Received request from a friend in Minneapolis.
I suggested FairPhone/Murena and they found this Cape.co. The finding a compatible wireless carrier and managing a VPN piece thru them off. They need an easy solution that gives them peace of mind, but they are not techy at all. “Being able to research and pick a carrier, phone and OS was overwhelming.”
This person is not nefarious, but they rightly believe the government is being nefarious in their town and they want to resist while being safe. The marketing from Cape hit the nail, but it’s marketing.
I’m not there to help, so looking for experienced condensed advice on the device.
I should add - this will be a daily driver and I’ve already advised to leave the device home for protests, etc. due to tower tracking. We’re at the next layer.
You must log in or # to comment.
I think you can only simplify things so much without making the entire thing pointless. As others have already said, install GrapheneOS yourself — it’s almost as easy as making an online purchase. And remember the phone is inherently a tracking device no matter what — especially if the cellular/radio stack is active.
I don’t think there’s any more shortcuts that can be taken if security and protection from surveillance are actually important.
Just buy a Pixel 9a for him and install GrapheneOS on it.
GrapheneOS is good and surprisingly simple to install.
You mentioned Graphene in the subject and then didn’t mention it again. Why not Graphene?
I would agree a used Pixel with Graphene OS would be the simplest solution.
Most secure option too. I’d never done any kind of custom OS on a phone before Graphene and the web installer made it super easy. Just make sure you have a cable meant for data in addition to charging. I didn’t realize most of the USB-C cables I owned were charging only until I tried to set it up, and I got extremely frustrated why I couldn’t get my computer to recognize anything for an embarrassing amount of time.
I guess this comes too late in your case, but you can tell the difference on the phone by checking if the notification “Charging this device via USB” pops up, which you can tap to enable USB data transfer.
I’ve learned a lot since starting my FOSS journey. 😉 Good advice for novices though.
What this person is describing is a recent ios device with lockdown on, biometrics off, adp on and an understanding that no us carrier can offer cell service with security or privacy from the us government because of the lawful intercept backdoor.
They need to change their behavior to include turning their phone off frequently and incorporate practice using their phones duress inputs. They need to recognize that the phone is always a tracking device and cannot function in the way they want without being a tracking device. Because of that last part, and because the metadata delivered to phones is now used to direct police action, they need to understand that phones can’t come with them to organizing or protest and they can’t communicate about those things using the phone no matter what app or encryption is employed.
It’s also important to recognize that if the people they’re around don’t take these same precautions then it may be best to simply stop associating with those people in that way. Some friends are a lot of fun at parties but can’t be trusted.
Once all that is handled then a nice cherry on top is mullvad. Easy to understand and handle for even the most tech averse.
People will say that they don’t trust iphones because they’re not open source, but every leak from cop and intelligence tech companies like celebrite indicates that they are incapable of compromising an up to date ios device especially in bfu (not unlocked after being powered on) state. These leaks could be dismissed as limited hang outs, but the fact that we also see action based on metadata from the lawful intercept backdoor instead of direct compromise of devices seems to corroborate it.
Tldr: switch to apple and go prodromal
Thanks for the feedback. For clarity, Cape is offering a GrapheneOS installed out of box to the user for a surcharge. This is what connected the title: https://www.cape.co/blog/cape-supports-grapheneos
I would never trust a phone with Graphene pre installed. I suppose you can check the hash on boot, but to be completely sure that you’re secure, you should install it yourself.
Also, the dude who started that company used to work for Palantir. Its not out of the realm of possibility that someone who worked for them saw how horrible they were and decided to fight against that, but they’re a new company and I would be extremely hesitant to trust someone with that track record until they’ve been heavily audited and proven themselves trustworthy.
