_______ __ _______
| | |.---.-..----.| |--..-----..----. | | |.-----..--.--.--..-----.
| || _ || __|| < | -__|| _| | || -__|| | | ||__ --|
|___|___||___._||____||__|__||_____||__| |__|____||_____||________||_____|
on Gopher (inofficial)
HTML Visit Hacker News on the Web
COMMENT PAGE FOR:
HTML Cell Service for the Fairly Paranoid
pibaker wrote 44 min ago:
The problem with every service targeting "safety conscious" people is
that by virtue of using that service you mark yourself as someone with
something to hide and draws attention. The lack of signal is a signal
in itself.
It's like walking into a bank wearing a ski mask. Yeah we don't know
who is under the mask but we know there is probably something fishy
going on.
Your best bet at staying safe is always to not raise any attention at
all, and that usually means doing what the average citizen with 2.4
kids does.
4d4m wrote 6 hours 11 min ago:
Any plans on how to secure the hardware layer, where phone modems and
infra equipment are insecure/rooted by design?
OhMeadhbh wrote 6 hours 22 min ago:
If only they supported physical SIMs, I could use it on my punkt phone.
vivzkestrel wrote 6 hours 37 min ago:
- this is my biggest gripe with any of these privacy products
- how do I know you are actually implementing what you claim on your
webpage?
fnikacevic wrote 6 hours 32 min ago:
And how do we know it's not another FBI/CIA honeypot?
ThePowerOfFuet wrote 7 hours 58 min ago:
Can't even roam in the EU with it? Useless for an awful lot of HN.
ranger_danger wrote 8 hours 35 min ago:
HTML [1]: https://piefed.social/c/privacy/p/1813919/privacy-cell-service...
mrbluecoat wrote 8 hours 55 min ago:
Pair it with your Dark Wire phone for perfect anonymity! /s
HTML [1]: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/...
fortranfiend wrote 8 hours 58 min ago:
Guess I'm more paranoid than fairly. Id class this in a wait and see
category maybe try it out on a secondary device for a trial run. You'd
have to have the need to their services to justify the cost or just not
care about cost.
dmarks100 wrote 9 hours 1 min ago:
is RCS support planned in the future?
driverdan wrote 10 hours 21 min ago:
Why is this so much more expensive than other MVNOs? Mint Mobile, for
example, is $30/m for unlimited. Most MVNOs can be funded anonymously,
through in store purchases.
306bobby wrote 9 hours 56 min ago:
I believe for reasons Aromatic_War stated in a top comment above:
they're actually doing novel stuff with their control planes, not
just using what's already there like most MVNOs
johndoylecape wrote 9 hours 6 min ago:
This is right. Deploying our own packet core and IMS core, building
our own BSS from scratch. All of this stuff is expensive (and
hard). We're hoping to be able to bring the price down over time.
ddtaylor wrote 10 hours 29 min ago:
I guess making honeypot phones and calling them secure fell out of
fashion, so now we backdoor at the carrier level?
horoscope_slump wrote 9 hours 26 min ago:
First, I think we can learn some stuff from looking at how the US
government actually operated its known honeypots to evaluate the
likelihood of Cape being a honeypot.
First, when it ran Anom, it went out of its way not to collect data
on persons inside the United States. U.S. Anom users never had any of
their data captured by the FBI because it raised profound 4th
Amendment concerns. Cape is operating in the U.S. and is seeking U.S.
users. Typical U.S. honeypots are generally targeted abroad.
Second, the U.S. government has historically not used former military
officers with ties to defense contractors as the people that built
and operated the honeypots. With Anom, they co-opted trusted members
of the secure phone community. The very fact that the company is very
open about its founders is a pretty good sign that they are probably
not a honeypot because they would not make a very good honeypot for
the truly criminal element.
Third, Cape is incorporated in the United States and seeking U.S.
users. In the process, it's making some fairly aggressive claims in
its privacy policy and terms of service about its products that would
subject them to breach of contract and fraud claims if in fact they
were secretly not doing those things.
Fourth, the legacy telecoms have a long history of selling your data,
secretly cooperating in national security programs of questionable
legality, etc. It seems like Cape can't possible a worse option than
the status quo.
hrimfaxi wrote 8 hours 58 min ago:
1. Citation needed. People in the US were arrested under this
operation though they were foreign nationals.
2. History matters until it doesn't. There was a time when the US
did not perform science experiments on unsuspecting populations,
too. The government does not get the benefit of the doubt when it
comes to "past performance is not indicative of future
performance".
3. We have seen sitting presidents pardon people for crimes they
have yet to commit.
4. "Not worse" is not a selling point.
horoscope_slump wrote 8 hours 48 min ago:
1.) [1] [2] 3.) A president cannot pardon a civil claim against a
company for breach of TOS.
HTML [1]: https://www.sandiegouniontribune.com/2021/07/03/the-fbis...
HTML [2]: https://www.american.edu/sis/centers/security-technology...
hrimfaxi wrote 7 hours 44 min ago:
You said:
> First, when it ran Anom, it went out of its way not to
collect data on persons inside the United States. U.S. Anom
users never had any of their data captured by the FBI because
it raised profound 4th Amendment concerns. Cape is operating in
the U.S. and is seeking U.S. users. Typical U.S. honeypots are
generally targeted abroad.
1. People in the US were arrested for using Anom (despite the
14th amendment protecting both citizen and noncitizen alike, at
least in the case where the non-US person is on US soil).
3. Fair point, though if it is truly a government sting
operation I don't think you can take them to civil court either
unless authorized under statute right?
8cvor6j844qw_d6 wrote 6 hours 44 min ago:
Yeah, just a quick skim and my first thought is anom v2?
Just my thoughts.
varispeed wrote 12 hours 0 min ago:
Why this gives honeypot vibes?
dakolli wrote 12 hours 11 min ago:
Partnered with EFF, might as well say this is a US government honey
trap.
Aromatic_War wrote 12 hours 34 min ago:
Itâs rare to see an MVNO thread get into the weeds of the mobile
core, but as a Full MVNO, Cape is essentially running its own sovereign
telco infrastructure. From an outside perspective, they are definitely
among the few who are treating the signaling plane with the proper
level of scrutiny (they built their own signalling firewall)
But even with a proprietary core and a signaling firewall, Cape is
still an island in a sea of legacy protocols and peer MNOs with
different intentions...
I'd be interested to see how they are hardening the IMS (IP Multimedia
Subsystem) and VoLTE/VoWifi stack. SIP signaling and RTP streams for
voice are often unencrypted internally.
If Cape is applying their 'Network Lock' logic to the IMS layer, they
could potentially mitigate SIP-level spoofing and voice interception
that occurs at the interconnect.
Their 'Encrypted Voicemail' (using asymmetric keys on the device) is a
strong signal that they understand the 'Last Mile' problem.
Also even if SEPPs are not really a thing, i'd be curious to know if
they've started looking at this.
In the small world of telco security (disclaimer i work for
P1Security), they are definitely working in the right direction. Any
international ambition, particularly in EU, will be a tough sell
though....
simfree wrote 4 hours 19 min ago:
Mitigating SIP and TDM spoofing requires broad cooperation among
every other Telecom provider. That doesn't exist today, you can't
prevent people from spoofing your number.
AdamN wrote 12 hours 44 min ago:
I know it'a a bit of a pivot but the following would make me move:
1/ eSIM activation outside the US
2/ The family plan is weird. My wife and I don't want to manage two
separate bills.
