Simple steps to take before hitting the streets

  • AllNewTypeFace@leminal.space
    link
    fedilink
    arrow-up
    144
    arrow-down
    1
    ·
    6 months ago

    Leave it at home and, if you need a phone, take a burner that doesn’t have your personal data and isn’t logged into any of your accounts.

    • Snot Flickerman@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      50
      arrow-down
      7
      ·
      6 months ago

      You also have better found a way to pay for the burner in cash or with a pre-paid debit card. A lot of places in the US won’t let you buy a “burner phone” without a credit/debit card that has your name attached to it.

        • helenslunch@feddit.nl
          link
          fedilink
          arrow-up
          17
          ·
          6 months ago

          you can buy a prepaid SIM card from Best Buy with cash and a used phone from craigslist.

          It’s a good idea, but be sure not to share your phone number with anyone. You can’t trust anyone not to add it to their phone, attach your name, email, and other personal identifiers to it and upload it to Google or whoever, to be subpoenaed later.

          • rar@discuss.online
            link
            fedilink
            arrow-up
            13
            ·
            6 months ago

            Treating phone numbers in contact list with username was a brilliant idea (for the spread of mobile messengers like Whatsapp) but also a very horrible idea (for user privacy and everything else). I can’t just change a phone number for privacy. My acquaintances will gladly update them with my name, my old and new number, ready for Zucc to scoop them up in a fucking silver plate.

            • Chiro@lemm.ee
              link
              fedilink
              arrow-up
              2
              ·
              5 months ago

              Is there an answer to this? I have a billion contacts from work (vendors, coworkers, etc) and my personal life. I don’t use any social media other than this and Discord (I know, I know) so I don’t think anyone other than Apple and Google have them. I’d like to stop feeding all of this into the machine but I can’t think of any good alternatives off the top of my head besides carrying around a physical book of phone numbers with me, and that’s not really a solution that works for me.

      • GBU_28@lemm.ee
        link
        fedilink
        English
        arrow-up
        23
        ·
        edit-2
        6 months ago

        There’s a difference between “none of my personal shit on it” and a full on ghost phone.

        The first is worth doing.

        If you get arrested, they are GOING to identify you before you leave detention. Being fully ghosted and keeping your mouth shut will just keep you in detention at minimum for the hours allowed to them, and if they can pin you with some fake crime, even longer. If arrested, you will not escape them without some level of identification.

        • Baku@aussie.zone
          link
          fedilink
          English
          arrow-up
          5
          ·
          6 months ago

          Seriously. In Australia, you have to “activate” your Sim card with your full name, email, bank details (depending on the carrier), and a copy of your driver’s license. Hell, I bought my last phone directly from a carrier, completely outright, with cash, prepaid with no plan, and they took a photocopy of my drivers license. Buying phones elsewhere they’ve never done that to me, as long as it’s prepaid and bought outright, but for some reason the major telcos do it for all purchases

          • delirious_owl@discuss.online
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            6 months ago

            Usually what you do in this situation is go to the tourist hot spot and find a mobile shop pretending to be a tourist without a drivers license. Usually within a few days you’ll find someone who will use their info and sell you a Sim card.

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    55
    ·
    6 months ago

    While leaving it behind is best for privacy, the article touches on some reasons people bring them anyway

    Leaving your phone behind means the data it holds and transmits will be the safest it will ever be, but it also means giving up access to important resources. It becomes much more difficult to coordinate with others, or get updates from social media. For many, phone cameras are also the only way they can document what’s happening.

    If you have access to a separate phone, whether it’s a “burner” phone, an old smartphone that you can reset, or an old-fashioned camera, you could choose to bring these devices instead of your regularly-used phone. However, not everyone has access to these devices, or can afford to purchase a separate phone just for protesting.

  • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
    link
    fedilink
    arrow-up
    54
    arrow-down
    4
    ·
    6 months ago

    Just leave your phone at home, and bring a Digital camera, and few SD Cards … Oh, wait… < insert company name here > makes Cameras that spy on you… nevermind…

    maybe we should hire a fast sketching artist to draw police brutality … What.!.. your pencil can track you now… come…ooooonnn

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      28
      ·
      6 months ago

      No, its better to have a smart device that syncs photos to your encrypted cloud in case you’re attacked and your attacker breaks your SD card to destroy the evidence

    • rar@discuss.online
      link
      fedilink
      arrow-up
      11
      arrow-down
      1
      ·
      6 months ago

      Burner phone to anything that requires communication. Erase metadata of anything that will be shared and uploaded online.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          The point is not cheapness but that you don’t care about the future of that phone. It’s only a tool for the protest, if it lasts longer that’s good but you expect it to get confiscated and never given back, you don’t care what cops did with it if you get it back, it does not have data you need in your daily life or anything irreplaceable, and you’re not really afraid that it gets destroyed by accident or maliciously.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            Yes that is one definition.

            But what if you get it back? Or if you just keep it?

            There is a chance that you have Pegasus on there, and I wouldnt want a phone without the detection of this.

            GrapheneOS can likely detect pegasus with their Attestation and if you have it, use an external device to reflash it.

            • ReversalHatchery@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              6 months ago

              But what if you get it back? Or if you just keep it?

              There is a chance that you have Pegasus on there, and I wouldnt want a phone without the detection of this.

              You attempt to flash your full backup to it. And maybe then read it back if you can for verification that it was actually written to memory, but that probably won’t be possible when using fastboot. That’s all you can do that’s reliable, to some extent.

        • Snot Flickerman@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          4
          ·
          6 months ago

          All Androids since 9 at least have been encrypted by default as long as you have a lock screen enabled. Doesn’t matter if its cheap, it is there.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            6 months ago

            All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.

            So every piece of data you put on there is possibly tracked and collected.

            Then there are 2 more problems

            • the software is proprietary and cannot be externally wiped clean
            • the software is outdated

            This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites…

            But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.

            Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

            The firmware is protected and signed by the vendors, so it is likely clean.

            But Pegasus installs itself to the phone storage.

            If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.

            So a good activism phone needs

            • trustworthy and minimal system apps / stock software
            • modern software updates
            • possible to reflash whole device externally
            • nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation

            This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

            • ReversalHatchery@beehaw.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              Most of that is solved by installing a ROM that’s not user hostile, keeping it updated of course, and using the phone strictly as a purpose specific device.

              That means you run a trusted VPN on it so HTTP/S and DNS concerns go out the window.
              Sandboxed processes, blocked JS? Fine if you only install what’s necessary and don’t use the web browser. JS blocking is not a huge hurdle though, ublock does it with just 2 clicks.

              Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

              That’s right but I don’t think that this is enough. If the Pegasus malware (package) really is able to do that many things, it’s a walk in the park for it to modify any of the partitions, including that which contains the modem, or just data like the modem’s IMEI and MAC addresses.
              In the cause I would either restore a backup of all partitions, or throw the phone away (not literally).

              The firmware is protected and signed by the vendors, so it is likely clean.

              Except if they patched the verification mechanisms of the OS.
              Also, the firmware may be protected, but what about data partitions which are read by vulnerable software.

              This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

              Are you sure? My 6 years old phone still receives LOS updates

              • Pantherina@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                6 months ago

                Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

                Sandboxing, javascript

                Vanadium has sandboxing but its javascript blocking is useless (no granular control)

                Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

                it’s a walk in the park for it to modify any of the partitions

                These cannot be written without TPM verification or stuff, ask GrapheneOS devs about that, I dont know. The firmware signing is required, the verification will not be done inside the OS, that would be totally flawed.

                If they have the firmware signing keys, they can fuck you. If they dont, they can only write to the system partition, and Attestation can see that.

                Reading data has nothing to do with that. They likely can, but that doesnt matter.

                My 6 years old phone still receives LOS updates

                This will not include firmware and likely even the kernel.

                • ReversalHatchery@beehaw.org
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  6 months ago

                  Not sure if VPN eliminates all risks with 2G and 3G, maybe it does.

                  It doesn’t, but probably even on modern phones it only does if you explicitly set it to only use 4G but nothing below that.

