Blackphone (opens in new tab)

(blackphone.ch)

408 pointsjorrizza12y ago204 comments

204 comments

The privacy issue in smartphones isn't the freaking application processor running Android. Sure, that ones terrible enough.

But the actual problem is the baseband processor running completely non-free software, with an enormous attack surface and access to all the interesting periphery (GPS, microphone). There is not just opportunity to compromise your privacy, Qualcomm and others actively implement such features at the behest of governments and carriers.

Oh, and if you plug that enormous hole, you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS):

http://www.youtube.com/watch?v=5B7XyVWgoxg

Carriers can do this today. (edit: that's a bit nonsensical, because carriers of course already know your cell id. Anyone with the ability to run a fake basestation momentarily (think IMSI catcher) can do this.)

lazyjones12y ago

Absolutely correct. This is why such a device should isolate the hardware components used for communication from the main CPU/device, consider the former "hostile" and communicate with them using a simple, safe interface (like USB or serial). Using a throwaway external 3G/LTE adapter (USB) would be even better. This way, a compromised baseband processor or SIM card cannot access the host's memory (using DMA like in current smartphones) and as long as the host uses secure encryption, it can still communicate securely (but of course the device will be detected and identified).

bergie12y ago

I think this is essentially what N900 did. The GSM part was handled as an external modem so that people would be free to have root on the rest of the device.

http://flors.wordpress.com/2009/08/27/software-freedom-lover...

rdl12y ago

The solution is for your phone to not be a phone. Strip out the baseband entirely, use usb or wifi to a 4G LTE dongle, do VoIP. Extra benefit that you can explicitly know when you're radiating (and thus being location-tracked).

Blackphone is pretty lame, IMO. There's something better coming from a trusted source in weeks, and plenty of work being done on the "there is no phone" phone concept.

bwooce12y ago

"Strip out the baseband" of a dongle and you won't have a device that can connect to the network, authenticate, shift cells or anything else. It's like stripping the firmware off your disk drive.

Fully support the initiative for an open baseband. One reason it's not open is the (fairly legit) fear that intentional and unintentional DoS attacks would occur, affecting everyone in the area. It's really really simple to be an obnoxious cellular network citizen and it's pretty damn hard to police.

Baseband bugs that impact networks are common too due to the complexity. I saw a function point analysis of GSM vs 3G once, seem to remember 1-2 orders of magnitudes difference. Ahh Function Points, you flawed devil of a management metric.

3 more replies

tucosan12y ago

> There's something better coming from a trusted source in weeks...

Could you provide more concrete info on what you are referencing there?

1 more reply

ABNWZ12y ago

>There's something better

Is this IndiePhone by Aral Balkan?

1 more reply

XorNot12y ago

Except nobody wants to carry a dongle around in their pocket. Your security measure is useless if it's too much hassle to use day-to-day because most of the time (closing in on 100%) it does not matter.

1 more reply

Canada12y ago

Do tell, what's coming in a few weeks?

kybernetyk12y ago

Hmm, I'd say the real privacy issue is the user who installs and runs all those Facebook, Twitter, LinkedIn, etc. apps and freely shares his private information with everyone.

You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.

brudgers12y ago

There are two different connotations of 'privacy' that are often conflated in discussions about Facebook, Google, etc. Conflating them probably obscures the more important connotation to the benefit of such companies' bottom lines.

The first connotation is the one my mother warned me about. It's Facebook photos of that tequila weekend in Tijuana and those two PM Tuesday tweets from the beach bar when I called in sick to work. These are things that require personal judgement in regard to what I say. Self-control addresses this type of privacy.

The second connotation of privacy is newer, but still nearly twenty years old. It entails concerns regarding information collected about my actions beyond what I explicitly choose to broadcast. It's cookies in the browser [and their more sophisticated descendants]. It's my browser linking my Google+ account to my browsing history at lesbiandwarffurries.com.

Privacy issues of this second type are assumed to be normal when they are considered at all - why doesn't my browser sandbox cookies for each website? Or rather why isn't there a browser that does so? The same logic underpins the Blackphone - sand boxing unrelated parts of the system so that privacy is a matter of personal judgement rather a battle against a technically sophisticated adversary.

2 more replies

sushirain12y ago

No. The problem is not the common user who just follows common hardware and software. The problem is common hardware and software, which put security last.

2 more replies

na8512y ago

Came here to say this exactly. The world needs an open-source baseband processor/firmware.

dobbsbob12y ago

Osmocom baseband tried this. Works on older motorola phones, then just buy a turbosim with encrypted voice, sms and code your own OTA blocking. Or use a small tablet with no sim using wifi

f_salmon12y ago

> But the actual problem is the baseband processor running completely non-free software

True, and once that one will be made open-source too, there's still the NSA tracking mobile phones worldwide and generating all kinds of privacy-invading data based on it:

http://www.washingtonpost.com/world/national-security/nsa-tr...

