The privacy issue in smartphones isn't the freaking application processor running Android. Sure, that ones terrible enough.
But the actual problem is the baseband processor running completely non-free software, with an enormous attack surface and access to all the interesting periphery (GPS, microphone). There is not just opportunity to compromise your privacy, Qualcomm and others actively implement such features at the behest of governments and carriers.
Oh, and if you plug that enormous hole, you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS):
Carriers can do this today. (edit: that's a bit nonsensical, because carriers of course already know your cell id. Anyone with the ability to run a fake basestation momentarily (think IMSI catcher) can do this.)
Absolutely correct. This is why such a device should isolate the hardware components used for communication from the main CPU/device, consider the former "hostile" and communicate with them using a simple, safe interface (like USB or serial). Using a throwaway external 3G/LTE adapter (USB) would be even better. This way, a compromised baseband processor or SIM card cannot access the host's memory (using DMA like in current smartphones) and as long as the host uses secure encryption, it can still communicate securely (but of course the device will be detected and identified).
The solution is for your phone to not be a phone. Strip out the baseband entirely, use usb or wifi to a 4G LTE dongle, do VoIP. Extra benefit that you can explicitly know when you're radiating (and thus being location-tracked).
Blackphone is pretty lame, IMO. There's something better coming from a trusted source in weeks, and plenty of work being done on the "there is no phone" phone concept.
Hmm, I'd say the real privacy issue is the user who installs and runs all those Facebook, Twitter, LinkedIn, etc. apps and freely shares his private information with everyone.
You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.
> But the actual problem is the baseband processor running completely non-free software
True, and once that one will be made open-source too, there's still the NSA tracking mobile phones worldwide and generating all kinds of privacy-invading data based on it:
by looking at the video I know some of the people in Spain who are involved. They are in Bilbao. We did a consulting project with them in 2009. They are more in the creative educational industry.
I am not sure about the technology, however from look of the video I can say it is mostly aim at non-technology experts, with nice fancy design.
Can I ask what kind of people do we need to design all the chips hardware such as baseband processor, using open source design?
I totally agree that adding privacy features to what is essentially a tracking device isn't addressing the right issues. Why not start out with simply a free, private laptop? Something that uses Coreboot and doesn't require any firmware driver blobs. This is something that so far, only one Chinese company has been able to do, albeit producing only a rather underpowered model [1]. Where are the private laptops that rival the Macbook Pro?
Completely useless web page. All wooly 'feel-good' words and no hard, concrete information. So I guess we just have to take it on trust then?
Also, their privacy policy is laughable:
We turn the logging level on our systems to log only protocol-related errors - great!
the pages on our main web site pull in javascript files from a third party. This allows our web developers and salespeople to know which pages are being looked at - so instead of keeping your own logs, you are outsourcing this to a 3rd party with worse privacy policies, and who can now aggregate your website usage with other sites.
Why didn't they just keep logging on and get rid of the 3rd party bugs?
This web page is clearly marketing page not technology information page. They simply try to gather information if there is interest/demand for something like this. LEAN startup :-)
Expecting people to write their own metrics stack for a promo site is a bit OTT - there are a lot of good analytics stacks out there which let you get up and running very quickly, complete with dashboards, metrics, etc.
I'd really like a phone that had the following features:
* physical switches for GPS, WIFI, Radio, Camera, Mic, write/read access to disk (go diskless),
* a secondary low power eInk display that is wired directly into the hardware that shows when the last time GPS, mic, camera were turned on (and for how long) and how much data has been sent over the radio and read from disk,
* a FS which encrypts certain files with a key that is stored remotely. If your phone is stolen you can delete this remote key. The key is changed on every decrypt. You also get a remote log of all times this remote key was accessed.
* hardware support for read-only, write-only files,
* hardware support for real secure delete on the SSD,
* the ability to change all my HW identifiers at will (IMEI, SIM, etc),
* a log, stored on a separate SD card, of all data sent and received using a HW tap on the radio/WIFI. The log should be encrypted such that only someone with the private key can read it (public key used to encrypt an AES session key which is rotated out every 5 minutes). If you think someone has compromised your phone you can audit this log for both exploitation and data exfiltration. Since the log is implemented in HW, no rootkit can alter it.
