
Blackphone - jorrizza
https://www.blackphone.ch/
======
revelation
The privacy issue in smartphones isn't the freaking application processor
running Android. Sure, that ones terrible enough.

But the actual problem is the baseband processor running completely non-free
software, with an enormous attack surface and access to all the interesting
periphery (GPS, microphone). There is not just opportunity to compromise your
privacy, Qualcomm and others actively implement such features at the behest of
governments and carriers.

Oh, and if you plug that enormous hole, you get to the SIM card, yet another
processor that you have zero control over, but which has access to enough
juicy data to compromise your privacy. I highly recommend everyone to watch a
talk from 30C3 by Karsten Nohl, where he shows a _live_ attack on an
improperly configured SIM card that _remotely_ implants a Java app on the SIM
card which continuously sends your cell ID (your approximate location) to the
attacker by short message (without notification to the application processor,
e.g. Android or iOS):

[http://www.youtube.com/watch?v=5B7XyVWgoxg](http://www.youtube.com/watch?v=5B7XyVWgoxg)

Carriers can do this today. (edit: that's a bit nonsensical, because carriers
of course already know your cell id. Anyone with the ability to run a fake
basestation momentarily (think IMSI catcher) can do this.)

~~~
rdl
The solution is for your phone to not be a phone. Strip out the baseband
entirely, use usb or wifi to a 4G LTE dongle, do VoIP. Extra benefit that you
can explicitly know when you're radiating (and thus being location-tracked).

Blackphone is pretty lame, IMO. There's something better coming from a trusted
source in weeks, and plenty of work being done on the "there is no phone"
phone concept.

~~~
bwooce
"Strip out the baseband" of a dongle and you won't have a device that can
connect to the network, authenticate, shift cells or anything else. It's like
stripping the firmware off your disk drive.

Fully support the initiative for an open baseband. One reason it's not open is
the (fairly legit) fear that intentional and unintentional DoS attacks would
occur, affecting everyone in the area. It's really really simple to be an
obnoxious cellular network citizen and it's pretty damn hard to police.

Baseband bugs that impact networks are common too due to the complexity. I saw
a function point analysis of GSM vs 3G once, seem to remember 1-2 orders of
magnitudes difference. Ahh Function Points, you flawed devil of a management
metric.

~~~
ansible
_Fully support the initiative for an open baseband._

I would love to live in a world where this can happen. But we don't live in
that world.

The carriers have paid billions of dollars for exclusive use of their
frequency bands. And their hundreds of billions of dollars of revenue depend
upon smooth operation of all devices on the network using those bands. They
will use whatever means to protect this.

OK, so let's talk to the FCC (and all the other agencies around the world),
and get some other frequency band we can use for our totally open phones.

Well... there aren't any open ones left in the good range of approximately
700MHz to 2GHz. This is the part of the frequency spectrum that has decent
carrying capacity, good penetration, and not too high power requirements. It
is basic physics. Go lower in frequency, and you can't carry enough bits to be
useful. Go higher in frequency and you start getting stopped by walls and
such.

All the good bands have been allocated in the USA and elsewhere for TV,
existing carriers, military, satellite, and so on. At a minimum, you'd need
tens of billions to lobby for and buy a decent chunk of spectrum. And you need
to get the current users moved off, which they won't like.

All we have left are the 'crap' bands like 2.4GHz (microwave oven
interference). 5GHz isn't too bad (not a lot of other interferers) but it is
short range with the current regulations. Another open band for unlicensed use
at 60GHz gets stopped by walls, air (oxygen)...

~~~
IgorPartola
I don't understand. If I come to a carrier and say "Here's a codebase for your
baseband. It's OSS, well tested, secure, and supported. Buy support from me."
why won't they go for it. Surely, an OSS solution is cheaper for them than
developing an in-house crap solution that I'm sure it is now.

