above.phone: Best of Both Worlds On a Privacy Phone
A technical demo of a privacy phone solution that'll satsify your needs while protecting your privacy.
Watch The Tech Demo
Today is our first public look at the above.phone, the most comprehensive privacy phone solution available to consumers. We're going to cover the most important features and understand what makes this phone so private.
If you're unsure why you need phone privacy, read 'Who Can We Call On?' to understand the different layers of mobile tracking.
If you'd like to buy the phone, please head over to our website!
Teebot wants you to follow us on these alternative social platforms:
Official #TakeBackOurTech Community
Who are we?
Above Agency is a digital agency that builds friendly technology ecosystems for people who value privacy & freedom. We got our start helping activist organizations and movements build robust presences without relying on abusive big tech companies. Our projects include:
- The Greater Reset, a 5 day hybrid conference focused on real-world solutions
- Take Back Our Tech, an educational publication focused on sharing friendly technology
We found that our worldwide team of creatives and engineers needed a secure way to communicate with each other. We tested different technologies for a year and landed on the perfect combination of security & usability - above.phone was born.
What is the above.phone?
The above.phone is a mobile privacy solution that combines four different components:
- Secure hardware
- Open-source operating systems (GrapheneOS & CalyxOS)
- Free & Open Source Applications
- Privacy Services
The fifth and final component is user education accompanied by a change in mindset, and real-world practice. Education on the phones is supported by our Knowledge Base which is completely open to the public.
Freedom To Choose
More than an invidual phone or device, the above.phone is a blueprint for a new mode of mobile communications. Every part of the solution can be replaced with whatever suits your needs. There are other devices, degoogled operating systems, FOSS apps, and software services that can achieve the same or similar functionality. The choice is yours.
- Choosing a different device or degoogled operating system (Do your own research on the privacy considerations)
- Running your own software services or using alternative services (using Mullvad VPN or CalyxVPN instead of the VPN in the above privacy suite)
What it won't protect you from.
Although the phone will greatly improve your security and privacy, it cannot guarantee 100% protection from intelligence agencies or sophisticated cyber attacks. These attacks and techniques used by actors at these levels are largely unknown. No phone could honestly guarantee this, nothing is ever fully secure or private when communicating over the internet or cellular networks, and the lack of open firmware for radios and other phone components makes mobile protection especially difficult. Keep reading for the good news...
What it will protect you from.
The above.phone will protect you from the widespread surveillance found in traditional operating systems, modern mobile applications, and the usage of cellular service. This form of tracking is easy to observe and to understand. Across the ecosystem of unfriendly traditional operating systems, mobile applications, and cellular networks, data collection is happening at a massive scale. The connection between big tech companies, telecom companies, and enforcement arms of the state is openly documented and active as a threat to personal privacy and freedom. These entities have designed a system that makes it possible to easily collect and analyze this data in a way that they can act on it. Programs like HEMISPHERE and Google's Sensorvault are perfect examples of their capabilities, allowing entities to easily target millions of mobile users by their location and communications. These programs are fed data from the operating system, mobile app tracking systems, and telecommunications records. The above.phone solution provides the tools and strategies to deal with all three of these channels.
The extent of your protection depends on the choices you make when using the phone. We will explain the different choices and considerations here.
Does that benefit me?
Yes, absolutely. These layers of data collection mentioned above have been implemented because they are easy. By removing and obfuscating these channels of data collection you take away the easiest and most developed data pipelines away from these entities. This requires entities to resort to more complicated attacks on individual users if they want more information. Attacks like these are sophisticated operations and require planning, time, and money to execute and become infeasible on a large scale. The hope is that through widespread adoption of protective technologies, we exhaust the resources available to the entities that seek to track and control us.
- Using degoogled operating systems like GrapheneOS and CalyxOS remove any OS level data collection and limit
- Using free and open source applications devoid of trackers avoids sending data to advertising and tracking companies (which are mostly owned or have data sharing agreements with big tech companies)
- Using the phone without a SIM card and using encrypted calls and texts avoids any data collection at the hands of cellular service providers collecting call detail records and text records.
- Using the phone with a VPN obfuscates your internet traffic from your internet service provider or cellular service provider.
As you can see, the tools need to be used with the awareness of how they work in order to provide proper protection.
Do It Yourself
There is nothing stopping you from putting together your own above.phone. If you are technically inclined and have the time, we encourage you to go this route. You will need to purchase an unlocked device, and can follow installation instructions from the official sites of the operating systems below. Once you have your phone up and running, feel free to use our open knowledgebase to learn how to use the phone.
