176 points by 0xWTF 5 days ago | 190 comments on HN
| Strong positive
Contested
Landing Page · v3.7· 2026-02-26 02:54:14 0
Summary Privacy & Personal Security Advocates
Cape.co's landing page advocates for privacy-first digital service design, with explicit commitments to data minimization, non-tracking, and immediate deletion. The content strongly engages Articles 3, 12, and 19 through structural and editorial emphasis on protecting users from surveillance, profiling, and data exploitation. Subscription paywall ($30/month) creates economic barriers that limit practical access for disadvantaged populations, tempering otherwise robust privacy advocacy.
I've been using my Google Voice number for something similar. But Cape doesn't specify if/when these numbers are rotated in any way - you have three numbers to track now, and you can't retain these numbers if you switch services.
"Identifier (IMSI) Rotation", "Secure Global Roaming" and "Network Lock" do look interesting *IF* they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
SIM Swap Protection you already get by using a VoIP number rather than a cell number.
And the other features are irrelevant if you're using over-the-top end-to-end encrypted messaging, like Signal, rather than Plain Old Telephone Service and SMS.
You might check out who the CEO is here and how he runs the company and then consider whether you'd trust them. And look at the infra providers they use. Not what I would call the most upstanding bunch.
Do not fall for a word of this. If you've spent any time dealing with actual SIP providers (ie not the shit you'd hook an app up to, the ones debt collectors use), you'll know exactly how much you can trust them. Same difference
> Enjoy unlimited high-speed data; after 50GB, speeds may slow to 256 kbps.
Last I checked 256 Kbps is not high speed. You can advertise this as unlimited data, or you can advertise it as 50 GB of high-speed data, but you can't call it unlimited high-speed data.
>Protect yourself from persistent tracking by rotating your IMSI every 24 hours, so you appear as a new subscriber each day.
But nothing for IMEI, which is fixed for a given device. Unless you got a new phone to use with this service, it can instantly be linked back to whatever previous service you're using. If we assume that whatever carrier they partner with keeps both IMEI and IMSI logs (why wouldn't they?) it basically makes any privacy benefits from this questionable. It's like clearing your cookies but not changing your IP (assuming no CGNAT).
The other benefits also seem questionable. "Disappearing Call Logs" don't really help when the person you're calling has a carrier that keeps logs, and if both of you care about privacy, why not just use signal?
They're asking $99/month for this, which is a bit steep. If you only care about the rotating IMSI, don't care about PSTN access (ie. no calls/texting), you can replicate it with some sort of data esim for much cheaper. The various e-shops that sell esims don't do KYC either.
Unfortunate that it doesn’t seem to support Linux phones. Phreely or Purism’s AweSIM would be a better fit for anyone running a non-Android/non-iOS setup. Hopefully they add this in the future.
So it's an MVNO mostly on the AT&T network with extra privacy features? I think it still all then comes down to how you use your phone and how much you can trust the whole pipeline. I use Credo Mobile which doesn't seem totally different. https://www.credomobile.com/our-story
I'd like a service like yours that allows private signups and that works continuously to prove ongoing private operations. I don't need huge data plans, I'm fine with WiFi mostly. It needs to cost way less per month than your current pricing. It would be cool if you could find a way to serve people like me.
FYI, I had to walk through the first dozen or so steps of the signup form to figure out that it's available in the US only. I suspected as much, but I figured I'd post it here, since it's not in their FAQ.
I know it'a a bit of a pivot but the following would make me move:
1/ eSIM activation outside the US
2/ The family plan is weird. My wife and I don't want to manage two separate bills.
3/ multiple eSIMs and numbers in different countries all within the one account (Germany in particular)
It’s rare to see an MVNO thread get into the weeds of the mobile core, but as a Full MVNO, Cape is essentially running its own sovereign telco infrastructure. From an outside perspective, they are definitely among the few who are treating the signaling plane with the proper level of scrutiny (they built their own signalling firewall)
But even with a proprietary core and a signaling firewall, Cape is still an island in a sea of legacy protocols and peer MNOs with different intentions...
I'd be interested to see how they are hardening the IMS (IP Multimedia Subsystem) and VoLTE/VoWifi stack. SIP signaling and RTP streams for voice are often unencrypted internally.