Also, is there any harm in just open sourcing their baseband code? It seems to
me that it's worthless without the license to use the frequency anyways, so
who cares if the code is open from a losing business point of view. On the
other hand, things like security review are to the carriers' and
manufacturers' benefit, no?

~~~
ansible
_If I come to a carrier and say "Here's a codebase for your baseband._

The carriers don't want baseband code, they just want finished products to
sell.

 _It 's OSS, well tested, secure, and supported. Buy support from me." why
won't they go for it. Surely, an OSS solution is cheaper for them than
developing an in-house crap solution that I'm sure it is now._

OK, assuming you get a current-generation baseband chip for free (it actually
costs a ton of money to develop) with full documentation, you're still talking
hundreds of millions to develop that software. GSM (a 2G technology) is
complicated. UMTS / HSPA (one of the 3G techs) is an order of magnitude more
complex. LTE (4G) is another order of magnitude more complex than 3G. The
baseband code, plus all the testing code, plus all the testing required by the
FCC, standards bodies and the carriers is a ton of money.

It costs millions to take an existing chipset (which has already been
approved), an existing baseband codebase (which has also already been approved
for use with that chipset) and put that into a modem and get that approved.

The chip vendors have their own baseband code now, and they are all in fierce
competition with each other. They aren't going to just use your code, and they
aren't going to let you use their chips either.

~~~
IgorPartola
OK, thanks for the explanation. So it sounds like this comes down to vendors
competing and not wanting to have their code exposed for fear that others
might copy their chip + code when the vender is the one paying all the fees to
make the chip + code usable. I guess this is similar to Nvidia vs AMD (vs
Intel I suppose), except perhaps even more entrenched and without much hope of
a community reverse engineering a solution.

This sucks. Do we have any alternatives? Are there any completely open radio
chips in development?

~~~
ansible
_So it sounds like this comes down to vendors competing [...] I guess this is
similar to Nvidia vs AMD (vs Intel I suppose) [...]_

Yes, exactly. Sometimes just seeing how something is organized, or the API can
give significant clues to how it is done. It is much harder to start from
scratch.

 _Do we have any alternatives? Are there any completely open radio chips in
development?_

See my parent post. First you need a few billion dollars to buy some spectrum.

~~~
IgorPartola
> See my parent post. First you need a few billion dollars to buy some
> spectrum.

So that's the tragedy of the mobile computing revolution isn't it then? That
communication tech is technically a free market but realistically is
controlled by very few corporations with very deep pockets. I did not realize
that this is how it was set up and now I am sad.

------
joosters
Completely useless web page. All wooly 'feel-good' words and no hard, concrete
information. So I guess we just have to take it on trust then?

Also, their privacy policy is laughable:

 _We turn the logging level on our systems to log only protocol-related
errors_ \- great!

 _the pages on our main web site pull in javascript files from a third party.
This allows our web developers and salespeople to know which pages are being
looked at_ \- so instead of keeping your own logs, you are outsourcing this to
a 3rd party with worse privacy policies, and who can now aggregate your
website usage with other sites.

Why didn't they just keep logging on and get rid of the 3rd party bugs?

~~~
panacea
"Blackphone is re-shaping the landscape of personal communications. Pre-
ordering begins..."

How is it re-shaping anything before it's started shipping?

~~~
yitchelle
"Pre-ordering begins..." is letting folks their idea validating strategy. I
wonder what the threshold is going to be, 100, 500, 1000 or more pre-ordered
phones.

~~~
rbanffy
It also helps to build a list of people who have something to hide ;-)

------
EthanHeilman
I'd really like a phone that had the following features:

* physical switches for GPS, WIFI, Radio, Camera, Mic, write/read access to disk (go diskless),

* a secondary low power eInk display that is wired directly into the hardware that shows when the last time GPS, mic, camera were turned on (and for how long) and how much data has been sent over the radio and read from disk,

* a FS which encrypts certain files with a key that is stored remotely. If your phone is stolen you can delete this remote key. The key is changed on every decrypt. You also get a remote log of all times this remote key was accessed.

* hardware support for read-only, write-only files,

* hardware support for real secure delete on the SSD,

* the ability to change all my HW identifiers at will (IMEI, SIM, etc),

* a log, stored on a separate SD card, of all data sent and received using a HW tap on the radio/WIFI. The log should be encrypted such that only someone with the private key can read it (public key used to encrypt an AES session key which is rotated out every 5 minutes). If you think someone has compromised your phone you can audit this log for both exploitation and data exfiltration. Since the log is implemented in HW, no rootkit can alter it.

------
buro9
Well, this is just a splash page and says very little.

It's in partnerships with
[http://www.geeksphone.com/](http://www.geeksphone.com/) which is FirefoxOS
based. But yet the Blackphone splash has an image of a phone with Android
buttons.

They claim no hooks to vendors, so if it's Android I can't imagine this is
going to carry the Play store.

I'd be interested in knowing how they will secure and make private the core
functionality of being a phone and sending email and text, all of which are
insecure.

On that, I'd speculate that this is just pre-loaded with Silent Circle apps,
and maybe will be announced as having DarkMail and a choice of RedPhone.

But... there's no info at all really, so who knows what this is.

The only problem they really have to solve is the eternal question of: Is it
possible to provide real security and privacy whilst providing convenience?

