Readit News logoReadit News
jrexilius commented on Cell Service for the Fairly Paranoid   cape.co/... · Posted by u/0xWTF
bsstoner · 16 days ago
Hi -- Head of Product at Cape. This is a good question. I will say up front there is no silver bullet for privacy on cellular networks given the way they were designed to interoperate. Our strategy is to offer many different protections that collectively make it harder for your activity to be tracked.

The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.

Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.

jrexilius · 16 days ago
A sort of related question, is the user able to actually power-off the baseband carrier chip and still keep the phone powered on? I seem to recall there being some 911 regulations around that topic. But it might be a way to enable the user to at least disable that tracking vector, while still using the phone offline or via wifi?
jrexilius commented on Cell Service for the Fairly Paranoid   cape.co/... · Posted by u/0xWTF
gruez · 16 days ago
"Europe" isn't a monolith, and there are quite a few countries that don't require any KYC, UK and NL to name two.
jrexilius · 16 days ago
You don't need an ID to buy a SIM in UK? I remember not needing one a long time ago but in recent years was asked for one.. maybe not a law? irregularly applied?
jrexilius commented on Cell Service for the Fairly Paranoid   cape.co/... · Posted by u/0xWTF
buttocks · 16 days ago
Will not pass muster with FCC. Know Your Customer regulations require the company to … know the customer. They will not last.
jrexilius · 16 days ago
I think the regulations have some loopholes for domestic use, but one I don't know how they can really get around is for international roaming, as other countries have far stricter KYC laws.

Domestically you can buy a Tmobile or Cricket with a pre-paid visa cash card and a gmail address (no ID required), but they won't work outside the US.

jrexilius commented on Cell Service for the Fairly Paranoid   cape.co/... · Posted by u/0xWTF
johndoylecape · 16 days ago
This Anom comp comes up a lot. It's super hard to prove a negative, so no matter many how times I say "Cape is not a honeypot," the critics will just respond "that is exactly what a honeypot would say."

We're working on some ideas to address this with audits etc, but it will always be tough. However, if you like the idea, and like the features, then maybe it is worth your time to do the work and get comfortable with the company. Because we're the only ones providing some of these features, and we have a lot more in the hopper still to come. I hope we can win your trust at some point.

jrexilius · 16 days ago
Good luck! It's a tough sell and some people won't accept that there are people from the defense sector that really care about the Constitution. Transparency is proly your best friend. But once you sign a Qualcom or carrier NDA, you are pretty tied-up as far as open-sourcing things or transparency, I'd imagine. Still, keep up the good fight!
jrexilius commented on Gnome and Mozilla Discuss Proposal to Disable Middle Mouse Paste on Linux   linuxiac.com/gnome-and-mo... · Posted by u/raphinou
jrexilius · 2 months ago
This is an very user-powerful feature. WHY the fuck would they disable it? It basically gives you two buffers, middle click for dynamic selection-paste. repetitive-chunks of text can use the more cumbersome ctl-c/v. I've been using this feature since before linux was a thing. When I teach it to young engineers now they find it quite useful. STOP trying to turn everything into a mimic of a damn smart phone OS!
jrexilius commented on OpenMANET Wi-Fi HaLow open-source project for Raspberry Pi–based MANET radios   openmanet.net/... · Posted by u/hexmiles
speransky · 4 months ago
I use MorseMicro in 802.11s mode successfully, just openwrt stuff, any reason to try this project ?
jrexilius · 4 months ago
Last time I played with Moremicro they didn't work with real 802.11s and had some hokey proprietary hierarchal tree topology that required a main basestation gateway. ad-hoc, peer-to-peer was broken. They finally fixed their driver?
jrexilius commented on I Want You to Understand Chicago   aphyr.com/posts/397-i-wan... · Posted by u/tonyg
pizlonator · 4 months ago
This is really sad to read!

Can folks who live in Chicago confirm/deny/comment on the extent to which this article gets it right?

(I have no reason to believe that it's an exaggeration, but I sincerely hope that it is.)

jrexilius · 4 months ago
I live in Chicago and it is a BIG city. I've seen, in real life, none of this. But the online reports are legion. I think, like a lot of things, you can choose what reality you want to inhabit and find anecdata online to support any of it. During the Obama adminstration the right wing whackos came up with theories about black helicopters and UN camps and the rest. This may be _slightly_ more factual as the Orange Troll is more purposefully playing a media game, but I'd still take these reports with a grain of salt.
jrexilius commented on Gilded Rage – Why Silicon Valley went from libertarian to authoritarian   paulkrugman.substack.com/... · Posted by u/adamors
jrexilius · 4 months ago
I'm confused, is the assertion here that this is the first time silicon valley tech people and their companies got involved in partisan politics? Is it really short memory or selective memory?

example: https://www.theatlantic.com/technology/archive/2012/11/when-...

jrexilius commented on How I ditched smartphones   discuss.techlore.tech/t/h... · Posted by u/sipofwater
dredmorbius · 5 months ago
Surely those systems have fallbacks for those lacking mobile service entirely?
jrexilius · 5 months ago
No, most don't. I've used that approach in the past for privacy and in recent years most services started blocking it with no alternatives.
jrexilius commented on How I ditched smartphones   discuss.techlore.tech/t/h... · Posted by u/sipofwater
mnky9800n · 5 months ago
I've always wanted to make a two-factor authentication device that has a camera, QR reader, and an e-ink screen for listing the codes that otherwise does nothing else. but ive always been a bit limited because I don't really know where to get started making hardware. but i feel like 2-factor authentication is the number one thing preventing me from getting rid of my smartphone which is kind of silly because why do i need some massive super computer in my pocket (at least from the perspective of the 1980s) to have an alternating cypher to login to websites on my laptop.
jrexilius · 5 months ago
The easiest, fastest way to hack this together would be a raspberry pi zero with a display hat. It'd be chunky, but it would keep all the TOTP shared secrets off of other less reliable devices.
j

u/jrexilius

KarmaCake day1039June 29, 2020
About
Architect, engineer, hacker, amateur hardware geek. Currently working on communications security problems. personal site: jasonrexilius.com
View Original