Phil Zimmerman Launching Secure "Blackphone"

judgecorp writes "Famed cryptography activist Phil Zimmerman is set to launch Blackphone, a privacy-oriented phone which allows secure calls and messages. The phone is a joint venture between Zimmerman's Silent Circle communications provider and Geeksphone, the creator of the first Firefox phone, and will run PrivatOS, a secure version of Android. Zimmerman says the venture will be taking orders for the devices from February 24, after it is unveiled at Mobile World Congress in Barcelona."

Open Source?

[Anonymous Coward]

Can the software be adapted to other phones?

Re:Open Source?

[FriendlyLurker]

If it is not Open Source then we can pretty much can forget about this. Limiting the product to a very small set of customers Vs the wider android market means that just by using this product you would be advertising yourself as a target for investigation. To be truly secure the majority need to be using encryption, not just a small subset of paying customers.

Re:

[Kimomaru]

Couldn't agree more. If it's not open source so that people can verify what the underlying system is actually doing, forget it.

Re:

[Lumpy]

"Privacy is dead for the uneducated, deal with it."

FTFY... Privacy is very possible if you have the education and IQ to do it.

I can set up a 100% private voice call to a friend right now that the Feds would have serious trouble cracking. If my pal and I took extra steps, they would not even know we were talking right under their noses. It's not hard to do, just tedious and requires education.

Re: Open Source?

[Sean]

Really? It's not safe if you're using any common software such as Linux, Windows or OS X. Nor is it secure if you're running it on any modern hardware with a CPU from Intel or AMD. And forget about any arm based mobile!

Secure, real time communication is difficult right now.

What do you think you can run that is secure from the likes of the NSA?

Wow, what a man!

[Anonymous Coward]

First he blows away that obnoxious black kid, now he's going to blow us away with a black phone!

Re:

[Kimomaru]

My brain is still working on pushing out a really loud laugh, that's how funny this comment is.

Re:

[Spy Handler]

No that's the other Zimmerman... I think this one is the guy who sells you a black suit and says "You're gonna like the way you look"

Re:

[mwehle]

No that's the other Zimmerman... I think this one is the guy who sells you a black suit and says "You're gonna like the way you look"

I guarantee it.

Is he also launching a new carrier and network?

[Anonymous Coward]

... because otherwise there's no way comnunication via this device is guaranteed to be secure (and probably not even then)

Re:Is he also launching a new carrier and network?

[gmuslera]

There are levels of communications that can be secured even with an hostile/insecure carrier. It can know where are you, but maybe not what you are sending and to who, (at least as pure data stream, if not as plain phone calls). Anyway, regarding hostile carriers or not, it should be safe against hostile/insecure sim cards [forbes.com] too.

Re:

[LordLimecat]

You mean by doing what BES has done for more than a decade now?

If the market didnt give a crap about Blackberry / the protections it offers, what are the chances this will succeed?

Re:

[gmuslera]

The keys of the kingdom (code/servers/etc) must not belong to a single company, and the code should be fully auditable. If they don't do that, then no, they won't be doing the same as BES.

bork bork bork

[Iamthecheese]

This is going to end up a complete mess. Either no one will use them in which case they won't make much difference, only evil people will use them, in which case the US government will shut them down, or a lot of people will use them, in which case the US government will subvert them.

Re:

[gmuslera]

The average, non technical person is the one that gets caught (even for sneezing on public) in this kind of dragnet surveillance. The technical with a clue may use them, and maybe put them as policy for their companies, as is critical for them to have safe communications, so this is the target group. And the ones that they claim that they are after will rely on low tech communication anyway, so won't get caught. As with DRM, the ones that get hurt are the normal citizens and loyal consumers.

Re:

[AHuxley]

The interesting part is where does subvert really get any gov? The gov becomes addicted to a huge raw flow of data from people unaware of the total domestic surveillance network.
Once the public sees the reality of having a domestic surveillance network, their political use of the telcos and computers might change.
People contacting the press take on an East German like feel, they know they will be tracked down, but turn up to protest anyway.
Any new tool that allows people to use a network to chat with th

That's not the use case!

[Medievalist]

You're misunderstanding the purpose of the technology, I think.

The government can use MIB on the rooftops with parabolics, this phone doesn't and can't protect you from their minions.

