The Dark Mail Alliance has sent out their first email, and sadly it's borderline marketing spam.
The Dark Mail Alliance is basically Silent Cirlce and Lavabit teaming up to work on new things such as email with end-to-end encryption. They welcome the like minded to join them by "signing up", until today there's been no news from them.
Their email was sent using MailChimp's service, that means that all the remote images I load and links I click are traceable back to me. The email promotes their new phone and their new website that promotes the phone which requests the user to load 3rd party content including from Google and Visistat.com. The irony is hurting.
The Blackphone, the product they are selling, is a combination of a phone, an operating system and some programs ("apps"). The operating system is an Android fork (like Replicant or CyanogenMod are too) except that the source code is not Free or Open Source, it's "based on open source". The "apps" provide various end-to-end encryption services, buying the phone gives you a 2 year subscription to these. In other words, don't trust Google, trust Blackphone.
I am quite unconvinced by this phone, to me this borderline decreases the respect I have for the "Dark Mail Alliance" thing, considering what Ladar Levison wrote on Lavabit's website:
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
I would remove the part about the United States, privacy is not an anti-American thing. Everyone that can is doing it, companies, governments, even organisations, each for their own reasons. If it's so easy to implement it will be done, the way most of us have been using the Internet is what we should be anti.
When people hand over their data to centralised systems, those systems become the target, the fewer the systems there are the easier and more tempting spying becomes. It is the user that should be the only one to control their own data.
PlacebOS - PrivatOS on the Blackphone feels more like a placebo
About the phone itself, there's nothing about the hardware, at least not enough, and we know one of the biggest issues is the baseband chip accessing OS resources (CPU/RAM maybe more ?) without the OS even knowing about it. This is like having your ISP provided modem directly hooked up to your personal computer's motherboard. We don't need new apps, we need a properly designed platform, a computer with a modem that are separate. We need more openness and clarity in regards to this.
It is quite unclear to me what advantage to any kind of privacy this phone provides, maybe just privacy against default settings ? In the meantime, I can't help but feel like this device is at best a placebo phone, at worst, and with a bit of imagination anything is possible. Until then, the reality is that this is just a phone with stripped down settings and default apps and a marketing campaign that feeds on anti-NSA paranoia.