Hacker News new | ask | show | jobs
by captainmuon 1841 days ago
Maybe it is not normal, but when I read about these gangsterphones I think, hmm I want to make my own (legit) secure phone :-)

It seems they use off-the-shelf phones and put a custom ROM on them. Can anybody recommend a state of the art phone that has good custom ROM support (close to mainline Linux if possible; custom images have full hardware support)?

I imagine to use it for "citizen journalism", i.e. safely taking pictures and posting them anonymously to social media. For that reason the PinePhone would be out - it doesn't have a very good camera and doesn't run social media apps.
5 comments
merlinscholz 1841 days ago
Usually Google Pixel phones have the best OS support and the most hardware security features. Most security focused Android distros are only available for them:

https://grapheneos.org/faq#device-support

link
willis936 1841 days ago
Practically speaking, an iPhone is your best bet in terms of least likely to be backdoored and best security practices. Everything spooky like location services, tracking, phoning home, etc. is well explained in the settings and can be turned off. If you just want a secure hardware platform there is no reason to attempt to reinvent the wheel and increase your surface area.

VPNs work fine on them. You can set up your own tor nodes to VPN in behind from another VPN, etc. A tinfoil hat can have many layers.

It just won't be a cheap secondary burner toy phone because they're so expensive.

link
GekkePrutser 1841 days ago
These gangsterphones are far from cheap. I remember the earlier network of them that was taken down in the Netherlands. I forget the name but the phones apparently cost around €2000 which is more than the most expensive iPhone you can buy.

I guess gangsters only trust other shady types to sell them stuff. In this case the trust was misplaced because they stored all the keys centrally and the cops were listening in for months before they shut it down.

link
willis936 1841 days ago
Sounds like they're suckers. Higher prices should be setting off "con" alerts in their head. I wouldn't trust someone who can't do proper risk assessment to sell me drugs.
link
hkyigkfnrj 1841 days ago
Or maybe they are thinking that if they pay a lot, they "are not the product".

A bit like buying Apple, which is also very expensive.

link
mytailorisrich 1841 days ago
It (encrochat) worked well and the network was brought down when the police go access the the servers (physical access, I believe).

On a side note, conning international criminals carries a level of risk to one's health...

link
_abox 1840 days ago
It didn't work well. It stored encryption keys centrally and because of that the police was listening in for months without anyone knowing before they shut it down.

For an encrypted phone network that's pretty much the opposite of working well. Even with the servers compromised the network should remain secure. Like it is with Signal and even WhatsApp.

I always wonder why such networks make mistakes like storing key material centrally. I suppose telling a crime lord that he can't have his messages back because he forgot his PIN code is not fun. But neither is having their network cracked by the police I guess.

link
willis936 1841 days ago
>conning international criminal carries a level of risk to one's health

True, but so does cooperating with authorities to be a honeypot. Branding yourself as a legitimate business for criminals is a Bad Idea for the very reason encrochat learned. The criminals should be thinking the same way.

link
mytailorisrich 1841 days ago
> True, but so does cooperating with authorities to be a honeypot

I'm not aware that Encrochat did anything of the sort.

link
joemazerino 1841 days ago
Are you sure that an iPhone can be completely cut off from Apple?
link
willis936 1841 days ago
Yes, by simple means of IP filtering *apple.com from a network you VPN to if you don't trust the device to honor the settings. The device will still work.

You'll be hardpressed to find a more secure hardware platform on android.

https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...

link
sloshnmosh 1841 days ago
You’ll also want something that can also catch CNAME’s (such as Pihole) because Apple uses content delivery servers such as Akamai for a lot of their data transfers.
link
willis936 1841 days ago
True. If it were me who really cared about phoning home, I would buy a fresh iPhone, put it on its own WLAN from first boot, then record all packets from it for a month (plus some prodding of opening apps and changing settings). That should build a relatively comprehensive list of addresses to consider filtering.

Short of living in a shack in the woods, we will all have to trust someone at some point. I'm content to trust Apple to not lie on their documents, so the more important security and privacy checkboxes are ticked.

link
zokula 1840 days ago
Every iPhone comes with an backdoor.
link
willis936 1840 days ago
[Citation needed]
link
nuker 1841 days ago
> Can anybody recommend a state of the art phone that has good custom ROM support

I'd try this: https://wiki.lineageos.org/devices/

link
lvass 1841 days ago
Running social media apps is the furthest from secure I would imagine. You could just use a web browser if you really wanted to.
link
user-the-name 1841 days ago
> when I read about these gangsterphones I think, hmm I want to make my own (legit) secure phone

Why? They are used by gangsters. These are not nice people. They are not people with innocent secrets they need to keep from those who would oppress them. They are people who murder, who ruin lives, and who undermine peaceful society.

You would objectively be making the world a worse place by helping them. Why would you want to do that?

link
emptyparadise 1841 days ago
No encryption scheme can tell the difference between a protest organizer and a drug dealer.
link
AJ007 1840 days ago
More than that, consider what percentage of the worlds population can be imprisoned or executed for things we in the West would consider mundane activity.

The greatest moral failure of Silicon Valley and American tech was enabling human rights abuses on a massive scale by selling hardware and software to oppressive and ultimately illegitimate governments during the early days of the internet. The ship has sailed on that one now, perhaps, with the early assistance in building the Great Firewall of China for example.

There remains a moral obligation for American companies to build secure communication platforms for the internet. Instead they drift further, yielding to demands from governments to host data (which often never should have been stored) locally.

The most disturbing trend I have seen over the last decade on hacker news is the shift from support of an open and free internet to an internet of control and censorship. I can only conclude that all is lost if the core engineers and hackers who build and design these systems can no longer explain why this is important but rather argue why the internet shouldn’t be secure.

There are many unintended implications to this, one being American intelligence agents can no longer operate safely abroad. Others include the withering of development in the protocols and standards from which the internet was born, a redirection of talent and resources to private companies and private networks which are constructed in a way to build monopolies and then extract rent from its users. Facebook could be built on the web, but nothing lasting could be built on Facebook.

That’s my rant.

link
user-the-name 1840 days ago
But this story and these "gangsterphones" are very much built for and distributed specifically and only to criminals.
link