I think it is self evident that we want to allow different opinions on this forum. Having different voices continues to challenge the status quo and forces us to be on edge withbour recommendations, you know, preventing the whole sacred cows thing.
We even allow them to promote their own blogs and all. We just ask folks to respect the way we do things here. And coming in out of nowhere claiming that our communities consensus is wrong and that your own opinion is fact just crosses a line.
You are allowed to give your opinion, we love it if you do so and we might even change our own opinion because you brought in a fresh perspective that we haven’t considered before. All we ask is just to be respectfull on here.
Hmm, actually the bar @nihilist set for “wild protest” is essential and mostly appropriate, thats by my pereonal experience and by how thousands of protesters who got persecuted during a specific movement. Doing anything below that bar would have serious consequences, if you are taking part in “wild protest” or “movement”.
And when you got arrested, your “team”, friends and family will go down with you. That is not something you can afford to risk.
For kicking rocks part, if someone wants to participate in a political movement or wild protest but thinking those measures / suggestions are unnecessary, they probably really should go kick rocks, so they wont bring massive collectoral damage, to everyone in their lives.
I apologise if anyone feel bad for my tone, but the things @nihilist mentioned are mostly FIELD TESTED, and I have seen more than enough people trying do the right thing but ended up really bad because of lax opsec.
For peaceful, nom-controversial, well organised protests, most measures are overkill and counterproductive, that includes some recommendation listed in PG.
Thanks for sharing your thoughts, we will just have to agree to disagree in this case.
Also I just wanted to add, we are open to suggestions and improvents to the guide, if you were to post a list of exact concrete things that you feel should be changef with your rationale, then we can talk over them.
My disagreement is mostly about the black and white view of privacy and security and the lack of nuance in the discussion :).
Not respectful is it (as a mod!) to paint someone’s genuine views as “extremist”.[1] The dissonance here boggles the mind.
Thought @nihilist’s discussing a blog post not a community recommendation.
Not sure what you’re advocating for, but monoculture / cult-following is a bad sign.
I mean, this is what you replied to, and claim is extremism? “neither privacy, nor anonymity, nor deniability have ever been a spectrum. To consider either of those as a spectrum means that you have a laxist approach to it.” ↩︎
Thanks for the detailed and thoughtful reply. I agree with a number of the points you made here. We’re going to be doing a big revision over the next couple of weeks. So keep an eye out.
I think one of the best things we can do is emphasize “don’t bring your phone” more heavily on the phone guide. And to give folks better guidance about assessing risk so they can decide if they can live without the convenience of the phone.
For one, would PG feel comfortable recommending Password Managers that don’t assume highest possible risk? Or VPNs that don’t take in to account the highest possible risk? Or Android ROMs that don’t? Or Messengers that don’t?
If you read up the papers on the design of the Signal protocol, the risk they assume is highest possible risk. Same goes for the design of Pixel phones. And that of Mullvad’s network. These are what PG recommends & stands by.
How is it any different when it comes to what the protestors should use? Any protestor looking to level up on digital literacy is likely going for “highest risk”, or they wouldn’t be at all.
A regular user most certainly is “overwhelmed” if you point out things like “root of trust”, “certificate chains”, “public key cryptography”, but that isn’t a criteria to not recommend using those. Usable security has nothing to do with the why (reasons). It has to do with the what (toolkit). Unfortunately, in some cases, the what involves multiple steps and careful setup (think: messaging with PGP vs Signal), but if PG was set in 2000s, it’d have been comical for its tutorials to not recommend using PGP over plain text, just because <insert something about spectrum>.
Of course! The kind of solutions proposed there wouldn’t fly in this community because “extremism”. There is some kind of weird resistance to setups the team here thinks is too much for whatever definition of “lay person” they have in mind.
I mean, the first draft of the post didn’t even talk about burner phones, fwiw.
Point:
As pointed out elsewhere, the line between legal and illegal protest is very blurry and can shift rapidly; if anything, the only way to be sure you’re not going to a protest that could eventually be classed as illegal is to never go to a protest, regardless of how pure your intentions are.
One thing people often overlook, is whether their job allows them to protest or express opinions on government policies. So even in a non-illegal protests, many people shuould consider covering their face and be extremely cautious about being interview by press.
For example, civil servants, NGO employees, employees of government contractors, marketing companies, etc. They need to check their internal policies, so they wont get into law suits or lossing their job.
Well they all have a defined threat model. Signal doesn’t defend against someone shoulder surfing you reading your messages. It also doesn’t try to defend against malware reading your message database. You can’t really say they defend against the “highest possible risk” because risks don’t come in a clean hierarchy. You have to define specifically what the threat that you’re defending against is.
I hope i didn’t miss this feedback scrolling over 60 replies already:
On a Google Pixel and most other Android devices, double-tapping the power button will open the camera without needing to unlock your device.
With Graphene OS you are able to block your microphones and your cameras Through the notification bar. Although you may have to unlock your phone for that
You might also want to consider local radios like walkie-talkies, although keep in mind these devices are nearly always unencrypted and can be easily monitored by others, so you won’t want to use them to transmit sensitive information.
Law enforcement may look for people using walkie talkies and you might be able to get located using walkie talkies.
This might also apply for extra devices like meshtestic radios but since they are stored in the pocket or a backpack and the frequencies are very special I think it’s unlikely they are looking for stuff like this and are able to locate such devices by looking for radio signals.
This is a standard AOSP feature. You can of course use it but it’s better not to grant the camera / microphone permissions to apps you don’t trust in the first place.
If the Baseband chipset can control the mic, then Graphene can only do so much. Not sure if Google allows this on Pixels. For other OEMs, this totally depends on what goes into their SoCs.
Airplane mode, camera access, and microphone access toggles work very well on Google Pixel devices. To bypass them, it would require an exploit that 99.99% of people will never be touched with in their lives.
It really depends a lot on the brand they can have wildly different quality, and you likely don’t have the proper equipment to test it and make sure no signals are getting through. https://www.mattblaze.org/blog/faraday/
