Cape.co, GrapheneOS, Recco in MN madness (sh.itjust.works)

submitted 2 days ago* (last edited 2 days ago) by T3CHT@sh.itjust.works to c/privacy@lemmy.ml

20 comments fedilink hide all child comments

Received request from a friend in Minneapolis.

I suggested FairPhone/Murena and they found this Cape.co. The finding a compatible wireless carrier and managing a VPN piece thru them off. They need an easy solution that gives them peace of mind, but they are not techy at all. "Being able to research and pick a carrier, phone and OS was overwhelming."

This person is not nefarious, but they rightly believe the government is being nefarious in their town and they want to resist while being safe. The marketing from Cape hit the nail, but it's marketing.

I'm not there to help, so looking for experienced condensed advice on the device.

I should add - this will be a daily driver and I've already advised to leave the device home for protests, etc. due to tower tracking. We're at the next layer.

top 20 comments

sorted by: hot top controversial new old

[-] ScoffingLizard@lemmy.dbzer0.com 1 points 3 hours ago* (last edited 3 hours ago)

Meshtastic. There is actually a meshtastic Lemmy community. It can do texts.

Mureno will provide service for FairPhone 6. It has microphone and video kill switch, fakes geolocation, spoofs IP, uses app trackers detection, and doesn't really have bloatware. The ecosystem is carefully curated and managed. I like it better than Fossify but still diversify a few things just because.

I use NextDNS and tight domain filters. Got rid of MicroG. Love it.

[-] juspie@piefed.ca 9 points 2 days ago

I think you can only simplify things so much without making the entire thing pointless. As others have already said, install GrapheneOS yourself — it's almost as easy as making an online purchase. And remember the phone is inherently a tracking device no matter what — especially if the cellular/radio stack is active.

I don't think there's any more shortcuts that can be taken if security and protection from surveillance are actually important.

[-] floofloof@lemmy.ca 22 points 2 days ago

GrapheneOS is good and surprisingly simple to install.

[-] DieserTypMatthias@lemmy.ml 13 points 2 days ago

Just buy a Pixel 9a for him and install GrapheneOS on it.

[-] ToTheGraveMyLove@sh.itjust.works 15 points 2 days ago

You mentioned Graphene in the subject and then didn't mention it again. Why not Graphene?

[-] ProperlyProperTea@lemmy.ml 18 points 2 days ago

I would agree a used Pixel with Graphene OS would be the simplest solution.

[-] ToTheGraveMyLove@sh.itjust.works 13 points 2 days ago* (last edited 2 days ago)

Most secure option too. I'd never done any kind of custom OS on a phone before Graphene and the web installer made it super easy. Just make sure you have a cable meant for data in addition to charging. I didn't realize most of the USB-C cables I owned were charging only until I tried to set it up, and I got extremely frustrated why I couldn't get my computer to recognize anything for an embarrassing amount of time.

[-] ztpq@slrpnk.net 2 points 1 day ago* (last edited 1 day ago)

I guess this comes too late in your case, but you can tell the difference on the phone by checking if the notification "Charging this device via USB" pops up, which you can tap to enable USB data transfer.

[-] ToTheGraveMyLove@sh.itjust.works 2 points 1 day ago

I've learned a lot since starting my FOSS journey. 😉 Good advice for novices though.

[-] doodoo_wizard@lemmy.ml 5 points 2 days ago* (last edited 1 day ago)

What this person is describing is a recent ios device with lockdown on, biometrics off, adp on and an understanding that no us carrier can offer cell service with security or privacy from the us government because of the lawful intercept backdoor.

They need to change their behavior to include turning their phone off frequently and incorporate practice using their phones duress inputs. They need to recognize that the phone is always a tracking device and cannot function in the way they want without being a tracking device. Because of that last part, and because the metadata delivered to phones is now used to direct police action, they need to understand that phones can’t come with them to organizing or protest and they can’t communicate about those things using the phone no matter what app or encryption is employed.

It’s also important to recognize that if the people they’re around don’t take these same precautions then it may be best to simply stop associating with those people in that way. Some friends are a lot of fun at parties but can’t be trusted.

Once all that is handled then a nice cherry on top is mullvad. Easy to understand and handle for even the most tech averse.

People will say that they don’t trust iphones because they’re not open source, but every leak from cop and intelligence tech companies like celebrite indicates that they are incapable of compromising an up to date ios device especially in bfu (not unlocked after being powered on) state. These leaks could be dismissed as limited hang outs, but the fact that we also see action based on metadata from the lawful intercept backdoor instead of direct compromise of devices seems to corroborate it.

Tldr: switch to apple and go prodromal

E: another benefit I forgot to mention is looking normal. The context of the request is one where the users fellow citizens may be snitching on them to law enforcement. Being able to blend in is absolutely worthwhile because every nosy neighbor or coworker is gonna be looking for signs of a user being a weirdo. Having a “hardened” ios phone and changing your behavior lets you blend right in.

[-] ScoffingLizard@lemmy.dbzer0.com 1 points 3 hours ago

What does turning the phone off frequently do? Also, by duress, do you mean anti-tamper destructive functionality? Like wipe info if unapproved authentication methods are used or something?

[-] doodoo_wizard@lemmy.ml 1 points 12 minutes ago

Cell phones have three states: unlocked, locked afu (after first unlock) and locked bfu (before first unlock). When in bfu the phone is much more difficult to attack because it won’t allow access to the pairing or anything really. It becomes even more restrictive with lockdown on.

Turning the phone off frequently accomplishes two things, it keeps the user from messing with it and makes sure if someone grabs you up in your home while you’re reading your newspaper smoking your pipe then they grab your phone while it’s turned off, in bfu lock when it’s powered up.

The duress inputs can do a lot with a little. You can lock the phone, turn it off, dial 911 etc.

iOS devices already have wipe after a number of failed pin attempts. I’m dubious of much more than that for this user. The threat model here is police picking you up and using a far reaching warrant and off the shelf technology to peer into your devices, not someone dead bugging your devices’ security chip. It’s only got to last as long as the cops are allowed to hold your shit, so the four or five years lead that leaks from various cybersecurity companies indicate that devices in bfu have over their opponents in intelligence seems perfect.

It’s common practice for law enforcement to go ahead and do the ten tries or whatever makes the device wipe itself before they give it back to you anyway, so it’s a double edged sword.

[-] ScoffingLizard@lemmy.dbzer0.com 1 points 3 hours ago

There is a meshtastic Lemmy community. I think it has limited functionality. Like text only. IIRC it is low frequency, like 900 MHz or something, and is reliable. You have these walkie talkie looking devices, but they don't do voice that I'm aware of. Also, no issues with needing ham license or any of that. I'd be hard pressed to think there was not a community there that didn't have nodes set up. I don't know about security, but it might be under the radar.

There is a meshtastic map, but smaller networks in your community might not register, which is good.

[-] doodoo_wizard@lemmy.ml 1 points 9 minutes ago

Again, speaking as a radio operator, for this users needs its tough to recommend a radio solution to the non-technical especially when it’s a mesh based hobbyist one the user will be relying on to communicate securely.

Radio also sticks out like sore thumb and it’s important to be able to look normal.

[-] T3CHT@sh.itjust.works 3 points 2 days ago

Thanks for the feedback. For clarity, Cape is offering a GrapheneOS installed out of box to the user for a surcharge. This is what connected the title: https://www.cape.co/blog/cape-supports-grapheneos

[-] krolden@lemmy.ml 1 points 1 day ago

Why would I do that?

[-] AmbiguousProps@lemmy.today 16 points 2 days ago

I would never trust a phone with Graphene pre installed. I suppose you can check the hash on boot, but to be completely sure that you're secure, you should install it yourself.

[-] ToTheGraveMyLove@sh.itjust.works 12 points 2 days ago

Also, the dude who started that company used to work for Palantir. Its not out of the realm of possibility that someone who worked for them saw how horrible they were and decided to fight against that, but they're a new company and I would be extremely hesitant to trust someone with that track record until they've been heavily audited and proven themselves trustworthy.

[-] T3CHT@sh.itjust.works 1 points 18 hours ago

Good point. Can only trust the device and service as far as the company. And nobody is giving good reason to trust Cape.

[-] ScoffingLizard@lemmy.dbzer0.com 1 points 3 hours ago

Hey OP, if you ever get around to checking the hash on boot (if possible), it would be worth it to update the post and let everyone know if you were able to validate or not. That would be an interesting tidbit.

this post was submitted on 30 Jan 2026

28 points (93.8% liked)

Privacy

45199 readers

284 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS