Language Selection

English French German Italian Portuguese Spanish

$629 Blackphone aims to hide you from the NSA

Filed under
Android
Linux

Like the idea of using a pocket-sized computer to make calls, send messages, surf the web, and smash birds into pigs… but don’t like the idea of government agencies snooping on your communications?

Read more ►

This promise of security

This promise of security smells of closed source and vendor lock-in ... I'm not in a hurry buy it (also, the price is quite unrealistic).

Trust

The backers of the phone have reputation that give them some trust (earned, not inherited).

I know, I have one of the

I know, I have one of the Geeksphone Firefox OS devices, but this is something else. Once they open source everything, _maybe_ then I'll change my opinion.

Fair point

Fair point. Either way, if they keep it proprietary they'll lose credibility.

A friend of mine wrote a bit

A friend of mine wrote a bit more on the subject:
https://manurevah.com/blah/en/blog/Monetising-Fear-Presents-the-Blackphone

SSL

Your friend's SSL cert is making it hard to access the site (the cert needs to be updated). There is now more coverage of the false promise of security, so you were right.

"This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States." -Important quote from the messenger himself

Android now has some nice Tor clients that Rianne and I are using, accessing this site via Russia, India, and so on. The server has good security, but it is located in the US and the Web side uses no SSL cert.

Self Signed SSL

Hi,

Just to add to Nux's comment, the SSL is fine. The issue you might be seeing is that it is signed by my own "CA".

You could avoid warnings by importing my Root CA, but that would mean I could produce and sign a certificate for google.com for example and your browser would trust it. This could worry some people as the average browser trusts over a 100 various organisations to behave and to be secure.

So as Nux said, there's nothing wrong with my SSL, there's something wrong with how SSL is implemented.

BTW, you can verify my SSL by using `dig`

dig manurevah.com TXT

Also, my website is available in cleartext as well: http://manurevah.com/blah/en/blog/Monetising-Fear-Presents-the-Blackphone

Cheers,

Useful to know perhaps

For some visitors that head towards the HTTPS version it might be hard to enter. It can be useful to know.

The SSL is just fine, feel

The SSL is just fine, feel free to inspect the cert. Smile

speaking of ssl

there is a https://tuxmachines.org
but it opens something else.

Host

I wasn't aware of it. Maybe we should just turn this site to SSL-enabled (at least as an option) for privacy?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

How To Encrypt DNS Traffic In Linux Using DNSCrypt

​Dnscrypt is a protocol that is used to improve DNS security by authenticating communications between a DNS client and a DNS resolver. DNSCrypt prevents DNS spoofing. It uses cryptographic signatures to verify that responses originate from the chosen DNS resolver and haven’t been tampered with. DNSCrypt is available for multi-platforms including Windows, MacOS, Unix, Android, iOS, Linux and even routers. Read
more

Debian-Based Untangle 13.0 Linux Firewall Tackles Bufferbloat, Adds New Features

Untangle NG Firewall, the open-source and powerful Debian-based network security platform featuring pluggable modules for network apps, has been updated to version 13.0, a major release adding new features and numerous improvements. The biggest improvement brought by the Untangle NG Firewall 13.0 release is to the poor latency generated by excess buffering in networking equipment, called bufferbloat, by supporting a queueing algorithm designed to optimize QoS and bandwidth to enforce a controlled delay. Read more

Kernel Space: HMM, Cloud Native, Linux 4.12, TFS, Linux 4.11.2, and 4.10 EoL

  • Faster machine learning is coming to the Linux kernel
    Heterogenous memory management (HMM) allows a device’s driver to mirror the address space for a process under its own memory management. As Red Hat developer Jérôme Glisse explains, this makes it easier for hardware devices like GPUs to directly access the memory of a process without the extra overhead of copying anything. It also doesn't violate the memory protection features afforded by modern OSes.
  • Product Development in the Age of Cloud Native
    Ever since the mass adoption of Agile development techniques and devops philosophies that attempt to eradication organizational silos, there’s been a welcome discussion on how to optimize development for continuous delivery on a massive scale. Some of the better known adages that have taken root as a result of this shift include “deploy in production after checking in code” (feasible due to the rigorous upfront testing required in this model), “infrastructure as code”, and a host of others that, taken out of context, would lead one down the path of chaos and mayhem. Indeed, the shift towards devops and agile methodologies and away from “waterfall” has led to a much needed evaluation of all processes around product and service delivery that were taken as a given in the very recent past.
  • Running Intel Kabylake Graphics On Linux 4.12
  • TFS File-System Still Aiming To Compete With ZFS, Written In Rust
    The developers behind the Rust-based Redox operating system continue working on the "TFS" file-system that they hope will compete with the long-standing ZFS file-system, but TFS isn't being tied to just Redox OS.
  • Linux Kernel 4.10 Reached End of Life, Users Urged to Move to Linux 4.11 Series
    Greg Kroah-Hartman informed the Linux community about the release and immediate availability of the seventeenth maintenance update to the Linux 4.10 kernel series, which also marked the end of life.
  • Linux Kernel 4.11.2 Has Many F2FS and CIFS Improvements, Lots of Updated Drivers

ROSA Fresh R9

ROSA is a desktop distribution that was originally forked from Mandriva Linux, but now is independently developed. While the company which produces ROSA is based in Russia, the distribution includes complete translations for multiple languages. The ROSA desktop distribution is designed to be easy to use and includes a range of popular applications and multimedia support. ROSA R9 is available in two editions, one featuring the KDE 4 desktop and the second featuring the KDE Plasma 5 desktop. These editions are scheduled to receive four years of support and security updates. I decided to download the Plasma edition of ROSA R9 and found the installation media to be approximately 2GB in size. Booting from the ROSA disc brings up a menu asking if we would like to load the distribution's live desktop environment or begin the installation process. Taking the live option brings up a graphical wizard that asks us a few questions. We are asked to select our preferred language from a list and accept the project's warranty and license. We are then asked to select our time zone and keyboard layout from lists. With these steps completed, the wizard disappears and the Plasma 5.9 desktop loads. Read more