(And until that is resolved, my mobile phone will stay in flight mode only.)

So once again, while tech may help in the short term, long-term solutions will have to be structural/systemic ones regarding government in general.

pyre12y ago

> once that one will be made open-source too

The point made elsewhere in this thread is that even an open-source implementation can be exploited. If the baseband is tightly integrated, then that exploit gains the attacker full access.

From a security perspective, even a closed-source baseband could be ok as if it has proper separation from the rest of the system (though open-source would obviously be better).

treenyc12y ago

by looking at the video I know some of the people in Spain who are involved. They are in Bilbao. We did a consulting project with them in 2009. They are more in the creative educational industry.

I am not sure about the technology, however from look of the video I can say it is mostly aim at non-technology experts, with nice fancy design.

Can I ask what kind of people do we need to design all the chips hardware such as baseband processor, using open source design?

And what are HN opinion on Silent Circle?

dobbsbob12y ago

Silent Circle is for business use to avoid industrial espionage. If you are an activist or suspected criminal I would imagine they would cooperate with any court order to feed you a malicious update that allows federal access just like Hushmail does. They swear up and down this is impossible but it's a for profit business they arent going to risk it protecting whistleblowers, wanted hackers or enviro activists. Redphone at least you can build it yourself and prevent targeted updates

reedlaw12y ago

I totally agree that adding privacy features to what is essentially a tracking device isn't addressing the right issues. Why not start out with simply a free, private laptop? Something that uses Coreboot and doesn't require any firmware driver blobs. This is something that so far, only one Chinese company has been able to do, albeit producing only a rather underpowered model [1]. Where are the private laptops that rival the Macbook Pro?

1. https://en.wikipedia.org/wiki/Lemote#Netbook_computers

ThatGeoGuy12y ago

You appear to have missed the article by the free software foundation where they approved another, fully free computer.

See: http://shop.gluglug.org.uk/

0xdeadbeefbabe12y ago

Yes, the other OS is way worse. "You can even brick phones permanently" --http://www.osnews.com/story/27416/The_second_operating_syste... which was on hn recently.

gr3yh4712y ago

the sub-OS was my immediate thought when I saw it is an android device.

joosters12y ago

Completely useless web page. All wooly 'feel-good' words and no hard, concrete information. So I guess we just have to take it on trust then?

Also, their privacy policy is laughable:

We turn the logging level on our systems to log only protocol-related errors - great!

the pages on our main web site pull in javascript files from a third party. This allows our web developers and salespeople to know which pages are being looked at - so instead of keeping your own logs, you are outsourcing this to a 3rd party with worse privacy policies, and who can now aggregate your website usage with other sites.

Why didn't they just keep logging on and get rid of the 3rd party bugs?

tomp12y ago

Well, Silent Circle is based in Washington DC, so even if they were keeping logs themselves, it wouldn't be much of a privacy reassurance...

daliusd12y ago

This web page is clearly marketing page not technology information page. They simply try to gather information if there is interest/demand for something like this. LEAN startup :-)

panacea12y ago

"Blackphone is re-shaping the landscape of personal communications. Pre-ordering begins..."

How is it re-shaping anything before it's started shipping?

yitchelle12y ago

"Pre-ordering begins..." is letting folks their idea validating strategy. I wonder what the threshold is going to be, 100, 500, 1000 or more pre-ordered phones.

1 more reply

izolate12y ago

Come on, this can't be the first time you've encountered shitty marketing lingo.

jlgaddis12y ago

They should have s/re-shaping/disrupting/g if/when the referrer is HN.

notdrunkatall12y ago

Do you even marketing, somewhat obtuse bro?

Torn12y ago

Expecting people to write their own metrics stack for a promo site is a bit OTT - there are a lot of good analytics stacks out there which let you get up and running very quickly, complete with dashboards, metrics, etc.

icebraining12y ago

You don't need to write your own, just self-host it: http://piwik.org/

EthanHeilman12y ago

I'd really like a phone that had the following features:

* physical switches for GPS, WIFI, Radio, Camera, Mic, write/read access to disk (go diskless),

* a secondary low power eInk display that is wired directly into the hardware that shows when the last time GPS, mic, camera were turned on (and for how long) and how much data has been sent over the radio and read from disk,

* a FS which encrypts certain files with a key that is stored remotely. If your phone is stolen you can delete this remote key. The key is changed on every decrypt. You also get a remote log of all times this remote key was accessed.