Well, this is just a splash page and says very little.
It's in partnerships with http://www.geeksphone.com/ which is FirefoxOS based. But yet the Blackphone splash has an image of a phone with Android buttons.
They claim no hooks to vendors, so if it's Android I can't imagine this is going to carry the Play store.
I'd be interested in knowing how they will secure and make private the core functionality of being a phone and sending email and text, all of which are insecure.
On that, I'd speculate that this is just pre-loaded with Silent Circle apps, and maybe will be announced as having DarkMail and a choice of RedPhone.
But... there's no info at all really, so who knows what this is.
The only problem they really have to solve is the eternal question of: Is it possible to provide real security and privacy whilst providing convenience?
As others have pointed out, the baseband is not your friend. Was thinking about this recently, and saw no reason why existing POCSAG (pager) networks couldn't be reused to provide a completely passive receiver. Imagine a phone where the baseband was off by default, unless attempting to make a call. Voicemail/e-mail summaries were broadcast encrypted via POCSAG, and generate notifications just like a new mail summary coming in via GPRS/3G would.
Obviously usability would suffer a little bit (mostly in huge latency when you actually wanted to make a call), but seems like very cheap phone could be built that integrated a pager, allowing complete disconnection from the 'active' radio network, avoiding location tracking by your cell provider, or similar evil tricks by third parties.
I'd imagine the POCSAG network would be quite overloaded, quite quickly. It doesn't have a lot of bandwidth, and unless the network knows where you are, messages destined to you would have to be broadcast everywhere.
+1, the phone won't really be private if they won't deploy a new baseband chip that allows for this privacy (and is open-source, so that we could check it).
I agree with the fact that the website is still a little bit unspecific but this project is backed by Phil Zimmermann, he was the creator of PGP, it doesn't guarantee anything but it definitely means some smart people who are worried about privacy are behind it.
Not even remotely granular. Install XPrivacy[1] (which is still not granular enough for me, as it lacks filtering over function arguments) and see that categories are very broad.
Not really, iOS permissions are more granular sometimes - iOS will ask you before an app accesses your phonebook, and you can deny the access. You can't do that with Android.
I'm sure there's logic there - powering a very basic non-informative landing site with a WP installation that you took the time to customize, but not delete the default post and comment from...
But it certainly doesn't give me warm fuzzy feelings about the people behind this.
I don't really feel like a slave, maybe I am under reacting here. I am pissed the NSA is collecting data, I am upset at all the recent revelations we have had about data privacy in the last 6-8 months, but I certainly don't feel like a slave.
These products should be advertised on theblaze and infowares.
Sure there is a need for better privacy, but I don't really care for the fearmongering...
I'm weird enough to be interested in these kind of things, but the whole site is really .. just fluff. Ignoring that and focusing on the sparse details of the actual thing:
- High-End Android device
- Privacy features in the (custom) Android version
- "Secure communication builtin"
Again, I like the idea. But so far the details match CyanogenMod (with TextSecure for SMS, maybe XPrivacy on top)?
How does this protect me from my carrier? No matter which phone I use they still need to record who I call for "billing purposes" and know which cell is closest to route my calls.
No mention of the thing being completely open sourced - or did I overlook something? If not, seems like something they should mention (I am assuming it IS open source?)...
Anyone thinking of making a video to sell a privacy product to mass consumers should probably stay away from creepy music and women walking around in all black hoods. Instead go for soccer moms buying stuff with her credit card or librarians doing research for a school kid. Let's not make secure/private communications something weird and creepy but something normal that everyone does.
Mozilla could take great strides towards this type of phone if they cared. Integrate tor, Whisper Systems RedPhone and SercureText, HTML tracking disabled, etc. I'm surprised their Firefox OS looks and works so much like every other phone out there.
Mozilla would have an awful lot of security work to do. If you check the CVEs for Firefox, there was, on average, a remote code execution vulnerability each week in the last 3 months.
I would hate to say this, but people here and there, are cashing in NSA fiasco. I would have loved it more, if this was more focused on 'features' than playing with people's emotions. this is valid for everything currently cashing-in NSA issue.
As for, NSA spying how exactly can this phone ensure 100% secrecy. Given a user would have to use the same apps, and above all, the carrier that other smartphone users use.