"Evil people" avoid detection by using disposable phones and in-group jargon to avoid detection - they simply don't need or want this technology. They already buy cheaper, low profile generic phones with cash and just throw them away if they get known.

But this technology prevents the Sun from printing your conversation with th

Re:

[tlhIngan]

This is pretty much the reason I'd think about the Blackphone. Not to hide from the government(s), because that's an exercise in futility if we want to have connected technology.

Exactly. Even if everything on the phone is encrypted, the fact that you made a phone call is still noted (it's "metadata"!). Just like how everyone says "encrypt everything" are missing the point - IP packets can be logged (metadata), as can email headers (more metadata).

Of course, if you want to hide, another thing to do is not ma

Re:

[melikamp]

I dunno about voice calls, but messaging, at least, can be Torified, and that would be a much tougher nut to crack.

Switzerland

[Anonymous Coward]

An interesting choice. I guess it is only logical, since Zimmerman had to shut down his encrypted e-mail service SilentCircle [slashdot.org] in the US. I hope that more businesses will move their operations outside the US, it seems to be the only language the United States government understands.

Re:

[Lumpy]

When did George Zimmerman have that? and why did nobody talk about mister stand your ground being a computer wiz in the news?

Almost. there.

[leuk_he]

Hardware feature I would like to see:
-LED on when camera is taking pictures/recording.
-LED on when microphone is recording.
-Looking like a normal phone, If it screams PRIVACY phone, one might think ik have somthing to hide.

Software features:
-Restrict apps to a sandbox without telling them that. (feed apps fake data instead)
-Some kind of firewall/virtualiszation between apps i use at home and work and real private part.
-Secure boot. rootkit prevention. Including option by bypass the secure boot for open source mods.

Marketing features i would like to see:
-Real use cases. (like work/home phone virtualisation.)
-privacy is always a tradeoff. being online means giving away some of your data. what trade offs are made?
-Access to some more technical details HOW the pricay part is implemented and what has not been implemented.
-Respected names from the pricacy industy who did have to do something in the design/implementation phase. trust is important.

and ... open source... so useful parts can be reviewed and ported to populars android mods.

LEDs are a terrible idea

[Anonymous Coward]

> -LED on when camera is taking pictures/recording.
> -LED on when microphone is recording.

No, no, no. What you want is a mechanical shutter over the camera, and a switch that physically opens the microphone's circuit (if you want convenience, make the microphone's switch be the camera's shutter).

With an LED, you have to trust the firmware to properly couple the light to the device. With a mechanical shutter, you can verify that it is physically impossible for the camera to see anything.

Re:

[hawguy]

> -LED on when camera is taking pictures/recording.
> -LED on when microphone is recording.

No, no, no. What you want is a mechanical shutter over the camera, and a switch that physically opens the microphone's circuit (if you want convenience, make the microphone's switch be the camera's shutter).

With an LED, you have to trust the firmware to properly couple the light to the device. With a mechanical shutter, you can verify that it is physically impossible for the camera to see anything.

You don't need to trust the LED to firmware -- instead of a physical switch that turns the camera or microphone on, use a software controlled switch with only 2 hardware states - if the software turns the switch on, microphone+LED (or camera+LED) are enabled, if the software turns the switch off, then they are not enabled. The camera could have a software controlled physical Iris that closes when the camera is off.

Don't let the software control the LED separately.

This is still open to hardware hacks (someon

Re:

[jeffb (2.718)]

This is still open to hardware hacks (someone with access to the phone could hardwire the microphone on without the LED illuminating), but the same is true with a physical switch.

And, as GP stated, a physical shutter is not open to the same kind of trickery. You'd need to come up with something that looks like an opaque shutter, but actually doesn't block the camera's view. This is still possible, but it's not as trivial as putting a jumper across an LED's legs (or bridging a physical switch).

On the other hand, it's harder to "shutter" a microphone.

Re:

[geminidomino]

I hear there's this newfangled gadget called an SPST that could do the job pretty well.

Re:

[Krojack]

The camera and mic need power right? Couldn't you just wire an LED in the same circuit that powers the camera or mic? Sending power to one of them would kick the LED on.

Re:

[hawguy]

The camera and mic need power right? Couldn't you just wire an LED in the same circuit that powers the camera or mic? Sending power to one of them would kick the LED on.