Device & Operating Systems
The above.phone uses devices from the line of Google Pixel series, which developers of alternative operating systems prefer using due to these devices' security model and ongoing vendor support. These phones also have a hardware chip that allows the phone to verify that the operating system is genuine, alternative operating systems can also make use of this verified boot.
Differences Between Operating Systems
Both GrapheneOS and CalyxOS are in active development and updates are rolled out regularly, the information below may get outdated. Peruse the specific project sites for the most up to date and accurate information. The information below is our analysis after looking at project documentation, source code, and making our own observatiosn.
Most modern apps require Google Play Services to function. These services constantly track usage information and send it to Google. CalyxOS can replace these services with an open-source implementation called microG, which preserves your privacy and minimizes interaction with Google. This allows popular apps to work without you getting spied on.
Features & Benefits
- Verified boot process ensures the OS hasn’t been modified
- Datura firewall allows you to configure which applications have network access or use VPNs
- Full control over Wi-Fi / Bluetooth
- Trusted Agent gives you visibility into application permissions
- microG replaces Google Play Services while maintaining a higher level of anonyminity & privacy
- Regular security updates
- Use Aurora Store to download apps from the Google Play Store anonymously
- Download Free and Open Source Applications from F-Droid
GrapheneOS provides extensive security improvements at all levels of the software. It also avoids interaction with proprietary layers such as Google, removing any connection to them within the operating system. Because of this, a small portion of applications which depend heavily on Google Services will lose functionality. Many of these apps have open-source alternatives and replacements. If you want no compromises on privacy & security, this is the operating system for you.
Features & Benefits
- Hardened kernel, firmware, and memory allocator provide enhanced security
- Enhanced verified boot to protect physical attacks on your phone
- Improved filesystem-based full disk encryption
- Indicators for active camera & microphone usage
- Direct Network permissions toggle for each application
- Sensors permission toggle, disallow access to additional sensors like Camera, Microphone, Body Sensors, Activity Recognition, acceleratometer, gyroscope, compass, barometer, thermometer, and other sensors.
- Seamless automatic OS update system with regular updates
- Use Aurora Store to download apps from the Google Play Store anonymously
- Download Free and Open Source Applications from F-Droid
We recommend that users of the above.phone and degoogled operating systems use F-Droid as their primary source for finding applications. Applications found within F-Droid must pass code reviews to get accepted. These codes review ensure neither the app nor its dependencies have proprietary code. The end result is no third party trackers which plague traditional mobile applications and perform data collection on millions of users daily.
The above.phone includes a curated list of the best applications available on F-Droid. There are free & open source replacements to the most important uses for a mobile device such as maps, media, office/email, messaging apps, and much more!
Aurora Store is another store that can be used to download traditional apps (ones available on the Google Play Store) anonymously. It creates an anonymous session for your device and allows you to download mobile applications from Google Servers without being signed into your Google Account.
You may decide you need to use a traditional app and you can download it this way. Aurora store uses community efforts such as the Exodus Privacy Reports to provide you information on application tracker's and permissiosn when downloading apps.
Any applications you download from Aurora likely have built-in trackers, apps on the Google Play Store have an average of 5 trackers.
Despite this, your degoogled oprating system gives you tools you can use to control the behavior of these applications. You can choose to disconnect an app from the internet, and even block outbound connections by URLs using apps available on F-Droid. More information and guidance to come.
The monopoly of cellular service providers across the globe leads to little to no alternatives available for mobile cellular communication - but there are a few strategies that can be used for those who want to increase their privacy.
Any phone call or text you make through a cellular service is likely recorded and retained for a period of time. This information can be shared with law enforcement or other entities. Internet traffic can also be shared, but use of a VPN will make it difficult to to identify your traffic. We recommend using a VPN at all times and replacing phone calls and texts with encrypted messaging and voice calling services, such as the Above Privacy Suite. Note that the potential for rough location tracking is always present when your phone's cell service is active, through cell tower triangulation.
Use With Existing Service
You can use the above.phone with your existing cellular service. Any GSM or CDMA service is compatible with the phone. Simply take a previously activated Nano SIM card and plug it into your phone. Keep in mind, your cellular service provider will now be aware of your new device through your phone's IMEI, and if you have previous billing details on hand - it will be connected with your identity. We recommend all sensitive activity be avoided through calls and text messages, and your internet traffic be protected through use of a VPN.
Buy Cellular Service Pseudo-Anonymously
You can buy a prepaid mobile service using cash in many countries, either through big box stores or smaller outlets. If you buy SIM service with cash and don't provide your name, you will have cell service pseudoanonymously. This separates your service and device from your identity, although depending on how you purchased it, there may be ways to retrace. If you continue to call and text the same phone numbers as you did on a previous phone, then it may be easy to infer that your old phone and new phone are connected. This ability to find 'dropped phones' is present in mass surveillance programs like Hemisphere.
