which require location? by Anonymous Coward · · Score: 1

      Access to the mic is "guarded" (*) by the phone's software, which is presumably secure. That's of course a key point, but if the software is leaky, you are going to have lots of other problems.

      (*) I put that in quotes because it's not actually *guarded* by the software, but essentially there is no way for the FBI or anybody else to access the mic *other than* through software/firmware/microcode which accepts a connection from them and routes data from the mic to that connection.

      So -- beacon, yes. With a unique ID -- yes, the IMEI, but consider that a pseudonym until connected to real data. Access to the mic? Not if the blackphone stays true to its promises. Which, I think, is the real question.

    8. Re:Apps which require location? by Anonymous Coward · · Score: 0

      Google knows there's a market for it, but they're worried about ad revenue or apps breaking because it would be "too much of a burden" on developers to make sure there apps behave when permissions are denied.

      And thus has Android become the new Windows.

    9. Re:Apps which require location? by Anonymous Coward · · Score: 4, Informative

      The mic is not the main concern. Where I live, it is mandated by law that you have to show national ID card when you purchase any phone, and have the phone no and IMEI numbers associated with you.

      Meaning they are automatically tracking everybody, and indeed the police cameras routinely use cell phone location information (among others) to narrow down the face recognition hits. (Yes, this system exists and is publicly announced).

      It is harder to listen in to the mic on everyone all the time.

    10. Re:Apps which require location? by paziek · · Score: 1

      If there are 3 base stations in your range, then they can triangulate your position. It ain't as accurate as GPS, but can be useful - just check Google Maps with GPS disabled.

    11. Re:Apps which require location? by aNonnyMouseCowered · · Score: 1

      if you're really concerned about privacy, don't use a cellphone. If you're somewhat concerned about privacy, use a dumb phone. Then if you want to play Angry Birds, get a tablet where none of your personal information is embedded.

    12. Re: Apps which require location? by Anonymous Coward · · Score: 0

      What I never have understood is why Google simply cannot deny network but allow adsense. It's not like they don't know the ip range to whitelist.

    13. Re:Apps which require location? by westlake · · Score: 1

      Therefore, you should always use a tor-like algorithm to connect to the cell tower.

      How does this help when the tower has to know how to bill the call?

    14. Re:Apps which require location? by StripedCow · · Score: 3, Funny

      You just discovered an additional benefit of this method.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    15. Re:Apps which require location? by Wootery · · Score: 3, Insightful

      Yes. I know. Let's try that again: so you're just assuming the existence of backdoors in the Blackphone specifically which make the mic accessible to *.gov?

      Unless I missed something, we don't know for sure one way or the other whether the techniques the FBI have used to do that to other phones, will work on the Blackphone.

    16. Re:Apps which require location? by Wootery · · Score: 1

      This is good enough to suspect that phone is backdoored

      Disgree. It's not enough.

      Nice touch about putting blackphone homepage in .ch domain

      Any idea why they did that? Just to try to distance themselves from America? Weird.

    17. Re:Apps which require location? by anagama · · Score: 1

      Does a "dumb phone" exist? Wouldn't it be more accurate to call them weak computing devices with few _user_ accessible features?

      --
      What changed under Obama? Nothing Good
    18. Re:Apps which require location? by fustakrakich · · Score: 2

      You need to assume the worse. Chances are that it will be true. There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.

      --
      “He’s not deformed, he’s just drunk!”
    19. Re:Apps which require location? by fahrbot-bot · · Score: 1

      Does a "dumb phone" exist?

      Sure. The Qualcomm QCP-1900 I bought in 1998 still works great.

      --
      It must have been something you assimilated. . . .
    20. Re:Apps which require location? by drinkypoo · · Score: 1

      I just use "Fake GPS" on my Android stick and the phone I use around the house for SIP. It uses the simple gmaps interface to let you select a location. Whether you want to lie about your position or just don't have a GPS, it's fairly small and it works.

      Nice heads up on Xprivacy though, I do have xposed on my actual phone, along with a grip of modules. App Settings is a peach.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    21. Re:Apps which require location? by disposable60 · · Score: 3, Informative

      2 towers are enough.
      With the right software, 2 antennae on one tower are enough.

