
Blackphone 2 Review - zmanian
http://arstechnica.com/gadgets/2015/09/paranoid-android-redux-going-dark-with-silent-circles-blackphone-2/
======
philsalesses
I can not be the only one whose faith in secure digital has been fundamentally
and irrevocably altered in light of the past few years. In my estimation,
anything that has been said or typed in the proximity of a connected digital
device is compromised. There are just too many attack vectors.

I imagine if you had enough realtime keystroke data, you could even identify a
user using nothing more than how they type on a keyboard. That's some scary
stuff.

Privacy advocates would better serve the public if they instead educated
people on how to communicate securely instead of producing yet another black
box that users can blindly put their trust in. I suppose this is better than
nothing when dealing with less capable actors, but for those who plan their
future years ahead, doing something on this phone, only to have it bulk
collected and stuck in a database for decryption and analysis later when it
serves the political will of those in power is counter productive.

~~~
internetcitizen
"I imagine if you had enough realtime keystroke data, you could even identify
a user using nothing more than how they type on a keyboard."

And what they typed - acoustic snooping.

[https://freedom-to-tinker.com/blog/felten/acoustic-
snooping-...](https://freedom-to-tinker.com/blog/felten/acoustic-snooping-
typed-information/)

------
bhouston
So NSA is now going to intercept each shipment of Blackphone cellphones to bug
them like they did with network equipment?

[http://arstechnica.com/tech-policy/2014/05/photos-of-an-
nsa-...](http://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-
factory-show-cisco-router-getting-implant/)

The problem is that who orders a Blackphone is not completely private and it
is a sign that those people have something they want to hide and there isn't
that many of them.

You almost need a private way of sending Blackphones so that the NSA doesn't
know who is getting which phone and then if there is a enough volume of
Blackphones you should be okay.

~~~
sirtastic
/dawns tinfoil -- I ordered a router a few weeks ago. Big upgrade for me from
a refurbished buffalo ~$30 several years ago to a $200 quad antenna multi-
channel 2gb sex machine. The package though shipped in the states got delayed
in route do to "customs" I was informed. Took a few days before it was back on
the road.

Should I be worried?

~~~
triangleman
_dons tinfoil_

~~~
sirtastic
touché

------
dijit
there are a few issues on things like this; for me.

1) This phone's security features tend to rely on other people having the same
phone, which is definitely not a guarantee I can make.

2) This phone (perhaps only this article) doesn't go into detail about how it
was secured only that it "was deeply secured" which is too vague for a
technical audience.

3) It relies on central services provided by the manufacturer; (why not use
Telegram? at least telegram is cross platform).

4) By ordering this phone, it's telling people that I value privacy, which
could make me a higher priority target for those that are breaching privacy on
a massive scale.

This device does not enhance my privacy, but it gives me all the
inconvenience. Now I'd have /another/ user account to worry about and
/another/ program to get people to share their details with.

when I think of security I think of PGP (yes, I'm aware the CEO was a producer
of PGP) and things like SILC- where it's controlled by users and verified by
people you'd like to confer with.

~~~
Canada
1) They have software for other phones and desktop computers. Others can use
those without having to buy Blackphone. Assuming the hardware does confer some
security advantage, talking to people who just have the software won't negate
the security advantage gained for communication between users do have the
hardware.

2) Fair point.

3) Telegram is also a central service, so in that respect it's no better than
Silent Circle. WhisperSystems is better in that they make some server source
code public. But to be fair to Silent Circle, their offer is much more
complete: Voice, Messaging, Encrypted contact storage, and outbound PSTN
access.

4) By using SILC, Tor, or GPG broadcasts the fact that you value privacy,
which could make you a higher priority. What are you going to do, just send
everything in cleartext and hope nobody looks?

~~~
dijit
1) I was not made aware of this, but that's good.

3) my point was that telegram was "no better" but has better market
penetration, while being essentially the same thing.. why have more standards.

4) this is also true, but it's less real world advertising of that fact, you
don't order tor, you don't order GPG, and you don't have a physical device
which proudly announces that you do. If you're doing security online right,
nobody can tell you're doing it at a glance.

~~~
Canada
3) Leaving aside the lack of voice support in Telegram and considering only
messaging: Both SCIMP (Silent Circle) and TextSecure/Axolotl (WhisperSystems)
are better protocols than MTProto (Telegram).

4) You order a privacy tool from Amazon, and you're put on a list. You emit
the kind of encrypted traffic that 99% of internet users don't, you also get
put on a list. In most cases, there's no difference. I suppose if your threat
model requires you physically appear not to care about privacy then it
matters. Like maybe you work in a sensitive position and you don't want anyone
to think you might exfiltrate data, so you only carry the work provisioned
device which logs everything you do.

~~~
kristofferR
4) Yeah, it's such a massive shame that Android/Google doesn't have end-to-end
encryption between all users enabled as a default, like iOS has with iMessage.

------
IshKebab
But does the (closed source, buggy) baseband processor still have unfettered
access the the main CPU's memory?

~~~
Canada
Blackphone doesn't appear any better than an average Android in that respect.
As far as I know only GSMK offers any countermeasure to protect against
compromised or malicious baseband, and even their solution isn't ideal.

------
Rudism
I don't understand how they can include Google's app ecosystem and still claim
to be privacy-oriented. Google Play Services is basically a firehose of
information straight to Google.

It seems to me like setting up your own disk encryption and secure SIP calling
on a phone with an AOSP ROM without any Google apps installed (and just using
f-droid as your app store) would be far superior to using this device as far
as privacy goes.

------
Nux
Still no hardware switches for radios and such...

~~~
rsync
"Still no hardware switches for radios and such..."

Excellent point. A secure phone should either have a GSM module that can be
removed or a hard switch to disable it.

------
omginternets
Is there any reason for me to trust the hardware?

------
Beltiras
I like the idea of virtualized phones and spaces. No system is completely
secure but this one looks miles ahead of anything else in the smartphone space
I've seen. I want one but have to wait for the international version (assuming
US version is not same bw as EU).

------
mtgx
Blackberry Priv will have a Grsecurity hardened kernel. Why doesn't Silent OS
have that yet?

~~~
arca_vorago
While I got excited about this at first, after spending some time on the
crackberry forums, it seems the main intention of using grsec is to prevent
rooting, not necessarily to protect the user. So that means no cyanogenmod or
replicant, and users will be stuck with whatever custom bloatware/spyware
blackberry decides it should have.

All I really want is a fully open source phone that I have control over, is
that really too much to ask?

~~~
rsync
"All I really want is a fully open source phone that I have control over, is
that really too much to ask?"

An open baseband is the missing piece and that appears to be rocket science.

If only someone would leak the specs of a modern baseband the same way calypso
was leaked ... anyone ? Anyone ?

------
gaius
Secure text communication between mobile devices has been around for a _long_
time... It's called BBM.

~~~
darkr
Depends on your definition of secure - last I heard, default BBM was still
using a globally shared key and logging your messages; BB has on several
occasions handed messages over to governments at request (such as during
London riots etc).

BBM is only secure in combination with a self-hosted BES server (and on which
you have installed your own CA certs).

