Peppermint co-founders join QSAlpha to produce Quasar IV encrypted cipherphone

Peppermint co-founders join QSAlpha to produce Quasar IV – The World’s First Self-Authenticated Cipherphone Designed To Protect Your Digital Identity

There’s an indiegogo crowdsourcing campaign with a lot more info about the high spec phone here:

Shane and Kendall assure everyone that Peppermint is to continue:

I WANT ONE :slight_smile:

Mmm, I see … so cheesey ad aside (!) … what makes these guys more trustworthy than anyone else?

  • Surely their punch-line is self defeating?

Incidentally I would agree with their punch-line, “you are responsible for your own security” … however, if you trust your security to a device designed and built by someone else, you’ve just thrown the whole thing out the window!

Unfortunately they “cannot” design every component in the device and re-write every bit of operating software on the device, hence they cannot guarantee that none of the hardware [/software] manufacturers haven’t put a back-door in somewhere … this is the essence of the current NSA problem - you don’t know where they’ve been putting their sticky little fingers.

If the NSA have paid off graphics chip manufacturers (of which there are very few) or indeed CPU manufacturers (say Qualcomm) to have a little bit of extra electronics to give them a hardware back-door (I say if , Mr Snowdon appears to be implying they’ve done this a lot …) … how are these guys going to know? All you need is a really cool app that everyone downloads that can listen for NSA requests and access the HW back-door on demand. All it would take would be ONE custom CPU instruction to kick it off, try spotting that with your anti-virus code!!

I’m reminded of the security analogy; it doesn’t matter how many inches of steel you use to cover your Windows if the bad guys have a key to your front door!

I have no idea how or if the security works, and I’ve come to the conclusion we may never be NSA/GCHQ proof … but remember, there where/are plenty of say celebs out there that would have liked encrypted comms a short while ago, or the cheating husband worried about being tracked by a private investigator, etc. :wink:
(Blackberry made a ton out of being trusted by corporations … even when they were probably not NSA/GCHQ proof either)

Security and whether it works aside … take a look at the phone spec/price, and the dual cameras for 3D augmented reality, etc.
(it also works as a normal Android 4.3 smartphone with access to Google Play … here’s a quote “Google Play apps & Android functions are not effected. QuaStore will NOT replace Play - It will be for Quatrix Apps”)

And when you consider if you pledge now, you’ll get it even cheaper ($495 if you’re one of the first 950)

It looks pretty good to me, with or without the security benefits:-


Hmm… What a turnabout :o

I wondered how long it would take someone to spot that, and the reason I added the smiley :wink: … knee jerk reaction, I’d still have little need for one … they’re still not my thing :slight_smile:


Let me add (before people jump to conclusions) … just because I’m a member of Team Peppermint, I am NOT associated with, or have any inside knowledge of the QSalpha project … the 2 projects are to the best of my knowledge completely separate.

I was informed of the QSalpha project a couple of weeks ago, so I was ready to field any questions on whether it would impact the continuation of Peppermint, and that is all … It will NOT, Peppermint is to continue as a separate project :slight_smile:

Ok. I must be missing something so excuse me. Is it a phone, operating system or both? There are some hefty price figures in there as well.
Right so nkw I have managed to read the links I understand.
Great if it comes off but yhe latest Ubuntu affort failed to get enough backing. I hope this does better.

Prices are in $US, there’s no way of knowing the price over here after our friggin greedy government take their pound of flesh … but theoretically it should be (as shown above) somewhere between the Galaxy S4 and iPhone 5s … but with a better spec than either.

Their goal is much lower than Ubuntu’s and would have been covered 4 times by what Ubuntu managed to raise … that said, they are coming to this without Ubuntu’s “community” or “name” … they’re starting from scratch as an “Unknown”, so who knows what will happen.

First, the spec is not outstanding, it doesn’t look too bad, but the target price is billed at $800 for a spec that’s maybe 15% ahead of a Nexus 4 in some aspects … when a Nexus 4 is £159 … including VAT. Take a look at the Nexus 4 spec …

Essentially what they’re selling is a.n.other Android phone, which doesn’t exist yet, with a pre-installed security app and a cheesy sales video. Some of the things we should be paying attention to are the things they’re not saying. I notice the weight isn’t listed, and as a smart phone user I can tell you the weight is very important. If we look at the Battery it’s a 3300 as opposed to the Nexus 4’s 2100, so the battery “may” be better, but the thing’s going to be a relative brick to carry.

