You have some important things you are working on with your team. Maybe it’s a patent application for a new technology, or something you need to be absolutely sure is kept private even though you are communicating over a distance.

The main thing is you need something that has never touched the internet or public phone networks and that you store in a Faraday bag and powered off when not in use. Even so-called “black phones” use the regular phone system and they sit around on desktops, in pockets, cars, etc. and present an attack surface 24/7.

The best solution we found to date is a DIY “Batphone”. You can buy the phone used or reconditioned from eBay or Amazon. Most any Google Pixel models (4, 6, 7, 8, etc) will work, but we prefer the 6a for cost and other factors. You can use the free version of privateLINE (limit of one device and split tunnel Shield), but if you upgrade to premium ($99 per year) - you will get up to 5 devices and Total Shield (full tunnel), which keeps your Batphone completely off the internet. The advantage of this kind of device is that once you wipe the stock Android firmware from the phone, it will largely be “de-Googled” and like a brand new phone. This device will also support privateLINE’s forthcoming private cell network (powered by ATT).

This phone will be used only for the most important calls, so you will never connect it directly to the internet (it will be firewalled and only run privateLINE-approved apps). Apps include all of the privateLINE apps and other forthcoming apps.

If you would like to upgrade your security, please visit privateline.io and sign up for an account.

This is how you do it in a nutshell:

1. Get an UNLOCKED reconditioned Google Pixel phone for your area (e.g. US, EU, India, etc). We like the 6a because it is the best value and is supported for a number of years going forward. There are newer and better phones, but this one does the job at the lowest cost, currently about $200 +/- on Amazon. We’re also testing Pixel 7 and other models.

2. You will be installing the secure GrapheneOS, which wipes out stock Android firmware. I used a current MacBook Pro, but Windows machines also work. You should follow the GrapheneOS installation instructions or watch the below video:

This is a great explainer video. Be sure you have a very good condition cable, as a bad cable will waste a lot of your time. Be sure to carefully follow the directions in the video.

3. Once GrapheneOS is installed, you will need to configure your new phone. Be sure to never charge it from a device like a laptop or computer, only use a dedicated wall charger and never connect to the internet directly via any USB cable, unless you are already in Total Shield (full tunnel) mode.

4. Make a USB stick with all the apps you will need on your Batphone. I recommend putting these privateLINE apps on the USB: PL Comms, PL Auth, and PL Meet. Brave browser is also a good choice, though GrapheneOS comes with Vanadium browser, which is also pretty good. Get the privateLINE apps from the privateline.io web site (so that you don’t leave any footprints at the Play store), and the Brave browser from brave.com. Use a different machine that is connected to the internet to download. Once apps are on the USB stick, eject it from the computer you used to download and mount it on your Batphone. Go to Files from the top deck of your Batphone by swiping up in the middle of the screen and choosing the Files icon. Click on the “hamburger” in the upper left and then at the bottom of the list choose your USB drive. If you have a problem finding the USB stick, check permissions (Settings—> Security—> USB). USB peripheral should be set to Allow New USB Peripherals. USB-C port should be set to ON. Go to FILES, then choose the hamburger in the upper left. You should see the memory stick connect in the Files app on the phone (note: low-end USB sticks may not connect, and you should use a new one that hasn’t been used with many devices). If you don’t see a USB device, try removing and plugging in the USB device again.

   BE SURE TO CHANGE THE SETTINGS BACK TO BLOCK USB DEVICES ONCE YOU FINISH COPYING SOFTWARE TO THE PHONE, to maintain security for your device if you will never use the USB port for anything but charging. NOTE: you can also use a USB-C to ethernet cable to connect to the internet if you are concerned with RF. Turn off Wifi, turn on the PL Connect app in Total Shield mode, then plug in your Batphone to the ethernet. We have tested this and it works.

5. NEVER use biometric security. People are losing fingers to crooks who want access, and courts have ruled the police can forcibly use your finger to open your phone. Biometrics are a terrible idea for security.

6. Be sure to always keep your phone POWERED OFF when not in use for security. You want to keep hackers away from the device, so be sure to keep it in a Faraday bag like this inexpensive one from Amazon, you can get two of them for about $14:

We like this USB stick, because it has both USB-C and USB2/3 in one tiny stick.

The 32G version runs about $13. We’ve had some issues with adapters in the past and this works reliably.

Good luck with your new Batphone!

Here are some instructions on best practices on how to use your new “Batphone” and keep it off the internet.

**************

1. Keep the device powered off when not in use. It’s harder to attack a powered down device. Bluetooth can still function for several hours as a “Find My Device” feature on Android/GrapheneOS devices ( you should keep this feature OFF). This is also true for iPhones in case you were wondering.

2. Keep the device inside the sealed Faraday bag. Most signals won’t be able to reach the device, improving security. NOTE: most common Faraday bags will stop signals down to 800 Mhz. There are other tracking systems that use lower, more penetrative frequencies, like Lojack for one.

3. Use the “Batphone” for important calls only. Every time you connect to something, you run the risk of an attack. Use your regular device with privateLINE and when you want to do an important call tell them “please switch to the Batphone”.

4. Use a different wifi location each time you call. This might not be convenient, but cafes out of your area or open wifi not at your home base are best if you are concerned with keeping “off the grid”. Many wifi access points are monitored, so the fewer connections, the better. Leave your regular phone at home, as it can be used to track you and associate your “Batphone” with you when you connect that device. Keeping your regular phone at home will not set off alarm bells, assume it’s being monitored and treat it accordingly.

5. Create a dedicated privateLINE account for your “Batphone” and a regular privateLINE account for other devices so you won’t mix them up. You can use the same account, but your text chats will appear on your other devices. Only connect with the most important people who care about their personal safety and security, and who also use a Batphone and keep the account name private.

6. Erase text messages after they have been received and viewed by the recipient.

7. Minimize groups. Prefer one-to-one calls if possible.

8. Only connect with others who are using a “Batphone”. In the future we will have tools to help you know the security status of the device you are connecting to. (i.e. Blue for private phone and private cell network, Green for regular phone, etc)

9. Move away from other devices that are not secure, anything with a camera, microphone or wifi/Bluetooth capability when making your Batphone call. Best to close all windows and doors and go out to the garden. Microphones are very sensitive and can pickup conversations up to 10 offices away. Use an ultrasonic microphone jammer like this one from AliExpress near the other devices to overwhelm those mics.