# The World's First Private Cell Service | Interview with Cape.co ## Метаданные - **Канал:** The Hated One - **YouTube:** https://www.youtube.com/watch?v=ZsHZSbNu3CE - **Дата:** 31.03.2026 - **Длительность:** 1:01:12 - **Просмотры:** 18,924 ## Описание I don't use a SIM, but if I did, would it be from Cape? Find out in this interview and support me: https://www.patreon.com/thehatedone This episode was published ad-free and early access here: https://www.patreon.com/posts/151473011 This is my interview with Ruddy Wang from Cape.co. Cape is a private cell service carrier, one of the first of its kind in the world. It offers some of the strongest privacy features I have found anywhere. Cape can rotate your IMSI numbers to protect your identity, it offers secondary phone numbers to manage multiple profiles, and it fully supports GrapheneOS! But what is Cape's business model and can it really fulfill its privacy promises? Find out more in this interview. More about Cape and its features: https://www.cape.co/our-features Follow me: https://twitter.com/The_HatedOne_ https://www.reddit.com/r/thehatedone/ The footage and images featured in the video were for critical analysis, commentary and parody, which are protected under the Fair Use laws of the United States Copyright act of 1976. ## Содержание ### [0:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE) Segment 1 (00:00 - 05:00) Privacy has never been under greater attack than today, but privacy has never seen better tools for defense than today. The big tech and the government are working hand-in-hand to surveil our every movement every minute of our lives. But we also have open-source tech. We have GrapheneOS, encrypted messaging, and increasingly anonymous identities. I've given you all of these tools in my tutorials, essays, and interviews. And today, I'll give you another such tool, an anonymous mobile phone carrier with advanced privacy features and direct support for GrapheneOS. This is Cape, and what follows is an interview with a core member of Cape's team, Rudy Wang. And I know what you're thinking, another privacy business? How can we trust it? Well, that's why I made sure to ask all the tough questions I needed, including what's Cape's business model, how it is funded, and most importantly, how it actually guarantees its privacy promises, not just by nice words and policies, but through hard-coded tech. If you want serious privacy, you don't want to skip this interview. You can watch this ad-free and with early access on patreon. com/thehatedone. It's my main channel now. Hello Rudy, thank you very much for coming on to talk with my audience and with me, and I really appreciate that you found the time for my very tough questions that I've prepared for you, and I hope that we'll have a chance to go through most of them. So, before we get to any of those tough questions, maybe tell me about yourself, and then Cape, this company that I've heard of recently, and you have some big privacy promises there. So, let's get the intro out of the way. Who are you? And so, yeah, go ahead. — Yeah, great. So, thanks for having me on the show, super excited to talk to you. Your audience is very privacy aware and privacy conscious, and so that fits us really well. Um, in terms of my background, I've been at Cape the past 2 years, so I was here um, so I lead up the consumer business. I was here prior to there even being a consumer product to offer, and helped take that product to launch. Um, we launched beta, you know, uh, last year, and we just came out of beta about a few weeks ago. Prior to that, I was at a number of other um, tech companies and tech startups. Uh, and I also, in a whole prior career, spent 10 years as a United States diplomat in the US Foreign Service. Um, and so, I have kind of that range of background, and been in lived in many different places, but now based here in our um, Washington D. C. office. Mhm. [snorts] So, I've seen that there are uh, some other folks uh, from Cape that are somehow involved with the uh, service, uh, US military, uh, some questionable, I would say, corporate choices with Palantir and stuff like that. So, we can get into that, but I would mostly focus with my questions on Cape specifically. So, Cape is, I would say, a kind of like a new thing here, and what this is really about is a promise that you can use a phone number and be private. For me, that is unheard of. So, I use GrapheneOS as a Wi-Fi-only device, because I have realized that it is no matter what I do, it is virtually impossible to have any level of privacy with the way that all the cellular networks have been built. And now you're coming in and saying that no no, you can actually have some privacy. So, what is it that you're doing, and what is actually that you're promising here? Yeah, that's right. So, um, the status quo is that if you're going to be connected via your cell phone to cellular networks, you're going to be exposed to vulnerabilities. And you are buying into a business model where part of that business model involves selling your personal data. And so, all the major cellular carriers um, in the US and probably all over the world do it. Uh, part of what they do to monetize their subscribers is to sell data, to share data. Um, that's pretty well documented. You opt into it in your terms and conditions. It's in the privacy policies. And so, first of all, that's not a part of our business model. Um, and so, we're trying to do create a telecom carrier that is not based off of um, monetizing user data, and doesn't have the incentives to collect and retain user data for so long and so much of it. And then, secondly, we are rebuilding um, telecom software infrastructure from the ground up with privacy and security as a first design principle. And so, that makes us a lot more private and secure. Um, in the world of privacy and security, there's no bulletproof uh, solution, and you know, Cape will not promise um, that we will cover every single threat vector, but we're making a significant huge improvement in terms of what's the status quo today. The status quo today is that if you sign up for a cell phone plan, effectively, you've um, agreed to compromise your privacy and security in exchange for the ### [5:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=300s) Segment 2 (05:00 - 10:00) convenience of being connected to the internet. Mhm. So, you are a telecommunication company. Correct. Yeah, so we are a mobile uh, a mobile phone carrier. So, just like AT& T, Verizon, uh, T-Mobile, all those uh, standard mobile carriers that you're familiar with, um, or at least our US audience is familiar with, we offer the same thing. We offer cell phone plans. So, you sign up for us with a monthly subscription. We're not an add-on, we're not an app, we're a cell phone real, or is this some kind of an extension of well, this is rented off of T-Mobile, or Verizon? Yeah, so — So, we're called we are an MVNO, that's a mobile mobile virtual network operator. That means that we will rent or lease space off of cell phone towers, physical cell phone towers that are already built out across the nation, but very differently from a lot of other uh, MVNOs or uh, telecom carriers, we have our own software mobile core. So, um, and that's very different. So, no one else has that. tried building their own mobile core that has the security and privacy uh, foundation that we have. This is deep software infrastructure that essentially, for example, um, decides where your calls and your SMS get routed. And that's