Hacker News new | comments | show | ask | jobs | submit login
Burner Phone (burnerphone.us)
317 points by rubyrescue 1451 days ago | hide | past | web | 222 comments | favorite



Hey all, I'm one of the creators of BurnerPhone, and just wanted to leave a comment with a few facts about the product.

We weren't really planning on launching this thing so quickly (we planned on making improvements to the site, etc. and launching in the next couple of weeks) -- but since all the press about the NSA / phone stuff came out it seemed like a good time to put our MVP online.

Anyhow, we're basically trying to provide our users with a secure-as-possible communication device that allows them to remain as anonymous as possible. Yes -- the government can definitely collect call data and SMS data, but by using different devices and SIM cards (phone numbers) you can abstract away all but the most difficult to track details: your voice, your writing style (sms messages).

Using a BurnerPhone allows you to make phone calls and send SMS messages that won't be linked back to your by your telco billing records.

In regards to how we work:

- These phones come with unlimited talk and text for 30 days, nationwide coverage.

- We piggyback off of tons of US carriers, so depending on where you're located, you'll be connected to a different cellular network.

- You can recycle these phones (we have a lot of plans with this in the future).

I'd love to get some feedback from you guys, really respect HN and your opinions.


You should accept bitcoin so that the bank and the NSA won't have a list of all of your customers.

edit: I see in another comment that you're adding this (https://news.ycombinator.com/item?id=5840440)

Also, if you want to prevent tracking at the USPS -- ship the phones in unmarked boxes with postage purchased with cash. Don't use a return address and randomize the post-offices drops you utilize to send the packages.


Fun problem:

When the phone is turned on, the phone communicates with cell towers. This can approximate your location. To be truly anonymous (as much as possible) you should have the phone cut ALL communication with the cell towers. When you make the call, the antenna turns on, call is made, antenna turns off.

Additionally if the phone can be configured to use wifi for phone calls, then ideally you decrease the possibility of the location being tracked.

If the phone is on in theory authorities should be able to pull records from the cell companies and track every place the carrier of the phone visited.

For added shipping security always ship from a VERY high volume shipping place. This way its hard to isolate your package, but not impossible.


If you turn the antenna off when not making a call, how would you be able to receive incoming calls?


Using the existing phone network? Probably not easily.

I think the ideal way would be to make the device a passive satellite receiver. Then when a phone call arrives for your device, the satellite broadcasts a message which your device can passively receive which tells it to wake up and get on the cell network.

In theory you can do this with cell towers (it's how pagers work -- you may even be able to reuse the existing infrastructure), but in that case you either have to know somehow which tower is in range of the device (which obviously leaks the device's general location) or you have to broadcast on all towers everywhere (which, as wireless bandwidth increases, becomes increasingly practical since the incoming call message would have nearly trivial length).


Then if they get hold of your number, they can ping your phone so that it comes up on the radar, and track you hourly for example.


That would be pretty obvious given that it would cause your phone to ring every hour. Also, they could do the same regardless by just calling you.


Working on this now -- we should have Bitcoin support by tomorrow.


Bitcoin isn't anonymous, and if the NSA has infiltrated the various Bitcoin whitewashers (er, "exchanges") it also has your incoming transaction history, to boot.


Bitcoin, like Tor, is essentially a honeypot for surveillance. Better to hide out in plain sight in my opinion.


What evidence have you got that Tor is a surveillance honeypot?


Never forget: ToR is funded by the US government.


So?


If you control both the tor entrance and exit nodes, you can unmask the user. Statistically, controlling 300 nodes (~1% of the network) should be enough to unmask a large number of users. It is not hard to spin up a whole bunch of servers to the mix, and I would find it very hard to believe that the NSA/similar does not already control a substantial portion of the network.


Buy bitcoin for cash, preferably from someone you don't know.


LocalBitcoins.com might come in handy here.


Nice - fast implementation and this should shore up what seems to be by far the weakest link in your (privacy-above-all) offering.


Using a preloaded credit card bought with cash also works in a pinch.


Have you ever actually tried to use one of those online?

Since pretty much every place I tried to use one on the Internet does address verification when processing the transaction, they simply don't work.


You can go online and add an address or call the number on the back. I have done this with a pre-paid Amex, simple as can be (you can choose any address!).


> go online

IP address

> call the number

Phone number

Careful.


Yeah, I've tried that... with three different cards in the last month. I have yet to have a transaction complete successfully.


Smarter sites know its a prepaid card by the BIN and turn off the AVS check.


Smarter sites know it is a prepaid card and decline the transaction.


Why is turning away business smart - don't prepaid cards get authed the same way normal cards do? Are they commonly associated with fraudulent orders? I am genuinely curious, they seem like they would be generally safe for merchants to accept online.


They're generally associated with fraudulent orders in a lot of markets. They're easy to get and hard to trace, and limit the liability of the person doing it. I've heard that they're common to use for buying resealable goods to launder smaller amounts of money.


Are you willing to insure, in real money terms, the privacy of your customers from leaks/warrants at your end?

If so, how much? Can that money be held in escrow by a third party?

Are you willing to go to jail for your customers? For how long?

If a customer orders 134 phones ($10k), will you comply with any relevant federal financial disclosure guidelines?

If served a national security letter that includes a gag order, how will you react?

Will you accept cash transactions through the USPS, with only $75 and an address enclosed?

Can you prove that records are not kept? How?

These questions are partially rhetorical, but for people who want/need anonymity, they're important.

edit, to keep questions in one spot:

How do you anonymize shipping? It's straightforward to find ways to accept anonymous payment, but how do you keep the Man from following all outbound packages from burnerphone?

What are advantages over buying a gift card with cash and purchasing a phone online or through an intermediary?


