We weren't really planning on launching this thing so quickly (we planned on making improvements to the site, etc. and launching in the next couple of weeks) -- but since all the press about the NSA / phone stuff came out it seemed like a good time to put our MVP online.
Anyhow, we're basically trying to provide our users with a secure-as-possible communication device that allows them to remain as anonymous as possible. Yes -- the government can definitely collect call data and SMS data, but by using different devices and SIM cards (phone numbers) you can abstract away all but the most difficult to track details: your voice, your writing style (sms messages).
Using a BurnerPhone allows you to make phone calls and send SMS messages that won't be linked back to your by your telco billing records.
In regards to how we work:
- These phones come with unlimited talk and text for 30 days, nationwide coverage.
- We piggyback off of tons of US carriers, so depending on where you're located, you'll be connected to a different cellular network.
- You can recycle these phones (we have a lot of plans with this in the future).
I'd love to get some feedback from you guys, really respect HN and your opinions.
edit: I see in another comment that you're adding this (https://news.ycombinator.com/item?id=5840440)
Also, if you want to prevent tracking at the USPS -- ship the phones in unmarked boxes with postage purchased with cash. Don't use a return address and randomize the post-offices drops you utilize to send the packages.
When the phone is turned on, the phone communicates with cell towers. This can approximate your location. To be truly anonymous (as much as possible) you should have the phone cut ALL communication with the cell towers. When you make the call, the antenna turns on, call is made, antenna turns off.
Additionally if the phone can be configured to use wifi for phone calls, then ideally you decrease the possibility of the location being tracked.
If the phone is on in theory authorities should be able to pull records from the cell companies and track every place the carrier of the phone visited.
For added shipping security always ship from a VERY high volume shipping place. This way its hard to isolate your package, but not impossible.
I think the ideal way would be to make the device a passive satellite receiver. Then when a phone call arrives for your device, the satellite broadcasts a message which your device can passively receive which tells it to wake up and get on the cell network.
In theory you can do this with cell towers (it's how pagers work -- you may even be able to reuse the existing infrastructure), but in that case you either have to know somehow which tower is in range of the device (which obviously leaks the device's general location) or you have to broadcast on all towers everywhere (which, as wireless bandwidth increases, becomes increasingly practical since the incoming call message would have nearly trivial length).
Since pretty much every place I tried to use one on the Internet does address verification when processing the transaction, they simply don't work.
> call the number
If so, how much? Can that money be held in escrow by a third party?
Are you willing to go to jail for your customers? For how long?
If a customer orders 134 phones ($10k), will you comply with any relevant federal financial disclosure guidelines?
If served a national security letter that includes a gag order, how will you react?
Will you accept cash transactions through the USPS, with only $75 and an address enclosed?
Can you prove that records are not kept? How?
These questions are partially rhetorical, but for people who want/need anonymity, they're important.
edit, to keep questions in one spot:
How do you anonymize shipping? It's straightforward to find ways to accept anonymous payment, but how do you keep the Man from following all outbound packages from burnerphone?
What are advantages over buying a gift card with cash and purchasing a phone online or through an intermediary?
We're totally aware that we need to be a lot more explicit and include more information on our site about the product / processes / security stuff. We've been working on this for a while now, but kind of rushed the launch due to the recent press over the NSA stuff -- we figured it was better to launch early than delay.
We're actively working on answering all those questions, and will be including a page which covers all the security aspects fully in the next week-ish.
We're 100% dedicated to making this work for our users (and ourselves), and providing real security for people.
There will never be a way to prove the records are gone. It's all based on trust.
Also, your product is less anonymous than paying cash for a pre-paid phone at a store because you ship it to a physical address.
Buying this phone from you instead of NewEgg is worse for privacy because with traffic analysis it will be easy to identify the sales to you as opposed being mixed it with the 9k orders NewEgg gets a day.
Why should people trust you not to be a FBI run honeypot (like they do with warez BBS, etc. etc. ad nausium)?
Thus, these phones of yours are completely unsuitable for any sort of serious anti-Government whistleblowing, and probably inappropriate even for criminal communication, given the ease by which electronic records can be accessed by the various police authorities.
This is either a deliberate scam, or a really stupid business idea.
The old saying "two can keep a secret if one is dead" is apt as using this service only adds extra layers of things that can go wrong and are out of control of the person buying the burner phone. The only way I could see this as even potentially useful is to maybe buy the phone and store it in case its needed in the future hoping by the time its needed the trail has gone cold.
We've got copy prepared which urges users to pay with Bitcoin due to security concerns, and should have this up tomorrow.
probably nothing. this is what's known as a "value proposition"
A list of carriers I think would be useful, or a way to verify that the phone will work in your area (e.g. zip code or phone number lookup).
Also, is it US only? Any support for Canadian carriers?
It's all US only right now, we're going to include a coverage chart shortly (we didn't expect so many visitors).
We piggyback off many US carriers, so our coverage is excellent.
Any thoughts on being able to do at least some sort of basic self test without starting the 30 day count down?
The USPS would have records for this sort of thing, of course, but you could also have items shipped to PO Boxes, places that offer greater anonymity, etc.
Furthermore, it's very unlikely that within 30 days of usage you'd be tracked down / monitored and have records queried like that.
It's definitely not a perfect system, but we're working on it :)
One of the things about privacy-boosting mechanisms is that they explicitly do not make such a judgement. In other words, they refuse to deal with it on principle. The exact letter of the principle differs between the actual people implementing the mechanisms, but the result is generally the same.
I don't personally agree with it, though, so that's my limit on being able to explain it.
Great idea, by the way.
EDIT: Ooops, just saw your response to the Canada question below. Ignore this.
We're working on improving the site / product a lot, and will definitely talk about recycling. We're also considering a program where after 30 days are up, you send us the phone back and we'll get it shuffled around.
Using a physical cell phone still leaves a trace of the purchase, shipping, physical call location, cell site pings, etc. Plus in a lot of jurisdictions it is now a legal requirement to verify identity and adress with issuing phone numbers.
Using a Tor hidden service (+VPN, etc.) I could be anybody anywhere in the world. Less bits figured out.
edit: apologies if this is hijacking the thread
1.) How do you comply with E911 laws that require addresses for the end user? Whatever carrier you deal with will likely terminate any contracts it has to, upon discovery.
2.) How does the shipment process work? You may delete all records of the purchase transaction, but you're still shipping via UPS/FedEx/USPS/Etc and all of those maintain records on source/destination addresses and various other shipping details (size/weight/approx cost).
Pay-as-you-go phones bought in a grocery store are more "burner" than this.
2) He said they destroy all records in their operation, but of course UPS/FedEx/USPS/Etc will maintain records
I'm thinking either this is a spoof site where in a week's time you'll just say "Ha! Look at all this private information you just gave a complete stranger!" or it's a government-run honeypot.
I guess the only way to be sure is by not using a mobile phone at all.
I'm a programmer at a telephone company currently, and have worked in the telco industry for a while now.
I have no government affiliations at all.
Nice try CIA ops.
I'd be worried about delivery, too. I know you say you destroy customer information immediately, but if I'm truly paranoid I'm not going to trust that statement - I'd rather pay someone on craigslist to buy a bunch of prepaid phones for me.
I'm just brainstorming, but would it be possible to set up some sort of physical tor/mixmaster style forwarding that would keep the final destination of the phone from ever being known to you? I'm not entirely sure how that would work, and it would probably be open to abuse, but it's an interesting thought.
Also, could you consider posting something like rsync.net's warrant canary?
It's not perfect, but it is a nice touch.
Come on. There is absolutely no way you can convince anybody of this fact. It is impossible (and I mean this in the mathematical sense) to prove that you have no record of how it was purchased or where the phone went.
I suppose it is safe to assume that it would be unknown which SIM card is inside of the package, but having a list of recipients in a given area code and merely noticing when SIM cards came online in that area would be somewhat of a give away.
It seems like the phone would just encourage anyone performing surveillance that you are more likely to be communicating something they'd find interesting, and therefore they might spend more resources on looking at these customers.
I think it serves the public good when more people communicate in ways that can not be traced or listened in on, but I don't think it serves specific customers of this service if they have concerns about their own anonymity, and might be doing things like disclosing information about official corruption.
For example, lets say you were regularly getting orders to a foreign country which is known to be a hot spot for terrorism. Then, you have the police knocking on your door, because there has been a major terror threat in a US city, and they need to track the terrorists phones.
I can guess the answer, but just want to make the point there are usually 2 sides to an anonymous service like this.
If the service were "weapon specifically designed to kill large Rhinoceri and then instantly sever their horns" or "phone that will encrypt and forward only narcotic-trafficking-related conversations," this point would be valid.
Learning that the call had been made with an AT&T calling card... they used the serial number of the calling card used to make the call, and learned that the card had come from a different [Panama City] Wal-Mart store than the card used for the Massachusetts calls. Using Wal-Mart's records of the second store, the cash register, and time of the purchase of that card, the police were able to find surveillance camera video of the transaction. Unlike the Massachusetts investigation, which had gone cold when surveillance video failed to show the purchaser because the cameras were trained on the parking lot and not the registers, the cameras at the particular store where the card used in the Mount Washington call was purchased were trained on the cashiers.
