The recent revelations regarding the NSA and other spying agencies have thrown our knowledge of piracy back on our heads.
So to be more private, we now know that we’ll have to be more high-tech and reclusive in our modern lives and here’s a phone which promises exactly that.
Named appropriately the “Blackphone”, the device is made by the Spanish manufacturer Geeksphone and the communications firm Silent Circle. It runs on a modified version of Android OS, PrivatOS, which is strongly coded so as not to leak any of your texts, calls or any other stuff, while either sending or receiving them.
For privacy purposes, anonymous VPNs are used while browsing the web.
“I have spent my whole career working towards the launch of secure telephony products.
Blackphone provides you with everything you need to ensure privacy and control of your communications, along with all the other high-end smartphone features you have come to expect.”
Phil Zimmermann, the founder of Silent Circle
The phone should work with any carrier worldwide. The specs aren’t unveiled right now but the creators behind the project claim that they are enough to place the Blackphone among the top offerings in the market.
The phone will be introduced at the MWC in late February, until then we can only speculate about more info. Still, what can possibly be better than a top-class phone which actually keeps your conversations private?
Hehehehe !!!!
Its a trap… Another trap by “PRISM”.
1 is happy because 1’s data is secured by so called “Black Phone”…. But 1 is unaware that 1 is submitting each & everything directly & without any delay to NSA :)
even if not directly but they may have implanted a Backdoor Policy on it.
Either the Creator is an idiot who thinks every person is idiot like him, or maybe that phone delivers what it says.
SAB MAYA Hai :D
It can’t be. I mean simply not possible, unless all of your calls and messages are encrypted, and thats only possible if both sides are using same cell or if an OS like android gives this option. Still there would be chance to get your private keys leaked. We are too much away from a real secure phone. Lots would have to be done to make that possible, a bigger revolution is required.
Two words for you: Redphone, TextSecure.
Two more words for you: Silent Circle.
After you have googled, come back.
Ok got it , such encryption services are available. But these are third parties, plus mostly unknown organizations which we have not heard. If google in android provide such options in android i will more trust them other than these third parties.
Point #1: RedPhone and TextSecure are open source. They have been audited by third parties
Point #2: you just demonstrate your ignorance if you say “unknown organisations”. The people behind this phone, and the softwares I listed are VERY WELL KNOWN to the security community, and have been for decades.
For example, there is the famous PGP program. Two of the main people behind this phone and behind Silent Circle are close to the PGP community (one of them is the original AUTHOR).
So I think you should Google some more. A LOT MORE.
Point #3. If you trust Google, then you don’t care about security. Even if Google is 100% secure and will not leak your data, they have to turn your data to the authorities by court order. Also, NSA and UK GCHQ and Chinese government have been EXPOSED as trying to hack/attack into Google, Yahoo, Microsoft (hotmail), etc. So trusting Google means eventually “The Bad Guys” will get your data one way or other.
Even more, the encryption used by SSL/TLS on Android is known to be weak.
Yeah in google’s case the data will only be shared to authorities but I would have peace of mind that data will not be shared online or even if someone likes to purchase it directly from google, they will turn down the request.
In case of other relatively less known orgs I will still have less confidence in them. Plus when I said unknown, I am referring to normal public, Ask a 5 year old, he will tell you something about google but who from end users know about those orgs you are mentioning.
Plus i am not a terrorist or a miscreant so i have to worry less about NSA or any other authority spying me. What i would like is my personal info and family photos are not available online publicly
A Real Time Example Can Be Seen While You are Viewing Facebook Page Where You See Ads Which Either Match Your Recent Searches In Google or In Other Search Engine
These Search Engines Sells Data to Each Others,Simply For Making More Money
It seems like you are trying to cover for the fact that you didn’t know the principals behind the phone by saying they are “unknown to the public”. Who cares about the public? The public doesn’t care about security. Haven’t you noticed? Don’t you know how many people set their passwords to “pakistan47” or “123456” or things like that?
This phone is targeted to professionals who care about security. Those people are willing to do the research because security is important to them. Known or unknown companies are not an issue to people who dig deeper. You should have done that.
Everyone has something to hide. Everyone is something they don’t want revealed. They don’t have to be a terrorist to feel that way, they have to be normal people.
There is contradiction right in this comment of yourself, On one place you said “The public doesn’t care about security, so who cares them” then later you are saying “Everyone is something they don’t want revealed” so grammar here is faulty but still I got your point and it contradicts with first statement.