Hi ISL,

We're totally aware that we need to be a lot more explicit and include more information on our site about the product / processes / security stuff. We've been working on this for a while now, but kind of rushed the launch due to the recent press over the NSA stuff -- we figured it was better to launch early than delay.

We're actively working on answering all those questions, and will be including a page which covers all the security aspects fully in the next week-ish.

We're 100% dedicated to making this work for our users (and ourselves), and providing real security for people.


While it's probably good to answer these questions eventually for your clientèle, don't worry about an early or rushed launch. As Reid Hoffman said, "If you're not embarrassed by the first version of your product, you've launched too late."


If yu haven't already, consider a "warrant canary" - something like this:

http://www.rsync.net/resources/notices/canary.txt


How are you planning on proving that no records are kept? I'm currently engaged in a project that takes privacy very seriously and that also makes that very promise (amongst others). I would be very interested in hearing about your approach.


delete from orders, customers where...

There will never be a way to prove the records are gone. It's all based on trust.


A huge pile of escrowed cash, held against any release of records (inadvertent or otherwise), does seem to be a way of moving some of that trust around.


The only way I could think to do it would be to have it process the transaction in memory and never store the data at all. Make the running code open source, and make it hashable in some way so that when you visit the site, you could tell if the current running version is the same as the one in the code repository.


Hashing the code wouldn't help. In fact, nothing besides simply not processing any transactions would.


How about simple audits to make sure you're not keeping records? Your customers could even nominate a representative to be present during the audits.


Cool - Good luck :)!


That $10,000 limit you're thinking of only applies to money service businesses. Specifically, it's from the Bank Secrecy Act and is invoked in reference to negotiable instruments.


Have you guys consulted an attorney and tax professional to verify all of this is legal? Maybe I'm just naive but it sounds like by destroying all records of every sale and shipment, you guys might be setting yourselves up to get shitfucked if the IRS comes after you with an audit. But then again I don't know much about the telecom industry or their reporting standard.


Less than 6% of business reporting less than $5MM / year are audited. If the IRS might take especial interest in this business, we're getting back to why this business is getting attention from this crowd.


Do you deny all GSM technology have state accessible wiretapping built in?

Also, your product is less anonymous than paying cash for a pre-paid phone at a store because you ship it to a physical address.

Buying this phone from you instead of NewEgg is worse for privacy because with traffic analysis it will be easy to identify the sales to you as opposed being mixed it with the 9k orders NewEgg gets a day.

Why should people trust you not to be a FBI run honeypot (like they do with warez BBS, etc. etc. ad nausium)?


The silence is deafening.


Your target market seems to be the unwise and the gullible: even the purchase of one of these overpriced phones is made using a reasonably anonymous currency (e.g. tumbled Bitcoins) there is a still a record of delivery address.

Thus, these phones of yours are completely unsuitable for any sort of serious anti-Government whistleblowing, and probably inappropriate even for criminal communication, given the ease by which electronic records can be accessed by the various police authorities.

This is either a deliberate scam, or a really stupid business idea.


I think the market will be more the ineffective but paranoid types. Anyone who wants to be truly anonymous will work hard to reduce, not increase, the amount of interaction other people have with their plan.

The old saying "two can keep a secret if one is dead" is apt as using this service only adds extra layers of things that can go wrong and are out of control of the person buying the burner phone. The only way I could see this as even potentially useful is to maybe buy the phone and store it in case its needed in the future hoping by the time its needed the trail has gone cold.


don't blame this startup for trying. i don't know how big a cut the telcos take and yes, a phone should not be that expensive but we'll see where the price goes. for a start, higher prices are completely normal and later hopefully some competition will bring the price to more reasonable levels. ultimately anonymous would it only be if wallmart started buying them in bulk and people could grab one at the counter paying with cash.


You know that Walmart, and gas stations, and bodegas sell these already right? That's why this is a bad idea. Not only is this less anonymous from buying from Walmart, but it's more expensive as well.


The price was really a minor point against the idea. There are more fundamental issue that makes this a non-starter for supplying an actual "burner phone".


Some business advice, you are opening yourself up to interesting levels of CC fraud (desirable good, lack of needed info, lack of data for pattern checking). Which if chargebacks don't directly kill your bottom line, the payment networks will simply cut you off for your high fraud.


We're hoping that once we start accepting Bitcoin a majority of purchases will be done through that medium.

We've got copy prepared which urges users to pay with Bitcoin due to security concerns, and should have this up tomorrow.


I hope you fail with CC and let the public know bitcoin's strength rather than see sneak in some paragraph in the small print of your TOS that allows you to keep the CC data for half a year just in case.


We've added Bitcoin support since this comment was added -- but if you look at our website copy now we've revised it to pushed users towards using Bitcoin as the preferred payment medium.


Your website copy is misleading--bitcoin is not anonymous, and a user must take additional steps to obtain bitcoin anonymously.


Actually, one more question. I see that you're marketing the Tank T190 phone by Blu which can be purchased on Newegg for $25 (http://bit.ly/ZyKBHA) and packaging it with an unknown 30 day data plan with talk and text which sounds very similar to the 30 day talk + text ReadySIM card which retails for $40 (http://bit.ly/13qyhtM). I guess what I'm wondering is what your company is adding to this equation for the extra $10 aside from being a middle man to obscure the trail? Also have you obtained permission from Blu to use their imagery?


> I guess what I'm wondering is what your company is adding to this equation for the extra $10 aside from being a middle man to obscure the trail

probably nothing. this is what's known as a "value proposition"


Does it have cool special features like a microphone that ca be turned on (preferably even when the phone is off) and used as a room bug? My current phone has this and I'd really miss living without it.


Woah.. What do you use this feature for?


Parent forgot the </sarcasm> tag.


What is your current phone that has this feature? Sounds interesting.


I'd wager it's one of them mobile types.


Congratulations on the launch, I hope everything goes well.