The buyer in the video was wearing a correctional officer's uniform for the private security firm Corrections Corporation of America. Video and stills from both Wal-Marts were compared and the same man was seen entering and exiting the Wal-Mart at the time of the earlier purchase. The police used this footage to produce a front-and-back composite image of the suspect, and subsequent queries to the private correctional company's human resources department led to the identification of the buyer as David R. Stewart.
- You can order the product online without making a physical appearance anywhere.
- Many of the prepaid cell phones in physical stores come with the SIM chips activated -- so the phone's location has already been broadcasted to cell towers and is pre-registered, making it slightly less anonymous for the end user.
- We're going to be accepting bitcoin in the near future (we're finishing that integration now), so we hope to compete with cash purchases in that regard.
- You can recycle these phones like you would normal phones.
- We piggyback off a ton of different US carriers -- so as you move around you'll be swapping between various carriers in your region.
We're implementing bitcoin purchasing right now, will have it ready by tomorrow.
Sorry for the inconvenience =/ I realize it's not perfect, but we're working on it ^^
I wish you all the best!
We launched this early due to press on the subject, which is why it's not as polished as we'd like it to be =/
So prematurely launching an incomplete and unvetted security/anonymity product to profiteer from momentary spikes in hysteria and paranoia is disingenuous at best. Besides all of the issues of payment, shipping, trust, legality, etc. that have already been raised, what is your companies qualifications to provide for secure/anonymous service?
It may not seem like much, but it's actually everything. Social network analysis gives a significant amount of information about peoples' activities, even if those activities themselves are encrypted.
You could get a Tracfone with some starter minutes for $10 and a 50 minute card for $10 with cash. The 50 minutes actually becomes 100 minutes due to Tracfone's 2x minutes promo.
Yes, this isn't 'unlimited' usage, but the whole point of a burner phone is to use it for one time communication, NOT for normal, regular comms over a 30 day period. You're just asking to be tracked if you did that anyway.
Seems like you would just be paying for a burner phone in a pretty box and pretty service when you could go out and buy one yourself.
Also, the burnerphone.us whois indicates that it was registered less than a month ago in May 2013.
You look like crazy paranoid to me, as if you all are trying to hide something from a criminal or a law enforcement.
I bet there are lots of North Americans complaining of this PRISM an Verizon thing, but at the same time is using Foursquare and every cool internet location-based mobile app you also created.
There is a dictate in my country that says (in other words) that "If you are innocent then you have nothing to fear."
This BurnerPhone service would be used only for criminals in my country. I see no use for innocent people. This is too much even for people that have something non-criminal action to hide, like cheating your spouse.
If you have fear of your government watching you, then it's better to move to another country or live like a monkey in the forest. Burn your social security card and go live as if you didn't exist for your government.
People will already be committed to going out of their way to obtain extra privacy. Figuring out how to use bitcoin for the transaction will seem like little additional effort.
One of the things to keep in mind, however, is that even if you order this phone and use it, it's highly unlikely that any organization will be able to track your phone within a 30 day period -- and even if they do, and they realize the phone is a BurnerPhone (unlikely), if they come talk to us we have no records of which phone was sent where, or even where things are shipped.
They'd have to query the USPS, and then they'd have to speculate as to which phone went to the person in question.
We value our privacy HIGHLY, and wouldn't be open to selling out. We'd much rather just close down the company than destroy our core principles.
Just negotiate in opposite direction :-)
(Congrats, of course)
I have it a little bit better, but not perfect.
For 15 euros I will get phone + prepaid card. I can buy it from any local gas station or kiosk or mall, I can have some homeless to buy it for me.
Prepaid over here means, it is as simple as old school phone cards. No name, no bank accounts, no contract, no credit/debit card. Cash and goodbye.
I can also allow roaming just by sending sms to specific number(if it is not allowed), it will work almost everywhere(although the prices will be pretty high)
(source(sorry, translator don't work with https
- Unlimited talk and text for 30 days.
- 16 hour talk time.
I'm confused. Which is it?
You get 30 days of unlimited talk / text, so if you talk for more than 16 hours on the phone you'll need to recharge using the charging cord that comes with the phone.
Sorry for the confusion there.
Perhaps this might be a business opportunity for the North Koreans?
Services such as these attract the paranoid and the criminal in large enough amounts that they make great ways to catch criminals without having to do any leg work whatsoever.
Sell burners, track all of them via GPS/monitor all calls/use microphone to record real life conversations at random times then use said data to bring people down.
