Robin comes with an unlocked SIM, so you can choose the right carrier for you. And because we think what you run should be up to you too, we’ve made it as easy as possible for you to customize Robin. Its unlocked bootloader and open source drivers make it easy to load CyanogenMod or any other ROM you want and Robin will still be under warranty.
I'm not up-to-date on my Android phones, but my impression is that this isn't particularly common. Most of the concerns I see on this thread are complaints about how secure it is to sync one's data on someone else's servers... but doesn't this make it much simpler to hack around with the phone and disable that functionality? (Or perhaps even set up syncing with one's own servers?)
Selling the phone with an unlocked bootloader seems to go against the "Security is critical to us, and we know it is to you too" mentality.
Having an unlocked bootloader opens to the device up to far more security vulnerabilities should it fall into the wrong hands. In some cases attacks can be performed even if the device has full disk encryption[1].
Unlocked phones aren't necessarily uncommon, if you're in the USA all "mobile wireless devices" can be unlocked in some manner[1]. It's nice that they give you an unlocked bootloader out of the box, but most popular Android bootloaders have been community unlocked in some manner. And I assume if you're willing to go to the effort of disabling their entire sync service you're kinda just left with a regular Android phone, and it'll probably be hard to replicate the entire stack nextbit has to sync on your own server.
I got as far as the Security section before I had to comment. They claim they care about data and user security by providing a fingerprint reader, which is known to be a poor method of authentication, as well as integrating with Google 2 Factor Authentication. They also tease about storing your, encrypted of course, on their servers. But what about in transit? What encryption cipher suite is used? How are the keys managed? Can I decrypt my data manually or do I have to use their product? Can I export my keys? Also if I cared about data security and privacy, which I do, the absolute last thing I would do is intentionally place all of my data on third party external servers that I didn't in some way have direct access to, behind a fingerprint reader or Google 2FA. I think for this to be "Next Now" they need to provide more information about something like this, especially since they claim to be concerned about it.
> I think for this to be "Next Now" they need to provide more information about something like this, especially since they claim to be concerned about it.
To be fair, Apple - the self-proclaimed mobile security champion - similarly claims to be concerned about security but does not[1] readily provide all that information (cipher suite, key management). The results after Googling "iPhone cipher suite" all point to non-apple domains.
Dry reading makes poor copy on any landing page, and most consumers will take the manufacturers word for it when they claim to be "secure".
In short, it backs your files and apps to its servers, (like Google Photos, but not only photos), it is the only distinctive feature they have, and I do not think it makes it smarter than others, and honestly don't understand how it gets "smarter every day"
Just guessing: it could download/offload apps smartly by predicting what the user is bound to use at a given time of day (by tracking his usage patterns).
Yeah, and I am not sure if storage space is the biggest problem that needs to be solved. I rarely if ever heard of anyone complaining about it as much as their battery capacity or lack of updates.
Wow... they really shrank the size of a data center!
Of course I know what this actually means: your phone is now an even dumber dumb terminal for accessing the cloud.
I personally gave up when I saw no references at all to encryption, security, or privacy. I assume this thing promiscuously mirrors everything unencrypted (at rest) to someone else's server, or if data is encrypted at rest it's done with someone else's key (server-side "encryption"). That's not only a privacy nightmare but also a security nightmare. What happens if I store a valuable credential, card number, etc. on my phone? Barrels of fun.
For example someone with access to this data could:
find /path-to-cache | grep id_rsa ...
... then see how many machines on the Internet they can ssh into using Android SSH client certificates. Blamo, instant botnet.
I've never ran out of space on a smartphone, and I've never checked how much I'm using. So this phone isn't for me right? I can't see anything else it has going for it...
The clouds in the background are dynamically rendered. They're animating seven images of clouds using CSS transforms, and it doesn't look like they're using CSS animations to do it. If your computer is going into jet engine mode, chances are your browser isn't on speaking terms with your GPU and everything is being rendered on your CPU.
It is disgusting a webpage with that little content makes it that fucking unusable.
Come on people. Pretty designs are meaningless if you can't actually use them. How can I have faith in the claims you make about your phone if your website is this unusable? This exact form-over-function is why I hate the modern web.
I like the design. I would have ordered it if it wasn't a cloud device.
They are solving a non-existent problem which introduces real problems. I don't want to sync data on my mobile data plan. I want to have it on my phone.
I agree, although they do give you a generous 32GB of data. I just wish it was standard for all phones to allow SD cards to be added up to 64GB at the least. My LG G2 doesn't even allow one, I've heard the newer models do at least.
On the security front, they need to clarify one large point: who has the keys to that encrypted data on the server?
It's great that they protect the data in transit and store it encrypted on their servers, but if the data is being encrypted by the server, and can be decrypted by the server, it's not really protected. Unfortunately, doing encryption at the server would allow them to make use of single instance storage and compression, which greatly reduces their data footprint and I'm guessing if the data was protected by the a client-owned key, they would have made mention of that along with their other security specifications since it is a big plus and would easily be a feature worth calling out.
Interesting looking phone. I suspect many will buy it purely because of its unique appearance and the fact that it ships with an unlockable bootloader. But the "cloud syncing killer feature" seems like an incredibly complicated solution to a problem that I've never had (and never known anyone who did). Seems like the very few users that do have chronic space issues could solve it with a $30 microSD card.
I'm curious what else they have in the works that would take advantage of the complicated stack they've built from OS-level customizations on up that might present a more compelling reason to chose this product.
The problem I see with relying on the cloud in mobile settings is that downloading and uploading stuff really eats at your battery quickly. Additionally at least in the US, cellular data plans aren't particularly cheap.
1. is it a full backup like titanium backup or is it adb backup thats not as good.
2. Some apps you can't just uninstall and reinstall without reverifying every time. Google authenticator is an example, that I don't think you can backup at all with adb or theres apps like line, that send you a txt message every time you reinstall even with titanium backup. How would Robin handle that ?
I don't see why they couldn't work with Google Authenticator. The app doesn't necessarily need to be uninstalled. The files for the app just get offloaded to their servers temporarily.
Apparently this site works for other people, but it seems to be pointless to me. All I see is a phone with the date, temperature, tiny text that says "We've freed up 1.8GB by offloading 10 apps and 34 photos", and nothing to click on. Do you have to disable adblock or something?
I love the phone design and i was naturally optimidtic on first reading through the site, but the negative comments on here brought me round to the point that this isn't solving a serious problem. If you want some potential evidence of the challenge they seem to be facing, just look at the number of views their embedded YouTube video got: it's about 9,000 since posting in September. Hardly setting the world alight!
This would be far better as a minor benefit that Google built into Android directly. They did hint at remote virtualized apps a while back (in the context of "try before you buy") but nothing came of it.
This should probably be taken as a huge hint to them (or other manufacturers). I'm surprised nobody has done a phone with an e-ink back (I know there are cases).
I'm not sure anybody cares about what Nextbit has created here. From the comments on HN, I'd suggest they haven't identified the market need.
I wish more phones followed the, somewhat uncommon, droid turbo battery model. The droid turbo 2 has a 3760 mAh battery. On slow days I can 2 to 3 days of internet browsing and reading hackernews without charging (with battery saver mode enabled).
I wish I could play around with some of my performance settings to squeeze even just a little bit more battery savings in.
[+] [-] mhink|10 years ago|reply
> No barriers.
Robin comes with an unlocked SIM, so you can choose the right carrier for you. And because we think what you run should be up to you too, we’ve made it as easy as possible for you to customize Robin. Its unlocked bootloader and open source drivers make it easy to load CyanogenMod or any other ROM you want and Robin will still be under warranty.
I'm not up-to-date on my Android phones, but my impression is that this isn't particularly common. Most of the concerns I see on this thread are complaints about how secure it is to sync one's data on someone else's servers... but doesn't this make it much simpler to hack around with the phone and disable that functionality? (Or perhaps even set up syncing with one's own servers?)
[+] [-] foopod|10 years ago|reply
Having an unlocked bootloader opens to the device up to far more security vulnerabilities should it fall into the wrong hands. In some cases attacks can be performed even if the device has full disk encryption[1].
[1] https://www1.cs.fau.de/frost
[+] [-] whorleater|10 years ago|reply
[1]: https://www.fcc.gov/consumers/guides/cell-phone-unlocking-fa...
[+] [-] larssorenson|10 years ago|reply
[+] [-] sangnoir|10 years ago|reply
To be fair, Apple - the self-proclaimed mobile security champion - similarly claims to be concerned about security but does not[1] readily provide all that information (cipher suite, key management). The results after Googling "iPhone cipher suite" all point to non-apple domains.
Dry reading makes poor copy on any landing page, and most consumers will take the manufacturers word for it when they claim to be "secure".
1. https://www.apple.com/iphone-6s/
[+] [-] CSDude|10 years ago|reply
[+] [-] gramakri|10 years ago|reply
[+] [-] harigov|10 years ago|reply
[+] [-] mickmock|10 years ago|reply
I instantly stopped caring once I read this poetic marketing spiel.
[+] [-] api|10 years ago|reply
Of course I know what this actually means: your phone is now an even dumber dumb terminal for accessing the cloud.
I personally gave up when I saw no references at all to encryption, security, or privacy. I assume this thing promiscuously mirrors everything unencrypted (at rest) to someone else's server, or if data is encrypted at rest it's done with someone else's key (server-side "encryption"). That's not only a privacy nightmare but also a security nightmare. What happens if I store a valuable credential, card number, etc. on my phone? Barrels of fun.
For example someone with access to this data could:
find /path-to-cache | grep id_rsa ...
... then see how many machines on the Internet they can ssh into using Android SSH client certificates. Blamo, instant botnet.
[+] [-] scott_o|10 years ago|reply
I thought they did a good job of giving very "real" answers too, they didn't seem to dodge any topics.
https://www.reddit.com/r/IAmA/comments/3l726c/we_are_nextbit...
[+] [-] kardashev|10 years ago|reply
2. (censored) swearing in marketing materials - Not classy. Or to put it the way nextbit's marketing would understand, F*ck no.
[+] [-] kentosi|10 years ago|reply
[+] [-] mike-cardwell|10 years ago|reply
[+] [-] drewrv|10 years ago|reply
[+] [-] jhanschoo|10 years ago|reply
[+] [-] azeirah|10 years ago|reply
[+] [-] bastawhiz|10 years ago|reply
[+] [-] awalton|10 years ago|reply
Come on people. Pretty designs are meaningless if you can't actually use them. How can I have faith in the claims you make about your phone if your website is this unusable? This exact form-over-function is why I hate the modern web.
More people need to see http://motherfuckingwebsite.com/ and understand.
[+] [-] vortico|10 years ago|reply
[+] [-] ntumlin|10 years ago|reply
[+] [-] pki|10 years ago|reply
[+] [-] cateye|10 years ago|reply
They are solving a non-existent problem which introduces real problems. I don't want to sync data on my mobile data plan. I want to have it on my phone.
[+] [-] giancarlostoro|10 years ago|reply
[+] [-] mdip|10 years ago|reply
It's great that they protect the data in transit and store it encrypted on their servers, but if the data is being encrypted by the server, and can be decrypted by the server, it's not really protected. Unfortunately, doing encryption at the server would allow them to make use of single instance storage and compression, which greatly reduces their data footprint and I'm guessing if the data was protected by the a client-owned key, they would have made mention of that along with their other security specifications since it is a big plus and would easily be a feature worth calling out.
[+] [-] chambo622|10 years ago|reply
I'm curious what else they have in the works that would take advantage of the complicated stack they've built from OS-level customizations on up that might present a more compelling reason to chose this product.
[+] [-] jrowley|10 years ago|reply
[+] [-] angryasian|10 years ago|reply
1. is it a full backup like titanium backup or is it adb backup thats not as good.
2. Some apps you can't just uninstall and reinstall without reverifying every time. Google authenticator is an example, that I don't think you can backup at all with adb or theres apps like line, that send you a txt message every time you reinstall even with titanium backup. How would Robin handle that ?
[+] [-] michaelmior|10 years ago|reply
[+] [-] gregmac|10 years ago|reply
[+] [-] raphman_|10 years ago|reply
[+] [-] nmstoker|10 years ago|reply
This would be far better as a minor benefit that Google built into Android directly. They did hint at remote virtualized apps a while back (in the context of "try before you buy") but nothing came of it.
[+] [-] nanook|10 years ago|reply
[+] [-] pedalpete|10 years ago|reply
I'm not sure anybody cares about what Nextbit has created here. From the comments on HN, I'd suggest they haven't identified the market need.
[+] [-] Grue3|10 years ago|reply
[1] https://www.kickstarter.com/projects/nextbit/robin-the-smart...
[+] [-] weego|10 years ago|reply
Well OK, I guess.
[+] [-] gravypod|10 years ago|reply
I wish I could play around with some of my performance settings to squeeze even just a little bit more battery savings in.
[+] [-] foota|10 years ago|reply
[+] [-] wmeredith|10 years ago|reply