                  Mull has no process isolation at all, but support for UBO and Noscript. Bad situation

                  If you only visit known reputable websites it’s probably not really a problem, but also, I think there are chromium browsers that have addons. Not sure though if there’s one that besides that also has the security patches.

                  These cannot be written without TPM verification or stuff

                  I doubt that it couldn’t be written, I believe TPM can only verify its contents and make the phone refuse to boot if it doesn’t agree on the authenticity of the partition contents.
                  However it’s also a question which partitions are checked that way: only the system partition? Or more? Probably not all, because they can’t verify e.g. the main user data partition, because it’s ever changing contents were never signed by the manufacturer. There’s a few dozens of partitions usually so this is not trivial to answer.

                  the verification will not be done inside the OS, that would be totally flawed.

                  Yes, verification is done by one of the bootloaders. At least partly, the OS and maybe other layers must be doing it too, just remember why Magisk had a feature to hide it’s processes and the controlling app itself from select system services and other apps.

                  Reading data has nothing to do with that. They likely can, but that doesnt matter.

                  Didn’t mean that. I meant writing data that is later being read by other important system software that is vulnerable to specially crafted quirks in that data.

  • GBU_28@lemm.ee
    link
    fedilink
    English
    arrow-up
    50
    ·
    6 months ago

    Layer one: “front line”: folks should be acting on passive listen/pushed information from folks far back that will not get kettled or trapped. Media they collect should be Livestreamed for safe storage… But they should be focused on non violent protest, emit the protest message and find/eject bad actors. Equipment should be “burner” quality, wiped and purpose setup with the expectation of seizure.

    Layer 2: “observe, document, report”: folks should be using encrypted apps to communicate, and should intend to not be arrested, and to collect as much quality content as possible. These folks should be ready to be arrested, but avoid as possible.

    Layer 3: “coordinate”: these folks should be digesting all possible data about risks, police activity, lawful orders, movements, etc. They should be feeding information about proper actions. They should use encrypted tools but plan to avoid arrest.

    This is all hypothetical.

  • henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    6
    ·
    6 months ago

    Phones are tracking devices. Do not bring your phone, not even turned off because many phones emit Bluetooth beacons and other data that can be recorded and traced.

    If you bring a phone, make sure that phone has no idea who you are.

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      24
      ·
      edit-2
      6 months ago

      Even if the phone doesn’t know who you are, the shop that sold you the phone or the SIM, or the credit card company you paid with, can know who you are. So you’d have to use cash. Even without these, your movements can be tracked through a burner phone and informed guesses made about who you are (e.g. if the phone has been at your home or with your friends).

      Turning off your phone doesn’t necessarily protect you from tracking either:

      https://www.androidauthority.com/android-15-powered-off-api-pixel-9-track-switched-off-3425472/

      Easiest, as others say, just not to carry a phone.

      • TheOSINTguy@sh.itjust.works
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        6 months ago

        In some places, you cant buy a burner with cash, but you could with a gift card that was registered with cash or a prepaid debit.

        I would also recommend buying a faraday bag to keep it isolated.

        Edit: keep that in the faraday bag untill you need it.

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        4
        ·
        6 months ago

        Mostly true. I will not deny there are benefits to bringing your phone. They are also substantial risks. Protesting can be risky business.

    • cm0002@lemmy.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      26
      ·
      6 months ago

      not even turned off because many phones emit Bluetooth beacons and other data that can be recorded and traced

      That’s a bunch of bull, off is still off unless you have a reputable link/source that says otherwise.

      No need to spread misinformation or conspiracy theories.

        • cm0002@lemmy.world
          link
          fedilink
          arrow-up
          5
          arrow-down
          7
          ·
          6 months ago

          Ok I stand partially corrected, it’s something that’s coming but is not rolled out yet and looks like it’ll need the latest phones so everything slightly older is still fine

          • henfredemars@infosec.pub
            link
            fedilink
            English
            arrow-up
            12
            ·
            edit-2
            6 months ago

            It is actively rolled out right now all the way back to iPhone 11 (2019) while the device is powered off. Version 16 is current, and the power “off” tracking was backported to older devices.

