[willis936]

Practically speaking, an iPhone is your best bet in terms of least likely to be backdoored and best security practices. Everything spooky like location services, tracking, phoning home, etc. is well explained in the settings and can be turned off. If you just want a secure hardware platform there is no reason to attempt to reinvent the wheel and increase your surface area.

VPNs work fine on them. You can set up your own tor nodes to VPN in behind from another VPN, etc. A tinfoil hat can have many layers.

It just won't be a cheap secondary burner toy phone because they're so expensive.

[GekkePrutser]

These gangsterphones are far from cheap. I remember the earlier network of them that was taken down in the Netherlands. I forget the name but the phones apparently cost around €2000 which is more than the most expensive iPhone you can buy.

I guess gangsters only trust other shady types to sell them stuff. In this case the trust was misplaced because they stored all the keys centrally and the cops were listening in for months before they shut it down.

[willis936]

Sounds like they're suckers. Higher prices should be setting off "con" alerts in their head. I wouldn't trust someone who can't do proper risk assessment to sell me drugs.

[hkyigkfnrj]

Or maybe they are thinking that if they pay a lot, they "are not the product".

A bit like buying Apple, which is also very expensive.

[mytailorisrich]

It (encrochat) worked well and the network was brought down when the police go access the the servers (physical access, I believe).

On a side note, conning international criminals carries a level of risk to one's health...

[_abox]

It didn't work well. It stored encryption keys centrally and because of that the police was listening in for months without anyone knowing before they shut it down.

For an encrypted phone network that's pretty much the opposite of working well. Even with the servers compromised the network should remain secure. Like it is with Signal and even WhatsApp.

I always wonder why such networks make mistakes like storing key material centrally. I suppose telling a crime lord that he can't have his messages back because he forgot his PIN code is not fun. But neither is having their network cracked by the police I guess.

[willis936]

>conning international criminal carries a level of risk to one's health

True, but so does cooperating with authorities to be a honeypot. Branding yourself as a legitimate business for criminals is a Bad Idea for the very reason encrochat learned. The criminals should be thinking the same way.

[mytailorisrich]

> True, but so does cooperating with authorities to be a honeypot

I'm not aware that Encrochat did anything of the sort.

[joemazerino]

Are you sure that an iPhone can be completely cut off from Apple?

[willis936]

Yes, by simple means of IP filtering *apple.com from a network you VPN to if you don't trust the device to honor the settings. The device will still work.

You'll be hardpressed to find a more secure hardware platform on android.

https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/app...

[sloshnmosh]

You’ll also want something that can also catch CNAME’s (such as Pihole) because Apple uses content delivery servers such as Akamai for a lot of their data transfers.

[willis936]

True. If it were me who really cared about phoning home, I would buy a fresh iPhone, put it on its own WLAN from first boot, then record all packets from it for a month (plus some prodding of opening apps and changing settings). That should build a relatively comprehensive list of addresses to consider filtering.

Short of living in a shack in the woods, we will all have to trust someone at some point. I'm content to trust Apple to not lie on their documents, so the more important security and privacy checkboxes are ticked.

[zokula]

Every iPhone comes with an backdoor.

[willis936]

[Citation needed]