Point is, US Govt is hellbent on spying on you. And they will no matter what. Either change the US Govt, or suck it up. Nothing else is gonna work.
The only thing missing in the video is Julian Assange as the narrator ;-)
Basically, this seems like a lifestyle device for pseudo-"hacktivists". And I expect people to install WhatsApp and Facebook on it. There was this article a few days ago: "When I was young there were beatniks. Hippies. Punks. Gangsters. Now you're a hacktivist. Which I would probably be if I was 20. Shuttin' down MasterCard. But there's no look to that lifestyle! Besides just wearing a bad outfit with bad posture. Has WikiLeaks caused a look? No! I'm mad about that."
So hows that "change the US govt" (or any other world gov) going so far since the leaks?
I called bullshit from the beginning that anything will change politically, and now six months later I'm more certain nothing is going to change at the political level. They've dug in their heels for the long ride.
The only positive developments has been private companies like Google encrypting their data centers and privacy software finally finding an audience. But at the same time, not even the most die-hard cypherpunks think you can achieve 100% secrecy from a dedicated adversary. But that's not the primary goal. Countering mass-surveillance is.
It's true that you can't have privacy or security in the mass-market apps or in voice or sms over big commercial carriers. However, if a device solved the problems indicated by (username) revelation and following posts on this page, you could then run secure applications - e.g. something with public-key encryption and PFS for the data, and a p2p or tor-style network to obscure the metadata.
It still wouldn't be perfect, but would succeed in many scenarios and would greatly increase adversary costs.
Geeksphone is doing pretty impressive for a startup that they were launch partners for Firefox OS and now have roped in PGP founders for this project.
Were they successful in delivering on the Firefox phones?, Their website always says 'out of stock'. Blackphone seems to be ambitious too. Is it possible for a startup to sail these two boats?
Also I find it odd that the PR is always just before the Mobile World Congress (MWC) which happens in Spain, last year with Firefox OS and this year with Blackphone
I like Mike Janke and all, he's a nice guy. But, he has backed out of RSAC '14 yet [1]? I find it a tough sell to call yourself a privacy advocate and legitimize and fund RSA by speaking at their conference. It also doesn't help Blackphone's cause.
True privacy on a smartphone can only be expected when software and hardware are 100% open sourced. This of course includes the source code for the 3 Os's that typically run on a smartphone.
Anything that's running server-side cannot be trusted either. So we need client-side encryption/decryption as well.
[+] [-] revelation|12 years ago|reply
But the actual problem is the baseband processor running completely non-free software, with an enormous attack surface and access to all the interesting periphery (GPS, microphone). There is not just opportunity to compromise your privacy, Qualcomm and others actively implement such features at the behest of governments and carriers.
Oh, and if you plug that enormous hole, you get to the SIM card, yet another processor that you have zero control over, but which has access to enough juicy data to compromise your privacy. I highly recommend everyone to watch a talk from 30C3 by Karsten Nohl, where he shows a live attack on an improperly configured SIM card that remotely implants a Java app on the SIM card which continuously sends your cell ID (your approximate location) to the attacker by short message (without notification to the application processor, e.g. Android or iOS):
http://www.youtube.com/watch?v=5B7XyVWgoxg
Carriers can do this today. (edit: that's a bit nonsensical, because carriers of course already know your cell id. Anyone with the ability to run a fake basestation momentarily (think IMSI catcher) can do this.)
[+] [-] lazyjones|12 years ago|reply
[+] [-] rdl|12 years ago|reply
Blackphone is pretty lame, IMO. There's something better coming from a trusted source in weeks, and plenty of work being done on the "there is no phone" phone concept.
[+] [-] kybernetyk|12 years ago|reply
You can't really prevent that with technology unless you start to educate kids/users better. But who am I kidding? People will forfeit their private data for shiny stuff as long as there will be shiny stuff and private data.
[+] [-] na85|12 years ago|reply
[+] [-] f_salmon|12 years ago|reply
True, and once that one will be made open-source too, there's still the NSA tracking mobile phones worldwide and generating all kinds of privacy-invading data based on it:
http://www.washingtonpost.com/world/national-security/nsa-tr...