If Cape is applying their 'Network Lock' logic to the IMS layer, they could potentially mitigate SIP-level spoofing and voice interception that occurs at the interconnect.
Their 'Encrypted Voicemail' (using asymmetric keys on the device) is a strong signal that they understand the 'Last Mile' problem.
Also even if SEPPs are not really a thing, i'd be curious to know if they've started looking at this.
In the small world of telco security (disclaimer i work for P1Security), they are definitely working in the right direction. Any international ambition, particularly in EU, will be a tough sell though....
Guess I'm more paranoid than fairly. Id class this in a wait and see category maybe try it out on a secondary device for a trial run. You'd have to have the need to their services to justify the cost or just not care about cost.
The problem with every service targeting "safety conscious" people is that by virtue of using that service you mark yourself as someone with something to hide and draws attention. The lack of signal is a signal in itself.
It's like walking into a bank wearing a ski mask. Yeah we don't know who is under the mask but we know there is probably something fishy going on.
Your best bet at staying safe is always to not raise any attention at all, and that usually means doing what the average citizen with 2.4 kids does.
They built their own mobile core, does that help with resolving your "Big If"? I'm not a cellular guy, I don't know which pieces of the stack cover which attack vectors: I'm genuinely asking.
>Know Your Customer regulations require the company to … know the customer
Which KYC regulations exist for carriers? AFAIK you can walk into any store and get a SIM card. The most they ask for is maybe E911 which they don't check.
I have a conflict of interest here (I am an advisor to Cape, also a security expert, and my company has done security audits for Cape), you should absolutely look more deeply into what Cape has created. Their service is fundamentally different than other "security-focused cell providers" (mostly snake oil IMHO) because Cape wrote their own mobile core, nearly from scratch. They control the whole software stack and have done really innovative things with it.
Here are a few things you might want to look at more closely:
>do look interesting IF they can actually address some of the baseband vulnerabilities that plague all modern devices. That's a Big If.
Baseband vulnerabilities are overhyped, imo. On proper phones (eg. pixels), their access to memory is restricted by IOMMU, which protects the rest of the phone from being compromised if there's some sort of an exploit. Once that's factored in, most exploits you can think of are "on the other side of the airtight hatchway[1]". For instance if you can hack the baseband to steal traffic, you should probably be more worried about your carrier being hacked or getting a lawful intercept order. Or if you're worried about the phone triangulating itself, you should probably be more worried about your carrier getting hacked and/or selling your location data.
Are there solid VoIP providers that aren't detected by 2FA SMS services? I can't use my Google Voice for a decent chunk of sign-ups because it is detected (and rejected) too easily. I hate getting spam, so I try to keep my primary phone number only for friends and family.
Hey, John Doyle here (CEO of Cape). I'm happy to dig into how I run the company, or the infra providers we use. I actually think we're pretty upstanding! If there are questions I can answer that will put your fears to rest, let me know.
Hi -- Head of Product at Cape. This is a good question. I will say up front there is no silver bullet for privacy on cellular networks given the way they were designed to interoperate. Our strategy is to offer many different protections that collectively make it harder for your activity to be tracked.
The details of what our carrier partners can see is in the table at the bottom of our privacy summary: https://www.cape.co/privacy-summary. We add noise to their data by doing things like rotating your IMSI daily and spreading traffic among multiple carrier partners. If the data is messy enough and not associated with your personal information, there should be less monetary incentive for the carrier to try to piece it together when they have an abundance of clean data with stable identifiers and verified personal information.
Additionally, with disappearing call logs, it's about reducing surface area. Fewer logs in less places.
Doyle here :) I'm very proud of my military service!
Prior to Cape, I led the national security business at Palantir. That experience was actually the catalyst for Cape. It’s where I first learned about the massive array of vulnerabilities that exist in our current cellular networks. I saw how those gaps impacted not just government organizations, but everyday people, and I realized that the mobile phones we carry every day are perhaps the single largest risk to our privacy.
I needed that experience to understand the depth of the problem, but once I left to start Cape, that connection ended. Cape has no ties to Palantir. We aren't a subsidiary, we aren't a "front," and we don't share data with them. The only thing we took from Palantir was the desire to fix a broken system. If you want to see me and some of the rest of our founding team talk more about this topic, you can watch this video on our Instagram page here.
Another related theory I’ve seen online is that Cape is a honeypot for law enforcement. Cape is not a honeypot. It’s so hard to prove a negative, but at least I can say it clearly and out loud: Cape is not a honeypot.
We are a group of individuals who deeply value privacy. That mission carries across everything we do, from our work with the US government and allies, to everyday people, and everything in between.
We partner with non-profits to support victims of domestic abuse who are facing cyber-stalking and digital harassment. https://www.cape.co/break-free
We are a young company growing exponentially, and we don't plan on slowing down. We know we have to earn your trust every day. The truth is, no one else is building a high-quality, first-class solution to these specific cellular problems. We are committed to being the ones who do it right.
I think the regulations have some loopholes for domestic use, but one I don't know how they can really get around is for international roaming, as other countries have far stricter KYC laws.
Domestically you can buy a Tmobile or Cricket with a pre-paid visa cash card and a gmail address (no ID required), but they won't work outside the US.
It's probably worth calling out that this is an experimental feature, and we are happy to get any and all feedback on things we can build out around them.
They are real numbers, not VOIP. That can matter depending on what they are used for and if the entity you are expecting a message from blocks sending to VOIP numbers.
The numbers don't rotate like our identifier rotation. They are yours. You can choose to delete a secondary number in the app, and if you have less than two, create a new one after 30 days.
Appreciate the feedback, we’ll likely experiment with different plans down the road, but for now we’re focused on rolling out as much additional privacy/security value as we can to justify the premium price point.
You can sign up for US mobile service, which is a Verizon MVNO, right this moment with no personally identifiable information at all.
Remember: neither the visa nor MasterCard payment networks have any support for customer name. Everyone pretends that they do, but they do not. In the absence of an additional security layer like “verified by visa “there is no way to verify cardholder name.
I saw somewhere - it's not like "I know a friend" but literally read somewhere - IMEI is just configurable with standard cracked virus-loaded copies of QXDM :p
But realistically, none of that matters. You'll be the only one in 10 miles with this SIM that always uses an never-before-seen IMEI that connects to the exact same set of domains. That's some mall ninja stuff.
Carriers don't just log IMEI/IMSI, as well as last hop cell towers and your precise location, they need those information to route packets back to the phone. You can't establish TLS with bogus IP addresses. That's why people like Stallman or unnamed friend of a friend ex-CIA guys on Internet says cell technologies are evil mass surveillance tools.
First, I think we can learn some stuff from looking at how the US government actually operated its known honeypots to evaluate the likelihood of Cape being a honeypot.
First, when it ran Anom, it went out of its way not to collect data on persons inside the United States. U.S. Anom users never had any of their data captured by the FBI because it raised profound 4th Amendment concerns. Cape is operating in the U.S. and is seeking U.S. users. Typical U.S. honeypots are generally targeted abroad.
Second, the U.S. government has historically not used former military officers with ties to defense contractors as the people that built and operated the honeypots. With Anom, they co-opted trusted members of the secure phone community. The very fact that the company is very open about its founders is a pretty good sign that they are probably not a honeypot because they would not make a very good honeypot for the truly criminal element.
Third, Cape is incorporated in the United States and seeking U.S. users. In the process, it's making some fairly aggressive claims in its privacy policy and terms of service about its products that would subject them to breach of contract and fraud claims if in fact they were secretly not doing those things.
Fourth, the legacy telecoms have a long history of selling your data, secretly cooperating in national security programs of questionable legality, etc. It seems like Cape can't possible a worse option than the status quo.
Peel really only protect your privacy at the level of purchase. Not associating your name address or any other data with your phone number. Cape seems to be doing something far more technical so that no one can locate you by your phone number using ordinary triangulation.
Mitigating SIP and TDM spoofing requires broad cooperation among every other Telecom provider. That doesn't exist today, you can't prevent people from spoofing your number.
Page directly addresses right to privacy through explicit commitment to data minimization ('We ask less'), limited tracking ('We track less'), and immediate deletion. Frames privacy as protection against arbitrary interference.
FW Ratio: 60%
Observable Facts
Landing page headline: 'We ask less. We collect the minimum amount of data needed to provide our service.'
Explicit statement: 'We track less. Any data we do collect is deleted as soon as possible and never sold.'
Page emphasizes 'Your plan includes premium security features' as protection mechanism.