3/ multiple eSIMs and numbers in different countries all within the one
account (Germany in particular)
pona-a wrote 14 hours 22 min ago:
I have some questions about the "Last-Mile encryption" and "Encrypted
Voicemail". Does Cape receive cleartext and resend it encrypted? What
does this achieve? Integrity? Does the service drop unencrypted
messages?
bsstoner wrote 12 hours 52 min ago:
We receive in cleartext and encrypt with a key controlled by the
customer. Most carriers store voicemail and SMS in cleartext on their
servers. The goal is reduce exposure while preserving
interoperability. This post on encrypted voicemail gets into more
technical details about how it works:
HTML [1]: https://www.cape.co/blog/product-feature-encrypted-voicemail...
voidUpdate wrote 15 hours 29 min ago:
Does cape use its own cell towers, or do they rely on third parties to
provide the actual infrastructure? And if they do use third parties,
are they sure that they aren't also storing data about the connected
devices etc?
bsstoner wrote 12 hours 36 min ago:
We donât operate our own towers and as you point out we canât
control what someone there does. Our privacy and security model is to
treat the towers as untrustworthy. This is why we do things like
rotate your IMSI daily or split your traffic across multiple
underlying network partners. We want to make any data that is
collected noisy and less valuable to data brokers.
jp0001 wrote 16 hours 1 min ago:
Hold on. Cell towers still know where the device is. If a group of
people in an area have stable ismiâs and one personâs ismi is
rotating daily, it doesnât take a genius to figure out whoâs now
using cape. Using it for travel makes sense, but again being a device
that doesnât a have an owner is, as the kids say, sus.
bsstoner wrote 12 hours 41 min ago:
It depends what your threat model is. Most telco data collection and
resale is based on IMSIâs attached to KYCâd customers. If they
canât get personal information and the IMSI looks like itâs a day
old, that data is inherently less valuable to data brokers. The large
telcos have plenty of clean data with stable IMSIâs tied to KYCâd
customers that is worth more.
bartvk wrote 16 hours 9 min ago:
FYI, I had to walk through the first dozen or so steps of the signup
form to figure out that it's available in the US only. I suspected as
much, but I figured I'd post it here, since it's not in their FAQ.
chasil wrote 13 hours 39 min ago:
This is also $99/month, and likely rides on another major network as
an MVNO.
anon5739483 wrote 16 hours 35 min ago:
Maybe have an onion web service and add direct Monero payment support.
This will help privacy LARP'ers get into the mood. Truth be told, if
you're paranoid by any measure and use a cell phone -> YNGMI. It's not
cheap enough for average person to care and not private enough for
ulta-paranoid to pay and use. The whole mobile infrastructure is
utterly broken in terms of security and privacy so it's still
refreshing to see any kind of attempt being made in this area.
Doohickey-d wrote 16 hours 55 min ago:
Another option for anonymous mobile service: [1] eSIM, global, variable
pricing per country with per-GB billing, anonymous crypto payments and
no KYC. Although it seems to not have some of the additional security
features of the OP.
HTML [1]: https://silent.link/
rsync wrote 18 hours 31 min ago:
It would be more useful and beneficial to have a privacy oriented
twilio than a privacy oriented carrier.
If we treat the carrier as adversarial, dumb pipes we can move the
security and all of the capabilities into the cloud platform. A
personal comms stack like this should be carrier-agnostic,
phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
loteck wrote 21 hours 36 min ago:
Hi Cape team,
I'd like a service like yours that allows private signups and that
works continuously to prove ongoing private operations. I don't need
huge data plans, I'm fine with WiFi mostly. It needs to cost way less
per month than your current pricing. It would be cool if you could find
a way to serve people like me.
bsstoner wrote 21 hours 1 min ago:
Appreciate the feedback, weâll likely experiment with different
plans down the road, but for now weâre focused on rolling out as
much additional privacy/security value as we can to justify the
premium price point.
mr_machine wrote 8 hours 8 min ago:
I on the other hand am fine with the premium price... but it looks
like I'd need to install a proprietary app to use the service.
That's a 'hell naw' from me.
maybsum1else wrote 21 hours 52 min ago:
i think this thread is a honeypot
johndoylecape wrote 21 hours 25 min ago:
You just made the list.
floam wrote 22 hours 16 min ago:
Thereâs a chance this catches on with some folks with blacklisted
IMEIâs due to a quirk on AT&T MVNOs where service works for a few
days before getting halted per IMSI.
Ms-J wrote 22 hours 36 min ago:
I've looked into this company before and when I saw who was behind it
and on the team it was an immediate red flag to never use or trust this
company.
Look at who Doyle has worked for previously and what connections he
has. Palantir and the military, to start.
Noaidi wrote 9 hours 2 min ago:
Yeah, this is my take as well. I was all excited about it until I
looked at who ran it. Pretty much people from Plantier and navy
seals.
Looks like a pretty sweet honey pot.
abc123abc123 wrote 12 hours 55 min ago:
Ahh... ex-palantir and military (government drone), no thank you.
Wouldn't trust them as long as I can throw them.
johndoylecape wrote 22 hours 24 min ago:
Doyle here :) I'm very proud of my military service!
Prior to Cape, I led the national security business at Palantir. That
experience was actually the catalyst for Cape. Itâs where I first
learned about the massive array of vulnerabilities that exist in our
current cellular networks. I saw how those gaps impacted not just
government organizations, but everyday people, and I realized that
the mobile phones we carry every day are perhaps the single largest
risk to our privacy.
I needed that experience to understand the depth of the problem, but
once I left to start Cape, that connection ended. Cape has no ties to
Palantir. We aren't a subsidiary, we aren't a "front," and we don't
share data with them. The only thing we took from Palantir was the
desire to fix a broken system. If you want to see me and some of the
rest of our founding team talk more about this topic, you can watch
this video on our Instagram page here.
Another related theory Iâve seen online is that Cape is a honeypot
for law enforcement. Cape is not a honeypot. Itâs so hard to prove
a negative, but at least I can say it clearly and out loud: Cape is
not a honeypot.
We are a group of individuals who deeply value privacy. That mission
carries across everything we do, from our work with the US government
and allies, to everyday people, and everything in between.
We are incredibly proud to work with people who protect our country
by ensuring they have secure, trusted communications wherever they
are. [1] We also work with the EFF to provide investigative
journalists and activists with free Cape service so they can do their
work safely. [2] We partner with non-profits to support victims of
domestic abuse who are facing cyber-stalking and digital harassment.
[3] We are a young company growing exponentially, and we don't plan
on slowing down. We know we have to earn your trust every day. The
truth is, no one else is building a high-quality, first-class
solution to these specific cellular problems. We are committed to
being the ones who do it right.
HTML [1]: https://www.bloomberg.com/news/articles/2024-04-18/us-navy-t...
HTML [2]: https://www.cape.co/journalists-and-activists
HTML [3]: https://www.cape.co/break-free
dlenski wrote 5 hours 35 min ago:
> Another related theory Iâve seen online is that Cape is a
honeypot for law enforcement. Cape is not a honeypot. Itâs so
hard to prove a negative, but at least I can say it clearly and out
loud: Cape is not a honeypot.
I'm sure you know this, but for others who may not: there's a
history of splashy new mobile operators which promise security and
privacy as their core feature, but turn out to be a front for law
enforcement. [1] is the preeminent example.
There are also people working in this space who are cranks and
morons. In summer 2023, I had a phone call with the founder of a
well-known startup founder from the dot-com era. He was trying to
launch a privacy-focused cell network and messaging software. But
everything about his approach was wrong, almost to the point of
being an anti-solution to the problems he was trying to solve, as
if he was totally unaware of the past 20-30 years' worth of
learning about end-to-end encryption and mass surveillance.
He was also a conspiracy theorist: during our call, he repeatedly
and unironically referred to a documentary film created by a
well-known convicted felon and serial liar, as a source of credible
information about the world.
> We also work with the EFF to provide investigative journalists
and activists with free Cape service so they can do their work
safely. [2] That's good to know.