(And until that is resolved, my mobile phone will stay in flight mode only.)
So once again, while tech may help in the short term, long-term solutions will have to be structural/systemic ones regarding government in general.
[+] [-] treenyc|12 years ago|reply
I am not sure about the technology, however from look of the video I can say it is mostly aim at non-technology experts, with nice fancy design.
Can I ask what kind of people do we need to design all the chips hardware such as baseband processor, using open source design?
And what are HN opinion on Silent Circle?
[+] [-] reedlaw|12 years ago|reply
1. https://en.wikipedia.org/wiki/Lemote#Netbook_computers
[+] [-] joosters|12 years ago|reply
Also, their privacy policy is laughable:
We turn the logging level on our systems to log only protocol-related errors - great!
the pages on our main web site pull in javascript files from a third party. This allows our web developers and salespeople to know which pages are being looked at - so instead of keeping your own logs, you are outsourcing this to a 3rd party with worse privacy policies, and who can now aggregate your website usage with other sites.
Why didn't they just keep logging on and get rid of the 3rd party bugs?
[+] [-] tomp|12 years ago|reply
[+] [-] daliusd|12 years ago|reply
[+] [-] panacea|12 years ago|reply
How is it re-shaping anything before it's started shipping?
[+] [-] Torn|12 years ago|reply
[+] [-] EthanHeilman|12 years ago|reply
* physical switches for GPS, WIFI, Radio, Camera, Mic, write/read access to disk (go diskless),
* a secondary low power eInk display that is wired directly into the hardware that shows when the last time GPS, mic, camera were turned on (and for how long) and how much data has been sent over the radio and read from disk,
* a FS which encrypts certain files with a key that is stored remotely. If your phone is stolen you can delete this remote key. The key is changed on every decrypt. You also get a remote log of all times this remote key was accessed.
* hardware support for read-only, write-only files,
* hardware support for real secure delete on the SSD,
* the ability to change all my HW identifiers at will (IMEI, SIM, etc),
* a log, stored on a separate SD card, of all data sent and received using a HW tap on the radio/WIFI. The log should be encrypted such that only someone with the private key can read it (public key used to encrypt an AES session key which is rotated out every 5 minutes). If you think someone has compromised your phone you can audit this log for both exploitation and data exfiltration. Since the log is implemented in HW, no rootkit can alter it.
[+] [-] buro9|12 years ago|reply
It's in partnerships with http://www.geeksphone.com/ which is FirefoxOS based. But yet the Blackphone splash has an image of a phone with Android buttons.
They claim no hooks to vendors, so if it's Android I can't imagine this is going to carry the Play store.
I'd be interested in knowing how they will secure and make private the core functionality of being a phone and sending email and text, all of which are insecure.
On that, I'd speculate that this is just pre-loaded with Silent Circle apps, and maybe will be announced as having DarkMail and a choice of RedPhone.
But... there's no info at all really, so who knows what this is.
The only problem they really have to solve is the eternal question of: Is it possible to provide real security and privacy whilst providing convenience?
[+] [-] infinite_snoop|12 years ago|reply
[+] [-] higherpurpose|12 years ago|reply
http://eprint.iacr.org/2014/036.pdf
Email? They've announced the DarkMail protocol last year, and should be coming soon:
http://darkmail.info/
https://www.youtube.com/watch?v=IgV_Z6V_llk
[+] [-] girvo|12 years ago|reply
[+] [-] _wmd|12 years ago|reply
Obviously usability would suffer a little bit (mostly in huge latency when you actually wanted to make a call), but seems like very cheap phone could be built that integrated a pager, allowing complete disconnection from the 'active' radio network, avoiding location tracking by your cell provider, or similar evil tricks by third parties.
[+] [-] this_user|12 years ago|reply
Except if everyone started using a phone like that, you wouldn't be able to call anyone.
[+] [-] noselasd|12 years ago|reply
[+] [-] joncp|12 years ago|reply
[+] [-] tombrossman|12 years ago|reply
[+] [-] TeMPOraL|12 years ago|reply
[+] [-] Trufa|12 years ago|reply
[+] [-] apunic|12 years ago|reply
The biggest security hole next to the baseband processor and the SIM is the user who installs every app in seconds without checking permissions.
