Mobile
3/5/2014
11:55 AM
50%
50%

FreedomPop Debuts Encrypted Snowden Phone

Prepaid phone carrier promises secure messaging, anonymous browsing to security-minded customers.

Mobile World Congress: 5 Hot Gadgets
Mobile World Congress: 5 Hot Gadgets
(Click image for larger view and slideshow.)

FreedomPop on Wednesday debuted a smartphone it says is the answer for users looking to hang up on would-be snoopers. The Privacy Phone, which FreedomPop has dubbed the "Snowden Phone," employs encryption to safeguard communications and a third-party browser to block tracking and circumvent the worst of the Web.

The Privacy Phone is actually a refurbished Samsung Galaxy S II (circa 2011) that runs Google's Android operating system (although FreedomPop didn't specify which version of Android). It costs a mere $189, with no contract required. As an MVNO that uses Sprint's network for calls and messaging, FreedomPop offers low-cost (sometimes even free) service.

Loaded with security software from Private Communications Corp., the Privacy Phone takes a two-pronged approach to shielding owners' privacy. First, the essential communications tools -- voice calls and text messages -- are encrypted. Rather than passing calls and messages over traditional voice networks, FreedomPop relies on Sprint's LTE data network and sends calls through the Internet using VoIP and its own VPN. In addition to the encryption, the phone makes contacts, call history, and text messages confidential, so if the device is lost no one can access that information. FreedomPop claims it can block unsolicited incoming calls and texts, and the company will allow owners to change their phone number as often as they want.

[iOS users have a new security option for messaging. Read Cryptocat Wins Apple Approval.]

Second, all apps and Internet data on the Privacy Phone are also sent through a secure, encrypted VPN for anonymous Web browsing. The software, from Private Communications, manages all the permissions for apps and locks them down while also giving owners the option to loosen some of those restrictions when necessary. FreedomPop claims this allows the Privacy Phone to protect users against online marketers tracking Web activity, to defend against data monitoring, and to bypass website restrictions so users can connect to any site online. The tools also protect against viruses, malware, spyware, and phishing.

"In light of recent violations in consumer's privacy across social networks and mobile devices, privacy is becoming increasingly important to many Americans, and we all have a right to communicate anonymously," said FreedomPop COO Steven Sesar in a statement. "Large carriers don't have the flexibility, desire, or creativity to invest in privacy. We don't agree with this approach and felt it was up to us to create a truly private mobile phone service at an affordable price."

The phone is being sold at a rock-bottom price, and FreedomPop is offering early adopters three months of free service. The monthly plan includes unlimited voice and messaging as well as 500 MB of data. After the trial period ends, the monthly cost will go up to just $10. To further the appeal of its anonymous nature, FreedomPop is accepting payments in Bitcoin.

FreedomPop's effort follows closely on the heels of two other security-minded devices released in recent weeks. GeeksPhone fully revealed the Blackphone last month. The Blackphone runs a modified version of Google's Android platform called PrivatOS and is carrier- and vendor-independent. Geeksphone says it gives consumers and businesses control over their privacy. For example, the Blackphone, which uses security software from Silent Circle, can make and receive secure phone calls, exchange secure texts, transfer and store files, and video chat without compromising user privacy. Boeing also introduced a secure smartphone last month. Called the Boeing Black, the device will self-destruct if tampered with.

The devices come in the wake of Edward Snowden's revelations about the NSA and its mass data collection schemes, including details of voice calls made from cell phones. Surely some people value their privacy enough to plunk down cash for these secure smartphones. The tradeoffs, however, are unclear. Do all Android apps work on these phones, or do the security elements prevent many of them from functioning properly? Further, it's not clear how they might fit with individual business' security strategies and mobile device management tools.

Bottom line: Be sure to ask some hard questions before you pick up one of these secure smartphones.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HelenD630
50%
50%
HelenD630,
User Rank: Apprentice
11/21/2014 | 10:21:13 PM
best vpn services
With all that's happening in the world, we really need to protect our privacy. VPN is really important. However, be very careful in choosing the right VPN as there are VPNs that claim they don't log your information but the truth is they do. The key is to look for the best vpn services in the market today. 
anon2533164292
50%
50%
anon2533164292,
User Rank: Apprentice
5/26/2014 | 6:35:31 AM
Re: Testing or Certification?
Its one of best service to secure your data and privacy. Alwayas use best vpn services
shaunstevin
50%
50%
shaunstevin,
User Rank: Apprentice
3/6/2014 | 8:37:30 AM
Re: Testing or Certification?
we can protect our identities, data and remain private by using a PureVPN service. A Virtual Private Network is a network technology that creates a secure network connection over a public network such as the Internet.

http://www.purevpn.com/blog/kevin-mitnick-gives-solution-for-nsa-spying/
micjustin33
50%
50%
micjustin33,
User Rank: Apprentice
3/6/2014 | 4:43:07 AM
Re: Testing or Certification?
Silent Circle and Geeksphone recently launched a Blackphone for providing encryption services that was a hug impact in the communications security industry specially on NSA. If you're privacy and security focused like me, you have got to have this.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
3/5/2014 | 4:46:03 PM
Testing or Certification?
The problem all these encryption technologies face is that there's no way for the average user to be certain that they're truly secure. The NSA has made it impossible to trust even accepted encryption protocols. And even if the technology turns out to be sound, there are so many other ways security can be compromised (e.g. a listening device in a room) that it hardly seems worth it to try to keep electronic data secret. A determined government-funded adversary will defeat whatever off-the-shelf solution you come up with.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.