A list of carriers I think would be useful, or a way to verify that the phone will work in your area (e.g. zip code or phone number lookup).

Also, is it US only? Any support for Canadian carriers?


Thanks for the comment!

It's all US only right now, we're going to include a coverage chart shortly (we didn't expect so many visitors).

We piggyback off many US carriers, so our coverage is excellent.


UPDATE: We now support Bitcoin! ^^


Does the 30 day talk time start when you get the phone? Or after you make a call? I'm curious if this is something that you could buy and then hold on to as a backup or emergency phone.


It starts after you turn the phone on for the first time -- you can purchase these in advance and activate them when you're ready to use them.


That seems suboptimal for being sure the phone wasn't either (a) a dud or (b) damaged between receipt and first use.

Any thoughts on being able to do at least some sort of basic self test without starting the 30 day count down?


Many Finnish prepaids are activated from first outbound call. So actually you can use SIM and receive calls, without starting the day counter. Only annoying thing is that SIM must be in home network before it's getting activated. So I can't send Phones & cards all over europe to only receive calls & SMS without starting the timer. In many countries you can get anonymous SIMs direclty from any SIM card automat.


Randall - this is awesome! Congratulations on your launch.


I'm generally curious if there will be any (or many) "legitimate" (using it for a genuine belief in privacy for the sake of privacy) users of this phone? I mean, it costs more than a traditional cell-phone plan presumably and with fewer features... so anyone actually using this probably has something to hide to go through this length (or he is Richard Stallman).


Sounds great! Doesn't a shipping record from BurnerPhone's warehouse to John Doe's address kind of spell things out, though?


We don't keep these records -- after we ship we destroy it.

The USPS would have records for this sort of thing, of course, but you could also have items shipped to PO Boxes, places that offer greater anonymity, etc.

Furthermore, it's very unlikely that within 30 days of usage you'd be tracked down / monitored and have records queried like that.

It's definitely not a perfect system, but we're working on it :)


Oh, a data plan would probably make a killer feature. Not sure how you would deal with people doing "things that are rightfully illegal" with it, though.


> Not sure how you would deal with people doing "things that are rightfully illegal" with it, though.

One of the things about privacy-boosting mechanisms is that they explicitly do not make such a judgement. In other words, they refuse to deal with it on principle. The exact letter of the principle differs between the actual people implementing the mechanisms, but the result is generally the same.

I don't personally agree with it, though, so that's my limit on being able to explain it.


Any idea what the implications for taking this device out of the country are, given the number of carriers you guys rely on? If you could elaborate on how you guys deal with the carrier networks, I'd be really interested, but I understand if you don't want to.

Great idea, by the way.

EDIT: Ooops, just saw your response to the Canada question below. Ignore this.


It says to "throw away" the phone on the website, not to recycle it.


You can do either. This is our MVP and we didn't yet have a chance to write all the copy the way we wanted.

We're working on improving the site / product a lot, and will definitely talk about recycling. We're also considering a program where after 30 days are up, you send us the phone back and we'll get it shuffled around.


Did you get the idea for the name of the product from The Wire?


The wire didn't coin the term. Burners have been burners for... well, I've been familiar with it since the 80s, so at least 3 decades now.


What a great show. And interestingly, despite being fictional, the point where the dealers failed was the collection of the phones - just the issue discussed above. I recall that phones were supposed to be bought from stores all over the place, but a lazy gang member kept getting all of them from one source.


That was the case, but it got worse. Lester and McNulty set him up with a great deal on the phones.


While I haven't heard the term burner phone outside of The Wire, I assumed it had been a real term since the writers were so close to these subjects. What I meant (more precisely) was that, from my perspective, The Wire popularized the term for a broader, non-burner purchasing audience.


Hah, no. Myself and my partner both work in the telephony industry, and are familiar with the name 'burner phone' (sounds kind of cool, usually refers to those spy phones that get thrown away in movies).


Do you have any plans of selling it abroad in the future?


Unless you actually created the phone itself, all you are doing is putting a Sim card in it, and calling it a BurnerPhone. No offense, but I can't just buy an iPhone, put a Sim card in it, and call it the YoPhone.... Can you clear up the fact that you make the phone or you buy it yourself in bulk?


All phones have a unique identifier that is sent along with the SIM identification. Fairly easy to connect your "anonymous" SIM with any others you've used.


IMEI


Why doesn't someone just built a Tor hidden service that is an interface to the Twilio (or similar) API? Sign up with Bitcoin, get a phone number and then send/receive SMS and send/receive calls using DAP/getUserMedia (html5 mic + audio) in a web browser.

Using a physical cell phone still leaves a trace of the purchase, shipping, physical call location, cell site pings, etc. Plus in a lot of jurisdictions it is now a legal requirement to verify identity and adress with issuing phone numbers.

Using a Tor hidden service (+VPN, etc.) I could be anybody anywhere in the world. Less bits figured out.

edit: apologies if this is hijacking the thread


Twilio even has an in-browser VoIP client: http://www.twilio.com/client


Latency would make voice impractical.


In this case, wouldn't it be acceptable? I mean, if we stay in the context of a burner and security is the main feature, would it matter so much if it was like basically talking on a half-duplex voice call? Again, if the main goal is security and anonymity, would it matter so much if the conversation wasn't as fluid as a 'regular' call?


TorFone estimates 3-4 seconds of latency. Usable, but not practical.


Maybe make it walkie-talkie style, like those old Nextel phones?


Like others have said, voice would be impractical over Tor or VPN. Text would be better. The thing that most comes to mind is DeadDrop http://deaddrop.github.io/.


It doesn't seem as though Twilio accepts Bitcoins. In this case, would it be that whoever is running the Tor hidden service would have to purchase the account themselves and their reimbursement would be BTC?


