Happy to see a privacy-focused carrier, and it has better policies than any other carrier out there. But founder is formerly from Palantir and there’s a lot of VC money behind it (not inherently a problem, just flagging).
Thoughts?
It looks like a honeypot, and wtf is a “private cell network”? How are they gonna do that? SMS and phone calls aren’t E2EE
The cynic in me immediately thinks it’s a honeypot to trap privacy-conscious individuals.
I’ll look it up. But I suspect it’ll be just another case of a company pinky-swearing to respect your privacy, like Apple.
This is probably a question for the Graphene forums
Gonna guess a company that has no problem engaging with Reddit’s invasive targeted ad system is not that privacy conscious.
100% honeypot
Big encrochat vibes
What makes you think encrochat was a honeypot? Am I missing something?
Something can’t be both “100%” and vibes based lol
Unless you mean “I am 100% basing the following opinion on vibes”.
You need evidence. Please don’t respond with more vibes.
I am sure it is a honeypot, they will work with feds. I base that on the people behind it.
Also it reminds me a lot of encrochat which had similar vibes about it.
This is ridiculous.
I just assume every ad on reddit is a scam. Seems to be the trend over there.
Hell half of the front page posts seem to be ads anymore
Jmp.chat provides sim activations for xmr but honestly no matter what anything with a cell radio is being logged by its upstream carrier.
If you want a truely private number, use jmp.chat with a separate xmpp server over something like mullvad.
For what its worth, the sim swap protection might be worth it considering how many services force you to use SMS for 2fa, and they seem to ask for less data than usual.
Is it better than your average carrier? Maybe. Is any SMS/phone call coming out of your personal number something you should consider private from the government? Probably not.
Its still going to have to go over the big boy carriers, and its still probably going to be tied to a phone number several institutions will know is yours if its your main number.
If it isn’t, use jmp.chat, alongside a good XMPP provider and VPN, or forego the PSTN all-together.
“Is any SMS/phone call coming out of your personal number something you should consider private from the government? Probably not.”
Well your phone calls themselves – the actual conversation – shouldn’t be accessible without a warrant for a wire tap, that’s pretty longstanding precedent in the U.S. Cell phone location information is also protected by a warrant (Carpenter v. U.S.), but pen registers (logs of who you call) do not require a warrant (Smith v. Maryland). I’m not sure if governments are prevented from purchasing data from carriers, just as any data broker could do. Additionally, who knows if governments are secretly collecting phone call and cell phone data and storing it, but only accessing it once they have a warrant. It’s impossible to know what’s fully happening on the back end between big telco companies and the gov’t.
Either way, at the end of the day, whether you have Cape or some other service, if you’re at the level of the government getting a warrant for your data any legitimate company is going to comply. That’s why the best thing is to have a company that can only turn over limited amounts of data because that’s all they have.
By the cops or FBI maybe. The NSA is absolutely recording any and all phone calls that touch five eyes phone networks. That’s what Snowdon warned us all about.
Collecting and monitoring are two different things. If NSA is still dragnetting communications in the post-Snowden era, it’s likely storing and then accessing when something gives the reason. The sheer volume of communication data is far too large to monitor everything.
Previously discussed three months ago at lemmy.ml/post/33176527. Not sure how to format that link correctly though…
What? Lol.
https://cyberscoop.com/cape-phone-privacy-calea-tracking/
Good article which points to a few promising aspects. They seem to have their own phones (as of Nov 24) as part of this. Second, that their market is “high risk” individuals. So people with money, it sounds like. If the pricing reflects a market for governments, celebs, and crypto bros trying to not get SIM swap attacked, then it’s not likely a honeypot for Feds. Maybe.
I hate the idea of only being allowed to use their phones, but that might just be their “easy mode” for idiot celebrities or government contracts. If they can give me a physical SIM, I’m interested.
I would not be an early adopter. Hang and see who isn’t a plant that joins.
So, they have their own phone that is for high risk individuals and is not available to the general public. Then, separately they have their own mobile network that you can use with any regular phone and they sell Pixels on their website (for $50, you can have them pre-load GraphineOS). The AD i posted is for their cellular network, which is not related to their own first-party device.