            Android support is spottier. We’ve had powered off features one OnePlus for some time, such as the ability to trigger alarms while turned off, but more advanced features like location tracking are much more recent to Android because it usually requires specific hardware support to operate while using almost no battery. Apple has the privilege of vertical integration, so they were able to update older firmware.

            I think this trend is very concerning, because with no user-servicable battery, we’re essentially forced into having our phones on to some degree at all times.

          • delirious_owl@discuss.online
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            You’re right that this doesn’t affect all devices. I’m not sure if its only a software thing or if its baked into hardware.

            Eg I’d I buy some new device with this and install CalyxOS, does it still leave Bluetooth on when the device is off?

      • Boozilla@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        6 months ago

        Never underestimate how far they will go to track your movements, habits, etc. It’s not even about “the gubment spyin’ on me”. It’s about how valuable that data is to corporate assholes who like to target you with customized advertising, and resell your data, etc. (And yes, as a side-effect, the police can also sometimes take advantage of this ubiquitous data capture).

        We live in a time when even our stupid cars spy on us:

        https://www.nytimes.com/2024/03/18/podcasts/the-daily/car-gm-insurance-spying.html

        It’s why they push the internet of shit so hard. Nobody needs a “smart fridge” but by god, they really want us all to have one.

  • menas@lemmy.wtf
    link
    fedilink
    arrow-up
    25
    ·
    6 months ago

    Pretty good stuff.

    However I read many reactions : “don’t take your phone with you” This is a common issue in a lot of activist place to don’t ask ourselves why people are acting like this ? before telling them to stop. They may have good reasons, and in a case of protests, there is.

    • Filming the cops : I don’t know in the US, but in a lot of countries, cops are less violent when they know someone is filming them. This may help people harmed by the police, in giving them evidence, or helping mobilization in the futur. After mass arrestation, it could be hard to know how as been arrested or not; some legal support hotline ask this kind of evidence for this reasons. Of course this some sensitive material, and need to be secured too. For example, the cops may target you if you are filming them.

    • Calling the legal support hotline : Some of them ask to be called just after arrestation or cops actions, to make a precise report. You could call them when someone you know have been attacked or kidnapped by the police.

    • Call medial support : I don’t know how the emergency number is linked with the repressive force in the US, but in a lot of country, it’s not. Even if it’s rare, it could be a vital issue.

    All this actions are important and individuals should compare the risks they take in taking them and what we lost in not acting like that. Of course this risks have to be documented; with flyers at the start of a protests for example.

    I would recommend to mutualise actions to decentralize risks. Make a team with one or two people with burned phone and dedicated camera (paid by everyone); let your other phones at home. Stay (at least) by pair, and keep in eye someone with a phone.

    They may be better plan of actions, but we couldn’t just let down cop watch ant street medic just for the illusion of individual safety. Such thing simply do not exist

    • june (she/her)@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      My only concern is if they start employing frequency jamming since LoRa is in a very specific band which won’t impede much other uses when jammed.

      LTE/5G bands have much more potential impacts if attempting to jam that band.

    • Aceticon@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      The funny bit is that the example from the video requires a companion device in order to actually have something to send, since it doesn’t have a keyboard or microphone, and the natural companion device for that in a mobile situation would be … an Android or iPhone.

      That said, it would also work paired with a tablet and maybe it can just be paired with a bluetooth keyboard (the hardware in it - specifically the ESP32 - has bluetooth support built-in, so it depends on the software)

      Mind you, this is only a limitation from this specific implementation (which is basically a gadget for electronics hobbyists hence no built-in keyboard), not from the LoRa stuff itself.

        • SomeAmateur@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          6 months ago

          It’s like $20 for cheap devices that talk to your phone via bluetooth. They have standalone devices too to fix that potential vulnerability.

          I’m messing around with a few rn. Heltec V3s and TBeam Supremes.

          • realbadat@programming.dev
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            I’ve got an order pending while I decide which setup I want to play with first - but I have a feeling I’m just going to go with one portable and one to leave in the office, and go from there.