um, that's one of the attack surfaces, so we can um, so we can provide protections against a malicious attacker trying to reroute your calls, your SMS, your metadata, like your location, to uh, a malicious attacker. And you can't do that um, simply by uh, simply by um, coming up with a new telecom carrier and rebranding the old infrastructure of other carriers. So, while we rely on the physical infrastructure of major carriers, we have our own SIM cards, we have our own um, what's called an IMS core and a what's called a data packet core. Those are things that make critical decisions in terms of where your data gets routed, how you get authenticated, what data gets collected, what gets shared, and things like that. Okay, so that's uh, that's a big thing. So, you're the only company that has its own mobile core. And why does it even matter? Why should that matter to an average customer? Yeah, it matters to the average customer because um, that's how we're able to provide differentiated privacy and security features. So, I can give two examples. Um, one example is our network lock feature. So, what it does is it protects against signaling attacks. So, if you have heard of SS7 or signaling attacks, um, you can Google it. It was um, it was a it's an attack that just last year, a top US cybersecurity official said is still extremely common. You can find YouTube videos about like showing the attack in action, where a phone call gets routed to an attacker. And the way the attack basically works is that a um, a compromised telecom basically sends a message, let's say, to your phone. You're the target, you're the victim. Um, and says, "Hey, you're roaming with us right now. Please route me all of your location data, your SMS, your voice calls. " So, we have a proprietary uh, what what's called a signaling firewall um, that will allow us to uh, check to see if that uh, if the telecom provider that's saying that that's claiming that you're roaming with them is um, suspicious or potentially malicious. And if it is, we can actually block that attack. If you don't have the a mobile core, you would not be able to implement that kind of um, that kind of defense for that kind of attack. So, that's one example. The other example is we uh, produce our own SIM cards. So, the SIM is really important because the SIM is basically a piece of um, almost like a piece of software on your phone that decides what your phone looks like to nearby cell phone towers. So, that SIM can um, tell the most nearby cell phone tower what your IMSI number is. An IMSI number is a subscriber ID number that um, you will have the same IMSI number uh, until you change your SIM card. So, normally, for any typical person, that's going to be years and years. So, it's a static identifier that never changes. Because we um, have control over the SIMs, and we've invested in that technology, we're actually able to rotate or change the IMSI number every single day. So, that means if someone is trying to track you through your IMSI number, um, it's going to be very hard for them to track you because your number is going to be changing every single day. And those are things that you just can't do uh, you can't do if you're um, just starting up a new uh, cell phone company with like new branding. I think you've probably seen like there's a lot of celebrities that are coming up with new cell phone companies. Um I think Mr. ### [10:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=600s) Segment 3 (10:00 - 15:00) Beast announced that he's going to have a new cell phone company. Like Kroger's the grocery chain has new cell phone company. It's actually very easy to come up with new cell phone companies, but what all of these companies don't have is they don't have the core infrastructure that decides these key things like how your calls and SMS are routed, what your phone appears and looks like on the network, and those are all key things that would affect your privacy. That's very interesting when talking about the IMSIs because they're one of the key identifiers whenever you have any case where you want to see who is behind that phone or even who is behind an account, and then you can trace all kinds of things like location and history of where every everywhere that person ever went. And also other kinds of texts and messages that have been sent, calls, you get the social graph. So it's a number that actually reveals a lot about people because it's not just some static identifier. This is a very dynamic piece of information. There are plenty of details that people can find online. I've talked about this a lot, and that is the primary reason why don't use the same card. You're saying that somehow your thing is different. I know that I can change my IMSI number. The easiest way to do this is to change a SIM card. Get any eSIM or a physical SIM card. But then I have other problems with that because, you know, like it's not so convenient. I have to go to the store, pay for that thing in cash or in crypto. So it's very difficult. So for me, I opted to not have any SIM whatsoever. I'm Wi-Fi only. But I understand that people have jobs, people have other things that I need the SIM for. And maybe that's where you might come in. So let's talk about those features. You mentioned this identifier rotation. I call it IMSI rotation because that's really what it is what it boils down to. So you're changing the IMSI number on daily basis or on demand seven times a week, and I have something that I would wanted to want you to explain here. So we have this IMSI that is tied to the SIM card, but also phones themselves as a device like a Pixel or an iPhone, they also have identifiers. And there is an identifier called an IMEI which is communicating some of this information with the IMSI to the telecom company or the tower wherever your phone is connecting to. So how are you navigating this particular problem here where yes, you can change the IMSIs, and I've seen some software that could do this. Uh but the IMEI is persistent, and it's also broadcast to the world. Yeah, that's a good question. Um So again, our identifier rotation, you're right, it's actually IMSI rotation. We call it identifier rotation just to make it easier to understand, but for the consumer product only rotates the IMSIs, and your IMEI or device ID still stays static. And the analogy I'll use for this is that imagine the IMSI is like a license plate number, and the IMEI is like a VIN number. So they're both identifiers for a particular vehicle, but they may be used in different contexts. The IMSI is like the license plate number because it's the one that's probably the most visible. It's the most easy to use. A telecom carrier typically, if they're going to be looking up a subscriber and trying to, you know, troubleshoot their issues or trying to track them and profile them across a series of data sets, they're going to use the IMSI number. That's the first number that they're going to use. And so IMSI rotation is an effective mitigation against that. The second thing is there's a few other things that IMSI rotation is effective with even with without the IMEI rotation. Another one is signaling attacks. So I'd mentioned before we have a feature called network lock, which is based off of a signaling of signaling firewall wall that blocks signaling attacks when it's detects a suspicious request or requesting somebody's location or requesting somebody's call and things like that. The thing about signaling attacks is that they actually always begin with harvesting