N1b I'm happy you came here and as you can see, many people are willing to help and give advice. It would be awesome if your company has a successful launch and will be providing way more devices than 300 per year, and I hope you can make it happen (both the sales and the service including updates).
Thank you. I appreciate that!
Here are some points that might be a road block for your business model and need addressing:
Yes. Good points, ill comment on them one by one
You mentioned that you will use virtual numbers to register signal accounts, but VOIP numbers won't usually work since Signal doesn't send the initial short codes to VOIP numbers. You could solve this with real cellular numbers. A good source to get them for cheap is smspool.net and you should set up signal with registration lock turned on so nobody could use the number later to take over the account.
Yes. We can get cheap numbers from a couple of services, like for example smspool that you mentioned. We will use registration lock when we prepare Signal.
you expect a lot of trust from your users, it would be helpful to have a clear explanation of what you do and how you do it on your website and not claim to provide "anonymity" like it's something the user just gets by using your device. You will have to educate your user to some extent, otherwise trust is hard to build or quickly lost when a user gets caught because he thought telling people on signal his private information was no problem because he uses the Anonymity phone.
Absolutely. Some education is necessary. However, giving your private information to somebody in a message on Signal is fine if you know and trust that person.
Since Signal requires a phone number that is visible to all the people you write to, one of them will inevitably save you in their contact list with your name, the Signal number and some other identifiers and then share this data with Facebook, Google and whoever else asks for contact permission. Anonymity will be quickly gone by then, and you can't prevent it from happening except you educate your clients to only share the Signal number with a few people who know not to save them in their contact list.
Thats not a problem. Since the phone number used to activate Signal is desposed of directly after activation. When we insert a new anonymous sim card, Signal doesnt care. Its activated with the original disposable number and will never know of the number on your current sim card. So even if a user shares your Signal ID (the original number) that number is no longer in use and its in no way connected to your phone.
Not sure about this one, but since we elaborated already that you will likely install your GOS fork on a Pixel 6a or 7a phone, you might not be able to disconnect some of the hardware like Bluetooth or GPS.
We are looking for a few things in the hardware and our choice will be made my consider multiple aspects:
- Price of the device
- End of life for security updates
- Hardware features
Do you mean that the GPS and Bluetooth cant be physically disconnected on a Pixel 6 or later Pixel phone?
That being said, I wonder why you go through all that hassle if GOS already provides so much of what you need. If I were you, I'd simply ship a Pixel 6a with GOS pre-installed and set up (VPN, Auto-Updates, most apps disabled etc.), Signal installed from website with self-updater and maybe a simple FOSS launcher where you can hide the settings app.
Thats an interesting idea. Are there security focused launcher that allow you to disable apps and settings and not allowing the user to install the laucher och change its settings without a arbitrary password that we can set? That would potentialy be a strategy we could investigate.
The rest would be education and customer service / helpdesk which you need to do anyway. Your business would provide an out of box hardware solution, quick education and great customer support. Your target customer would be someone with money but no time that requests mobile security and privacy (and sometimes barebone anonymity). You could charge him every 3-5 years 1.000€ for the phone (or heck make it a Pixel 8 pro or Pixel Fold and charge him 2.500€) and an ongoing support fee.
Thats an idea we've considered but our target customers need affordable, cheap phone (at least in our initial faze).
Your own solution demands so much more work for the little benefit of not having some software buttons present that a user could accidentally touch, but that's mostly an educational problem...
Yes. And one our mission statements are to minimize the need for user education.
Also, and thats one of the main reasons I came here looking for advice: how much work would it be to fork GOS, remove a few features/settings and still keep up with the upstream branch and security updates?
Thanks again for your time.