Doyle here :) I'm very proud of my military service!
Prior to Cape, I led the national security business at Palantir. That experience was actually the catalyst for Cape. It’s where I first learned about the massive array of vulnerabilities that exist in our current cellular networks. I saw how those gaps impacted not just government organizations, but everyday people, and I realized that the mobile phones we carry every day are perhaps the single largest risk to our privacy.
I needed that experience to understand the depth of the problem, but once I left to start Cape, that connection ended. Cape has no ties to Palantir. We aren't a subsidiary, we aren't a "front," and we don't share data with them. The only thing we took from Palantir was the desire to fix a broken system. If you want to see me and some of the rest of our founding team talk more about this topic, you can watch this video on our Instagram page here.
Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
We are a group of individuals who deeply value privacy. That mission carries across everything we do, from our work with the US government and allies, to everyday people, and everything in between.
We partner with non-profits to support victims of domestic abuse who are facing cyber-stalking and digital harassment. https://www.cape.co/break-free
We are a young company growing exponentially, and we don't plan on slowing down. We know we have to earn your trust every day. The truth is, no one else is building a high-quality, first-class solution to these specific cellular problems. We are committed to being the ones who do it right.
Someone doesn't need to work for Palantir or the military to understand that cellular security is fundamentally broken and completely insecure.
That is a lot of highly polished for the camera media you dropped into that post. The way that you word things, such as "Cape is not a honeypot." but don't delve any deeper, to start, gives someone less than zero confidence or trust in your words.
I have seen enough in the industry to say that your words are meaningless.
> Enjoy unlimited high-speed data; after 50GB, speeds may slow to 256 kbps.
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
Hi -- Head of Product at Cape. This is a good question. I will say up front there is no silver bullet for privacy on cellular networks given the way they were designed to interoperate. Our strategy is to offer many different protections that collectively make it harder for your activity to be tracked.
The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.
Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.
There’s a chance this catches on with some folks with blacklisted IMEI’s due to a quirk on AT&T MVNOs where service works for a few days before getting halted per IMSI.
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
>do look interesting IF they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit. Once that's factored in, most exploits you can think of are "on the other side of the airtight hatchway[1]". For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order. Or if you're worried about the phone triangulating itself, you should probably be more worried about your carrier getting hacked and/or selling your location data.
They built their own mobile core, does that help with resolving your "Big If"? I'm not a cellular guy, I don't know which pieces of the stack cover which attack vectors: I'm genuinely asking.
Do they own the enodeBs or the RAN? How many hops does it take to get to their core? Not sure how MVNO works maybe they have encrypted VLANs to their systems. Not a RAN guy.
Are there solid VoIP providers that aren't detected by 2FA SMS services? I can't use my Google Voice for a decent chunk of sign-ups because it is detected (and rejected) too easily. I hate getting spam, so I try to keep my primary phone number only for friends and family.
Objectively, it gets even worse in regions where Google voice isn't available. The only options seem to be online SMS portals where a relatively small set of numbers are shared across many users.
If anyone knows of a good, secure VoIP provider outside of the US I'd be keen to hear about it.
Use sms verification services that spammers use. They're implemented by using banks of sim cards placed in some apartment somewhere, so it's as "real" as it can get.
>Know Your Customer regulations require the company to … know the customer
Which KYC regulations exist for carriers? AFAIK you can walk into any store and get a SIM card. The most they ask for is maybe E911 which they don't check.
So it's an MVNO mostly on the AT&T network with extra privacy features? I think it still all then comes down to how you use your phone and how much you can trust the whole pipeline. I use Credo Mobile which doesn't seem totally different. https://www.credomobile.com/our-story
You might check out who the CEO is here and how he runs the company and then consider whether you'd trust them. And look at the infra providers they use. Not what I would call the most upstanding bunch.
Hey, John Doyle here (CEO of Cape). I'm happy to dig into how I run the company, or the infra providers we use. I actually think we're pretty upstanding! If there are questions I can answer that will put your fears to rest, let me know.
This probably doesn't cover what OP said, but after reading the CEO's intro post, I left a little more depressed. Make money off surveillance, and then make money off selling a privacy product.
> At Palantir, where I started in technical roles more than 10 years ago, I learned about a wide array of vulnerabilities in the cellular network that present a threat not only to mission-focused organizations in government, but also to everyday people. I came to see mobile phones — and the networks that power them — as perhaps the largest risks to our privacy and security.
> If you told Americans twenty years ago that corporations and governments would conspire to attach powerful tracking devices to nearly every adult worldwide, it would’ve sounded like science fiction. And yet, that’s not far from where we are today.
Unfortunate that it doesn’t seem to support Linux phones. Phreely or Purism’s AweSIM would be a better fit for anyone running a non-Android/non-iOS setup. Hopefully they add this in the future.
I use Cape every day on my iPhone. The service is excellent, and the security features haven't ever interfered with my use of the phone. They have a convenient mobile app for setting up extra features like the IMSI rotation and getting support. As a tech savvy user, it matches what I want.
I'm a target for a variety of things, and knowing that no one can SIM swap me is worth the subscription alone. The SS7 protections, encrypted voicemail, secondary numbers, IMSI rotation, etc are all a bonus.
I’m a skeptic. It’s only been a handful of years since Anom was backdoored by the Feds. The surveillance data provided by cell phones is simply too good to let someone work around it
This Anom comp comes up a lot. It's super hard to prove a negative, so no matter many how times I say "Cape is not a honeypot," the critics will just respond "that is exactly what a honeypot would say."
