Blackphone: a privacy-oriented, high-end, unlocked phone

Blackphone is a secure, privacy-oriented mobile phone company co-founded by PGP inventor Phil Zimmerman. It integrates a lot of the privacy functionality of Zimmerman's Silent Circle, which makes Android-based privacy tools (secure calls, messaging, storage and proxies). Blackphone also runs Android, with a skin that switches on all the security stuff by default. The company is based in Switzerland, whose government privacy rules are better than most. The phone itself is a high-end, unlocked GSM handset. No info on pricing yet, but pre-orders open in late February. I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself and report here on its performance.

Blackphone is unlocked and works with any GSM carrier. Performance benchmarks put it among the top performers from any manufacturer.

It has the features necessary to do all the things you need, as well as all the things you want, while maintaining your privacy and security and giving you the freedom to choose your carrier, your apps, and your location.

The tools installed on Blackphone give you everything you need to take ownership of your mobile presence and digital footprints, and ensure nobody else can watch you without your knowledge.

You can make and receive secure phone calls; exchange secure texts; exchange and store secure files; have secure video chat; browse privately; and anonymize your activity through a VPN.

Blackphone (via Engadget)

Notable Replies

  1. So... who's software runs the radio? Since that's the giant gaping security hole in any secure phone effort? No offense meant but.

  2. SamSam says:

    I'm interested in whether the sourcecode for the Blackphone stack will be free, open, auditable and transparent. If it is, I will certainly order one of these for myself

    But how can you possibly know that the owners didn't get pressured into secretly adding a back-door, like the NSA has done/tried to do with so many security companies?

    Looking at the sourcecode and checking its hash is a nice way to feel good and pretend you know something about security, but it means nothing at all unless you build and install the OS from sourcecode yourself. You have no idea what's actually on the phone.

    Even if you install the OS yourself, that's still completely meaningless, unless you can verify the additional firmware that's on every single chip in the phone.

    A report just came out that the NSA was able to install radio-transmitting leaks into 100,000 computers, using a tiny chip embedded in a USB cable, to monitor communications of targets even on secure, unconnected computers. Compared to that, putting malicious code the antenna chip, say, is trivial. You can run the bootloader as many times as you like and you're never going to touch that.

    Didn't you just write a column on how a false sense of security is worse than no security?

    We're in the age where you can literally make your own phone from off-the-shelf parts. If I were Snowden or someone else that the government was trying to track, why the hell would I want a black box (pun), even if they stick a few million lines of sourcecode up on GitHub?

  3. nofare says:

    What a laughable, poorly made, utterly cynical video. Who's their target audience? Teens? Just praying on people's fears, superficial understanding of privacy, and shallow need to be/look cool. Guaranteed, little of it, if anything, will be Open Source.

    Smári McCarthy, founder and creator of MailPile, had a few pointed remarks about it last night on Twitter, such as ...

    "Privacy is not dark. It does not require a lack of photons. Privacy is not the opposite of transparency. Please get that through your heads."

    "'chic' for the types of people who attend CCC or Blackhat. Spooky 007 crap for Joe Public."

  4. I think it's a privacy device, not an anti-government amulet or a supertool for evildoers.

    It can't protect you from governments, or from the corporations that own governments. They have MIB on the rooftops with parabolic mikes.

    It isn't of any interest to criminals. Criminals do not want to stick out of the crowd by using high levels of encryption or visibly fancy gear. They use disposable phones purchased with cash.

    But it might prevent the Sun from printing transcripts of your phone conversation with the nanny on page one, and save you a nasty divorce settlement. And it will keep your neighbor from picking up your phone conversations with his hacked scanner or baby monitor and learning what bets you've placed with your bookie. Et cetera.

  5. bwv812 says:

    Regardless of how secure the email is, the real question posed by Lavabit is whether any service domiciled in the US is secure from National Security Letters. Bad crytography had nothing to do with why they closed shop.

Continue the discussion

25 more replies