Saw this ad - what do we know about Cape?
from collar@lemmy.world to privacy@lemmy.ml on 02 Oct 18:55
https://lemmy.world/post/36787855
from collar@lemmy.world to privacy@lemmy.ml on 02 Oct 18:55
https://lemmy.world/post/36787855
Happy to see a privacy-focused carrier, and it has better policies than any other carrier out there. But founder is formerly from Palantir and there’s a lot of VC money behind it (not inherently a problem, just flagging).
Thoughts?
threaded - newest
So, how is this supposed to work? From what I can gather at a quick glance it appears to be a VPN of some sorts but for cellular data?
You get you phone number through them and they act as your carrier and then they use other telcos that have the physical infrastructure to service calls/data. Not that different from how Mint or other virtual networks operate, but Cape alleges to collect little data about its users and not to sell any user data.
They offer IMEI spoofing, geofenced profiles, etc. It would function better than a VPN in theory.
Jmp.chat provides sim activations for xmr but honestly no matter what anything with a cell radio is being logged by its upstream carrier.
If you want a truely private number, use jmp.chat with a separate xmpp server over something like mullvad.
For what its worth, the sim swap protection might be worth it considering how many services force you to use SMS for 2fa, and they seem to ask for less data than usual.
Is it better than your average carrier? Maybe. Is any SMS/phone call coming out of your personal number something you should consider private from the government? Probably not.
Its still going to have to go over the big boy carriers, and its still probably going to be tied to a phone number several institutions will know is yours if its your main number.
If it isn’t, use jmp.chat, alongside a good XMPP provider and VPN, or forego the PSTN all-together.
Well your phone calls themselves – the actual conversation – shouldn’t be accessible without a warrant for a wire tap, that’s pretty longstanding precedent in the U.S. Cell phone location information is also protected by a warrant (Carpenter v. U.S.), but pen registers (logs of who you call) do not require a warrant (Smith v. Maryland). I’m not sure if governments are prevented from purchasing data from carriers, just as any data broker could do. Additionally, who knows if governments are secretly collecting phone call and cell phone data and storing it, but only accessing it once they have a warrant. It’s impossible to know what’s fully happening on the back end between big telco companies and the gov’t.
Either way, at the end of the day, whether you have Cape or some other service, if you’re at the level of the government getting a warrant for your data any legitimate company is going to comply. That’s why the best thing is to have a company that can only turn over limited amounts of data because that’s all they have.
By the cops or FBI maybe. The NSA is absolutely recording any and all phone calls that touch five eyes phone networks. That’s what Snowdon warned us all about.
Collecting and monitoring are two different things. If NSA is still dragnetting communications in the post-Snowden era, it’s likely storing and then accessing when something gives the reason. The sheer volume of communication data is far too large to monitor everything.
By people, sure. Run it through a magical analytical algorithm that flags stuff for people to look? Or if that’s still too much everywhere, they could focus it on a certain area’s towers and process that data. Will it catch everything or not generate false positives? No, it’s not perfect, but I could see it helping them and being done.
I doubt an agency like this would just hoard the info and not proactively use.
I just assume every ad on reddit is a scam. Seems to be the trend over there.
Hell half of the front page posts seem to be ads anymore
How would this be private? Wouldn’t they be using other providers cell network? I doubt they have put out enough or their own towers.
Also how do I pay for it they never now my name or address to I have to put cash in an envelope and drop it somewhere? Ah they don’t store the data on your payment but Stripe does.
So lots of this can be bullshit since they can claim we don’t collect data but they would be an MVNO but whichever network you are using does.
I saw this video on YouTube with a rep from the company and while there were some positive things put forward, the biggest red flag to me was when he wouldn’t disclose what networks they partner with. They are a virtual network so they don’t own the cell towers, and that means they’re running off someone else’s. Why can’t you say who? Other virtual carriers have no problem saying that they run on Verizon or T-Mobile.
www.youtube.com/watch?v=K1C-bR728ro interview for Cape starts at about 30 minutes in. Ironically, the podcast is called “Snake Oilers” and it’s a paid-promotion thing, sooooo take this with a grain of salt.
cyberscoop.com/cape-phone-privacy-calea-tracking/
Good article which points to a few promising aspects. They seem to have their own phones (as of Nov 24) as part of this. Second, that their market is “high risk” individuals. So people with money, it sounds like. If the pricing reflects a market for governments, celebs, and crypto bros trying to not get SIM swap attacked, then it’s not likely a honeypot for Feds. Maybe.
