
Blackphone - MrEliasen
https://store.blackphone.ch
======
Nrsolis
I hate to break it to you, but this is not going to keep you safe from a
state-level adversary.

I could drone on about this for pages and pages, but the sad fact is that if
you are a target, it doesn't matter that you are using a "secure phone",
"secure OS", or "encryption".

Time and time again, these systems have been broken or breached with simple
tradecraft and subtle sabotage.

The Pentagon has a concerted (and expensive) effort to validate or verify the
absence of "backdoors" or evidence of "additional circuitry" on ASICs or
subsystems of it's major weapons systems and associated gadgetry. Do you?

I tell people that their simplest way to avoid having their communications
intercepted is to NOT. USE. AN. ELECTRONIC. COMMUNICATIONS. DEVICE.

UBL used couriers, flash drives, and cutouts. If you need that level of
protection, SO SHOULD YOU.

When I need to communicate secretly I BUY SOMEONE A BEER.

~~~
Joeboy
> I hate to break it to you, but this is not going to keep you safe from a
> state-level adversary.

I don't really like this kind of anti-crypto argument. At this point I think
making normal communications between normal people less embarrassingly mass-
snoopable is a very worthy goal. For the time being, people who really,
_really_ have something to hide need to be extra careful (as has always been
the case).

Which is not to say I'm feeling particularly enthusiastic about this device.

~~~
Nrsolis
It's not anti-crypto. It's PRO-tradecraft.

Introducing technology into a system can WEAKEN your security. Knowing that is
almost 90% of the battle.

~~~
Joeboy
I think you're focusing on people who are under a specific, clear and present
surveillance threat. Different arguments apply to those people to the majority
of people who "value their privacy" in a more nebulous sense.

------
davexunit
A prerequisite for security is free software. Critical applications like the
Silent Circle ones are proprietary, afaict. I have zero trust in the
Blackphone and would not purchase one.

~~~
byoogle
This Verge article [1] says “The company will open source the vast majority of
its code for the phone in order for third parties to properly audit its
techniques, find holes, and ultimately help to improve the product.”

1\. [http://www.theverge.com/2014/2/24/5441642/blackphone-
silent-...](http://www.theverge.com/2014/2/24/5441642/blackphone-silent-
circle-geeksphone-pre-order-launch)

~~~
sspiff
If they do, that would go a long way to convincing me this is a tidbit more
secure than any other random Android device.

They should really have released their code at the same time they released
their phone though.

~~~
theboss
I've talked to Silent Circle at conferences and what not. It is not like they
have some crypto noob working on their project...They have Phil Zimmerman.

But, knowing nothing about them, when I asked them ``How does your protocol
compare to TextSecure's Axolotl?'' the response was ``We have Phil
Zimmerman''. So....I'm still a bit put off by them.

Some of their code is already open-sourced here.
[https://github.com/SilentCircle](https://github.com/SilentCircle)

~~~
StavrosK
As someone who works at Silent Circle (though not someone who can speak FOR
SC), I'd say "Axolotl and SCIMP are both very good". Also, I don't know who
you talked to, but keep in mind that not everyone working for SC is technical
and can explain (or sometimes even knows) what Axolotl is/how it works.

------
jebus989
Transparently marketing fear. Apparently this phone is for you if you ever
[0]:

> speak personally with a partner

> worry about your kids

Shameful.

[0]
[https://www.blackphone.ch/individuals/](https://www.blackphone.ch/individuals/)

~~~
higherpurpose
I think most people _need_ some fear about state spying. Most are still
treating it like it's no big deal. It's like the Stasi are here and no one
gives a damn. That _should_ scare people. Maybe we're deeper into Huxley's
world than we thought.

~~~
lordCarbonFiber
Amusingly enough, I think a large part of why people aren't more scared are
sentiments like the ones you just expressed. It is plainly _not_ "just like
the Stasi are here" and the average person can see that. By overstating the
threat we de-legitimise our concerns and apathy grows (similar to the effect
the DARE program had on drug use). Is the expansion of state level
surveillance cause for concern? Of course it is! However, we are by no means
living in a police state and saying so is an insult towards the people working
very hard to effect policy to keep it that way. In short, in my opinion, we
should spread less fear mongering and more political activism if we want to
see change in these policies.

------
bcl
Shipping in June is not exactly 'here'. Come back when independent people can
verify and reproduce the software it is running.

Open sourcing "vast majority of its code" is not good enough -- this thing is
selling security and if you can't rebuild it all yourself there's really no
point.

------
robin_reala
So I’m guessing this still has a black-box baseband?

~~~
bsilvereagle
I'd say so.