* hardware support for read-only, write-only files,

* hardware support for real secure delete on the SSD,

* the ability to change all my HW identifiers at will (IMEI, SIM, etc),

* a log, stored on a separate SD card, of all data sent and received using a HW tap on the radio/WIFI. The log should be encrypted such that only someone with the private key can read it (public key used to encrypt an AES session key which is rotated out every 5 minutes). If you think someone has compromised your phone you can audit this log for both exploitation and data exfiltration. Since the log is implemented in HW, no rootkit can alter it.

buro912y ago

Well, this is just a splash page and says very little.

It's in partnerships with http://www.geeksphone.com/ which is FirefoxOS based. But yet the Blackphone splash has an image of a phone with Android buttons.

They claim no hooks to vendors, so if it's Android I can't imagine this is going to carry the Play store.

I'd be interested in knowing how they will secure and make private the core functionality of being a phone and sending email and text, all of which are insecure.

On that, I'd speculate that this is just pre-loaded with Silent Circle apps, and maybe will be announced as having DarkMail and a choice of RedPhone.

But... there's no info at all really, so who knows what this is.

The only problem they really have to solve is the eternal question of: Is it possible to provide real security and privacy whilst providing convenience?

infinite_snoop12y ago

From the video: "PrivatOS is the Android you are familiar with"

higherpurpose12y ago

Text- in a similar way TextSecure did it, would be my guess. They have something called Silent Text, and they're using the ideas here I believe:

http://eprint.iacr.org/2014/036.pdf

Email? They've announced the DarkMail protocol last year, and should be coming soon:

http://darkmail.info/

https://www.youtube.com/watch?v=IgV_Z6V_llk

girvo12y ago

Geeksphone actually made Android phones originally.

_wmd12y ago

As others have pointed out, the baseband is not your friend. Was thinking about this recently, and saw no reason why existing POCSAG (pager) networks couldn't be reused to provide a completely passive receiver. Imagine a phone where the baseband was off by default, unless attempting to make a call. Voicemail/e-mail summaries were broadcast encrypted via POCSAG, and generate notifications just like a new mail summary coming in via GPRS/3G would.

Obviously usability would suffer a little bit (mostly in huge latency when you actually wanted to make a call), but seems like very cheap phone could be built that integrated a pager, allowing complete disconnection from the 'active' radio network, avoiding location tracking by your cell provider, or similar evil tricks by third parties.

this_user12y ago

> " Imagine a phone where the baseband was off by default, unless attempting to make a call."

Except if everyone started using a phone like that, you wouldn't be able to call anyone.

pyre12y ago

You'd page them first!

noselasd12y ago

I'd imagine the POCSAG network would be quite overloaded, quite quickly. It doesn't have a lot of bandwidth, and unless the network knows where you are, messages destined to you would have to be broadcast everywhere.

joncp12y ago

Secure? They're rewriting the baseband, then? Color me skeptical.

tombrossman12y ago

TeMPOraL12y ago

+1, the phone won't really be private if they won't deploy a new baseband chip that allows for this privacy (and is open-source, so that we could check it).

Trufa12y ago

I agree with the fact that the website is still a little bit unspecific but this project is backed by Phil Zimmermann, he was the creator of PGP, it doesn't guarantee anything but it definitely means some smart people who are worried about privacy are behind it.

apunic12y ago

Android having the most granular permission system ever seen on any operating system is already the most secure operating system.

The biggest security hole next to the baseband processor and the SIM is the user who installs every app in seconds without checking permissions.

drdaeman12y ago

Not even remotely granular. Install XPrivacy[1] (which is still not granular enough for me, as it lacks filtering over function arguments) and see that categories are very broad.

[1]: https://github.com/M66B/XPrivacy#xprivacy

magic_haze12y ago

Argument-level filtering would be awesome, but I don't know, the existing app+function level filtering seems to be working fine for me so far. The only real complaint I have with xprivacy now is the atrocious UI, and I'd really like some way for it to automatically fetch filters from somewhere so I don't have to bother with the permissions every time an app updates.

tomp12y ago

Not really, iOS permissions are more granular sometimes - iOS will ask you before an app accesses your phonebook, and you can deny the access. You can't do that with Android.

apunic12y ago

> iOS permissions are more granular sometimes

Not true, http://developer.android.com/reference/android/Manifest.perm...

1 more reply

GrinningFool12y ago

https://www.blackphone.ch/hello-world/

I'm sure there's logic there - powering a very basic non-informative landing site with a WP installation that you took the time to customize, but not delete the default post and comment from...

But it certainly doesn't give me warm fuzzy feelings about the people behind this.

Duhck12y ago

I don't really feel like a slave, maybe I am under reacting here. I am pissed the NSA is collecting data, I am upset at all the recent revelations we have had about data privacy in the last 6-8 months, but I certainly don't feel like a slave.