of IMSIs. And oftentimes the uh time difference or time gap between harvesting the IMSI and actually using it is several years long. And so imagine if you're changing your IMSI every single day and somebody wants to do a signaling attack against you, and they've har- harvested your IMSI, you know, years ago, and now they're doing the signaling attack, they're going to be um they're going to be targeting actually the wrong target because it by that point your IMSI will already have changed. So that's a that's another type of situation that IMSI rotation mitigates against. And then the third type is what's called IMSI catchers. So um you might have also heard them called stingrays. And again, you can if you Google them on YouTube, there'll be videos of $50 for how to set up an IMSI catcher or stingray. And what ### [15:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=900s) Segment 4 (15:00 - 20:00) they effectively are is they are fake cell phone towers that are pretending to be real cell phone towers, and they will then be able to pull information um off of your phone. For those types of so attacks using IMSI catchers, even ones that can get the IMEI, they get the IMEI by first requesting the IMSI. And so changing the IMSI every day is also a good mitigation against that kind of attack. Now, where would you what where is IMSI rotation not a good mitigation where it's effective to have the IMEI change as well? If you're pursued by a nation-state actor that's that has complete visibility and control of or compromise into your telecom carrier, that's a case in which the device ID will be consistent identifier. And that's why for us our philosophy here at Cape is very much about defense-in-depth. And so there's no single silver bullet to make everything private and secure. Um if you come across products that say, you know, this allows you to have completely, you know, end-to-end encrypted calls that you can call your doctor and your school with, that's obviously going to be false. What we're able to do is we're able to make significant improvements on the status quo. And by layering on different things like the example that I gave on signaling protection, we are both rotating your IMSI every day, and then we're checking with our firewall whether we're getting a suspicious request. And those things layered on top of each other is what incrementally makes improvements off of what you would have today. I have to say I appreciate you specifically pointing out that there are limitations to whatever your security model is. And that limitation is you cannot defend against a nation-state sponsored adversary. This is something that most projects or all projects that do anything as sensitive as you do should clearly state to customers, and it should be up front on the front page of your website or wherever because people need to be aware so that, you know, uh cases where you have an activist and there is some kind of a subpoena or warrant for their data, and then we have speculations as to whatever you were forced to provide or not. I would say that it's best to avoid if you just clearly lay out that yes, you can do certain things to a certain amount, and then at certain point all of that breaks down because the adversary is just so powerful. So speaking of that, can you specifically name some threats or threat actors that my audience could uh be worried about, and they would want to use Cape to protect against? Yeah. Can I defend against my mom? Tim Cook or I don't know, some maybe not, you know, this advanced intelligence agency like the NSA, but what about the stingrays that local police departments use and hackers use? So let's go through all of that. Yeah, I'll I'll start with the nation-state actors again because nation-state actors can use a variety of different capabilities. So SS7 or signaling attacks, that is widely used by nation-state actors. There's reports, if you Google like Lighthouse reports, I think they had a very good report recently where they showed a number of journalists were targeted by signaling attacks in countries throughout the world. And there were thousands and thousands of these signaling attacks affecting not only journalists, but like wealthy people. I think, you know, the spouse of the ex-spouse of Jeff Bezos, for example, was one of the people targeted. And so there's a variety of attacks that any certain actor can carry out. So there's a signaling attack. Um they can obviously also compromise your your device directly with zero clicks with zero click attacks. Those are device-based attacks. Cape does not address directly address those things. We address network-based attacks. And so signaling attacks is an example. Um In regards to nation-state actors, you know, if you are in the US, we're under US jurisdiction. There can be law enforcement requests. We are compliant with US wiretap law. Though we have we can only give what we collect, and we collect a lot less data on that area. In terms of other threat actors, you talked about law enforcement and their use of IMSI catchers. So IMSI rotation is an extremely effective mitigation against that because of the fact that you're changing the IMSI every single day, and so it's difficult to the same person over time. In addition to that, um another thing that law enforcement might do that uh may oftentimes seem like uh ### [20:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=1200s) Segment 5 (20:00 - 25:00) an overly broad kind of request is they'll do things like tower dumps, which is where they get a subpoena to locate, let's say, all the cell phones near a protest that has recently happened. And so, um and so they could see everybody that was there at the protest or at a specific event, and they'd be able to collect all the cell phones uh that pinged off of that uh that particular tower. One thing that we do is that we reduce call metadata retention as much as we possibly can. So, if you take something like your location, for example, your location is normally kept for years and years by the telecom carriers. In fact, um AT& T, Verizon, T-Mobile, they were fined last year $200 million for selling location data and selling it in a much more um sort of careless way than they should have. What we do is we delete uh our internal call logs after just 24 hours. So, that is unprecedented in the industry, and it means that um we have a lot less information that we're able to give. Again again, we're always going to um do our best to comply, but we just carry a lot less information about our subscribers. We don't have their names, social security numbers. There is met- metadata that's produced when you use cell phone service, but we keep that metadata for as short a time as possible. Mhm. Uh so, that's Yeah, go ahead. go ahead. Um yeah, so when you're ro- rotating these IMSI numbers and then uh this is not just a case for law enforcement, but also for the telecom companies. That's correct. — They can still somehow connect that to the IMEI, now. Even if they see that they are rotating those numbers uh daily, they can just then go ahead and ask for the IMEI, and then they would have more identifiable information on an account? Yeah, so cell phone companies uh so, for example, if you're using a cell phone tower, the IMEI is shared in certain instances. For example, in the additional in the initial attach, and so uh you could link up the IMSI with the IMEI. But once again, um it depends on your threat model. If your threat model is you're afraid of being, you know, tracked and