~~~
infinite_snoop
From the video: "PrivatOS is the Android you are familiar with"

------
_wmd
As others have pointed out, the baseband is not your friend. Was thinking
about this recently, and saw no reason why existing POCSAG (pager) networks
couldn't be reused to provide a completely passive receiver. Imagine a phone
where the baseband was off by default, unless attempting to make a call.
Voicemail/e-mail summaries were broadcast encrypted via POCSAG, and generate
notifications just like a new mail summary coming in via GPRS/3G would.

Obviously usability would suffer a little bit (mostly in huge latency when you
actually wanted to make a call), but seems like very cheap phone could be
built that integrated a pager, allowing complete disconnection from the
'active' radio network, avoiding location tracking by your cell provider, or
similar evil tricks by third parties.

~~~
this_user
> _" Imagine a phone where the baseband was off by default, unless attempting
> to make a call."_

Except if everyone started using a phone like that, you wouldn't be able to
call anyone.

~~~
pyre
You'd page them first!

------
joncp
Secure? They're rewriting the baseband, then? Color me skeptical.

~~~
tombrossman
Related story here
[http://www.osnews.com/story/27416/The_second_operating_syste...](http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone)

------
Trufa
I agree with the fact that the website is still a little bit unspecific but
this project is backed by Phil Zimmermann, he was the creator of PGP, it
doesn't guarantee anything but it definitely means some smart people who are
worried about privacy are behind it.

------
apunic
Android having the most granular permission system ever seen on any operating
system is already the most secure operating system.

The biggest security hole next to the baseband processor and the SIM is _the
user_ who installs every app in seconds without checking permissions.

~~~
drdaeman
Not even remotely granular. Install XPrivacy[1] (which is still not granular
enough for me, as it lacks filtering over function arguments) and see that
categories are very broad.

[1]:
[https://github.com/M66B/XPrivacy#xprivacy](https://github.com/M66B/XPrivacy#xprivacy)

~~~
magic_haze
Argument-level filtering would be awesome, but I don't know, the existing
app+function level filtering seems to be working fine for me so far. The only
real complaint I have with xprivacy now is the atrocious UI, and I'd really
like some way for it to automatically fetch filters from somewhere so I don't
have to bother with the permissions every time an app updates.

------
GrinningFool
[https://www.blackphone.ch/hello-world/](https://www.blackphone.ch/hello-
world/)

I'm sure there's logic there - powering a very basic non-informative landing
site with a WP installation that you took the time to customize, but not
delete the default post and comment from...

But it certainly doesn't give me warm fuzzy feelings about the people behind
this.

------
Duhck
I don't really feel like a slave, maybe I am under reacting here. I am pissed
the NSA is collecting data, I am upset at all the recent revelations we have
had about data privacy in the last 6-8 months, but I certainly don't feel like
a slave.

These products should be advertised on theblaze and infowares.

Sure there is a need for better privacy, but I don't really care for the
fearmongering...

------
darklajid
I'm weird enough to be interested in these kind of things, but the whole site
is really .. just fluff. Ignoring that and focusing on the sparse details of
the actual thing:

\- High-End Android device

\- Privacy features in the (custom) Android version

\- "Secure communication builtin"

Again, I like the idea. But so far the details match CyanogenMod (with
TextSecure for SMS, maybe XPrivacy on top)?

~~~
soci
Yes, looks like an Android powered device. So, at the end is just another OS
right?

One of the big drawbacks when I first started my nexus5 was that I was being
spyed. Why the hell do I need a gmail account to get started?!

I wonder if it would be possible to install this Android flavour in a Nexus
device ?

~~~
redacted
You don't actually need a gmail account for what its worth - Google just makes
it difficult. On the screen where it requests a login you (seriously) need to
tap each corner of the screen in clockwise order starting from the top left.
That should skip the step.