These products should be advertised on theblaze and infowares.

Sure there is a need for better privacy, but I don't really care for the fearmongering...

darklajid12y ago

I'm weird enough to be interested in these kind of things, but the whole site is really .. just fluff. Ignoring that and focusing on the sparse details of the actual thing:

- High-End Android device

- Privacy features in the (custom) Android version

- "Secure communication builtin"

Again, I like the idea. But so far the details match CyanogenMod (with TextSecure for SMS, maybe XPrivacy on top)?

soci12y ago

Yes, looks like an Android powered device. So, at the end is just another OS right?

One of the big drawbacks when I first started my nexus5 was that I was being spyed. Why the hell do I need a gmail account to get started?!

I wonder if it would be possible to install this Android flavour in a Nexus device ?

redacted12y ago

You don't actually need a gmail account for what its worth - Google just makes it difficult. On the screen where it requests a login you (seriously) need to tap each corner of the screen in clockwise order starting from the top left. That should skip the step.

1 more reply

higherpurpose12y ago

Unless someone forks it, and builds support for your phone's drivers in it - then it's not possible.

c1sc012y ago

How does this protect me from my carrier? No matter which phone I use they still need to record who I call for "billing purposes" and know which cell is closest to route my calls.

deno12y ago

1) Buy prepaid card with data plan.

2) Access Internet (and VOIP) only via VPN or better yet TOR.

3) Only give out your VOIP number. No one must know your direct number, it’s only for emergencies.

This severs all the important connections to make any use of that data, assuming you don’t have any leaks.

thrwwyusr54312y ago

To expand on this, does anyone know of a reliable service provider (accepting bitcoins is a bonus) for SIP Trunking[0]? Or any VoIP workflow that can perform calls to PSTN[1] (the regular landline/mobile telephone network). Or even any VoIP provider that offers a basic answering service, where the voice mail box can be checked over the internet a la google voice/skype voicemail?

[0] https://en.wikipedia.org/wiki/SIP_Trunking

[1] https://en.wikipedia.org/wiki/Pstn

Edit: A quick search gave me this[2] by Plivo. Does any one know of any other options?

[2] http://plivo.com/blog/sip-trunking-to-replace-my-landline-ph...

2 more replies

msh12y ago

You could use p2p VoIP.

sdoering12y ago

Not in Germany, where opening your WIFI makes you liable for all the things that might happen with this.

But only if you are a private person (or a small cafe/venue). If you are an ISP, you can operate hotspots wherever you want and charge whatever anyone is willing to pay. And you do not need to fear being held liable for your users actions.

[Edit] Meant to say, that since this change of law we do not have a lot of open WIFI-Spots anymore.

noselasd12y ago

They could still track you though. You'll need a sim card, and you'll need to attach to the network - which means the carrier can track your location.

epaga12y ago

No mention of the thing being completely open sourced - or did I overlook something? If not, seems like something they should mention (I am assuming it IS open source?)...

elwell12y ago

Good point.

wavesounds12y ago

Anyone thinking of making a video to sell a privacy product to mass consumers should probably stay away from creepy music and women walking around in all black hoods. Instead go for soccer moms buying stuff with her credit card or librarians doing research for a school kid. Let's not make secure/private communications something weird and creepy but something normal that everyone does.

thecoffman12y ago

A site peddling a product that is supposedly about user control and privacy that won't even load without javascript...

The irony is almost too much.

Mikeb8512y ago

Why? Check out the page source, everything is un-obfuscated, there for you to see.

yetfeo12y ago

Mozilla could take great strides towards this type of phone if they cared. Integrate tor, Whisper Systems RedPhone and SercureText, HTML tracking disabled, etc. I'm surprised their Firefox OS looks and works so much like every other phone out there.

andor12y ago

Mozilla would have an awful lot of security work to do. If you check the CVEs for Firefox, there was, on average, a remote code execution vulnerability each week in the last 3 months.

http://web.nvd.nist.gov/view/vuln/search-results?query=firef...

yetfeo12y ago

They have to do that work anyway due to Firefox OS.

sifarat12y ago

I would hate to say this, but people here and there, are cashing in NSA fiasco. I would have loved it more, if this was more focused on 'features' than playing with people's emotions. this is valid for everything currently cashing-in NSA issue.

As for, NSA spying how exactly can this phone ensure 100% secrecy. Given a user would have to use the same apps, and above all, the carrier that other smartphone users use.