It appears from the EFF site that you were involved in developing
the Rayhunter tool which they announced last year?
HTML [1]: https://en.wikipedia.org/wiki/Operation_Trojan_Shield
HTML [2]: https://www.cape.co/journalists-and-activists
HTML [3]: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-o...
J57E6H2hxM wrote 11 hours 14 min ago:
Hey John, how did being a GB shape your later career? Were you an
Echo?
Currently in cyber as a Guard O/civ and also considering SFAS.
Thank you!
johndoylecape wrote 9 hours 8 min ago:
Hey thanks for the question! I was indeed an Echo. I loved my
time in SF, and I learned a lot about being a good teammate and
doing hard things in ambiguous environments, and a bit about
secure comms. The first two will help at any startup, and the 3rd
doesn't hurt at Cape...
Only you know if you want to jump into SFAS. I knew I'd always
regret not doing it, which made the decision easy for me.
pjc50 wrote 12 hours 51 min ago:
> I led the national security business at Palantir
> group of individuals who deeply value privacy
.. do you see the problem here?
birdsongs wrote 15 hours 46 min ago:
> That mission carries across everything we do, from our work with
the US government
Can you expand on this? Because currently, the US government is not
someone I want the companies I use to work with.
> The only thing we took from Palantir was the desire to fix a
broken system.
What broken system does Palantir fix?
Ms-J wrote 22 hours 12 min ago:
Someone doesn't need to work for Palantir or the military to
understand that cellular security is fundamentally broken and
completely insecure.
That is a lot of highly polished for the camera media you dropped
into that post. The way that you word things, such as "Cape is not
a honeypot." but don't delve any deeper, to start, gives someone
less than zero confidence or trust in your words.
I have seen enough in the industry to say that your words are
meaningless.
j-bos wrote 9 hours 6 min ago:
> The way that you word things, such as "Cape is not a honeypot."
but don't delve any deeper, to start, gives someone less than
zero confidence or trust in your words.
Neither or against either perception but this reminds me of
HTML [1]: https://barrypopik.com/blog/i_know_its_not_true_but_lets...
alek-cape wrote 21 hours 13 min ago:
John's account was throttled since it's new. Posting this on his
behalf.
----
You're right that you don't need to do those things, but I would
argue that my background made me uniquely situated to understand
and care about these problems deeply enough to spend years of my
life building a company in response.
I say "Cape is not a honeypot" a lot just so I don't appear to be
mincing words. If you want to delve deeper on how we treat
customer data, a couple of good resources are our privacy policy:
[1] And our trust page: [2] You can also check out our blog for a
bunch of posts on specific features we've built, etc.
HTML [1]: https://www.cape.co/privacy-summary
HTML [2]: https://trust.cape.co/
UnreachableCode wrote 13 hours 54 min ago:
What about some form of external auditing down the line to add
legitimacy to these honeypot claims? Maybe open sourcing the
technology as well?
simfree wrote 4 hours 11 min ago:
What can be open sourced (GrapheneOS) already is, and the
remainder is business logic that they have described for the
MVNO that is likely carrier specific and tied to the oddball
MVNO platform they are using.
Very hard to make the latter usable by anyone else IMO.
bsstoner wrote 13 hours 5 min ago:
Weâre working on an audit now. Thereâs an RFC on Reddit
looking for input:
HTML [1]: https://www.reddit.com/r/CapeCellular/s/zTn7HQ0emo
close04 wrote 14 hours 18 min ago:
> but I would argue that my background made me uniquely
situated to understand and care about these problems deeply
enough to spend years of my life building a company in
response.
Maybe but this line of argumentation also opens the door to
more criticism. Anyone looking at Palantir from the outside
only knows their reputation and involvement in unsavory
projects before taking a job. You chose to take the job with
that knowledge covering most of your field of view. You stayed
to work for that company contributing to that kind of work.
That's a signal that's brighter than the valuable experience
you gathered there. Tech can be learned but the values needed
to support or even tolerate Palantir's activities don't get
easily changed.
The premise of your company pivots on trust, not technology,
the same tech is known and available to everyone else too. And
it's trust in you that you will do what you say, not that you
can do what you say. The latter is a given, you clearly have
the knowhow. The former is putting any promise in doubt.
> Cape routes your traffic through our US-based mobile core.
This sounds like an anti-feature when it comes to privacy or
the paranoid.
> I say "Cape is not a honeypot" a lot just so I don't appear
to be mincing words.
I appreciate you saying it but Crypto AG probably also said
that a lot (figuratively).
> Cape does not keep this data.
Unfortunately you are limited in what you can do here. Having
or processing this data for any amount of time, even without
keeping it, puts you in the position to be compelled to provide
it.
bsstoner wrote 12 hours 59 min ago:
This is valid feedback and itâs on us to earn trust over
time through our actions. I will say that Cape is a company
of almost 100 people from many different backgrounds. Prior
to Cape I spent almost a decade at DuckDuckGo. Weâre a
group of people that is frustrated with the status quo in the
telco industry and want to do better.
One of the efforts weâre working on now is an audit of our
data retention claims. We recently posted an RFC on Reddit if
anyone from this community has input: [1] We plan to continue
to do more things like this that increase transparency and
build trust over time.
HTML [1]: https://www.reddit.com/r/CapeCellular/s/zTn7HQ0emo
dang wrote 17 hours 9 min ago:
Yikes, sorry guys (I'm a mod here). I've marked his account
(and yours!) legit so this won't happen again.
It's my least favorite thing about HN that high-quality new
accounts, such as founders jumping into threads about their
work, sometimes get throttled by the software. Gah.
alek-cape wrote 5 hours 21 min ago:
Appreciate it, and totally understand the need for it.
Glad to see we won't run into it again, and that our
workaround wasn't a problem.
johndoylecape wrote 9 hours 0 min ago:
Thanks! No worries. I'm trying to respond to a few more
comments, but seems like the thread is winding down.
drnick1 wrote 22 hours 48 min ago:
What about crypto payments?
How does this compare to silent.link?
mzmzmzm wrote 22 hours 59 min ago:
So it's an MVNO mostly on the AT&T network with extra privacy features?
I think it still all then comes down to how you use your phone and how
much you can trust the whole pipeline. I use Credo Mobile which doesn't
seem totally different.
HTML [1]: https://www.credomobile.com/our-story
efficax wrote 23 hours 1 min ago:
No way this isn't funded by the CIA
burnt-resistor wrote 21 hours 19 min ago:
In-Q-Tel probably.
Bender wrote 2 hours 58 min ago:
From Gemini:
based in Arlington, VA, is primarily funded by high-profile venture
capital firms, including Andreessen Horowitz (a16z), which led
their Series B, A Capital, Costanoa Ventures, ex/ante, Point72
Ventures, and XYZ Ventures.*
Arlington, VA ... is an interesting location that aligns with your
guess. A similar situation happened some time ago with a drug
cartel that thought they built their own private phones and phone
network. I am not saying it's related, just feels similar.
iamnothere wrote 23 hours 15 min ago:
Unfortunate that it doesnât seem to support Linux phones. Phreely or
Purismâs AweSIM would be a better fit for anyone running a
non-Android/non-iOS setup. Hopefully they add this in the future.
gruez wrote 23 hours 38 min ago:
>Identifier Rotation
>Protect yourself from persistent tracking by rotating your IMSI every
24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got
a new phone to use with this service, it can instantly be linked back
to whatever previous service you're using. If we assume that whatever
carrier they partner with keeps both IMEI and IMSI logs (why wouldn't
they?) it basically makes any privacy benefits from this questionable.
It's like clearing your cookies but not changing your IP (assuming no
CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs"
don't really help when the person you're calling has a carrier that
keeps logs, and if both of you care about privacy, why not just use
signal?
