Location is the most sensitive information and if the LE come knocking at Cape’s doors they would happily oblige. JMP doesn’t have your location, so can’t give it.

IMSI rotation without IMEI and EID rotation does not provide anything other than maybe stringray protections. (Which jmp provides - because there is no local SIM)

We are inclined to use a phone number because institutions/banks use them as a way to verify you, in that case the best strategy is to change to an alternative that uses TOTP for 2fa for eg.

I am seeing a wider adoption of WhatsApp for calls, its e2ee! Even if Meta knows who you are calling, at least the call is encrypted, better than “normal” calls as anyone in the dozen companies / PBX’s and PSTN / the government can log them, so are logging it.

That’s why I like jmp.chat because its a bridge, products and services will use phone numbers as a way to stop spam and its just 5$ per month not 99$ (you can use BKTK57SA for a free month)

The only thing you miss while on airplane mode on a graphene os device is the mobile data, use WiFi’s!

The best solution for mobile data I got, is to use a rooted graphene OS device as a hotspot for IMEI rotation and using 9esim adapter (coupon SECURITYBRAHH2 for 10% off - buy in bulk for the travels) for EID rotation, and using silent.link as it is a no kyc IMSI (internet) provider.

Refutation of Each “feature" of Cape:

“minimal” personal data collection and retention

As per their privacy policy:

“In providing you with the Cape Mobile Carrier Service, Cape will also collect your Cell ID, call logs, subscriber number (IMSI), your device number (IMEI) and your MAC address. Cell ID and call logs are stored for two months for billing, compliance, and financial reconciliation.”

On the other hand, JMP only log your call history but you can ask them to clear, SMS are stored in server for 7 days only but you can get your own server.

SIM swap protection

You don’t need to pay 99$ for that, with JMP as there’s no SIM to swap, you are protected.

“enhanced” signaling protection

To my understanding they do that via location permission from the app.

As far as tracking via SS7, there are two methods that could be used:

1. Interception via IMSI catcher

2. A location request ping from the network

In both cases the messaging and voice service from JMP is out of scope. It doesn’t tie to a SIM and doesn’t respond to SS7 requests because the protocol isn’t being used on the device.

Soprani.ca - all the code is open source and you can audit it, yourself. Not true for cape. Maybe I will release an audit like I did forwardemail - great email service that even has zero access encryption for metadata.

semi-”private” payment

They say, they use stripe sdk for tokenization of the card but if LE asks stripe for the data, LE will easily know the card holder.

On the other hand, JMP supports Bitcoin and Bitcoin cash. And you can pay with cash as well, the most anonymous payment option by far. I will try to propose bitcoin lightning to them.

Stripe stores the mapping of the full card to a secure token and links this to a Customer object, enabling the connection between the last 4 digits and the individual.

Stripe has a vaultless payment option, but cape didn't answer my question here

https://www.reddit.com/r/CapeCellular/s/m9py6vj9Nw

JMP uses paypal braintree, you can use cakepay mastercard or fluz.app if you want to use a card.

“encrypted” voicemail

Anyone of the dozen companies and the government monitoring the PSTN has your voicemails, just cape doesn’t.

That’s a false hope, use signal you fools. Even WhatsApp is better for e2ee voice calls.

generate secondary numbers

You can have 2 separate numbers in Cape for sms only which can be provisioned again and again.

But you don’t need to pay 99$ for that, each new number on JMP is 2.45$ per month and you can get premium+ routes that work flawlessly with online services.

Smspool.net is a great service for one time verification.

automatic spam filtering

JMP has their own spam filtering, and they don’t block robo calls as you may need to hear automatic high priority voice mails from the schools, your banks, and other institutions.

The better strategy is, as always, getting good at OPSEC and not giving your phone number to anyone who doesn’t need it.

If your number is burned, kindly get another one and migrate all the services you absolutely need. Don’t use the services, you don’t need.

unlimited talk, text and data

At 99$, C’mon.

JMP gives you “unlimited” text and talk at 5$, and you probably don’t need unlimited let's be real.

For data, only silent.link is the play.

secure global roaming

Silent.link is better, why do you even need a cellular for anything other than mobile data.

no contracts

With JMP, you have no contracts as well.

P.S. I have covered JMP in the past, you can search “JMP" in the archives. There is a guide on setting up JMP here:

On Phone Numbers

Sovereign Shadow

·

November 27, 2023

Read full story

Onboarding flow here:

JMP@JMP_chat

Showing off the soon-to-be-released in-app onboarding flow for JMP from Cheogram Android, including setting up a Snikket instance!

7:51 PM · Apr 18, 2023 · 319 Views

---

1 Repost

Love, Wisdom and Tech Savviness,

Security Brahh | The Sovereign Shadow