I think the problem with that is that camera only needs to be powered on for a fraction of a second to snap a photo, perhaps short enough that no one would notice the LED flashing on.

Though I guess the hardware circuit that powers the camera could ensure that the LED stays on for several seconds (or minutes) before and after the camera itself gets power - and could even emit an alert sound when the camera is enabled.

Re:

[Mashdar]

If the LED is in parallel to the camera power, it is better than a shutter. The only flaw in LEDs is that idiot designers put them on seperate switching...

Re:

[egcagrac0]

-Looking like a normal phone, If it screams PRIVACY phone, one might think ik have somthing to hide.

From the picture on the website, it looks rather like an iPhone (without the button).

When the phone is in your pocket, they all look alike to everyone else, anyway.

Re:Almost. there.

[mrchaotica]

You forgot the most important feature:

The main SoC controls the baseband processor (and can firewall the rest of the system off from it), not the other way around. Or better yet, the baseband is Open Source.

Re:

[NatasRevol]

I thought the most important thing would be that it's actually launched, and not promiseware.

Re:

[mdielmann]

Read about the features of GSM modules, with respect to being able to poll towers, access GPS, etc., while the phone is supposedly turned off. This is a prerequisite for achieving their stated goals.

Re:

[Arker]

Nope. Promiseware is better than a defective deliverable.

Re:

[Britz]

That is the one feature that would set it apart from any phone running an open source mod (Android Replicant comes to mind) with a couple privacy apps on top. Like a sip client with encryption on. And therefore pretty much the only good selling point.

I wonder if it will only be a firewall, or if someone finally manages to really open source the baseband. Though I doubt it. As far as I understand even the OpenMoko stuff has closed source binary blobs for the baseband, though they have sufficient barriers bet

Re:

[oodaloop]

The LED is on the right track, but if someone can hack your phone to turn the camera on, they can also turn the LED off. How about a physical shutter over the camera? I'd like a neon orange small plastic shutter to close over the cameras on my phone. I'd be able to quickly check that they're still on and not worry about someone hacking my phone.

Re:Almost. there.

[necro81]

if someone can hack your phone to turn the camera on, they can also turn the LED off

This is not necessarily true if you design this feature into the board. For instance, you can have the LED hard-wired to the camera's power supply - anytime the camera has power, the LED will be on. When the firmware wants to save power by turning the camera off, it must well and truly be off (i.e., no power applied), and not just a sleep mode.

Alternately, depending on the communications bus between the camera chip and the SoC, you can have an LED tied to one of the communications lines through some sort of buffer circuit - chip select, camera Tx, etc.

One would think that this was the way it was always done - some unambiguous way to know when the camera is active that was baked in at the board level - but apparently not.

Re:

[necro81]

If you have a LED connected to the microphone circuit, someone could train a telescope on your phone and analyze its flicker to remotely overhear what you're saying

And if they have a microphone with a parabolic dish, they can hear it directly. And if they are standing next to you they can hear you outright. At some point you have to live life. If your paranoia extends that far, may as well never leave the house.

Re:

[Burz]

I'm amazed at how consistently /.ers assume that a LED would not be hardwired to the component it monitors. Its like a form of brain damage.

Re:

[oodaloop]

It could be, but it isn't if you want to use the LED as a flashlight without the camera being on. I'd prefer them to be separate with a physical shutter, personally, but then again I have brain dammage.

Re:

[Burz]

It could be, but it isn't if you want to use the LED as a flashlight without the camera being on. I'd prefer them to be separate with a physical shutter, personally, but then again I have brain dammage.

Uh, the LED would be there as a *security* feature, not sneaking in as a friggin' flashlight. Who would want such a bright status light anyway?

Shutters don't stop microphones from listening. Even on cameras, they can't inform you that something is not acting as it should. Finally, they add bulk and breakable moving parts to the device.

Re:

[oodaloop]

Uh, the LED would be there as a *security* feature, not sneaking in as a friggin' flashlight.

I was referring to the LED that already exists next to the camera, which is used as a flash for taking pictures and as a separate flashlight. I was not assuming an additional LED of much lower brightness put next to that one.

Shutters don't stop microphones from listening.