I'm curious about two things:

1.) How do you comply with E911 laws that require addresses for the end user? Whatever carrier you deal with will likely terminate any contracts it has to, upon discovery.

2.) How does the shipment process work? You may delete all records of the purchase transaction, but you're still shipping via UPS/FedEx/USPS/Etc and all of those maintain records on source/destination addresses and various other shipping details (size/weight/approx cost).


Yeah, this is a joke. "Send your address to a stranger over the internet so they can ship it from a warehouse employing a small number of large corporations so you can be anonymous!"

Pay-as-you-go phones bought in a grocery store are more "burner" than this.


1) GPS/GSM built into phone hardware

2) He said they destroy all records in their operation, but of course UPS/FedEx/USPS/Etc will maintain records


The government said "trust us" too. I'm not entirely sure why anybody who wants to buy an untraceable phone would go to a website run by an unknown person to buy one. There are so many ways that this could go wrong for the phone purchaser.

I'm thinking either this is a spoof site where in a week's time you'll just say "Ha! Look at all this private information you just gave a complete stranger!" or it's a government-run honeypot.


That was my thought too. If i'm so concerned about security there is no way I'm going to trust a web site like this. Even if we give rdegges the benefit of the doubt and say he actually is, there's no way to know that 2 weeks from now the govt doesn't hijack / buy the site, OR that they don't just start tailing these guys on their trips to the post office. Great way to find people with a better-than-average likelyhood of being up to no good.


Exactly. It actually got me thinking if burner phones are already modified (either hardware or firmware) to basically be the man in the middle. There was a big problem with Chinese-supplied hardware in the US gov't which was modified for snooping. My tinfoil senses tell me it would be relatively simple to modify older phones to, for example, send GPS signals even when the battery is not in by adding a smaller hidden power supply that recharges off the main battery when the main battery is in the phone.

I guess the only way to be sure is by not using a mobile phone at all.


Not sure what I can do to prove this to you since we just launched and don't have much of a history, but I'm happy to answer any questions.

I'm a programmer at a telephone company currently, and have worked in the telco industry for a while now.

I have no government affiliations at all.


> I have no government affiliations at all.

Nice try CIA ops.


It would be the FBI, actually.


What chipset do you use to manage baseband communications? Do you implement any Trusted Computing standards? Can you tell us anything about the hardware architecture?


Other people have commented on the payment issue - I'm glad you're looking into bitcoin.

I'd be worried about delivery, too. I know you say you destroy customer information immediately, but if I'm truly paranoid I'm not going to trust that statement - I'd rather pay someone on craigslist to buy a bunch of prepaid phones for me.

I'm just brainstorming, but would it be possible to set up some sort of physical tor/mixmaster style forwarding that would keep the final destination of the phone from ever being known to you? I'm not entirely sure how that would work, and it would probably be open to abuse, but it's an interesting thought.

Also, could you consider posting something like rsync.net's warrant canary?

http://www.rsync.net/resources/notices/canary.txt

It's not perfect, but it is a nice touch.


Shipping is tricky, but as someone go has worked at medium and large firms, I know what I'd do. Ship to some random company using their street number, with a fake recipient name. Walk in to the reception, explain that you addresses something wrong, show a fake ID and get the parcel. The number of issues with stuff being posted, misaddressed etc are huge at a decent sized company. There are always random parcels sitting around, couriers collecting, swapping, and delivering. I'm sure this isn't foo proof but its what I'd do.


Regarding delivery - Maybe something like a BufferBox paid for with cash/bitcoin? Does this exist?


I think they're called "vending machines". ;)


A bitcoin-accepting vending machine would be very cool, but that requires that you live near one. Setting up shipping seems a lot easier than creating a nation-wide vending machine network.


Why would you prefer bitcoin over cash for anonymity at a vending machine?


Good point. Managing cash for a vending machine with high-value items seems like it might be a pain. I know there are various ipod vending machines around, but I assume most people use a credit card for those. But I suppose feeding some 20s isn't too hard.


I didn't think about high value items. That's a good use case for bitcoin at vending machines.


Maybe I've missunderstood BufferBox. Is there some sort of short-term PO box you can pay for with cash? Can you pay for a normal PO Box with cash and w/o ID?


> Every time you make a purchase we'll package and ship your order, then destroy all transaction records in our system. We make it impossible to give or share your information with anyone.

Come on. There is absolutely no way you can convince anybody of this fact. It is impossible (and I mean this in the mathematical sense) to prove that you have no record of how it was purchased or where the phone went.


Since all mail has to be sorted to reach its destination, and there's little reason to expect that shipper and recipient data is given an expectation of privacy it probably does not even matter whether the company keeps records.

I suppose it is safe to assume that it would be unknown which SIM card is inside of the package, but having a list of recipients in a given area code and merely noticing when SIM cards came online in that area would be somewhat of a give away.

It seems like the phone would just encourage anyone performing surveillance that you are more likely to be communicating something they'd find interesting, and therefore they might spend more resources on looking at these customers.

I think it serves the public good when more people communicate in ways that can not be traced or listened in on, but I don't think it serves specific customers of this service if they have concerns about their own anonymity, and might be doing things like disclosing information about official corruption.


Don't some kind of minimal transaction records generally need to be kept for tax purposes?


Whats your moral stance on your business? There are a lot of legitimate uses for your product, but its also (for obvious reasons) very attractive to people involved in criminal activities. Will you be putting any measures in place to counteract this?

For example, lets say you were regularly getting orders to a foreign country which is known to be a hot spot for terrorism. Then, you have the police knocking on your door, because there has been a major terror threat in a US city, and they need to track the terrorists phones.

I can guess the answer, but just want to make the point there are usually 2 sides to an anonymous service like this.


This just isn't a useful question. I can understand where it comes from, but "this could be used for bad things" puts it in exactly the same camp as cash, cars, anything heavy enough to throw at someone, and pretty much... well, everything.