See comments from previous post about a month ago:
[https://news.ycombinator.com/item?id=7062748](https://news.ycombinator.com/item?id=7062748)

------
colinbartlett
It's a bit disconcerting to see that it comes with software "enabled for at
least 2 years of usage".

~~~
byoogle
Why? I believe that sentence refers to extra software/services that’d normally
be paid.

~~~
StavrosK
It does, you get 2 years' worth of subscription to various services.

------
line-zero
"A $700 high-powered tracking device that protects your privacy!" What a scam.

~~~
jmnicolas
But ... but it's black !

------
mosselman
How compatible is the OS with 'normal' android apps?

Since 4.4 I have been able to, at least to some level, revoke some basic
rights that apps have, like seeing my contacts (through app shield or
whatever). If I am able to download apps from the 'normal' Android store, is
access that those apps have somehow controlled as well? Some sort of sandbox
mode would be nice.

------
etiam
From an interview I read a while ago I got the impression that Blackphone
wouldn't claim to protect from state-level adversaries, and maybe if you were
to ask them to be explicit about it they really don't. One could easily come
away with another impression from the description here though.

That's a shame, since protection from state level adversaries is really what's
at the top of my feature wish list, and that probably goes for a fair amount
of other people too, in this day and age.

Is anyone here aware of cell-phone-like projects that have potential to resist
exploitation of the type we've seen reported from Five Eyes? I'd be
particularly curious about ways to mitigate the location tracking.

------
runn1ng
I am not sure why do anyone needs that.

You can have basically secure messaging on the phone today. You can use
Replicant (libre software) on many phones where there probably are no
backdoors, you can use OTR with Xabber (you can build it yourself), there are
probably applications for PGP too.

Yeah, Replicant will fail to work on many phones and on those that work, half
of the functionality is missing (
[http://redmine.replicant.us/projects/replicant/wiki/Replican...](http://redmine.replicant.us/projects/replicant/wiki/ReplicantStatus#Replicant-42)
) - but trying to sell non-free phone as "secure" is snake-oil anyway. In my
humble opinion.

~~~
shawabawa3
Reminds of this classic comment:
[https://news.ycombinator.com/item?id=9224](https://news.ycombinator.com/item?id=9224)

Guy complaining that dropbox is useless because "For a Linux user, you can
already build such a system yourself quite trivially by getting an FTP
account, mounting it locally with curlftpfs, and then using SVN or CVS on the
mounted filesystem."

------
whyme
Sadly, we live in a world where it's quite possible that phones like these are
nothing more than a ploy to lure NSA targets in. They need to get people, who
have something to hide, to feel safe again.

------
xeeton
For $629 you could by quite a few one-time or short-time use trac phones that
you buy with cash. Wouldn't that be more secure/private than this?

~~~
roc
Burners are an effective defense against single-phone-number taps.

But in an era of dragnet surveillance and meta-data analysis [1] they're not
very useful.

Unless you're calling varying phones, at varying places, from varying places,
at varying times, all with no discernible pattern or schedule -- it would be
easy enough for them to identify a network of burners and determine which ones
belong to which individuals on the network based on that meta-data. And if
anyone in the network carried or used a 'real' phone alongside the burner, it
would only get easier.

And you can Google search on the news wires to see how well people do at this
game, even when they _know_ their lives are literally on the line and thus
devote a significant portion of their effort toward it.

[1] Done well-enough to be confident-enough to lob hellfire missiles at SIM
cards in not-quite-friendly countries...

------
grifpete
What about the 'second operating system?' The baseband software?
[http://www.osnews.com/story/27416/The_second_operating_syste...](http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone)

------
csmatt
Does it protect against this
[http://abcnews.go.com/blogs/headlines/2006/12/can_you_hear_m...](http://abcnews.go.com/blogs/headlines/2006/12/can_you_hear_me/)
?

------
ptaffs
It seems like just avoiding mainstream popular services is enough to regain a
lot of privacy, if the agencies look no further than Verizon, Google, Twitter,
Facebook. They know exactly what my parents activities are.

------
badman_ting
"Select 3rd party apps". Now there's a crazy idea -- what if the maker of the
device vetted the apps that run on the device?

Crazy idea. It just might work.

------
Ihmahr
WHY use a vpn when you can already use Tor on android?

------
rickisen
So is this PrivatOS open source, or irrelevant?

------
Navarr
Hardware android buttons? What is this, 2010?

------
sigsergv
Nope, it's still there.

------
rimantas
That "unique combination" does not assure me but reminds of the curse "may you
live in interesting times".

------
01Michael10
Gee, you think being on Blackphone's mailing list I would like maybe get an
email that it's available.

Edit: Ha! I just received the email...

