This article is a contribution by Rayo of Liberty Under Attack Publications
[Secure, Private Communications] The GhostPhone, A Quick Start Guide
While the proliferation of digital technology has brought forth an information revolution previously unknown, this now-remote control is visibly fraught with mass surveillance, censorship, and even mind control; just consider the Pavlovian entrainment inherent in modern tech, as well as the hyper-control of information, to name a couple of examples…the digital sandbox of Babylon, indeed.
The main tool of enslavement in this realm is the mobile phone – tyrants of the past would be amazed that most every “citizen” voluntarily carries around a tracker and a bug in their pocket at all times, allowing all of their private information to be siphoned off to governments and their creepy corporate coercer cohorts, at a profit, and definitely not to the benefit of individual autonomy. This was the case before 2020, and now, the danger is even more apparent.
Further, even those who are taking steps to lock down their privacy may be falling short: taking the encrypted communications app like Signal as an example, the best encryption in the world is irrelevant if your spy-device can screenshot your messages before they’re sent.
Thankfully, a practical, affordable, and user-friendly solution is here…
INTRODUCING: THE GHOSTPHONE
Seeing this drastic need for secure infrastructure and communications, our friend, Jamin Biconik, has made it a focus in his Second Realm work for years. He began with hardware hacking old Lenovo ThinkPads and installing open source, Linux operating systems, and is now onto the realm of smartphones.
His first build on offer is a DeGoogled Pixel 3A with CalyxOS. Why not Graphene or Lineage, you may ask? The main reason he offered was that CalyxOS comes stock with some really incredible privacy tools, whereas the others basically come as a blank slate, requiring work and a higher barrier-to-entry for most.
And further, once an individual adds the apps they want and need, the attack surface is probably similar anyway. So, he opted for user-friendliness, which I support and can attest to – after a couple months of use, it’s worked splendidly, without any issues.
The following is a quick start guide, a handful or so things I have learned that may be of value.
[The GhostPhone: A Quick Start Guide]
1) Setup & activate the “Always on VPN” feature.
One thing that struck me immediately was how easy it was to route all data/traffic through privacy-enhancing features like an “Always On VPN” and Tor (#2 below). This is in stark contrast to the warning message that my old SpyPhone would reveal, something along the lines of, “Using a VPN could draw the attention of your network provider.”
The GhostPhone comes stock with both RiseVPN and CalyxVPN, two reputable non-profit projects. But for those like me who won’t settle for anything less than two-hops, I have found ProtonVPN to be extremely solid – easy to setup & use, great operational security, and they accept bitcoin. Just take their explanation of their “Secure Core” servers as an example:
“Secure Core allows us to defend against this threat to VPN privacy by passing user traffic through multiple servers. When you connect to a server in a high-risk jurisdiction like the US, your traffic will first go through our Secure Core servers. Therefore, even if an attacker monitors our servers in the US, they would only be able to follow the traffic back to the edge of our Secure Core network, thus making it far more difficult to discover the true IP address and location of ProtonVPN users.”
“We have also gone to extraordinary lengths to defend our Secure Core servers. First, servers are located in countries selected specifically for their strong privacy laws (Iceland, Switzerland, and Sweden). We also placed our Secure Core servers in high-security data centers to ensure strong physical security. ProtonVPN infrastructure in Switzerland and Sweden is housed in underground data centers, while our Iceland servers are on a former military base. Furthermore, Secure Core servers are wholly owned and provisioned by us (shipped on-site directly from our offices).”
Never trust, always verify, but reading documentation like this made the decision of choosing ProtonVPN easy.
2) Find Orbot app and set all traffic to be routed through Tor.
As mentioned in #1, all data/traffic can additionally be routed through the Tor network. I have this running by default, but admittedly, this is the one layer of security I have turned off a few times when the networks I was connected to were slow without being routed across oceans and back again.
Nonetheless, it’s so seamless and easy to setup, it’s a no-brainer…and if you have a GhostPhone of your own, you likely already know the benefits of redundancy.
3) Setup anonymous phone number via Silent.Link, paid in bitcoin.
It was only a matter of time before the advent of anonymous phone numbers, paid in bitcoin or via the lightning network.
Last I checked, they had two different possible offers: 1) mobile data only ($9 for 2GB), or 2) a full US/UK identity (phone number), with data & incoming voice/text, for ~$60 USD worth of bitcoin. It took less than 5 minutes to pay and get it setup, merely having to scan a QR code for an eSim card. Extremely impressive!
4) Whether downloading applications from F-Droid or the Aurora app store, check potential privacy concerns.
Privacy being a critically important feature of CalyxOS and The GhostPhone, I also found the “potential privacy concerns” sections in the F-Droid and Aurora app stores extremely valuable. They may point out Google dependencies/trackers (which can be fulfilled anonymously by MicroG), IP/location trackers, etc.
When you’re going to download an app, always click on that respective section to be safe.
5) The WhitePhone & The BlackPhone
The first GhostPhone I got was loaded with a brand new, unassociated number from Silent.Link, and one in which I setup a different identity of sort: what I’m calling “The BlackPhone.” That said, I still had this old SpyPhone number associated with Telegram and Signal that I was not ready to forego yet – this led to a new potentiality.
If I’m going to have to have this number associated with my “given name”/identity, then it may as well be on the most secure device possible – hence, “The WhitePhone.”
Thankfully, since these phones are less than a few hundred USD a piece, such a setup is possible, and plus, I’ve found that I really only need to fire up The BlackPhone a couple/few times a week. Overall, I’m extremely happy with how this digital Second Realm setup is coming together…and this isn’t even taking into account the FreedomBoxes/P.A.Z.NIA Lbry’s that are incoming, that will put another security layer between you and your ISP!
6) Enjoy more privacy and security in the digital Second Realm!
I could go on, but since this is a “Quick Start Guide,” I’ll leave it there for now. Of course, these principles could be transferred over to your own “hacked” device with Graphene, Lineage, or whatever other OS suits you.
After taking these quite easy steps, your security culture in the digital realm will increase drastically…but of course, always keep in mind your browsing behavior and the prevalence & extent of the surveillance state today.
Don’t get complacent, but at the same time, take note of this big win. For as Smuggler and XYZ put it in Second Realm: Book on Strategy:
We protect our secrets, we value them. Protecting our privacy becomes second nature to us, liberating us from the prying eyes of our enemies. But our privacy is also a key symbol for the autonomy we live. We are taking back what a totalitarian outer world wants to steal from us. What fences are to atoms, data privacy technology is to bits and bytes. We claim that both are owned by us alone: This is our place.
See you in the digital Second Realm!