Don't Use Cellular Service
The most secure and private way to use this phone is to avoid putting in a SIM card altogether. Use WiFi networks along with communication apps (XMPP, Telegram, Briar, Jitsi) to keep your connections encrypted and off the cellular network. Of course, with this method you will not have any mobile data - however you will still be able to call & text phone numbers with an XMPP bridge service such as JMP.chat.
Turn Off Radios During Sensitive Activity
You can turn off the mobile data in both GrapheneOS and CalyxOS which will kill the radio. No calls, texts, or connections can be made to your phone. This will prevent geolocation tracking. You can then re-enable WiFi to operate through a local network. This may be a useful strategy if wanting to hide your location during a period of time. Extra precautious users can eject their SIM cards and turn off their phones.
There are amazing projects in the works that aim to provide open decentralized and private radio communication channels. One of these solutions is called Beechat Network, and will be compatible with both phones and computers. We hope to bring in this technology as part of the above phone solution in the future.
Above Privacy Suite
The Above Privacy Suite is a collection of important software services that complement privacy phones. Each service is handpicked to work with free and open source applications obtained from F-Droid with minimal setup and a simple user experience. Our suite provides a VPN/DNS service, private email, encrypted messaging, calling, video calling, video conferencing, and search. We've included a bit of info on each service below.
24/7 email support is always available for customers of the suite. We will do our best to assist and may provide hands on calls. Additionally we have made our knowledge base open to everyone to support them in their privacy journey.
Encrypted Chat, Voice Calls & Video Calls
The suite utilizes XMPP as a major tool for communication. Users can register for an XMPP account on the Above Privacy Suite or on other XMPP providers. Users can contact each other through identifiers that look like emails and comunicate in a fully end to end encrypted manner.
- Send end to end encrypted texts, files, links, and voice messages
- Use multiple devices (computers, phones) while having messages end to end encrypted and synced between devices.
- Make end to end encrypted voice and video calls which leave no trace when finished.
You can receive a phone number that can make phone calls and texts anonymously with the above.phone. You can use a phone number that can call & text using XMPP on your above.phone using JMP.chat which is a XMPP/SIP bridge. All customers of the Above Privacy Suite get a free month of service on JMP.chat. This registration is anonymous, and you can continue to rent phone numbers using Bitcoin.
Our email service provides you a private email that can be setup on any of your devices.
- @above.im Address with 2GB of email storage
- Desktop & mobile access (using a IMAP/SMTP client)
- No email retention after deletion
- Logs deleted every 48 hours
- Email server uses full disk encryption to protect against physical attacks.
Our VPN/DNS service encrypts the internet traffic on your phone from your Internet Service Provider and Cellular Service Provider.
- All internet traffic coming from your phone is end to end encrypted to the VPN server.
- This service is currently only available for mobile and for users in the United States. More VPN servers and desktop configuration on the way soon.
- This service provides a high-speed and light-weight end to end encryption for your phone's internet traffic on the WireGuard protocol, the difference in your phone's internet speed is negligble.
- The VPN will make DNS requests on your behalf using a built-in DNS resolver.
- Built in DNS adblocker.
The suite provides a private instance of Searx, a meta-search engine that can query major search engines and a 100+ different sources of information on yuor behalf, protecting your real identity and query from being connected.
- Search for links, files, images, maps, music, videos, news from over a 100 different sources.
- Configure your sources and preferences on each device
- No logging
- No user information forwarded to search providers
- Ads are blocked
Lastly, a private video conferencing service lets you have conference calls with your own groups.
- Access from web, desktop, or mobile
- Invite your friends and family to conferences
- No logging, no record of calls after they are complete.
- End to end encryption for person to person calls on the web browser
- Not end to end encrypted for multi-party calls (you must trust our service to decrypt and re-encrypt the video streams for all people in the parties)
Whether you are looking to purchase an above.phone or put together components to make your own, make sure you understand the nuances with each choice in your solution and the data collection considerations. We have developed this solution to address the most obvious and pressing threats to our privacy. The above.phone will continue to evolve as new information comes out and technologies improve. We will add additional devices, operating systems, apps, and services to continue to make the solution more private, accessible, and functional. Thank you for joining us on this journey.
Our connection is sacred.
Don't Miss The Tech
Read our easy-to-follow guides on privacy, security, and awesome technology weekly. By subscribing, you will also join the Above Agency mailing list.