Mobile
3/5/2014
11:55 AM
50%
50%

FreedomPop Debuts Encrypted Snowden Phone

Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.

Mobile World Congress: 5 Hot Gadgets
Mobile World Congress: 5 Hot Gadgets
(Click image for larger view and slideshow.)

FreedomPop on Wednesday debuted a smartphone it says is the answer for users looking to hang up on would-be snoopers. The Privacy Phone, which FreedomPop has dubbed the "Snowden Phone," employs encryption to safeguard communications and a third-party browser to block tracking and circumvent the worst of the Web.

The Privacy Phone is actually a refurbished Samsung Galaxy S II (circa 2011) that runs Google's Android operating system (although FreedomPop didn't specify which version of Android). It costs a mere $189, with no contract required. As an MVNO that uses Sprint's network for calls and messaging, FreedomPop offers low-cost (sometimes even free) service.

Loaded with security software from Private Communications Corp., the Privacy Phone takes a two-pronged approach to shielding owners' privacy. First, the essential communications tools -- voice calls and text messages -- are encrypted. Rather than passing calls and messages over traditional voice networks, FreedomPop relies on Sprint's LTE data network and sends calls through the Internet using VoIP and its own VPN. In addition to the encryption, the phone makes contacts, call history, and text messages confidential, so if the device is lost no one can access that information. FreedomPop claims it can block unsolicited incoming calls and texts, and the company will allow owners to change their phone number as often as they want.

[iOS users have a new security option for messaging. Read Cryptocat Wins Apple Approval.]

Second, all apps and Internet data on the Privacy Phone are also sent through a secure, encrypted VPN for anonymous Web browsing. The software, from Private Communications, manages all the permissions for apps and locks them down while also giving owners the option to loosen some of those restrictions when necessary. FreedomPop claims this allows the Privacy Phone to protect users against online marketers tracking Web activity, to defend against data monitoring, and to bypass website restrictions so users can connect to any site online. The tools also protect against viruses, malware, spyware, and phishing.

"In light of recent violations in consumer's privacy across social networks and mobile devices, privacy is becoming increasingly important to many Americans, and we all have a right to communicate anonymously," said FreedomPop COO Steven Sesar in a statement. "Large carriers don't have the flexibility, desire, or creativity to invest in privacy. We don't agree with this approach and felt it was up to us to create a truly private mobile phone service at an affordable price."

The phone is being sold at a rock-bottom price, and FreedomPop is offering early adopters three months of free service. The monthly plan includes unlimited voice and messaging as well as 500 MB of data. After the trial period ends, the monthly cost will go up to just $10. To further the appeal of its anonymous nature, FreedomPop is accepting payments in Bitcoin.

FreedomPop's effort follows closely on the heels of two other security-minded devices released in recent weeks. GeeksPhone fully revealed the Blackphone last month. The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier- and vendor-independent. Geeksphone says it gives consumers and businesses control over their privacy. For example, the Blackphone, which uses security software from Silent Circle, can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Boeing also introduced a secure smartphone last month. Called the Boeing Black, the device will self-destruct if tampered with.

The devices come in the wake of Edward Snowden's revelations about the NSA and its mass data collection schemes, including details of voice calls made from cell phones. Surely some people value their privacy enough to plunk down cash for these secure smartphones. The tradeoffs, however, are unclear. Do all Android apps work on these phones, or do the security elements prevent many of them from functioning properly? Further, it's not clear how they might fit with individual business' security strategies and mobile device management tools.

Bottom line: Be sure to ask some hard questions before you pick up one of these secure smartphones.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HelenD630
50%
50%
HelenD630,
User Rank: Apprentice
11/21/2014 | 10:21:13 PM
best vpn services
With all that's happening in the world, we really need to protect our privacy. VPN is really important. However, be very careful in choosing the right VPN as there are VPNs that claim they don't log your information but the truth is they do. The key is to look for the best vpn services in the market today. 
anon2533164292
50%
50%
anon2533164292,
User Rank: Apprentice
5/26/2014 | 6:35:31 AM
Re: Testing or Certification?
Its one of best service to secure your data and privacy. Alwayas use best vpn services
shaunstevin
50%
50%
shaunstevin,
User Rank: Apprentice
3/6/2014 | 8:37:30 AM
Re: Testing or Certification?
we can protect our identities, data and remain private by using a PureVPN service. A Virtual Private Network is a network technology that creates a secure network connection over a public network such as the Internet.

http://www.purevpn.com/blog/kevin-mitnick-gives-solution-for-nsa-spying/
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/6/2014 | 4:43:07 AM
Re: Testing or Certification?
Silent Circle and Geeksphone recently launched a Blackphone for providing encryption services that was a hug impact in the communications security industry specially on NSA. If you're privacy and security focused like me, you have got to have this.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
3/5/2014 | 4:46:03 PM
Testing or Certification?
The problem all these encryption technologies face is that there's no way for the average user to be certain that they're truly secure. The NSA has made it impossible to trust even accepted encryption protocols. And even if the technology turns out to be sound, there are so many other ways security can be compromised (e.g. a listening device in a room) that it hardly seems worth it to try to keep electronic data secret. A determined government-funded adversary will defeat whatever off-the-shelf solution you come up with.
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: good one 
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2001-1594
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

CVE-2002-2445
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CVE-2002-2446
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

CVE-2003-1603
Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

CVE-2004-2777
Published: 2015-08-04
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002...

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!