Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
Comcast I think is the best? Haven't checked in a while but their mobile plan I think soft caps to 1Mbps.
I'd be interested to see how they are hardening the IMS (IP Multimedia Subsystem) and VoLTE/VoWifi stack. SIP signaling and RTP streams for voice are often unencrypted internally.
If Cape is applying their 'Network Lock' logic to the IMS layer, they could potentially mitigate SIP-level spoofing and voice interception that occurs at the interconnect. Their 'Encrypted Voicemail' (using asymmetric keys on the device) is a strong signal that they understand the 'Last Mile' problem.
Also even if SEPPs are not really a thing, i'd be curious to know if they've started looking at this.
In the small world of telco security (disclaimer i work for P1Security), they are definitely working in the right direction. Any international ambition, particularly in EU, will be a tough sell though....
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.
Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.
It’s interesting that Apple is going down a similar path with hardware filtering location retrieval commands and neighborhood-level blurring on their C1 modems. Really awesome work from that team by making sure they’ve considered privacy as a first party feature for that chip.
How do you guys view the relative value of privacy/security at the network provider layer of the cell stack for the average user/citzen?
Even if Cape doesn’t retain metadata yourselves (eg LTE positioning info), is that data not still retained and repackaged by the tower owners themselves? Eg babel street, venntel, etc. A rotating IMEI every 24 hours might make it marginally more difficult for logical tracking, but there’s still only physically one location the phone can be in without fuzzing at the hardware level.
I should also say - I’ve been following y’all’s work for a while (and considered some of those early forward deployed engineer positions), but I’m struggling to see how this all works as a consumer product. Would be awesome to see an eventual partnership with Apple/Qualcomm to bring this to the hardware level since privacy is a tough nut to crack even at full MVNO.
You mean the ICCID?
But realistically, none of that matters. You'll be the only one in 10 miles with this SIM that always uses an never-before-seen IMEI that connects to the exact same set of domains. That's some mall ninja stuff.
Carriers don't just log IMEI/IMSI, as well as last hop cell towers and your precise location, they need those information to route packets back to the phone. You can't establish TLS with bogus IP addresses. That's why people like Stallman or unnamed friend of a friend ex-CIA guys on Internet says cell technologies are evil mass surveillance tools.
Always-on Mullvad solves that nicely.
Whoops.
Look at who Doyle has worked for previously and what connections he has. Palantir and the military, to start.
Prior to Cape, I led the national security business at Palantir. That experience was actually the catalyst for Cape. It’s where I first learned about the massive array of vulnerabilities that exist in our current cellular networks. I saw how those gaps impacted not just government organizations, but everyday people, and I realized that the mobile phones we carry every day are perhaps the single largest risk to our privacy.
I needed that experience to understand the depth of the problem, but once I left to start Cape, that connection ended. Cape has no ties to Palantir. We aren't a subsidiary, we aren't a "front," and we don't share data with them. The only thing we took from Palantir was the desire to fix a broken system. If you want to see me and some of the rest of our founding team talk more about this topic, you can watch this video on our Instagram page here.
Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
We are a group of individuals who deeply value privacy. That mission carries across everything we do, from our work with the US government and allies, to everyday people, and everything in between.
We are incredibly proud to work with people who protect our country by ensuring they have secure, trusted communications wherever they are. https://www.bloomberg.com/news/articles/2024-04-18/us-navy-t...
We also work with the EFF to provide investigative journalists and activists with free Cape service so they can do their work safely. https://www.cape.co/journalists-and-activists
We partner with non-profits to support victims of domestic abuse who are facing cyber-stalking and digital harassment. https://www.cape.co/break-free
We are a young company growing exponentially, and we don't plan on slowing down. We know we have to earn your trust every day. The truth is, no one else is building a high-quality, first-class solution to these specific cellular problems. We are committed to being the ones who do it right.
That is a lot of highly polished for the camera media you dropped into that post. The way that you word things, such as "Cape is not a honeypot." but don't delve any deeper, to start, gives someone less than zero confidence or trust in your words.
I have seen enough in the industry to say that your words are meaningless.
Can you expand on this? Because currently, the US government is not someone I want the companies I use to work with.
> The only thing we took from Palantir was the desire to fix a broken system.
What broken system does Palantir fix?
I'm sure you know this, but for others who may not: there's a history of splashy new mobile operators which promise security and privacy as their core feature, but turn out to be a front for law enforcement. https://en.wikipedia.org/wiki/Operation_Trojan_Shield is the preeminent example.
There are also people working in this space who are cranks and morons. In summer 2023, I had a phone call with the founder of a well-known startup founder from the dot-com era. He was trying to launch a privacy-focused cell network and messaging software. But everything about his approach was wrong, almost to the point of being an anti-solution to the problems he was trying to solve, as if he was totally unaware of the past 20-30 years' worth of learning about end-to-end encryption and mass surveillance.
He was also a conspiracy theorist: during our call, he repeatedly and unironically referred to a documentary film created by a well-known convicted felon and serial liar, as a source of credible information about the world.
> We also work with the EFF to provide investigative journalists and activists with free Cape service so they can do their work safely. https://www.cape.co/journalists-and-activists
That's good to know.
It appears from the EFF site that you were involved in developing the Rayhunter tool which they announced last year? https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-ope...
Currently in cyber as a Guard O/civ and also considering SFAS. Thank you!
> group of individuals who deeply value privacy
.. do you see the problem here?
Looks like a pretty sweet honey pot.
Seeing a warrant canary would be encouraging…
> At Palantir, where I started in technical roles more than 10 years ago, I learned about a wide array of vulnerabilities in the cellular network that present a threat not only to mission-focused organizations in government, but also to everyday people. I came to see mobile phones — and the networks that power them — as perhaps the largest risks to our privacy and security.
> If you told Americans twenty years ago that corporations and governments would conspire to attach powerful tracking devices to nearly every adult worldwide, it would’ve sounded like science fiction. And yet, that’s not far from where we are today.
https://www.cape.co/blog/building-the-future-of-mobile-priva...
> Minimal Data Collection
> Identifier Rotation
> Secondary Numbers
> Disappearing Call Logs
> SIM Swap Protection
> Network Lock
> Encrypted Voicemail
> Private Payment
> Last-Mile Encrypted Texting
> Secure Global Roaming
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit. Once that's factored in, most exploits you can think of are "on the other side of the airtight hatchway[1]". For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order. Or if you're worried about the phone triangulating itself, you should probably be more worried about your carrier getting hacked and/or selling your location data.
[1] https://devblogs.microsoft.com/oldnewthing/20060508-22/?p=31...
Doesn't Google require all new Android-branded devices to isolate the baseband from the Android OS and applications?
I swear I read this somewhere in the last few years, though I can't seem to find any clear reference to it now. Hmmm.
> For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order.
Everything should use TLS/DTLS/QUIC, and an up-to-date PKI for obligatory certificate validation, otherwise I assume it's already being MITM'd by the NSA, every other three letter agency on the planet, corporate firewalls, and my ISP.
That just kicks the can down the road to "Why should we fully trust the IOMMU?"
Granted, it does defend against the vast majority of actors.
Also, the 50 foreign countries seems interesting.
Not really, but I too am uncertain about how to think about it.
Here's my long-winded but still limited understanding of the main vulnerabilities that are unique :
NETWORKS: If I build a network, and I build it out of switched Ethernet, and I control the premises completely, then I can generally trust that the data flowing through it isn't being secretly logged or tampered with. Moving away from this simplicity, my distrust of the network increases rapidly.
A cellular network is pretty much the opposite of this simple one-man, one-room, wired network, so I distrust it completely.
There is only one credible solution here: all traffic over the network must be end-to-end encrypted and authenticated. That means TLS/DTLS/QUIC/ESP/Wireguard with key-pinning and/or correctly implemented and maintained PKI. Assume that any and all traffic that is not E2E-encrypted and authenticated is subject to some combination of mass surveillance and/or individually-targeted attacks.
CELLULAR DEVICE HARDWARE: For historical reasons, modern smartphones contain [at least] two CPUs:
1. The main "application" processor, an ARM64 SoC running an OS and applications made by Google or Apple. They've put substantial efforts into hardening these OSes and applications against remote attacks.
Whether they're doing "enough" is another question; whether you should trust them is another question. But they're at least trying pretty hard to prevent rando malware-for-hire attackers from pwning your device via over-the-air vulnerabilities.
2. The "baseband" processor, a ghastly fossilized thing that runs a stack of overly-complex firmware dating back to 2G days, and controls access to the cellular network. It is probably developed by Qualcomm, which along with Samsung has a near-monopoly on baseband processors for modern devices sold outside of China. Qualcomm in particular is litigious and complacent about security issues (https://news.ycombinator.com/item?id=38620067), and almost everything about the processors and their firmware are closed-source and non-public.
The baseband processor is insecure both due to inattention, as well as treachery. The end user of the device does NOT control it in the way that the end user controls the main processor. Some nebulous combination of the baseband vendor, the carrier, and the government controls it (e.g. https://news.ycombinator.com/item?id=46848303).
So the baseband processor is an untrustworthy thing that should be walled off from the rest of the system, and only allowed to communicate with the rest of it via narrow and well-defined interfaces. However, this was not the case for many years: the baseband processor has had way too much access to the system.
In recent years, this situation has improved somewhat: recent Pixel devices with Google Tensor SoCs (and maybe others) have the baseband isolated via an IOMMU. https://grapheneos.org/faq#baseband-isolation
---
Okay, so can "Cape" do anything to assuage my concerns about _any_ of the above issues? Honestly, not very much. ¯\_(ツ)_/¯
Cape can't increase my trust in the cellular network. Cape can't increase my trust in the baseband processor on my device.
Cape can only do a couple things to make the baseband and the network Slightly Less Evil: shuffle IMSI frequently to prevent IMSI-based tracking, and don't let random scammers call up and SIM-swap me.
I've had almost no problems using my GV number for 2FA. Venmo is literally the only service I've ever used that won't accept it for 2FA… and now Venmo offers non-SMS based alternatives, which is good because SMS-based 2FA is the reason that the SIM-swap attack is worth doing.
List of services that allow Google Voice for 2FA: https://www.reddit.com/r/Googlevoice/comments/1c571kw/crowds...
Most services either don't have a legitimate interest in my phone number (so they can get bent) or they do have a legitimate interest in which case not accepting my phone number means they aren't doing their #$&^ job (so they can get bent).
It helps that the only services I'm willing to provide my phone number to are those that already inherently involve my PII. Banks, online shopping, etc. So if they won't accept whatever I give them I'll take my business to a competitor.
If anyone knows of a good, secure VoIP provider outside of the US I'd be keen to hear about it.
Trackability is definitely a vulnerability.
The customer support team was great to work with and actually extended the trial price for me. But ultimately, the service just does not seem competitive on a usability level with major carriers and this was an issue for me. It very much could have been my local area but Verizon and T-Mobile are far, far more reliabl and comparable in price.
https://www.cape.co/blog/product-feature-secondary-numbers
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
They are real numbers, not VOIP. That can matter depending on what they are used for and if the entity you are expecting a message from blocks sending to VOIP numbers.
The numbers don't rotate like our identifier rotation. They are yours. You can choose to delete a secondary number in the app, and if you have less than two, create a new one after 30 days.
based in Arlington, VA, is primarily funded by high-profile venture capital firms, including Andreessen Horowitz (a16z), which led their Series B, A Capital, Costanoa Ventures, ex/ante, Point72 Ventures, and XYZ Ventures.*
Arlington, VA ... is an interesting location that aligns with your guess. A similar situation happened some time ago with a drug cartel that thought they built their own private phones and phone network. I am not saying it's related, just feels similar.
Which KYC regulations exist for carriers? AFAIK you can walk into any store and get a SIM card. The most they ask for is maybe E911 which they don't check.
What kind of measures are possible to prevent fraudulent calls when the caller is your anonymous customer? The answer is obviously "none," unless you respond to every complaint by terminating service of the offending customer and hoping they don't come back.
You can sign up for US mobile service, which is a Verizon MVNO, right this moment with no personally identifiable information at all.
Remember: neither the visa nor MasterCard payment networks have any support for customer name. Everyone pretends that they do, but they do not. In the absence of an additional security layer like “verified by visa “there is no way to verify cardholder name.
(I literally put 123 Fake St in payment portals.)
Domestically you can buy a Tmobile or Cricket with a pre-paid visa cash card and a gmail address (no ID required), but they won't work outside the US.
I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.
Here are a few things you might want to look at more closely:
Encrypted voicemail uses public key crypto: https://www.cape.co/blog/product-feature-encrypted-voicemail
How they use full control of the mobile core to detect SS7 signaling attacks https://www.cape.co/blog/product-feature-network-lock
Swapping SIMs is done via digital signatures, not customer support https://www.cape.co/blog/cape-product-feature-secure-authent...
They're the only provider that can rotate your IMSI, and do it continuously for you https://www.cape.co/blog/product-feature-identifier-rotation
They're also one of very few organizations doing original research on cell network security:
Collaborating with the EFF to release software for detecting cell site simulators (e.g, imsi catchers et al) https://www.cape.co/blog/how-eff-and-cape-collaborated-to-im...
Identifying novel weaknesses for physically tracking people on cell networks https://dl.acm.org/doi/pdf/10.1145/3636534.3690709
Very aware of who you are, and have done plenty of security work myself. Here's what I want from you: How can you prove this isn't just Anom 2.0
It's like walking into a bank wearing a ski mask. Yeah we don't know who is under the mask but we know there is probably something fishy going on.
Your best bet at staying safe is always to not raise any attention at all, and that usually means doing what the average citizen with 2.4 kids does.
I'm a target for a variety of things, and knowing that no one can SIM swap me is worth the subscription alone. The SS7 protections, encrypted voicemail, secondary numbers, IMSI rotation, etc are all a bonus.
Your “phone number “that people interact with cannot be hijacked with SS7 because it’s not a real number… you’re immune to sim swaps … And you can Jettison your physical phone and SIM card at any time with no penalty.
As a bonus, because your actual phone number is now programmable you can do interesting things like set up a SMS firewall. You can, for instance, collapse all incoming text messages to ascii-256. Or truncate their overall length. Or CC your incoming SMS to a dedicated mailbox.
I have operated like this since 2016. I have no idea what my physical SIM phone number is and neither does anybody else.
https://www.vice.com/en/article/anom-backdoor-fbi-years-of-a...
We're working on some ideas to address this with audits etc, but it will always be tough. However, if you like the idea, and like the features, then maybe it is worth your time to do the work and get comfortable with the company. Because we're the only ones providing some of these features, and we have a lot more in the hopper still to come. I hope we can win your trust at some point.
Like they're not gonna burn that kind of capability over tax evasion, state civil law violations, etc.
If we treat the carrier as adversarial, dumb pipes we can move the security and all of the capabilities into the cloud platform. A personal comms stack like this should be carrier-agnostic, phone-agnostic, sim-agnostic.
See my other post in this HN topic - I have done this since 2016 ...
- how do I know you are actually implementing what you claim on your webpage?
First, when it ran Anom, it went out of its way not to collect data on persons inside the United States. U.S. Anom users never had any of their data captured by the FBI because it raised profound 4th Amendment concerns. Cape is operating in the U.S. and is seeking U.S. users. Typical U.S. honeypots are generally targeted abroad.
Second, the U.S. government has historically not used former military officers with ties to defense contractors as the people that built and operated the honeypots. With Anom, they co-opted trusted members of the secure phone community. The very fact that the company is very open about its founders is a pretty good sign that they are probably not a honeypot because they would not make a very good honeypot for the truly criminal element.
Third, Cape is incorporated in the United States and seeking U.S. users. In the process, it's making some fairly aggressive claims in its privacy policy and terms of service about its products that would subject them to breach of contract and fraud claims if in fact they were secretly not doing those things.
Fourth, the legacy telecoms have a long history of selling your data, secretly cooperating in national security programs of questionable legality, etc. It seems like Cape can't possible a worse option than the status quo.
2. History matters until it doesn't. There was a time when the US did not perform science experiments on unsuspecting populations, too. The government does not get the benefit of the doubt when it comes to "past performance is not indicative of future performance".
3. We have seen sitting presidents pardon people for crimes they have yet to commit.
4. "Not worse" is not a selling point.
1/ eSIM activation outside the US 2/ The family plan is weird. My wife and I don't want to manage two separate bills. 3/ multiple eSIMs and numbers in different countries all within the one account (Germany in particular)
How does this compare to silent.link?
eSIM, global, variable pricing per country with per-GB billing, anonymous crypto payments and no KYC. Although it seems to not have some of the additional security features of the OP.
https://www.hachettebookgroup.com/titles/joseph-cox/dark-wir...