They're asking $99/month for this, which is a bit steep. If you only
care about the rotating IMSI, don't care about PSTN access (ie. no
calls/texting), you can replicate it with some sort of data esim for
much cheaper. The various e-shops that sell esims don't do KYC either.
kotaKat wrote 11 hours 14 min ago:
Also even if the IMSI rotates⦠the authentication Ki to the network
doesnât!
Whoops.
numpad0 wrote 12 hours 54 min ago:
I saw somewhere - it's not like "I know a friend" but literally read
somewhere - IMEI is just configurable with standard cracked
virus-loaded copies of QXDM :p
But realistically, none of that matters. You'll be the only one in 10
miles with this SIM that always uses an never-before-seen IMEI that
connects to the exact same set of domains. That's some mall ninja
stuff.
Carriers don't just log IMEI/IMSI, as well as last hop cell towers
and your precise location, they need those information to route
packets back to the phone. You can't establish TLS with bogus IP
addresses. That's why people like Stallman or unnamed friend of a
friend ex-CIA guys on Internet says cell technologies are evil mass
surveillance tools.
ThePowerOfFuet wrote 7 hours 51 min ago:
>You'll be the only one in 10 miles with this SIM that always uses
an never-before-seen IMEI that connects to the exact same set of
domains.
Always-on Mullvad solves that nicely.
numpad0 wrote 2 hours 58 min ago:
And that's the "exact same set of domains" I'm talking about.
bsstoner wrote 22 hours 45 min ago:
Hi -- Head of Product at Cape. This is a good question. I will say up
front there is no silver bullet for privacy on cellular networks
given the way they were designed to interoperate. Our strategy is to
offer many different protections that collectively make it harder for
your activity to be tracked.
The details of what our carrier partners can see is in the table at
the bottom of our privacy summary: [1] . We add noise to their data
by doing things like rotating your IMSI daily and spreading traffic
among multiple carrier partners. If the data is messy enough and not
associated with your personal information, there should be less
monetary incentive for the carrier to try to piece it together when
they have an abundance of clean data with stable identifiers and
verified personal information.
Additionally, with disappearing call logs, it's about reducing
surface area. Fewer logs in less places.
HTML [1]: https://www.cape.co/privacy-summary
ThePowerOfFuet wrote 7 hours 45 min ago:
>Subscriber SIM number (IMSI)
You mean the ICCID?
jrexilius wrote 21 hours 23 min ago:
A sort of related question, is the user able to actually power-off
the baseband carrier chip and still keep the phone powered on? I
seem to recall there being some 911 regulations around that topic.
But it might be a way to enable the user to at least disable that
tracking vector, while still using the phone offline or via wifi?
ThePowerOfFuet wrote 7 hours 44 min ago:
That's what Airplane Mode is for.
inigyou wrote 13 hours 55 min ago:
This feature is called Flight Mode or Airplane Mode on most
phones. You'll know if your phone implemented it this way because
your battery life will go wayyyy up while in the mode.
montyanne wrote 21 hours 55 min ago:
> We add noise to their data
Itâs interesting that Apple is going down a similar path with
hardware filtering location retrieval commands and
neighborhood-level blurring on their C1 modems. Really awesome work
from that team by making sure theyâve considered privacy as a
first party feature for that chip.
How do you guys view the relative value of privacy/security at the
network provider layer of the cell stack for the average
user/citzen?
Even if Cape doesnât retain metadata yourselves (eg LTE
positioning info), is that data not still retained and repackaged
by the tower owners themselves? Eg babel street, venntel, etc. A
rotating IMEI every 24 hours might make it marginally more
difficult for logical tracking, but thereâs still only physically
one location the phone can be in without fuzzing at the hardware
level.
I should also say - Iâve been following yâallâs work for a
while (and considered some of those early forward deployed engineer
positions), but Iâm struggling to see how this all works as a
consumer product. Would be awesome to see an eventual partnership
with Apple/Qualcomm to bring this to the hardware level since
privacy is a tough nut to crack even at full MVNO.
tangelogica wrote 3 hours 36 min ago:
> Itâs interesting that Apple is going down a similar path with
hardware filtering location retrieval commands and
neighborhood-level blurring on their C1 modems.
Are there any technical writeups on this yet? I agree, itâs
really cool and would love to read about how theyâre doing it
bsstoner wrote 21 hours 5 min ago:
Appreciate the shoutout. We love what Apple is doing in this
area. There is a lot of room for them to help improve things at
the modem/hardware/OS layer.
On the tower question, youâre right, we canât control what
data is collected by the tower owners. Like I said above our
strategy is to add noise through a variety of methods that makes
it harder (not impossible) for anyone collecting data to track
you. We also give you multiple phone numbers. I think this stuff
adds up and is a meaningful improvement over the status quo for
most average user/citizens.
I like to use the organic food analogy. If given the choice, why
not choose the carrier that is actually making an effort not to
track you vs everyone else who clearly doesnât care?
vigilans wrote 6 hours 26 min ago:
In my case, highlighting a16z is why.
Organic garlic never talked up a partnership with .
LorenDB wrote 23 hours 48 min ago:
> Enjoy unlimited high-speed data; after 50GB, speeds may slow to 256
kbps.
Last I checked 256 Kbps is not high speed. You can advertise this as
unlimited data, or you can advertise it as 50 GB of high-speed data,
but you can't call it unlimited high-speed data.
jauntywundrkind wrote 20 hours 46 min ago:
Google Fi has been 256k after the soft cap since they launched.
Majorly embarrassing, took me tears to sign up because of this.
Comcast I think is the best? Haven't checked in a while but their
mobile plan I think soft caps to 1Mbps.
cbdevidal wrote 12 hours 46 min ago:
A slightly different definition of âbestâ is Verizonâs
Visible division. NO caps. Just slightly deprioritized speeds 100%
of the time. Their website says 5Mbps speed cap at all times but
Iâve tested 180Mbps and that was after using like 30GB on my
hotspot. Basically all-you-can-eat (including the hotspot) with a
risk that sometimes itâll slow a little compared to others on the
network, for $25/mo.
bombcar wrote 11 hours 26 min ago:
There's a real big difference between "one byte over the line and
you're on a 56k modem" and "if you exceed your cap, you're
deprioritized to last on the cell pole". The latter is how it
should be implemented.
johndoylecape wrote 22 hours 38 min ago:
That's a fair point, we should change that verbiage.
MrDOS wrote 7 hours 19 min ago:
Several years ago in the UK, giffgaff had a similar plan (throttled
to 384 kbps after 80 GB throughput) which they called âalways
onâ. I thought that was a good linguistic compromise.
quietsegfault wrote 22 hours 6 min ago:
Why canât it throttle to something slightly higher? Even 100-200
KBps? Is that a requirement from the âupstreamâ network
provider?
johndoylecape wrote 21 hours 22 min ago:
It's not. We chose this baseline sort of by default based on the
practices of some other major carriers. Your question is a good
one, and we'll take it as feedback.
phantom784 wrote 9 hours 9 min ago:
A few Mbps would be nice - fast enough to make the modern web
mostly usable. 256 Kbps is almost the same as not working at
all.
altairprime wrote 17 hours 19 min ago:
I would be a lot less worried about signing up for that plan if
I could soft-cap myself at 10GB until I login to the app and
push a button that says "yeah for real I'm going to use another
10GB of mobile data", so that if iOS goes bonkers and tries to
download my entire 90GB iTunes library over cellular, it
doesn't fuck me over for a month. I haven't exceeded 7GB/mo
intentionally for years, but it's happened twice so far against
my express wishes, and carriers are uniformly awful at that.
quietsegfault wrote 22 min ago:
Thatâs a great idea. I rarely use more than 10-15 GB except
if Iâm tethering and something decided to slurp up all my
data.
bsstoner wrote 13 hours 8 min ago:
This is good feedback. We donât want caps and throttling to
be a blocker for signing up and using us. Since weâre at a
premium price point we should economically be able to be a
lot more generous than existing carriers.
quietsegfault wrote 19 min ago:
I donât think keeping the status quo of throttling caps
will stop anyone from signing up. As long as itâs not any
worse, I donât think it would deter me due to the other
features you offer. The main reason why I donât change is
my spouse and kids donât care about privacy and I can get
them service for cheaper!
