"Is any SMS/phone call coming out of your personal number something you should consider private from the government? Probably not."

Well your phone calls themselves -- the actual conversation -- shouldn't be accessible without a warrant for a wire tap, that's pretty longstanding precedent in the U.S. Cell phone location information is also protected by a warrant (Carpenter v. U.S.), but pen registers (logs of who you call) do not require a warrant (Smith v. Maryland). I'm not sure if governments are prevented from purchasing data from carriers, just as any data broker could do. Additionally, who knows if governments are secretly collecting phone call and cell phone data and storing it, but only accessing it once they have a warrant. It's impossible to know what's fully happening on the back end between big telco companies and the gov't.

Either way, at the end of the day, whether you have Cape or some other service, if you're at the level of the government getting a warrant for your data any legitimate company is going to comply. That's why the best thing is to have a company that can only turn over limited amounts of data because that's all they have.

The sheer volume of communication data is far too large to monitor everything.

By people, sure. Run it through a magical analytical algorithm that flags stuff for people to look? Or if that's still too much everywhere, they could focus it on a certain area's towers and process that data. Will it catch everything or not generate false positives? No, it's not perfect, but I could see it helping them and being done.

I doubt an agency like this would just hoard the info and not proactively use.

I saw this video on YouTube with a rep from the company and while there were some positive things put forward, the biggest red flag to me was when he wouldn't disclose what networks they partner with. They are a virtual network so they don't own the cell towers, and that means they're running off someone else's. Why can't you say who? Other virtual carriers have no problem saying that they run on Verizon or T-Mobile.

interview for Cape starts at about 30 minutes in. Ironically, the podcast is called "Snake Oilers" and it's a paid-promotion thing, sooooo take this with a grain of salt.

The feds have already pulled a similar stunt with another manufacturer+software combo. (en.m.wikipedia.org/wiki/Operat…)

The only thing that makes this smell legit is the fact that it is a provider and probably only eSIMs. But even then, this is not very good opsec to be deliberately using a marketed product that will likely have an identifier for their cell traffic. Graphene works as well as it does because it runs of pre-existing hardware to be more inconspicuous.

international police sting operation between 2018 and 2021

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

That's always the concern with privacy-focused services, especially if they're not open source or audited.

But if we think about the practical application -- who needs a honeypot for cell phone services? Carriers already collect so much data (location, telemetry, payment, government-issued ID, etc) and sell it willingly to whoever wants to buy. How could Cape be any worse? lol. If they adhere to any of their stated policies it seems like a plus, no?

Additionally, at least to me, Cape is not marketing the way the Anom phone did, where it trying to gain adopting by nefarious users. That's my take - I'm not advocating for Cape since I don't really know much about them, but I'm trying to put things in context.

The way anti-fingerprinting techniques work is by making you as much of a background digital character as possible. A privacy conscious user spoofing location and network traffic data on AT&T, Verizon, or T-Mobile is going to be far less likely to be singled out compared to customers on some bespoke cell network.

You should try to fake your traffic on a standard phone network (Using something like GrapheneOS with more granular control) to simply appear like another faceless data point rather than a "paranoid privacy user who bought this subscription for the privacy people", because that traffic will raise eyebrows much quicker.

Something can't be both "100%" and vibes based lol

Unless you mean "I am 100% basing the following opinion on vibes".

You need evidence. Please don't respond with more vibes.

Because they literally operated it as a honeypot and gave police full access to chats while advertising to criminals that it was safe.

EncroChat first came to the attention of the media when it was revealed that high-profile criminals Mark Fellows and Steven Boyle had been using the encrypted devices to communicate during the May 2018 gangland murder of John Kinsella in Rainhill, England.[16][9][17] The service resurfaced in the media during the summer of 2020 after law enforcement agencies announced that they had infiltrated the encrypted network and investigative journalist Joseph Cox, who had been reviewing EncroChat for months, published an exposé in Vice Motherboard

magazine focused on international arts and culture

^{Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)}

That's even worse then because they didn't even have a secure network from start. Be it willful ignorance or intentional assistance, its still a honeypot. This was a huge "I told you so" by a lot of the dark net community when it happened, a lot of people called it WAY ahead of time.

Encrochat isn't the only example, so i may have conflated it with one of these other Honeypot operations: ANOM, Phantom Secure , Ghost , SkyECC

You might be able to see a pattern here. People who actually want security and anonymity know that you can't trust those things over to a corporation or a bunch of tech broligarchs, they will either betray you intentionally or due to their incompetence.

I guess we have different definitions of what a honeypot is then. I dont think it has to start as a honeypot to qualify as one once law enforcement is involved.

There are countless examples of this kind of infiltration on other services. you can call it something else but either way i think youd have to be a fool to trust an operation like that to be in any way secure from monitoring by law enforcement.

Maybe, I couldn't say if it's a premium for privacy, marketing, or what.

As for turning over data without a warrant, I don't have a problem with companies complying with lawful orders, as Proton does. I don't think there's any evidence to support the notion that Proton complies with non-legal or mere requests from LE. Correct me if I'm wrong.

I don't have an issue with telcos complying with lawful warrants, which is what Lawful Interception requires. but if your telco can only turn over limited amounts of data because that's all it has access to, then that's a plus.

Separately, do you have a source that telcos are unaware when LE is wiretapping? LE would likely need the assistance of the telco to do so and the telco should require the warrant.

Hard to say either way since my reasoning is just speculative. I would want to get some more insight from someone in Asia. If this is the case, and this is indeed a trend, big tech often caters to Asia first.
I mean that's not even considering that having over 40% of machines not switched over by EoL is pretty massive. Very reminiscent of XP.

It's certainly possible they will re-evaluate a lot of their stances that lead to this point.

Not from Mastodon, but from looking at the map for September:

Here's a link to the rest of the map
You'll have to mouse over the different countries here, but regardless of whatever the heck is happening in Singapore, windows 7 is still sitting between 15-5% in other countries across Asia. and 10 is still nowhere near the "safe" levels for EoL coming up.