Point is, US Govt is hellbent on spying on you. And they will no matter what. Either change the US Govt, or suck it up. Nothing else is gonna work.

andor12y ago

The only thing missing in the video is Julian Assange as the narrator ;-)

Basically, this seems like a lifestyle device for pseudo-"hacktivists". And I expect people to install WhatsApp and Facebook on it. There was this article a few days ago: "When I was young there were beatniks. Hippies. Punks. Gangsters. Now you're a hacktivist. Which I would probably be if I was 20. Shuttin' down MasterCard. But there's no look to that lifestyle! Besides just wearing a bad outfit with bad posture. Has WikiLeaks caused a look? No! I'm mad about that."

http://online.wsj.com/news/articles/SB1000142405270230463640...

dmix12y ago

So hows that "change the US govt" (or any other world gov) going so far since the leaks?

I called bullshit from the beginning that anything will change politically, and now six months later I'm more certain nothing is going to change at the political level. They've dug in their heels for the long ride.

The only positive developments has been private companies like Google encrypting their data centers and privacy software finally finding an audience. But at the same time, not even the most die-hard cypherpunks think you can achieve 100% secrecy from a dedicated adversary. But that's not the primary goal. Countering mass-surveillance is.

ds912y ago

It's true that you can't have privacy or security in the mass-market apps or in voice or sms over big commercial carriers. However, if a device solved the problems indicated by (username) revelation and following posts on this page, you could then run secure applications - e.g. something with public-key encryption and PFS for the data, and a p2p or tor-style network to obscure the metadata.

It still wouldn't be perfect, but would succeed in many scenarios and would greatly increase adversary costs.

frabcus12y ago

The NSA is only one fear - there are other actors you'd expect to be doing similar things. e.g. Chinese, mafia.

Using things like Blackphone can potentially increase the cost of anyone doing this kind of spying, to vastly reduce who will do it for what reasons.

This talk by Dymaxion is good on economics and usability of this stuff: http://dymaxion.org/talks/EaPitLW.html

avighnay12y ago

Geeksphone is doing pretty impressive for a startup that they were launch partners for Firefox OS and now have roped in PGP founders for this project.

Were they successful in delivering on the Firefox phones?, Their website always says 'out of stock'. Blackphone seems to be ambitious too. Is it possible for a startup to sail these two boats?

Also I find it odd that the PR is always just before the Mobile World Congress (MWC) which happens in Spain, last year with Firefox OS and this year with Blackphone

runjake12y ago

I like Mike Janke and all, he's a nice guy. But, he has backed out of RSAC '14 yet [1]? I find it a tough sell to call yourself a privacy advocate and legitimize and fund RSA by speaking at their conference. It also doesn't help Blackphone's cause.

1. http://www.rsaconference.com/speakers/mike-janke

pieter_mj12y ago

True privacy on a smartphone can only be expected when software and hardware are 100% open sourced. This of course includes the source code for the 3 Os's that typically run on a smartphone. Anything that's running server-side cannot be trusted either. So we need client-side encryption/decryption as well.

sdfjkl12y ago

To even have the theoretical possibility of "privacy & security", both software and hardware must be fully open. And then there must be some way to check that the hardware and software you got in that box is actually the hardware from the spec, without extra chips. Those are pretty hard to accomplish.

whizzkid12y ago

With all the respect what they have done so far, I can't see any reason why this is securer than the other mobile phones..

With the latest NSA stuff, I came to conclusion that a true secure system can only be built under these conditions and just to put it out there, this is just my opinion;

- A computer company that manufactures their own hardware such as hard drive, ram, cables, network cards.

- An OS that is newly written and not based on any other existing operating systems.

- Building the whole system with INDEPENDENT hardware and software mentioned above.

- Keeping the mobile device's source code offline from Internet as much as possible

These are just the first steps on developing a secure system, then comes the mobile network architecture and encryption etc.

I admit, it is not an easy job but, trying to develop a secure system with "not secure" development tools is not the right way to go :)

giergirey12y ago

You're probably right about what's involved in building a truly secure smartphone from scratch that we can trust.

It's an interesting thought experiment, but I wonder if we can satisfy many use cases without having to build a truly secure smartphone.

For example, if I just want to have voice calls to a handful of people with the content of the calls encrypted, then perhaps I can just plug in a "scrambler box" between my untrusted off-the-shelf phone and my audio headset?

So rather than designing a secure phone where we trust the wifi stack, the baseband stack, the bluetooth stack, the graphics stack, the USB stack, the flash storage stack because we've designed them from scratch, all we have to design is a little scrambler box that just has audio in, audio out, some mechanism for key generation and exchange, and only needs a laughably modest CPU to do the encryption.

Don't really need an OS at all - single process and static memory allocation should suffice.

The audio encoding/decoding and encryption/decryption don't sound too hard to implement from scratch. It's the interoperability with the rest of the world and the UI that makes implementing a whole smartphone so hard.

