I was feeling inspired to write this morning after looking through a lot of this type of article and noticing they all omitted kind of important information. This includes all of the basics, and the stuff I thought was under-discussed, like AirDrop and the importance of security patches.
That was an enjoyable read. If I may offer some feedback:
Additionally, even if itās encrypted, it still wonāt benefit from the same security protections that your phoneās built-in storage provides, such as advanced brute-force protections.
I could be mistaken, but I donāt think this is strictly true. See Adoptable storage | Android Open Source Project.
Google is frequently tapped by law enforcement to provide location data, because they donāt protect your personal information with strong, zero-knowledge encryption.
This is / will no longer be the case (Iām not super clear on whether it is fully rolled out yet). See Google Maps is making a big privacy change to protect your location history - The Verge.
Great article! I found this part really funny.
Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions. You should always speak with your licensed attorney before deciding how to proceed. If your phone was taken by law enforcement you may have legal recourse to get it back.
During my time at FPF, I once had a bunch of lawyers strongly discourage this idea in a protest security toolkit. As in they wrote entire essays to me during work hours
Great article! I think this was very much needed, especially appreciate how itās written for the target audience.
Didnāt cover cell towers tracking (IMSI & IMEI).
Great article @Jonah. like I said before those articles are nice additions to the content available. This one in specific I think can expand much more but is good to have a starting point (which normally is the most difficult part).
It is up to us to believe that the setting is really working since there is no way to validate the code.
Which do you think is more likely?
A) That the feature works as intended, dramatically lowering the administrative load for Google associated with complying with geofence warrants.
B) That Google is lying to both its users and law enforcement in hundreds of countries by secretly keeping location data unencrypted on its cloud. Meanwhile, refusing to comply with geofence warrants from law enforcement despite possessing the requested data, exposing Google to significant legal liability (a pretty poor business strategy).
This is fairly good reason to believe Google not to mention the fact that:
A current Google employee who was not authorized to speak publicly told Forbes that along with the obvious privacy benefits of encrypting location data, Google made the move to explicitly bring an end to such dragnet location searches.
It could be something in between. It doesnāt need to be necessarily the A and B that you mentioned.
They can on their side turn the feature to keep the location on because their were coerced to cooperate.
Thanks for creating the article, although I wonāt be protesting anytime soon, but I got some key takeaways from it .
This is a really important topic to cover! Most of the stuff I have read about this mostly focuses on physical aspects to consider during a protest; not many cover digital aspects so expansively.
It isnāt as simple as this guide isnāt laying out a threat model.
In some jurisdictions, body-hugging devices (like smartphones) may come pre-installed with spyware apps.
For instance, I was sent this tip on use of Rethink, an app I co-develop, to block such spyware by protestors in Hong Kong (mirror).
Also, Iām not sure disabling 2G is enough. Govts are known to retroactively arrest based on location triangulated via Cell towers. Some speculate (ex / mirror) that basebands may be turned ON on remotely (even if is switched off, like via airplane mode), though unsure if thatās a valid attack vector these days.
Iād add more data disposal tips. Delete cloud storage apps that you donāt need access to while at the protest. If you can reinstall the app , login, and your data is back, you donāt need the app always on your phone. Donāt need your password manager that you protect with Face ID sitting there waiting to be extracted after your keychain gets snatched exposing all of your identities.
Cellebrite Premium basically bypasses every security measure on iOS device. Stolen device protection , lockdown mode, etc. are essentially just UI blocks that only affect the basic extraction methods, which does nothing when you literally have access to the file system. You must focus on keeping limited amounts of data on your iPhone and understanding the forensic nature of your applications.
They have a valid point.
Leaving phones behind or using burner phones is a very practical advise. Iād ask the same of vulnerable folks, especially those who can be made examples out of by powers-that-be: They can be detained for arbitrarily long periods, get declared a traitor, have their livelihood destroyed, and the life of their loved ones jeopardised for eternity. This stuff is serious in some jurisdictions.
True. Though, Firefox can talk onion, if you turn OFF network.dns.blockDotOnion
in about:config
? I think, Brave has built-in support? Ages ago, volunteer-run gateways (onion to www) like tor2web.org
were popular.
Thanks for the feedback everyone! Iām glad this guide has been very well received
I will be updating it with some changes on Monday based on some comments Iāve seen here and on social media, drafting here:
I think it really depends on the risk of the āprotestā, the same thing can be either āno big dealā or āif you get caught you are doneā, depending on where you are. It would be nice if the article could bring this up.
Considering the amount of very personal data that a phone (usually) has on you I think itās the only advice that makes sense IF you really are in that high-risk position and have to assume your items will be seized with a certain likelihood.
Either that or having a burner phone - or at least a 2nd phone that has zero unnecessary apps/information on it and that you use just for occasions like this (and factory reset regularly).
Thanks @jonah for this guide!
Iāve been working for the past 6 months to build a series of guides for activists (US-focused). And there are a few recommendations on your guide that I want to use to polish up our prepare for protest checklist.
Yes, go kick rocks. It is irresponsible to disseminate that you could possibly have ANY private phone use, i.e. related to attending a protest, when, on top of proof that nation states are targeting iPhone users., there is no app sandboxing, reproducibly.
Apps that are bought and sold (everything on the app store) can access other processes on the device, with the matching api even in the case of googled devices (anything with g in the name on any device).
This is fixed only by using open source operating systems and nothing less. Throw that app in a box (user profile). Practice privacy with your iphone, but an iphone is not a tool of privacy.
Not everyone has this high of a threatmodel. Telling folks to kick rocks because they are unable to flash graphene or even afford a pixels, and they are better off not protesting way to extreme.
You have to threatmodel, in some countries this mindset might be needed, but in others this is completely over the top.
I think this is the core misunderstanding and nuance, where it may be a hard requirement or not depending on the threat model. I believe Jonah will include this in the next draft of the article.