If the service were "weapon specifically designed to kill large Rhinoceri and then instantly sever their horns" or "phone that will encrypt and forward only narcotic-trafficking-related conversations," this point would be valid.


I think it's still better to walk into a random Walgreen's and purchase a burner there with cash.


The the "strip search prank call" suspect (fictionalized in the recent movie Compliance) was located through video footage of him purchasing "anonymous" phone cards with cash:

Learning that the call had been made with an AT&T calling card... they used the serial number of the calling card used to make the call, and learned that the card had come from a different [Panama City] Wal-Mart store than the card used for the Massachusetts calls. Using Wal-Mart's records of the second store, the cash register, and time of the purchase of that card, the police were able to find surveillance camera video of the transaction. Unlike the Massachusetts investigation, which had gone cold when surveillance video failed to show the purchaser because the cameras were trained on the parking lot and not the registers, the cameras at the particular store where the card used in the Mount Washington call was purchased were trained on the cashiers.

The buyer in the video was wearing a correctional officer's uniform for the private security firm Corrections Corporation of America. Video and stills from both Wal-Marts were compared and the same man was seen entering and exiting the Wal-Mart at the time of the earlier purchase. The police used this footage to produce a front-and-back composite image of the suspect, and subsequent queries to the private correctional company's human resources department led to the identification of the buyer as David R. Stewart.

http://en.wikipedia.org/wiki/Strip_search_prank_call_scam


I'm sure there are burner retailers that don't have security cameras on 24/7 like Wal Mart. Or even if they do, they may recycle their tapes more quickly than Wal Mar would. Buy some burners now--wait six months until activating/using.


He was also acquitted of all charges due to lack of evidence.


Hey, one of the creators here -- I wrote about this in another thread, but here's why we think we're better than physical stores:

- You can order the product online without making a physical appearance anywhere.

- Many of the prepaid cell phones in physical stores come with the SIM chips activated -- so the phone's location has already been broadcasted to cell towers and is pre-registered, making it slightly less anonymous for the end user.

- We're going to be accepting bitcoin in the near future (we're finishing that integration now), so we hope to compete with cash purchases in that regard.

- You can recycle these phones like you would normal phones.

- We piggyback off a ton of different US carriers -- so as you move around you'll be swapping between various carriers in your region.


Still doesn't deal with the fact I have to give you my address...


Then you're on the security camera footage. How would you avoid that?


Hat and sunglasses? It sounds cliche, but the prosecution has the burden of proof, and if they can't make out your facial features or hair, and you don't arrive on a traceable mode of transportation (like, a bus would work), then it could have been anyone.



I know this has been said before....but I just couldn't help but chuckle at the irony of a "completely anonymous" phone, only able to be bought with a credit card :|


This is 100% due to us launching earlier than expected (with all the press about the NSA stuff).

We're implementing bitcoin purchasing right now, will have it ready by tomorrow.

Sorry for the inconvenience =/ I realize it's not perfect, but we're working on it ^^


I know...you guys made a good call. Launching in the midst of this storm is very clever.

I wish you all the best!


Pre-paid credit card bought with cash?


Anything but cash/bitcoin leaves too much of a trail. Just because you destroy your records doesn't mean your merchant bank does. Nor does it mean my bank will.


We're adding bitcoin right now (will be available in the next day).

We launched this early due to press on the subject, which is why it's not as polished as we'd like it to be =/


I would add a note about that now so people know it is coming and you don't lose a potential customer because they saw the site today and had the same opinion of the parent comment.


"We launched this early due to press on the subject"

So prematurely launching an incomplete and unvetted security/anonymity product to profiteer from momentary spikes in hysteria and paranoia is disingenuous at best. Besides all of the issues of payment, shipping, trust, legality, etc. that have already been raised, what is your companies qualifications to provide for secure/anonymous service?


How much of a trail do prepaid cards leave? (I honestly have no idea.)


As much as any normal credit card. They're linked to your social security number.


Not all the time. If you buy a prepaid card at e.g. Target, they do not collect your SSN or IIRC any identifying information unless you opt to register the card. You might choose the register the card to replace in case of theft.


When I've bought prepaid cards, I either bought them for zero-value or with pre-stored value, and in either case they were not usable until I registered them online. I haven't found any prepaid cards yet that do not follow this pattern. If you have then I would be quite delighted if you shared.


The thing is, big retailers have cameras, a lot of fucking cameras. Better to buy them from the rinky dink mom and pop shops that take cash with no cameras in the shop. They don't care if you are John Doe or George Washington.


At most though, it would say that you bought a burner phone, not what the number was... so you still have some deniability.


If you need to coordinate your criminal activities all The Wire-like, why not just use some form of encrypted communication using the phone you already have? Maybe just get one for criminal activity only to be extra safe? Aren't all these problems solved by some 2048-bit encryption? I guess the phone company can see which IP you're making a connection too, but that doesn't seem like much. Why do we have to waste this much perfectly good hardware just to be anonymous?


I guess the phone company can see which IP you're making a connection too, but that doesn't seem like much.

It may not seem like much, but it's actually everything. Social network analysis gives a significant amount of information about peoples' activities, even if those activities themselves are encrypted.


One good reason to use a different phone is geolocation data (determined from which cell towers you connect to) which is classified as "metadata" and potentially stored indefinitely. If your cell is turned on, your phone company knows where you are.


The timing of an attack tied to your identity can be really damaging.


Isn't this service just taking advantage of the situation at hand? This is like offering a 'premium' burner phone, but burner phones aren't supposed to come with nice unlimited plans and etc.

You could get a Tracfone with some starter minutes for $10 and a 50 minute card for $10 with cash. The 50 minutes actually becomes 100 minutes due to Tracfone's 2x minutes promo. http://www.tracfone.com/phones.jsp Yes, this isn't 'unlimited' usage, but the whole point of a burner phone is to use it for one time communication, NOT for normal, regular comms over a 30 day period. You're just asking to be tracked if you did that anyway.

