If you're attending a large-scale protest, it's likely that the cell-towers (or stingrays) won't be able to handle everyone who is connected anyways, so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends. This also allows you to continue using Airplane Mode the entire time, while being able to communicate with people nearby.<p>Alternatively, investing in walkie-talkies that have encryption can be worth it as well, but unsure how legal they are around the world, think some countries put restrictions on those so you might have to acquire them while vacationing somewhere else.<p>It's mentioned in the body of the article, but get the feeling most people could miss it: Absolute best idea is to leave your "personal" phone at home! Either get a secondary (burner) phone with nothing useful on it and no real names, or skip out on the phone fully. If you do get a secondary phone, make sure it has a removable battery and keep it out from the phone until you arrive at location and as soon as you move, remove battery again.
Also Meshtastic.org is a cheap (various <$50 options) open source LoRa based hardware bridge (or standalone device) that can be used with an app over bluetooth (or WiFi web interface).<p>It supports strong encryption layer and over 1 km/mile per “hop” in most circumstances.<p>Designed originally for off grid, it’s very flexible and pretty polished.<p>Abstracts your phone into a UI. Has a whole ecosystem behind it. I’ve been using it for festivals and tracking my vehicles (high theft area) for years.<p>Very handy should infra not be available. Should be great for protests also :)
Unfortunately this is a topic that attracts LARPers. Remember that if things get spicy, you are not going to settings nerd your way out of a bad interaction with the police.<p>Tech advice for legal and illegal protests is pretty much diametrically opposite, and advice for countries like the United States is much different than for somewhere like Egypt.<p>It's complicated!
> If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model...<p>> Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions.<p>This can be really serious. It is far better to never have/collect/obtain data in the first place.
> However, in this situation it may make more sense to disable biometric authentication.<p>In Face ID, there's a setting that requires direct eye contact in order to open your phone. Highly recommend enabling this when feeling insecure about someone forcing you to open your phone (if it's not already on by default) because it means somebody forcing you to open your phone with Face ID can be easily defeated by simply closing your eyes. I tried this a number of times during the BLM protests, and I/nobody else could get my phone to unlock unless my eyes were open and looking right at it. So with Face ID, I think it's actually way more secure to have biometric authentication turned on, using this setting. The thumbprint stuff might be a good idea to avoid though.<p>(WARNING: This will make your phone pretty much impossible to unlock with your face if you're inebriated on anything. Ask me how I know. xD You should probably disable it after the protest.)
Briar messenger is specifically designed for things like protests. I think I would prefer it over Signal. The article says:<p>>Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most: ...<p>That is the all the information they claimed they had. We have no way to know what they actually collect. Briar runs P2P over Tor so they can't collect data, even if they should want to.<p>Whatever is used, an article like this should remind the potential protester to turn on disappearing messages with an appropriately short interval. The powers that be might use something like a Cellebrite box to get all your old messages by cracking the phone security.
There are some apps that detect fake base stations monitoring your traffic<p>There are apps that uses accelerometer and gyroscopic sensors to detect if phone is snatched execute certain action based on this<p>Use app lock, so in case your phone is opened, apps will still be locked --> lock galley + filesExplorer(any) + settings + playstore + Browser(All installed) + Cloud/RemoteDrives(any) + Any syncing apps + Contacts + Email+messaging apps etc<p>(Hell all apps for utmost paranoia)<p>Use apps that remotely sync your phone specific folder/gallery every time new file is created (So when taking photos or recordinf something, if pbone got snatched, data is deleted + phone is broken or formattef/wiped against your will, your files have already synced to remote location so no worries<p>Snoopsnitch
<a href="https://f-droid.org/en/packages/de.srlabs.snoopsnitch/" rel="nofollow">https://f-droid.org/en/packages/de.srlabs.snoopsnitch/</a><p>Stayput
<a href="https://f-droid.org/en/packages/org.y20k.stayput/" rel="nofollow">https://f-droid.org/en/packages/org.y20k.stayput/</a><p>plucklockex
<a href="https://f-droid.org/en/packages/xyz.iridiumion.plucklockex/" rel="nofollow">https://f-droid.org/en/packages/xyz.iridiumion.plucklockex/</a>
If you're this worried, don't bring your phone lol. If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.<p>Otoh, the main function of protests is to get media attention, so if they don't get publicized there was basically no point unless they evolve into direct action.<p>If you're interested in this second point, read <a href="https://www.amazon.com/If-We-Burn-Protest-Revolution/dp/1541788974" rel="nofollow">https://www.amazon.com/If-We-Burn-Protest-Revolution/dp/1541...</a>
><i>Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.</i><p>Good tip! I didn't know about disabling 2G support on my phone.
Or simply leave your phone at home. Need to meet with friends? Plan a meeting point. Need to take photos? Do you really? What right have you got to photo other people's faces? Just leave your damn phone at home.
Th smartphone is the greatest mass surveillance device ever conceived, although AI monitored camera networks will probably exceed it very soon.<p>There are basically no countermeasures. Which means freedom is truly at the discretion of the powerful, because once the government goes North Korea there is no going back.<p>I actually think the biggest threat to humanity in the Great Filter sense is authoritarianism, more than nuclear Armageddon, grey too, or super AI.<p>Nothing can stop by he centralization of power that AI provides to the powerful, and the fact the elite have been brazenly antidemocratic and anti- institutionalism in public and podcasting platform is this election cycle is frightening.
