That is a good point. I think it is usually the terms of service agreement that eliminates the need for a warrant here in the US. There will always be a sentence buried in the agreement, “we cooperate with all law enforcement requests.” The onstar service that gm includes with new cars is always happy to turn on the car microphone for any alphabet agency request.
With the worldwide Fedphone bust, I think they got so many people because they let it run for over a year. They had informants telling people, “You gotta get on Fedphone, man, it’s the only phone I trust.”
The note by Lincoln20XX should be read twice…perhaps 3X. @sidco I would be very suspect of a free encrypted phone.
Nothing is safe…such phones exist but you have no access to them. Your lines are not secure.
The end of human based text in cyberspace is near.
As much as you can trust grapheneos and the dude who created Samsung Knox and a former US GM at Samsung. Meaning that on top of all the ways I can verify for myself, there are big names behind this one. As much as I don’t trust Google their pixel phones have some big features in the security world that have yet to be broken in the wild. You absolutely cannot stop the NSA and their 0days, @Lincoln20XX has great points. This isn’t an off brand phone cooked by the FBI with proprietary encrypted chat apps like EncroPhone. We can actually verify the integrity of the system. Unlike any of the apps that come cooked with an everyday Verizon phone that you cant uninstall.
This would require somehow a hardware modified google pixel, which like I said I lack the knowhow or tools to verify, but if this was a honeypot big big names (Google, Samsung, DeNagy, GrapheneOS) would go down the drain with the release of that info.
Google and Samsung of which I am pretty sure are already in the NSA sphere (see wikileaks) as is Apple, Microsoft, and pretty much every other software provider you can think of. This is a good deal vs a cooked Chinese off brand phone. I have also worked with MLABs on other projects that have all been above board but never fully launched. Its all broken if you look at it that way, but this is way, way less broken.
For not being tech savy and having friends that are, they were thoroughly impressed with an off the shelf phone that has the ability to do what they do to phones
GrapheneOS looks not bad. A very quick scan of the parts of the security world I keep my eyes on suggest that it’s possibly better than standard Android, but the fact that it’s based on Android at all leaves it as a compromise at best.
The dude who “created the Samsung Knox platform” - by himself, with no other help I’m sure - and has had “Leadership roles at Accenture, Microsoft, Capgemini, Sprint, HP/EDS, Global Crossing, and GTE” - is likely very well-versed in knowing how to jump when a three letter agency knocks on the door.
Bingo. I’d be willing to bet a shiny nickel that the US government has some form of the keys to the kingdom on every Google/Samsung device in the wild. It might not be a blunt encryption backdoor. It might require hardware access.
Ever sent your phone off for an RMA? Have you ever left it in the hands of any third party to fix the screen, the battery, or anything else?
Suppose you care specifically about the US government snooping on your encrypted communications. In that case, I’d argue that the “cooked Chinese off-brand phone” you’ve secured yourself and use for only a limited time is a better security choice than Google or Samsung hardware. The Chinese government isn’t handing hardware access to the US gov. [EDIT: This doesn’t mean that the US government does not have hardware-level access. It just means that if they do, they probably had to work a tiny bit harder for it.]
Because so many companies got shut down for being discovered to be complicit and actively cooperating with the NSA et al in the Snowden leaks. Or will. Any day now…
I vastly prefer to not pretend that I have the illusion of security and privacy.
The admins on the forums you are a part of can and will read your private messages.
WhatsApp is “end to end encrypted” with Facebook/Meta totally pinky swear promising they won’t break that encryption. AKA it’s not encrypted in any way you can rely on.
Whisper is absolutely broken. It’s quasi-anaonymous, not secure. Don’t use it.
Signal looks ok so far. I wouldn’t trust it for anything sensitive if it were a “end up in a small windowless room if I’m wrong” type situation, if only because I cannot trust the hardware it runs on.
Tor is also not-useless but it’s also been pretty conclusively shown to not be nearly as secure or anonymous as you’d hope.
Anything you send unencrypted over the internet or the public telephone system is absolutely recorded somewhere.
If it’s electronic, someone else is almost certainly reading it or can read or access it at will, unless it’s completely air-gapped and doesn’t have any communication hardware. Encryption is unlikely to protect you over the long term. Possibly not in the short term.
Telling yourself anything else is just selling a false sense of security.
This looks like a “might give you more protection from non-state actors” device at best. Which is cool and all, but non-state actors generally aren’t really the ones you need to worry about in the long term.
It’s good that you’re open about the fact that you make a profit from anyone buying one of these with your affiliate/discount code, because I still don’t see this as anything other than a false sense of security being sold to those who don’t or can’t know what the risks and trade-offs are.
Very much in agreement here. I have wondered for sometime why Motorola had not gone back and just produced a US made (all subsystems and chips) simple phone for advanced communications…that is safe from spying excepting just the NSA.
It’s the google effect of selling your data to hundreds of other corporation, that is the problem, or perhaps we have numerous INTEL groups who have bifurcated in their ultimate goals concerning data collection , AI analysis and Flow Control. Why hasn’t Motorola done this? Or NOKIA in Europe. It is not healthy. Let us all face it: the “Proud Boys did not kill Seth Rich”. Capisce? Yet detailed plans of counter intel scenarios show up as emails on their phones. What ever phone you carry, it is not YOUR DEVICE. It is not whether you believe MLABS are good intentioned, it is a matter of how vulnerable the human aspect of MLABS is: it NOT how vulnerable the phone hardware/software is. Phishing at grand scale is social engineering. Weak link is the wet computer in the human realm.
