bsstoner (u/bsstoner)

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

ownash · 14 days ago

I used cape for a while - they had a promo where the service was cheaper. I'll be honest, the service itself - the signal I got on the device - was just not worth the full price of $99. It could just be my area. I also had to constantly turn voicemail on and off or else I wouldn't get voicemails.

The customer support team was great to work with and actually extended the trial price for me. But ultimately, the service just does not seem competitive on a usability level with major carriers and this was an issue for me. It very much could have been my local area but Verizon and T-Mobile are far, far more reliabl and comparable in price.

bsstoner · 14 days ago

Thanks for trying us out and for the feedback. We are have had some bugs with voicemail that we should have resolved now. And improving the network is our #1 priority this year. Hopefully you'll give us another shot down the road!

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

voidUpdate · 16 days ago

Does cape use its own cell towers, or do they rely on third parties to provide the actual infrastructure? And if they do use third parties, are they sure that they aren't also storing data about the connected devices etc?

bsstoner · 16 days ago

We don’t operate our own towers and as you point out we can’t control what someone there does. Our privacy and security model is to treat the towers as untrustworthy. This is why we do things like rotate your IMSI daily or split your traffic across multiple underlying network partners. We want to make any data that is collected noisy and less valuable to data brokers.

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

jp0001 · 16 days ago

Hold on. Cell towers still know where the device is. If a group of people in an area have stable ismi’s and one person’s ismi is rotating daily, it doesn’t take a genius to figure out who’s now using cape. Using it for travel makes sense, but again being a device that doesn’t a have an owner is, as the kids say, sus.

bsstoner · 16 days ago

It depends what your threat model is. Most telco data collection and resale is based on IMSI’s attached to KYC’d customers. If they can’t get personal information and the IMSI looks like it’s a day old, that data is inherently less valuable to data brokers. The large telcos have plenty of clean data with stable IMSI’s tied to KYC’d customers that is worth more.

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

pona-a · 16 days ago

I have some questions about the "Last-Mile encryption" and "Encrypted Voicemail". Does Cape receive cleartext and resend it encrypted? What does this achieve? Integrity? Does the service drop unencrypted messages?

bsstoner · 16 days ago

We receive in cleartext and encrypt with a key controlled by the customer. Most carriers store voicemail and SMS in cleartext on their servers. The goal is reduce exposure while preserving interoperability. This post on encrypted voicemail gets into more technical details about how it works: https://www.cape.co/blog/product-feature-encrypted-voicemail...

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

close04 · 16 days ago

> but I would argue that my background made me uniquely situated to understand and care about these problems deeply enough to spend years of my life building a company in response.

Maybe but this line of argumentation also opens the door to more criticism. Anyone looking at Palantir from the outside only knows their reputation and involvement in unsavory projects before taking a job. You chose to take the job with that knowledge covering most of your field of view. You stayed to work for that company contributing to that kind of work. That's a signal that's brighter than the valuable experience you gathered there. Tech can be learned but the values needed to support or even tolerate Palantir's activities don't get easily changed.

The premise of your company pivots on trust, not technology, the same tech is known and available to everyone else too. And it's trust in you that you will do what you say, not that you can do what you say. The latter is a given, you clearly have the knowhow. The former is putting any promise in doubt.

> Cape routes your traffic through our US-based mobile core.

This sounds like an anti-feature when it comes to privacy or the paranoid.

> I say "Cape is not a honeypot" a lot just so I don't appear to be mincing words.

I appreciate you saying it but Crypto AG probably also said that a lot (figuratively).

> Cape does not keep this data.

Unfortunately you are limited in what you can do here. Having or processing this data for any amount of time, even without keeping it, puts you in the position to be compelled to provide it.

bsstoner · 16 days ago

This is valid feedback and it’s on us to earn trust over time through our actions. I will say that Cape is a company of almost 100 people from many different backgrounds. Prior to Cape I spent almost a decade at DuckDuckGo. We’re a group of people that is frustrated with the status quo in the telco industry and want to do better.

One of the efforts we’re working on now is an audit of our data retention claims. We recently posted an RFC on Reddit if anyone from this community has input: https://www.reddit.com/r/CapeCellular/s/zTn7HQ0emo

We plan to continue to do more things like this that increase transparency and build trust over time.

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

UnreachableCode · 16 days ago

What about some form of external auditing down the line to add legitimacy to these honeypot claims? Maybe open sourcing the technology as well?

bsstoner · 16 days ago

We’re working on an audit now. There’s an RFC on Reddit looking for input: https://www.reddit.com/r/CapeCellular/s/zTn7HQ0emo

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

altairprime · 16 days ago

I would be a lot less worried about signing up for that plan if I could soft-cap myself at 10GB until I login to the app and push a button that says "yeah for real I'm going to use another 10GB of mobile data", so that if iOS goes bonkers and tries to download my entire 90GB iTunes library over cellular, it doesn't fuck me over for a month. I haven't exceeded 7GB/mo intentionally for years, but it's happened twice so far against my express wishes, and carriers are uniformly awful at that.

bsstoner · 16 days ago

This is good feedback. We don’t want caps and throttling to be a blocker for signing up and using us. Since we’re at a premium price point we should economically be able to be a lot more generous than existing carriers.

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

loteck · 16 days ago

Hi Cape team,

I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.

bsstoner · 16 days ago

Appreciate the feedback, we’ll likely experiment with different plans down the road, but for now we’re focused on rolling out as much additional privacy/security value as we can to justify the premium price point.

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

montyanne · 16 days ago

> We add noise to their data

It’s interesting that Apple is going down a similar path with hardware filtering location retrieval commands and neighborhood-level blurring on their C1 modems. Really awesome work from that team by making sure they’ve considered privacy as a first party feature for that chip.

How do you guys view the relative value of privacy/security at the network provider layer of the cell stack for the average user/citzen?

Even if Cape doesn’t retain metadata yourselves (eg LTE positioning info), is that data not still retained and repackaged by the tower owners themselves? Eg babel street, venntel, etc. A rotating IMEI every 24 hours might make it marginally more difficult for logical tracking, but there’s still only physically one location the phone can be in without fuzzing at the hardware level.

I should also say - I’ve been following y’all’s work for a while (and considered some of those early forward deployed engineer positions), but I’m struggling to see how this all works as a consumer product. Would be awesome to see an eventual partnership with Apple/Qualcomm to bring this to the hardware level since privacy is a tough nut to crack even at full MVNO.

bsstoner · 16 days ago

Appreciate the shoutout. We love what Apple is doing in this area. There is a lot of room for them to help improve things at the modem/hardware/OS layer.

On the tower question, you’re right, we can’t control what data is collected by the tower owners. Like I said above our strategy is to add noise through a variety of methods that makes it harder (not impossible) for anyone collecting data to track you. We also give you multiple phone numbers. I think this stuff adds up and is a meaningful improvement over the status quo for most average user/citizens.

I like to use the organic food analogy. If given the choice, why not choose the carrier that is actually making an effort not to track you vs everyone else who clearly doesn’t care?

bsstoner commented on Cell Service for the Fairly Paranoid cape.co/... · Posted by u/0xWTF

roughly · 16 days ago

I’m curious if you’re able to comment on the IMEI question raised above - rotating the IMSI is good, but are the towers still collecting IMEIs?

bsstoner · 16 days ago

Details on what the tower sees are at the table in the bottom of this blog post: https://www.cape.co/blog/product-feature-identifier-rotation...