It's unfortunate that Briar is android-only. I know it is due to Apple restrictions on battery usage (afaik). But it is decentralized and can operate locally over wifi and Bluetooth.<p>These seem like good practical steps.<p>GrapheneOS has duress pins (type it in, and the phone is wiped). It has secondary pins for biometric - the intent being that your real password is a long passphrase, and "quick " unlock is bio+pin.<p>I would add to this list some method of uploading video live to another service, in a way that the video can't be deleted via the phone. I know those exist for the express purpose of civil rights, I think the aclu has a list somewhere.
Potentially this is where the likes of the PinePhone should thrive [1].<p>As well as the methods suggested, you could have full disk encryption and just have the phone switch off if it suspects any shenanigans. If you want, it could still boot into an OS, but it just denies knowing about the encrypted disk. Done right, the image itself could be difficult to discern from something like a corrupted video file.<p>> Your Risks at a Protest<p>In addition, your SIM (likely traceable to you, especially if you have it) will be auto-connecting to their temporary telecom system (i.e. Stingray [2]), where they can find out the following:<p>1. That you were nearby to the event.<p>2. A tonne of operations available via the modem [3].<p>3. If you speak to somebody locally (as part of the routing).<p>4. Shift your connection down to 2G/3G where it is easier to hack [4].<p>I think each person needs to consider their security model.<p>[1] <a href="https://pine64.org/devices/pinephone/" rel="nofollow">https://pine64.org/devices/pinephone/</a><p>[2] <a href="https://en.wikipedia.org/wiki/Stingray_phone_tracker" rel="nofollow">https://en.wikipedia.org/wiki/Stingray_phone_tracker</a><p>[3] <a href="https://www.electronicsforu.com/special/cool-stuff-misc/gsm-at-commands" rel="nofollow">https://www.electronicsforu.com/special/cool-stuff-misc/gsm-...</a><p>[4] <a href="https://www.eff.org/deeplinks/2020/06/your-phone-vulnerable-because-2g-it-doesnt-have-be" rel="nofollow">https://www.eff.org/deeplinks/2020/06/your-phone-vulnerable-...</a>
404 Media just released a great related article "The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds"<p><a href="https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/" rel="nofollow">https://www.404media.co/the-powerful-ai-tool-that-cops-or-st...</a>
Most of this applies wherever but do check your local laws where applicable, I know that in the UK you can be compelled to provide a PIN/password under some circumstances.
This is what the other side is telling law enforcement about iOS devices.<p><a href="https://cellebrite.com/en/glossary/bfu-iphone-mobile-device-forensics/" rel="nofollow">https://cellebrite.com/en/glossary/bfu-iphone-mobile-device-...</a><p>iOS is amazing insecurely to a determined law enforcement agency after the first unlock when you turn your phone on.<p>And a mitigation that Apple is doing.<p><a href="https://lonelybrand.com/blog/iphones-operating-on-ios-18-1-will-automatically-restart-and-switch-to-lockdown-mode-following-prolonged-durations-of-inactivity/" rel="nofollow">https://lonelybrand.com/blog/iphones-operating-on-ios-18-1-w...</a><p>As far as having a strong pin to help protect you, it won’t protect you from rubber hose decryption.
Old phones are an underappreciated resource, imo.<p>I keep a few handsets around for apps I don't want on my daily driver (ex:food ordering, 2FA).<p>More in line with the article: For alternate cell/SMS service I have a RedPocket SIM. (note: I see now it's $45/yr on ebay. I'm paying less, prob grandfathered).
Mobile Phone Security For Activists and Agitators<p><a href="https://opsec.riotmedicine.net/downloads#mobile-phone-security" rel="nofollow">https://opsec.riotmedicine.net/downloads#mobile-phone-securi...</a>
Most of this is everyday security.<p>"Avoid External Storage"<p>They missed part with this. You could use external storage just for your current recording purposes so you can pop the SD card and take it with you if you think your phone will be taken.
You should be going into airplane mode at an isolated time before you get to the protest so you don't have a pattern of 10 friends all of a sudden dropping off the network together.<p>Infact it's probably not the best idea to protest (in a crowd) anymore. The cops know how to kettle, and they have the tech edge. Activists need to think and act more asymmetrically.
Re: iPhones - these suggestions are really good, AND it shows how hard it is to keep track of the attack surface of all of modern iOS features. I wish Lockdown Mode also set these hardening features on: it seems useless to harden your phone against spyware if you can still be surveilled in other ways.
Almost too many steps to remember here. Would it be possible for an app to prompt you to do all this? An app can bring up settings to allow your camera access, why not to quickly change those other settings?
See also the EFF Surveillance Self-Defense guide for activists and protesters:<p><a href="https://ssd.eff.org/playlist/activist-or-protester" rel="nofollow">https://ssd.eff.org/playlist/activist-or-protester</a>
Technically you could piggy back on another protocol and obfuscate your comms. Like piggy backing in an envelope across https connections from server to server. Nobody is looking there. And even if they are, good luck decrypting that. Looks like a legit site but it is actually a proxy for delivery encrypted payloads.