Take back your privacy
We are hackers producing custom Android builds with a security focus to resist advanced surveillance and mobile exploits currently being peddled by the new global spying industry.
The exploit game, has completely changed. If you find a bug, you used to sell it to the software vendor so they could patch it. Now you would probably sell to a broker, who puts it out on the market to the highest bidder. Democracy activists across the world have reported being confronted with their text messages and conversations during unpleasant interrogations. Often these regimes simply went online to buy service from one of these intelligence corporations who happily sold them advanced spyware. Business travellers to China have reported their phones being broken into and data stolen to obtain intellectual property. Journalists who whistleblow regime corruption have had their phones illegally tapped to discover the identity of their sources. Criminals have had free reign, especially with the majority of smartphone users stuck with unpatched old software they are unable to update. It has also become a reality that your business competitors can now hire freelance crackers to compromise your phone(s) and gain intel.
The mobileverse is vulnerable to spying because it is a nightmare of proprietary telecom carrier builds that are seldom security updated and include hidden backdoors such as CarrierIQ, covert channels for tracking, data retention, apps that grant too many privileges, and are at risk to even the most basic attacks.
Therefore we have built a custom Android ROM that is stripped down to the bare minimum, set SELinux policy to protect against root privilege escalation attacks, and use audited open source end to end encryption for VoIP and text messages to eliminate spying. Our forensic attempts so far at trying to extract data from the prototypes have been foiled, but a professional software engineer review is still needed. Anybody can build a security system they themselves can't break into, third party review is essential.
What we need is:
- Funds for a professional C code security audit by experienced bsd developers
- Funds for a third-party forensic audit. We can't break in but more auditing the better
- Capital to buy bulk Samsung handsets to reflash and sell to fund development
Features
These phones will have
- Android JB base system stripped down, no GPS, NFC, Bluetooth or camera so no possible way for an attacker to enable them remotely or break into the phone by getting close enough to you. No adb shell on the phone to compile a driver.
- SElinux enforcing policy to prevent malware and exploits*
- Encrypted end to end voice over data using Redphone
- Encrypted end to end text messages using TextSecure
- Encrypted chat using Guardian Project Jabber with off the record encryption.
- Encrypted GnuPG email
- Tor
- Bitcoin integration
- Ability to use with an IPSec VPN
- Resistence to all currently known forensic methods.
- Anonymous prepaid data plan if you live in Canada (Future offering: top up with bitcoins)
*SElinux can't stop a kernel exploit but it can limit it's damage at least and sometimes even stop it from privilege escalating, thus preventing the malware from starting processes in order for it to start spying. It's not a foolproof kernel patch but at least it's something compared to nothing, which is what everybody else currently has.
None of the apps require an enterprise server to store your encryption keys, which is of course a central point of failure. If that server is compromised everybody using it is as well. Thus your communications are not subject to any third party handling or spying you control the keys.
These phones will also contain a few special forensic resistant hacks as well, including silently wiping the /data and /cache partition when an adversary tries to flash adb to the device through the recovery console. If you decide to buy a new phone to obtain a fresh IMEI (your phone identifier that towers track), you can flash CyanogenMod or even regular Android O/S back to the device and all functions including camera will work. Sell your phone on the open market, get a new device with a fresh IMEI and reflash the privacy ROM.
Donating benefits you
Funds will help form a full-time org dedicated to free secure communications, and the ROMs will always be free so by donating you are ensuring continuing development into decentralized mobile privacy and security, guaranteed by professional auditing, using open source software. If you want to start selling flashed privacy phones with plans in your local city anywhere in the world you can using our releases which will always be open. A major enterprise could also use these phones for secure business communications at a fraction of the cost of current proprietary solutions.
![]()
1Gh1yRDknzYT4BDqkCLsFSuhi8JKCb83r4
A few more reasons why this is desperately needed:
http://www.schneier.com/blog/archives/2013/01/man-in-the-midd_6.html - many mobile browsers do this to speed up traffic to your phone including Opera
http://www.schneier.com/blog/archives/2012/10/scary_iphone_ma.html - oops, should've disconnected that camera
http://wikileaks.org/the-spyfiles.html - intelligence contractors has ballooned the last few years into a global spying industry.
http://www.elcomsoft.com/eift.html - this tool decrypts any iphone with a click of a button, punching through the same operating system holes that jailbreakers use.
http://www.elcomsoft.com/eppb.html - thought your Blackberry was safe? Nope.
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ - these guy's are producing inhouse exploits, then leasing them to who knows what despotic regime to go after your data
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/ - thegrugq brokers exploits directly to intelligence agencies so they can develop malware like Flame and Stuxnet, and of course break into your iOS, Blackberry or Android phone.