I donât really think about caps all that much except in
theory. I would love speed tests to be excepted from caps,
but I get why that isnât always workable.
altairprime wrote 4 hours 47 min ago:
Yeah. As a olde ex-carrier type person, I want burst mode
unlimited, I expressly do not want continuous saturated
unlimited, if that makes any sense. So if you tune the
service to warn me âyouâve used 10% of your cap in five
minutes so weâve slowed your service down temporarily,
respond with YES if this is intentional and we should speed
it back up, otherwise itâll reset in the morningâ, that
would be an example of best in category service thatâs on
my side rather than the carrierâs overage fees profit
line item.
I donât mind that you have caps, I consider caps to be a
marketable form of 90th percentile billing to consumers, so
please donât take this as âremove all capsâ â but
definitely find an in-between thatâs more nuanced than
âyou reach arbitrary threshold 50G at 1gbps 5G and so it
only took 8 minutes and 40% battery, too bad so sad now
your entire month of data is at DSL speedsâ. (This
sarcastic tone is not a critique of you! but of the general
carrier practices that leave me worried about you.)
In a dream world my usage percentile for the past 30 days
would be inversely proportional to my bandwidth speed so
that momentary usage to download a software update had no
meaningful impact, but running nonstop continuous data for
four hours straight caused a measurable drop in bandwidth
(which protects my battery and the network health). Itâs
not fiber-optic or fixed-installation wireless and I do
respect the shared base antenna capacity problems!
bombcar wrote 11 hours 27 min ago:
Charge $5 more for everyone, and then rebate $5 against
your next bill if you don't go over X GB or whatever.
It ends up being the same as charging $5 if you go over,
but it'll feel much more premium.
quietsegfault wrote 18 min ago:
This is what my carrier does for me, except the limit is
like 2GB or something.
chirau wrote 12 hours 52 min ago:
I would like to try Cape. How do guys deal with IMEI
tracking from folks like Google when i search or use their
email? Or that one is beyond your control?
ThePowerOfFuet wrote 7 hours 52 min ago:
What makes you think Google has access to your IMEI
through using their search engine?
throawayonthe wrote 11 hours 11 min ago:
Can you elaborate?
konaraddi wrote 23 hours 56 min ago:
I hope this succeeds and isnât backdoored
wao0uuno wrote 15 hours 57 min ago:
It's a pretty obvious honeypot. They're promising privacy even though
they can't realistically provide it. The whole thing has ties with
American surveillance companies. It's Operation Trojan Shield all
over again.
helterskelter wrote 23 hours 58 min ago:
How does this compare to Phreeli [1]? Has anyone here used either of
the services?
1:
HTML [1]: https://www.phreeli.com
Noaidi wrote 8 hours 54 min ago:
Peel really only protect your privacy at the level of purchase. Not
associating your name address or any other data with your phone
number. Cape seems to be doing something far more technical so that
no one can locate you by your phone number using ordinary
triangulation.
monster_truck wrote 1 day ago:
Do not fall for a word of this. If you've spent any time dealing with
actual SIP providers (ie not the shit you'd hook an app up to, the ones
debt collectors use), you'll know exactly how much you can trust them.
Same difference
dguido wrote 23 hours 34 min ago:
I have a conflict of interest here (I am an advisor to Cape, also a
security expert, and my company has done security audits for Cape),
you should absolutely look more deeply into what Cape has created.
Their service is fundamentally different than other "security-focused
cell providers" (mostly snake oil IMHO) because Cape wrote their own
mobile core, nearly from scratch. They control the whole software
stack and have done really innovative things with it.
Here are a few things you might want to look at more closely:
Encrypted voicemail uses public key crypto: [1] How they use full
control of the mobile core to detect SS7 signaling attacks [2]
Swapping SIMs is done via digital signatures, not customer support
[3] They're the only provider that can rotate your IMSI, and do it
continuously for you [4] They're also one of very few organizations
doing original research on cell network security:
Collaborating with the EFF to release software for detecting cell
site simulators (e.g, imsi catchers et al) [5] Identifying novel
weaknesses for physically tracking people on cell networks
HTML [1]: https://www.cape.co/blog/product-feature-encrypted-voicemail
HTML [2]: https://www.cape.co/blog/product-feature-network-lock
HTML [3]: https://www.cape.co/blog/cape-product-feature-secure-authent...
HTML [4]: https://www.cape.co/blog/product-feature-identifier-rotation
HTML [5]: https://www.cape.co/blog/how-eff-and-cape-collaborated-to-im...
HTML [6]: https://dl.acm.org/doi/pdf/10.1145/3636534.3690709
monster_truck wrote 13 hours 46 min ago:
I read the website you really didn't need to go through this
trouble. In fact it has only redoubled my doubts.
Very aware of who you are, and have done plenty of security work
myself. Here's what I want from you: How can you prove this isn't
just Anom 2.0
roughly wrote 23 hours 25 min ago:
Iâm curious if youâre able to comment on the IMEI question
raised above - rotating the IMSI is good, but are the towers still
collecting IMEIs?
bsstoner wrote 22 hours 39 min ago:
Details on what the tower sees are at the table in the bottom of
this blog post:
HTML [1]: https://www.cape.co/blog/product-feature-identifier-rota...
anonymous541908 wrote 23 hours 26 min ago:
Is it free and open source software?
throwaway57572 wrote 1 day ago:
You might check out who the CEO is here and how he runs the company and
then consider whether you'd trust them. And look at the infra providers
they use. Not what I would call the most upstanding bunch.
rsync wrote 19 hours 53 min ago:
Iâm open minded.
Seeing a warrant canary would be encouragingâ¦
altairprime wrote 17 hours 7 min ago:
They're a US mobile telco, a warrant canary wouldn't last a year
here. That's not, on the surface, a useful differentiator between
mobile service providers. Did you have a specific kind of warrant
canary in mind that would act as a differentiator, or is there some
aspect of warrant canaries I've overlooked that makes them
meaningful for US telecoms that are governed by US federal and
state laws, or..?
johndoylecape wrote 9 hours 1 min ago:
This is correct. We talked about canaries a bunch internally and
came to the same conclusion-- not really worth it in this context
(but please do offer up a model that makes sense if you see one).
I came to the conclusion the best we can do is what you see in
our privacy policy: we notify our users when we're served with
legal process that is not subject to a gag order, and we pledge
to push back on any law enforcement request we receive that is
not properly formed or narrowly tailored as required by law. I'd
love input/ideas on how to be stronger here.
johndoylecape wrote 22 hours 50 min ago:
Hey, John Doyle here (CEO of Cape). I'm happy to dig into how I run
the company, or the infra providers we use. I actually think we're
pretty upstanding! If there are questions I can answer that will put
your fears to rest, let me know.
loteck wrote 21 hours 56 min ago:
Can you please respond with a full throated opinion of what
Palantir is today? This seems to be what everyone is thirsting for
and what you are perhaps inadvertently dancing around.
johndoylecape wrote 9 hours 3 min ago:
I'm 4 years removed from the company at this point, so any
opinion I could offer would not be much more than any rando on
the internet reacting to news stories.
simfree wrote 4 hours 2 min ago:
Thank you for being honest and up front about your background.