[I do wonder though how well our scrambled audio will make it through the phone network which is applying lots of clever compression designed for speech.]

If we assume we can mostly trust hardware designs that are at least 30 years old then we can probably avoid designing all the hardware from scratch - e.g. there's probably some sort of Z80 clone CPU we can copy.

The mechanism for key generation and management sounds a bit tricky though. The user would need some way to add his contacts' keys to his scrambler box.

A keyboard and LCD display to type keys in by hand would be secure but impractical for long keys.

The level of tech needed to read a key file from a FAT filing system on a USB stick might be too high to be easily implemented securely. Any ideas?

I'm aware of the famous "trusting trust" paper, but I'm not sure we need to worry too much about the compiler used to build the software running on our scrambler box. All we need to do is choose a compiler released before we started out project and never upgrade it. It is hard to imagine a compiler backdoor that would automatically recognize that the intent of our code is to encrypt data and undetectably comprise it (though it would be wise I guess to avoid any existing implementations of cryptographic primitives).

Sounds like a hardware kickstarter project :)

whizzkid12y ago

"Sounds like a hardware kickstarter project :)" Exactly!!!

We may as well try it out! The concern will be the goal of the project...

What will be the output ?

Will it be just an experiment or business based project?

Never the less, it is exciting to see that a unique device can be made actually!

I would love to see how secure it would be at the end!

1 more reply

cyphunk12y ago

Will the browser be OSS? Will the mail app? Message app? Maps app? If the essential apps that constitute a "smart phone" are not open source, at least the defaults, it's really irrelevant.

Not to mention that none of the providers have the code to the baseband.

I could imagine a phone that treats the baseband as an untrusted entity and encapsulates everything running over it. This would require forcing SSL for all HTTP traffic, and using some standard for SMS and Voice encryption that is on by default when the recipient on the other end also has a supported device. For those that do not you're unencrypted SMS would be exposed at many hops even if they smartphone were full OSS and trusted, even to the baseband level. So silo'ing everything where possible is a valid solution with closed basebands.

djyaz120012y ago

Will someone please tell them to remove the clips in their video of testing a white phone in the interest of brand consistency? Also this idea seems like a solid game plan for Blackberry? They could rename their company "Black" ala P-Diddy v just Diddy. :)

tn1312y ago

How difficult is it really to make a truly open source phone ? All it takes is one dedicated hardware company and a software company coming together.

Hackers have built some amazing hardware in past and we all know about how open source communities have built some of worlds best software. Google, Apple etc. are building devices where they act as gatekeepers and charge us for all nonsensical stuff. If you make a website there are a gazillion ways to promote it but there is only one way to promote and app. Pay some advertiser and you are totally at mercy of Google or Apple.

Firefox has been doing the right thing so far but they seem to take too much time.

digitalengineer12y ago

The baseband or "The secret second operating system that could make every mobile phone insecure". It's used by all phones and it's unsecure. Do they rely on the same baseband? Source: http://www.extremetech.com/computing/170874-the-secret-secon...

zphds12y ago

Openmoko did that before Android. Sadly, it had a very lukewarm response owing to a not-so-good hardware.

josefresco12y ago

If I desire privacy would I buy a Blackphone, or would I buy another more common smartphone which I would then secure?

If you're "picked up" or detained and you have a Blackphone, or someone observes you using your Blackphone I doubt very much it would help your pricacy concerns.

If however you have a seemingly normal phone it might be overlooked and simply using it wouldn't raise suspicion.

My point is that this type of phone is more for the "regular" person who simply doesn't want to be monitored (as much) and not covert agents looking for a secure phone/platform for communication.

fmax3012y ago

This maybe a bit off topic but, why did Switzerland get the .ch domain instead of china. China seems to have a lousy CN domain ,( which reminds me of cartoon network for reasons that are irrelevant here).

dan123412y ago

CH is Switzerland's ISO-3166 code. The full country name is Swiss Confederation (which is Confoederatio Helvetica in latin).

chevreuil12y ago

I think it stands for "Confederatio Helvetica", and is the official abbreviations (eg : on licence plates)

skrause12y ago

It has been like that before internet domains: http://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

na8512y ago

Same reason the abbreviation for the Swiss Franc is CHF.

bosch12y ago

Does any one else find it odd a privacy centric phone's website won't load without scripts, cookies, etc? I would think they would have a text only version if items failed to load properly...

tinalumfoil12y ago

Does anyone else see this as ridiculous attempt to profit off the NSA leaks. The video is about scaring people into believing their being "enslaved" and are coming out with a device that has "never before before created" that is aimed at "for privacy-minded, security-minded people". It's filled with unrelated words like "neutrality", "all walks of life", "innovative thinkers" to make it seem legit.

