So, they found nothing suspicious with devices or apps.
Also made some far fetched connections of Flipper Devices to companies owning the hackspace Pavel Zhovner worked in, and attributed his trolling and making anti-censorship tools "as actively supporting the authorities in Russia". lol.
Paranoia isn't the only factor in a purchasing decision. It seems quite clear to me it's a Russian company trying to hide that fact for obvious reasons. I appreciate pnw posting this and making me aware before I decided to send money (indirectly) to Russia.
Even the report mentions the team members moving to Tbilisi, Georgia. Afaik Pavel moved to Dubai and still has Ukrainian citizenship. So I doubt a significant portion of company's money ending up in Russia, maybe except salaries of a few engineers. But it's pennies compared to how much the regime is paid for the resources, if that's what you worry about.
Semantics aside, I think it's quite clear they are trying to mislead by giving the appearance of being an American company. What does their company address show on their website? Delaware.
The report mentioned that their LinkedIn profiles changed from showing Moscow to Tbilisi. I'm sure I could also change my location to Tbilisi on my LinkedIn profile. How is that a meaningful argument? I don't want any amount of my money going to the Russian economy if I can avoid it, even if it's merely pennies as you say.
I'm not sure why you assume malice intentions by default.
Using a legal entity in a more convenient country for a startup seems like a common practice, including listing the address of such entity on the website. You'd be surprised how many companies are incorporated in America, pay taxes there, but have founders/employees/contractors elsewhere around the world.
So, I personally wouldn't count it as active effort of "trying to hide" or "trying to mislead".
> The report mentioned that their LinkedIn profiles changed from showing Moscow to Tbilisi. I'm sure I could also change my location to Tbilisi on my LinkedIn profile. How is that a meaningful argument?
Again, not sure why assume malice intentions. I also updated my Linkedin location when I left Russia, is that surprising?
> Why do you care to defend them so much?
Pavel pays me 15 rubles per comment of course! (tbh not sure why I waste time on this :D)
Thanks for your condescending explanation of corporate practices. I'm sure the typical HN reader is completely ignorant to those facts. Perhaps you could also explain Russian corporate practices and ethics to us all.
Only you are saying anything about malice. Everything is easily explained by greed (or the desire to simply gain if you prefer softer language).
The device is nothing more than a quite powerful STM32 board with some interesting peripherals added and of course a very powerful firmware/software, which is what makes the difference. However, as everything is Open Source, it can be ported to a similarly designed, possibly different looking, device without the code that phones home, an it probably is what hackers should consider since the Flipper Zero has been banned in some places and being caught with it say in a airport could be enough for confiscation and/or interrogation.
Also, it is overpriced for what it contains; they could sell it at half the price and still make a significant profit. And frankly, as someone who is 100% on Ukraine's side against the barbaric Putin invasion, I'd rather use my money to buy some electronics from Ukrainian surplus shops on Ebay.
As it should, and US consumer protection is failing to act, this is from the report. People do not understand the level of control the Russian authorities maintain over businesses in Russia and citizens.
1. Flipper Devices Inc. is registered in USA as their main office, but no development or business is done at that address. The address belongs to a ”mailbox” company.
2. A majority of registered staff on LinkedIn were until recently registered in the Moscow region, (but suddenly moved to Tbilisi, Georgia according to their LinkedIn profiles.) - No developers remain in Russia according to LinkedIn.
3. TZOR and Neuron Hackspace shared the same address during the period of 2012-2013. (Neuron Hackspace used the address before TZOR was founded.) The Company of the founder of Neuron Hackspace, Esage Lab/TZOR, is placed on US sanction lists due to the DNC hack 2016, under the claim that the company provided tools to the Russian intelligence GRU and FSB. The attributions were validated both 2017 and 2020.
4. The Company and founder of Neuron Hackspace, Esage Lab/TZOR, had contracts with at least two companies that delivered services for the Russian government, FSB and the Russian
military.
5. The founder and CEO of Flipper Devices Inc., has been involved in activities, such as running the DDOS site putinvzrivaetdoma.org, that could have attracted the attention of Russian security services.
6. The founder and CEO of Flipper DevicesInc., has been involved in activities since he moved to Moscow that can be interpreted as actively supporting the authorities in Russia, like trying to sabotage Alexei Navalny’s blog in 2014 and building a tool, Zaborona_help, to circumvent Ukrainian blocking of the Russian websites
The assessment is that there is an even chance that Flipper Zero has links to Russian Intelligence Services. The founder and financier of Neuron Hackspace was placed under US-sanctions due to providing tools to FSB and GRU related to the DNC-hack. The validity of the investigations behind the US-sanctions has been confirmed in 2017 (Intelligence community assessment) and 2020 (Senate Intelligence Committee). Pavel Zhovner’s past activities and that he seems to have been an early member of Neuron Hackspace contribute to this assessment.
It is at the same time likely that Russian authorities are well aware of the distribution of Flipper Zero and monitors the situation for opportunities to gain other types of benefits, either in form of influence over the hacking community, recruitment of talented hackers for similar projects or even attacks of infrastructure or other targets in the future.
It is also likely that Russian authorities will remain to have a substantial influence or control over this hacker community and could benefit from the future possibility to recruit talents with some form of combined security and IT background or even to blackmail foreigners that have been connected to this community.
I wasn't aware of a Russia connection until this post. On flipperzero.com near the top it says:
>Our team was originally formed in Neuron Hackspace by collaborating with industrial design and manufacturing experts Design Heroes.
A quick Google search for Neuron Hackspace and Design Heroes shows their location as Moscow. I'm inclined to believe the detailed report from that blog post and am glad I did not end up buying the device.
> I wasn't aware of a Russia connection until this post.
I'm still not aware of it after reading the post. Pointing out that some of the people on the project were members of a hackerspace in Moscow at some point in the past is not remotely sufficient to substantiate that there exists any current connection between the project and Putin's regime.
You refer to the post, but did you read the PDF linked to it? There's a conclusion section that's easy to digest.
As far as a connection to Putin's regime, you should read up the thread and note that nobody here mentioned that. Regardless of their supposed affiliations or lack thereof, I'm not interested in sending money to the Russian economy by purchasing a product from a Russian company. It's that simple. I think others would want to know that same information so thanks to pnw for mentioning it.
You mean like the CEO does work for FSB lives in Moscow supports the Russian war effort and built a service to silence Putin's opposition is not enough? We need to get him shaking hands with someone or cashing a check from FSB for services?
https://simovits.com/flipper-zero-zero-trust/