            Regardless of it’s potential use for protests, it’s a fun project!

  • electricprism@lemmy.ml
    link
    fedilink
    arrow-up
    14
    ·
    6 months ago

    Anything with Bluetooth is a ID vector.

    And since Apple AirTag tech is a thing there are other ID capabilities.

    Maybe a Faraday bag to cut all radio.

  • helpmyusernamewontfi@lemmy.today
    link
    fedilink
    arrow-up
    12
    ·
    6 months ago

    imagine not being a gigachad bringing your nintendo 3ds, that actually has a physical switch to disable wireless communication and can record videos and take pictures that totally don’t look like they’re from 2011

  • toastal@lemmy.ml
    link
    fedilink
    arrow-up
    17
    arrow-down
    6
    ·
    6 months ago

    Signal & WhatsApp are not secure enough. Meta/Facebook regularly give data & metatadata to the cops & Signal is centralized & not self-hosted by your crew so while messages are encrypted, the metadata still isn’t. If you must use Signal, I would pick Molly as an Android client since you can a) encrypt the messages under a separate password for storage on seizure & b) you can use the UnifiedPush version to make sure your notification metadata isn’t going thru Google’s Firebase servers. Protests are the ideal place for Briar as it is works via mesh net so internet & SIM cards are not required (but years ago wden I tried it, the app was a major battery drainer).

    • Simon Müller@sopuli.xyz
      link
      fedilink
      arrow-up
      9
      ·
      6 months ago

      the metadata still isn’t.

      That doesn’t quite work in the case of Signal

      The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

      Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn’t encrypted.

      Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn’t realistic.

      *: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling…especially if you wanna stay sane whilst having a threat model

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        6 months ago

        With the right intel you could piece back some of the pieces, especially with some pieces from other sources, with just that metadata. With metadata, it’s about putting together lots of sources to see the picture clearly which is why Facebook bought WhatsApp for just the metadata (& address book). The thing is that you, can skip Signal & you will still have several free software messaging alternativ where nothing is on a US-based server where they can subpoena.

        • RealJoL@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          But that’d already entail control over the whole Signal AWS in- and egress as well as any VPN you may be using and/or your local ISP. And then you still have to prove the actual link to the natural person. At that point we’re speaking of a threat level assuming the US DoD as adversary. While not impossible, I think if you’re willing to pick that kind of fight, you’re clever enough not to rely on Signal (or most digital communication).

          Signal is not WhatsApp, there aren’t a lot of data points linking your communications to end points in the same way Meta does link them.

          • toastal@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            6 months ago

            Not saying you are wrong, but I think the argument a) should mention WhatsApp in the same breath as Signal & b) stopping at Signal instead of linking to where to find more info

    • BrikoX@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      6 months ago

      You are absolutely right about metadata, but as far as protests, just having encryption is enough to prevent anyone from accessing the data. Extracting metadata from 3rd party companies or extracting a phone requires a lot more resources than cops can spare.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        6 months ago

        In the corpo cases, I’m sure all they have to do is ask. There are better alternatives & this guide feels radically incomplete stopping at such pedestrian option instead of labeling them in a bottom tier of like suffiecent-if-you-literally-can’t-use-anything-else.

    • WolfLink@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      If your problem with signal is that it isn’t self-hosted, just self-host it? It’s all open source.

      • toastal@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        Those components are not really meant for self-hosting, its open to be looked at. You would need to patch out the SIM requirement, point the hardcoded server/clients elsewhere, find some way to sideload modified clients to those using iOS lol, & it’s not federated so you would need a separate app for just this task. At this rate you are 100% better off using a choosing systems where server & clients are actually built with this in mind… Signal’s chat features are not novel

      • ReversalHatchery@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        6 months ago

        The developers are very hostile about alternative clients and networks. Also, the app does not support this in any form, so you would have to distribute modified APKs that want to use your hosted server.

  • Trent@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    ·
    6 months ago

    I wouldn’t even bring my phone, or if I absolutely needed something like that, I’d buy a cheapass pre-paid burner. And keep it off until you actually need it.