It is very meaningful that you do not try to hide it, and I
feel it increases trust.
helterskelter wrote 1 day ago:
...care to elaborate?
nxobject wrote 23 hours 30 min ago:
This probably doesn't cover what OP said, but after reading the
CEO's intro post, I left a little more depressed. Make money off
surveillance, and then make money off selling a privacy product.
> At Palantir, where I started in technical roles more than 10
years ago, I learned about a wide array of vulnerabilities in the
cellular network that present a threat not only to mission-focused
organizations in government, but also to everyday people. I came to
see mobile phones â and the networks that power them â as
perhaps the largest risks to our privacy and security.
> If you told Americans twenty years ago that corporations and
governments would conspire to attach powerful tracking devices to
nearly every adult worldwide, it wouldâve sounded like science
fiction. And yet, thatâs not far from where we are today.
HTML [1]: https://www.cape.co/blog/building-the-future-of-mobile-pri...
johndoylecape wrote 22 hours 49 min ago:
I hear what you're saying, though another framing would be "learn
about serious problem, build company to fix serious problem."
nxobject wrote 36 min ago:
Similar to OP â I appreciate you hanging around and answering
regardless of how hostile it feels.
We may or may not be convinced by the details you're able to
give us, but regardless of that you've made the discussion more
informed, technical, and less speculative, which is in the best
spirit of HN.
montyanne wrote 21 hours 42 min ago:
Appreciate you sticking in here and answering the hard
questions.
How does the company handle the split between your defense and
consumer products? Do you see there being conflicting interests
here?
johndoylecape wrote 21 hours 29 min ago:
Great question. The product is basically the same-- it's a
cell phone network and we sell connectivity to it.
A helpful thing to keep in mind is that everyone has
basically 2 use cases for their cell phones:
1. Send and receive calls and SMS
2. Connect to the internet
Whether you're a national security professional, an
investigative journalist, or an average consumer who values
privacy, that's what you do with your phone. So if we can
build features that make you more secure and more private
across those two use cases, we have a product that can help
both government and consumer users.
Sometimes when people ask the "conflict" question they mean
some version of "but doesn't the government then ask you for
a backdoor to get all the data?" All we can really do here is
stand by our privacy policy. We store the minimum amount of
data possible, we promise not to sell your data to anyone, we
notify our users if we receive legal process on their account
that is not subject to a gag order, and we pledge to push
back on any law enforcement request we receive that is not
well formed and narrowly tailored as required by law.
The backdoor/honeypot fears are often related to the Anom
story that came out a few years ago. It's not a perfect
rebuttal, but the reporter that broke that story has written
about Cape a couple of times. You can read those articles
here: [1]
HTML [1]: https://www.404media.co/privacy-telecom-cape-introdu...
HTML [2]: https://www.404media.co/i-dont-own-a-cellphone-can-t...
putlake wrote 6 hours 0 min ago:
Appreciate the transparency. Curious: What percentage of
legal process on your users' accounts are subject to a gag
order?
theearling wrote 23 hours 32 min ago:
Palentier and A16Z connections...
Ms-J wrote 22 hours 9 min ago:
"but... but... trust me!"
By the way, if you look at this thread you can see Cape has
deployed narrative control.
buttocks wrote 1 day ago:
Will not pass muster with FCC. Know Your Customer regulations require
the company to ⦠know the customer. They will not last.
rsync wrote 19 hours 48 min ago:
False.
You can sign up for US mobile service, which is a Verizon MVNO, right
this moment with no personally identifiable information at all.
Remember: neither the visa nor MasterCard payment networks have any
support for customer name. Everyone pretends that they do, but they
do not. In the absence of an additional security layer like
âverified by visa âthere is no way to verify cardholder name.
jrexilius wrote 21 hours 41 min ago:
I think the regulations have some loopholes for domestic use, but one
I don't know how they can really get around is for international
roaming, as other countries have far stricter KYC laws.
Domestically you can buy a Tmobile or Cricket with a pre-paid visa
cash card and a gmail address (no ID required), but they won't work
outside the US.
gruez wrote 23 hours 44 min ago:
>Know Your Customer regulations require the company to ⦠know the
customer
Which KYC regulations exist for carriers? AFAIK you can walk into any
store and get a SIM card. The most they ask for is maybe E911 which
they don't check.
psim1 wrote 21 hours 57 min ago:
Carriers both land/VoIP and wireless must attest to having fraud
mitigation measures; this is the "Robocall Mitigation Database" and
in Cape's record they exempt themselves from STIR/SHAKEN
attestation but state they have measures to prevent fraudulent
calling. (which is required for them to be permitted to operate)
What kind of measures are possible to prevent fraudulent calls when
the caller is your anonymous customer? The answer is obviously
"none," unless you respond to every complaint by terminating
service of the offending customer and hoping they don't come back.
fc417fc802 wrote 21 hours 44 min ago:
> What kind of measures are possible to prevent fraudulent calls
when the caller is your anonymous customer?
Presumably some fairly basic heuristics would be sufficient.
Robocalling isn't economically viable if you only get a few calls
per subscription. You need to place (I assume) at least thousands
of calls per day per subscription for it to even begin to make
sense. Any account doing that is going to be blindingly obvious
provided you have even 30 minutes worth of logs.
I can already walk into Walmart and purchase a cheap prepaid
device with cash. That's pretty close to anonymous.
whiterock wrote 23 hours 38 min ago:
not in Europe no more for a few years now.
gruez wrote 23 hours 21 min ago:
"Europe" isn't a monolith, and there are quite a few countries
that don't require any KYC, UK and NL to name two.
jrexilius wrote 21 hours 38 min ago:
You don't need an ID to buy a SIM in UK? I remember not
needing one a long time ago but in recent years was asked for
one.. maybe not a law? irregularly applied?
dlenski wrote 1 day ago:
From their "Features" drop-down:
> Minimal Data Collection
> Identifier Rotation
> Secondary Numbers
> Disappearing Call Logs
> SIM Swap Protection
> Network Lock
> Encrypted Voicemail
> Private Payment
> Last-Mile Encrypted Texting
> Secure Global Roaming
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network
Lock" do look interesting *IF* they can actually address some of the
baseband vulnerabilities that plague all modern devices. That's a Big
If.
SIM Swap Protection you already get by using a VoIP number rather than
a cell number.
And the other features are irrelevant if you're using over-the-top
end-to-end encrypted messaging, like Signal, rather than Plain Old
Telephone Service and SMS.
qingcharles wrote 23 hours 2 min ago:
Are there solid VoIP providers that aren't detected by 2FA SMS
services? I can't use my Google Voice for a decent chunk of sign-ups
because it is detected (and rejected) too easily. I hate getting
spam, so I try to keep my primary phone number only for friends and
family.
dlenski wrote 18 hours 14 min ago:
I've used my Google Voice number as my primary number for ~15 years
at this point. (I use my "real" phone number so little that I have
trouble remembering it.)
I've had almost no problems using my GV number for 2FA. Venmo is
literally the only service I've ever used that won't accept it for
2FA⦠and now Venmo offers non-SMS based alternatives, which is
good because SMS-based 2FA is the reason that the SIM-swap attack
is worth doing.
List of services that allow Google Voice for 2FA:
HTML [1]: https://www.reddit.com/r/Googlevoice/comments/1c571kw/crow...
simfree wrote 4 hours 6 min ago:
Google Voice is requiring ID verification now, and porting your
phone number out is difficult as they charge an unlock fee and
you get to deal with Bandwidth.com's port out shenanigans as they
are the real underlying carrier for Google Voice.
rsync wrote 19 hours 55 min ago:
2FA mule.
HTML [1]: https://kozubik.com/items/2famule/
fc417fc802 wrote 20 hours 58 min ago:
Serious question, what services are you using that this isn't a
deal breaker for you? And why isn't it?
