Techlore Talks

Most people think turning off location services protects them from being tracked. It doesn't. In this interview, David Dunn from privacy-focused cellular provider Cape breaks down what carriers actually collect, how threats like IMSI catchers and SIM swaps work, and how Cape is building a mobile network specifically designed to minimize that exposure.

🔗 SOURCES & LINKS
• Cape: https://www.cape.co
• Cape + Proton collab: https://www.cape.co/cape-and-proton

⏱️ TIMESTAMPS
00:00:00 INTRO
00:01:01 WHAT CELLULAR CARRIERS SEE
00:02:50 THE CONCERNS
00:04:08 ABUSE OF DATA
00:05:28 LTT SIM SWAP ATTACK
00:06:33 PHONE CALL BEHIND-THE-SCENES
00:12:24 CELL TOWER TRIANGULATION & GEOFENCING
00:15:32 LOCATION SERVICES
00:16:25 CALL DATA & SMS RECORDS
00:19:24 SMS VS. EMAIL SECURITY
00:20:23 SIM SWAPPING + IMSI CATCHERS
00:24:09 CELL TOWER TRIANGULATION + GEOFENCING SOLUTIONS
00:26:38 CALL DATA RECORD + SMS SOLUTIONS
00:28:48 WI-FI CALLING
00:30:54 SS7 SIGNALING ATTACK PROTECTION
00:32:25 4G VS. 5G PRIVACY
00:36:34 USER AGENTS + CUSTOM ROMS
00:42:15 DEVICE PROTECTION
00:46:06 CAPE'S APPROACH
00:55:01 MOBILE CORE
00:59:18 CDR DELETION
01:00:06 IMSI ROTATION
01:00:52 OTHER USER CONFIGURABLE OPTIONS
01:04:05 PHONE NUMBER REPUTATION
01:05:29 ISSUES WITH PRIVACY TOOLS
01:08:22 OBSCURA
01:10:48 REGISTRATION
01:13:04 TRUST & VERIFICATION
01:15:37 COMPATIBILITY
01:17:33 AVAILABILITY
01:17:54 ROAMING
01:18:36 LAW ENFORCEMENT REQUESTS
01:21:15 PALANTIR
01:23:25 PROTON PARTNERSHIP
01:25:05 WHO IS CAPE FOR?
01:26:43 TELL US SOMETHING SHOCKING
01:29:28 OUTRO

🎥 VIDEO
Watch on YouTube

🧡 SUPPORT TECHLORE
Keep Techlore Talks independent & growing: ★ Support this podcast ★

Creators and Guests

Host
Henry Fisher
Runner, artist, musician and digital rights activist. Owner of Techlore
Guest
David Dunn
Cape Cellular
Editor
Tori
Techlore

What is Techlore Talks?

Techlore Talks brings you in-depth conversations with the experts at the forefront of privacy, security, and digital rights. Hosted by Henry Fisher, founder of Techlore and long-time digital rights educator, each episode features meaningful discussions with the people building, researching, and advocating for digital freedom.

From cybersecurity researchers and privacy tool developers to open-source advocates and digital rights activists—if they're shaping how we protect ourselves online, they're on this show.

Topics include: privacy tools and technologies, cybersecurity threats and defenses, open-source software, surveillance and digital rights, encryption, tech policy, and digital sovereignty.

New episodes released regularly. Subscribe and join the community at techlore.tech.

Even with lockdown mode, even with a VPN,

you've protected the data at the application layer.

The whole cellular side is still left wide open.

Welcome to what I think is one of the most groundbreaking interviews

we've ever done on Techlore Talks,

because we are going to pretty much expand on something

that has very little to no information on the internet,

especially in a centralized place, which is cellular privacy.

What does it look like? Why is it not private?

What can all of you do about it?

I'm really excited to have Cape on to discuss this,

and they're going to be covering how everything works behind the scenes, what your typical

provider can see and can't see about your information, the security vulnerabilities

in each step of the process, what this looks like for protesters, what this looks like between

iOS and Android, the features that you can customize. It's a really big deep dive, and

hopefully we take these technical concepts and make them accessible to all of you. And of course,

he will touch on what CAPE does a little bit differently and how they try to add privacy

into the mix. So without further ado, let's get into the interview. I just wanted to start by

asking what does a typical cellular carrier actually see about their customers? Yeah, there's a lot that

they see ranging from both what they collect on the business side and what's needed on the technical

side. And a lot of times those are kind of intermixed with each other. So a lot of times you sign up for

postpaid service, they'll collect your name, your address, your social security number, sometimes

You need to run a credit check.

Those types of things are pretty standard for like the signup process.

And then there's all the things that you sort of need to run the telco itself, to run your

service.

And there's going to be different identifiers that go in there, like most notably starting

at the device, like they can see your IMEI when you register.

That's your equipment identifier that identifies your specific phone.

They'll be able to see the service and information about your subscriber that you have, most correlated with what's called an IMSI or subscriber identifier.

Those tend to follow your SIM card.

And so they can kind of tell where you are at different points in time and what services you subscribe to.

And then there's, how do I actually get communication on a cellular network is all, how do I get radio waves from a tower to you?

And so they clearly need to know some degree of where you are.

So they can send it out over the right tower.

Or if you're, you know, in another country and you're roaming, you know, what other operator do I need to send information to, you know, to correspond with how I actually hand this off to someone else to send that information to you?

So there's, you know, there's kind of good bit ranging from things you actually need for your service to work all the way to like, how do I, you know, product ties and how do I make money off of this system?

Yeah. And then what are the general concerns that you've seen as a result of this tracking? I mean, one could just say that this is, you know, just part of running the service. So what's actually the issue with all this kind of data?

Yeah. And a lot of it comes from, there was sort of like this implicit trust that occurs with,

you know, a lot of these different networks. And, you know, I think a lot of it was designed with

best intentions in mind. But when you start to, you know, kind of put more of an adversarial

kind of spin on it or a lens, you start to think, hey, if I know where, you know, someone is at all

times, is that information that could be like tracked, collected and sold to someone else?

If my system is exploited, can someone pull that information without me knowing?

all the way down to things like, hey, if I can reroute someone's traffic from point A to point B,

and they're not actually at point B, could I intercept it, get their two-factor authentication

code? Could I pretend to be them? Could I spoof something? And so these networks had this trust

in mind, but they can be abused, and sometimes by design and sometimes by unintended consequences of

the time period we're in now where information and data is more valuable than ever.

Yeah. And have there been stories and incidents that you guys can cite

where this data has very clearly been abused in your view?

Yeah. I mean, there's lots of different stories towards, I think there's a classic one where,

I forget the name of the story. It's like, I paid a bounty hunter,

They're like $100 or $500 to locate me.

And they did it within like, you know, X number of minutes.

And so, you know, this data is readily available.

And there's, you know, lots of different, you know, flaws in the system, you know, ranging from, you know, social engineering.

Maybe it's support, you know, customer support person who's tricked or maybe someone is compromised.

And, you know, especially now when you start to think about like, you know, people for who they are or what they're doing,

Disinformation can be very valuable and very dangerous and put into the wrong hands.

Think like a journalist trying to tell a story who might be targeted or a victim of domestic abuse who may be trying to escape.

And there's very tangible consequences to what this looks like.

And when so readily available, and another thing I'll note is that even if you kind of do your best effort, a lot of times this information passes through many systems you may or may not have control over.

And so whether it goes into another billing system or whether it goes through a roaming network, you know, it's the lineage of this data can be hard to track and therefore can leak out in all kinds of ways.

Did you watch the Linus Tech Tips video where I think they did a SIM swap attack to hack into his channel using cell tower issue?

Yes, I remember watching that happen live.

Yeah.

Can you speak to that?

Yeah, I forget a while ago when I watched, I think right at the beginning of the company,

a lot of the, you know, like a SIM swap attack carried out in a number of ways,

a lot of times handled through customer service or bribes or any of those types.

I forget exactly what they did in the video.

I think it was an SS7 exploit or something.

I think it was SS7.

Yeah.

And SS7, you know, it's always been like a sort of a lingering problem.

And less so now with kind of sunsetting of 3G networks.

But no matter how much you sunset a network, it still exists in the global scale.

I haven't had to deal with it with as much staying in the 4G and 5G world.

But yeah, you can quite easily trip phones and tech networks into thinking,

hey, this device is actually somewhere else.

This is a bit of a broad question, but can you walk me through what happens

if I make a call to somebody else?

just on a regular cell network, not via a messenger or signal or anything like this?

What does it look like behind the scenes when I make a call?

Yeah. So typically it starts with your phone connecting to the network. Let's say you power

your phone on. Your phone will start to look for different networks to connect to. That's informed

by your SIM card. Your SIM card has programmed in different identifiers and different preference

lists for different networks to connect to, whether to treat them as roaming or not roaming.

And a lot of times your phone will kind of prolifically try to connect to whatever network, you know, seems the strongest or based on what its preferences are.

And usually part of that, you know, depending on whether you're in the 4G or 5G world is you, you know, you tell the network, here I am.

This is my identifier. Can I connect to your network?

You know, the network, depending on whether you're kind of a native subscriber of that network,

or if you're roaming on that network, will then kind of query whoever's the, you know,

quote unquote, owner of the subscriber, go back and pull an authentication challenge.

The device and the network in 4G and above will mutually authenticate each other. So,

hey, like, yes, I am the network you claim to be trying to connect to. And yes, you are the user

that is trying to connect. And then once that's established, they'll frequently establish what

It's called security context, you know, exchange based on key material, which is kind of pre-distributed in your SIM card and on the backend system that already exists to create a secure tunnel, secure being on certain different parts of the network of different types of security.