Inferences
The service's core value proposition directly operationalizes Article 12's protection against arbitrary interference with privacy through structural data minimization.
The 'never sold' commitment eliminates the most common mechanism for privacy violation in digital services, protecting users from commercial exploitation of personal data.
Page explicitly addresses right to life, liberty, and security of person through privacy and security framing. Messaging positions data protection as essential to personal security and freedom from intrusion.
FW Ratio: 60%
Observable Facts
Page states 'Your plan includes premium security features to give you peace of mind that you're protected.'
Landing copy emphasizes 'Any data we do collect is deleted as soon as possible' showing commitment to security of person.
Service explicitly commits to not selling data, protecting users from unauthorized exploitation of personal information.
Inferences
The privacy-first architecture directly supports Article 3's guarantee of security by minimizing opportunities for data breach or unauthorized access.
The deletion-as-default practice demonstrates structural commitment to ensuring that personal data cannot be weaponized against individuals' security or liberty.
Page frames privacy protection as enabling freedom of expression and opinion by reducing surveillance and data-driven profiling that could chill speech. Does not explicitly address freedom of expression but implicit in privacy-security framing.
FW Ratio: 50%
Observable Facts
Service explicitly commits to not tracking or profiling users for behavioral analysis or targeting.
Data deletion practice prevents long-term surveillance infrastructure that could monitor expression patterns.
Inferences
By preventing data collection and profiling, the service removes technical infrastructure that could enable surveillance-based suppression of expression.
The privacy-first design implicitly supports Article 19 by eliminating commercial incentives to monitor or profile users based on speech patterns or opinions.
Landing page articulates principles of data minimization and deletion, framing privacy as foundational to human dignity and freedom from intrusion. Messaging emphasizes protection of personal autonomy through 'ask less, track less' philosophy.
FW Ratio: 60%
Observable Facts
Page headline states 'Cape was built from the ground up with privacy and security at its core.'
Landing page explicitly commits to three principles: 'We ask less', 'We track less', 'You get more'.
Text states 'Any data we do collect is deleted as soon as possible and never sold.'
Inferences
The preamble's emphasis on human dignity and consent is reflected in the service's stated commitment to minimal data collection and explicit deletion practices.
The structural design choices (privacy-first framing, security features in premium tier) suggest intentional alignment with privacy as a foundational right rather than optional feature.
Page does not explicitly engage with human equality or dignity language, though privacy-first design philosophy implies respect for individual autonomy and equal protection from data exploitation.
FW Ratio: 67%
Observable Facts
Subscription model is advertised at $30 for first month, creating economic barrier to access.
No language on page addresses socioeconomic equality or universal service principles.
Inferences
The subscription-based access model, while not prohibited, creates practical inequality that may not align with Article 1's universal dignity principle for economically disadvantaged users.
Page does not explicitly address right to adequate standard of living or healthcare. Privacy and security features may indirectly support health by protecting medical data, but no explicit health engagement.
FW Ratio: 67%
Observable Facts
Service requires $30 monthly subscription, creating economic barrier to access.
No language on page addresses affordability or subsidized access for low-income users.
Inferences
The premium-only access model may inadvertently create digital health equity issues if service is used for health data protection, as economically disadvantaged users cannot access privacy protection.
Service is built on privacy-first architecture. Data collection is minimized by design, tracking is restricted, and data deletion is automatic. No observable data sales or third-party exploitation mechanisms.
Service architecture is designed around minimizing data exposure and ensuring user security. Premium security features and data deletion practices are structural commitments to this right.
Homepage design prioritizes privacy features in value proposition. Call-to-action centers on security and protection. No observable hostile tracking or data exploitation mechanisms visible on-page.
Service architecture eliminates commercial tracking and data profiling mechanisms that could enable censorship or expression suppression. Structural commitment to data deletion reduces surveillance infrastructure.
Subscription paywall limits access to service for economically disadvantaged populations, creating practical inequality in access to digital privacy protection tools.
build 1ad9551+j7zs · deployed 2026-03-02 09:09 UTC · evaluated 2026-03-02 11:31:12 UTC
Support HN HRCB
Each evaluation uses real API credits. HN HRCB runs on donations — no ads, no paywalls.
If you find it useful, please consider helping keep it running.