There is this carrier I stumbled upon called Cape, calls itself America’s privacy first carrier.
It claims to offer privacy and security and to only store necessary information.
We don’t collect your name, social security number, address, or other personal information. Any data we do receive (like call logs) is deleted after 60 days.
We secure your account against SIM swaps—attacks to steal your phone number and access your accounts—with modern cryptography protocols.
Our proprietary signaling protection blocks attempts by bad actors to intercept calls and SMS via outdated signaling protocols like SS7.
Voicemails can hold sensitive information like 2FA codes. Cape encrypts your voicemails so only you have access to them.
We don’t collect your name or billing address at checkout, and Cape never sees your credit card details.
Anonymous sign-up
They are also partnered with Proton
Here is a detailed list of what data they collect
They are currently offering a $1.50 trial for one month.
The CEO, John Doyle, was a communications specialist in the U.S. Army and worked for Palantir.
Thoughts?
At least where I live there are laws to collect this info. Is it not regulated in Murica?
This just dosent make ANY sense. Sim swaps are done via social engeneering.
If they wanted to be private, it would be Open source.
Since when do people send 2fa codes via voicemail? The fuck? Just use signal.
Me smell honey
Also, they DO collect your Credit card data. Not they themselves, but Stripe. So Stripe knows every detail about you.
See this for details. Their tech support people do not have the access necessary to move a line so there’s nobody to social engineer. Only the customer can start the process to move a line after cryptographic authentication using BIP-39.
I’m really tired of this trope in the privacy community. Open source does not mean private. Nobody is capable of reviewing the massive amount of code used by a modern system as complex as a phone operating system and cellular network. There’s no way to audit the network to know that it’s all running the reciewed open source code either.
There are many 2FA systems that offer to call your number so the system can tell you your 2FA code.
The part where I share your reaction to Cape is about identifying customers. This page goes into detail about these aspects, and it has a lot of things that are indeed better than any other carrier out there.
But it’s a long distance short of being private. They’re a “heavy MVNO”. This means their customers’ phones are still using other carriers’ cell towers, and those can still collect and log IMSI and device location information. Privacy researchers have demonstrated that it is quite easy to deanonymize someone with very little location information.
On top of that, every call or text goes to another device. If it goes through another core network, most call metadata is still collected, logged, and sold.
If we accept all of Cape’s claims, it’s significantly better than any other carrier I’m aware of, but it’s still far from what most people in this community would consider private.
The coverage is only in America, I guess it doesn’t need to be collected over there
They use Digital Signatures instead of usernames and passwords. Cape employees don’t port out numbers and only you can with a 24 word seedphrase you can read more about it here so I guess they are more secure compared to others.
This has to be a joke, what do you mean “just use signal” and “open source” ???
Stripe handles the actual card details, while Cape only receives the token, which cannot be mapped to your real credit card number. Stripe generates a token that is stored on cape’s systems to confirm a payment has been made. Cape does not store your credit card number. Cape does not associate tokens to subscribers
Good thing the founding financiers of Stripe, Cape, and Palantir aren’t the same person.