LEDs on microphones don't stop them from listening either though, do they? And unless you're always looking at your phone, 24/7, it's not really a solution. When your phone is in your pocket, purse, etc or when you're sleeping, in another room etc the LED being on wouldn't be of much u

Re:

[painandgreed]

I'm amazed at how consistently /.ers assume that a LED would not be hardwired to the component it monitors. Its like a form of brain damage.

It could very well be hardwired to the component it monitors, but then if that component has firmware or driver that gets hacked, it might not do you much good.

Re:

[Burz]

Just Wow... it really is like brain damage.

Re:

[melikamp]

and ... open source... so useful parts can be reviewed and ported to populars android mods

This is not the main reason why it should be open source, nor is "open source" enough, unless we are using a definition compatible with the free software definition. In fact, both hardware and software should be free, documented, and open in order to justify the basic security and privacy claims the manufacturer is making.

As for "open source", the freedom to distribute modified copies (which is not clearly implied) is paramount to anything aspiring to be secure. If a bug is discovered, and a patch is avai

You are half right

[Burz]

Fully open source software would be a good *start*. It reduces the number of private parties you are forced to trust down to the hardware OEMs... and with clever enough architecture you can even keep hostile components at bay if your core processor is trusted.

But, eventually, the open source dynamic must be expressed in the hardware in order for multifarious communities of experts and users to develop a genuine trust relationship a smartphone, PC, etc. After 2013, there is no turning back from that eventual

Re:

[Burz]

Just to clarify: Hardwire LEDs to the mic and camera. Leaving the LED activation to firmware is asking for an exploit.

These are good ideas. However they are kind of obvious and their total absence on phones and PCs shows that major IT vendors don't have designers involved in security at all. That vacuum and lack of involvement is astonishing.

BTW, if you want some of those other features in a PC, check out Qubes OS. [qubes-os.org] Its a Xen-based desktop with great virtualization and boot protection features; its (much) mo

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[steveg]

Guess it's a matter of "know your audience." :/

But I never once thought of Bob Dylan.

I'm not so sure about this.

[Agares]

I don't see how we can trust this new phone or any other device out there. So many companies have said we can trust them with our data, and then to no one’s surprise they've been found to be in bed with the NSA. We need to understand that we now live in a world where Big Brother is always watching. The only way we can stop this is to get rid of the NSA and other agencies like it. Unfortunately though, too many people are fine with being watched. They think that was long as they have nothing to hide th

Re:

[joe_frisch]

I do agree that the problem of knowing who to trust is very serious. Large organizations (like the NSA) have the ability to make lots of posts in online discussions, technical journals, etc. to give the impression that the "community" "trusts" some particular solution, and to discredit anyone who objects.

I don't think though that the only answer is to eliminate these organizations - which is probably impossible in any case. At least in the US, the government is not a single monolithic organization, and shou

I couldn't help to notice that...

[carlhaagen]

...their "The team" page doesn't mention a single software or hardware developer involved in creating the phone. Why aren't they worth to be on display along with the CEOs and whatnot?

Re:

[hawguy]

...their "The team" page doesn't mention a single software or hardware developer involved in creating the phone. Why aren't they worth to be on display along with the CEOs and whatnot?

Why do you think they've already hired a team to develop their vaporware phone?

Internal name: FUNSA

[webbiedave]

and it will no doubt employ WSS aka Wireless Security Standard (internal name: What Snowden Said).

The providers are a bigger problem than the phone.

[therealkevinkretz]

Even if the phone is as secure as claimed, one of the biggest violations of privacy is the collection of location data. And no security feature on the device will prevent Verizon/AT&T/etc from knowing what tower it has contacted, or providing that to any agency it wishes to.

Re:

[hawguy]

Even if the phone is as secure as claimed, one of the biggest violations of privacy is the collection of location data. And no security feature on the device will prevent Verizon/AT&T/etc from knowing what tower it has contacted, or providing that to any agency it wishes to.

Obviously, you can't expect your location to remain anonymous while you're talking on the phone, but you can trust that when you turn off the Cellular radio, that it really is off and you're not being tracked when you drive to your mistresses house. Once you get there, you can use her Wifi to check for voicemails/txt's and still remain anonymous.

Re:

[therealkevinkretz]

Yes, obviously. It can be surmised from the title of my post that the problem isn't the telco knowing where you're connecting, but that they're perfectly happy to collect and turn over that information to government agencies without a proper warrant.