Seems like you would just be paying for a burner phone in a pretty box and pretty service when you could go out and buy one yourself.

Also, the burnerphone.us whois indicates that it was registered less than a month ago in May 2013.


What's going on in USA? Why does you care so much about privacy?

You look like crazy paranoid to me, as if you all are trying to hide something from a criminal or a law enforcement.

I bet there are lots of North Americans complaining of this PRISM an Verizon thing, but at the same time is using Foursquare and every cool internet location-based mobile app you also created.

There is a dictate in my country that says (in other words) that "If you are innocent then you have nothing to fear."

This BurnerPhone service would be used only for criminals in my country. I see no use for innocent people. This is too much even for people that have something non-criminal action to hide, like cheating your spouse.

If you have fear of your government watching you, then it's better to move to another country or live like a monkey in the forest. Burn your social security card and go live as if you didn't exist for your government.


Ah, the old `if you have nothing to hide, you have nothing to fear` fallacy. I'll leave you with this - http://falkvinge.net/2012/07/19/debunking-the-dangerous-noth...;


These types of services might just turn out to be the "killer app" that pushes bitcoin out of collector space and into currency use.

People will already be committed to going out of their way to obtain extra privacy. Figuring out how to use bitcoin for the transaction will seem like little additional effort.


Sorry to say but you still have to pay by credit card (huge trail), and even if you use bitcoin, you still have to have the phone delivered somewhere, and to someone.


That's correct -- it's definitely not perfect, but we're working on it.

One of the things to keep in mind, however, is that even if you order this phone and use it, it's highly unlikely that any organization will be able to track your phone within a 30 day period -- and even if they do, and they realize the phone is a BurnerPhone (unlikely), if they come talk to us we have no records of which phone was sent where, or even where things are shipped.

They'd have to query the USPS, and then they'd have to speculate as to which phone went to the person in question.


What happens when you get a National Security Letter that demands both longer data retention and your silence?


it's, um, not illegal to buy a phone?


So what happens when the government (or IRS) persuades you to not destroy transaction logs with a $5 wrench? http://xkcd.com/538&#x2F;


We're committed to this product, not only for our users, but also for ourselves.

We value our privacy HIGHLY, and wouldn't be open to selling out. We'd much rather just close down the company than destroy our core principles.


If there were some sort of a dead man's switch in your service ( http://en.wikipedia.org/wiki/Dead_man's_switch ), this would be a lot more believable.


I'm confused with how a dead man's switch would be useful in this scenario. If the company is persuaded to keep the transaction logs linking sim cards/phones and credit card numbers/addresses then how would we know? I don't see that as being fixed by having a dead man's switch.


At that level of 'paranoia' / privacy concern you might as assume this is an elaborate honey-pot. An unlikely scenario but certainly the safest assumption from a privacy perspective.


This is really interesting -- looking into this now.


Churchill: "Madam, would you sleep with me for five million pounds?" Socialite: "My goodness, Mr. Churchill... Well, I suppose... we would have to discuss terms, of course... " Churchill: "Would you sleep with me for five pounds?" Socialite: "Mr. Churchill, what kind of woman do you think I am?!" Churchill: "Madam, we've already established that. Now we are haggling about the price”

Just negotiate in opposite direction :-)


Out of curiosity, did you consult with attorneys before launch? I'm completely unqualified to answer the question, but I would think there's a possibility you could land yourself in a bit of a pickle if you shipped one that was later impounded in a law enforcement operation. It seems clear that you wouldn't have known it would be used illegally, but that wouldn't stop someone from ruining your month.

(Congrats, of course)


Go to Walmart and get a $35 phone for cash. Includes a 30 day service plan card with with 1000 minutes, 1000 text and MMS messages, 30 MB data


Although, I do see potential for this, pay with credit/debit card? It will be traceable who do I call, also it will show up in my card records. Also, there is going to be some record where it was sent. It will be probably sufficient for most users, but not all.

I have it a little bit better, but not perfect.

For 15 euros I will get phone + prepaid card. I can buy it from any local gas station or kiosk or mall, I can have some homeless to buy it for me.

Prepaid over here means, it is as simple as old school phone cards. No name, no bank accounts, no contract, no credit/debit card. Cash and goodbye.

I can also allow roaming just by sending sms to specific number(if it is not allowed), it will work almost everywhere(although the prices will be pretty high)

(source(sorry, translator don't work with https https://www.elisa.ee/et/Eraklient/konekaart/konekomplekt/eli...)


Two bullet points from the site:

- Unlimited talk and text for 30 days.

- 16 hour talk time.

I'm confused. Which is it?


16 hour talk time is the amount of battery life you'll have if you're on the phone for 16 hours nonstop talking.

You get 30 days of unlimited talk / text, so if you talk for more than 16 hours on the phone you'll need to recharge using the charging cord that comes with the phone.

Sorry for the confusion there.


The 16 hour talk time is in reference to the battery life of the phone, I'm guessing (the next bullet references 30 days' standby time).


If this company were not in the USA I might have confidence in their product being truly anonymous. All they've done is serve as a concentrating function for the NSA. You're far better off buying a phone for cash from a different 7-11 each month.

Perhaps this might be a business opportunity for the North Koreans?


Whenever I see something like this come up, my brain automatically screams: Honeypot!

Services such as these attract the paranoid and the criminal in large enough amounts that they make great ways to catch criminals without having to do any leg work whatsoever.

Sell burners, track all of them via GPS/monitor all calls/use microphone to record real life conversations at random times then use said data to bring people down.