Most services either don't have a legitimate interest in my phone
number (so they can get bent) or they do have a legitimate interest
in which case not accepting my phone number means they aren't doing
their #$&^ job (so they can get bent).
It helps that the only services I'm willing to provide my phone
number to are those that already inherently involve my PII. Banks,
online shopping, etc. So if they won't accept whatever I give them
I'll take my business to a competitor.
busko wrote 22 hours 53 min ago:
Objectively, it gets even worse in regions where Google voice isn't
available. The only options seem to be online SMS portals where a
relatively small set of numbers are shared across many users.
If anyone knows of a good, secure VoIP provider outside of the US
I'd be keen to hear about it.
upofadown wrote 12 hours 10 min ago:
Jmp.chat is the same sort of the same thing as Google voice and
is allegedly based in Canada. It has the bonus feature of using
standard XMPP clients.
dlenski wrote 18 hours 9 min ago:
VoIP.ms works great in both the US and Canada. (I believe it
started here in Canada.)
Also, many Canadian financial institutions (including the CRA,
Wealthsimple, and BMO) work fine with US phone numbers for 2FAâ¦
including Google Voice, in my personal experience.
HTML [1]: https://www.reddit.com/r/Googlevoice/comments/1c571kw
simfree wrote 4 hours 3 min ago:
VoIP.ms is hard to port into and out of, I've repeatedly seen
them drop part of the account number when transferring a
number, then drag their feet for days thereafter on
resubmitting the port.
Always ask for the Port Order Number (PON) so you can follow up
with the other carrier to see what they received from VoIP.ms
gruez wrote 22 hours 58 min ago:
Use sms verification services that spammers use. They're
implemented by using banks of sim cards placed in some apartment
somewhere, so it's as "real" as it can get.
HTML [1]: https://cotsi.org/methodology
gruez wrote 23 hours 28 min ago:
>do look interesting IF they can actually address some of the
baseband vulnerabilities that plague all modern devices. That's a Big
If.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg.
pixels), their access to memory is restricted by IOMMU, which
protects the rest of the phone from being compromised if there's some
sort of an exploit. Once that's factored in, most exploits you can
think of are "on the other side of the airtight hatchway[1]". For
instance if you can hack the baseband to steal traffic, you should
probably be more worried about your carrier being hacked or getting a
lawful intercept order. Or if you're worried about the phone
triangulating itself, you should probably be more worried about your
carrier getting hacked and/or selling your location data.
HTML [1]: https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...
dlenski wrote 16 hours 12 min ago:
> Baseband vulnerabilities are overhyped, imo. On proper phones
(eg. pixels), their access to memory is restricted by IOMMU, which
protects the rest of the phone from being compromised if there's
some sort of an exploit.
Doesn't Google require all new Android-branded devices to isolate
the baseband from the Android OS and applications?
I swear I read this somewhere in the last few years, though I can't
seem to find any clear reference to it now. Hmmm.
> For instance if you can hack the baseband to steal traffic, you
should probably be more worried about your carrier being hacked or
getting a lawful intercept order.
Everything should use TLS/DTLS/QUIC, and an up-to-date PKI for
obligatory certificate validation, otherwise I assume it's already
being MITM'd by the NSA, every other three letter agency on the
planet, corporate firewalls, and my ISP.
rl3 wrote 22 hours 25 min ago:
Baseband vulnerabilities are overhyped, imo. On proper phones (eg.
pixels), their access to memory is restricted by IOMMU, ...
That just kicks the can down the road to "Why should we fully trust
the IOMMU?"
Granted, it does defend against the vast majority of actors.
fc417fc802 wrote 21 hours 1 min ago:
... because that's literally the IOMMU's job? Why should we trust
the TPM or the CPU or a YubiKey or anything, really? I don't
completely trust any of it but to get anything done you have to
trust something at some point.
rl3 wrote 16 hours 18 min ago:
>Why should we trust the TPM or the CPU or a YubiKey or
anything, really?
You raise a good point.
bryancoxwell wrote 1 day ago:
Not sure what IMSI rotation has to do with baseband vulnerabilities?
dlenski wrote 18 hours 12 min ago:
It stymies attempts to track mobile devices over multi-day periods
using their IMSIs.
Trackability is definitely a vulnerability.
bryancoxwell wrote 12 hours 21 min ago:
Right but itâs not a baseband vulnerability
dlenski wrote 5 hours 30 min ago:
Huh �
IMSI tracking is a consequence of how baseband devices
communicate over-the-air, just as WiFi MAC address tracking is
a consequence of how 802.11 devices communicate over-the-air.
And it's definitely a vulnerability, because it's used to track
end users and reduce their privacy.
So it IS a baseband vulnerability. And IMSI randomization
mitigates it to some degree, just as WiFi and Bluetooth MAC
randomization mitigate tracking via those identifiers.
bryancoxwell wrote 4 hours 50 min ago:
Iâm arguing that just because a baseband processor is
involved that doesnât mean IMSI tracking is a vulnerability
of the baseband processor itself. IMSI provisioning and
randomization cannot be done without cooperation with the
network operator and has nothing to do with the baseband
processor itself.
0xWTF wrote 1 day ago:
They built their own mobile core, does that help with resolving your
"Big If"? I'm not a cellular guy, I don't know which pieces of the
stack cover which attack vectors: I'm genuinely asking.
Also, the 50 foreign countries seems interesting.
dlenski wrote 5 hours 47 min ago:
> They built their own mobile core, does that help with resolving
your "Big If"?
Not really, but I too am uncertain about how to think about it.
Here's my long-winded but still limited understanding of the main
vulnerabilities that are unique :
NETWORKS: If I build a network, and I build it out of switched
Ethernet, and I control the premises completely, then I can
generally trust that the data flowing through it isn't being
secretly logged or tampered with. Moving away from this simplicity,
my distrust of the network increases rapidly.
A cellular network is pretty much the opposite of this simple
one-man, one-room, wired network, so I distrust it completely.
There is only one credible solution here: all traffic over the
network must be end-to-end encrypted and authenticated. That means
TLS/DTLS/QUIC/ESP/Wireguard with key-pinning and/or correctly
implemented and maintained PKI. Assume that any and all traffic
that is not E2E-encrypted and authenticated is subject to some
combination of mass surveillance and/or individually-targeted
attacks.
CELLULAR DEVICE HARDWARE: For historical reasons, modern
smartphones contain [at least] two CPUs:
1. The main "application" processor, an ARM64 SoC running an OS and
applications made by Google or Apple. They've put substantial
efforts into hardening these OSes and applications against remote
attacks.
Whether they're doing "enough" is another question; whether you
should trust them is another question. But they're at least trying
pretty hard to prevent rando malware-for-hire attackers from pwning
your device via over-the-air vulnerabilities.
2. The "baseband" processor, a ghastly fossilized thing that runs a
stack of overly-complex firmware dating back to 2G days, and
controls access to the cellular network. It is probably developed
by Qualcomm, which along with Samsung has a near-monopoly on
baseband processors for modern devices sold outside of China.
Qualcomm in particular is litigious and complacent about security
issues ( [1] ), and almost everything about the processors and
their firmware are closed-source and non-public.
The baseband processor is insecure both due to inattention, as well
as treachery. The end user of the device does NOT control it in the
way that the end user controls the main processor. Some nebulous
combination of the baseband vendor, the carrier, and the government
controls it (e.g. [2] ).
So the baseband processor is an untrustworthy thing that should be
walled off from the rest of the system, and only allowed to
communicate with the rest of it via narrow and well-defined
interfaces. However, this was not the case for many years: the
baseband processor has had way too much access to the system.
