There is this carrier I stumbled upon called Cape, calls itself America’s privacy first carrier.
It claims to offer privacy and security and to only store necessary information.
We don’t collect your name, social security number, address, or other personal information. Any data we do receive (like call logs) is deleted after 60 days.
We secure your account against SIM swaps—attacks to steal your phone number and access your accounts—with modern cryptography protocols.
Our proprietary signaling protection blocks attempts by bad actors to intercept calls and SMS via outdated signaling protocols like SS7.
Voicemails can hold sensitive information like 2FA codes. Cape encrypts your voicemails so only you have access to them.
We don’t collect your name or billing address at checkout, and Cape never sees your credit card details.
Anonymous sign-up
They are also partnered with Proton
Here is a detailed list of what data they collect
They are currently offering a $1.50 trial for one month.
The CEO, John Doyle, was a communications specialist in the U.S. Army and worked for Palantir.
Thoughts?
Yeah I wouldn’t put my dick in that.
There is perhaps an opportunity there. You can’t be sure that they won’t collect location information or information off your phone. But if you took precautions to make sure you were anonymous when you purchased the stuff, and the device you are using was divorced from you entirely, you just have to make sure you never ever turn it on at home. Getting a working phone number/sim without an SSN/address identification isn’t nothing.
I don’t trust that stripe wouldn’t out you. So you’d need to protect your payment info.
I don’t trust that they won’t locate you or log your communication or handle your communication or location in a way that could be tracked by a powerful third party.
That said, 99 bucks a month is pretty expensive to get an unidentified sim from a company you can’t necessarily trust.
I’m not judging them on their claims, but their cost compared to other MVNOs is insane. The extra features they add do not seem worth the $99 they want to charge.
Major anom vibes.
Sounds like good ol’ too-good-to-be-true honeytrappery to me, but that’s pure knee-jerk speculation on my part. Army+Palantir = massive alarm bells in my book, and Proton has a growing number of issues that have tainted their reputation.
I also don’t know how it would even be possible to legally operate a privacy-centric carrier in the US given the requirements of the Patriot Act/etc. To say nothing of how deeply intertwined they all are with alphabet agencies and data brokers.
At the very least I’d use extreme caution and operate under the assumption that they’re not being 100% truthful.
The Patriot Act was sunset years ago, and even before that it had nothing to do with requiring companies to collect information.
Many of its mechanisms effectively forced entire industries to require a ton more identification, record-keeping, and access by law enforcement… particularly financial and telecom companies. Or at least that’s how courts and corporate lawyers ultimately interpreted it. Potato, potato.
Though you are right that the act itself was not reauthorized in 2020. I must have missed the final vote, after its initial passage. That said, plenty of its impacts remain as they’ve been spun off into their own bits of legislation. I suppose “post-Patriot-Act America” would have been more accurate for me to say. Apologies!
It would be the first ever telecom honeypot. Even if it was a honeypot, nothing sufficient can be collected and it would not make sense to waste so much resources on an entire telecom company for no info. Just does not make sense
Don’t be paranoid whenever you stumble upon a privacy company because If everybody doesn’t trust a decent privacy focused company like you, the company will fall. You can’t just assume something is a honeypot because of small details.
Looks interesting, but it’s the first time I’ve heard of them and I’m wary about the CEOs ties to palantir and the fact that its a US-based company. I’ll wait for others to do some deeper research into the company first.
Signal is also US-based and Cape is literally a carrier with coverage only in America. I found one of there employees that previously worked 9 years with DuckDuckGo and is now working with Cape.
collect your name, social security number, address, or other personal information.
At least where I live there are laws to collect this info. Is it not regulated in Murica?
We secure your account against SIM swaps…with modern cryptography protocols.
This just dosent make ANY sense. Sim swaps are done via social engeneering.
proprietary signaling protection
If they wanted to be private, it would be Open source.
Voicemails can hold sensitive information like 2FA codes.
Since when do people send 2fa codes via voicemail? The fuck? Just use signal.
U.S. Army and worked for Palantir.
Me smell honey
Also, they DO collect your Credit card data. Not they themselves, but Stripe. So Stripe knows every detail about you.
We secure your account against SIM swaps…with modern cryptography protocols.
This just dosent make ANY sense. Sim swaps are done via social engeneering.
See this for details. Their tech support people do not have the access necessary to move a line so there’s nobody to social engineer. Only the customer can start the process to move a line after cryptographic authentication using BIP-39.
proprietary signaling protection
If they wanted to be private, it would be Open source.
I’m really tired of this trope in the privacy community. Open source does not mean private. Nobody is capable of reviewing the massive amount of code used by a modern system as complex as a phone operating system and cellular network. There’s no way to audit the network to know that it’s all running the reciewed open source code either.
Voicemails can hold sensitive information like 2FA codes.
Since when do people send 2fa codes via voicemail? The fuck? Just use signal.
There are many 2FA systems that offer to call your number so the system can tell you your 2FA code.
The part where I share your reaction to Cape is about identifying customers. This page goes into detail about these aspects, and it has a lot of things that are indeed better than any other carrier out there.
But it’s a long distance short of being private. They’re a “heavy MVNO”. This means their customers’ phones are still using other carriers’ cell towers, and those can still collect and log IMSI and device location information. Privacy researchers have demonstrated that it is quite easy to deanonymize someone with very little location information.
On top of that, every call or text goes to another device. If it goes through another core network, most call metadata is still collected, logged, and sold.
If we accept all of Cape’s claims, it’s significantly better than any other carrier I’m aware of, but it’s still far from what most people in this community would consider private.
The coverage is only in America, I guess it doesn’t need to be collected over there
They use Digital Signatures instead of usernames and passwords. Cape employees don’t port out numbers and only you can with a 24 word seedphrase you can read more about it here so I guess they are more secure compared to others.
This has to be a joke, what do you mean “just use signal” and “open source” ???
Stripe handles the actual card details, while Cape only receives the token, which cannot be mapped to your real credit card number. Stripe generates a token that is stored on cape’s systems to confirm a payment has been made. Cape does not store your credit card number. Cape does not associate tokens to subscribers
Stripe handles the actual card details, while Cape only receives the token, which cannot be mapped to your real credit card number.
Good thing the founding financiers of Stripe, Cape, and Palantir aren’t the same person.
