[deleted]
pixpot how many of such devices are you aiming to redistribute roughly? Straight question. Straight answer.
Using GrapheneOS as a base for a consumer product
Reminds me of the anom phone .
de0u What does "anonymous SIM card" mean? Can you provide an example?
pixpot Absolutely. The phones is shipped with an anonymous sim card that is not registered to any person or company. It can still be used like a regular prepaid sim card but no name is connected to the sim card.
I am skeptical that it is possible to have SIM cards that will be recognized by cellular carriers without being registered to "any person or company". If that is possible, can you provide an example of some company or organization that is offering those today?
pixpot If there is any other way to make "triangulation" estimating a location of a phone more difficult please share what you know about it.
I'm afraid that what you (and many others) want is in opposition to not only physics but also economics.
Wireless data sure is convenient! But in the universe we inhabit, radio has certain inconvenient properties. High-frequency RF is great for carrying lots of bits per second, but it's shorter-range and more easily locateable. Lower-frequency RF is harder to pinpoint but can't carry lots of data.
People could spend hundreds of billions of dollars to build high-speed wireless networks with pretty good anonymity, but those networks would be immediately and continuously abused by griefers, so it's not likely that people will spend money that way.
If your business model is "pay us extra for a seriously locked-down phone", that could be implemented, though it's not immediately obvious who would want one. But if your business model is "pay us extra for a phone that enables you to use a cellular tracking network except without tracking", I agree that sounds cool but suspect it isn't going to happen any time soon. Maybe eventually somebody will invent quantum entanglement communication devices, and cellular microwave networks will fall into disuse, but I'm not holding my breath.
[deleted]
All I can tell you is, I am one of those privileged to use Graphene OS (while stock lasts). I would not change it for the world, even though AOSP keyboard gives me grief and that is a fact.
Blastoidea You presently have users?
I may be confused.
No, we are still in the prototyping faze but we have a pre order for 200 phones.
pixpot
Are you in a position to define “affordable” at this time?
de0u I am skeptical that it is possible to have SIM cards that will be recognized by cellular carriers without being registered to "any person or company". If that is possible, can you provide an example of some company or organization that is offering those today?
It's absolutely possible. Despite the lack of direct identification, mobile network operators still allow anonymous prepaid SIM cards to access the internet and communicate over cellular networks. The network identifies the SIM card based on its unique International Mobile Subscriber Identity (IMSI) and the authentication keys stored on the SIM card. The IMSI is not directly tied to the user's identity during the purchase process, making it more challenging to trace back to an individual.
We have a source (it's not hard to find) on how to get these sim cards. I will not post the source on this public forum.
Blastoidea Are you in a position to define “affordable” at this time
Yes, I can try. But it depends on a couple of things.
The phone we choose (Pixel 4 costs about 200 USD)
The amount of time required to prepare each phone
Out target price is around 500-600 USD
pixpot
Thanks.
Thanks for all the replies. Eve though I tried in my original post to define what we are doing I'll do a summarize pit project and business model here:
We are building a phone that needs to be as secure, anonymous and privacy oriented as possible using small means and a limited budget. We aim to make everything as cheap and easy for the end user as possible.
The phone will be using a custom security hardened version of an OS (hopefully GrapheneOS)
The stripped down OS will include only one app, a custom version of Signal and will be using the official Signal infrastructure.
Once we have a working prototype we will buy cheap phones in bulk and flash them with our custom build and then sell them to consumers anonymously.
I came here to see if I could find some advice on if using GrapheneOS was a good fit for our product and in my OP I asked som more technical questions that I hoped to bet some answers to.
Im also happy to answer any question you might have (or even to collaborate). We do have funding and a business plan in place.
pixpot Pixel 4 costs about 200 USD
Pixel 4 firmware support is over, so anybody who would buy a locked-down Pixel 4 would be buying something running firmware with vulnerabilities that won't be tracked or fixed.
pixpot Despite the lack of direct identification, mobile network operators still allow anonymous prepaid SIM cards to access the internet and communicate over cellular networks. The network identifies the SIM card based on its unique International Mobile Subscriber Identity (IMSI) and the authentication keys stored on the SIM card. The IMSI is not directly tied to the user's identity during the purchase process, making it more challenging to trace back to an individual.
An earlier claim was "not registered to any person or company", which is quite different from "not directly tied to the user's identity" / "more challenging to trace back to an individual".
If I were to purchase a phone from your company with an "anonymous" SIM in it, I could choose to assume that your company hadn't recorded which SIM card you shipped with my phone, but personally I wouldn't make such an assumption.
Meanwhile, though indeed there are lots of people selling "anonymous SIM cards" online, making all sorts of claims (including "GPS spoofing", LOL), that doesn't make those claims accurate. This piece might be of interest: Anonymous SIM card scam, especially the "Anonymous SIM cards are really anonymous?" part.
At some point if your company does ship "anonymous SIM cards" to your customers, the customers (and anybody publishing a review of the product) will discover who issued the SIM cards, and be able to evaluate claims like "anonymous", "not registered to any person or company", "more challenging to trace back to an individual", etc. But a claim that your company can provide SIM cards that would shield "journalists under repressive governments" is an extraordinary claim that calls for extraordinary evidence.
The company seems to be targeting Sky Global's market, or am I mistaken?
That's a bit risky. I'd say the biggest risk is being dragged to legal complications by unsavory clients if authorities figure that SIM scheme of yours means you're aiding your clients in their activities.
As for the technical side, some further considerations:
- using Starlink instead of cell towers? Or bundle a gli router with the phone.
- removing the phone's camera & microphone as Snowden does, only allowing verbal communication by USB devices
- ...not by Bluetooth because every android and iOS phone is a bt tracking device for other phones.
- provide users with safe charging cables (USB cables with the data wires removed) to reduce the attack surface, even though GOS has USB attack mitigation.
[deleted]
pixpot Since we are not allowing users to install any other apps this should not be an issue right?
Yes, but the Pre-installed apps need to work without Native code debugging.
pixpot Think of the product as strictly a secure communication device where users can send messages (and use voice in a future update).
Nice