The same could be said for bitcoin exchangers, former liberty reserve exchangers, seed boxes, private VPNs and a host of other "secure" services. I'm not positively stating that any of these kinds of services are actually honeypots, but it probably should be something that one considers before using them for more nefarious purposes.

Makes you wonder what you can really trust. Probably nothing.

Honeypots all round! No wait, it's a trap!


Is it really possible to completely anonymize an online purchase? Like others have said, the sheer act of buying something online which must be shipped somewhere is going to leave some trace. Unless both money and phone are transferred via a special courier (preferably in one those suitcases that you handcuff to yourself), a dedicated surveillance effort would be able to discover the customer's identity eventually. I'm sure you guys are well-intentioned, but, honestly, if I was paranoid enough to need one of these, I sure as heck wouldn't be comfortable buying it online. I'd probably just buy a cheap pre-paid cellphone from a corner store using cash.


How does this work? I thought the gov't required identifying information to be gathered when selling a cellular phone?

What are the regulations?

If the gov't wants to track down the owner of a phone, what do you do? Just say that you don't have that information?


Correct -- we literally keep no information here, so it's impossible for us to give information away.


OK, but I wonder, are you breaking any laws?

I see two possible outcomes of this business model:

1. The gov't catches wind, demands you keep proper records and you say "no" so they shut you down. 2. The gov't comes to you asking for identifying information for a customer, you say "no" and they shut you down.

I honestly don't know that much about it, so I can't claim that these two are the only possible outcomes.

Can you provide more details? What are the regulations? Do you have a plan if the gov't comes knocking?


But we have to take your word for that, right? How do we know you're not a front for an NSA sting operation? (Feel free to treat that as a rhetorical question :-)


Do all the phones look the same? Because if so, "If you'd like to recycle your Burner when you're done using it, just throw it into any cell phone disposal box (these can usually be found at office supply stores)."

Ummmm.


Why is this $75? The cheapest phone around is about $20, the Nokia 105 comes to mind for example. Add some dollars for the calls, texts and your margin $75 seems a bit steep.


That's what I'm wondering, how is this any different than going to a local store and paying cash for a burner Net10 phone? You can get them for $15 and they include enough minutes for most people to get through a month, and if you don't use a CC or store loyalty card there is no way for anyone to tie the phone to you.


What about the security cameras at the store?


Wear a hat and sunglasses if you're worried about it. Pay a bum to go in and buy it for you. Wear a ski mask!

I'd be far more worried about the credit card transaction and ISP log from buying this online than I would be about a camera in the grocery store. Of course you could TOR the browsing or use a library computer. And maybe eventually they'll add support for non credit card payments that can't be tracked. But throwing on a hat and some sunglasses and heading to your neighborhood 7-11 seems a lot easier (and cheaper).


People gotta feed their families man.


Can someone provide a few examples of legal use cases for this type of thing? I understand people who want to protect their personal information, but these are going way out of their way to actively conceal their personal information. I just don't know why that would be a priority unless you are trying to hide something. I am not usually in the "you have nothing to fear unless you are hiding something" camp, but these seem pretty extreme.


What's legal and what's right aren't always the same thing. For example, in Nazi Germany, it was illegal to be Jewish; and communicating heavily with Jews may have increased suspicion that you were Jewish. Or in Rwanda in 1994, communicating with Tutsi's may have given rise to suspicion that you were a Tutsi. Or in North Korea today, communicating with defectors may raise suspicion that you are likely to defect.

Here are some legal, or questionably legal but morally correct things you may use this for, in the modern day US: you would like to notify news organizations about a secret NSA spying program, but don't know who to trust, since some news organizations may hand your information over to the federal government when pressured to do so, to root out the source of the leak.

You are a lawyer for a detainee in Guantanamo. To collect evidence, you need to contact several people who you know are on terrorist watch lists, but want to avoid being placed on such a list yourself and be restricted from flying.

You have are in the process of divorcing an abusive husband who is a high-ranking FBI official. You want to be able to contact your lawyer and his, without worrying that he may abuse his authority to find out information about where you are now living.

You are a founder of a whistleblowing operation, which has recently done a large exposé on US forces killing innocent children in the Middle East. You would like to keep in touch with your friends and family, without them also being added to watch lists that cause all of their electronics to be confiscated every time the fly.

You are helping to get information out of China about human rights abuses about Tibet. Given that the Chinese government has done hacking deliberately targeting surveillance back doors of networking systems of US companies, you worry that they may be able to track you.


Does it still sound "pretty extreme" after the news on PRISM?


Yes. The answer to this scandal is not making it technically harder for the government to get our information. I would compare it to DRM/piracy issue. Most of us on HN would agree that creating new, more onerous, and more difficult to crack DRM is not the answer to piracy. You instead convince pirates that it is more ethical, easier, or less risky to purchase something than pirate it.

The general citizen is not going to win a spy game against the NSA. Our only hope of preventing something like this from happening again is to put legal penalties and precautions in place to make sure that the government does not overstep its bounds. Using burner phones isn't going to accomplish anything.


I don't think the analogy to piracy is a good one. DRM is not theoretically possible. If someone can view media, they can copy it, end of story. You can make it harder, but it's always going to be with tricks, not solid theory.

Crypto, on the other hand, is theoretically possible, as far as I know. There may be holes in what's currently out there, but there's no reason in theory you can't end up with a crypto solution that the NSA can't crack. And I see no reason to think that you can't do this now. The idea that the NSA has cracked RSA or AES or whatever is just a little too out there IMO.


Rendering the government unable to read your communications is always a better solution than convincing them to promise that they will not. Technological solutions allow the individual to have control over trust.

Burner phones are not crypto, but they are a good idea for similar reasons.


Finance. Perhaps this is a knock-on effect from the industry's drug use in the 1980s, but traders are a paranoid bunch. Client communications have to be recorded, but it is not uncommon for hedge funds to have highly sensitive discussions in bug-free rooms or via encrypted voice calls (who we are talking to is of less concern to be known than what we are saying). Traders who slack on security tend to get mopped up fairly quickly.


