Re: "Blackphone" said to be "a super-secure nsa-proof"
At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
It's been long enough, has anyone acquired one of these and tested it? Ulex
it is being delivered. will let folks know
/bill
PO Box 12317
Marina del Rey, CA 90295
310.322.8102
On 23July2014Wednesday, at 18:11, Ulex Europae
At 05:25 AM 1/17/2014, Jim Bell forwarded:
< http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
It's been long enough, has anyone acquired one of these and tested it?
Ulex
On 23July2014Wednesday, at 18:11, Ulex Europae
wrote: < http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html> It's been long enough, has anyone acquired one of these and tested it?
On Wed, Jul 23, 2014 at 9:21 PM, manning bill
wrote: it is being delivered. will let folks know
http://arstechnica.com/security/2014/06/exclusive-a-review-of-the-blackphone... https://www.schneier.com/blog/archives/2014/06/blackphone.html https://www.blackphone.ch/ https://blog.silentcircle.com/category/blackphone/ https://en.wikipedia.org/wiki/Blackphone Though it's more consumer oriented and the price is lower, blackphone isn't the first to market a crypto phone to the public, these guys have been around for many years... lately doing a GSM+Android combo as well... http://www.cryptophone.de/ And a couple companies claim to be building 'open' hardware phones, I'd call them 'more/mostly' open. I forget their links at the moment :( I see these cute silent* demo screens of one or two word 'verification strings' with this and tech like ZRTP, that's not even close to OPIE strength. I'd rather be able to see and read a full real hash, key import/export, etc. Maybe the option is there, I don't know yet. No doubt because these sorts of companies bury all their real tech docs deep behind glitzy Web3.0 splash, (points finger at blackphone.ch, ahem!) https://source.android.com/ https://guardianproject.info/ https://github.com/SilentCircle https://github.com/WhisperSystems https://lists.mayfirst.org/pipermail/guardian-dev/2014-January/003055.html http://blog.cryptographyengineering.com/search?q=silentcircle I don't much care what they've done with opensource Android and things riding on top of it, since anyone like Guardian can do that as a project. Blackphone does have some Cell, Server, VoIP, etc stacks deployed to complement the phone, that's handy and takes $capital. But what I really want to know is: - What phone make and model is it based on? - About how, if at all, they've managed to open (or claim to certify, reverse engineer, substitute open replacements, or somehow control) the closed Android blobs and/or the closed phone firmware/hardware below that??? That's would be the real progress, and worth buying as an integrated system (I'd definitely buy that progress), but only if it was open in turn. Does Blackphone accept BTC? I was begging for BTC the other day... :) Thanks Bill, we'll need more than a few quality reviews of the security model of the system as a whole. If this phone and company does well, maybe it will use its power to leverage that progress as time goes on, but it only matters if it's open. And for where you need Cell based voice/data connectivity, I'd like to see them offer a GSM hotspot wifi tether so you don't have to trust the cell baseband (now unused, or even physically neutered) on your device (phone/pad/tablet) as much.
On Thu, Jul 24, 2014 at 2:42 AM, grarpamp
really want to know is: - What phone make and model is it based on?
- What hardware changes did they make to it, whether OEM to order, or locally?
- About how, if at all, they've managed to open (or claim to certify, reverse engineer, substitute open replacements, or somehow control) the closed Android blobs and/or the closed phone firmware/hardware below that???
On 7/24/14, Ulex Europae
At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
NSA-proof? Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random? and 2) Reproducibly build all software on the device and upload your build? and 3) the hardware completely isolates the baseband processor and its os (unless there's a deployable FLOSS baseband stack I'm not aware of)? and that's just for starters.
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote:
On 7/24/14, Ulex Europae
wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
NSA-proof?
Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random?
and 2) Reproducibly build all software on the device and upload your build?
and 3) the hardware completely isolates the baseband processor and its os (unless there's a deployable FLOSS baseband stack I'm not aware of)?
and that's just for starters.
Are we getting any closer to a mobile phone baseband stack?
On 10/13/2016 01:10 AM, Zenaan Harkness wrote:
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote:
On 7/24/14, Ulex Europae
wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
NSA-proof?
Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random?
and 2) Reproducibly build all software on the device and upload your build?
and 3) the hardware completely isolates the baseband processor and its os (unless there's a deployable FLOSS baseband stack I'm not aware of)?
and that's just for starters.
Are we getting any closer to a mobile phone baseband stack?
Here's "Super-secure" Buy a 5.99 cellie at 7-11 Turn it on under an assumed name from a public computer. Call in your bomb threat. Throw phone in ocean. They'll know where you called from, and the public computer address you registered it from, and that's about it unless they start doing voice analysis on the audio from that shitty little mic in the cellie that cost less than a penny to make. Rr
https://www.cellebrite.com/releases/mobileforensics/UFED_5.0_ReleaseNotes.pd... "FILE SYSTEM EXTRACTION 342 NEW devices supported (...) GeeksPhone BP2H001AM1 Blackphone 2" "LOGICAL EXTRACTION 276 NEW devices supported (...) GeeksPhone BP2H001AM1 Blackphone 2" ciao, -g
On 10/13/2016 01:10 AM, Zenaan Harkness wrote:
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote:
On 7/24/14, Ulex Europae
wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
NSA-proof?
From: Zenaan Harkness
On 7/24/14, Ulex Europae
wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html>
NSA-proof? To me, the problem is obviously the people who write such articles, and perhaps others that write the headlines, people who know far less about security even than those who merely frequent the Cypherpunks list. (In better times, when most of the posts were on-topic.)Prior to the revelation of NSA's massive data farms (for instance, the one recently revealed in Utah), even the ordinary POTS (plain old telephone system) was 'fair' in security, in the sense that the large majority of the 'wheat' (the stuff the NSA wants to record, store, and search for) was immersed in a ton of 'chaff', the billions of phone calls made on a daily basis. The government couldn't look at information that they didn't know existed, and didn't have a copy of.Relatively good would be encrypted security that cannot be (easily) broken by even the NSA. Even better would be a system which eliminates metadata, sort of a Tor-ized cell phone system. Why doesn't that currently exist? A start would be if the major cell-phone companies publicly announced that they refuse to even collect such metadata, or at least it would be automatically erased at the end of each individual phone call. (Since most phone billing is no longer sensitive to distance, or even time, why record such information in a central location?) Such an announcement would not be automatically believable, especially to cynics like us, but the long-term non-existence of news of criminal trials which actually admitted such evidence would tend to convince the public that the evidence is either not being collected at all, or at least is only being used secret, and not openly in criminal trials. Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random? To _us_, the cypherpunks, the answer is obviously "no". But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now. An even better addition would be a system which actually made the NSA _FEAR_ to use such surveillance results. Would the average telephone user be willing to spend 10 cents per month to supply a fund to kill any government worker who assisted in the recording, storage, decrypting, or using such recorded information, including prosecutors, judges, and government investigators in criminal trials? $25 million per month, in America, would buy 250 deaths at $100,000 each, per month. Somehow, I think that this would solve the problem. Jim Bell
On 10/13/2016 12:54 PM, jim bell wrote:
But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now.
This is my take on tor as well. There's safety in numbers. On the ground OR in cyberworld. If EVERYONE used it, well yeah, they'll get ALL the dataz, but they could use up all the silicon on the planet storing it, and all the carbon burned up to run the machinery to process that data... etc. It's possible to make their technology so expensive to use the US treasury couldn't support the drain. Rr Ps. The silicon IS going away... The next best substitute, whatever that might be, and re-engineering everything to use some less-efficient substrate, ought to cool the computer industry's jets a little... http://www.cbc.ca/radio/thesundayedition/lethal-force-running-out-of-sand-he...
*From:* Zenaan Harkness
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote: On 7/24/14, Ulex Europae
mailto:europus@gmail.com> wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-7351109... http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html?soc_src=mail&soc_trk=ma>
NSA-proof?
To me, the problem is obviously the people who write such articles, and perhaps others that write the headlines, people who know far less about security even than those who merely frequent the Cypherpunks list. (In better times, when most of the posts were on-topic.) Prior to the revelation of NSA's massive data farms (for instance, the one recently revealed in Utah), even the ordinary POTS (plain old telephone system) was 'fair' in security, in the sense that the large majority of the 'wheat' (the stuff the NSA wants to record, store, and search for) was immersed in a ton of 'chaff', the billions of phone calls made on a daily basis. The government couldn't look at information that they didn't know existed, and didn't have a copy of. Relatively good would be encrypted security that cannot be (easily) broken by even the NSA.