The same could be said for bitcoin exchangers, former liberty reserve exchangers, seed boxes, private VPNs and a host of other "secure" services. I'm not positively stating that any of these kinds of services are actually honeypots, but it probably should be something that one considers before using them for more nefarious purposes.
Makes you wonder what you can really trust. Probably nothing.
Honeypots all round! No wait, it's a trap!
What are the regulations?
If the gov't wants to track down the owner of a phone, what do you do? Just say that you don't have that information?
I see two possible outcomes of this business model:
1. The gov't catches wind, demands you keep proper records and you say "no" so they shut you down.
2. The gov't comes to you asking for identifying information for a customer, you say "no" and they shut you down.
I honestly don't know that much about it, so I can't claim that these two are the only possible outcomes.
Can you provide more details? What are the regulations? Do you have a plan if the gov't comes knocking?
I'd be far more worried about the credit card transaction and ISP log from buying this online than I would be about a camera in the grocery store. Of course you could TOR the browsing or use a library computer. And maybe eventually they'll add support for non credit card payments that can't be tracked. But throwing on a hat and some sunglasses and heading to your neighborhood 7-11 seems a lot easier (and cheaper).
Here are some legal, or questionably legal but morally correct things you may use this for, in the modern day US: you would like to notify news organizations about a secret NSA spying program, but don't know who to trust, since some news organizations may hand your information over to the federal government when pressured to do so, to root out the source of the leak.
You are a lawyer for a detainee in Guantanamo. To collect evidence, you need to contact several people who you know are on terrorist watch lists, but want to avoid being placed on such a list yourself and be restricted from flying.
You have are in the process of divorcing an abusive husband who is a high-ranking FBI official. You want to be able to contact your lawyer and his, without worrying that he may abuse his authority to find out information about where you are now living.
You are a founder of a whistleblowing operation, which has recently done a large exposé on US forces killing innocent children in the Middle East. You would like to keep in touch with your friends and family, without them also being added to watch lists that cause all of their electronics to be confiscated every time the fly.
You are helping to get information out of China about human rights abuses about Tibet. Given that the Chinese government has done hacking deliberately targeting surveillance back doors of networking systems of US companies, you worry that they may be able to track you.
The general citizen is not going to win a spy game against the NSA. Our only hope of preventing something like this from happening again is to put legal penalties and precautions in place to make sure that the government does not overstep its bounds. Using burner phones isn't going to accomplish anything.
Crypto, on the other hand, is theoretically possible, as far as I know. There may be holes in what's currently out there, but there's no reason in theory you can't end up with a crypto solution that the NSA can't crack. And I see no reason to think that you can't do this now. The idea that the NSA has cracked RSA or AES or whatever is just a little too out there IMO.
Burner phones are not crypto, but they are a good idea for similar reasons.
We'll have bitcoin support by tomorrow.
Right now our site only sells the phone + chip together, but we can sell both the hardware phone and SIM chips separately as well (3 day, 7 day, 14 day, and 30 day SIM chips).
Due to our early launch (this is our MVP), we don't have those advertised on the website yet (although, if you email us, we can arrange something).
Then we could order in bulk, use a temporary address, and have enough for a year's anonymous talking without needing to make another order..
I guess the modern adaptation is, "Don't deal drugs — sell phones to the drug dealers."
Destroying the transaction on the vendor side is useless.
The paper shows that 95% of cell phone subscribers are personally identifiable from VERY little spatio-temporal information.
Another issue is that an upstream vendor could easily provide the government with the phone IMEIs and SIM IMSIs that they supply to BurnerPhone, without disclosing this to BurnerPhone. This would create a pool of phones that are self-identified as high-value surveillance targets.
If I was in charge of identifying miscreants for a nasty regime, I'd also watch for SIM card changes (an IMEI whose IMSI changes on a regular basis), and I'd especially look for cliques of handsets that showed the same SIM-changing behavior. As such, I can't help but wonder if swapping SIM cards might generate unwanted attention.
This seems kind of sketchy to me considering how CDMA networks currently work:
"These systems were designed using spread spectrum because of its security and resistance to jamming. Asynchronous CDMA has some level of privacy built in because the signal is spread using a pseudo-random code; this code makes the spread spectrum signals appear random or have noise-like properties. A receiver cannot demodulate this transmission without knowledge of the pseudo-random sequence used to encode the data. CDMA is also resistant to jamming. A jamming signal only has a finite amount of power available to jam the signal. The jammer can either spread its energy over the entire bandwidth of the signal or jam only part of the entire signal."
CDMA allows multiple towers to handle network traffic. Implying there's only one tower handling the traffic seems flawed to me. I could be wrong though. This was the issue I was trying to bring up.