~~~
ianlevesque
That's useful, and user-hostile. On iOS you can just tap "Skip this step" if
you don't want to use an Apple account with it.

~~~
Mikeb85
Yet you need an Apple account to download anything from the App Store or
iTunes... An iPhone without apps is barely useful.

------
c1sc0
How does this protect me from my carrier? No matter which phone I use they
still need to record who I call for "billing purposes" and know which cell is
closest to route my calls.

~~~
msh
You could use p2p VoIP.

~~~
sdoering
Not in Germany, where opening your WIFI makes you liable for all the things
that might happen with this.

But only if you are a private person (or a small cafe/venue). If you are an
ISP, you can operate hotspots wherever you want and charge whatever anyone is
willing to pay. And you do not need to fear being held liable for your users
actions.

[Edit] Meant to say, that since this change of law we do not have a lot of
open WIFI-Spots anymore.

------
epaga
No mention of the thing being completely open sourced - or did I overlook
something? If not, seems like something they should mention (I am assuming it
IS open source?)...

~~~
elwell
Good point.

------
wavesounds
Anyone thinking of making a video to sell a privacy product to mass consumers
should probably stay away from creepy music and women walking around in all
black hoods. Instead go for soccer moms buying stuff with her credit card or
librarians doing research for a school kid. Let's not make secure/private
communications something weird and creepy but something normal that everyone
does.

------
thecoffman
A site peddling a product that is supposedly about user control and privacy
that won't even load without javascript...

The irony is almost too much.

~~~
Mikeb85
Why? Check out the page source, everything is un-obfuscated, there for you to
see.

------
yetfeo
Mozilla could take great strides towards this type of phone if they cared.
Integrate tor, Whisper Systems RedPhone and SercureText, HTML tracking
disabled, etc. I'm surprised their Firefox OS looks and works so much like
every other phone out there.

~~~
andor
Mozilla would have an awful lot of security work to do. If you check the CVEs
for Firefox, there was, on average, a remote code execution vulnerability each
week in the last 3 months.

[http://web.nvd.nist.gov/view/vuln/search-
results?query=firef...](http://web.nvd.nist.gov/view/vuln/search-
results?query=firefox&search_type=last3months&cves=on)

~~~
yetfeo
They have to do that work anyway due to Firefox OS.

------
sifarat
I would hate to say this, but people here and there, are cashing in NSA
fiasco. I would have loved it more, if this was more focused on 'features'
than playing with people's emotions. this is valid for everything currently
cashing-in NSA issue.

As for, NSA spying how exactly can this phone ensure 100% secrecy. Given a
user would have to use the same apps, and above all, the carrier that other
smartphone users use.

Point is, US Govt is hellbent on spying on you. And they will no matter what.
Either change the US Govt, or suck it up. Nothing else is gonna work.

~~~
andor
The only thing missing in the video is Julian Assange as the narrator ;-)

Basically, this seems like a lifestyle device for pseudo-"hacktivists". And I
expect people to install WhatsApp and Facebook on it. There was this article a
few days ago: _" When I was young there were beatniks. Hippies. Punks.
Gangsters. Now you're a hacktivist. Which I would probably be if I was 20.
Shuttin' down MasterCard. But there's no look to that lifestyle! Besides just
wearing a bad outfit with bad posture. Has WikiLeaks caused a look? No! I'm
mad about that."_

[http://online.wsj.com/news/articles/SB1000142405270230463640...](http://online.wsj.com/news/articles/SB10001424052702304636404577298132546958436)

------
avighnay
Geeksphone is doing pretty impressive for a startup that they were launch
partners for Firefox OS and now have roped in PGP founders for this project.

Were they successful in delivering on the Firefox phones?, Their website
always says 'out of stock'. Blackphone seems to be ambitious too. Is it
possible for a startup to sail these two boats?

Also I find it odd that the PR is always just before the Mobile World Congress
(MWC) which happens in Spain, last year with Firefox OS and this year with
Blackphone

------
runjake
I like Mike Janke and all, he's a nice guy. But, he has backed out of RSAC '14
yet [1]? I find it a tough sell to call yourself a privacy advocate and
legitimize and fund RSA by speaking at their conference. It also doesn't help
Blackphone's cause.

