Language Selection

English French German Italian Portuguese Spanish

$629 Blackphone aims to hide you from the NSA

Filed under
Android
Linux

Like the idea of using a pocket-sized computer to make calls, send messages, surf the web, and smash birds into pigs… but don’t like the idea of government agencies snooping on your communications?

Read more ►

This promise of security

This promise of security smells of closed source and vendor lock-in ... I'm not in a hurry buy it (also, the price is quite unrealistic).

Trust

The backers of the phone have reputation that give them some trust (earned, not inherited).

I know, I have one of the

I know, I have one of the Geeksphone Firefox OS devices, but this is something else. Once they open source everything, _maybe_ then I'll change my opinion.

Fair point

Fair point. Either way, if they keep it proprietary they'll lose credibility.

A friend of mine wrote a bit

A friend of mine wrote a bit more on the subject:
https://manurevah.com/blah/en/blog/Monetising-Fear-Presents-the-Blackphone

SSL

Your friend's SSL cert is making it hard to access the site (the cert needs to be updated). There is now more coverage of the false promise of security, so you were right.

"This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States." -Important quote from the messenger himself

Android now has some nice Tor clients that Rianne and I are using, accessing this site via Russia, India, and so on. The server has good security, but it is located in the US and the Web side uses no SSL cert.

Self Signed SSL

Hi,

Just to add to Nux's comment, the SSL is fine. The issue you might be seeing is that it is signed by my own "CA".

You could avoid warnings by importing my Root CA, but that would mean I could produce and sign a certificate for google.com for example and your browser would trust it. This could worry some people as the average browser trusts over a 100 various organisations to behave and to be secure.

So as Nux said, there's nothing wrong with my SSL, there's something wrong with how SSL is implemented.

BTW, you can verify my SSL by using `dig`

dig manurevah.com TXT

Also, my website is available in cleartext as well: http://manurevah.com/blah/en/blog/Monetising-Fear-Presents-the-Blackphone

Cheers,

Useful to know perhaps

For some visitors that head towards the HTTPS version it might be hard to enter. It can be useful to know.

The SSL is just fine, feel

The SSL is just fine, feel free to inspect the cert. Smile

speaking of ssl

there is a https://tuxmachines.org
but it opens something else.

Host

I wasn't aware of it. Maybe we should just turn this site to SSL-enabled (at least as an option) for privacy?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

KDevelop 5.0.0 release

Almost two years after the release of KDevelop 4.7, we are happy to announce the immediate availability of KDevelop 5.0. KDevelop is an integrated development environment focusing on support of the C++, Python, PHP and JavaScript/QML programming languages. Many important changes and refactorings were done for version 5.0, ensuring that KDevelop remains maintainable and easy to extend and improve over the next years. Highlights include much improved new C/C++ language support, as well as polishing for Python, PHP and QML/JS. Read more

CoreOS 1068.10.0 Released with Many systemd Fixes, Still Using Linux Kernel 4.6

Today, August 23, 2016, the development team behind the CoreOS security-oriented GNU/Linux operating system have released the CoreOS 1068.10.0 stable update, along with new ISO images for all supported platforms. Read more

SUSE Linux and openSUSE Leap to Offer Better Support for ARM Systems Using EFI

The YaST development team at openSUSE and SUSE is reporting on the latest improvements that should be available in the upcoming openSUSE Leap 42.2 and SUSE Linux Enterprise 12 Service Pack 2 operating systems. Read more

Create modular server-side Java apps direct from mvn modules with diet4j instead of an app server

In the latest release, the diet4j module framework for Java has learned to run modular Java apps using the Apache jsvc daemon (best known from running Tomcat on many Linux distros). If org.example.mydaemon is your top Maven project, all you do is specify it as the root module for your jsvc invocation, and diet4j figures out the dependencies when jsvc starts. An example systemd.service file is available.