Say you were going to be a whistle blower for some Government scandal. You want to communicate with the NY Times but you don't trust the government to not subpoena the phone records, any email records, etc. A phone that isn't linked to you sounds like a good idea.


Whistleblowing?


Needs to be payable in bitcoin?


One of the product creators here -- we're working on this :) We ended up launching the site today (a week earlier than expected), due to the press on the topic.

We'll have bitcoin support by tomorrow.


Great idea! Thanks for making this. So what happens after 30 days, is there a way to recharge the phone minutes?


Thanks! After 30 days, you can purchase a new SIM chip from us directly if you'd like -- but the existing SIM chip will be completely unusable.

Right now our site only sells the phone + chip together, but we can sell both the hardware phone and SIM chips separately as well (3 day, 7 day, 14 day, and 30 day SIM chips).

Due to our early launch (this is our MVP), we don't have those advertised on the website yet (although, if you email us, we can arrange something).


I recommend maybe doing a deal, phone + multiple SIM cards ($x each per SIM)

Then we could order in bulk, use a temporary address, and have enough for a year's anonymous talking without needing to make another order..


I think it impossible for you to prove that you're not an outlet setup by the government monitoring service.


Where should we ship this to?


The old adage goes, "Don't mine for gold — sell pickaxes to the miners."

I guess the modern adaptation is, "Don't deal drugs — sell phones to the drug dealers."


Except the NSA already gets all visa/mastercard transactions directly from their network.

Destroying the transaction on the vendor side is useless.


In 24, Jack only uses a phone once and then smashes it. How anonymous is a phone I've been using for a whole month?



You are not required to use it all month. If you want to smash the phone, go for it.


What, no sign in with facebook button?


Damn, it looks like this article just got banned from the front page of HN. =/


I still see it on the front page.


Irony that you need to use a burner laptop to order your burner phone?


even https://www.burnerphone.us&#x2F; is informing google (and a few other sites) when you visit.


Hasn't anyone here ever watched The Wire?


SV begins monetizing the drug trade.


Who did your web design? I love it.



Nice timing concerning PRISM


unfortunately i have to question how long this operation can survive in US


+1 for Bitcoin


Is it biodegradable?


If anybody needs true, total anonymity it's worth reading this paper before buying any cell phone: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3607247/pdf/srep...

The paper shows that 95% of cell phone subscribers are personally identifiable from VERY little spatio-temporal information.

Another issue is that an upstream vendor could easily provide the government with the phone IMEIs and SIM IMSIs that they supply to BurnerPhone, without disclosing this to BurnerPhone. This would create a pool of phones that are self-identified as high-value surveillance targets.

If I was in charge of identifying miscreants for a nasty regime, I'd also watch for SIM card changes (an IMEI whose IMSI changes on a regular basis), and I'd especially look for cliques of handsets that showed the same SIM-changing behavior. As such, I can't help but wonder if swapping SIM cards might generate unwanted attention.


"Methods The dataset. This work was performed using an anonymized mobile phone dataset that contains call information for ,1.5 M users of a mobile phone operator. The data collection took place from April 2006 to June 2007 in a western country. Each time a user interacts with the mobile phone operator network by initiating or receiving a call or a text message, the location of the connecting antenna is recorded [Fig. 1A]. The dataset’s intrinsic spatial resolution is thus the maximal half-distance between antennas. The dataset’s intrinsic temporal resolution is one hour [Fig. 1B]."

This seems kind of sketchy to me considering how CDMA networks currently work:

http://en.wikipedia.org/wiki/Code_division_multiple_access#S...

"These systems were designed using spread spectrum because of its security and resistance to jamming. Asynchronous CDMA has some level of privacy built in because the signal is spread using a pseudo-random code; this code makes the spread spectrum signals appear random or have noise-like properties. A receiver cannot demodulate this transmission without knowledge of the pseudo-random sequence used to encode the data. CDMA is also resistant to jamming. A jamming signal only has a finite amount of power available to jam the signal. The jammer can either spread its energy over the entire bandwidth of the signal or jam only part of the entire signal."


It's likely my own ignorance, but I don't understand the concern you're raising. What's the relationship between frequency-hopping spread spectrum technology and communication/antenna records?


"Each time a user interacts with the mobile phone operator network by initiating or receiving a call or a text message, the location of the connecting antenna is recorded"

CDMA allows multiple towers to handle network traffic. Implying there's only one tower handling the traffic seems flawed to me. I could be wrong though. This was the issue I was trying to bring up.


Yes, you're wrong. There's a data link from the phone to one tower when setting up a call or similar - the ID of that tower is communicated to the core network. You can handover to another tower if that signal becomes stronger (e.g. you're moving) - this'll just give you more information, i.e. the fact that the user was moving, and you can now narrow down the location further to the parts where the two cells overlap in coverage.


Any number of towers might be in range of a phone, but (from my understanding) only one tower (with the strongest signal) is used by the cellphone. As the cellphone moves, it can be handed off to other towers (based on signal strength).


Multiple towers is worse than one. It allows pinpointing the user much more accurately. With three towers with signal strength and timing information you'll get exact location.


The spatio-temporal tracking only works if the battery is in the phone all the time. Take the battery out unless you're making a call or checking voicemail.


What a ripoff. I can get a cheap throwaway phone with unlimited minutes/text for less than $50. I also can buy it with cash at any mom and pop cellular phone shop. I don't need I.D. and I can use any fucking name I want. This phone needs a fucking credit card and an address to deliver. Might as well put up a fucking sign saying dumbest criminal in the world! Leaving a paper trail all over the damn place.


How easy is it to set on fire, I love the smell of burning electronics.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: