I also do not like how they appear to my eyes to be working with https://mvnoc.ai/ but they do not mention this in their privacy policy, and imply they are working directly with T-Mobile and that T-Mobile’s privacy policy is the only one which applies here.
5 Likes
Yeah, I was wondering about this. I’m not familiar with phone plans since I don’t use phones, but does this mean something like anything before X GB has fast speeds, but anything after is capped at a lower speed? If so I wonder what it is capped at.
There would certainly be less digital footprints though right? compared the usual sign up process of other phone companies?
Yeah, this itself may be a reason for some to consider it.
As for others pointing out the problems. Sure.. I get it. But given the nature of the product/service, is there a better way this could have been done while keeping the costs in the realm of not laughably high?
@jonah Those are both nice finds. Thank you.
The Calyx unlimited SIM has a soft cap where it may throttle after 200GB.
The Phrelli 40GB/unlimited SIM has a hard cap where it throttles after 40GB.
There are none imo and it is a worse value.
I would probably just not do something instead of doing something improperly, personally.
1 Like
No PII needed to sign up and use this service is a worse value than the alternatives? How do you rationalize this?
I guess that’s where the debate is. Is it really improper enough to discount this service fully? I don’t know.
Crazy expensive. It reminds me of PGPP.
I really hate to be put in this position where I have to be a downer about new companies which at the very least promote the idea that privacy is good to more people, but I would think of this in terms of:
-
What else could you do to improve your privacy with the $$$ difference between a regular carrier and this?
-
What else could Nick from Calyx have done with the money used to start Phreeli, if he wasn’t just seemingly infatuated with the concept of cellular connectivity? (Calyx hotspot was confusing to me from a privacy perspective as well)
And IMO the answer to both of these questions is: quite a lot actually 
6 Likes
The CEO has ties to Palantir. I wouldn’t trust them for a second.
1 Like
So your view is of the opportunity cost.
I don’t think you have invalid points but I don’t think I do either. It’s still a good option for the average Joe wanting more privacy and who can afford it to use this while still do the other things to better their OPSEC.
A few ways to think about this for sure.
Okay, now I’m reading the white paper, and what in the world?
4. An Implementation Version for the Launch
For the initial launch of Phreeli, the determination was made to implement a simpler version of the full solution, namely privacy pass with user commitments instead of double privacy pass with user commitments. In this simpler version, an adapted privacy pass protocol with user commitments is run between the user service and the mixing service. The second run of privacy pass protocol between the mixing service and phone service is eliminated. An acceptable level of security and privacy is still achieved through this simpler version, because of the following reasons: (1) the first run of adapted privacy pass protocol between user service and mixing service (2) trust assumptions on the mixing service that maintains a mapping of Commit(iduser) and idphone (3) communication of the client or the user service with the phone service through the mixing service.
Are you telling me they designed “Double Blind Armadillo” and use “Double Blind Armadillo” in their marketing and at the very end of the text they reveal Phreeli is not double blind?
It’s certainly not “Double Privacy Pass” like the rest of the paper describes, at the very least. I don’t know if “Double Blind” has some specific meaning that might still apply to the implemented version?
1 Like
There’s a premium that is 2x my current MNVO. I cannot speak to how much of MNVO’s costs are typically subsidized w/ marketing/advertising/tracking to know what is acceptable here, but it is a steep ask.
With that said, there is something to be said about Merrill’s journey/dedication to the cause that is unrivaled among most. Half the board are still on Windows while Merrill was the first person to stand up to a Patriot Act gag order.
It might not be right for me in its current iteration, but as he is someone who literally risked their freedom for the principles that this board believes in, I find the complete rejection of the carrier somewhat surprising/flippant. I am willing to keep an eye on the project to see how it grows over time and give the project room to evolve w/o instantly cutting it off at the knees.
I believe it’s because most of this forum values evaluating products as they are instead of by who they’re made by.
Nicholas Merrill is a pioneer in privacy rights in the US through his lawsuit, yes, and the impact it had on government exploitation shouldn’t be dismissed. But beyond that we should examine what he has actually done to advance privacy.
He strikes me as a guy who deeply interested in mobile devices/networking, and the technology behind the internet. And at Calyx he did a lot of cool stuff, from being an ISP for people of New York and later the whole US who may have few other internet options, to creating CalyxOS which extends the lifetime of phones and promotes the FOSS ecosystem far more than alternatives.
But just supporting people doing cool things isn’t the goal here. Calyx hotspots aren’t doing anything novel in terms of technical privacy, and if CalyxOS were truly privacy and security first they would have actually engaged with critical reviews of their work and improved the product long ago, instead of ghosting the community and isolating themselves. The fact that still nobody knows what’s going on over there is telling.
The truth is that I think Calyx has always had other goals than solely privacy/security, and the privacy angle of Calyx and now Phreeli seems to me that it’s more to do with connecting these brands to his lawsuit’s reputation than their sole core value. Which is perfectly fine, to value cool FOSS tech and stuff as much or more than privacy/security. They fight for important issues, but as a result we do see the issue of privacy or security take a backseat on occasion.
So while I respect the guy and personally share a lot of his same interests, I just don’t see him (or Calyx tbh) as an authority on privacy and security, and even if I did I don’t think an “appeal to authority” is a good argument anyways.
The fact is that I see Phreeli as flat-out misleading consumers at the moment, and even if I certainly can imagine some theoretical legitimate use cases for the service, that doesn’t outweigh the poor marketing, and I just don’t think the fact that legitimate use-cases exist or his history in the space should give this company a pass here.
I don’t want to evaluate Phreeli entirely in a vacuum and not recognize his past work, but I don’t think his past work makes Phreeli deserving of the massive benefit of the doubt I’d have to be giving them right now 
TL;DR if Phreeli had just come out and said “hey here’s a new way to get a number without KYC” then they would have been well received by everyone. Unfortunately, they decided to heavily lean into an angle presenting them as thwarting surveillance and tracking, which is dangerous for them to be doing.
8 Likes
Does this imply they do not have access to the billing details you need to use with a KYC payment method for the service?
Is this a setup you run yourself? Do you happen to use a SIP client to manage phone calls? If this is on GrapheneOS how do you ensure you can receive calls AFU if you are also making use of the auto reboot feature?
1 Like
There are already loads of data only esim providers out there that require no PII and charge reasonable prices, and there are VOIP providers that do the same. What they’re offering simply isn’t new.
1 Like
I’ve read it thrice and I am unsure what it is even they are disclosing in that paper. It is scant on technical details.
In the IETF’s version of Privacy Pass, a single entity being the Attester (payments provider, probably in this case), the Issuer (the mixer service, I imagine), & the Origin (the phone service, I guess) means the main possible way to retain its unlinkability guarantees (Issuer-Client, Origin-Client, and Attester-Origin unlinkability) is for the Client (the user, I take) to be virtually anonymous on their own.
And so, they’ve had to go “double blind” / “double Privacy Pass”… but how it technically has been architected is far from clear. And the fact that they haven’t actually done so probably means the use of “Privacy Pass” here is just a marketing thing (not new), at least for now.
3 Likes
This is news to me. I read the other article when it was first posted, but I did not know that @louis_rossmann was involved in it, let alone as a board member.
I just checked this service out. The pricing is definitely on the higher side for sure, but it definitely does look interesting. Since I know that Nicholas Merril is the guy behind this and is a very big name in the privacy world for fighting the PATRIOT act and starting Calyx, I don’t see a huge reason not to trust him on this.
1 Like