We're working on some ideas to address this with audits etc, but it will always be tough. However, if you like the idea, and like the features, then maybe it is worth your time to do the work and get comfortable with the company. Because we're the only ones providing some of these features, and we have a lot more in the hopper still to come. I hope we can win your trust at some point.
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
Do not fall for a word of this. If you've spent any time dealing with actual SIP providers (ie not the shit you'd hook an app up to, the ones debt collectors use), you'll know exactly how much you can trust them. Same difference
I have a conflict of interest here (I am an advisor to Cape, also a security expert, and my company has done security audits for Cape), you should absolutely look more deeply into what Cape has created. Their service is fundamentally different than other "security-focused cell providers" (mostly snake oil IMHO) because Cape wrote their own mobile core, nearly from scratch. They control the whole software stack and have done really innovative things with it.
Here are a few things you might want to look at more closely:
Look at who Doyle has worked for previously and what connections he has. Palantir and the military, to start.
Prior to Cape, I led the national security business at Palantir. That experience was actually the catalyst for Cape. It’s where I first learned about the massive array of vulnerabilities that exist in our current cellular networks. I saw how those gaps impacted not just government organizations, but everyday people, and I realized that the mobile phones we carry every day are perhaps the single largest risk to our privacy.
I needed that experience to understand the depth of the problem, but once I left to start Cape, that connection ended. Cape has no ties to Palantir. We aren't a subsidiary, we aren't a "front," and we don't share data with them. The only thing we took from Palantir was the desire to fix a broken system. If you want to see me and some of the rest of our founding team talk more about this topic, you can watch this video on our Instagram page here.
Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
We are a group of individuals who deeply value privacy. That mission carries across everything we do, from our work with the US government and allies, to everyday people, and everything in between.
We are incredibly proud to work with people who protect our country by ensuring they have secure, trusted communications wherever they are. https://www.bloomberg.com/news/articles/2024-04-18/us-navy-t...
We also work with the EFF to provide investigative journalists and activists with free Cape service so they can do their work safely. https://www.cape.co/journalists-and-activists
We partner with non-profits to support victims of domestic abuse who are facing cyber-stalking and digital harassment. https://www.cape.co/break-free
We are a young company growing exponentially, and we don't plan on slowing down. We know we have to earn your trust every day. The truth is, no one else is building a high-quality, first-class solution to these specific cellular problems. We are committed to being the ones who do it right.
That is a lot of highly polished for the camera media you dropped into that post. The way that you word things, such as "Cape is not a honeypot." but don't delve any deeper, to start, gives someone less than zero confidence or trust in your words.
I have seen enough in the industry to say that your words are meaningless.
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.
Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.
> Minimal Data Collection
> Identifier Rotation
> Secondary Numbers
> Disappearing Call Logs
> SIM Swap Protection
> Network Lock
> Encrypted Voicemail
> Private Payment
> Last-Mile Encrypted Texting
> Secure Global Roaming
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit. Once that's factored in, most exploits you can think of are "on the other side of the airtight hatchway[1]". For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order. Or if you're worried about the phone triangulating itself, you should probably be more worried about your carrier getting hacked and/or selling your location data.
[1] https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...
That just kicks the can down the road to "Why should we fully trust the IOMMU?"
Granted, it does defend against the vast majority of actors.
Also, the 50 foreign countries seems interesting.
If anyone knows of a good, secure VoIP provider outside of the US I'd be keen to hear about it.
https://cotsi.org/methodology
Which KYC regulations exist for carriers? AFAIK you can walk into any store and get a SIM card. The most they ask for is maybe E911 which they don't check.
> At Palantir, where I started in technical roles more than 10 years ago, I learned about a wide array of vulnerabilities in the cellular network that present a threat not only to mission-focused organizations in government, but also to everyday people. I came to see mobile phones — and the networks that power them — as perhaps the largest risks to our privacy and security.
> If you told Americans twenty years ago that corporations and governments would conspire to attach powerful tracking devices to nearly every adult worldwide, it would’ve sounded like science fiction. And yet, that’s not far from where we are today.
https://www.cape.co/blog/building-the-future-of-mobile-priva...
I'm a target for a variety of things, and knowing that no one can SIM swap me is worth the subscription alone. The SS7 protections, encrypted voicemail, secondary numbers, IMSI rotation, etc are all a bonus.
https://www.vice.com/en/article/anom-backdoor-fbi-years-of-a...
We're working on some ideas to address this with audits etc, but it will always be tough. However, if you like the idea, and like the features, then maybe it is worth your time to do the work and get comfortable with the company. Because we're the only ones providing some of these features, and we have a lot more in the hopper still to come. I hope we can win your trust at some point.
Like they're not gonna burn that kind of capability over tax evasion, state civil law violations, etc.
https://www.cape.co/blog/product-feature-secondary-numbers
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
How does this compare to silent.link?
1: https://www.phreeli.com
Here are a few things you might want to look at more closely:
Encrypted voicemail uses public key crypto: https://www.cape.co/blog/product-feature-encrypted-voicemail
How they use full control of the mobile core to detect SS7 signaling attacks https://www.cape.co/blog/product-feature-network-lock
Swapping SIMs is done via digital signatures, not customer support https://www.cape.co/blog/cape-product-feature-secure-authent...
They're the only provider that can rotate your IMSI, and do it continuously for you https://www.cape.co/blog/product-feature-identifier-rotation
They're also one of very few organizations doing original research on cell network security:
Collaborating with the EFF to release software for detecting cell site simulators (e.g, imsi catchers et al) https://www.cape.co/blog/how-eff-and-cape-collaborated-to-im...
Identifying novel weaknesses for physically tracking people on cell networks https://dl.acm.org/doi/pdf/10.1145/3636534.3690709