Even better would be a system which eliminates metadata, sort of a Tor-ized cell phone system. Why doesn't that currently exist? A start would be if the major cell-phone companies publicly announced that they refuse to even collect such metadata, or at least it would be automatically erased at the end of each individual phone call. (Since most phone billing is no longer sensitive to distance, or even time, why record such information in a central location?)
Such an announcement would not be automatically believable, especially to cynics like us, but the long-term non-existence of news of criminal trials which actually admitted such evidence would tend to convince the public that the evidence is either not being collected at all, or at least is only being used secret, and not openly in criminal trials.
Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random?
To _us_, the cypherpunks, the answer is obviously "no". But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now. An even better addition would be a system which actually made the NSA _FEAR_ to use such surveillance results. Would the average telephone user be willing to spend 10 cents per month to supply a fund to kill any government worker who assisted in the recording, storage, decrypting, or using such recorded information, including prosecutors, judges, and government investigators in criminal trials? $25 million per month, in America, would buy 250 deaths at $100,000 each, per month. Somehow, I think that this would solve the problem.
Jim Bell
On Thu, 13 Oct 2016 17:14:40 -0700
Razer
On 10/13/2016 12:54 PM, jim bell wrote:
But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now.
This is my take on tor as well.
Why do you keep posting pentagon's propaganda razer?
There's safety in numbers. On the ground OR in cyberworld. If EVERYONE used it, well yeah, they'll get ALL the dataz, but they could use up all the silicon on the planet storing it, and all the carbon burned up to run the machinery to process that data... etc.
It's possible to make their technology so expensive to use the US treasury couldn't support the drain.
Rr
Ps. The silicon IS going away... The next best substitute, whatever that might be, and re-engineering everything to use some less-efficient substrate, ought to cool the computer industry's jets a little...
http://www.cbc.ca/radio/thesundayedition/lethal-force-running-out-of-sand-he...
*From:* Zenaan Harkness
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote: On 7/24/14, Ulex Europae
mailto:europus@gmail.com> wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-7351109... http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html?soc_src=mail&soc_trk=ma>
NSA-proof?
To me, the problem is obviously the people who write such articles, and perhaps others that write the headlines, people who know far less about security even than those who merely frequent the Cypherpunks list. (In better times, when most of the posts were on-topic.) Prior to the revelation of NSA's massive data farms (for instance, the one recently revealed in Utah), even the ordinary POTS (plain old telephone system) was 'fair' in security, in the sense that the large majority of the 'wheat' (the stuff the NSA wants to record, store, and search for) was immersed in a ton of 'chaff', the billions of phone calls made on a daily basis. The government couldn't look at information that they didn't know existed, and didn't have a copy of. Relatively good would be encrypted security that cannot be (easily) broken by even the NSA.
Even better would be a system which eliminates metadata, sort of a Tor-ized cell phone system. Why doesn't that currently exist? A start would be if the major cell-phone companies publicly announced that they refuse to even collect such metadata, or at least it would be automatically erased at the end of each individual phone call. (Since most phone billing is no longer sensitive to distance, or even time, why record such information in a central location?)
Such an announcement would not be automatically believable, especially to cynics like us, but the long-term non-existence of news of criminal trials which actually admitted such evidence would tend to convince the public that the evidence is either not being collected at all, or at least is only being used secret, and not openly in criminal trials.
Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random?
To _us_, the cypherpunks, the answer is obviously "no". But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now. An even better addition would be a system which actually made the NSA _FEAR_ to use such surveillance results. Would the average telephone user be willing to spend 10 cents per month to supply a fund to kill any government worker who assisted in the recording, storage, decrypting, or using such recorded information, including prosecutors, judges, and government investigators in criminal trials? $25 million per month, in America, would buy 250 deaths at $100,000 each, per month. Somehow, I think that this would solve the problem.
Jim Bell
On 10/13/2016 05:27 PM, juan wrote:
On Thu, 13 Oct 2016 17:14:40 -0700 Razer
wrote: On 10/13/2016 12:54 PM, jim bell wrote:
But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now.