In recent years, this situation has improved somewhat: recent Pixel
devices with Google Tensor SoCs (and maybe others) have the
baseband isolated via an IOMMU. [3] ---
Okay, so can "Cape" do anything to assuage my concerns about _any_
of the above issues? Honestly, not very much. ¯\_(ã)_/¯
Cape can't increase my trust in the cellular network. Cape can't
increase my trust in the baseband processor on my device.
Cape can only do a couple things to make the baseband and the
network Slightly Less Evil: shuffle IMSI frequently to prevent
IMSI-based tracking, and don't let random scammers call up and
SIM-swap me.
HTML [1]: https://news.ycombinator.com/item?id=38620067
HTML [2]: https://news.ycombinator.com/item?id=46848303
HTML [3]: https://grapheneos.org/faq#baseband-isolation
wil421 wrote 23 hours 26 min ago:
Do they own the enodeBs or the RAN? How many hops does it take to
get to their core? Not sure how MVNO works maybe they have
encrypted VLANs to their systems. Not a RAN guy.
alek-cape wrote 20 hours 45 min ago:
We don't own eNodeBs/gNodeBs (the RAN). We operate as an MVNO. It
is worth calling out that we operate as a full MVNO though, which
is different from many MVNOs in the US currently, who tend to
fall on the lighter end of the MVNO spectrum.
The primary difference is we run our own mobile core entirely.
Can you elaborate on the hops question? Not sure I quite
understand what you're asking since there are a few ways to
interpret "hops".
simfree wrote 4 hours 7 min ago:
Which vendor did you choose to partner with to provide the
mobile core (IMS and such)?
I've talked to a few tangentially and it seems like an
interesting space.
treetalker wrote 1 day ago:
If anyone uses this and could tell us about your experience, please do!
dguido wrote 23 hours 29 min ago:
I use Cape every day on my iPhone. The service is excellent, and the
security features haven't ever interfered with my use of the phone.
They have a convenient mobile app for setting up extra features like
the IMSI rotation and getting support. As a tech savvy user, it
matches what I want.
I'm a target for a variety of things, and knowing that no one can SIM
swap me is worth the subscription alone. The SS7 protections,
encrypted voicemail, secondary numbers, IMSI rotation, etc are all a
bonus.
rsync wrote 19 hours 35 min ago:
You would be better off hosting your âphone number âat Twilio
and then forwarding that number to a throwaway SIM card that nobody
knows the number to.
Your âphone number âthat people interact with cannot be
hijacked with SS7 because itâs not a real number⦠youâre
immune to sim swaps ⦠And you can Jettison your physical phone
and SIM card at any time with no penalty.
As a bonus, because your actual phone number is now programmable
you can do interesting things like set up a SMS firewall. You can,
for instance, collapse all incoming text messages to ascii-256. Or
truncate their overall length. Or CC your incoming SMS to a
dedicated mailbox.
I have operated like this since 2016. I have no idea what my
physical SIM phone number is and neither does anybody else.
mingus88 wrote 1 day ago:
Iâm a skeptic. Itâs only been a handful of years since Anom was
backdoored by the Feds. The surveillance data provided by cell phones
is simply too good to let someone work around it
HTML [1]: https://www.vice.com/en/article/anom-backdoor-fbi-years-of-a...
johndoylecape wrote 22 hours 38 min ago:
This Anom comp comes up a lot. It's super hard to prove a negative,
so no matter many how times I say "Cape is not a honeypot," the
critics will just respond "that is exactly what a honeypot would
say."
We're working on some ideas to address this with audits etc, but it
will always be tough. However, if you like the idea, and like the
features, then maybe it is worth your time to do the work and get
comfortable with the company. Because we're the only ones providing
some of these features, and we have a lot more in the hopper still
to come. I hope we can win your trust at some point.
ranger_danger wrote 8 hours 22 min ago:
You don't have to prove a negative, but if you want real trust
from actually paranoid people, you will have to give up keys to
the kingdom and work hard for it.
All your software/hardware would need to be open source, you
would need to be regularly audited by neutral third-parties,
actively work with the community to provide paranoia-level
ongoing transparency reports and continuous improvements that the
community wants to see, be willing to adopt many suggestions
given by smart people, and just in general stop using your words
to tell people you're serious, and use your actions to show it.
If someone says they are skeptical of XYZ, ask them what they
would accept as proof, and then provide it.
Noaidi wrote 8 hours 47 min ago:
The issue Iâm having is that the morals of someone who would
work for a planteir and people who would be in the military are
not the morals of people who are advocates, or even might have a
moral understanding, of the importance of privacy. I can imagine
you creating the service because you see the market demanding
this privacy, but what bothers me is that you worked for these
companies in the first place.
Like others explained here, itâs amazing that you didnât know
these problems existed before you worked for at Plantier. If you
could explain your migration from delusion to insight in a
personal way of that might help me a bit more. In fact, if you
said Plantier was an evil company, I might have even more faith.
If someone elsestarted this company who had a long history in
privacy outside of the government, my take would be a lot
different. In my humble opinion, I think you donât really care
about privacy. Youâre just taking advantage of a market niche.
And what can I say but thatâs capitalism so good luck.
It would be better if you used your inside knowledge to fight for
laws banning these practices by all the telcos.
fc417fc802 wrote 21 hours 34 min ago:
I have no particular reason to trust that you aren't a honeypot
but I'd like to point out that I also have no particular reason
to trust that any other cell service provider isn't. In fact
given the recent e911 location data sale scandal I generally
assume that all of them are.
Even if it turned out that you were in fact a honeypot,
protection against SIM swapping and encrypted voicemail
presumably both provide security benefits regardless.
It's similar to the situation with VPN providers. The provider
could literally be the NSA themselves and I'd _still_ most likely
see security benefits from using it (unless the NSA happens to be
my adversary of course).
johndoylecape wrote 21 hours 26 min ago:
Thanks, it's a good point.
But to be clear, you DO actually know that other cell service
providers are selling your data to law enforcement: [1]
HTML [1]: https://www.theguardian.com/business/2016/oct/25/att-s...
HTML [2]: https://arstechnica.com/tech-policy/2025/09/court-reje...
johndoylecape wrote 21 hours 37 min ago:
Also, the reporter who broke the Anom story has written about
Cape a couple of times: [1]
HTML [1]: https://www.404media.co/i-dont-own-a-cellphone-can-this-...
HTML [2]: https://www.404media.co/privacy-telecom-cape-introduces-...
jrexilius wrote 21 hours 47 min ago:
Good luck! It's a tough sell and some people won't accept that
there are people from the defense sector that really care about
the Constitution. Transparency is proly your best friend. But
once you sign a Qualcom or carrier NDA, you are pretty tied-up as
far as open-sourcing things or transparency, I'd imagine. Still,
keep up the good fight!
cucumber3732842 wrote 1 day ago:
If you're not doing "fed" level shit and just don't wanna make your
petty shit trivial for the locals to dredge up that's probably
fine.
Like they're not gonna burn that kind of capability over tax
evasion, state civil law violations, etc.
jerlam wrote 1 day ago:
Secondary numbers sounds neat: [1] I've been using my Google Voice
number for something similar. But Cape doesn't specify if/when these
numbers are rotated in any way - you have three numbers to track now,
and you can't retain these numbers if you switch services.
HTML [1]: https://www.cape.co/blog/product-feature-secondary-numbers
alek-cape wrote 21 hours 4 min ago:
It's probably worth calling out that this is an experimental feature,
and we are happy to get any and all feedback on things we can build
out around them.
They are real numbers, not VOIP. That can matter depending on what
they are used for and if the entity you are expecting a message from
blocks sending to VOIP numbers.
The numbers don't rotate like our identifier rotation. They are
yours. You can choose to delete a secondary number in the app, and if
you have less than two, create a new one after 30 days.
DIR <- back to front page