I hate the idea of only being allowed to use their phones, but that might just be their “easy mode” for idiot celebrities or government contracts. If they can give me a physical SIM, I’m interested.
I would not be an early adopter. Hang and see who isn’t a plant that joins.
The feds have already pulled a similar stunt with another manufacturer+software combo. (en.m.wikipedia.org/wiki/Operation_Trojan_Shield#D…)
The only thing that makes this smell legit is the fact that it is a provider and probably only eSIMs. But even then, this is not very good opsec to be deliberately using a marketed product that will likely have an identifier for their cell traffic. Graphene works as well as it does because it runs of pre-existing hardware to be more inconspicuous.
Well, opsec can only go so far. At some point you need data packets traveling over real wires, and it’s a question of who do you trust with unencrypted data like SMS? Using a data only VPN is “clunky” for wealthy manbabies, who demand less friction in everything they do.
Simply having your data going to their service is immaterial since it’s likely the phone number also indicates it’s a Cape carrier phone, and the IMEI of the phone doesn’t ping for any other carrier.
It’s a strong “ugh…maybe, we’ll see” from me, but I wouldn’t bother with it for another 6 months and see if it ends up one of those super elitist things wealthy people talk about only to each other.
Thanks for that link. I didn’t know that. We are below the US in privacy laws! Is there any first world country worst than Australia?
They said all users were criminals, but who knows what they are calling a crime, specially with the retarded laws down here…
It shows what I suspected, that Australian software and servers must be avoided even more than Americans.
So, they have their own phone that is for high risk individuals and is not available to the general public. Then, separately they have their own mobile network that you can use with any regular phone and they sell Pixels on their website (for $50, you can have them pre-load GraphineOS). The AD i posted is for their cellular network, which is not related to their own first-party device.
It’s a good call to post, but waaay too soon IMO too bother with it. It might simply be flash in the pan marketing for VC funding and not work. It might be a total scam. It might be legit and poorly run. It might be the real deal. It’s hard to say without more data.
You should not use a phone with preloaded graphene without first checking the hash. It’s also kind of insane to charge $50 for it, when Graphene’s web installer just has you click buttons to install. You can even use another phone to do it.
100% agree. I would definitely not have them install graphene for you. Do it yourself so you know what’s in the installation
The best answer
Could be a honeypot.
That’s always the concern with privacy-focused services, especially if they’re not open source or audited.
But if we think about the practical application – who needs a honeypot for cell phone services? Carriers already collect so much data (location, telemetry, payment, government-issued ID, etc) and sell it willingly to whoever wants to buy. How could Cape be any worse? lol. If they adhere to any of their stated policies it seems like a plus, no?
Additionally, at least to me, Cape is not marketing the way the Anom phone did, where it trying to gain adopting by nefarious users. That’s my take - I’m not advocating for Cape since I don’t really know much about them, but I’m trying to put things in context.
The way anti-fingerprinting techniques work is by making you as much of a background digital character as possible. A privacy conscious user spoofing location and network traffic data on AT&T, Verizon, or T-Mobile is going to be far less likely to be singled out compared to customers on some bespoke cell network.
You should try to fake your traffic on a standard phone network (Using something like GrapheneOS with more granular control) to simply appear like another faceless data point rather than a “paranoid privacy user who bought this subscription for the privacy people”, because that traffic will raise eyebrows much quicker.
Fair points. Different strategies for different threat models I assume. Anonymity through hardening (if we take Cape at their word, big if) or security through obscurity.
100% honeypot
Big encrochat vibes
Something can’t be both “100%” and vibes based lol
Unless you mean “I am 100% basing the following opinion on vibes”.
You need evidence. Please don’t respond with more vibes.
I am sure it is a honeypot, they will work with feds. I base that on the people behind it.
Also it reminds me a lot of encrochat which had similar vibes about it.
This is depressing. Trial by vibes. I’m going to live in the woods.
Im not basing anything on vibes, this is how venture capital funded operations work.
If you expect some rich assholes to keep your chats secure and not cave after the slightest preasure, you’re going to get taken for a ride.
Which is why it’s a honey pot it’s basically for gullible people.
I can’t believe I need to explain to someone that claiming you don’t need evidence to declare something to be true is faith based on vibes. Tiktok has truly broken the younger generations brains.
I cant believe i beed to explain to someone that venture capitalists are not good at security and do will not fight legal battles for the sake of their users. I linked multiple examples, believe what you want.
[citation needed]
It’s two separate sentences, my guy… complete with a line break in between. So not even in the same paragraph. Did we just forget how to parse written language?
Uh, he confirmed in a reply that he had no evidence and was deciding based on faith alone.