1\. [http://www.rsaconference.com/speakers/mike-
janke](http://www.rsaconference.com/speakers/mike-janke)

------
pieter_mj
True privacy on a smartphone can only be expected when software and hardware
are 100% open sourced. This of course includes the source code for the 3 Os's
that typically run on a smartphone. Anything that's running server-side cannot
be trusted either. So we need client-side encryption/decryption as well.

------
sdfjkl
To even have the theoretical possibility of "privacy & security", both
software and hardware must be fully open. And then there must be some way to
check that the hardware and software you got in that box is actually the
hardware from the spec, without extra chips. Those are pretty hard to
accomplish.

------
whizzkid
With all the respect what they have done so far, I can't see any reason why
this is securer than the other mobile phones..

With the latest NSA stuff, I came to conclusion that a true secure system can
only be built under these conditions and just to put it out there, this is
just my opinion;

\- A computer company that manufactures their own hardware such as hard drive,
ram, cables, network cards.

\- An OS that is newly written and not based on any other existing operating
systems.

\- Building the whole system with INDEPENDENT hardware and software mentioned
above.

\- Keeping the mobile device's source code offline from Internet as much as
possible

These are just the first steps on developing a secure system, then comes the
mobile network architecture and encryption etc.

I admit, it is not an easy job but, trying to develop a secure system with
"not secure" development tools is not the right way to go :)

~~~
giergirey
You're probably right about what's involved in building a truly secure
smartphone from scratch that we can trust.

It's an interesting thought experiment, but I wonder if we can satisfy many
use cases without having to build a truly secure smartphone.

For example, if I just want to have voice calls to a handful of people with
the content of the calls encrypted, then perhaps I can just plug in a
"scrambler box" between my untrusted off-the-shelf phone and my audio headset?

So rather than designing a secure phone where we trust the wifi stack, the
baseband stack, the bluetooth stack, the graphics stack, the USB stack, the
flash storage stack because we've designed them from scratch, all we have to
design is a little scrambler box that just has audio in, audio out, some
mechanism for key generation and exchange, and only needs a laughably modest
CPU to do the encryption.

Don't really need an OS at all - single process and static memory allocation
should suffice.

The audio encoding/decoding and encryption/decryption don't sound too hard to
implement from scratch. It's the interoperability with the rest of the world
and the UI that makes implementing a whole smartphone so hard.

[I do wonder though how well our scrambled audio will make it through the
phone network which is applying lots of clever compression designed for
speech.]

If we assume we can mostly trust hardware designs that are at least 30 years
old then we can probably avoid designing all the hardware from scratch - e.g.
there's probably some sort of Z80 clone CPU we can copy.

The mechanism for key generation and management sounds a bit tricky though.
The user would need some way to add his contacts' keys to his scrambler box.

A keyboard and LCD display to type keys in by hand would be secure but
impractical for long keys.

The level of tech needed to read a key file from a FAT filing system on a USB
stick might be too high to be easily implemented securely. Any ideas?

I'm aware of the famous "trusting trust" paper, but I'm not sure we need to
worry too much about the compiler used to build the software running on our
scrambler box. All we need to do is choose a compiler released before we
started out project and never upgrade it. It is hard to imagine a compiler
backdoor that would automatically recognize that the intent of our code is to
encrypt data and undetectably comprise it (though it would be wise I guess to
avoid any existing implementations of cryptographic primitives).

Sounds like a hardware kickstarter project :)

~~~
whizzkid
"Sounds like a hardware kickstarter project :)" Exactly!!!

We may as well try it out! The concern will be the goal of the project...

What will be the output ?

Will it be just an experiment or business based project?

Never the less, it is exciting to see that a unique device can be made
actually!

I would love to see how secure it would be at the end!

~~~
giergirey
It is an exciting idea but the two obstacles I can see are:

1) When asked, people may say they want security and privacy - but in practice
convenience and functionality win.

2) Among people who genuinely need secure communications, encrypting the
content of calls/texts is good, but isn't normally sufficient - they're still
vulnerable to traffic analysis.

By traffic analysis I mean that even though the adversary can't read the
content, they can still figure out things like:

"Mr X is the ring-leader of the freedom fighters since his phone is used to
send encrypted messages to several other phones, which then send messages on
to several other phones."

"Mr Y is guilty of orchestrating the protests since we saw a strong
correlation between the times of the protests and messages coming from his
phone."

So I'm not sure how popular the product would actually be. Unless we can
somehow solve the traffic analysis problem.