This is my take on tor as well.
Why do you keep posting pentagon's propaganda razer?
That's not Pentagon propaganda Juan. That's my opinion of the statistical probability of finding every needle in a haystack and the energy expended to do so. Their peeps would claim tor's god-like infallibility. That IS NOT what I'm saying nor have I ever claimed that. Rr
There's safety in numbers. On the ground OR in cyberworld. If EVERYONE used it, well yeah, they'll get ALL the dataz, but they could use up all the silicon on the planet storing it, and all the carbon burned up to run the machinery to process that data... etc.
It's possible to make their technology so expensive to use the US treasury couldn't support the drain.
Rr
Ps. The silicon IS going away... The next best substitute, whatever that might be, and re-engineering everything to use some less-efficient substrate, ought to cool the computer industry's jets a little...
http://www.cbc.ca/radio/thesundayedition/lethal-force-running-out-of-sand-he...
*From:* Zenaan Harkness
On Thu, Jul 24, 2014 at 12:03:36PM +1000, Zenaan Harkness wrote: On 7/24/14, Ulex Europae
mailto:europus@gmail.com> wrote: At 05:25 AM 1/17/2014, Jim Bell forwarded:
<http:///http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-7351109... http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-73511096050.html?soc_src=mail&soc_trk=ma>
NSA-proof?
To me, the problem is obviously the people who write such articles, and perhaps others that write the headlines, people who know far less about security even than those who merely frequent the Cypherpunks list. (In better times, when most of the posts were on-topic.) Prior to the revelation of NSA's massive data farms (for instance, the one recently revealed in Utah), even the ordinary POTS (plain old telephone system) was 'fair' in security, in the sense that the large majority of the 'wheat' (the stuff the NSA wants to record, store, and search for) was immersed in a ton of 'chaff', the billions of phone calls made on a daily basis. The government couldn't look at information that they didn't know existed, and didn't have a copy of. Relatively good would be encrypted security that cannot be (easily) broken by even the NSA.
Even better would be a system which eliminates metadata, sort of a Tor-ized cell phone system. Why doesn't that currently exist? A start would be if the major cell-phone companies publicly announced that they refuse to even collect such metadata, or at least it would be automatically erased at the end of each individual phone call. (Since most phone billing is no longer sensitive to distance, or even time, why record such information in a central location?)
Such an announcement would not be automatically believable, especially to cynics like us, but the long-term non-existence of news of criminal trials which actually admitted such evidence would tend to convince the public that the evidence is either not being collected at all, or at least is only being used secret, and not openly in criminal trials.
Is that even possible unless you: 1) personally pick up your phone off the factory floor production line at random?
To _us_, the cypherpunks, the answer is obviously "no". But if just about everybody had phones installed with 'good' (rather than 'perfect') encryption, encryption that it would take a large amount of the NSA's resources to crack, we'd be living in a far better world than what we have now. An even better addition would be a system which actually made the NSA _FEAR_ to use such surveillance results. Would the average telephone user be willing to spend 10 cents per month to supply a fund to kill any government worker who assisted in the recording, storage, decrypting, or using such recorded information, including prosecutors, judges, and government investigators in criminal trials? $25 million per month, in America, would buy 250 deaths at $100,000 each, per month. Somehow, I think that this would solve the problem.
Jim Bell
Hi,
http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-7351109... http:///
It's been long enough, has anyone acquired one of these and tested it?
The problem is: https://pravokator.si/index.php/2014/06/02/on-mobile-phone-security/ Regards, M.
On 07/24/2014 5:55 am, Matej Kovacic wrote:
Hi,
http://www.yahoo.com/tech/startup-launching-a-super-secure-nsa-proof-7351109... http:///
It's been long enough, has anyone acquired one of these and tested it?
The problem is: https://pravokator.si/index.php/2014/06/02/on-mobile-phone-security/
Regards,
M.
http://www.reddit.com/r/Android/comments/2alqi9/diyblackphone_workinprogress...
participants (10)
-
bluelotus@openmailbox.org
-
Geneviève Lajeunesse
-
grarpamp
-
jim bell
-
juan
-
manning bill
-
Matej Kovacic
-
Razer
-
Ulex Europae
-
Zenaan Harkness