It’s a good call to post, but waaay too soon IMO too bother with it. It might simply be flash in the pan marketing for VC funding and not work. It might be a total scam. It might be legit and poorly run. It might be the real deal. It’s hard to say without more data.
You should not use a phone with preloaded graphene without first checking the hash. It’s also kind of insane to charge $50 for it, when Graphene’s web installer just has you click buttons to install. You can even use another phone to do it.
100% agree. I would definitely not have them install graphene for you. Do it yourself so you know what’s in the installation
The feds have already pulled a similar stunt with another manufacturer+software combo. (https://en.m.wikipedia.org/wiki/Operation_Trojan_Shield#Distribution_and_usage)
The only thing that makes this smell legit is the fact that it is a provider and probably only eSIMs. But even then, this is not very good opsec to be deliberately using a marketed product that will likely have an identifier for their cell traffic. Graphene works as well as it does because it runs of pre-existing hardware to be more inconspicuous.
they contracted with the AFP to run the first node of the server and process the data. (Australian law does not provide the same protections as U.S. law for its citizens.)
Thanks for that link. I didn’t know that. We are below the US in privacy laws! Is there any first world country worst than Australia?
They said all users were criminals, but who knows what they are calling a crime, specially with the retarded laws down here…
It shows what I suspected, that Australian software and servers must be avoided even more than Americans.
Well, opsec can only go so far. At some point you need data packets traveling over real wires, and it’s a question of who do you trust with unencrypted data like SMS? Using a data only VPN is “clunky” for wealthy manbabies, who demand less friction in everything they do.
Simply having your data going to their service is immaterial since it’s likely the phone number also indicates it’s a Cape carrier phone, and the IMEI of the phone doesn’t ping for any other carrier.
It’s a strong “ugh…maybe, we’ll see” from me, but I wouldn’t bother with it for another 6 months and see if it ends up one of those super elitist things wealthy people talk about only to each other.
The best answer
How would this be private? Wouldn’t they be using other providers cell network? I doubt they have put out enough or their own towers.
Also how do I pay for it they never now my name or address to I have to put cash in an envelope and drop it somewhere? Ah they don’t store the data on your payment but Stripe does.
So lots of this can be bullshit since they can claim we don’t collect data but they would be an MVNO but whichever network you are using does.
I saw this video on YouTube with a rep from the company and while there were some positive things put forward, the biggest red flag to me was when he wouldn’t disclose what networks they partner with. They are a virtual network so they don’t own the cell towers, and that means they’re running off someone else’s. Why can’t you say who? Other virtual carriers have no problem saying that they run on Verizon or T-Mobile.
https://www.youtube.com/watch?v=K1C-bR728ro interview for Cape starts at about 30 minutes in. Ironically, the podcast is called “Snake Oilers” and it’s a paid-promotion thing, sooooo take this with a grain of salt.
Could be a honeypot.
That’s always the concern with privacy-focused services, especially if they’re not open source or audited.
But if we think about the practical application – who needs a honeypot for cell phone services? Carriers already collect so much data (location, telemetry, payment, government-issued ID, etc) and sell it willingly to whoever wants to buy. How could Cape be any worse? lol. If they adhere to any of their stated policies it seems like a plus, no?
Additionally, at least to me, Cape is not marketing the way the Anom phone did, where it trying to gain adopting by nefarious users. That’s my take - I’m not advocating for Cape since I don’t really know much about them, but I’m trying to put things in context.
The way anti-fingerprinting techniques work is by making you as much of a background digital character as possible. A privacy conscious user spoofing location and network traffic data on AT&T, Verizon, or T-Mobile is going to be far less likely to be singled out compared to customers on some bespoke cell network.
You should try to fake your traffic on a standard phone network (Using something like GrapheneOS with more granular control) to simply appear like another faceless data point rather than a “paranoid privacy user who bought this subscription for the privacy people”, because that traffic will raise eyebrows much quicker.
Fair points. Different strategies for different threat models I assume. Anonymity through hardening (if we take Cape at their word, big if) or security through obscurity.
So, how is this supposed to work? From what I can gather at a quick glance it appears to be a VPN of some sorts but for cellular data?
You get you phone number through them and they act as your carrier and then they use other telcos that have the physical infrastructure to service calls/data. Not that different from how Mint or other virtual networks operate, but Cape alleges to collect little data about its users and not to sell any user data.