profiled uh just like a regular commercial subscriber by your cell phone company, they're much more likely to be using the IMSI than the IMEI. Um but if there was but you know, if they really wanted to, there are instances in which um they'd be able to see the IMEI and then correlate that with an IMSI. Mhm. And does it matter if I use 4G or 5G LTE only? Um in that case, it doesn't matter. They will they would still be able to um get those identifiers as a result of your device connecting to a cell phone tower. So, when your device connects to a cell phone tower, it will it and then it has to be on an authenticated cell phone tower. And so, that means it'll give its IMSI first. Um in 4G, it's given once in the clear, um and in 5G, um it's completely encrypted, but for all intents and purposes, you know, all the US and many countries around the world is still mostly um supporting 4G. So, the IMSI will go once in the clear, and once the user is authenticated, it will hand over the IMEI as well. Okay, so the telecom company is still the ultimate Big Brother. Yeah, they can still see some of the information. Um there's there will be certain types of information that they wouldn't be able to see. Um so, for example, if there's we have other features that's what we called um basically last mile encrypted texting, and also we have secondary numbers. So, these numbers um these numbers would route through our system and is uh available in the Keep app. And we basically encrypt it between our servers and your phone. And it would only be de- decrypted within the app. And so, that means even if, let's say, you're pinging off like a you know, a uh I'm just going to make up an example like a Verizon cell phone tower, um even if that cell phone tower was compromised, uh they wouldn't be able to read the contents of your text message, um and they wouldn't be able to see additional information, for example, who was the other party for that text message. Okay, so if I try to look at it from the perspective of that adversaries, so from uh our privacy perspective or community, it is also the telecom company. Yeah. Uh when they see these IMSI numbers that are random every single day, then you what you're suggesting is that they would have to now go out of the way to somehow target you and figure out that rotating IMSI number belongs to the same IMEI, and only then would they be ### [25:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=1500s) Segment 6 (25:00 - 30:00) actually exercising that level of Big Brother surveillance. But they're but you but they're not doing this on an automated basis. Yeah, correct. They'd have to — Uh-huh. put in a lot more effort in it into it. And so, essentially, we're applying friction into a process that is pretty automated right now. Right now, it's totally automated to be profiling you across many, many different uh service areas. In the United States, a lot of people actually get their cell phone service from the same um provider as their home internet. So, you know, you can link up identifiers and link to a single identity uh activity that goes across all these different areas. Um Verizon, for example, has a bunch of IoT devices, connected car devices, and so you can kind of link all this together. And so, uh for most people, it's going to be effective mitigation uh against that. Um but there is exposure of the IMEI. The other um in terms of other types of threat actors that you can think of, um there's also the threat actors of just hackers that are trying to hack you or spam you, um trying to steal your money, get your bank OTP code code. Um one example this happened uh this is an attack that happened in um Korea just I think it was just revealed last year, where uh using femtocells. So, so femtocells are basically cellular base stations, and they're different from IMSI catchers in that they're actually real cellular base stations. So, they're authenticated into the actual network. Um the hackers managed to uh compromise a bunch of these and then drive around the city collecting people's OTPs for a financial app, and they were able to steal a whole bunch of money um with that. And so, the crazy thing is that um uh your audience will probably know this, but uh SMS is not encrypted, and it's not particularly secure, and yet tons of platforms still require you to leave a phone number as one of your authentication factors. And so, the fact that uh this is still the case is pretty amazing, and that's why we built um last mile encrypted texting, and that's what encrypts that um the contents of the message from the servers to the uh to your actual device. So, even if it goes through this base station that is compromised by hackers, they can't get your bank OTP codes. And so, that's another threat uh threat actor of just hackers and scammers that are trying to um you know, get into your bank accounts or get into your social media accounts or crypto accounts, etc. I see. The value of the IMSI rotation and other features uh coming out of Keep is it is making mass surveillance more economically infeasible, while targeted surveillance, and especially by advanced persistent threats, that is going to be a lot more difficult to defend in. Yes, that's where you probably don't even want to use anything that's close to cellular. Yeah. I would say that makes sense. That kind of like helps to place where we would want to use Keep. So, uh in fact, that is where I think most people would greatly benefit from this. Even when it comes to people wh- that are in these high-level positions like even uh state senators or federal uh politicians of any uh level, I would say. Maybe if you're in a company or in a startup that has some deals with the Pentagon or anything like that is sensitive. But th- this is very, very good for this level of protection against your telecom company knowing where you go, who you meet with, who you talk to, how long, uh what stores you frequent, how often you go to visit your grandmother or anything like that. All these things are there. And you mentioned that these telecom companies are actually big. They're even conglomerates, and they are media companies, too. They own internet uh edge providers, they own uh what was this latest merger? Verizon with Yahoo or something like that? Right. Um and yeah, and all of these things. So, they can actually correlate your browser history with all of that information. So, yeah, this is where I could see something like Keep doing a uh of heavy lifting there for the end user. So, let's test this. And I want to know honestly, what is that you have on Keep users? So, I've noticed that you're saying that uh Keep never collects or stores your precise location. And I know this language, we've seen this in privacy policies. I know what precise location means. It means that you may be collecting approximate location. Right. What are those parameters, and um how long do you store that information for? And obviously, you would probably be able to give that information to others. So, let's talk about this. Correct. Absolutely. Yeah, so in order for your cell phone service to work, we do have to collect some amount of location information. And that's basically at the cell ID level. So, cell ID, to give you the sense of a granularity of a cell ID, it's typically going to be a ### [30:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=1800s) Segment 7 (30:00 - 35:00) couple miles long. I'm here right now talking to you located in Rosslyn, so across the Potomac River from Washington D. C. Um if you