I’m sure there’s valid reasons… And I can’t speak on behalf of Nick Merrill here (though, I’ll take the liberty to forward your views to him; but if I were to guess, he won’t be bothered)… from the correspondence I’ve had with Calyx when Nick was running the place, nothing gave me the impression that Nick is a fraud.
Some here have been bothered by claims made by VPN providers recommended by PG or when said providers don’t meet the minimum criteria (very recent example), and yet no corrections / comments from the “team”, that can veto whatever it pleases, are forthcoming (a “soft” veto); why? ↩︎
IMO there is no valid reason to say something like “stay connected coast to coast, without tracking” on their homepage, when the service does not protect against cell tower tracking (obviously what is implied here), nor does it (to my knowledge) protect against T-Mobile monitoring your network traffic.
The only privacy you are getting is from Phreeli themselves, which hardly qualifies as a value add at all, especially for $20-$40/month more than competitors with no unlimited data plan?
If Merrill is going to improve Phreeli’s privacy protections in the future, then good for him, but it’s crazy to buy (or sell) a service based on future promises.
Those are all definitely good points, and I agree. Personally, I am still in consideration of at least trying it out as the concepts of it and privacy-focused carriers in general are still somewhat compelling to me. However, I do acknowledge your perspective and critiques, as I see where you are coming from in this regard. I am hoping that Nicholas Merrill will potentially settle for an interview with someone like Rossman or FUTO (or perhaps Techlore?) to talk about his newly founded company and further clarify/explain answers to the questions and concerns that you and others in the community have raised about his new endeavours. For instance, one thing I personally would like to know was what drove him to leave the Calyx Institute completely just to make a completely new startup instead of just creating a carrier service under the Calyx name, whether it was due to an internal dispute or something else. Nonetheless, I am also still curious on Phreeli because compared to Cape, I would rather trust someone with his reputation (although it could be correct that he is monetizing it), than someone who may still have potential ties to the State and intelligence community as far as a privacy-oriented carrier goes, and the Phreeli plans are cheaper than Cape’s single one at basically $100/month.
If all else fails, then like Anvil previously has said, I’ll just throw in the towel, grab a Mint or US Mobile SIM, and use that with VoIP for calls and a E2EE messenger for texts (may still do that regardless).
Alternatively if you’re planning to use VoIP for calls/texts anyway, save some money by checking out some of the data-only esim options mentioned in this thread: Mobile Internet Options
Over the top, okay; but … Phreeli claims, if one purchases their eSIM (with Monero or Zcash), the only personal information needed is the zip code.
Well, IMEI is tied to a physical device which Phreeli isn’t selling? I mean, it isn’t Tor’s fault if a website fingerprints you with how your GPU renders stuff. We’d instead ask folks to use Tails or Whonix etc.
That said, I do get your point that there’s more than one static identity attached to the phone (including ICCID) and so you wonder what is the point of Phreeli anyway … This is the same question skeptics ask of public VPNs when all they do is hide just one of the many static identifiers (the IP address). PG sees values in them, anyway, no?
The benefit from what I can tell is, if you purchase Phreeli’s eSIM, there’s as little information as possible to tie IMSI / IMEI / MSISDN to a name. Even if you did divulge personal information, they will attempt to ensure cryptographically (in the future apparently) that their user service (enrollment & auth) is unlikable to their phone service (usage & accounting).
Cape has just started to use daily IMSI number rotation for my Pixel 8a Graphene phone. Also, Cape prevents Sim Swaps with a 24 word master phrase that Cape does not have access to. As Cape has their own tower software it’s my understanding the tower operators have no idea who they would be tracking. Would love for Privacy Guides to do a review of this service as not sure whether to switch to a service such as Phreeli.
Have they published any papers? If so, will you link to it? From their summary of their own privacy policy:
We may disclose your personal information in the following ways:
(i) with our service providers, to help us operate the website or our cell phone service, for instance by sharing information like your IP address with web hosting companies or sharing necessary information, like your phone number, with our network partners who help us connect you to subscribers of other carriers,
(ii) to protect the safety, property, or rights of our company or of any third party (for instance, law enforcement authorities if we witness harmful behavior on our website or our cell phone service,
(iii) to prevent or stop any illegal, unethical or legally actionable activity (for instance, if we notice deceptive, fraudulent or illegal activity),
(iv) to comply with our legal obligations, such as responding to legal or regulatory inquiries
Subscriber SIM number (IMSI)
…
Cape and our network service providers who help us connect you to subscribers of other networks … Required to ensure connectivity across networks and billing reconciliation … If you are no longer a subscriber of Cape, we will not retain records of your phone number’s activity longer than 60 days (see CDRs)
Device number (IMEI)
…
When your phone connects to the network … Cape and our network service providers who help us connect you to subscribers of other networks … Our partners may capture this information to screen for stolen devices and fraud … 60 days (see Call Detail Records)
Not all too different than Phreeli (except Phreeli has the “Double Privacy Pass” going for them to whatever extent, which Cape doesn’t).
To be clear, the only thing Cape potentially has going for them is Cape Obscura which is not available for purchase yet. There’s some details here though:
There is no reason to purchase Cape’s regular plans, they’re no better than Phreeli and they’re run by arguably less trustworthy people.
Excuse my excessive hyperbole lol. I’m really moreso asking why Cape leadership is untrusted, I’m only tangentially aware of the company but have no knowledge of any wrongdoing
I’m under the impression the current head of Phreeli departed CalyxOS without notice or an orderly transition plan, taking the signing keys for security updates, effectively stonewalling the project’s ability to push updates & leaving all users with insecure devices. That is, to me, an egregious offense that breaks any trust in this team’s current privacy-focused tech efforts
I think that’s pretty well documented, can go look for links if you’re genuinely curious. But again, I’m more interested in Cape here, and why they’d be considered less trustworthy than a leadership team I think should be widely regarded as very untrustworthy