      --
      You're looking for quotes? See my journal.
    22. Re:Apps which require location? by Wootery · · Score: 3, Insightful

      There needs to be a way to verify how the hardware operates, or you just have to trust the manufacturer. Personally, I wouldn't.

      Agree. If Blackphone don't go down the hardware-checking road, that rather weakens their case. It'll take more than this. (I don't know what they mean by 'make', or even if they're correct in the first place.)

      A simple solution would be to have a physical mic/camera-disconnect switch...

    23. Re: Apps which require location? by sam0vi · · Score: 1

      I love the idea of poisoning "their" databases with bogus info. I used a WiFi app to poison databases at malls that offer free WiFi just to track people (can't remember name)

      --
      When my Karma level reaches 0 I feel in piece with the Universe
    24. Re:Apps which require location? by Anonymous Coward · · Score: 0

      This is good enough to suspect that phone is backdoored

      Disgree. It's not enough.

      It's not enough to even suspect that the phone is backdoored?

    25. Re:Apps which require location? by sjames · · Score: 1

      The tower knows where you are when the phone part is enabled. Otherwise, it doesn't. You could use an AP at the starbucks to make a VOIP call for example.

    26. Re:Apps which require location? by sjames · · Score: 1

      If that's important enough, you must assume they do until proven otherwise.

  2. I say XPrivacy by johanw · · Score: 5, Informative

    "PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to"

    Those of us with a normal but rooted Android can do these things already with XPrivacy, an XPosed module. Fine grained control per system call, also for system apps (yes, that includes keeping pre-installed Facebook out of my address book and gps data). And I can choose to simply refuse, or tell it the address book is empty and I'm on the south pole.

    1. Re:I say XPrivacy by Gaygirlie · · Score: 2

      I didn't know of XPrivacy, I'd like to thank you heartily for mentioning it here! I'm not the kind of person who just installs everything that I come across on my phone and, actually, I only have a small selection of apps installed at all times, but still, should I need something I don't quite trust I would definitely like something like this between my data and the app.

    2. Re:I say XPrivacy by L4t3r4lu5 · · Score: 1

      As an alternative, both Cyanogenmod and ParanoidAndroid ROMs contain permissions managers. There are more than likely others, but those are two I've used.

      Unless there's some fundamental changes to the OS that isn't included in the press reporting, I'm not really seeing anything that great about Blackphone other than the bundled services. My Nexus 4 has exactly the same protections: Baked-in permission control, including system apps, and VPN connectivity to my home / third party VPN service, or Tor network browsing. Kismet SWM is available on the Play Store store for free. Silent Circle services require a subscription, but available on any Android device.

      Have I missed anything? I just don't see anything remarkable about "PrivOS".

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    3. Re:I say XPrivacy by Anonymous Coward · · Score: 0

      This is good to know. I like the option of not having to root my phone, though. Rooting phones requires the installation of apps that may or may not be good for you. Plus, there's always the possibility that you screw it up and brick your phone.

  3. That's not a security feature how you're thinking by Anonymous Coward · · Score: 0

    turn off the Camera appâ(TM)s access to the camera hardware and turn off the Browser appâ(TM)s access to networks.

    That's not a security feature to protect the end user, it's a security feature to remotely disable any blackphones camera or web browser. You can't record the government and police beating you and upload it to the internet if you physically cannot record and upload.

  4. Gimme a keyboard by ptaff · · Score: 3, Interesting

    All fine, but can they (or someone else) release such a device with a keyboard? the point'n'grunt interface just gets so annoying for serious stuff (ssh with a soft keyboard, you're kidding me, where's the other half of my screen?). I mean this phone is not aiming for the 8-year old brat crowd, unlike most of what's on the market today.

    1. Re: Gimme a keyboard by Anonymous Coward · · Score: 0, Funny

      Don't know what you're talking about. I have no problem pulling off 60wpm on a soft keyboard.

    2. Re:Gimme a keyboard by JaredOfEuropa · · Score: 1

      Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space ("you're kidding me, where's the other half of my phone?"). The idea that serious people want a physical keyboard is something that even people in the Blackberry boardroom no longer believe in. At our firm, BBs disappeared almost overnight as soon as corporate mail was made available on iPhone and Android.

      Most people manage typing on virtual keyboards just fine. Those who prefer physical keyboards just buy one of many available bluetooth ones and use that.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    3. Re:Gimme a keyboard by Sockatume · · Score: 1

      Take all the existing costs and yield problems of a touchscreen phone, then add a few dozen mechanical parts under a region-specific text overlay, and attach them to that phone with even more moving parts.

      It's probably best for a niche device like this to start off with a design that minimises risks.

      --
      No kidding!!! What do you say at this point?
    4. Re:Gimme a keyboard by ChunderDownunder · · Score: 1

      ssh on an android phone sounds masochistic.

      Get a laptop and tether!

    5. Re:Gimme a keyboard by Anonymous Coward · · Score: 0

      Or if you insist on using your phone, you're not using ssh from the metro, are you? Just have a Bluetooth keyboard somewhere that you can pull out when you really need to type.

    6. Re:Gimme a keyboard by AmiMoJo · · Score: 1

      You should try using a swipe keyboard. Once you get used to it you won't miss physical keyboards any more. The standard Google keyboard is pretty good and supports swiping.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re: Gimme a keyboard by AvitarX · · Score: 2

      I use it fairly regularly.

      With hackers keyboard.

      --
      Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
    8. Re:Gimme a keyboard by Anonymous Coward · · Score: 0

      I also miss physical keys... I'm stuck on an aging Sony MiniPro simply because it has a slide out keyboard. I'm so frustrated that there seems to be a lack of interest in catering for people that lack proper keys to press...

    9. Re:Gimme a keyboard by Anonymous Coward · · Score: 0

      "...that LIKE proper keys to press."
      Ugh brain fart.

    10. Re:Gimme a keyboard by neilo_1701D · · Score: 1

      The idea that serious people want a physical keyboard is something that even people in the Blackberry boardroom no longer believe in. At our firm, BBs disappeared almost overnight as soon as corporate mail was made available on iPhone and Android..

      I've seen that too; the mass exodus from BB to iPhone/Android. The full touchscreen was probably the shiny reason to move away; connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch, however. From an IT Administration standpoint, the elimination of the BES because EAS (Exchange ActiveSync) is good enough for maybe 90% of organizations was a primary factor: no more buying extra BES licenses when someone new comes on board.

    11. Re:Gimme a keyboard by Anonymous Coward · · Score: 0

      So just connect a keyboard to it.
      This isn't an iPhone.

    12. Re:Gimme a keyboard by Anonymous Coward · · Score: 0

      I also miss physical keys... I'm stuck on an aging Sony MiniPro simply because it has a slide out keyboard. I'm so frustrated that there seems to be a lack of interest in catering for people that lack proper keys to press...

      Software keys are cheaper to implement. On a 10 inch tablet they are barely tolerable, but on a smartphone, maybe for a child, or people with teenie tiny fingers, but pretty worthless for anyone with normal fingers. Big hand like mine, they are less than worthless.

      Whicc is why I seldom text message.

    13. Re:Gimme a keyboard by Sockatume · · Score: 1

      That's not much good when you're pressing special characters and modifier keys all the time. I've hacked together regexes on an iPad before, using my favourite terminal app which brings up a bunch of useful shortcuts to special symbols and the modifiers, but it was still quietly horrific.

      --
      No kidding!!! What do you say at this point?
    14. Re:Gimme a keyboard by ArhcAngel · · Score: 1

      connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch

      iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here. I have at least six email accounts on my BB and can open them in a consolidated folder or individually. iOS 7 has dramatically improved over previous versions but it's still not on par with BB. I remember my first iOS device and discovering that you couldn't delete a calendar once it had been added to the device even if you deleted the existing email account without wiping the device! I think they fixed that in iOS 4.

