"I've heard the best recommendation is a tablet + USB LTE dongle, to put some space between the two processors "

This is an interesting, and tempting, direction to go in ... my understanding is that this is problematic, however.

You see, in addition to all of the (radio stuff) that the baseband processor handles, it turns out that they also handle a lot of voice quality functions, such as noise cancel, echo cancel, interference, etc. - all things that we take for granted on all phones.

I have been told that VOIP apps running on non-mobile-phone "handsets" (like you're suggesting) are somewhat difficult to use for plain old voice, because they lack all of these functions which are difficult to replicate (and are wrapped up in a lot of patents and trade secrets, etc.)

I have no first-hand experience, however.

The open source PJSIP (which I do have first hand experience of) has echo cancel and some noise cancellation. It's not cutting edge but it works fine in practice. You might not get quite the quality of Skype but better than plain old landline telephone service.

A couple thoughts:

1) A LTE dongle still has a binary blob.

2) An example of the kinds of things one has to deal with: many 8 numbers will drop calls that don't provide a supervised signal to the public switched telephone network.

Many phone apps simply neglect to implement call supervision, which causes weird failures when interfacing with some pbx systems.

See here for some more detail: http://www.voip-info.org/wiki/index.php?page_id=3209

A dongle has a binary blob, but it's limited to the dongle itself -- it won't most likely be able to transverse the USB pipeline and get access to system memory / processes unless there are vulnerabilities in the USB transfer itself. I can also remove the dongle from the devise and know that baseband is off -- not so if the processor is on the phone itself.

It doesn't render all your privacy moot. It's limited to snooping on what you send over the radio, which is the same as what your cell carrier would have access to even with a secure baseband. (Edit: unless the baseband hacks into the software running on the other side of the radio and exfiltrates data right from your SD card... hm...)

What I would like to see is a way to verify that you're connected to a legitimate cell tower and not an eavesdropper.

In many/most phones, the radio can access the ram of the device(DMA). the reason is efficient transfer of data, but with that comes the possibility of the radio reading everything inside the ram, including encrytion keys.

> What I would like to see is a way to verify that you're connected to a legitimate cell tower and not an eavesdropper.

Is there a way for cell tower's to "sign" their announcements cryptographically with LTE?

Not necessarily - some processors (Snapdragon, for example) implement the baseband right into the core processor -- it will have more access than just the radios. I'm pretty sure the baseband also has access to the memory as well, right?

you are mixing things up. Privacy and Opensource. For a true open source project look at http://www.replicant.us/ And regarding privacy: Use SIM cards which do not require an ID and which you can throw away ;) but this is only the first step.

Privacy and Open Source can be the same thing -- the idea being that if we know how something was built, we can make sure there aren't any backdoors / "hidden" features that we don't know about. Most if not all of the open source operating systems still include a binary baseband blob, although work is progressing on a few (the best one I saw only worked on really, really old phones).

One of the main criticisms of the Blackphone was that A) PrivacyOS (I think it was called) was seemingly black box (no pun intended) -- they said they would open up the code soon, but we haven't seen anything yet B) It still would use a binary baseband. The illusion of security is sometimes worse than no security, and open source code helps with removing those barriers (Although it doesn't neccesarily -- just look at OpenSSL).