Probably a good rule of thumb for the near future, if you have a secrete do not even think it within 12” of your cell phone or iPad. Sad reality….and what ever you do , do not “chat with an AI”, it is what you don’t say that is more interesting than what you do say. Yes, AI is up to the task.
Because “this company” is literally just 3 dudes, 2 of which many here know personally…not some corporation…that’s exactly why they made this phone…and if the architect behind this forum, @sidco, says it passes his smell test thats even more reason to choose MLabs secure phone over a commercial model from a larger corporate entity
Great. The people who know them can put that information into the decision matrix they use to evaluate this device.
Whom I don’t know personally and have no reason to specifically trust the judgement of, and who directly benefits from advertising this device.
My knowledge of Sidco’s experience starts and stops at “started a forum for cannabis people to shoot the shit, appears to know a thing or two about networking and server administration.” Someone with that knowledge is more likely than the average person to be able to adequately assess the validity of the claims made by the device vendors. He may personally know the people who developed it. He may in fact be someone who has deep knowledge of the tradeoffs of systems of this type, and the many pieces that go into maintaining effective security relative to your personal threat model.
But I have no way of assessing that.
This all boils down to arguments from authority.
If you have reason to believe that those who are promoting this system have no reason to compromise it, and those advertising it are doing so because they truly believe that it is a beneficial thing for people to have, great.
To be super clear: this device might be exactly what it says on the tin. It might even be secure at the hardware level from a nation-state that wants the information contained within its memory.
In my opinion, for the vast majority of situations, that matters exactly not one bit. If the device itself can’t be broken - which I believe is doubtful - whoever wants the info on it will use the classic wrench decryption method.
Or they’ll take the time to work their way into your social circle and get the info through the weakest link in any security protocol: the humans.
If you’re concerned about google tracking you, as soon as you do anything from a different user profile but on the same device and network and IP, those actions are now linked.
And if you’re connecting to the internet with a device that doesn’t have any of the usual metadata/flags associated with it, and the user behaviour is markedly different than almost everything else out there, that’s a fingerprint in and of itself.
This device may or may not be a useful tool to have in one’s toolkit. One way or another, it’s a neat idea, and I like to see more security-focused stuff out there. But it seems to me to be nearly as much of a threat vector as any standard Google or Samsung device. It may be better in some ways. But I would put it in the same order of magnitude. Is the marginal difference worth it for the money? Not for me. Perhaps for someone else.
I dont trust companies who can make money off of products tell me they have my best interst at heart.
I try to be somewhat secure and practice opsec at all times, while driving etc. even if Im clean. i use signal, encrypted emails, one time pads, and sometimes use sign language. I use a faraday cage for the phones, dont use wifi when looking up some things, use tor and , more specifically, TAILS, when using the computer. i use pgp (pretty good privacy, 99.9999999% unbreakable encryption).
I trust TAILS but i wouldnt get a USB stick with TAILS on it from a person who may have compomised or allowed it to be compomised. for the same reason i wouldnt use a “secure” phone someone else built.
Phones themselves arent secure, we just try to make them a little better.
In the crypto world when buying cold wallets people actively not trust any device that was not sent straight from the mfg or a confirm reseller. They even put safety seals on the package to verify the package was never opened. And some devices even brick if it detects the device was opened.
Cutting out the middle man makes everything 100% more secure.
“Why would you trust this company”
“Because “this company” is literally just 3 dudes, 2 of which many here know personally”
That makes me trust this even less. Stealing yo SOPs when you thinking you safe.
That also explains why googling mlabs phone shows no mentions of it anywhere on the internet, but this site. The phone was created for this site?
I did find exactly one other mention of it and it was only by using the image search and visiting the site with the image. It was from a cannabis equipment supplier selling the phones, which is now not in stock.
Sold for a year and only mentioned on one site on the entire internet.
Would not just be SOPs too, it’s everything. SOPs also existed before 2021.
The website is also now nonfunctional, probably from super low sales.
Edit: it’s also sus you think it’s legit cause it was started and put for sale at certain dates. And had me thinking wtf you talking about. How did you even know it was put for sale for 1 year. There is absolutely no mention of it on google. Care to elaborate?
Edi2: sry for the edits, I don’t always post all my thoughts in one go, but think it’s important.
You know what a LLC is right?
“The limited liability company (LLC) is a corporate structure that protects its owners from being personally pursued for repayment of the company’s debts or liabilities.”
" Can a LLC be sued? Generally, an owner of an LLC is not legally responsible for the actions of the business. Therefore, an owner cannot be sued for the obligations of the company ."
For a big company you can sue for the companies assets, but small companies that keep very little assets, you’re probably gonna be wasting your time.
So,you guys think that if the dea went and asked sidco to let them sell y’all a phone or go to prison , he gonna say no?
Just being devil’s advocate here.
Would love to know more information about the platform it’s built on.
I’m very familiar with cell privacy , or lack there of that we live with . Unfortunately I doubt the spying can even be bypassed now without getting rid of the phone .
