Calyx Institute founder launches private wireless carrier with questionable marketing

The Calyx Institute underwent a chaotic restructuring process ever since its founder, Nicholas Merrill, departed the organization earlier this year. Although details were unclear, it is now apparent that he desired to focus on the private sector near the end of his tenure at the nonprofit.

Last Thursday, Merrill announced the launch of Phreeli, an American prepaid wireless carrier that promises to not collect personally-identifiable information.

Unlike traditional wireless carriers, Phreeli is a mobile virtual network operator, or MVNO, based on the T-Mobile network. It joins other MVNO providers like Cape Mobile that claim to provide similar privacy protections for their customers.

The only point of customer data that the carrier collects is their zip code. If account recovery is desired, email addresses are optionally used for account registration. Customers also have the choice to use anonymous payment methods such as Monero. It is unknown whether U.S. lawmakers will impose additional Know-Your-Customer (KYC) requirements for wireless carriers like Phreeli in the future.

To ensure that customer account data is not linked to an individual SIM card, Phreeli enlisted Least Authority, a cybersecurity consulting firm, to develop a cryptographic protocol known as "Double-Blind Armadillo" or "Double-Blind Privacy Pass" that relies on zero-knowledge proofs. According to their official white paper proposal, it works by routing operations, such as SIM activation or monthly payments, through a blind “mixing” service that ensures that observers cannot link the timing of these actions to specific users.

However, the white paper itself admits that Phreeli uses a "simplified" version of the Double-Blind Privacy Pass—a fact absent from their marketing materials and website.

Additionally, Merrill’s recent statement in a Wired article suggests that Phreeli can help shield its customers from cell phone tower tracking:

The towers are T-Mobile’s, but the contracts with users—and the decisions about what private data to require from them—are Phreeli’s. “You can't control the towers. But what can you do?” he says. “You can separate the personally identifiable information of a person from their activities on the phone system.”

However, reality is much more complicated than that. Even when a SIM card is acquired anonymously, users are still exposed to location‑tracking techniques such as cell‑tower triangulation or tower dumps. When a phone connects to the network, it broadcasts its unique International Mobile Equipment Identity (IMEI) number, which carriers use to pinpoint its position when they are served with a law enforcement subpoena.

Thinking about obtaining a burner phone or anonymous SIM card? You can already purchase a Mint Mobile SIM card in a store with cash for significantly cheaper. Phreeli may be suitable for those who cannot obtain them otherwise.

Phones are not private by design. Know this before using any cellular device for sensitive tasks.