Phil Zimmerman Launching Secure "Blackphone"

judgecorp writes "Famed cryptography activist Phil Zimmerman is set to launch Blackphone, a privacy-oriented phone which allows secure calls and messages. The phone is a joint venture between Zimmerman's Silent Circle communications provider and Geeksphone, the creator of the first Firefox phone, and will run PrivatOS, a secure version of Android. Zimmerman says the venture will be taking orders for the devices from February 24, after it is unveiled at Mobile World Congress in Barcelona."

Switzerland

[Anonymous Coward]

An interesting choice. I guess it is only logical, since Zimmerman had to shut down his encrypted e-mail service SilentCircle [slashdot.org] in the US. I hope that more businesses will move their operations outside the US, it seems to be the only language the United States government understands.

Almost. there.

[leuk_he]

Hardware feature I would like to see:
-LED on when camera is taking pictures/recording.
-LED on when microphone is recording.
-Looking like a normal phone, If it screams PRIVACY phone, one might think ik have somthing to hide.

Software features:
-Restrict apps to a sandbox without telling them that. (feed apps fake data instead)
-Some kind of firewall/virtualiszation between apps i use at home and work and real private part.
-Secure boot. rootkit prevention. Including option by bypass the secure boot for open source mods.

Marketing features i would like to see:
-Real use cases. (like work/home phone virtualisation.)
-privacy is always a tradeoff. being online means giving away some of your data. what trade offs are made?
-Access to some more technical details HOW the pricay part is implemented and what has not been implemented.
-Respected names from the pricacy industy who did have to do something in the design/implementation phase. trust is important.

and ... open source... so useful parts can be reviewed and ported to populars android mods.

Re:bork bork bork

[Anonymous Coward]

And yet it presents a positive trend: "maybe the people can directly fight the power with technology".

Just as the music industry can't make the government to stop the sharing of files, however many laws it buys, because it's just not feasible, a simple tool like this might give everyone a liberty just by making it too hard to take it away from the people.

Re:Almost. there.

[mrchaotica]

You forgot the most important feature:

The main SoC controls the baseband processor (and can firewall the rest of the system off from it), not the other way around. Or better yet, the baseband is Open Source.

Useless, or doomed to fail.

[Shadows]

I posted these same thoughts last time I saw a "secure" phone on slashdot. Apparently it was long enough ago that it's no longer in my post history?

Regardless, there are two options I am aware of: 1) end to end encryption or 2) insecure messages/communication

The problem with #1 is that it requires secure devices on BOTH ENDS of the communication. You get very little bonus security if your device is secure, but the text messages, emails, phone calles etc. go unencrypted over the wire. That's fine, but now I have to persuade my parents and all my friends to get THIS exact phone, understand how it works well enough to set it up, and actually use those features.

I have a lot of respect for Zimmerman, but I'm extremely skeptical.

Re:Open Source?

[FriendlyLurker]

If it is not Open Source then we can pretty much can forget about this. Limiting the product to a very small set of customers Vs the wider android market means that just by using this product you would be advertising yourself as a target for investigation. To be truly secure the majority need to be using encryption, not just a small subset of paying customers.

Maybe not going after the right target

[CanadianMacFan]

While I'm all for privacy and the government sticking it's nose out of my business I don't see how this phone really addresses the problem of privacy. The huge problem lately has been the governments sweeping up the meta data. So while your message may go through the system encrypted with this phone it's still going to leave a plain trail for everyone to see.

And placing the servers in Switzerland doesn't fill me with confidence for keeping the data safe either. They certainly caved pretty easily recently when it came to banking information so how fast is the government going to fold when the US wants the information to find terrorists and child molesters instead of tax cheats.

I'd trust it, just one kink,you don't get just one

[Trax3001BBS]

If Phil Zimmerman were involved in it I'd trust the security of the phone, it's just you don't just purchase one, but for everybody you call as well. One ain't going to do you any good.

Need a deadman's switch

[Quila]

They have to have an indicator somewhere saying they have not allowed any government access. Since it's their phones, maybe broadcast the fact of no-contact every day to all phones, and have the phones alert when they haven't received the notice.

Also, may want to to hash the binaries at their web site and make it available as a web service, and have a program to hash binaries for that version on the phone and check online. Make it SSL with certificates to avoid spoofing. This way, people can know if their individual phones may have been compromised.