Updates, I see no mention?? My wife had a HTC for example that’s still running Android v2 … because they customised it so much, it seems that it’s not cost-effective to update, so essentially it’s like buying a Windows computer that will only every run Windows 95. When I buy a smartphone, the update frequency is one of the first things I look for, because I like all the things you get from updates, like better power consumption, new features, and, oh yes, SECURITY PATCHES! … so you might find for example that when Android 6 comes out, these phones are still running on Android 4.3 and some smart-arse has found an over-the-air wireless hack for Android 4.3 (there is a competition running at the moment on this) and effectively the super secure $800 phone is a brick.

Recommended rules for buying a smartphone;

  • Always purchase the phone and contract separately - never buy a package including the phone
  • Don’t spend a lot of money, your phone will be out of date in 6 months and obsolete in 24
  • Always make sure the manufacturer promises to follow Google update schedule (ish)
  • Make sure it’s Android store compatible - it’s the apps that make the phone!
  • Don’t buy anything with a super-duper customised version of Android - it won’t get the updates!
  • Make sure your case comes before or with the phone - corning Gorilla glass is more fragile than they would have us believe

Mr Shuttleworth couldn’t score crowd funding for a.n.other Linux phone - it’ll be interesting to see how these guys do …

Incidentally, I can highly recommend the Nexus 4, just so long as you don’t drop it on a hard surface …

Mad Penguin, there must be a rom for your wife’s HTC. Have you tried looking on Xda website?

I am pleased that the Peppeemint guys are looking into a super phone but…it would have to be Peppermint based for me to adopt it.
As I have said before. The safest Andriod mobile is one that is rooted (discount my wife from that!) and running permissions software. Rooted also means firewall blocking. No brainer.

I gather it’s a fairly stock 4.3, and everything else is either on top or hardware (so I’d assume it’ll be easily upgradeable) … but yeah, it would be handy to know for sure that Android would be easily upgradeable or done over the air as a matter of course … particularly as it’s high end.

Are you saying there’s no room for a.n.other Android phone, that just might disrupt the industry a bit … it may work, it may not … but even if all it does is spur the industry into seeing security of comms as important as app security … that can’t be a bad thing ?

Considering most people bitch (incessantly) about smartphone battery life, I’d be willing to bet most would prefer a larger battery to having to lug around a spare or a charger. :wink:

I’d like to see where this leads … so want it to be a success.

Though really I too would like to see a proper Linux phone.


Can I also add that the LAST people I’d trust to do secure comms would be Google … what’s in it for them, they’re a data mining and advertising company.

Mmm, doesn’t matter, there will be a build that’s specific to their device, and unless someone is prepared to foot the bill to build (and test intensively) new images as Android releases come out - it won’t happen. (i.e. don’t buy phones that don’t have a large user-base / loud voice)

I’m saying that hardware is becoming generic, hell even the New Lumina Windows phone has been built to run (and tested with) Android.

What worries me in this instance is that they appear to be advertising something “unreal”.

It’s not new, it’s not revolutionary and as we’ve just discussed, it’s not even that different as it runs a stock Android 4.3.
What they’re advertising is a security app on non-mainstream hardware.

Given the hardware is generic, why not take one of the already very good devices out there, and just add the app?
(instead of getting people to part with money to [hopefully] build something that they think they can do better than Sony / Samsung / LG / Nokia / RIM / Motorolla / HTC / etc … and what happens if they spend the money and the device doesn’t work … ??

Firefox already tried to build their own phone - from what I can see/read it’s a flop.

Ubuntu couldn’t get funding.

Is there room for these guys? $800 for a phone that’s apparently “more” secure than a normal phone when you happen to be speaking to someone else who also has the same $800 phone … unless of course the NSA has a back-door into Android …

I think it’s doubtful.

So the message of the day is what ? … stick to the big boys as they know what they’re doing and will standardise everything … that’s Linux dead then :o

The hardware is REAL, and has been tested (as fas as prototypes).

it’s revolutionary as far as the encryption not needing a middleman … but I’m no expert in these things.