      And it is funny that everyone compares BES to Exchange ActiveSync because the latter only handles 1/4 of the things a BES does. To your point most likely the percentage is closer to 75% of people don't need the capabilities of the BES but if you EVER use VPN on an iOS device to connect to your company network you would have been better off with a BES. I have been able to connect to my network shares and manipulate files on my company network since 2003 with a BlackBerry WITHOUT connecting to a separate VPN because the BES creates an encrypted always on VPN connection to the corporate network. I could use remote desktop on my BB in 2004. It wasn't pretty or fast but it worked. Doing that on an iOS device works well but if the screen turns off while I am connected I get bumped off of VPN and have to start all over. Point and laugh all you want about how BB underestimated the allure of full color touch but they nailed communication and security and still haven't been matched on that front.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    15. Re:Gimme a keyboard by Blaskowicz · · Score: 1

      The sentence makes perfect sense either way ;)

    16. Re:Gimme a keyboard by Anonymous Coward · · Score: 2, Insightful

      Yes, let me buy a security-minded phone then get data into it over bluetooth.

      A secure phone MUST have a physical keyboard.

    17. Re:Gimme a keyboard by AmiMoJo · · Score: 1

      I think your mistake was trying to do regexes on a device that isn't designed for anything more than email and web browsing. Maybe a Surface would be more suitable?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    18. Re:Gimme a keyboard by neilo_1701D · · Score: 1

      connecting to multiple email accounts (multiple Exchange account at that) and having a consolidated inbox was probably the major reason for the switch

      iOS & Android still can't match the BB for email support so I can't fathom what you are talking about here.>

      That's certainly true now; my new BB Curve has all those features too.

      But I'm talking a few years ago; in the Bold 9000 era. BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP (unless you had a 3rd party client; even then it got messy because of no unified inbox and increased battery drain). The iPhone with iOS4 and most Android phones at the time could do unlimited email accounts - and iPhone could have multiple Exchange accounts, which was quite unique for the day.

      As to all you other unquoted but acknowledged points (communications, security, VPN, ...) I am in total agreement.

    19. Re:Gimme a keyboard by WaffleMonster · · Score: 2

      Gimme a break. Cell phone makers target most of the market, which ranges from 8 year old brats to serious business users. And now that we have decent touch screens, many people seem to prefer those over physical keyboards that take up a lot of space

      You know what takes up a lot more space? On-screen keyboards.

    20. Re: Gimme a keyboard by sam0vi · · Score: 1

      Sounds like you should update your skills, or get a Bluetooth mini keyboard or something. You are not most people. Save your grumpy mood for the wife

      --
      When my Karma level reaches 0 I feel in piece with the Universe
    21. Re: Gimme a keyboard by bill_mcgonigle · · Score: 1

      tempest is easier than breaking bt crypto.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    22. Re:Gimme a keyboard by ArhcAngel · · Score: 1

      BBOS at that time (4 point something or other) could only do email via BES; one account only and no POP3 / IMAP

      Perhaps you weren't aware of how to set them up but the ability was there. I had my Yahoo account set up via POP3 on my 7230 with BB OS 4.x in 2004.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  5. Binary processes running with root privileges... by Anonymous Coward · · Score: 1

    Binary deliverables does not cut anymore. 100% source like these guys: tearcomm.com

  6. Power and Performance by lancejjj · · Score: 4, Interesting

    Blackphone is MY only way to go.

    after all, how can I trust anything on any other device? The manufacturers and Google are very much interested in keeping a major part of their official ecosystems CLOSED SOURCE.

    I am putting the keys to my kingdom on them: on-line banking, SSH, VPN, and all sorts of other stuff is accessed by my phone. Just a tiny bit of mystery code could be slurping up all these credentials and key data and storing it on the device... only to transmit it later via covert means (DNS requests or whatever). How do I know this is NOT happening? I don't. I need to have faith in the multitude of vendors and app authors. Vendors that I have no reason to trust.

    Two factor authentication? HA! The second factor is ALSO on my phone. Sorry to say, that's ZERO FACTOR if someone already has code running as root on the device.

    1. Re:Power and Performance by Forbo · · Score: 1

      So wait, is Blackphone open source? I'm not seeing anything indicating that. You state that you can't trust any other device, because it's closed source, but...

      Maybe I'm missing something here.

    2. Re:Power and Performance by Anonymous Coward · · Score: 0

      You're not missing anything. I've no idea why there's people in this thread lauding this as some grand achievement.