drew a set, you know, cell ID around me, and you can go to public websites like cell ID mapper to see the granularity, it's you're going to see it's a couple miles wide. It stretches between the border of Virginia and DC. Probably hits a little bit of the airport as well. And then if you go to a rural area, cell IDs are actually wider. So, they're going to be a couple miles larger. A typical cell phone carrier, again, AT& T, Verizon, T-Mobile, they're going to have much more granular data. And so, they're going to have information, for example, they're going to be able to query the angle at which your signal arrived at the cell phone tower. They're going to be able to estimate timing differences and do triangulation and get you down to a much more granular and precise level of location within the error range of meters. So, that's going to be very different. We don't even have that capability. So, we don't have a location service or and a location service that is even able to query cell phone towers to ask for that information. Again, we have built our rebuilt, basically, the entire telecom software stack from scratch with privacy as a first design principle. And we don't need it. It's not necessary to provide connectivity. And so, that's the level granularity that we have. And then the other is just going back to what I mentioned before, which is that typically this location data is kept for years and years. And when you normally sign up for cell phone service, your privacy policy does not tell you how many years uh your cell phone provider keeps it for. What they'll say is we will keep this information for as long as necessary to fulfill the purposes of this policy, which basically tells you nothing. It means nothing. Um the FTC a couple years ago sent a letter to several cell phone companies asking them to disclose how long they keep your location information. And I think it was as long as for some companies 5 years at the time. And we don't know how it's changed since that time. And so, the fact that we keep ours that we delete location data starting as early as at 24 hours, that's like that's a big change. That is definitely very big, but it is a promise that we have to somehow trust. So, let's say the police comes and they ask you nicely. It's called a lawful intercept. So, what information will they be able to get out of you? Yeah, so for example, we would be able to give them call logs up to 24 hours later. So, those call logs will have the identifiers that we identified, the MZ, the IMEI, the location, who you called or, you know, who texted you. So, all that information would be available. We wouldn't have your personal identifying information like email, name, etc. since we don't um since we don't collect that in the first place. And so, we'll respond to any lawful request. Uh but that being said, we because we stand for privacy and it's a core value of ours, uh we believe that there are legitimate reasons for law enforcement to be requesting this information. We also don't want to be supporting bulk and dragnet surveillance. And so, for that reason, we do have a policy that will push back on any request that we think is too broad. So, for example, you know, if somebody says, "Give me, you know, all your subscriber information for the past 2 days. " Obviously, we're going to push back on that saying it's too broad. And whenever possible, we will also inform subscribers. Um and it's for this reason that uh Senator Wyden wrote a letter to all his Senate colleagues. This was after it was disclosed that the federal government had subpoenaed a bunch of senators' cell phone records without notifying them. So, Senator Wyden wrote a letter to all of his colleagues, and Keep was mentioned in the letter um because we were one of the few cell phone providers that does have a policy of notifying you if you're the subject of a law enforcement request. That's very interesting. That almost never happens. And usually there are also gag orders that tell companies that you're not allowed to say that. So, let's say they come and they say, "Now you have to actually KYC these people. " Mhm. Can you reasonably fight against that? Or what should you be uh what do you what would you do and what should you do in that situation? Um we would definitely fight it. With the way that we see you know, US law I think is is very clear. Um in order to provide cell phone service, you need to make sure that your platform is not being leveraged for scams and for mass spamming. But beyond that, you're not required to collect name or any other personal identifying information about people. Um and we are compliant with that. And ### [35:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=2100s) Segment 8 (35:00 - 40:00) so, we would definitely fight something like that because we are fully in compliance with US KYC laws as is. So, right now if anyone wants to sign up for a Keep service, they don't have to provide anything. Yeah, yeah. Yeah, you can you can try it right now. You don't have to provide any ID. In fact, like it's in fact very fast. Like if you try it right now, it would take you a couple minutes because because you don't have to provide all this information. Again, the reason that traditional cell phone carriers collect all that information is that they don't actually need that information because it's a legally required KYC requirement or because um they have to collect that information in order to provide you cell phone service. The reason that they're collecting things like social security number, etc. is that they're doing a credit check on you so that they can offer you post-paid bundles and other commercial plans and bundles. And they're also, obviously, able to use that information to connect your activity across many different platforms and then profile you and give you, you know, new marketing offers and make sure that information is being shared to advertising platforms. None of that information is actually necessary to be collected in terms of regulatory compliance nor in terms of technical need for any of that in order to provide cell phone service. Well, now we see more and more talks about expanding the KYC requirements for all services, not just for financial services, but now we are seeing talks about identifying VPNs, virtual private networks, as circumvention tools for things like UK's online safety acts or safety act or bills that are proposed in the states that are trying to limit access to social media or access to adult contents to children. And then they want to leverage that responsibility and put it up upon the shoulders of the actual service providers. So, they want to mandate that service providers themselves are KYCing their own users. So, what they would probably now say, as an extension of that argument, if they catch up to it, and they I mean the regulators, lawmakers, they could say, "Well, Keep is a circumvention tool because we have Verizon and AT& T and T-Mobile, and they all comply with whatever we want to tell them to do, but Keep does not want to do that. Keep wants to not want have the freedom to not KYC their customers, and now we see that our users in our state or our constituents in our state are using this service to bypass the law. Um this is not an argument yet, but these laws are already happening across the country and pretty much everywhere around the world. So, speaking of the situation in the United States, um let's say a law passes, right, in a state. Would customers in that state still be able to access Keep? Or