What makes you think encrochat was a honeypot? Am I missing something?
Because they literally operated it as a honeypot and gave police full access to chats while advertising to criminals that it was safe.
Where did you read that they gave police full access? I thought they were hacked.
That’s even worse then because they didn’t even have a secure network from start. Be it willful ignorance or intentional assistance, its still a honeypot. This was a huge “I told you so” by a lot of the dark net community when it happened, a lot of people called it WAY ahead of time.
Encrochat isn’t the only example, so i may have conflated it with one of these other Honeypot operations: ANOM, Phantom Secure , Ghost , SkyECC
You might be able to see a pattern here. People who actually want security and anonymity know that you can’t trust those things over to a corporation or a bunch of tech broligarchs, they will either betray you intentionally or due to their incompetence.
I don’t see how being hacked make it “still a honeypot”.
because it was being used to attract criminals into thinking it was a safe and legitimate service, while under theee surface it was relaying all the messages to law enforcement.
Yes but
I guess we have different definitions of what a honeypot is then. I dont think it has to start as a honeypot to qualify as one once law enforcement is involved.
There are countless examples of this kind of infiltration on other services. you can call it something else but either way i think youd have to be a fool to trust an operation like that to be in any way secure from monitoring by law enforcement.
The cynic in me immediately thinks it’s a honeypot to trap privacy-conscious individuals.
I’ll look it up. But I suspect it’ll be just another case of a company pinky-swearing to respect your privacy, like Apple.
Yes. Cellphone carriers are a stupid concept. If I paid for my own cell service, I would use VoIP.
Gonna guess a company that has no problem engaging with Reddit’s invasive targeted ad system is not that privacy conscious.
Previously discussed three months ago at lemmy.ml/post/33176527. Not sure how to format that link correctly though…
lemmy.ml/post/33176527
What? Lol.
This is probably a question for the Graphene forums
It looks like a honeypot, and wtf is a “private cell network”? How are they gonna do that? SMS and phone calls aren’t E2EE
It’s private because it’s yours /s
I’ve seen this ad here in Australia where cell towers are essentially all owned by a single telecomm (Telstra), who leases them out. No idea how their cell network could be private given that info
I think their tech works, they’re used by the army. The founder was the cofounder of Palantir, which I think is worth noting. Their focus is on US government use first and the average consumer second.
Yeah it looks like the cell network is the consumer facing product
This is the exact reason that it is a hard no.
It’s also like $100 a month.
True, expensive. Prosper to offset no selling customer data.
I refuse to believe they didn’t do this for their benefit. Especially at the price tag. I feel the same about Proton. The minute the government knocks without a warrant they’ll still turn you over.
Maybe, I couldn’t say if it’s a premium for privacy, marketing, or what.
As for turning over data without a warrant, I don’t have a problem with companies complying with lawful orders, as Proton does. I don’t think there’s any evidence to support the notion that Proton complies with non-legal or mere requests from LE. Correct me if I’m wrong.
Palantir, end of discussion.
Cell providers such as Telekom, Verizon, Yettel etc. have to provide Lawful Interception support for countries’ law enforcement agencies, and these are implemented in a way, that not even the cell providers is aware when a said subscriber / user is being listened on.
Otherwise I would guess a cell provider can’t operate in that country if it isn’t willing to provide this support?
And almost every cell provider that is small is only piggybacking of one of the big 3.
I don’t have an issue with telcos complying with lawful warrants, which is what Lawful Interception requires. but if your telco can only turn over limited amounts of data because that’s all it has access to, then that’s a plus.
Separately, do you have a source that telcos are unaware when LE is wiretapping? LE would likely need the assistance of the telco to do so and the telco should require the warrant.
Well I have read it in a 10 year old ppt training at my telco provider company where I work at, which only mentioned this with 1 sentence without any source either, and probably that would have been an internal document too, so unfortunately you have to take my word for it.
Fair enough!
Just use Airalo.
I don’t think this is really a replacement for the offering that Cape is proposing. Airalo are data only eSIMs and target consumers who need short-term data plans while traveling abroad. This is not a replacement of your primary carrier service and doesn’t give you a phone number. Additionally, other than the transient nature of the temporary eSIM you buy, there are no notable privacy-focused features behind Airalo.
Not saying Cape follows through with its claims, just saying these are not really comparable offerings.
I think they mean private as in, not a publicly traded company. Palantir would never ever ever respect anyone’s privacy, and under no circumstances ever can it be assumed that they will have ethical business practices.
This is a hard no. Fuck Palantir. Also, fuck Theil too. Hope he rots.