~~~
whizzkid
Traffic analysis is not a problem if we could ever gotten that far.

We can solve it by faking the signals and sending it every x timestamp. So
they will think there is a traffic but there is not. This is the first came to
my mind but i don't think it is a big issue at all.

Marketing of this, is a little bit different. Of course, you will not sell if
you say you have the most secure phone. But if you polish it with some
exciting features which does not exist yet? :)

------
cyphunk
Will the browser be OSS? Will the mail app? Message app? Maps app? If the
essential apps that constitute a "smart phone" are not open source, at least
the defaults, it's really irrelevant.

Not to mention that none of the providers have the code to the baseband.

I could imagine a phone that treats the baseband as an untrusted entity and
encapsulates everything running over it. This would require forcing SSL for
all HTTP traffic, and using some standard for SMS and Voice encryption that is
on by default when the recipient on the other end also has a supported device.
For those that do not you're unencrypted SMS would be exposed at many hops
even if they smartphone were full OSS and trusted, even to the baseband level.
So silo'ing everything where possible is a valid solution with closed
basebands.

------
djyaz1200
Will someone please tell them to remove the clips in their video of testing a
white phone in the interest of brand consistency? Also this idea seems like a
solid game plan for Blackberry? They could rename their company "Black" ala
P-Diddy v just Diddy. :)

------
tn13
How difficult is it really to make a truly open source phone ? All it takes is
one dedicated hardware company and a software company coming together.

Hackers have built some amazing hardware in past and we all know about how
open source communities have built some of worlds best software. Google, Apple
etc. are building devices where they act as gatekeepers and charge us for all
nonsensical stuff. If you make a website there are a gazillion ways to promote
it but there is only one way to promote and app. Pay some advertiser and you
are totally at mercy of Google or Apple.

Firefox has been doing the right thing so far but they seem to take too much
time.

~~~
digitalengineer
The baseband or "The secret second operating system that could make every
mobile phone insecure". It's used by _all_ phones and it's unsecure. Do they
rely on the same baseband? Source:
[http://www.extremetech.com/computing/170874-the-secret-
secon...](http://www.extremetech.com/computing/170874-the-secret-second-
operating-system-that-could-make-every-mobile-phone-insecure)

------
josefresco
If I desire privacy would I buy a Blackphone, or would I buy another more
common smartphone which I would then secure?

If you're "picked up" or detained and you have a Blackphone, or someone
observes you using your Blackphone I doubt very much it would help your
pricacy concerns.

If however you have a seemingly normal phone it might be overlooked and simply
using it wouldn't raise suspicion.

My point is that this type of phone is more for the "regular" person who
simply doesn't want to be monitored (as much) and not covert agents looking
for a secure phone/platform for communication.

------
fmax30
This maybe a bit off topic but, why did Switzerland get the .ch domain instead
of china. China seems to have a lousy CN domain ,( which reminds me of cartoon
network for reasons that are irrelevant here).

~~~
dan1234
CH is Switzerland's ISO-3166 code. The full country name is Swiss
Confederation (which is Confoederatio Helvetica in latin).

------
bosch
Does any one else find it odd a privacy centric phone's website won't load
without scripts, cookies, etc? I would think they would have a text only
version if items failed to load properly...

------
tinalumfoil
Does anyone else see this as ridiculous attempt to profit off the NSA leaks.
The video is about scaring people into believing their being "enslaved" and
are coming out with a device that has "never before before created" that is
aimed at "for privacy-minded, security-minded people". It's filled with
unrelated words like "neutrality", "all walks of life", "innovative thinkers"
to make it seem legit.

There is no mention of the methods used by the phone to ensure privacy.

------
andyjohnson0
I know they are pre-launch and this is just a landing page, but it doesn't
tell us much. Questions:

1\. Is this just a stock phone with some privacy-orientated applications
built-in, or is the OS and hardware contributing anything?

2\. They seem to be using Android. AOSP or Cyanogenmod? Have they any work
themselves to harden the OS? Are they using virtualisation?