how would Keep respond to those regulatory changes? Yeah, first of all, we'll always comply with law. Um in the case of, you know, if it was one state that was passing this law, because of the way that we're structured right now, we would probably have to stop serving that state in the interim while we figured out how we would comply with KYC requirements. Um that being said, I think that these movements are they're trying to address real problems, and real problems that have come with the adoption of technology and the that of people being more connected. Um but I think it's the wrong approach because it's wearing away at our privacy rights. And those are one of the things that, you know, privacy is a fundamental human value that enables us to enjoy a lot of other rights and social goods that we have. And one of the things that has happened with the adoption of technology is, you know, there's been more threats to kids. There's online threats to kids. And so, I think some of this legislation is trying to address those problems. But the other problem that's come up with the adoption of technology of connectivity is the fact that our privacy rights have been eroded away all this time. And we never made any conscious decision to do that. So, you know, we wanted to be able to like check TikTok on the way to work. Um but we never realized that as a result of this bargain, we were giving away our privacy rights. Right now, we are using cell phone companies and essentially broadcasting our location, all of our online behavior, our habits, our entire social graph, everybody who is a close relationship to us, to these providers, these providers don't protect it well, it's constantly breached, or that information is being sold. And so, that is also a major problem that has come off come as a result of the adoption of technology and specifically connectivity technology. And so, that's really moving ### [40:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=2400s) Segment 9 (40:00 - 45:00) in the wrong direction. We should be as a society thinking about laws and thinking about regulations that do address these new problems, but one of those problems is this sort of trade-off in privacy that we've given just out of convenience, but not out of conscious decision. And I think if everybody steps back and takes a look at where we've gone in these past 20 years where these huge platforms, you know, Google, Meta, but also the telecom companies that have a tremendous bird's-eye view of everything that you do, your entire life pattern. I think a lot of people would also be supportive of keeping and preserving technologies that and advocating for technologies that are going to protect your privacy rather than take it away. A lot of that surveillance that you are talking about here is happening not because of the government wanting to surveil us, but also because it's a profitable business model. And wherever there is profit, you know, we see that a companies time and time again choose to go against whatever is best for the customer and the end user. And I want to talk about Cape's business model. You are a for-profit company. You have taken on some venture capitalist funding. So, I want to see how do you think your business model is compatible with the long-term sustainability of your privacy promise? Yeah, so our business model is completely based off of being able to protect our subscribers privacy. So, differently from other companies, the ours customers are not the are not the product. And so, we're not monetizing them in any way. In order for our customers to stay with us, we have to be able to provide differentiated privacy and security, and we have to be able to stand by that promise. And then so, that's the that's our entire premise. And and, you know, what we offer as a service, as a brand, you know, we're completely 100% committed to that. And so, the way that we do it is that you know, we sell regular cell phone plans. They're $99 a month. And so, all the taxes and fees are up front. We make an explicit choice to include those because we want to make it clear that there's no hidden costs to using our service the way that there are hidden costs when you use, for example, social media, which is free. There are hidden costs when you get a cell phone plan because again, they're monetizing your data. And so, we're very upfront about it. The way that we make money is by protecting privacy and security. That's what makes us sustainable. The moment that we're not able to do that anymore, then our business model falls apart. And can you talk about your VC funding then? How are you promising your investors that you will deliver to them? Yeah, so our VC funding, so we're funded by a number of investors. Our last round was led by A Star. We have a number of other investors, XYZ Ventures, Costanoa, and and a number of others. We're venture backed because it takes it takes a lot of investment to be able to build to rebuild a cell phone carrier from scratch. We're very research and development heavy. Within Cape right now, I would say about 70% of our employees are product design engineers, solutions architects. So, we're a highly technical company. And it takes a lot of R& D to build up all of these proprietary features. And and to be able to offer you know, such a level of differentiation in terms of privacy and security. So, that's why we have the VC funding and the VC backing. And in terms of the future of making this sustainable is that we want and expect that private cell phone service today is something that not many people may have heard of. Maybe your listeners have heard of it, have been asking you to talk to us, but beyond this niche group, it's it's still not something that's well known. A lot of people don't even know about a lot of the vulnerabilities of cell phone network. I think it's our job to be able to educate that public. And I think one of the reasons that people don't know much about it is because there hasn't been a solution. Um solution to this problem before. A lot of people are used to getting apps like downloading a VPN and thinking that they can solve the problem. And there are effective there are effective solutions out there, but there's no app that's going to protect you at the cellular network level. And I think that once people understands that, this becomes a much more mainstream kind of product. And so, that's our plan. Um you know, up till now, obviously, people like journalists and activists, they're going to be aware and some of the early adopters because they've been subject to they're often subject to and vulnerable to attacks on their on their cell phones and cellular network level ### [45:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=2700s) Segment 10 (45:00 - 50:00) tracking. But as it expands beyond that, I think that your average US consumer is going to realize, "Oh, you know what? I never consciously signed up to be tracked all the time, and this is a technology that's relevant to me. " Yeah, that is a very interesting argument. I still wonder why would an investor that seeks to have some return on their investment be so interested in giving you guys any money? As you said, this is a niche community. So, how do you think that you know, in the future you will be able to just have that business model that is sustainable without making any compromises whatsoever on your current promises? Yeah, we're currently a niche community and but the community, but the future for us is I think popular adoption and mass market