This is correct. We talked about canaries a bunch internally and came to the same conclusion-- not really worth it in this context (but please do offer up a model that makes sense if you see one).
I came to the conclusion the best we can do is what you see in our privacy policy: we notify our users when we're served with legal process that is not subject to a gag order, and we pledge to push back on any law enforcement request we receive that is not properly formed or narrowly tailored as required by law. I'd love input/ideas on how to be stronger here.
This is right. Deploying our own packet core and IMS core, building our own BSS from scratch. All of this stuff is expensive (and hard). We're hoping to be able to bring the price down over time.
Doyle here :) I'm very proud of my military service!
Prior to Cape, I led the national security business at Palantir. That experience was actually the catalyst for Cape. It’s where I first learned about the massive array of vulnerabilities that exist in our current cellular networks. I saw how those gaps impacted not just government organizations, but everyday people, and I realized that the mobile phones we carry every day are perhaps the single largest risk to our privacy.
I needed that experience to understand the depth of the problem, but once I left to start Cape, that connection ended. Cape has no ties to Palantir. We aren't a subsidiary, we aren't a "front," and we don't share data with them. The only thing we took from Palantir was the desire to fix a broken system. If you want to see me and some of the rest of our founding team talk more about this topic, you can watch this video on our Instagram page here.
Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
We are a group of individuals who deeply value privacy. That mission carries across everything we do, from our work with the US government and allies, to everyday people, and everything in between.
We partner with non-profits to support victims of domestic abuse who are facing cyber-stalking and digital harassment. https://www.cape.co/break-free
We are a young company growing exponentially, and we don't plan on slowing down. We know we have to earn your trust every day. The truth is, no one else is building a high-quality, first-class solution to these specific cellular problems. We are committed to being the ones who do it right.
Someone doesn't need to work for Palantir or the military to understand that cellular security is fundamentally broken and completely insecure.
That is a lot of highly polished for the camera media you dropped into that post. The way that you word things, such as "Cape is not a honeypot." but don't delve any deeper, to start, gives someone less than zero confidence or trust in your words.
I have seen enough in the industry to say that your words are meaningless.
John's account was throttled since it's new. Posting this on his behalf.
----
You're right that you don't need to do those things, but I would argue that my background made me uniquely situated to understand and care about these problems deeply enough to spend years of my life building a company in response.
I say "Cape is not a honeypot" a lot just so I don't appear to be mincing words. If you want to delve deeper on how we treat customer data, a couple of good resources are our privacy policy: https://www.cape.co/privacy-summary
Yikes, sorry guys (I'm a mod here). I've marked his account (and yours!) legit so this won't happen again.
It's my least favorite thing about HN that high-quality new accounts, such as founders jumping into threads about their work, sometimes get throttled by the software. Gah.
> but I would argue that my background made me uniquely situated to understand and care about these problems deeply enough to spend years of my life building a company in response.
Maybe but this line of argumentation also opens the door to more criticism. Anyone looking at Palantir from the outside only knows their reputation and involvement in unsavory projects before taking a job. You chose to take the job with that knowledge covering most of your field of view. You stayed to work for that company contributing to that kind of work. That's a signal that's brighter than the valuable experience you gathered there. Tech can be learned but the values needed to support or even tolerate Palantir's activities don't get easily changed.
The premise of your company pivots on trust, not technology, the same tech is known and available to everyone else too. And it's trust in you that you will do what you say, not that you can do what you say. The latter is a given, you clearly have the knowhow. The former is putting any promise in doubt.
> Cape routes your traffic through our US-based mobile core.
This sounds like an anti-feature when it comes to privacy or the paranoid.
> I say "Cape is not a honeypot" a lot just so I don't appear to be mincing words.
I appreciate you saying it but Crypto AG probably also said that a lot (figuratively).
> Cape does not keep this data.
Unfortunately you are limited in what you can do here. Having or processing this data for any amount of time, even without keeping it, puts you in the position to be compelled to provide it.
This is valid feedback and it’s on us to earn trust over time through our actions. I will say that Cape is a company of almost 100 people from many different backgrounds. Prior to Cape I spent almost a decade at DuckDuckGo. We’re a group of people that is frustrated with the status quo in the telco industry and want to do better.
One of the efforts we’re working on now is an audit of our data retention claims. We recently posted an RFC on Reddit if anyone from this community has input: https://www.reddit.com/r/CapeCellular/s/zTn7HQ0emo
We plan to continue to do more things like this that increase transparency and build trust over time.
What can be open sourced (GrapheneOS) already is, and the remainder is business logic that they have described for the MVNO that is likely carrier specific and tied to the oddball MVNO platform they are using.