The hardware looks will to be a VERY good spec … I’ve read the quad core snapdragon is an order of magnitude more powerful that other chips
(and it’s as cheap if not cheaper than the other high end phones, but with a better spec)

then there’s the dual cameras with augmented reality, at a MUCH lower price than Google’s stupid spectacle thingy

I gather the firefox phone isn’t a flop at all in asia

It seems you’re willing to shoot the device down without having seen it or givien it a chance … now I don’t know, it may turn out to be crap, but until I “know” for sure I’ll take it on face value that it is what it is … otherwise how the heck would anyone know if it would have been a game changer or not (or even just a good alternative phone or not) ?

Would I front up for a phone that’s not in production yet ? … that’s a tougher one, no I probably wouldn’t (even knowing I’d get my money back if it didn’t go into production) … but then sites like indiegogo and kickstarter aren’t for me, they’re for people who’d like to see change and ARE willing.

I must admit though that the price you can get such a high spec phone for ($495) by being one of the first to pledge would probably be tempting … as for the retail price, well I’ll comment on that once they’re actually being retailed, so I can make a more informed decision if it’s worth it or not.

The message of the day is “vapourware”, just my opinion obviously - time will tell … :slight_smile:

This solution will only be useful if “everyone” has it - a bit like encrypted SMTP. Given it’s being touted by a small outfit, and the device is expensive it seems rather unlikely. Indeed looking at the rate their funding graph is going up, they’ll be lucky to make a quarter of what they need in terms of funding. (and based on what other outfits are asking for re; similar projects, they’re not asking nearly enough)

Here is the fundamental flaw; you have one of those phones (unlikely based on your comments I grant you … :wink: ) and I have a Nexus 4. You send me an encrypted message, or make an encrypted call to me. How do I decrypt it? Issue 1, if I can decrypt it, someone else will be able to too. Issue 2, if I have software on my device to decrypt it, and my device has been hacked (or has a back-door) , someone else will be able to as well. To expand on issue 2, if there’s a back door in Android (and my guess is that there is) then the NSA will be able to get into this new fancy phone and access the encryption technology and use it to decrypt your comms.

During a recent interview Linus pretty much admitted he’d been approached re; inserting a backdoor into Linux … another kernel developer when quizzed came back with “not that I can talk about”. Android is run by Google - not sure they’re going to be so quick to say “no”.

These guys on the other hand might be a different story;
They just got £7m funding and their project runs on all manner of currently available devices, and whereas it may not look like a security solution, it’s worth noting that it’s a version of Android that supports SELINUX which means it’s going to be way more difficult to hack into in the first place. I would have thought [!] SELINUX would be the “first” thing these guys would be looking into re; security, rather than a custom designed chip just to encrypt communications. (we’re back to the secure windows / front door unlocked analogy again …)

IMHO qsalpha-quasar-iv would do far better developing apps to provide secure comms that would run on Cyanogenmod and thus be an available option to 50%+ of all current Android phone / users … which wouldn’t require any funding and would give them a potentially huge market rather than a tiny one.

Anyway … I’m probably wrong … I’m usually pretty good at completely misjudging technology … :wink:

Incidentally (re; Mozphone) , it depends on how you define “flop”. To me a flop is a rating of 1 star of 5 … if you’re going to work in on sales figures, sure, if it’s cheap enough (which it is in many respects) then yes, lots of people will buy it … as I understand it the quality is sufficiently low (irrespective of the price) that they’re not even planning to market it in Europe or the US … (!)

You may be right re funding … I hope not, I always like to see the little guy get a chance, even if they end up making a complete balls up of things.

Wasn’t SELINUX an NSA project in the first place ? <–serious question, in light of current developments can SELINUX be trusted ?

I’d also agree they may be better off doing something similar in software … though I gather the key part of things requires hardware (be that on a third party server or their solution without a third party being involved) … but I still like the spec of the phone (from what I can tell) so see it as just a.n.other Android phone with possibly some benefits … and I can’t see the harm in another phone on the market.

From what I gather, it’ll all be opensourced eventually … or at least the software side of things … not entirely sure.

Sure the encrypted side of things will only (AFAIK) work between 2 of the same phones … al la Blackberry (but without the blackberry servers being involved) … but I think that’s the point … for security concious companies etc. buy 2 … but it will work as an unecrypted (or using the normal Adnroid encryption method) for other phones.

To tell the truth, I think they’re getting slated because of the security emphasis … if this was just touted as a high end phone with augmented reality I think it would do better … people seem to be overlooking that, and getting hung up on whether to trust the encryption.
I have no answers to whether the encryption method is any good or can be trusted … but as a small outfit producing a good phone that “could” have potential (with enough devs onboard) with the augmented reality thing, and the fact they’re saying they’ll open source their software, I’m willing to kinda lay the security aspect to one side for now.