[+] [-] drdaeman|12 years ago|reply
[1]: https://github.com/M66B/XPrivacy#xprivacy
[+] [-] tomp|12 years ago|reply
[+] [-] GrinningFool|12 years ago|reply
I'm sure there's logic there - powering a very basic non-informative landing site with a WP installation that you took the time to customize, but not delete the default post and comment from...
But it certainly doesn't give me warm fuzzy feelings about the people behind this.
[+] [-] Duhck|12 years ago|reply
These products should be advertised on theblaze and infowares.
Sure there is a need for better privacy, but I don't really care for the fearmongering...
[+] [-] darklajid|12 years ago|reply
- High-End Android device
- Privacy features in the (custom) Android version
- "Secure communication builtin"
Again, I like the idea. But so far the details match CyanogenMod (with TextSecure for SMS, maybe XPrivacy on top)?
[+] [-] soci|12 years ago|reply
One of the big drawbacks when I first started my nexus5 was that I was being spyed. Why the hell do I need a gmail account to get started?!
I wonder if it would be possible to install this Android flavour in a Nexus device ?
[+] [-] c1sc0|12 years ago|reply
[+] [-] deno|12 years ago|reply
2) Access Internet (and VOIP) only via VPN or better yet TOR.
3) Only give out your VOIP number. No one must know your direct number, it’s only for emergencies.
This severs all the important connections to make any use of that data, assuming you don’t have any leaks.
[+] [-] msh|12 years ago|reply
[+] [-] epaga|12 years ago|reply
[+] [-] elwell|12 years ago|reply
[+] [-] wavesounds|12 years ago|reply
[+] [-] thecoffman|12 years ago|reply
The irony is almost too much.
[+] [-] Mikeb85|12 years ago|reply
[+] [-] yetfeo|12 years ago|reply
[+] [-] andor|12 years ago|reply
http://web.nvd.nist.gov/view/vuln/search-results?query=firef...
[+] [-] sifarat|12 years ago|reply
As for, NSA spying how exactly can this phone ensure 100% secrecy. Given a user would have to use the same apps, and above all, the carrier that other smartphone users use.
Point is, US Govt is hellbent on spying on you. And they will no matter what. Either change the US Govt, or suck it up. Nothing else is gonna work.
[+] [-] andor|12 years ago|reply
Basically, this seems like a lifestyle device for pseudo-"hacktivists". And I expect people to install WhatsApp and Facebook on it. There was this article a few days ago: "When I was young there were beatniks. Hippies. Punks. Gangsters. Now you're a hacktivist. Which I would probably be if I was 20. Shuttin' down MasterCard. But there's no look to that lifestyle! Besides just wearing a bad outfit with bad posture. Has WikiLeaks caused a look? No! I'm mad about that."
http://online.wsj.com/news/articles/SB1000142405270230463640...
[+] [-] dmix|12 years ago|reply
I called bullshit from the beginning that anything will change politically, and now six months later I'm more certain nothing is going to change at the political level. They've dug in their heels for the long ride.
The only positive developments has been private companies like Google encrypting their data centers and privacy software finally finding an audience. But at the same time, not even the most die-hard cypherpunks think you can achieve 100% secrecy from a dedicated adversary. But that's not the primary goal. Countering mass-surveillance is.
[+] [-] ds9|12 years ago|reply
It still wouldn't be perfect, but would succeed in many scenarios and would greatly increase adversary costs.
[+] [-] frabcus|12 years ago|reply
Using things like Blackphone can potentially increase the cost of anyone doing this kind of spying, to vastly reduce who will do it for what reasons.
This talk by Dymaxion is good on economics and usability of this stuff: http://dymaxion.org/talks/EaPitLW.html
[+] [-] avighnay|12 years ago|reply
Were they successful in delivering on the Firefox phones?, Their website always says 'out of stock'. Blackphone seems to be ambitious too. Is it possible for a startup to sail these two boats?
Also I find it odd that the PR is always just before the Mobile World Congress (MWC) which happens in Spain, last year with Firefox OS and this year with Blackphone
[+] [-] runjake|12 years ago|reply
1. http://www.rsaconference.com/speakers/mike-janke
[+] [-] pieter_mj|12 years ago|reply