There is no mention of the methods used by the phone to ensure privacy.

andyjohnson012y ago

I know they are pre-launch and this is just a landing page, but it doesn't tell us much. Questions:

1. Is this just a stock phone with some privacy-orientated applications built-in, or is the OS and hardware contributing anything?

2. They seem to be using Android. AOSP or Cyanogenmod? Have they any work themselves to harden the OS? Are they using virtualisation?

3. Any closed binary blobs in there? What about the baseband firmware? (Does open source baseband firmware even exist?)

4. Whats the hardware like? Is it hardened in any way?

BuildTheRobots12y ago

Love the idea of a GSM handset that believes in protecting my privacy, however all their features seem to revolve around a secured Android OS.

Does anyone know if the actual baseband/wireless side has been designed with security in mind? -for example I'd love to be warned when I'm connected to an A5/0 "encrypted" GSM network, but I haven't been able to find a handset build in the last decade that's willing to warn me.

digitalengineer12y ago

"and anonymize your activity through a VPN."

iOS and Android support VPN but it needs to be manually activated each time, making it rather useless unless you're using some public wifi. If I understand correctly there is a possibility for large companies to integrate VPN but for the average guy it's rather useless if you have to activate it. If this phone has VPN really integrated that'd be great.

mike-cardwell12y ago

I understood that this had been fixed in Android a while back so it would start up automatically? Personally, I'm still on 2.3 which requires a manual startup...

ToastyMallows12y ago

If you could tell me how to do it that would be great. I'm still stuck turning it on all the time. Auto-on would be awesome.

ilovecookies12y ago

Isn't the problem more connected to the hardware and the fact that most people are already willingly using tons of applications who are giving information about you to companies like google (maps) twitter, facebook etc. If you install the apps with consent on your phone, and those apps have access to the linux or ios kernel runtime and syslogs then you're basically fucked from start.

aagha12y ago

It's interesting that all the work being done on this "secure" phone is being done on non-secure hardware and networks. Presumably if interested parties think this is a threat, they can access all comms/data about this new phone, inject themselves where they see fit and compromise the final product.

Oh, and never mind compromising the people involved.

unicornporn12y ago

No Play store in this I hope. I'm currently running Cyanogenmod without Gapps and I'm wondering what this will offer me.

bybjorn12y ago

Looks like there will be several players in this market - an alternative is Indie Phone; http://indiephone.eu .. If it ever ships it should be a better alternative privacy-wise as they are building everything from the ground up (their own OS instead of relying on Android, etc.)

rch12y ago

This is not the 'first' phone to do these things. I had an idea along these lines in 2003, and some searching turned up a German company that was already doing it. Somebody bought them a couple of years later, and I don't know what happened to the phone. This sure isn't the 'first' though.

JoelJacobson12y ago

Would it be possible to do the encryption outside of a normal phone, via some AD/DA converted plugged into the standard 3.5mm-headphone minijack?

I started a thread to discuss this idea:

https://news.ycombinator.com/item?id=7066792

andyjohnson012y ago

Renowned cryptographer believes his 'Blackphone' can stop the NSA

http://www.theverge.com/2014/1/15/5310710/phil-zimmermann-si...

rbanffy12y ago

Unless it's possible to power down the communications processor, install fully open source software on it (from the boot and up), and disconnect it from any antennas, I don't trust it at all.

dblotsky12y ago

"You can make and receive secure phone calls; exchange secure texts; exchange and store secure files; have secure video chat; browse privately; and anonymize your activity through a VPN."

People. It's really secure, private, and anonymous, ok?

oh_sigh12y ago

I get the feeling this phone was designed by a marketing group, and not competent engineers. Unless they completely design every chip in the phone, including the SIM and wireless chipsets, the device will never achieve their stated goals.

blackphace12y ago

Their trailer seems a little too "inspired" by this First ELSE promo video from 2009: https://www.youtube.com/watch?v=ZHghZnOH8dA

a_rahmanshah12y ago

Exactly! I thought this whole black thing was some kind of spoof.

linux_devil12y ago

One should be concerned about privacy and digital footprints , but more or less it depends on how many people are looking forward to adapt this concept. People still use Gmail and facebook .

sgarrity12y ago

They should probably work on the mixed-content SSL warnings on their own website. It's obviously not related to the security of the phones, but it doesn't instill much confidence.

arj12y ago

Unless they have some really special hardware in this, I don't see how its that much different than running cyanogenmod + secure applications on top, such as textsecure.

r0h1n12y ago

>> "Enabling revolutionary communications"?