adoption. And so, if you mentioned investors, right now investors are investing a lot of you know, sexy AI things. Telecom is not a sexy AI thing. It's actually, you know, this legacy industry that's been around for decades and decades, but that's exactly why it is so ripe for disruption right now. And the fact is every single person has a cell phone plan. Well, almost every single person. You might not, but almost every single person has a cell phone plan. And on average in the United States, they have more than one they have slightly more than one cell phone plan. So, it is an enormous market. And if you look at other types of sort of privacy technologies, initially they started in a niche. Let's say, you know, people using encrypted chat apps like Signal or people using VPNs. That used to be less than 1% of the population. But as time went on, that adoption became greater and greater. Now today, I think it's as much of as a third of Americans have downloaded or used a VPN or encrypted chat app and are currently using those things. And so, we definitely think that kind of popular adoption is absolutely possible, and that's within our plans. So, maybe there could even be a whole market of these things like Cape? Yeah, absolutely. But I think that probably the difference with us and apps is that when you want to launch an app, there's a very low barrier to entry. Basically, you just need to write some software and get your cell phone in the app store, and there you are. Differently for us, we believe that we are we're we call ourselves an N of 1 because essentially, there's a huge amount of fixed cost investment in order to stand up a telecom carrier from scratch that has your own mobile core. That's very difficult to do. Your typical that hasn't happened for years and years. You know, again, if you look at a typical cell phone company, they're not going to be recreating a mobile core from scratch. And so, due to that high fixed cost investment, um that's what allows us to provide those proprietary features. And for that reason, it's going to be a lot harder to see like a rush of players in the space that you might see in other software spaces where there's very low barriers to entry. I see that you're also doing a lot of activism, and I like that because it kind of balances the risks that come with introducing a lot of for-profit interest here. One of the most interesting ways you're doing your activism is that you're prioritizing support for GrapheneOS. GrapheneOS is something that I also use on daily basis. It is the only mobile operating system that I'm comfortable with. I don't want to use anything else. But as you said, this is a niche community, and I haven't really seen that much support for GrapheneOS. And I really appreciate that you are doing this. But I want to see why did you go for this? And what is your current situation? How do you support GrapheneOS? And um why is it important to let that be known to your customers? Yeah, so initially GrapheneOS wasn't um wasn't a priority on our road map, but as soon as we launched our beta last year, we realized that we were getting a ton of inquiries from GrapheneOS users. And um a number of them had problems. So, for example, um with every cell phone network, there is interactions with the OS that can create unexpected activity. And so, for example, you know, some GrapheneOS users were having connectivity problems, or they were having delays, or repeats in their SMS. And so, given that we saw that a pretty large proportion of our early adopters were with GrapheneOS. We realized we need to support that community and make sure that it's a first-class experience. And so, we did a lot of tech work behind that. The other thing that the GrapheneOS community requested was at the time we only you know, we had just launched the beta service. We only made it available in the Google Play Store and the Apple App Store. And a lot of GrapheneOS folks, they ### [50:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=3000s) Segment 11 (50:00 - 55:00) don't want to get things through Google Play, right? They've wanted to de-Google their life. And so, uh that's why we made it available in the Aptoide store so that you can completely um you can completely de-Google um and Aptoide is for those who don't haven't heard of it is a uh kind of privacy-first app store. And so, um if you're a GrapheneOS OS user, there's apps like Cape and other apps are available there as well. And you don't need to go through the Google Play Store. And so, once we realized that um that GrapheneOS is so commonly used by our early users and early subscribers, um we uh decided to also launch this initiative where for our first year we're donating the first month of all subscription revenue to the GrapheneOS Foundation um to support the GrapheneOS project. It's um you know, it's an amazing service. It's uh it's a kind of the gold standard in terms of a uh private OS. And so, we're you know, the values are really aligned and so we're uh proud and happy to support that. Well, this is huge. You're not only supporting GrapheneOS, you're also putting your app on Aptoide. Aptoide is very small, but I really encourage every single developer to go there and support that app store because we need this. It's excellent. And uh again, I haven't seen that many companies, even privacy companies, so supporting uh Aptoide. And I really have to highlight that this is something that I appreciate and I hope that you will never drop that uh or that you will have some sort of non-Googled option uh for GrapheneOS users. And the fact that you went out of your way to actually listen to the GrapheneOS community there is also very important. Uh there sometimes are issues with certain apps and services on GrapheneOS, but for the vast majority of the things that you would ever want to use on GrapheneOS, at least from my experience, that has worked fine. And I'm glad that — like as a part of our product QA process, we test GrapheneOS every time we make a change, we test GrapheneOS. That's awesome. Because it's important to our customer base. This is this is good because you in my view, GrapheneOS is probably one of the most important projects of our lifetimes, especially for privacy and security. It's probably one of the top top, if not top one or top two for sure. And the fact that you have been able to identify this as something to me about the judgment that leaders in your company uh exercise. So, I truly appreciate this. There's another kind of activism that you have done with the EFF. That's the Electronic Frontier Foundation. This is an activist organization. They are doing all kinds of stuff to make sure that privacy is also protected on the legal level. They're doing all kinds of studies. You have done some studies with them, too. So, why EFF? I mean, EFF is kind of like a blockbuster name in the privacy and free software community. But again, why would you want to have this activist portion of your company going to something like this? Well, there's a huge alignment in values. So, EFF is the premier organization fighting for um online digital privacy uh here in the US and has a high profile across the world. Um and so, we are we're really honored to be uh able to work with them. Um the history behind our partnership is that uh we were first talking to uh Gary Miller of Citizen Lab. So, Citizen Lab is another very highly respected organization. They've provided help to journalists in the past who um have been uh the subjects of surveillance. Um and Gary told