BTW public as well today care about security, Anyone would not want their images and contacts in phone be shared , plus no one likes to be watched. But still I would trust more on Google than any other small org.
Your analysis is 100% wrong, If public cared about security, they would not trust Google or Apple or Microsoft or …
There is no contradiction in my statements. It is 100% describing when you look at how people ACT and TALK. If you ask someone if it is okay for ISI to listen to all conversations, they will say “go ahead, I have nothing to hide, it is to catch terrorists so it is okay.”
Ask around, ask your friends, most of them will say “I have nothing to hide”.
And yet, everyone has something to hide. Size of bank balance? CBR and bank may know, but they don’t want other parties to know right??? Just like that, all sorts of details. You mentioned photos, family photos, things like that.
When you call a bank they ask for your mother’s name, no? Think about it, how many names of your friends’s mothers do you know? Is it something to hide, or no? Not really, but we don’t go around telling people such names for a reason. If you asked a random stranger their date of birth and their mother’s name, instantly they will become suspicious. Yet, they are okay with things like government monitoring phone calls SMS internet etc etc because they think “they have nothing to hide”.
Even you are acting this way. you don’t want family stuff shared but you are okay with sharing it with Google EVEN WHEN YOU KNOW that NSA has tried and succeeded in getting information from sites that supposedly kept them save and private. Your pictures, they are not safe or private, my friend.
And that is why you need this phone but clearly you still do not understand why you should trust Silent Circle over Google, all because they are “unknown organization”. If you cared about security, you would have known who Silent Circle is for years from their security products.
Ordinary people are the ones with contradictions, trust me, and they are all around you. Yet, just like you said “they don’t want photos shared” but they think they have nothing to hide. Clearly, if they thought about their security, they would rather think they have nothing to SHARE with anyone, including government, and their answer to whether they have something to hide is ALWAYS YES.
I think, there is a difference between trusting a service like Google and not caring for security.
When you know Google is not realiable (thanks to Snowdon leaks and how Google executives and high level programmers have reacted in public), then trusting Google is like closing your eyes and walking into traffic and “trusting” that the drivers will be careful and won’t hit you.
Most of there apps now work securely using SSL and they are moving the remaining stuff.
Oh man.
Oh man!
Have you not even being paying attention???? Have you no idea of SSL interception in hardware? Here’s a fact for you: Bluecoat sells SSL and HTTP interception/transparent proxy hardware devices. What’s worse is that such hardware IS KNOWN TO BE INSTALLED IN PAKISTAN BY OUR OWN ISPS!!!!
The NSA and several government agencies worldwide, even including UAE/Etisalaat, have the ability to generate fake SSL certificates that are virtually indistinguishable from real ones. Yes, some softwares do certificate pinning like Google Chrome to prevent such problems, but MOST SOFTWARE DOES NOT CARE. I do not think Android core libraries have certificate pinning but I might be wrong about this. However there are many examples floating on the internet and libraries that explain how to do pinning in iOS and Android for your own apps. Search for pinning on OWASP site.
Today, if Etisalaat created a fake SSL certificate for facebook’s site, they could put that in their transparent proxies and DECRYPT ALL YOUR FACEBOOK TRAFFIC.
Google for two articles:
“New NSA Leak Shows MITM Attacks Against Major Internet Services”
by bruce schneier (please don’t say he is “obscure and unknown to public”)
“How the NSA, and your boss, can intercept and break SSL”
by zdnet
You think SSL will save you?
Oh man!
If SSL is interrupted, the end user does not get data with those vaiid certificates, so end user knows communication is interrupted and they are being provided with invalid certificates etc.
Oh man if you would only spend the five minutes needed to read my links you would know the facts. Are all PHP lovers like you so WILLINGLY IGNORANT?
THERE IS NO INTERRUPTION. That is why they are called transparent interception systems.
TRANSPARENT.
INTERCEPTION IS NOT INTERRUPTION.
There is no way for you to know that your SSL connection has been hijacked without certificate pinning. NO WAY. And only your browser (Chrome) has that enabled right now for certain.
And I am not describing a theoretical attack. I am describing
1. HARDWARE SOLD ON THE MARKET FOR YEARS.
2. HARDWARE DEPLOYED IN PAKISTAN
3. A TYPE OF ATTACKS GOVERMENTS AND COMPANIES HAVE USED AND USE TODAY.
i checked and Android added certificate pin support in 4.2 but did not ship with any default pins.
There is a saying “If there is a will, there is a way” and they WILL find it, sooner or later.