Blackphone: a privacy-conscious phone that actually works

Originally published at: https://boingboing.net/2014/07/01/blackphone-a-privacy-consciou.html

1 Like

Security for mobile devices is sorely needed. Mobile devices are a security disaster. Why? They are a closed ecosystem.

The fact that a specialized phone like this needs to be made in the first place shows the sad state of “smart” phones today.

1 Like

There’s apparently a forensic toolkit used by police departments that can p0wn any phone out there–iPhone, Android, or Symbian.

How does this stand up to that? Is it encrypted at the OS level? I find it a bit of a pain to re-enter my passcode every time my lock screen engages or I press SCREEN OFF. But it’s better to be safe than sorry.

BTW, I took a recent post from here and made my own “I DO NOT CONSENT TO A SEARCH OF THIS DEVICE” lock screen wallpaper. Maybe I should post that…

Exactly. They should be able to communicate with eachother over short distances via ‘walkie talkie’ without the need for a tower even.
Surely this capacity can be software built?

OK guys, here’s something I don’t get as part of the larger privacy debate. Most of us are average folk. We don’t rock the boat politically, start campaigns against powerful political interests or otherwise draw attention to ourselves from the cops or the 3 letter agencies. Over the years I’ve tested out many security technologies just for curiosity’s sake - from email certificates to Open PGP to Tor to I2P among others, and I’m yet to see any reason for an ordinary person to resort to such extreme measures.

The very first stumbling block with public key security is that the other parties must also have certificates. Other than corporate deployments of Lotus Notes, I’m yet to see any non computer savvy private individuals (99% of most people I communicate with) have any interest in these things, let alone the expertise needed to create self signed keys and use them.
With anonymizing services there’s a speed hit when using proxies or Tor. What is the final purpose of all these services? To counter the chance that someone somewhere is snooping on your traffic, or tracking down your location via IP address to put you behind bars or worse.
If you bring up Facebook and Google - they accumulate data in aggregate and their algorithms look for trends in massive volumes of data. They don’t individually, personally go through each person’s information. And well, you can close your accounts with them and block all cookies from their domains if that’s a problem.

Unless you’re Julian Assange or a Fortune 500 CEO or similar high value target, nobody is exactly trying their best to find out who you particularly are and get hold of all your data or hijack your identity. For the average person this seems to be overkill similar to installing an electric fence and guards with dogs patrolling the perimeter in an ordinary neighborhood when everyone else is making do with a picket fence and a store bought lock.

So why all the tin-foil hat paranoia? Of course, you can stay away from social media and be careful of what you post online, but when would you require the sort of security presented by this phone and the technologies mentioned if you’re not a high value target as described previously?

IMPORTANT question. Does the phone architecture mitigate the effects of compromising the baseband processor? This neglected part provides a rather large attack surface and rumours go that various agencies specialists use just this to attack secure (or “secure”) phones.

2 Likes

Just wondering, the protective element of this phone is entirely defeated if I start using the usual information hungry apps right?
I like using the various cycling related apps such as Mapmyride, Strava, Bikemap, Garmin Connect… etc etc.
But as soon as I do so on a Blackphone I’m fucked privacy wise right? Blackphone can’t somehow make the use of certain apps less privacy intrusive?

I think there are tricks to deny the apps the information or the ability to send it. There are some apps that can manage these rights, but they may not be available on the official play s(t)ore.

1 Like

One with great potential was a dynamic firewall by Moxie Marlinspike, but it was bought out by Twitter and has vanished :frowning:

This topic was automatically closed after 5 days. New replies are no longer allowed.