Re:

[Nerdfest]

Android is an open source OS. The only part that isn't open in most cases are the hardware drivers, and perhaps this company can get source for those as well. There's a lot of FUD going around where people think it can't be decoupled from communicating with Google, and that's simply not the case. You can quite easily run Android with no communications too Google or anyone else.

Re:

[vlueboy]

How can we trust that the android version will be secure. As I see it, android is a data-monetization platform that also runs phones and tablets.

Not comforting at all.

I love how even the weather-news app (Gingerbread and up) redirects all stories via google news, so they track that redirect. That they do it overtly makes it even more unnerving, since they might just hide this
Google desktop searches are the same way. NSA or not, (ha!) I can't help but fear that my Address book app should remain completely blank, especially knowing that google backs up this stuff to their cloud in the name of convenience.

Re:

[PhrostyMcByte]

I don't see any reason you couldn't route a call through Tor to hide your location. Of course, it's seeming more and more likely that parts of Tor have been compromised, so maybe that won't help all that much.

Re:

[greenbird]

http://www.oneluckyelephant.com

Layer one and two are the problem. Tor helps with layer 3 and 4. Your cell phone radio (layer one) has to give identifying information to the cell tower so the cell tower can authenticate it and link it to the network (layer 2). This is done continuously while the cell radio in the phone is on through the command channel. It's constantly checking in with all the cell towers within range so it can be determined which cell is the best for data connections and handing off to the optimal tower. So regardless of

Re:

[Albanach]

I think Tor is TCP only, so SIP is pretty much out of the question. Asterisk could work with IAX, Skype might work too.

Latency will be an issue. If it remains consistent thought you can get away with over 1 second of latency on a voice call - not much different than a call routed via satellite.

If latency fluctuates widely then jitter may become a problem. You'd need to compensate for that too. Jitter and high overall latency don't make for a good calling experience. I could see latency going above 2 seconds

Re:

[Burz]

You would probably want I2P instead of Tor (which was built only for browsing over TCP). I2P handles UDP-like traffic just fine, and is more resistant to compromise because its designed to safely distribute re/routing among all users. Its also pretty easy to adjust the number of relay hops, like trading anonymity/latency on a sliding scale.

Re:

[SuiteSisterMary]

Aren't cell phones *required* to provide as much location data as possible for emergency services and the like?

Re:

[Janek Kozicki]

unless the phone contacts first to wifi, then to other blackphones nearby forming a mesh network (that can be possible, but initially unlikely, due to low popularity of blackphone), then finally to some of available celltowers (not necessarily the one with strongest signal).

Useless, or doomed to fail.

[Shadows]

I posted these same thoughts last time I saw a "secure" phone on slashdot. Apparently it was long enough ago that it's no longer in my post history?

Regardless, there are two options I am aware of: 1) end to end encryption or 2) insecure messages/communication

The problem with #1 is that it requires secure devices on BOTH ENDS of the communication. You get very little bonus security if your device is secure, but the text messages, emails, phone calles etc. go unencrypted over the wire. That's fine, but now I

Re:

[Burz]

Why is that such a big deal? People already install apps and buy gadgets so they can interact with people they know in a specific digital domain.

And I'm sure the blackphone will tell you when the party on the other end is using secure protocols.

Just one question

[joeflies]

On the black phone, where did the PRNG come from?

Tracking?

[Hatta]

Does this device provide any protection against location tracking?

Re:

[greenbird]

Does this device provide any protection against location tracking?

Unless they establish their own cellular radio network that's not possible. The phone still requires a layer one and two connection which are provided the the cellular company.

Re:

[melikamp]

If this device is fully free and open, then it can obviously spoof every one of its IDs, and provide a strong defense against location tracking (although not perfect, if one wants to jump from tower to tower while keeping the IP connection intact). The problem, as you can see, is not just with the device, but with the cellular providers, who forbid anonymous users. So if this phone can use the cellular network in USA, then it automatically will have to be non-free, and the whole thing is a scam. In particul

Maybe not going after the right target

[CanadianMacFan]

While I'm all for privacy and the government sticking it's nose out of my business I don't see how this phone really addresses the problem of privacy. The huge problem lately has been the governments sweeping up the meta data. So while your message may go through the system encrypted with this phone it's still going to leave a plain trail for everyone to see.

And placing the servers in Switzerland doesn't fill me with confidence for keeping the data safe either. They certainly caved pretty easily recently when it came to banking information so how fast is the government going to fold when the US wants the information to find terrorists and child molesters instead of tax cheats.

Re:

[TubeSteak]

They certainly caved pretty easily recently when it came to banking information

They only caved when it was shown that Swiss bankers were actively helping their clients to avoid taxes and break (inter)national laws.

But more interestingly, the nature of their caving varies from country to country.
The banks agreed to remit taxes for UK-based account holders, but without disclosing the account holder's identity.

I'd trust it, just one kink,you don't get just one

[Trax3001BBS]

If Phil Zimmerman were involved in it I'd trust the security of the phone, it's just you don't just purchase one, but for everybody you call as well. One ain't going to do you any good.

Re:

[chihowa]

Sound security isn't based on trusting a name. Show us the source if you expect to be trusted. I don't understand how Zimmerman still doesn't get that.

Re:

[Trax3001BBS]

Sound security isn't based on trusting a name. Show us the source if you expect to be trusted. I don't understand how Zimmerman still doesn't get that.

Phil Zimmerman fought back as best he could, coming out with updates to PGP, as they kept charging him with something for years until one day they dropped all charges. Now MIT where you downloaded PGP from, I don't. I've still got PGP 2.6.2 g which was released years before MIT sold out to NSA.

If you have to trust someone for me it would be Phil Zimmerman, just as I do (cough) Google.

There may be a flaw in my thinking :} but it's that or just quit the Internet, using a phone, or filling out forms.

The backdo

Phew

[Andrio]

I saw "Zimmerman" and "black" in the headline and I instantly thought a dreadful "Oh not this again!"

Umm... wait a minute

[maliqua]

Given that silent circle has offices in the united states i can't see how anyone can trust its security.

seems to me if you wanted to make a secure device you would ensure to work with companies that can't be influenced by the USA

Re:

[mmell]

That leaves . . . Antarctica, Luna and Mars, right? Or were you planning to trust the Russians/Chinese/Pakistanis/Tanzians/Aborigines to design, prototype, test, manufacture and market your solution. May I recommend Elbonia?

Need a deadman's switch

[Quila]

They have to have an indicator somewhere saying they have not allowed any government access. Since it's their phones, maybe broadcast the fact of no-contact every day to all phones, and have the phones alert when they haven't received the notice.

Also, may want to to hash the binaries at their web site and make it available as a web service, and have a program to hash binaries for that version on the phone and check online. Make it SSL with certificates to avoid spoofing. This way, people can know if their individual phones may have been compromised.

Re:

[OzPeter]

They have to have an indicator somewhere saying they have not allowed any government access.

Which by changing the status of it shows that they have had government access and then someone gets into trouble with the government.

This idea of a magical deadman's switch is a complete crock and totally untenable after you consider it for more than one second. Just because the computer threw the switch won't stop the government coming after the owners of the computer.

But if you want to persist with that idea anyway, just take a look at what hoops Jews could jump through with their Kosher [kosherswitch.com]

This has been discussed before.

[mmell]

Recently, in fact.

So what do you do when the grim-looking man with the black robe and no sense of humor orders that no such measures be employed on your website (i.e., don't kill the canary)? Go to jail just as if you'd refused to comply with the MIB, or give the world a false sense of security not by saying nothing about government oversight but by actively keeping the indicator (HTML tag?) in place. Your call

Oh, incidentally - CONTROL has agents ready to take over the administration and operation of y

Re:

[Quila]

So what do you do when the grim-looking man with the black robe and no sense of humor orders that no such measures be employed on your website

They can't order you after the fact. The infrastructure is there, and no law makes it illegal. Removing the infrastructure would naturally trigger the dead-man's switch.

give the world a false sense of security not by saying nothing about government oversight but by actively keeping the indicator (HTML tag?) in place

They can force you to not do something. They can't fo

Re:

[OzPeter]

"Oh I'm sorry, I thought I gave you guys the correct password for the deadman's switch after you broke down my door and made your polite request. I guess all the stress of the whole incident must have led me to make some small error. After all typing it in is just muscle memory now, I struggle to remember the characters out loud!"

