Do any your phones use Qualcomm chips? If so, that seems like a critical security and privacy issue that I hope you’re dealing with in a provably secure way.
I really want you and Mlabs to succeed. My posts are intended to help you, and convince MLabs investors to put pressure on you to do this right. Many people (myself included) would benefit from your phone. But, the vast majority of F4200 members and MLabl’s potential user base don’t know what to ask or expect in terms of security vetting and trust. So I felt it’s important to be the devil’s advocate, and when I got zero useful responses from you to my reasonable and friendly questions (in my first post to you), I took a harder tone because it started to feel like security theater and a ‘trust us blindly’ attitude from you.
You would never see what I consider ‘real’ security experts take your approach of dismissing the need for design docs, audits, and transparency. And there’s no way any large companies with a CTO worth a damn would ever use MLabs until you do the minimum steps required to make a secure phone (refer to this thread).
That’s why I came down hard, there’s too much at stake to not take it seriously.
EDIT:
@Mlabsindustries if you took some of the steps we suggest above, basically moving 180 degrees in the opposite direction you’re going now, I promise that Mlabs (and you) would be very warmly received and get praised and kudos for the efforts (at least by members who aren’t here just for lulz). Along with probably getting at least a few sales.
BTW, have you considered renting phones and including a secure wipe/shred feature so the renter can wipe the phone before sending it back? Renting phones may be a good way to let prospective customers wet their toes before kicking down $2,000.
In my experience it’s not the government surveilling you as a small time offender that you have to worry about.
It’s about the fact that there is a record of every unsecured communication you have sent or recieved that can be referenced should you ever fall under scrutiny for any reason significant enought to warrant the subpoena of your phone records
I would akin it to a privacy phone, not a paranoid phone. Some people don’t want ‘okay google’ and a bunch of other proprietary crap listening and recording everything they do. Some people don’t care but I think they would if they knew the true extent of the invasion.
Good points for sure. But I would get one if I could trust the company’s methods and it wasn’t $2,000. If only because I’m a geek and would like to check it out. I can think of a few other reasons to get one for some people that may visit this site (if they weren’t $2000 each).
A secure phone with VoIP (Voice over IP) over Tor or good VPN is required IMO for a phone to be secure and anonymized (along with wrapper like Orbot forcing all data through Tor). I have no clue if MLabs includes anonymized VoIP because they don’t share any design docs or product info.
EDIT:
If my threat model demanded a secure or secure and anonymized phone, I would personally just roll my own phone,. But I would need at least a couple of weeks to research best methods, etc., and another week or more to get it done. So, at least one months’ time to make a working secure and anonymous phone (in best case). So if a company can provide a similar device at an affordable price it’s a win-win IMO (saving me weeks of learning that I could spend on other things).
You guys are thinking too small (as in, you’re not seeing outside of your own lived experience):
What about people in who are repressed by their governments, like, say, women in Iran scheduling a hijab free protest (where a normal phone could lead to their death)?
Or a young pregnant women of color in Texas who needs an abortion to save her life, but her abusive spouse is a anti-abortion (where a normal phone could let her spouse learn of her abortion and lead to her death)?
There are many reasons why people who aren’t you (or Killa, etc.) NEED a secure and anonymized phone. Most of us are privileged enough to not fear death if the wrong person gets our phone, but many people are not so fortunate.
And here’s a great real-world example:
Many people make the same claims about Tor that you did about a secure phone being for paranoid people and whatnot.
However, without the portable TorBrowser bundle (and hence, the Tor network from a USB), the Arab Spring (and related 2011 Egyptian revolution) never could have occurred.
It’s only because someone created TorBrowser and made it portable that millions of people in the Arab world were able to stand up for themselves and demand their human rights.
That means all the people protesting the brutality, murder, and violence by their repressive governments would have been unable to make the enormous changes they did.
Without the portable TorBrowser bundle thousands of protesters would have been disappeared, imprisoned, maimed, raped, and murdered.
Note that Jacob Appelbaum was forced out as a Tor dev for repeated sexual aggression and abuse. A disgusting ending to an amazingly talented programmer and Tor dev (he was building TorBirdy when he was booted by Roger Dingledine - think TorBrowser but for Thunderbrid email client instead of Firefox).
But my point is you’re still not thinking outside of your own lived experiences. That’s not an insult to you, it’s just human nature. It takes work and effort to put yourself in others’ shoes when their shoes are nothing like your shoes.
For example, there are women on this forum, and some of them could have an abusive spouse or family member who if they found out the women had an abortion would hurt or kill them.
