alt Hacker NewsCell Service for the Fairly Paranoid
Comments
> Enjoy unlimited high-speed data; after 50GB, speeds may slow to 256 kbps.
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
FYI, I had to walk through the first dozen or so steps of the signup form to figure out that it's available in the US only. I suspected as much, but I figured I'd post it here, since it's not in their FAQ.
>Identifier Rotation
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
I've looked into this company before and when I saw who was behind it and on the team it was an immediate red flag to never use or trust this company.
Look at who Doyle has worked for previously and what connections he has. Palantir and the military, to start.
I know it'a a bit of a pivot but the following would make me move:
1/ eSIM activation outside the US 2/ The family plan is weird. My wife and I don't want to manage two separate bills. 3/ multiple eSIMs and numbers in different countries all within the one account (Germany in particular)
From their "Features" drop-down:
> Minimal Data Collection
> Identifier Rotation
> Secondary Numbers
> Disappearing Call Logs
> SIM Swap Protection
> Network Lock
> Encrypted Voicemail
> Private Payment
> Last-Mile Encrypted Texting
> Secure Global Roaming
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
You might check out who the CEO is here and how he runs the company and then consider whether you'd trust them. And look at the infra providers they use. Not what I would call the most upstanding bunch.
Will not pass muster with FCC. Know Your Customer regulations require the company to … know the customer. They will not last.
I have some questions about the "Last-Mile encryption" and "Encrypted Voicemail". Does Cape receive cleartext and resend it encrypted? What does this achieve? Integrity? Does the service drop unencrypted messages?
Partnered with EFF, might as well say this is a US government honey trap.
Hold on. Cell towers still know where the device is. If a group of people in an area have stable ismi’s and one person’s ismi is rotating daily, it doesn’t take a genius to figure out who’s now using cape. Using it for travel makes sense, but again being a device that doesn’t a have an owner is, as the kids say, sus.
Hi Cape team,
I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.
Does cape use its own cell towers, or do they rely on third parties to provide the actual infrastructure? And if they do use third parties, are they sure that they aren't also storing data about the connected devices etc?
Why this gives honeypot vibes?
It would be more useful and beneficial to have a privacy oriented twilio than a privacy oriented carrier.
If we treat the carrier as adversarial, dumb pipes we can move the security and all of the capabilities into the cloud platform. A personal comms stack like this should be carrier-agnostic, phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
Do not fall for a word of this. If you've spent any time dealing with actual SIP providers (ie not the shit you'd hook an app up to, the ones debt collectors use), you'll know exactly how much you can trust them. Same difference
Unfortunate that it doesn’t seem to support Linux phones. Phreely or Purism’s AweSIM would be a better fit for anyone running a non-Android/non-iOS setup. Hopefully they add this in the future.
If anyone uses this and could tell us about your experience, please do!
How does this compare to Phreeli [1]? Has anyone here used either of the services?
So it's an MVNO mostly on the AT&T network with extra privacy features? I think it still all then comes down to how you use your phone and how much you can trust the whole pipeline. I use Credo Mobile which doesn't seem totally different. https://www.credomobile.com/our-story
Secondary numbers sounds neat:
https://www.cape.co/blog/product-feature-secondary-numbers
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
There’s a chance this catches on with some folks with blacklisted IMEI’s due to a quirk on AT&T MVNOs where service works for a few days before getting halted per IMSI.
Maybe have an onion web service and add direct Monero payment support. This will help privacy LARP'ers get into the mood. Truth be told, if you're paranoid by any measure and use a cell phone -> YNGMI. It's not cheap enough for average person to care and not private enough for ulta-paranoid to pay and use. The whole mobile infrastructure is utterly broken in terms of security and privacy so it's still refreshing to see any kind of attempt being made in this area.
Another option for anonymous mobile service: https://silent.link/
eSIM, global, variable pricing per country with per-GB billing, anonymous crypto payments and no KYC. Although it seems to not have some of the additional security features of the OP.
What about crypto payments?
How does this compare to silent.link?
It’s rare to see an MVNO thread get into the weeds of the mobile core, but as a Full MVNO, Cape is essentially running its own sovereign telco infrastructure. From an outside perspective, they are definitely among the few who are treating the signaling plane with the proper level of scrutiny (they built their own signalling firewall) But even with a proprietary core and a signaling firewall, Cape is still an island in a sea of legacy protocols and peer MNOs with different intentions...
I'd be interested to see how they are hardening the IMS (IP Multimedia Subsystem) and VoLTE/VoWifi stack. SIP signaling and RTP streams for voice are often unencrypted internally.
If Cape is applying their 'Network Lock' logic to the IMS layer, they could potentially mitigate SIP-level spoofing and voice interception that occurs at the interconnect. Their 'Encrypted Voicemail' (using asymmetric keys on the device) is a strong signal that they understand the 'Last Mile' problem.
Also even if SEPPs are not really a thing, i'd be curious to know if they've started looking at this.
In the small world of telco security (disclaimer i work for P1Security), they are definitely working in the right direction. Any international ambition, particularly in EU, will be a tough sell though....