  7. While I appreciate what Silent Circle is doing... by mitcheli · · Score: 5, Insightful

    I have to seriously hope that the phone is more than just encryption and access control. What types of intrusion detection does the phone have? What types of behavioral analysis to determine unknown exploit vectors does the phone have? Does the phone have decentralized communication methods? One idea I have pondered but seriously don't have the time to get engaged in is to try an SVOIP concept using peer to peer wifi connections, a mesh network of sorts. If the communications are decentralized and segregated from infrastructure, then you can bypass many of the eavesdropping techniques. If you have some form of behavioral analysis, then you can start to identify techniques to exploit the phone at the operational level. Encryption goes a long way to help, and software based access control at the OS level (assuming it's secure and not hackable) is also a good start. But maleware is getting far more customized and attacks on the platform are getting much tougher to detect on a pattern based methodology.

    --
    Select from tblFriends where interesting >= 4;
  8. Re: While I appreciate what Silent Circle is doing by Anonymous Coward · · Score: 1

    Behavior analysis does not work. Since the attacker has access to the same algorithm they simply can test various methods until they get through, like how spammers use spamassassin to test their spamscore.

  9. What is this? by Anonymous Coward · · Score: 0

    Some kind of wannabe BlackBerry? Is the firmware encrypted (with encryption that actually means something, i.e., not PGP or RSA)? Can you root the phone and install a different flavor of Android? (If so, it's not secure.) Are apps sandboxed completely away from escalating their permissions (i.e., is it running in a virtual box separate from the core services)? Meh. Probably a honeypot.

  10. Secured with secret source by bug1 · · Score: 1

    How can anyone take them seriously when they use proprietary closed source drivers...

    They are just a gimmick.

    1. Re:Secured with secret source by Anonymous Coward · · Score: 0

      Your absolutely right. I'm skeptical of any device that is dependent on non-free software. The problem is that free software devices are only the beginning of what is needed. What we need is something like Replicant (a free software distribution; based on android with non-fre parts removed) that is running on a device that is compartmentalized (you can turn off the mic, the camera, and the modem does not have any control over the rest of the system as is the case in many current phones, and even after all this you probably need something that is more of a pager-style device than a phone to really do a good job at thwarting privacy invasive governments).

      We also need not-for-profit privacy oriented organizations concerned about freedom, free software, legal implications, etc like the EFF and FSF to fund such a project, but in turn we need to fund these organizations.

      Then such organizations needs to make sure that everything is developed in an open manor for security and not just be “open source”, or free software (while critical, without open development third parties will have a difficult time ensuring that code changes are not tampered with or have backdoors/bugs/etc). Every patch that is submitted needs to be public at the time of submission (ie not just a big code dump when everything is near finished) and peer reviewed.

      http://www.replicant.us/

      Right now I think the best answer is just to get computer hardware that is free software friendly and avoid carrying a tracker (ie cell phone) with you at all. ThinkPenguin.com has the largest selection of free software friendly computer hardware/accessories/etc. There are a few other places now that are also an item or two here or there that are also good to look at. See: fsf.org/ryf for a list of certified hardware (there is more from ThinkPenguin that is free, but just not certified by the FSF, at least at the moment).

  11. What is this supposed to accomplish? by silfen · · Score: 2

    If you want to build good security, you need to know what threats you are trying to protect against: NSA spying? Thieves stealing your financial information? European spying? Chinese industrial espionage? Jealous wife? Corrupt prosecutor? MPAA fishing expeditions? Depending on the threat, the security solutions look rather different. Which of these use cases is the phone actually suitable for?

    And there are plenty of open questions about the security this phone claims to provide. How do we know we can trust the employees of the companies involved? Which jurisdictions apply to the phone, the software, and the services? Who can push updates? Which parts of the software did they audit and how and who? Did they close off any attacks against the baseband processor or is that still wide open?

    I think if you want a secure mobile setup, you're far better off going with something simpler: get a dumb phone, a mobile hotspot, and a Linux laptop; run VPN and VoIP from the laptop. You're going to get better security and a much more transparent system than Blackphone.

  12. CyanogenMod much?! by sam0vi · · Score: 1

    Nothing that the article says can't be done with CyanogenMod, except maybe some hardware stuff that seems vague. Just flash your phones with CM, people. (Sent from a z1 compact flashed the day of purchase)

    --
    When my Karma level reaches 0 I feel in piece with the Universe