Eh? Wouldn't "Enabling secure/private communications" be a better, albeit less grand, descriptor?

derefr12y ago

Presumably they mean that literally: enabling the type of communications you need during a political revolution.

blueskin_12y ago

Please not another long scrolling page without any real info... shame, I might have wanted one if they had provided any specs or technical details at all...

MWil12y ago

I thought it was funny, considering the top comments, that if I cntrl+F for "zimmerman" it takes me all the way to halfway down the page

lispm12y ago

I stopped watching the video at 'Android'.

pessimizer12y ago

How usable is Android without a continual involvement with Google? If you have to be involved with Google, there's no point.

dandare12y ago

I am not getting it, how do you prevent the carrier from knowing where you are if you sign up to it with your number?

elwell12y ago

While I see the reasoning, the name "Blackphone" just has too much of a racist connotation in America.

higherpurpose12y ago

Since NSA/FBI can reroute shipping boxes and install malware in them - do they have any plans against that?

psykovsky12y ago

Tamper evident holograms above each and every screw?

huhtenberg12y ago

For a project concerned with privacy and anonymity the news subscription form is asking way too much.

Also, why is domain on .ch ?

jey12y ago

I think it's just a (clever) part of their branding; Switzerland has long had an explicit policy of neutrality.

Not a super-reputable source, but succinct: http://www.wisegeek.org/why-is-switzerland-regarded-as-a-neu...

Official Swiss propaganda, but has more info: http://www.vbs.admin.ch/internet/vbs/en/home/documentation/p...

rodh12y ago

There's also a strong branding presence of Swiss products in UAE and China (including some brands you'd never hear of in Switzerland itself), there seems to be a very strong association of "Swiss Made" with luxury product. I've even seen opticians advertising "Swiss Glass"(?) in Hong Kong. Thinking back to a talk by the founder of Virtu, I wouldn't be surprised if the middle and far east are key markets for this type of product.

mweibel12y ago

I wondered that as well, could entirely just clever branding because of neutrality.

They state in the video: "Blackphone is a Swiss joint venture between Silent Circle and Geeksphone"...

Still doesn't reveal much, as both companies in this joint venture aren't swiss and in the swiss company register I couldn't find an entry for them.

RegW12y ago

"The company itself will be based in Switzerland due to that country's strict privacy rules."

http://www.theregister.co.uk/2014/01/15/encrypted_blackphone...

troels12y ago

I believe the company is Swiss.

huhtenberg12y ago

Doesn't seem to be.

  Domain name:
  blackphone.ch

  Holder of domain name:
  Geeksphone S.L.
  Geeksphone Rodrigo S
  calle Manuel Silvela 1
  ES-28010 Madrid
  Spain

It's just very curious that they feel like they need to pass for a Swiss company.

1 more reply

heldrida12y ago

The phone image is missing. Check "images/teaser_site/img03.jpg", css #phone style.css line 396

Thanks

viseztrance12y ago

I would personally be interested if they would provide security updates over a long period of time.

naithemilkman12y ago

Isn't this kinda moot if you're using any services that is domiciled in the States?

pekk12y ago

remember: as long as you are outside the US, you are safe from espionage

pattle12y ago

The website doesn't really tell me anything about the phone.

muyuu12y ago

I loved it when they asked for my full name to keep me informed.

sidcool12y ago

Is it an Android phone?

drjacobs12y ago

Ouch, don't try this one on a slow connection.

junto12y ago

> Use the apps you know and love.

Ok, so how do they stop Facebook et al from abusing our contact lists and location data as they do on existing smart phones?

skuunk112y ago

Too bad they couldn't get the url blackphone.sh

;)

n00812y ago

Just get an old Nokia feature phone

andyl12y ago

I think the Blackphone is a fantastic reaction to the problem of corporate and government spying. It will build awareness of privacy issues, and pave the way for other more secure offerings. A great first step.

blahbl4hblahtoo12y ago

Personally, if I were really worried about privacy I would use burners or get a lineman's handset. It seems like a smart device that you use all the time is going to have the same problems.

So, yeah you can encrypt the voice channel. That's great. You can send encrypted text messages. The people involved are serious cryptographers. All of it sounds good.

You have to ask your self though, what is it you are trying to do? Who is your adversary? Other people here have mentioned it, but what about apps on the phone? Facebook is still Facebook.

jlebrech12y ago

nowhere near as secure as a burner phone purchased in cash.

caiob12y ago

Funny how there's a twitter link at the bottom.

Jokes aside, I think it's a great initiative, looking forward to see what comes out of it.

hekker12y ago

It would be nice to order Chinese food anonymously with this phone. Looking forward to the release!

j / k navigate · click thread line to collapse

204 comments

revelation12y ago