3\. Any closed binary blobs in there? What about the baseband firmware? (Does
open source baseband firmware even exist?)

4\. Whats the hardware like? Is it hardened in any way?

------
BuildTheRobots
Love the idea of a GSM handset that believes in protecting my privacy, however
all their features seem to revolve around a secured Android OS.

Does anyone know if the actual baseband/wireless side has been designed with
security in mind? -for example I'd love to be warned when I'm connected to an
A5/0 "encrypted" GSM network, but I haven't been able to find a handset build
in the last decade that's willing to warn me.

------
digitalengineer
"and anonymize your activity through a VPN."

iOS and Android support VPN but it needs to be manually _activated_ each time,
making it rather useless unless you're using some public wifi. If I understand
correctly there is a possibility for large companies to integrate VPN but for
the average guy it's rather useless if you have to activate it. If this phone
has VPN really integrated that'd be great.

~~~
mike-cardwell
I understood that this had been fixed in Android a while back so it would
start up automatically? Personally, I'm still on 2.3 which requires a manual
startup...

~~~
ToastyMallows
If you could tell me how to do it that would be great. I'm still stuck turning
it on all the time. Auto-on would be awesome.

------
ilovecookies
Isn't the problem more connected to the hardware and the fact that most people
are already willingly using tons of applications who are giving information
about you to companies like google (maps) twitter, facebook etc. If you
install the apps with consent on your phone, and those apps have access to the
linux or ios kernel runtime and syslogs then you're basically fucked from
start.

------
aagha
It's interesting that all the work being done on this "secure" phone is being
done on non-secure hardware and networks. Presumably if interested parties
think this is a threat, they can access all comms/data about this new phone,
inject themselves where they see fit and compromise the final product.

Oh, and never mind compromising the people involved.

------
unicornporn
No Play store in this I hope. I'm currently running Cyanogenmod without Gapps
and I'm wondering what this will offer me.

------
bybjorn
Looks like there will be several players in this market - an alternative is
Indie Phone; [http://indiephone.eu](http://indiephone.eu) .. If it ever ships
it should be a better alternative privacy-wise as they are building everything
from the ground up (their own OS instead of relying on Android, etc.)

------
rch
This is not the 'first' phone to do these things. I had an idea along these
lines in 2003, and some searching turned up a German company that was already
doing it. Somebody bought them a couple of years later, and I don't know what
happened to the phone. This sure isn't the 'first' though.

------
JoelJacobson
Would it be possible to do the encryption outside of a normal phone, via some
AD/DA converted plugged into the standard 3.5mm-headphone minijack?

I started a thread to discuss this idea:

[https://news.ycombinator.com/item?id=7066792](https://news.ycombinator.com/item?id=7066792)

------
andyjohnson0
Renowned cryptographer believes his 'Blackphone' can stop the NSA

[http://www.theverge.com/2014/1/15/5310710/phil-zimmermann-
si...](http://www.theverge.com/2014/1/15/5310710/phil-zimmermann-silent-
circle-geeksphone-blackphone-launch)

~~~
rbanffy
Unless it's possible to power down the communications processor, install fully
open source software on it (from the boot and up), and disconnect it from any
antennas, I don't trust it at all.

------
dblotsky
"You can make and receive secure phone calls; exchange secure texts; exchange
and store secure files; have secure video chat; browse privately; and
anonymize your activity through a VPN."

People. It's really secure, private, and anonymous, ok?

------
oh_sigh
I get the feeling this phone was designed by a marketing group, and not
competent engineers. Unless they completely design every chip in the phone,
including the SIM and wireless chipsets, the device will never achieve their
stated goals.

------
blackphace
Their trailer seems a little too "inspired" by this First ELSE promo video
from 2009:
[https://www.youtube.com/watch?v=ZHghZnOH8dA](https://www.youtube.com/watch?v=ZHghZnOH8dA)

~~~
a_rahmanshah
Exactly! I thought this whole black thing was some kind of spoof.

------
linux_devil
One should be concerned about privacy and digital footprints , but more or
less it depends on how many people are looking forward to adapt this concept.
People still use Gmail and facebook .

------
sgarrity
They should probably work on the mixed-content SSL warnings on their own
website. It's obviously not related to the security of the phones, but it
doesn't instill much confidence.

------
arj
Unless they have some really special hardware in this, I don't see how its
that much different than running cyanogenmod + secure applications on top,
such as textsecure.

------
r0h1n
>> _" Enabling revolutionary communications"?_

Eh? Wouldn't "Enabling secure/private communications" be a better, albeit less
grand, descriptor?

~~~
derefr
Presumably they mean that literally: enabling the type of communications you
need during a political revolution.

------
blueskin_
Please not another long scrolling page without any real info... shame, I might
have wanted one if they had provided any specs or technical details at all...

------
MWil
I thought it was funny, considering the top comments, that if I cntrl+F for
"zimmerman" it takes me all the way to halfway down the page

------
lispm
I stopped watching the video at 'Android'.

------
pessimizer
How usable is Android without a continual involvement with Google? If you have
to be involved with Google, there's no point.

------
dandare
I am not getting it, how do you prevent the carrier from knowing where you are
if you sign up to it with your number?

------
elwell
While I see the reasoning, the name "Blackphone" just has too much of a racist
connotation in America.

------
higherpurpose
Since NSA/FBI can reroute shipping boxes and install malware in them - do they
have any plans against that?

~~~
psykovsky
Tamper evident holograms above each and every screw?

------
huhtenberg
For a project concerned with privacy and anonymity the news subscription form
is asking way too much.

Also, why is domain on .ch ?

~~~
jey
I think it's just a (clever) part of their branding; Switzerland has long had
an explicit policy of neutrality.

Not a super-reputable source, but succinct: [http://www.wisegeek.org/why-is-
switzerland-regarded-as-a-neu...](http://www.wisegeek.org/why-is-switzerland-
regarded-as-a-neutral-country.htm)

Official Swiss propaganda, but has more info:
[http://www.vbs.admin.ch/internet/vbs/en/home/documentation/p...](http://www.vbs.admin.ch/internet/vbs/en/home/documentation/publication.parsys.0008.downloadList.9934.DownloadFile.tmp/neuteebook.pdf)

~~~
rodh
There's also a strong branding presence of Swiss products in UAE and China
(including some brands you'd never hear of in Switzerland itself), there seems
to be a very strong association of "Swiss Made" with luxury product. I've even
seen opticians advertising "Swiss Glass"(?) in Hong Kong. Thinking back to a
talk by the founder of Virtu, I wouldn't be surprised if the middle and far
east are key markets for this type of product.

------
heldrida
The phone image is missing. Check "images/teaser_site/img03.jpg", css #phone
style.css line 396

Thanks

------
viseztrance
I would personally be interested if they would provide security updates over a
long period of time.

------
naithemilkman
Isn't this kinda moot if you're using any services that is domiciled in the
States?

~~~
pekk
remember: as long as you are outside the US, you are safe from espionage

------
pattle
The website doesn't really tell me anything about the phone.

------
muyuu
I loved it when they asked for my full name to keep me informed.

------
sidcool
Is it an Android phone?

------
drjacobs
Ouch, don't try this one on a slow connection.

------
junto
> Use the apps you know and love.

Ok, so how do they stop Facebook et al from abusing our contact lists and
location data as they do on existing smart phones?

------
skuunk1
Too bad they couldn't get the url blackphone.sh

;)

------
n008
Just get an old Nokia feature phone

------
andyl
I think the Blackphone is a fantastic reaction to the problem of corporate and
government spying. It will build awareness of privacy issues, and pave the way
for other more secure offerings. A great first step.

------
blahbl4hblahtoo
Personally, if I were really worried about privacy I would use burners or get
a lineman's handset. It seems like a smart device that you use all the time is
going to have the same problems.

So, yeah you can encrypt the voice channel. That's great. You can send
encrypted text messages. The people involved are serious cryptographers. All
of it sounds good.

You have to ask your self though, what is it you are trying to do? Who is your
adversary? Other people here have mentioned it, but what about apps on the
phone? Facebook is still Facebook.

------
jlebrech
nowhere near as secure as a burner phone purchased in cash.

------
caiob
Funny how there's a twitter link at the bottom.

Jokes aside, I think it's a great initiative, looking forward to see what
comes out of it.

------
hekker
It would be nice to order Chinese food anonymously with this phone. Looking
forward to the release!