Doesn’t mean I’ll put my money where my mouth is, but that’s no reflection on the project itself … purely that I’m not a risk taker, and don’t need an Android phone … with or without encryption. :wink:

I truly wish them luck … and not just because I vaguely know 2 of then from the Peppermint project … but because I’d like to see one of these things in the flesh … who knows, maybe I’ll hate it, or it could be the game changer it’s touted to be … my point is, “only one way to find out” and that’s if it goes into production … so I hope there’s enough risk takers out there.

Dunno how well their funding is going … sure it currently looks far too slow to achieve their goal … but I’ve never really watched these things, didn’t the Ubuntu one have a massive spurt at the end, where people were obviously waiting and gathering info ? … who knows.

BTW, they’ve just released “some” extra info (with more to come according to them) here:
Wasn't SELINUX an NSA project in the first place?

I think it may have been, indeed there’s been some discussion on NSA contributions recently (they actually contribute quite a bit) and the feedback I’ve seen is that (a) anyone can contribute (b) their contributions are valuable (c) it’s been vetted by Linus and (d) we’re not dropping good contributions just because of bad press. Seems reasonable, although I know what you mean, “NSA” is tainted … but they if they were going to insert something, to be realistic they wouldn’t do it under their own name (!)

if this was just touted as a high end phone with augmented reality I think it would do better

I would agree … however augmented reality is an “app” feature and already available on both iOS and Android …

… I wouldn’t go so far as to call the project a scam, however I find it difficult to believe that “they” think they’ll get the funding, and as far as their video goes … “our design principle is based on the way of the Ninja” … seriously, I have to wonder.

I do appreciate the similarity with BB and secure messaging … but you’ll be aware that although BB have some very nice new phones (Z10 etc) that they’ve not been doing so well … and yesterday they announced they were losing 40% of their workforce worldwide … ?? It does imply that there is a flaw somewhere in their business model, which is based on security … (??)
[not least as their devices and OS are excellent!]

My point about the NSA/SELINUX was that if we can’t be sure SELINUX is secure … bashing the security here ATM seems a bit OTT.
If it were a purely software security thing, and they weren’t explaining well enough how it worked I’d be right there with you asking why … but it can also be seen just “as a phone” and apparently a good one (as far as spec).

The augmented reality side fo things again I’m not that familiar with, but surely depth of vision and perspective with the 2 fairly high def cameras (at average eye width apart) would open up new possibilities here for smart devs ?
(surely more than the Google glass’s single camera ?)

I know SELINUX is OSS so has many eyes on it, but I’m saying a certain amount of paranoia has set in that’s currently tainting ANYTHING that touts itself as “secure” … possibly rightly so.

Oddly, this phone was in development since WAY before the recent revelations, and would probably have been welcomed back then … now (and unexpectedly) it seems to be harming them, right when I’d have expected it to be welcomed MORE … people are strange creatures :slight_smile:

I think what harmed Blackberry is simply the lack of devs (so software) and the fact it took them far too long to release a decent touchscreen device … they simply missed the boat … as you say, it’s not because their OS or hardware is NOW lacking.

As this is Android, that doesn’t really apply … I would have THOUGHT the world would welcome a phone that’ll run Android apps, but be as security concious as a Blackberry … confusingly, the timing seems to be conspiring against it, which I quite frankly find ODD. :o

Mmm, I think my problem with it is that I look at the overall package and think “that’s clearly not going to fly”. Then I assume they must know this and I wonder why they’re doing it.

Sent from my Nexus 4 using Tapatalk 2

If you’re right, I suppose there could be a million reasons … publicity, maybe attract some investors, etc. … there have been a lot of kickstarter projects that haven’t made their target yet still made it to production.

If you’re saying there’s something underhanded going on … OK, I haven’t known Shane and Kendall for very long, but I doubt if they’d knowingly be involved in something shady.

And considering they’re involved in this off the back of Peppermint, it would have had to have been “long in planning” … which just doesn’t make sense ???

Ok, you’ve made me think it’s just me, so I’m going to Google for backup;

I love one of the quotes at the bottom of the article, sort of sums it up for me;

I'll buy in, what the hell. I'm expecting a rather large check from a Nigerian prince any day now, so it's not like I can't afford it.

Did Shane and Kendall Google this guy before getting involved ??

And now we have this…