If you think that smoke and mirrors is going to protect you from the wrath of the gubmint then I think you are severely deluded. The act of throwing the deadmans switch is not the issue, its is the information that throwing it conveys.

Another flaw

[ThatsNotPudding]

Given that the NSA (and doubtless others) intercepts of packages, how the hell do you obtain one of these without the real risk of it being tampered with before the sacred unboxing?

Re:

[Burz]

Given that the NSA (and doubtless others) intercepts of packages, how the hell do you obtain one of these without the real risk of it being tampered with before the sacred unboxing?

Attend conferences where blackphone are showing up. Buy direct (or, if they don't have blackphones on them then pester them about it).

Excellent

[GameboyRMH]

Another candidate for my next phone, and one of the few where "privacy" was ever a consideration in its design. If I do buy one I'll have to make it hard to trace it back to me, I'm trying to stay off the Naughty List if I'm not already on it.

Different than Good Tech or BlackBerry?

[ArhcAngel]

This sounds like a pitch for a replacement to Good Technology [good.com] or BlackBerry BES [blackberry.com] or MobileIron [mobileiron.com] but tied to a single Android phone. I mean the headline says it's a secure phone but it looks like it will require Silent Circle [silentcircle.com] as the communication go between. You can do that now on Android, BB 10, and iOS with BES 10. No special version of Android needed. Hate on BlackBerry all you want but they know security.

Re:

[jonwil]

BlackBerry may know security but there is no way to trust that they aren't in bed with the NSA (or the Canadian equivilant, the CSEC)

Re:

[ArhcAngel]

If you can't trust BlackBerry you can't trust Silent Circle either. Or Good, or MobileIron. BlackBerry has a long history of doing the right thing. Do they work with the NSA? I'm sure they have no choice in the matter but they are known for pushing back against data requests. I mean they were the only company that fought the backdoor request of the Indian Government. And even once they complied they only gave them a way to decrypt BIS info not BES.

And the buyers will be...

[hazeii]

No, not terrorists or drug smugglers or other ne'er do wells.

The target market is politicians, sheriffs departments, lobbyists, corporations, bankers and sundry others who worry about their dodgy dealings coming to light.

Anybody here ever heard of white noise?

[mmell]

That's what I am. I use my cellular phone in an unencrypted way to communicate over our nation's monitored cellular and telephone networks. I talk about drugs, hookers, fast cars . . . football, beer, our government's successes and failures . . . smuggling, work, stuff I read in the Anarchists Cookbook, the latest game on Google Play . . . I'm white noise.

Incidentally, the secret police haven't visited my hoa jlk -]=6y\ 9 90u[5y-gfdl;n;vzo8j......

[CONNECTION LOST]

Blackphone's casing is 100% dolomite

[RevWaldo]

The tough black mineral that won't cop out when the heat's all about.

.

Re:

[mwehle]

I can dig it.

Re:

[silas_moeckel]

Pretty much any bodega that sells GSM prepaid phones.

Re:

[Lumpy]

Airports, Flea markets, etc. It's brain dead easy to get a GSM prepaid and activated SIM in the usa without giving any information out.

Re:

[gmuslera]

A lot of the people that is there did a few things in the programming world, like PGP, zfone/zrtp, welcam, or kismet. But there are implied programmers when they are taking as base the safe parts of android, so linux, android, cyanogenmod and so on people probably will be in part responsible or taken part directly.

Anyway, regarding trust, the names of people that take decisions matter a lot, having there a lot of the people of Silent Circle and Geeksphone have an implied message.

The only name i don't see

Re:

[aissixtir]

How can they not when they can get so many clients with a nice name (blackphone) and privacy promises (after the latest NSA leaks). The thing is, even if this project is not as privacy-oriented as they try to make it seem, the market is developing towards more privacy and that is good.

Re:

[wiredlogic]

You can run all of your crypto operations on a different processor than the one running the radio since it can be assumed that it is compromised. For the really paranoid, an FPGA based processor can be used to guard against compromised ASICs entering the supply chain. If you transmit everything through VOIP rather than the normal voice channel then you can isolate the phone from any compromises in the phone network beyond SIM tracking.

Re:

[mmell]

Encryption doesn't do you any good. Have you forgotten about the analog hole? I'm sure the wonderful folks at NSA haven't.