us, "Hey, EFF has this uh thing that's called Rayhunter. " Rayhunter is basically a cheap uh IMSI-catcher detector that you can carry around. Like I think you can get it for something like $40. Um but they uh wanted to get a telecom partner that has, you know, a telecom lab environment that they can run some tests with. And you know, we were the perfect fit for that. We're the only um you know, we're the only telecom carrier with our own lab with, you know, the entire setup uh that is also privacy-focused. And so, we jumped on that right away. And a couple of things that we did was, you know, we have uh security researchers on our team. We had one of them uh basically set up a bunch of IMSI-catchers to uh have EFF's Rayhunter test against that because at that time uh there were too many false positives and so it was hard to detect, okay, what's a real IMSI-catcher versus what's just like a regular behavior from a cell phone tower. And so, by configuring a an IMSI-catcher and then running it in our lab environment, uh we were able to really refine a bunch of those rules and heuristics. Um and so, that was a really fruitful partnership. After that, um the other thing that happened, uh which is also just kind of happened by chance, we were getting a bunch of inquiries from activists and ### [55:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=3300s) Segment 12 (55:00 - 60:00) journalists and uh for Cape service. And they're saying, you know, a lot of journalists and activists they don't have a lot of resources. And they were asking if we could provide the service for free. Um we provided for free to a number of them, but then we started feeling like, "Okay, but you know, how do I we should have probably have some sort of process for this. How do we uh know or qualify like who is a journalist, who's really an activist? Because otherwise everyone might just be using this to get free Cape service. Um are we even the right people to decide who's considered legitimate journalist, etc.? Um you know, that's that felt like a somewhat uncomfortable place for us to be. On the other hand, um EFF has been working with the community for years and years. Um they're well-respected. They know how to do these things. They've had partnerships like this before. And so, we asked them if they'd be willing to help us um in this uh in this way. And uh we're lucky that they agreed. And so, right now, if you're a journalist or activist and you apply for Cape free Cape service, um EFF is the one that helps us uh that those applications. They um help us think through the process in terms of um you know, how to process those and how to vet those in a fair way. So, it's a little bit of a mutual relationship there, I guess. Yeah. That's good to know. Yeah, that's nice. Um it's nice that companies also care about things that generally improve the whole community and it's not just about the bottom line for you guys. So, appreciate it. But maybe because we are approaching the end of the uh the talk you you gave me 1 hour. So, I'll only ask maybe one last question. And this is what I want to know about all of these projects and the people behind them. You could have been doing all kinds of different things. You have talked about your background a little bit. You could be working for any tech company out there. Why even bother with privacy? Why bother with Cape? Why not devote your talents, engineering, marketing skills, whatever that is to literally anything else that could have probably secured a much more comfortable job, maybe I don't know. Just like why care about all any of this? Yeah, I think like um you know, I've always been attracted to things that are uh that have a meaningful mission. And when you look at um our world and how it's changed um in the last few decades, one of the things that's really changed about it is how connected we are, how much data is being produced, um and how that data is being used and what it's worth, right? Especially with the advent of AI right now, um the availability of data and um the ways in which our personal data may be relevant to that development is is huge. And I think that innovation is going to happen no matter what. Um we're headed in that direction for better or worse. One thing that we um can be uh conscious about is there's going to be adverse effects from uh from the way that we've decided to give our data um so freely to trade over our personal information in order to have all the great benefits of being connected all the time. Um and this is a conscious way to take some of that back. We're going to be in a society that um is going to have an increasing amount of AI. And I see any sort of privacy-protecting technology is being fundamentally pro-human. Right? Because um if you're able to protect somebody's privacy, especially in this very data-hungry world, um that is what really protects a lot of fundamental sort of human um aspects of personal dignity. And it relates back to the question in terms of, you know, why we have worked with EFF and uh as well, which is that um you know, the ability to protect privacy is fundamental to a bunch of the fundamental freedoms that we take for granted like the freedom of expression or the freedom of assembly. It's hard to exercise those other freedoms if you don't have privacy in the first place. And so, it's a really fundamental problem to be solving. And that's why um the mission was just really uh attractive and inspiring. Well, thank you for that. And we have sped run through the questions, but I hope that at some point in the future we'll have some time to go through more of this. Uh and so, I appreciate that you that you've come on. I don't have anything else that I want to ask you for now. So, appreciate the full hour that you gave me. And if you have any closing remarks, feel free to say any shout-outs or where would you want my audience to follow you or anything like that? Yeah, great. Um you know, I really am grateful for this time to talk to you. You are somebody that really understands the space um and your audience understands uh the threats that we're trying to mitigate. And so, that's really great. Um you can find us at cape. co. We are ### [1:00:00](https://www.youtube.com/watch?v=ZsHZSbNu3CE&t=3600s) Segment 13 (60:00 - 61:00) uh also available on all the you know, all the major social media channels. Um if you go to cape. co, you can subscribe to our newsletter as well. Um and the final thought that I'll leave you with is that uh if you are serious about protecting your privacy and security, there are many things that you can do. Um but uh you know, in terms of the cellular network, it's going to take more than downloading an app. Uh we're at the foundation level. There's been a gap there up till now, and we are working to fill that gap uh today. So, really hope that you check us out. Thank you. All right, thanks a lot. I appreciate this, and I'll uh I'll send this over in um Signal as soon as I get downloaded. Yep, thank you very much. And I won't take up any of much of your time. I appreciate this, and whenever there is anything that you would want me to research or make content about, feel free to let me know. Send me send it to me over an email, or Signal, and I'll have a look at it. People have, as you guessed correctly, uh asked me about Cape, and I appreciate it. I'll be able to, you know, give them uh some words straight out of Cape. Yeah, that's great. Thanks. All right, have a good one. You too, bye. — Bye. --- *Источник: https://ekstraktznaniy.ru/video/49775*