This part is on the control, what's called the control plane, sort of how you do authentication and mobility management, that aspect.

And then typically what will happen is also an exchange of other identifiers, like your IMEI, will then get sent to the network you're connecting to.

They'll frequently use that to check for whether your device is stolen or there's some sort of restriction on your device.

You know, you and the network will exchange what capabilities you have and kind of negotiate as to what services I should have.

And then if you're working on a network that's, you know, again, 4G and 5G, like a packet switched kind of network, so you're no longer dealing with the circuit switched part of 3G, you'll also, and you're using things like called voiceover, voiceover LTE or voiceover new radio for the 5G standalone equivalent, you will also register to effectively like a SIP server, sending over, you know, your identifiers and authenticating on the SIP side before you subsequently make a phone call.

where you will kind of change your path depending on whether it's a local, you're calling someone

else on your network, or if your network needs to go find the other person wherever they are in the

world and kind of hand it off to someone else. So there's kind of multiple layers of kind of

registering, authenticating, sending different types of identifiers and information, all before

you even get to making a phone call. And then once you make the phone call, you're kind of sending

your intent to make a phone call to your own network. Your network finds out who this person

is, whether they belong to you, your home network, or they belong somewhere else. And then we'll route

your kind of negotiate on the call side and then start sending media traffic. And which part of that

kind of process or multiple parts of that process do you guys see as problematic,

maybe from a privacy and or security standpoint?

Yeah, I mean, a lot of it is of concern,

you know, ranging from, you know,

kind of implicit channels where, you know,

where information is leaked or, you know,

things that are kind of by design that can be used to track.

So example, you connect to your network

and just during the normal attach process,

you're sharing your IMSI and your IMEI.

IMSI is tied to your subscriber identifier,

it's tied to like your SIM card and your subscription.

your IMEI, your equipment. So those are shared with whatever network you're attaching to.

Those are typically mostly static for most people, unless you're switching SIM cards and switching

devices on a regular cadence. And so that can be used to track you as an individual subscriber or

the kind of owner in possession of device, which can be really big for tracking a very specific

person all over the world down to like what your phone number, because typically you want to give

your phone number out to your friends, to your family, so they have a unique address on how to

contact you that stays the same. But that's also seen in both the control plane traffic that you see

during your authentication process as part of your subscriber data profile, as well as when you're

registering to make a phone call. And so that can be subsequently correlated to other identifiers.

Say you transfer your service from one SIM to another, or one carrier to another carrier,

or bring your phone number with you,

that phone number is still following you

in all the traffic that can be seen

and they can then correlate,

okay, you have this device,

now you have the other device.

So all those pieces are these breadcrumbs

that you can follow without too much difficulty

if you're in the telco space.

Yeah, I think people just assume,

if I have an Android phone right now

and I have Verizon as my carrier

and I'm gonna switch over to both AT&T

and get an iPhone,

It feels like a fresh start, but if you port your phone number over, what you're implying

is that there's still a very direct link there between the two devices.

Exactly.

It's like, you know, your phone number is your name on the network.

It's, you know, you change your clothes, but, you know, people can still see your face and

identify you in that way.

It's a very hard thing to break, you know, to break your identity and all the services

and usefulness you get by having a static phone number with, you know, all the downsides

that also comes with it.

Got it. Okay, now, you know, I want to get a little bit more into the tracking methods

specifically, and because you guys cite a lot of stuff on your blog. And I feel like even some of

these attacks go well, well beyond my technical understanding. And so I like to ask someone who's

definitely more of an expert on this. I have a very basic understanding of cell tower triangulation

and geofencing. My overall concept of this is my phone wants to always connect to the fastest cell

towers, that's the most reliable. And so it's constantly pinging. But that constant pinging

allows, you know, someone with the full access to that network of the cell towers to see like,

oh, this person is moving throughout here because it's stronger over here right now.

And there's this triangulation aspect. Is that an overall good summary of how that works? Or am I

making this a little bit too simplified? And how can that process be abused?

Yeah. I mean, you can follow the rabbit hole all the way down. It gets, it can get very,

very complicated down to like the physics behind it. You know, at a rough level, that's about right.

I mean, not only can you track on the application layer, like, you know, if I'm going from tower A to tower B, my session state is handed off from tower A to tower B.

So now I know, like, at a very rough level, like, hey, I'm within the purview of this tower.

Now I'm within the purview of that tower.

But the way that you actually establish your connections to the tower, you know, involves, you know, very, like, precise calculation and timing.

And that timing with how long it takes a signal to get from A to B can be used.

And if you look at like the tower information to kind of get a much more accurate picture of where, you know, of where you actually of where you are.

Because the coordination with the tower is, you know, is very is very important to make sure everyone's on the same page,

to make sure all the users within that are all served by the same cell are getting the right signals to each other and that I can connect.

So it goes down from both the high level and moving from tower A to B, but also, again, you said relative signal strength,

the time it takes, and the coordination effort between the two, you can kind of measure delays

and do a little bit of math and get a fairly accurate understanding of where people are.

And how accurate is this? Is this like within a mile or is it like within 10 feet?

I mean, I think you can, you know, with the right access to information, you can get it down to

within meters, you know, a handful of meters is what I've been told. That one I don't know for sure.

But, you know, it's kind of scary to think.

And, you know, especially, I'll note, as we're kind of spinning up more and more radios,

you know, we're not in the world, especially if you live in a city where you have radios

that are covering miles.

You might have radios that are covering very, very specific areas.

You could have a radio that's covering just the entrance of a stadium.

You could have, you know, a small cell radio that's covering, you know, a New York City

block.

If you think about how those can differ, I mean, you can also have a radio tower like I have outside my window here that covers the span of a mile.

You can have one that covers, like I have in my office here in my lab, just 20 feet in all direction.

And you can really start to narrow it down even by what tower you're connected to based on the signal strength.

Got it. And I also want to maybe clear this up because I think a lot of people think if they turn off the location services on their phone,

that where they go can't be tracked.

But this is all entirely independent of that, correct?

Correct.

This is all at the kind of cellular connectivity level.

You know, a lot of the location services, you know, use your GPS and can use your Wi-Fi

access points that you're connected to to figure this out.

This is all just information that's needed by the cell towers to, you know, connect you

to it.

And some of those can be manipulated.

Some of those can not be manipulated due to physics,

but all of this is happening just to maintain your cellular connection.

Got it.

And then I'll talk about, or I'll not talk about,

but I'll ask you about threats later on and how to address those.

But I still want to clear through a bit more of the tracking methods here.

So another thing that I saw online a lot was call data records.

And so what are kind of the concerns around how a typical carrier might handle call records?

And I guess we can throw in SMS records as well.

Yes, similar.

Yeah.

And so, I mean, typically call data records or CDRs as their acronym, because everyone

loves acronyms.

The intent behind them is around billing and accountability.

The problem is that these are stored for potentially very long periods of time, potentially years.

And there's some good intent around them.

Originally, it's like, hey, I'm using the network.

I need to piece together who did what so I can build them for the right information.

Or I was on a roaming network.

And so they sent me the CDRs.

So I can build my user accordingly.

Another part of it is these are kind of my proof of this user did use the network this

amount.

So like as an, you know, as an MVNO or as a roaming agreement, if they send you a bill

and say, Hey, this person used 10 gigabytes by CDRs are my proof of whether they did or

didn't.

If they did not and we disagree, we can mediate.

And this is my proof of like, look, they only had, they only use this amount.

This is how I can account for it.

So there's, you know, some legitimate use, you know, for these, but they can be fairly

invasive because the content of them can vary from carrier to carrier. So things like your subscriber

ID, your IMSI, things like your IMEI can make it in there. Maybe they don't actually need your IMEI

because they know it's tied to your subscriber. So there can be data leaks that occur here. Not to

mention that you mentioned SMS, all the SMS that you send through traditional SMS protocols, not

counting any over the top app, those are all visible to your network provider. And those can

make their way into data sets that you don't want to know. I don't know if you've ever logged into

your cellular provider service portal. Sometimes you can actually see the record and content of

every single message you've sent. I remember as a kid, when I found out my parents could see that,

I was like, oh, maybe I should think twice about what I'm sending to my best friend across the

room during school hours. But I think the real thing comes from, one, a lack of people knowing

what's in these, because there can be legitimate use cases. And two, obviously you have to kind of

defend yourself if you care about what's stored there. But the other side of this is the longevity

of these records. Some places may store these for five plus years. And if you think like,

hey, someone can go kind of back in the time machine and see what I was doing at a different

period of time, that's kind of a scary thought that they can kind of reconstruct what you were

doing. A lot of times these will contain potential information about where you were at the time,

like the cell tower you're connected to. And so it's kind of scary when you think that there's a

long period of time in which these can be connected to that's just sitting there that someone could

take or steal or could be subpoenaed or any of those options. Yeah. And I think what's fascinating

here is it's a bit of a myth, actually. I think I've heard this at least five times in my life

from people where they go, oh, let's not email this.

Let's text this.

So there's this odd myth out there that SMS is more secure than email.

And it's not like email is secure either.

These are both, to their core, they seem like inherently insecure protocols.

But I would argue in some ways email is actually a little bit better for most people.

I don't know if you guys have a view on which one is worse than the other.

Yeah, I mean, I can tell you what can be seen and how easy it can be.

of, you know, it all depends on the choices that you're making at the time, the threat model of

what you're, when you're acting. You know, well set up email server can be secure or it can be

insecure. I can definitely tell you that a telco can see every SMS that you're sending. I don't

know, like, I know, I know I can readily, you know, readily access that information and we have to

actively work to design systems where we can't do that. Or it's very, very, very hard to do that

and encourage people to not use that. Pick and choose where you want to put your fate if you're

either of them. So the next threat I have here is sim swaps and IMSI catchers. So this is a very

common one, especially in light of protests, which I know are quite common right now in the US. So

what can people kind of, what would you overall explain to someone who's new to the idea of sim

swaps and IMSI catchers and also where the cell company kind of has a role in this?

When it comes to, you know, I think in a cellular company's role, like the SIM swaps, I think they'll play a much larger role in.

Because typically, especially in 4G and 5G, that comes to typically issuing a new SIM, you know, to someone else.

A lot of times through social engineering, hey, I contact customer support and I say, hey, hit me up at this WhatsApp, my WhatsApp number, my signal number, and I'll give you 50 bucks for something.

and they can reactivate a SIM, give you a QR code to download and go that way.

Or porting someone's number from A to B if there's not protection.

So the carrier plays an active part based on their security principles that they follow.

How readily am I willing to transfer someone's number or give someone a new SIM or deactivate

their old SIM?

A lot of that is control of the cellular provider for the user.

Now, IMSI catchers are kind of a different story because, you know, despite what a carrier might do, it's very hard to stop someone malicious who's on the ground with a radio from setting up their own IMSI catcher.

And a lot of that has nothing to do with the operator.

It has to do with the protocols that exist within cellular space.

And that, like, for example, in 4G with an IMSI catcher, by definition, the protocol has a flaw where you can request your IMSI, which is typically static for people unless they're changing it, which is not a common feature to just trick someone's phone into attaching.

You know, pretty early on in my time at working in telecom space, I, you know, I bought a cheap software defined radio and I did an IMSI catcher on myself and I was able to, you know, get that done.

And you can watch YouTube videos and how you get that done in like an hour or a couple hours.

And a lot of that is, you know, between, you know, the equipment, the phone and the device itself.

And I mean, there are probably ways, there are lots of ways you can go about like detecting if these things are happening.

A lot of times you can be like, hey, can the device, you know, you see you lose service or blip in service you didn't expect.

Might be you attempted to connect to, you know, a rogue base station, MZ Catcher.

Because a lot of times these are going to be service disrupting.

your phone's going to be scanning, it's going to attempt to attach to something, and it's going to keep going.

And, you know, I think looking for ways to, you know, mitigate, you know, those types of things,

you know, either by changing those identifiers or, you know, ideally in, like, the technology and the standards themselves,

so, like, moving to something like, you know, 5G standalone, where the IMSI is significantly less readily accessible,

it's, you know, encrypted and exchanged securely, helps to patch some of these things.

And being cognizant of the situation you're in,

and maybe it's like, hey, I'm at a protest

and I think I might be tracked here.

Thinking through, do you need a solution

that can change these identifiers?

Do I want to turn my phone off?

Do I want to take my SIM card out?

Do I want to have a different SIM card

that I use completely?

Ranges from being not very sophisticated

to ultra sophisticated.

Yeah, and I guess on that note,

I'd love to start talking about some of the solutions.

I want to start by just going through solutions that anyone can pursue, regardless of what phone or cell carrier they use.

And then, of course, I want to get into how you guys change that and what you deal with on a root level, because I know you guys are quite different from an MVNO, and we'll touch on that in a second.

To start with maybe something like I'm going through the list here, cell tower triangulation and geofencing.

What are kind of the go-to solutions for a regular person to help navigate that?

Maybe from like easiest and like less effective to the most effective?

Yeah. I mean, there's very not sophisticated things like turning your phone off, putting it in a Faraday bag, any of those options that prevents cellular radiation or you attempting to connect to networks.

As everything is sort of working on normal function, your phone is going to be constantly trying to stay connected.

That's what its job is.

And so kind of eliminating the ability for it to present any signal to the world is like the most kind of naive way to stop yourself from being tracked.

But it comes at a downside of you don't have connectivity.

So it can be a little bit tough if you need to stay portable, use your GPS and maps, whatever, as you're moving from A to B.

Then you can get ultra sophisticated.

some of these things that are used to track, you know, like, you know, things like, you know,

geofences and triangulation and things like that. They can be a tougher, you know, a tougher nut to

crack simply because it has a lot to do with timing and it has a lot to do with your modems.

And those are not, you know, necessarily easy and approachable things to do. You know, there are,

there are features that can be developed that can, you know, tweak these items. But for the most part,

I think they're not going to be very approachable except by, you know, different OEMs, things like that.

I'm not saying someone in the right hackerspace couldn't get it to work.

But I think a lot of those basics with how they function are going to be not overly approachable.

But the other side of that is, you know, carrier changing could also be, you know, sort of an effective thing,

which is, you know, spreading out the data to different groups of people.

And so, you know, if I'm, you know, on carrier A and then switch to carrier B, you know, you're splitting your story between A and B.

And now, you know, if you're assuming if you're assuming compromise, you have to compromise both A and B, which might be hard.

Or, you know, if you're if this data is being brokered or sold, maybe it gets put into different buckets.

And so, you know, those are probably the most tangible ways for, you know, kind of those lower level type attacks to try to prevent against them, minus, you know, significant investment on the equipment side and coordination with the network.

Got it. And then what about something like call data records and SMS messages?

Typically the easiest thing to do, and, you know, like there are multiple types of CDRs.

So CDRs are collected, you know, hit on every single major service like voice messaging and data.

all three of them create CDRs, a different value. So when you use normal telephony channels,

so I use voiceover LTE, I'm using my native carriers call, avoiding doing that is going to

be a way to prevent CDRs from being generated by your voice call. Same thing for SMS. So using

an over-the-top app, like Signal, like a WhatsApp, anything that takes it out of the normal telephony

channels and moves it into the data channel is going to be pretty effective at stopping

CDRs from being generated for those activities.

And instead, you'll move it from a highly specific CDR, like, you know, I'm number A and

I called number B at this time, and instead move it to a more broader CDR, which is I had

a data session at this time.

And the contents of that data session don't make it into a CDR because, you know, people

are sending gigabytes of data over.

It's mostly meant for like a billing practice, not really showing what you did, just that you use the network.

And so kind of shifting your practice to using those over the top item apps can be very effective.

But I will note it comes at, you know, a downside in the sense of, you know, there are certain things that networks are that prioritize.

So, for example, when you make a voice over LTE call or Volte call, normal call in 4G, you're getting specific types of connections that are guaranteeing bandwidth, that are guaranteeing latency, that are set up specifically to optimize your voice call that you might not get, you know, from a data channel session or something like Signal.

I think we've gotten to the point where cellular networks are powerful enough to be able to support all of those.

But in a pinch and low connectivity, maybe those apps don't work.

You still might want to consider, depending on your situation, if it's an emergency or not, using those channels.

And so you don't get to take advantage of those designs of the network, but those are becoming less and less relevant as time goes on.

Got it. And then a question I've always had, actually, is Wi-Fi calling.

What are the implications of opting into something like Wi-Fi calling instead of just not touching it at all?

Wi-Fi calling can shift the sort of where the information flows.

So effectively what happens, you go and click on Wi-Fi calling,

and now it says your carrier and Wi-Fi,

is you're basically setting up like an IPsec connection,

so a secure VPN tunnel to an endpoint hosted by your cellular service,

and you're putting your registration over that.

And so your data goes over a non-secured,

I think a kind of not trusted channel,

which is like open Wi-Fi over an IPSec tunnel to the back end.

From there, everything else is the normal flow.

You know, you may accept, you know, more of your carrier sees more information or all the information.

Well, intermediaries don't.

So if I'm roaming and I have voiceover Wi-Fi, I'm still connecting back to my home network

and I'm skipping the visited network that I'm roaming on along the way.

But I will note that there are certain functionality that does glean information about like,

do you have Wi-Fi calling on or established? Think about the cases of handovers. I'm in the

middle of a Wi-Fi call in my hotel room and I walk out of my hotel room and my call continues to work

even though I'm outside of Wi-Fi range. Those are still coordinated with the cellular network.

You have to tell the network that you're leaving Wi-Fi so they can transfer the call over and now

it's following a different channel. So, you know, Wi-Fi calling, you know, can help change the

adversarial model and who can intercept. But there are ways, especially in these transition cases,

where you can still provide certain information

and still find yourself in a situation

where that information can be collected

because you as a person are moving

as you're making that call

and going in and out of Wi-Fi.

And those networks need coordination

to move your data session over

and to make sure they land on the same gateways

that they were on before

so you don't have your call dropped.

So it's a nice way to provide coverage.

It's a nice way to provide higher bandwidth,

but there are still kind of side channels

of how that information makes its way

different carriers if you aren't thinking about it.

Got it.

And then what about like an SS7 signaling attack?

What are some of the things that people can do to help protect themselves from that?

Yeah, a great thing is don't choose a network that has 3G.

A lot of carriers have, you know, deprecated their 3G networks.

They don't have them around.

So sticking to something that's, you know, 4G or 5G only.

How do you do that?

Like, is that a setting for people?

Yeah.

And so a lot of it has to do with the network operator themselves.

So you can do some background research.

I think most major U.S. carriers have sunset their 3G networks and 2G network platforms at this point, but not all of them or depending on certain use cases, they can still see that.

And a lot of the SS7 pieces are all occurring on the back end.

So, you know, whatever you set your phone to do doesn't play the finalized role.

So choosing a carrier that doesn't have those components to their network, which, again, is becoming rarer and rarer, is a great way to prevent it.

And also being cognizant of like, hey, if I go to a country that still has 3G and what network operator I'm on, knowing there are still some vulnerabilities that can exist there.

But picking a network that's on 4G and 5G is probably the most approachable way.

Ones that have published articles about them sunsetting or not having it anymore is probably the most attainable way to do that.

And then just being cognizant when you do travel

that you could be changing your risk portfolio a little bit,

especially if you're getting a SIM

from a native carrier over there.

Got it.

And then something I've been curious about,

because there is a little bit of granularity

that at least iOS gives you,

and I believe Android devices as well,

that at least iOS, like everything is bizarre

in the way that they tell you settings,

like nothing's clear.

It's like, we'll automatically decide

based on unknown contexts,

but you can do like automatic 4G, 5G switching,

or you can do forced 5G switching.

But I know the forced 5G can use a lot more battery life on iOS devices.

But is there a meaningful privacy or security difference

if a user is trying to maximize?

So I know lockdown mode and now Android devices

just straight up disable 2G now automatically

to help, I think, the MZ situation we already talked about.

I think that's the main thing.

And you're eyeing in some cases, depending on which protocol you're in.

Got it.

So yeah, is there a difference between like, you know, if someone's trying to maximize,

should they only opt for 5G?

A lot of it kind of boils down to exploitation of the device itself, which can be done, you

know, with radios.

And so just like how in 4G, I can force someone to send me their IMSI.

And that's just in the protocol.

Like, hey, if I connect to this thing, I can say, oh, send me your IMSI in the clear and

it will just do it.

You know, it's kind of a bootstrapping problem.

The first time you connect, you have to send it in the clear so they know who you are.

and then you switch to a more ephemeral identifier.

But it's baked into the protocol so you can force it.

In 3G and in 2G, the vulnerabilities in those protocols still exist

because those protocols weren't updated and fixed to do that.

Instead, they upgraded to the next technology.

So disabling those on your devices will prevent your phone

from responding with 2G or 3G protocols, which are known to be vulnerable,

where you can grab like in 2G, you know, MZs and IMIs

and, you know, in 4G, you can definitely still grab your IMSI, you know, having your phone

kind of locked down to not kind of accept those protocols will prevent your phone from responding

in those cases. And, you know, also note, like your phone tells the network what it's capable of

doing. And so it's another kind of interesting, you know, interesting point is that like that

information, not only about like, you know, what your IMEI is, but the device capabilities like,

hey, I support 4G, I support 5G, I support these bands.

All of that information does and can make its way back to the network.

And so as you change those settings, the network actually sees that you're not advertising those capabilities as well.

And so you can kind of think of that as another side channel of like, oh, there's these devices that can be exploited in this way.

They're out in the wild in this area.

Now, if you really want to go down the rabbit hole, it's all about the device that can be exploited.

Who knows about it?

How can they cast their net?

you can go forever on, you know, complexity and whether you think it's, you know, what the

adversary model is, which I think makes it very interesting. What you just described sounds a lot

like a fingerprinting attack, like via web browsers, you know, where if you're the only user using a

certain VPN with a DNS provider, it actually makes you stand out, even though you are getting some

privacy and security protections along the way. Is that like a pretty similar concept there where

you're advertising that you're a different phone. Exactly. And so, you know, if you want to talk

about like, you know, information that phones leak, it's all over the place, ranging from like user

agent information. So like, hey, I'm an Android or I'm an iOS device, or, you know, here's Chrome,

here's, you know, you know, a soft phone application, you know, all of those types of

things that use certain channels can be leaked. And that's why it's important, you know, it's like,

it's death by a thousand cuts. And when you, when you want to, you know, target something,

there's a lot of information that the network can have about it beyond just your normal identifiers.

And if you're changing those identifiers, keeping them all in line is, you know,

an important thing to do. Otherwise you may be, you're breaking your facade that you want to put

up for the world. And so if you want to like, you know, correlate all of those, or, you know,

can more easily identify, you know, someone based off of where they are, what they're doing and the

capabilities advertised, user agent, you can follow that and pull that thread all the way.

Got it. And is the user agent specific enough? Because I know we can say iOS or Android,

I'm sure we don't even talk about operating systems. It can just see this is an iPhone 17,

this is a Pixel 6, etc. But what about like specific custom ROMs? I know a lot of

people who use privacy respecting custom ROMs might not know if their carrier is aware that

they're using them. So is that some insight that a carrier would have?

It depends. A lot of it is like, you know, these strings get to be chosen by the libraries and the ROMs that you're using.

So as long as someone's conscious about, you know, what they're selecting or, you know, if it's a privacy conscious designer of the ROM,

they might know this and they might know the appropriate strings to set.

Or if they forked it from a particular library or community, you know, they follow the initial thread from where it came from.

So it can kind of depend based on the implementation.

Yeah, I'm sure a lot of our audience would be curious about Graphene.

I don't know if they actively address that issue.

Yeah.

And it can also get really complicated, too, in that, you know, depending on what libraries

you're using, you know, for what, like, you know, particularly for, you know, like for

voice calls and messaging that use, you know, like IMS or which is like this multimedia subsystem.

You know, are they writing their own library?

Do they have another library?

Are you inheriting debt from something else?

Is it like querying the OS and pulling something?

So it can all depend on the implementation

of how these things get set up.

But those are all like testable things

that you can like look at, you know,

on the device side and on the network side,

which is, you know, what we spend a lot of time doing,

which is, can I, you know, what can the network see?

What can the device see?

What is it sending?

And then what can we do that's better than that?

I guess, okay, so if I'm a cell carrier

and I get a new pixel

because I want to flash graphene on it,

and a lot of times they still require you

connect to Wi-Fi before you can unlock the bootloader and this stuff. But let's say I set

it up on my cell carrier instead for whatever reason. The cell carrier will see, you know,

the MZ, it'll get all the basic information that the phone sends off by default. And it'll probably

see, oh, this person's running a Pixel 10, whatever, running Android. But then let's say

I flash graphene on it and then I just resume. Will a carrier notice a difference between those two

things? Or are you guys not aware of that? Specifically for graphene on the Pixel, I don't

I don't know offhand, but I can imagine that it might advertise itself differently.

And so they might be able to tell something changed, like maybe user agent string changes,

maybe the capabilities broadcast change, which could be, you know, I've changed ROM and I've

disabled 3G. It could be someone went in and changed the setting. So they may be able to infer

something itself has changed. And kind of depending on the implementation, they might be able to,

you know, tie it to one versus the other.

It's all going to vary, you know, based off a phone.

But one thing that will remain, you know, static is like your IMEI.

So they'll still be able to tell like, hey, I'm on, you know,

this specific model of, you know, Pixel 7.

And so that's primarily what they'll probably, you know,

gauge on to like to kind of determine who's using our network,

because it's kind of the easiest, most tractable one in many cases.

So what you're saying is that this isn't a, it's not like my phone just sends to a cell tower,

hey, I'm running iOS, you know, 26.2. What you're saying is more so the user agent is just various

pieces of metadata that someone can use to maybe infer what someone is running on their devices.

And so theoretically, if there was like Lineage OS, maybe, you know, implemented something in a

very unique way, it could unintentionally let cell towers know. This is all very hypothetical,

but I'm assuming it's more of this like inferring from data points rather than it being just like

a broadcast directly to a cell carrier. Is that correct? Yeah. And to draw a distinction too,

like a lot of these things are exchanged after you've authenticated to the network. So like people

aren't like, you know, sitting there pulling this information, but the network operator who kind of

owns your authentication and owns your connection process can see this type of information as it kind

of leaks through inside channels and through normal functionality. And, you know, sometimes,

and I don't know if many operators do this, I think back to the times where people use user

agents and web browsers to optimize, you know, for, you know, Internet Explorer versus, you know,

Chrome versus something else. And so there may be good ways to, you know, use this information.

I don't know if anyone is, but a lot of this is information that's passed, you know, to your

operator. A lot of times you've ordered, you may have ordered your device from them, or hopefully

you got it from, you know, external. So they may have some insight into this already, but a lot of

it is, you know, not any person can walk off the street and, you know, set up a radio next to you

and get all that information, but they can get the little snippets and then the network operator

themselves can get, you know, a lot more because they have the same keys that are distributed on

your SIM and therefore like you're more freely sending them that information. And, you know,

also note that not only does your operator see this, when you go through a roaming infrastructure,

in many cases, they can also see this type of traffic. And so if, you know, if I'm a U.S.

citizen with a U.S. carrier and I go on a lovely family vacation to France, the French operator

can see a lot of this information before it gets back to the U.S. carrier.

And so as you kind of travel, you're proliferating this information to other networks as well,

depending on what protocol and what features that you're using.

Got it.

And now before I dive into a bit more about your guys' service here,

can you maybe cover how well and also not well and what issues are addressed and aren't addressed

by maybe a pretty common workflow that our audience might have,

which is maybe they have a phone, they're using the latest version.

Maybe some of them already use even lockdown mode

or they have things like disabling 2G and maybe even 3G.

They might use a more modern cell carrier.

They might have a system-wide VPN enabled

and maybe they use exclusively Signal and maybe a few other VOIP services.

I would probably say that's a lot of our audience.

So what are they protected against in that workflow

and what is still kind of up in the air?

Yeah.

And so everything is like, you know, death by a thousand cuts.

There's lots of little things to do.

And there's not necessarily ever a like, there's the one thing you could do that solves everything.

You know, everyone focuses on kind of individual components.

Like a VPN can like, you know, hide from your ISP, certain information to provide guarantees.

And, you know, when used in conjunction, they can be, you know, a very powerful thing.

So we'll start with like, you know, a VPN.

You know, VPN, you know, as a cellular provider, your cellular providers also like your internet service provider, they're your ISP.

And so on the normal circumstances, they can see every IP address you're sending information to.

They can see unencrypted traffic.

A lot of times they can see DNS if left unencrypted.

You know, all of those are covered by something like VPN.

You know, your voice and data records.

Those can be, like you said, covered by like an over-the-top app like Signal.

You can turn off 2G and 3G, and that can prevent what we end up calling close technical surveillance or in-person, close-to-you types of attacks.

It can help with certain downgrade attacks to pull information off your device in 2G and 3G.

But what really, even with lockdown mode, even with a VPN, you've protected the data that's available at the application layer.

The whole cellular side is still left wide open.

And so, you know, you even with lockdown mode, you're in 4G in a particular area, someone can still grab your IMSI, you know, pretty easily, especially if they're, you know, an advanced adversary.

They could see you were in spot A and they can see you're at spot B.

Or if they have access to the network, they could see, you know, maybe where your home is and where the protest was, you know, correlating different, you know, different components that you didn't want.

even if you're in lockdown mode the whole time.

They can still see, you know,

if you own the actual radio towers,

again, we talked about the triangulation

and those types of things that data exists

and can be there.

If you think about like your phone will do,

even if you're only using Signal, for example,

most phones are what are called voice-centric devices,

which means that if they're voice capable,

they will always attempt to have a voice connection,

even if it's not actually used.

And so like you'll actually connect to your voice channel and you'll send a registration message.

Even though you're not using it, you're not making a phone call, that information still flows with might have like identifier information like your IMSI, like your user agent and things like that.

Even though you're not making a phone call, that still is there because you're registering.

And so those pieces hide behind like what the phone was sort of designed to do and less so the all the things that use the data channels and the peripheral pieces that exist sort of within the phone like Bluetooth and Wi-Fi, which are kind of a lot more understood.

And a lot of the cellular pieces are sort of still deferred to other people to attempt to sort or to, in most parts, leave alone because global standards are difficult and move slow.

And, you know, in the end, people want a device that works and don't want to trade off functionality in many cases.

Got it. I feel like you did a really good summary there.

So in that exact summary you just gave, you guys are trying to do something a bit different here.

So in the past and to this day, actually, like kind of our formal recommendations are like, hey, this is what you have control over on your phones, which is the things we just talked about.

Like you can use Signal, you can use a VPN, you can enable lockdown mode, etc.

These are all the things you have control over, but ultimately you can't do anything

about your cell carrier.

If you want cell connectivity, you kind of just have to deal with these problems.

And the best maybe that you can do, which is what I've been doing, is I just use an MVNO,

which allows me to register under whatever information.

It doesn't need a social security number.

I can even use it with a different name.

I get it shipped to a private mailbox.

I do all the basic stuff there, and that's kind of what we've been recommending.

But it's not dealing with any of those root issues.

And so I was quite fascinated with you guys saying that you have your own kind of ways of doing things and your own infrastructure to get around these problems.

And so I'll kind of leave it open to you to kind of start that thread, I suppose.

Yeah. And let me talk more generically.

Like, what was our approach as a company?

Our approach to the company was like, I guess I sum it up like positive control is sort of like the word, the phrase I end up using,

which is how do we like try to get involved in as many of the places as possible?

And, you know, many, many MVNOs are light MVNOs or what they are, are they're like effectively a sales,

a sales platform on top of another carrier.

And so they mostly facilitate connecting you, a paying customer with cellular service on another person's network.

And in many of those cases, you use their SIMs, you use their voice servers,

you use their data nodes, all of that.

And I think, you know, for Cape,

what we ended up trying to do is like,

how can we own more of that process

and those components so that we can change them

based off of what we think is important

and ideally what we hope is important to,

you know, privacy and security conscious users,

you know, around the country and the world.

And, you know, without that degree,

again, it's still just like, you know,

if I only have one internet service provider and they're the only ones and I, you know, slap a new sticker on it and say it's something different, it's really the same underlying thing.

You know, maybe you get to do, you know, I can, you know, use a fake identity or false identity or, you know, use a fake name.

But in the end, all those components, it's all still the same underlying like software and hardware that's at play.

And so we think we thought, OK, let's how do we change this so that it's our software at play?

you know, as an MVNO, focusing mostly on software, like, how can we make sure that,

you know, the traffic is running through us rather than through something we know has these

vulnerabilities. And therefore, we can now inject a different threat model, we can inject different

technology, different thoughts, different processes to how we want to handle this.

So the first step was like, you know, I call it choosing hard mode, which is like, you know,

building, you know, building the network out from underneath it. And that gives you options of what

to do. And so, you know, one option, you know, to all MVNOs is how you want to do billing. And so

that's, you know, that's an easy one to like kind of cross off. Another thing we talked about with

the CDRs, which is, you know, even if you're, you know, on another MVNO and you're still connecting

to like the underlying carrier, they're the one generating the CDRs. They still see your IMSI,

which is static. They can still see your IMEI because you're connected to the network. They

can still see the phone number you're calling from. They can, and they'll store it for however

long the underlying carrier wants, probably years. You don't get to control that if you don't own the

underlying like network components. And so, you know, like for us, what do we, you know, what does

Cape get to do? We get to decide what's the retention period on CDRs. And our retention period

is as short as we can possibly make it and still be able to like be a legally complying business

that won't get driven out of business in a day. And so, you know, we try to delete like as quickly

as possible, always trying to figure out how do we shrink the time? Is there ways we can take the

information when it's produced, anonymize it, and throw out the old copies? But we can choose to make,

you know, active decisions in what data is produced and take things that even the content

of the CDRs. Like we actively try to remove identifiers that are unnecessary to even do

billing remediation from what we're doing. And so like, I don't want to know the information.

I hope our users don't want to know that information.

And so minimizing it as absolutely as possible

and then destroying it as soon as we can,

it becomes something we can do by owning it,

by owning the whole network.

And then moving towards pieces like your IMSI, for example,

something that's typically static.

You go and sign up for a normal MVNO.

They give you your SIM card or your eSIM.

Your IMSI is not changing.

It's static unless you ask for a new SIM card or download a new eSIM or you change carriers.

But it is something that can be controlled if coordinated properly.

And by owning our core and by owning the core network behind it, we can facilitate a user

changing their identity over time without needing them to do much.

An IMSI in the end is just a number.

It's a 15-digit number that exists on your SIM card that identifies you.

And as long as we know what IMSIs can connect to the network and the key material behind them, we can set it to be whatever we want.

And so someone with an IMSI grabber can sit there and collect your IMSI, but we can change it at any time we want and actively want to do that type of activity because it's an important part of our threat model for addressing a 4G deficit.

it. And it can be complicated and it can, you know, maybe, you know, interfere a little bit

with a user. If, you know, if they want to rotate their IMSI, you have to, you know, disconnect and

reconnect. But having users who are bought into the value that's gained by it allows us to then

implement that feature in our core network such that they can change what's typically a static

identifier. Now there's, you know, other parts of our network that kind of sit behind the scenes,

you know, and you mentioned like, you know, SS7 before, you know, there's, you know, a whole

control signaling plane that exists in the global network. You know, in 4G, it's under a protocol

called diameter. But it's all kind of comes down to like, you know, signaling traffic, which is,

you know, how do I tell the network where I am? How do I tell them the feature set? How do I

distribute the data? How do I do authentication? All of this happens on that plane. And we can

actively develop signaling protection or rules or above and beyond like industry standard to prevent

someone from saying that you're actually in another country when you're in the United States.

and what we actively want to do is have our users participate in their own sort of defense,

which are let them set thresholds for what they're willing to tolerate or not tolerate.

Just a lockdown mode is an opt-in type feature that, you know, even when you turn it on,

it says like, hey, this is really not for most people.

You know, have people have a say in the type of protection that they want

and make some of those trade-offs for, you know, maybe, you know,

ease of use versus security versus, you know, something else. Like if I want to say, you know,

hey, I want to block, you know, all incoming, like roaming requests from, you know, X number

of countries or any country that's not like the country that I'm currently living in. That's

something that we can do because we own the signaling plane, we own our network, and we own

the features and functionality that we can then provide to our users to do. And so, you know,

that type of control is what becomes really like a key part in how we can implement protection

at the cellular layer, ranging from just doing table stakes things well, along with an audience

that understands, because you, you know, you take a really big carrier, and they're going to be

geared a lot more towards a common user, someone who needs connectivity, who wants a low price,

who wants, you know, all these different things, as opposed to someone who wants to actively

participate in choosing private and secure things, using features that maybe are a little

bit more complicated.

You know, it all kind of depends.

And with, you know, sort of a bought in audience on that feature of people who actively want

to be able to set these things and control them, it gives us a lot more ground to roll

out those types of features that can like address these things at a root level with the

user kind of involved in that process.

It's kind of like a high level how I end up thinking about how we provide protection,

sort of above and beyond normal over the top to address that cellular layer, which is

pretty difficult to get to without really getting down into the weeds and putting a lot of investment

into standing up a network and interconnecting it with the rest of the global telco network.

Yeah. And that's kind of, I guess, maybe what's a bit misunderstood in general is like the mobile

core aspect of things, because I think people are quite used to the MVNO and how they work.

How and why? I mean, I know why, actually, because you guys wanted more control. But

I think, you know, way back in the day, I just for fun kind of looked into like what it looks

like to start an ISP or cell company. And it's overall seen as largely impossible to start like

your own nowadays. So why would you or how did you opt for this mobile core? Because it sounds like

you actually have to own a lot more infrastructure than a typical company. And how are you still able

to compete? Or do you not compete as well against maybe something like Verizon in some ways here?

Yeah, you know, why we chose to do this? Well, you know, I said, like, you know, positive control,

but also like, it's hard to build towards requirements if you can't do anything about it.

And how do you challenge like, how do you challenge the status quo? And it's harder.

It's harder to make agreements with, because again, you know, even as an MVNO, we have to

make agreements with other carriers because we don't have a radio network. We don't have

tens of thousands of towers across large countries, and we don't have infrastructure

around the world to support all of it. But what we do have are passionate people who want to

dig through these annoying problems, ranging from you talk about setting up an ISP, even going and

registering, getting our own ASNs, getting your own IP address space, cleaning the IP address space

because you can get IPs,

but if you want people to be able to access websites,

a lot of people block based on source IP.

And so going after each one of these pieces

presents an opportunity.

And yeah, it makes it difficult to compete

on the early stages because in order to be

a cellular service that you can sell,

just kind of an expectation

that you provide a bare-bones set of features.

And it can take a while to get to that

bare-bones set of features.

But it also, you know, having a community built in of people who care about these problems

also kind of creates a bit more tolerance around, you know, explaining and providing

transparency around the process, why it takes time to build it, because you have to make

good decisions each step of the way.

Knowing that like, you know, phone companies have had like decades of head start, you know,

on us is tough.

But our goal is to be a comparable choice on like, you know, the bare bones functionality.

You can get all your data services, voice messaging, just like you would any other operator, but have significantly more play in your privacy and security.

And so, you know, it can be it can be hard because, again, you know, we're also sometimes at the whim of, you know, of Verizon, Timo and AT&T because they own all the cellular infrastructure and radio towers in the country.

You know, and a lot of that has been built out over many years.

But going down this path, especially with a more niche community, is kind of an area that I don't say they're not necessarily interested in.

it's harder for them to capture that we can invest in doing those types of things and get,

you know, very passionate response back from the community about things we should or shouldn't do

or build, which is what, you know, I guess the fun part of it, but also the challenging part.

Because again, there's no like one, you know, problem, but a space of problems. And thinking

forward to the future, you know, I would hate to ever be known as like a one problem company.

You know, maybe you can high level put it that way.

But I want to be thought of as someone who can be, who can provide solutions to the space as it changes.

And I think that's the other important part, too, is as we go to 5G to 6G, forever, like always having this specific lens on the problem.

You know, it kind of flows into, you know, we're choosing to have a core.

We're choosing to build, we're choosing to build components.

And so we can, yes, maybe we have some catching up to do, but we can then play in the game going forward as the space changes as well.

Yeah. And I mean, it's a totally different approach, like a typical cellular provider.

I think it's maximum data collection versus you guys are minimum.

So it's quite a different approach.

So because of this infrastructure that you guys control, you're able to pretty much modify a lot of these different things that otherwise really can't be modified if anyone's using a cell carrier.

So I think I read, is it 24-hour for CDR deletion?

Yes.

And then is that configurable by the user or is that just a staple that you set for all users?

Right now it's just a staple we set for everyone.

You know, all records get purged.

Cool.

You know, sometimes there's some downsides, like maybe we need to do if there's any processing and stuff we need to do, like if we miss our window, then we're out of luck.

And, you know, that's something that we have to absorb.

And that was a conscious choice, which is like we can absorb business, business things.

It's hard to absorb like breaking privacy concerns.

And so always moving towards the like, this is what we need to delete.

And this is what wins when there's like a tie or race, you know, to it is the decision we've made.

And then what about like IMSI rotation? Because you mentioned you guys will automatically rotate that. Is that on a set frequency or is that like a user on demand thing?

Right now, it's both. And so by default, it's once every 24 hours. But there's also an on-demand feature as well. So we know that people can't coordinate their schedules with what EMSI rotation time they set.

And so knowing like, hey, if someone goes to a protest and wants to change their empty afterward, we need to be flexible to be able to accommodate them when they're in the event, before the event, after the event, and not limit them to like, I can only participate in events right as I'm at a border of an empty change or something like that.

And so it's both.

Got it.

And then when it comes to other user configurable things, is all of this mostly automatic?

What's configurable for me as a customer in there?

Yeah.

So, and I think the, you know, the options you have are different based on, you know, the different types of offerings we have.

We have, you know, a normal consumer service.

And we also have, you know, service, a service called Obscura, which also has a device side component to it that is a bit more of the advanced, like very targeted mode kind of piece.

But, you know, kind of, you know, standard out of the box.

There are, you know, the normal cellular service that you get.

We provide our kind of standard signaling protection.

So that's something that everyone gets ranging from, again, there are lots of industry standard type protections you get.

Plus, you can kind of opt into sort of the advanced protection or being in the loop of like being notified when certain events happen, staying in the loop.

MZ rotation is a big one that we launched not too long ago.

So being able to like, you know, easily toggle that on,

you get, you know, change your MZ once every 24 hours

or on demand as needed in the button with a button on there,

along with, you know, lots of kind of default implicit choices

that we kind of have that run on the background,

a lot of which are network and device side coordination,

things that are called like carrier bundles,

which are kind of device configuration provided by your network.

So kind of the implicit like good choices along with the different features that we have set.

We recently also added in, I think we're calling it like last mile encryption,

which takes certain SMS and sends it.

Instead of sending it over the telephony channel once it hits us,

we send it via encrypted comms to your device instead.

So just eliminating like another leg of potential compromise that happens.

And so that can be potentially useful, especially if you're sitting

in a roaming type scenario.

Instead of distributing your traffic

through someone else's infrastructure,

we can deliver it directly to you.

Because again, a lot of these SMS come over,

these insecure channels that can happen.

And depending on the countries and the laws,

certain things are forced to be unencrypted

for lawful intercept purposes

and compliance with regulatory.

So I think those are a lot of the things

that come kind of standard now in the app.

And I think we're working on more features to roll out,

one, provide transparency around, you know, situations that you're in. So you can, you know,

make a good decision about like, Hey, am I more or less secure than it was before, along with more,

you know, more features on the signaling side. I guess I also didn't mention the multi-number

multi-number features. If you want to receive messaging on, you know, having kind of secondary

and tertiary numbers as well to sign up for other, you know, other features and functions and other

services as well. So there's a lot of, a lot of things you can, you can choose from there.

I don't dislike it. It does the job.

But I can't say I love my VOIP app that I use for like my second and third number.

And I assume those would show up as like if you're trying to register for an Amazon or Google account,

I bet they would still register as like an actual real phone number.

You guys don't use VOIP for that?

Those all come from our main, the same numbering pool that we have.

That's pretty cool.

And so, yeah, it's a big thing.

And, you know, I also mentioned like, you know, I mentioned IP address reputation.

phone number reputation is like a huge uphill battle. I said we chose hard mode, you know,

being a network operator and being like independent comes with a lot of challenges. And like,

how do you prove to people you're not malicious? How do you prove to people, you know, these aren't

spam numbers. And, you know, a lot of times like the regulatory landscape of the country is a bit

out of date, you know, in order to get, you know, phone numbers that belong to you, you need to own

spectrum. That's kind of a, it's kind of a crazy thing to think about is you have to go and buy

spectrum in different locations to get access to phone numbers from those locations. And,

and then you have to worry about like, hey, if, if meta doesn't like my phone numbers,

they're going to block me from WhatsApp. And, you know, everyone in the world uses WhatsApp,

you know, outside of the US and, you know, people want to be able to, you know, communicate or

again, things being flagged as VoIP numbers, even though they're not. And so it's this constant

uphill battle of proving your reputation, fighting for your reputation, and then providing features

that get to take advantage of the reputation that you have. It's tedious. It's the battle we chose.

It's the battle I fight every day. And I love it. Like, you know, it's, it could be demoralizing

sometimes, but you know, you get these breakthroughs that are just great. A little side note. It's

always fun. I bet. And it's a universal problem with all privacy tools. You know, SimpleLogin,

And when I first used it, we put out an interview when they just started.

No one really knew who they were yet.

And it blew my mind because there was really no such thing as an email aliasing service at that point in time, as far as I was concerned.

Like something that just forwarded.

You can just generate emails and they all forward to one email inbox.

And I was able to create a Facebook account just to test with a simple login email, an Amazon account, I think even a Google account.

And nowadays that sounds mind-blowing because there is no way in hell you can create.

an account with those services.

But that's kind of the same problem.

These privacy tools do have an overall reputation.

It's why VPNs get blocked

when you try to log into your bank.

It's why Tor Browser gets blocked

on different websites.

And it's quite frustrating

and it's an ongoing issue.

So I'm not surprised that you guys

have to deal with that too.

Yeah, there's no regulation around it.

Like people, services do whatever they want.

And so they can say,

hey, we don't think this is worth it.

There's no one authority to go to.

I mean, there's an authority that says

phone numbers are real, but that's really only one data source that people are using to determine

in their services. But yes, this is a legal thing. Here's the paperwork for it. They're like, well,

I'm still going to block it anyway. I saw spam from there. Sorry. Or you have to work your way

through a mega corporations like hierarchy from like the support email address all the way to the

top to see if you can figure out what happens. And it's frustrating for users who want to do the

right thing and use the right services and then get basically punished for trying to do that.

And so it's an uphill battle, but it's crazy how much I've learned going through all those.

It's how arbitrary some of them are.

Yeah, it's frustrating. And I think, you know, in my view, we don't really have any protections

as end users in the US when it comes from a data perspective. But if there was something

like a GDPR that was federal in the US, I think something that would be very modernized that even

the GDPR didn't really encompass, as far as I'm aware, is like the right to register or access

services without needing to use the mainstream thing, right? Because right now, if you have a

Gmail account, you can register for anything in the world, for the most part. Like Gmail's never

blocked, but sometimes using Proton gets blocked, and Proton is a legitimate service. Sometimes

using SimpleLogin should be acceptable. And so I think it would be nice to have more protections

for end users where you as a user can pick any service you want.

And as long as that service is legally compliant, that should be okay.

And I feel like, I don't know, there should be some kind of something there.

And I'm sure you have better language around this than I do since you deal with it so often.

Yeah, I wish there was some authority I could go to to just say like,

hey, like we're real, like please make like X, Y, and Z play along with us.

It would be great.

Yeah.

Okay, now I do have just quick hit questions.

here. You mentioned Obscura. Not to be confused, I assume, with Obscura VPN, which is a totally

different service. I interviewed them separately. Can you just briefly explain what it looks like

if someone goes for Obscura and how that differs from your typical offering?

Yeah. So Obscura is a much more, I'll call it the lockdown mode equivalent. It's significantly more

you know, advanced and tailors to a more advanced adversarial model. And it puts a lot more in

control, you know, of, you know, for the user. It's like, how do I craft my persona? You know,

how do I change certain different identifiers? And the user's more involved in setting those

configurations. You know, there's a significantly more device side component. So it's not a BYOD.

It's a like, here's a device. And again, it's, it's, it's something that's tailored more towards

like highly targeted people, you know, it's a is an advanced mode. You know, probably most people,

most people don't necessarily need it. And, you know, for some, for some who do get it, you know,

it can be probably overkill for what they need, but provides, you know, a sense of personal

security around it, which again, is, is hard to quantify, but very important for people who are

in stressful situations. So, you know, but also from the technology side, it's just, it's a lot more

control over those types of settings that you would have, like, you know, something like MZ

rotation, you know, having more access to those types of things, which again, someone doesn't

need to be tweaking it at a particular, you know, super, super high frequency given a normal threat

model. But, you know, to some others, it might be more tractable for them to have this advanced

solution. But it's sort of a more encompassing device plus network combined solution rather than,

you know, device light, because, you know, it's hard to, you know, write solutions that are

prolific to all device types so they can vary greatly and the network bundle. So kind of like

just a more advanced mode. And then what device do you ship for that? These are on the nothing phone.

Oh, cool. Is there a reason? Is it because they're like affordable or? I mean, we work with them.

I don't remember all the exact initial reasons, but yeah, they've been, they're a good device to

work with. And does it just run like the stock

ROM? Or do you guys customize it

out of the box a little bit? There's more device

side customization on

it that we've worked through.

So it's a bit more tailored.

Got it. So registration,

I believe you guys just generate a QR code, kind

of like creating a Bitcoin wallet type of deal.

Is that the whole account? Yep. And so

each of the different offerings,

the web checkout to

there. So yeah, that basically is just

facilitating setup of your

on-device information.

And so we use recovery phrase,

very a la crypto wallet,

very hard to compromise and needed,

just like you'd have your big security reset phrase

for your password manager or whatever.

Having this phrase that's both memorable and capturable

that I think people in the community can hopefully understand

is a big aspect to it.

And that gates a lot of things like recovery

or changing sims, you know, hence a lot of the sim swap attack is like, it's not a person who

goes in and does it. You have to provide a complicated thing, you know, based in cryptography

to kind of allow you to change certain aspects of your account. Got it. And then did you guys

opt for this from a privacy perspective? Because I assume that way doesn't require any emails,

any names, et cetera. Or is this also like a sim swap protection kind of thing or both?

Yeah, it's a bit of both. You know, we always, you know, have to walk the line of like,

we don't want to collect any information, but we also like sometimes need to, you know,

to get in contact with folks. We always have this debate back and forth. Like,

do we collect email? Do we not collect email? Like, ideally, we don't collect it, but we might

need to like, send something to someone or facilitate. And so, you know, part of this was

like, how do we not have to do that? So like, you know, if you're a recovery phrase, we don't need

to like send you an email reset link or anything.

You just go in and you can enter your phrase

and recover that way.

You know, part of like the web checkout is,

you know, how do we like,

can we walk the line of collecting

less information as possible?

It's getting your QR code and go from there.

So it's a little bit of both.

Can you pay with non-fiat?

Like what options do you guys have?

I mean, right now it's all just credit card

for right now.

I think we hope to be able to accept

other currencies and stuff.

It's something that constantly comes up,

but not something we have right now.

Okay. And then just a broad question.

Someone might be hearing this,

but if you give someone something

that they install on their device,

like a VPN or Signal,

it's more tangible that it's actually doing

what it's promising to do.

But this is a lot more behind the scenes.

So theoretically, someone could just say,

we're doing all these things,

and there's no way for me as a user to verify that.

So how can we even trust you guys

that you're doing what you're saying you're doing?

Like, how do we know that you're deleting the call logs after 24 hours?

Is there any kind of transparency there?

Or is it still a trust me system,

which isn't any different than what you get from another cell carrier, I suppose?

Yeah.

And when it comes down to, you know, different components,

there's kind of different answers.

So, you know, for example, you know, we have an app

and the app can facilitate, like,

how do I prove that the second number is working?

It's like, well, you're receiving information on the second number.

It's a great way to do it.

Same thing for some of our signaling protection,

like basically providing information of like, yep, this is where we see a network attached coming in,

giving you that information. You'd be like, yep, that's me. Like, I know I just connected to the

network. So there are things that are like very easily we're able to like kind of share via our

app of what's happening. And then there are like things like CDRs are, you know, it's a bit harder.

How do I prove that we're not, you know, we're not collecting, you know, that information.

Parts of that are like, you know, we can share out our, you know, share out our policies,

share out a copy of like, what does a CDR look like?

What are we collecting? What are we not?

In the end, there's a bit of trust that has to happen there.

I would say ideally, like someone can like prove that that doesn't happen.

And we have to figure if there's a great way to figure it out.

We're always trying to figure out how do we prove to our people what we're doing?

You know, the hope would be that one day is sort of the blessing and the curse.

If like, you know, we're compromised, you know, maybe all companies are

that there's nothing that comes of it.

Like people don't have this information stolen.

Like that's case in point is like, you know, in a zero trust model,

like you get compromised and like they can't do anything with it. We say, hey, we were compromised,

but like no one sees anything. Blessing and a curse because you have to be compromised for that

to happen. And then try to do things like, you know, publish blog posts, publish pieces about

the technology that we're doing. Try to like, you know, let people see the methodology by which we're,

you know, by which we're doing things and provide them with a, hey, look, we've thought about this

type of problem, these types of solutions. This is how we came up with it. Like you can try to be a

little bit more assured that, you know, we're surrounding the problem in the right way and make

a more informed decision about it. But we're also always on the lookout of, you know, how do we prove

to people what they're interested in? And is there things that we can provide that make that happen

is kind of an area we're always looking to expand in. Got it. And then what's your compatibility

between devices? So, I mean, right now, you know, we support both Android and iOS. There's some

caveats to them just because of how difficult the OEM ecosystem is. And we're a small company,

so we haven't tested on everything. And there's a lot of things from OEMs that are very locked down

to people who don't have large scale agreements with that we're working on whittling those away.

But for the most part, normal services works on iOS and most mainstream Android devices. We try to

work with, you know, with graphene to make sure graphene works. We know, you know, a large

percentage of the community likes graphene is participating in that community. And so we want

to be part of that as well. So we try to, you know, make sure graphene support, you know,

works and is functional. And as we uncover things that are different between stock, stock roms,

you know, we work to address those as well. And then, you know, we have other, some, some other

limitations, like we made a decision to support, you know, provide eSIMs. So like if you're in

non-eSIM capable device, which again, I think most newer devices in the last probably good

number of years support eSIM. And so there's certain device type restrictions based on

technology like that. And like I said, working through some of the kinks with the different

ROMs that are published by different OEMs and the different features and how they interact with our

network. It's a very tailored process, even in Android and in iOS and how you push configuration

out to them that control the telephony side.

It's actually also super fascinating.

I didn't know any of this existed before I dug in at Cape.

You know, a good amount of that is actually in the Android source code, if you ever want

to poke around these different carrier configuration settings.

And there's some folks who published the carrier bundles pulled things via iTunes at one point

on iOS, somewhere on GitHub as well.

If you ever want to look what different carriers are setting behind the scenes.

Fascinating.

And are you guys U.S. only or are you international as well?

Right now, I think we're U.S. only.

That doesn't mean we don't support international roaming,

but our network is geared towards U.S. regulatory perspectives

and something towards U.S. customers,

but the hope that we can expand that to be global.

And if someone roams, like if I'm a U.S. customer, I use Cape,

and then I go visit Germany for a conference,

will I still get the Cape protections even though I'm in Germany?

or is it just kind of going to fall back

to a regular cell carrier at that point?

Yeah, you'll get some of CAPE's protections

depending on, you know,

where you are and the infrastructure you're in.

So things like IMSI rotation will still function.

You know, there's a slightly different threat model

as in like now instead of your data flowing,

you know, more directly through us,

it's flowing through these international roaming channels.

So there's, you know, maybe some different purview,

but a lot of the main features

will still continue to function.

It all uses, it all comes back home,

eventually touches our network in some capacity.

Got it. And then how do you guys handle law enforcement requests if those come up?

We have to follow all of the regulatory compliance of any U.S. operator. That means we participate in

CLIA and legal wiretaps if given to us. So we have to comply by those. Based on how people send

our requests, we have not had problems, at least on the lawyer side, of making sure when things

like IMSI rotation, like if we're given requests against IMSIs, there's only so much we can

guarantee by definition. Things that we can't encrypt, we don't have to try to decrypt,

which means like, hey, you know, if signal data traffic comes through our network, like

we're under no obligation to decrypt it. I think the law is, and lawyers can check me

if I'm right, is like, you can't be compelled if you don't own any of the keys. So, you

know, again, we'll have to comply for lawfully provided warrants. And then I think there's

you know, other parts where we'll, we'll do what we can to, you know, inform people.

If there's no gag orders on those types of enforcements, like those are things that we

can attempt to do is like, let people know if there are wiretaps, if we're legally allowed to

do so. So we try to do the best within the legal system while still being compliant.

Yeah, I mean, you guys are still a company. I think it's one of the most

misunderstood things is like, you can just be a company and take money from people and then just

ignore all the laws and somehow still exist. Exactly. You know, we don't want to encourage

criminal activity or anything like that. But, you know, privacy and security is always a double-edged

sword. And so we have to walk that line carefully and again, follow all the legal requirements that

we need to. Yeah. And I feel like, I don't know how true this is. I don't know if you guys have

insight into this, but what you're describing, I mean, based on what I see, it seems like

law enforcement and typical cell carriers, it's a very loosey-goosey relationship. And it seems

like it's quite easy for that to happen, where even what I'm hearing from you sounds like if

cell carriers even did a little bit more of that pushback, that would still be a big win for maybe

some overall rights for individuals. Because I don't know if they always get a warrant when they

tap on these cell carriers. Because I've seen lots of stories where they didn't get a warrant. So I

have to assume there is some way that they can get that. Yeah. I don't have a lot of experience,

But if it's anything like the TV shows, it seems like they manipulate their way in.

But I think our goal is to always challenge everything, make sure everything is in order,

and then comply to those that are following the law.

Yeah, and then something I'm sure you guys have seen, and I think it definitely made my ears perk up as well.

I don't know the exact relationship, but I think some of you guys used to work at Palantir.

And I know that's a very controversial company.

And so I don't know if you want to say something about that.

Yeah.

And I'm one of those people.

I worked at Palantir for eight and a half years in the government space and as a software

engineer.

And like many of us, we came acutely aware of these types of problems while working there.

And we had access to different challenging data problems.

And it really kind of like an eye-opening experience to what was happening in the world and the types of problems that exist.

And so, you know, if there's any if there's any takeaway, you know, I think everyone's going to have their own sort of personal feelings about companies in general.

But I think my biggest takeaway from Palantir was curiosity and like commitment.

And that like I'm, you know, like for me and like for many of us, it's like understanding a problem that exists, understanding the scope can be large and understanding there's lots of ways to approach the problem.

Sometimes those are short term, sometimes they're medium term, sometimes they're long term.

And really like, I don't know, choosing that hard mode type, you know, type problem that is worth it and not letting that, you know, shy away.

And so at the very least, you know, letting people know that, you know, despite what they

may think about, you know, different companies, like those are sort of the philosophies that

us of us that came from those types of companies have brought, you know, forward to Kate.

Yeah, I think it's, there's the two ways of looking at it, because there are other privacy

projects in this space that were started from people who almost worked for the opposite.

Like the thing they're trying to protect against now.

So the two ways of looking at it is like, oh, they can't be trustworthy whatsoever.

Or the other perspective is like, oh, they saw how how the food is made.

And they're like, oh, I don't want to keep I don't want to do that anymore.

So I suppose it's everyone's feelings towards that.

For me, it kind of depends on the company.

Like when I actually get to meet the people behind it.

Like I feel like it for me, it's a little bit more telling as to like maybe the intentions

behind it.

I'm down to the last few questions, I promise here.

They have to be right here for them.

If you guys can hear the air blurs, you guys partnered with Proton.

What is what does that look like?

what does the partnership with Proton look like?

And why did that, or how did that come about?

Yeah, and so I think it's always sort of our philosophy

that there are many different pieces of the puzzle

that have to come together

to actually form a privacy picture

or a security picture, whatever you want to say.

And I think there's an acknowledgement,

at least on our part,

that not everyone has to do every single thing.

We can provide some insight

into what the cellular side's doing.

We can provide protections that are in there.

But still there's an untapped part,

like these tools aren't mutually exclusive. In fact, they're designed to be used together.

And I think a big part of what the partnership means to me is the acknowledgement of that fact,

the acknowledgement of, you know, one, it's, you know, it's kind of hard to say, like,

I'm going to put all my eggs in one basket. And it's like, I think part of it saying, hey,

you can spread your eggs out in multiple baskets. That's okay. People are doing different things.

They're going to specialize in different pieces. And I think, you know, a great way to do that is

showing up, you know, a partnership with Proton who provides, you know, a complimentary service,

you know, to what we're doing, to a community of people who are going to, I think, understand

the value of both of them. So is the partnership more of just like a publicity, like you guys are

partners? Or is there some, like, do you get like a Proton discount if you join Cape? Does it come

with a subscription, vice versa? Yeah, I don't know if the promotion is still running. But,

you know, it was when you signed up for, you know, for Cape, you'd get, you know,

And months of pro time for free.

Trying to like, you know, again, get into the community,

help people build, you know, a good set of tools at their disposal.

And, you know, select products that are complimentary.

Got it. And then who would you just overall say Cape is for?

You know, you brought up a lot of concerns today.

And we talked a lot about the technical side of things.

And I think it's natural for our audience to say,

okay, like, I get it. I get who it's for.

But if someone's just using Verizon, they don't think about this stuff.

Like, why should they even care about this?

And is Cape even for that person?

Or would you still argue there's a place for it there?

Yeah.

In my dream, Cape's for everyone.

And I think my goal has always been to sort of try to meet people where they're at.

And, you know, different people are going to have different, you know, insights into

different systems and features and functions and have different value systems.

And when it comes to privacy and security, I've always wanted to, you know, and this is

my kind of my dream going into CAPE is help raise the bar for everyone, but also give people the

opportunity to like lift it themselves in addition to that. And so my hope is that CAPE is for

everyone. And I want it to be approachable for everyone. It doesn't mean everyone will select it

and they have their other criteria, but I don't want it to be something that people are afraid to

choose because it's so complicated. But I want people who really understand, you know, the space

to really be able to get a lot of value out of it.

And so a lot of it's meeting people where they are,

understanding their use cases,

automating or doing things in an automated fashion

for people who don't understand it,

but know they have concerns about it,

but also letting those folks who want to get in hard mode,

enabling them to kind of control their own fate there as well.

Got it.

And then the last question I have for you is just,

what's the most shocking thing that you've seen anywhere

that you think would maybe blow someone's mind?

Yeah, I think people hear about these things like cell tower translation, even old forensic

files would introduce the concept.

But what's something that's just so crazy that if you told most people, they might not

even believe you?

I mean, there's definitely a few things.

I think the thing I didn't realize, you know, so like so much, I mean, basically the telecom

is like a whole private internet.

I think people like may kind of figure that out, but may not realize it.

And that like these networks all interconnect through all these private exchanges and do all these different types of things.

And not always encryption is necessary or encouraged, but all these things kind of happen in a way that's not necessarily accessible to most folks.

The data travels through all kinds of interesting paths.

And it's way more sort of complicated behind the scenes.

It's not just carrier A sending traffic over the Internet to carrier B.

They have these private fiber connections that does X, Y, and Z, and they go into this hub, which connects to these 100 other carriers that do all these things.

There are all these companies and stuff that sit in the middle that facilitate it.

It's way more, I mean, I guess the internet is complicated, but it's like a whole do-over of that.

That I kind of found baffling.

I think in my heart of hearts, I always knew that.

But how you like untangle that to connect to other people and how these intercarrier, these carriers work.

And then knowing that kind of how well the world of cellular works is sort of baffling.

You're like, maybe you open every every system and you're like, oh, it's all duct tape and bubble gum.

And you open it up, you're like, hey, this is kind of duct tape and bubble gum.

But it kind of works is like amazing that it happens.

That to me was the most surprising thing is like.

I don't know how else to put it.

It's hard to put into words, but you peek underneath.

Yeah, you peek underneath and you're like,

I cannot believe this thing functions.

And then you close it and maybe it looks like a well-oiled machine,

but it's all kind of crazy behind the scenes,

which is kind of ripe for injecting ourselves

and solving some tough problems.

Nice. Well, thank you so much, David, for your time.

I know this is a super vague industry.

It's been really hard for me to do coverage for this behind the scenes.

Like the research on it is quite limited, especially from a privacy perspective.

And so I do feel like it's a pretty limited expertise that you guys probably have right now.

And so having you on this interview and being able to ask these direct questions is very helpful for not just me, because I learned a lot from this, but also our audience, I'm sure.

So just thank you for your time.

I know I kept you much longer than we anticipated.

Yeah, no problems.

I'm glad I can provide this.

I think if there's one thing I've learned, you know, one, like I had to acquire all this

information.

I didn't come from a traditional telco background and it was hard to get this information and

sort of the transparency around it is, is one of the things like I'm very passionate

about.

And so, you know, letting people peek behind the curtain, you know, every now and then

is a, is a treat.

Awesome.

Well, thank you, David.

Thank you so much.

And there we have it.

I really hope that you all learned as much from this as I did.

There were a lot of new things that I hadn't heard before, a lot of nuance that I just feel like needed to be discussed when it came to cellular based privacy.

It's a very, very tricky thing.

And it's been hard to offer that many pieces of advice because it feels like there's not that much control.

So I'm really happy that there are teams like Cape that are coming forward and trying to do something about it.

And we are starting to see other services step up and try to offer more privacy on the cellular level.

So I really hope that this is a trend that we begin to see move in the right

direction because up until now, it's been pretty horrific.

I really want to thank Cape for their service and also taking the time to

explain all of these concepts in an interview.

And we will have an upcoming video soon that is also partnered with Cape where

we actually pretty much take all of this and make it a very consolidated,

typical guide that you would find on Techlore.

So it's very actionable advice for all of you out there.

So we'll see you in that video.

And thank you for watching this Techlore Talks interview.