Very hard to make the latter usable by anyone else IMO.
> The way that you word things, such as "Cape is not a honeypot." but don't delve any deeper, to start, gives someone less than zero confidence or trust in your words.
> Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
I'm sure you know this, but for others who may not: there's a history of splashy new mobile operators which promise security and privacy as their core feature, but turn out to be a front for law enforcement. https://en.wikipedia.org/wiki/Operation_Trojan_Shield is the preeminent example.
There are also people working in this space who are cranks and morons. In summer 2023, I had a phone call with the founder of a well-known startup founder from the dot-com era. He was trying to launch a privacy-focused cell network and messaging software. But everything about his approach was wrong, almost to the point of being an anti-solution to the problems he was trying to solve, as if he was totally unaware of the past 20-30 years' worth of learning about end-to-end encryption and mass surveillance.
He was also a conspiracy theorist: during our call, he repeatedly and unironically referred to a documentary film created by a well-known convicted felon and serial liar, as a source of credible information about the world.
> We also work with the EFF to provide investigative journalists and activists with free Cape service so they can do their work safely. https://www.cape.co/journalists-and-activists
Hey thanks for the question! I was indeed an Echo. I loved my time in SF, and I learned a lot about being a good teammate and doing hard things in ambiguous environments, and a bit about secure comms. The first two will help at any startup, and the 3rd doesn't hurt at Cape...
Only you know if you want to jump into SFAS. I knew I'd always regret not doing it, which made the decision easy for me.
Several years ago in the UK, giffgaff had a similar plan (throttled to 384 kbps after 80 GB throughput) which they called “always on”. I thought that was a good linguistic compromise.
It's not. We chose this baseline sort of by default based on the practices of some other major carriers. Your question is a good one, and we'll take it as feedback.
I would be a lot less worried about signing up for that plan if I could soft-cap myself at 10GB until I login to the app and push a button that says "yeah for real I'm going to use another 10GB of mobile data", so that if iOS goes bonkers and tries to download my entire 90GB iTunes library over cellular, it doesn't fuck me over for a month. I haven't exceeded 7GB/mo intentionally for years, but it's happened twice so far against my express wishes, and carriers are uniformly awful at that.
This is good feedback. We don’t want caps and throttling to be a blocker for signing up and using us. Since we’re at a premium price point we should economically be able to be a lot more generous than existing carriers.
Yeah. As a olde ex-carrier type person, I want burst mode unlimited, I expressly do not want continuous saturated unlimited, if that makes any sense. So if you tune the service to warn me “you’ve used 10% of your cap in five minutes so we’ve slowed your service down temporarily, respond with YES if this is intentional and we should speed it back up, otherwise it’ll reset in the morning”, that would be an example of best in category service that’s on my side rather than the carrier’s overage fees profit line item.
I don’t mind that you have caps, I consider caps to be a marketable form of 90th percentile billing to consumers, so please don’t take this as “remove all caps” — but definitely find an in-between that’s more nuanced than “you reach arbitrary threshold 50G at 1gbps 5G and so it only took 8 minutes and 40% battery, too bad so sad now your entire month of data is at DSL speeds”. (This sarcastic tone is not a critique of you! but of the general carrier practices that leave me worried about you.)
In a dream world my usage percentile for the past 30 days would be inversely proportional to my bandwidth speed so that momentary usage to download a software update had no meaningful impact, but running nonstop continuous data for four hours straight caused a measurable drop in bandwidth (which protects my battery and the network health). It’s not fiber-optic or fixed-installation wireless and I do respect the shared base antenna capacity problems!
I don’t think keeping the status quo of throttling caps will stop anyone from signing up. As long as it’s not any worse, I don’t think it would deter me due to the other features you offer. The main reason why I don’t change is my spouse and kids don’t care about privacy and I can get them service for cheaper!
I don’t really think about caps all that much except in theory. I would love speed tests to be excepted from caps, but I get why that isn’t always workable.
I would like to try Cape. How do guys deal with IMEI tracking from folks like Google when i search or use their email? Or that one is beyond your control?
I thought access to IMEI and IMSI was pretty heavily restricted starting with Android 10. Graphene [1] makes a few extra restrictions beyond AOSP [2], but it's been around for a while now.
To get access to IMEI and IMSI, you need to either be a carrier app, allowlisted, or grant the `READ_PRIVILEGED_PHONE_STATE` permission.
Unless Chrome is running at a system level in AOSP or some OEM specific firmware, I wouldn't expect it to have `READ_PRIVILEGED_PHONE_STATE`
This Anom comp comes up a lot. It's super hard to prove a negative, so no matter many how times I say "Cape is not a honeypot," the critics will just respond "that is exactly what a honeypot would say."
We're working on some ideas to address this with audits etc, but it will always be tough. However, if you like the idea, and like the features, then maybe it is worth your time to do the work and get comfortable with the company. Because we're the only ones providing some of these features, and we have a lot more in the hopper still to come. I hope we can win your trust at some point.
I have no particular reason to trust that you aren't a honeypot but I'd like to point out that I also have no particular reason to trust that any other cell service provider isn't. In fact given the recent e911 location data sale scandal I generally assume that all of them are.
Even if it turned out that you were in fact a honeypot, protection against SIM swapping and encrypted voicemail presumably both provide security benefits regardless.
It's similar to the situation with VPN providers. The provider could literally be the NSA themselves and I'd _still_ most likely see security benefits from using it (unless the NSA happens to be my adversary of course).
You don't have to prove a negative, but if you want real trust from actually paranoid people, you will have to give up keys to the kingdom and work hard for it.
All your software/hardware would need to be open source, you would need to be regularly audited by neutral third-parties, actively work with the community to provide paranoia-level ongoing transparency reports and continuous improvements that the community wants to see, be willing to adopt many suggestions given by smart people, and just in general stop using your words to tell people you're serious, and use your actions to show it.
If someone says they are skeptical of XYZ, ask them what they would accept as proof, and then provide it.
Good luck! It's a tough sell and some people won't accept that there are people from the defense sector that really care about the Constitution. Transparency is proly your best friend. But once you sign a Qualcom or carrier NDA, you are pretty tied-up as far as open-sourcing things or transparency, I'd imagine. Still, keep up the good fight!
The issue I’m having is that the morals of someone who would work for a planteir and people who would be in the military are not the morals of people who are advocates, or even might have a moral understanding, of the importance of privacy. I can imagine you creating the service because you see the market demanding this privacy, but what bothers me is that you worked for these companies in the first place.
Like others explained here, it’s amazing that you didn’t know these problems existed before you worked for at Plantier. If you could explain your migration from delusion to insight in a personal way of that might help me a bit more. In fact, if you said Plantier was an evil company, I might have even more faith.
If someone elsestarted this company who had a long history in privacy outside of the government, my take would be a lot different. In my humble opinion, I think you don’t really care about privacy. You’re just taking advantage of a market niche. And what can I say but that’s capitalism so good luck.
It would be better if you used your inside knowledge to fight for laws banning these practices by all the telcos.
Great question. The product is basically the same-- it's a cell phone network and we sell connectivity to it.
A helpful thing to keep in mind is that everyone has basically 2 use cases for their cell phones:
1. Send and receive calls and SMS
2. Connect to the internet
Whether you're a national security professional, an investigative journalist, or an average consumer who values privacy, that's what you do with your phone. So if we can build features that make you more secure and more private across those two use cases, we have a product that can help both government and consumer users.
Sometimes when people ask the "conflict" question they mean some version of "but doesn't the government then ask you for a backdoor to get all the data?" All we can really do here is stand by our privacy policy. We store the minimum amount of data possible, we promise not to sell your data to anyone, we notify our users if we receive legal process on their account that is not subject to a gag order, and we pledge to push back on any law enforcement request we receive that is not well formed and narrowly tailored as required by law.
The backdoor/honeypot fears are often related to the Anom story that came out a few years ago. It's not a perfect rebuttal, but the reporter that broke that story has written about Cape a couple of times. You can read those articles here:
Similar to OP – I appreciate you hanging around and answering regardless of how hostile it feels.
We may or may not be convinced by the details you're able to give us, but regardless of that you've made the discussion more informed, technical, and less speculative, which is in the best spirit of HN.
Hey, John Doyle here (CEO of Cape). I'm happy to dig into how I run the company, or the infra providers we use. I actually think we're pretty upstanding! If there are questions I can answer that will put your fears to rest, let me know.
Can you please respond with a full throated opinion of what Palantir is today? This seems to be what everyone is thirsting for and what you are perhaps inadvertently dancing around.
I'm 4 years removed from the company at this point, so any opinion I could offer would not be much more than any rando on the internet reacting to news stories.
I came to the conclusion the best we can do is what you see in our privacy policy: we notify our users when we're served with legal process that is not subject to a gag order, and we pledge to push back on any law enforcement request we receive that is not properly formed or narrowly tailored as required by law. I'd love input/ideas on how to be stronger here.
reply