331
submitted 7 months ago by BrikoX@lemmy.zip to c/privacy@lemmy.ml

Simple steps to take before hitting the streets

top 50 comments
sorted by: hot top controversial new old
[-] AllNewTypeFace@leminal.space 145 points 7 months ago

Leave it at home and, if you need a phone, take a burner that doesn’t have your personal data and isn’t logged into any of your accounts.

[-] SnotFlickerman@lemmy.blahaj.zone 44 points 7 months ago

You also have better found a way to pay for the burner in cash or with a pre-paid debit card. A lot of places in the US won't let you buy a "burner phone" without a credit/debit card that has your name attached to it.

[-] GBU_28@lemm.ee 23 points 7 months ago* (last edited 7 months ago)

There's a difference between "none of my personal shit on it" and a full on ghost phone.

The first is worth doing.

If you get arrested, they are GOING to identify you before you leave detention. Being fully ghosted and keeping your mouth shut will just keep you in detention at minimum for the hours allowed to them, and if they can pin you with some fake crime, even longer. If arrested, you will not escape them without some level of identification.

[-] EdibleFriend@lemmy.world 11 points 7 months ago

Walmart lets you. At least as of October. The only rule was the amount of phones.

[-] delirious_owl@discuss.online 4 points 7 months ago

Wut? The US is like one of the easiest places to buy anonymous mobile phones and plans.

[-] Baku@aussie.zone 5 points 7 months ago

Seriously. In Australia, you have to "activate" your Sim card with your full name, email, bank details (depending on the carrier), and a copy of your driver's license. Hell, I bought my last phone directly from a carrier, completely outright, with cash, prepaid with no plan, and they took a photocopy of my drivers license. Buying phones elsewhere they've never done that to me, as long as it's prepaid and bought outright, but for some reason the major telcos do it for all purchases

[-] delirious_owl@discuss.online 3 points 7 months ago* (last edited 7 months ago)

Usually what you do in this situation is go to the tourist hot spot and find a mobile shop pretending to be a tourist without a drivers license. Usually within a few days you'll find someone who will use their info and sell you a Sim card.

[-] nossaquesapao@lemmy.eco.br 3 points 7 months ago

What about buying second hand?

[-] jjlinux@lemmy.ml 63 points 7 months ago

Leave it at home.

[-] otter@lemmy.ca 56 points 7 months ago

While leaving it behind is best for privacy, the article touches on some reasons people bring them anyway

Leaving your phone behind means the data it holds and transmits will be the safest it will ever be, but it also means giving up access to important resources. It becomes much more difficult to coordinate with others, or get updates from social media. For many, phone cameras are also the only way they can document what’s happening.

If you have access to a separate phone, whether it’s a “burner” phone, an old smartphone that you can reset, or an old-fashioned camera, you could choose to bring these devices instead of your regularly-used phone. However, not everyone has access to these devices, or can afford to purchase a separate phone just for protesting.

[-] electro1@infosec.pub 54 points 7 months ago

Just leave your phone at home, and bring a Digital camera, and few SD Cards ... Oh, wait.. < insert company name here > makes Cameras that spy on you... nevermind...

maybe we should hire a fast sketching artist to draw police brutality ... What.!... your pencil can track you now... come...ooooonnn

[-] delirious_owl@discuss.online 29 points 7 months ago

No, its better to have a smart device that syncs photos to your encrypted cloud in case you're attacked and your attacker breaks your SD card to destroy the evidence

[-] rar@discuss.online 11 points 7 months ago

Burner phone to anything that requires communication. Erase metadata of anything that will be shared and uploaded online.

[-] Pantherina@feddit.de 5 points 7 months ago

Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.

load more comments (15 replies)
[-] GBU_28@lemm.ee 50 points 7 months ago

Layer one: "front line": folks should be acting on passive listen/pushed information from folks far back that will not get kettled or trapped. Media they collect should be Livestreamed for safe storage... But they should be focused on non violent protest, emit the protest message and find/eject bad actors. Equipment should be "burner" quality, wiped and purpose setup with the expectation of seizure.

Layer 2: "observe, document, report": folks should be using encrypted apps to communicate, and should intend to not be arrested, and to collect as much quality content as possible. These folks should be ready to be arrested, but avoid as possible.

Layer 3: "coordinate": these folks should be digesting all possible data about risks, police activity, lawful orders, movements, etc. They should be feeding information about proper actions. They should use encrypted tools but plan to avoid arrest.

This is all hypothetical.

[-] henfredemars@infosec.pub 38 points 7 months ago

Phones are tracking devices. Do not bring your phone, not even turned off because many phones emit Bluetooth beacons and other data that can be recorded and traced.

If you bring a phone, make sure that phone has no idea who you are.

[-] floofloof@lemmy.ca 24 points 7 months ago* (last edited 7 months ago)

Even if the phone doesn't know who you are, the shop that sold you the phone or the SIM, or the credit card company you paid with, can know who you are. So you'd have to use cash. Even without these, your movements can be tracked through a burner phone and informed guesses made about who you are (e.g. if the phone has been at your home or with your friends).

Turning off your phone doesn't necessarily protect you from tracking either:

https://www.androidauthority.com/android-15-powered-off-api-pixel-9-track-switched-off-3425472/

Easiest, as others say, just not to carry a phone.

[-] TheOSINTguy@sh.itjust.works 8 points 7 months ago* (last edited 7 months ago)

In some places, you cant buy a burner with cash, but you could with a gift card that was registered with cash or a prepaid debit.

I would also recommend buying a faraday bag to keep it isolated.

Edit: keep that in the faraday bag untill you need it.

[-] delirious_owl@discuss.online 16 points 7 months ago

If everyone followed this advice, we wouldn't have footage of abuse at protests..

[-] henfredemars@infosec.pub 4 points 7 months ago

Mostly true. I will not deny there are benefits to bringing your phone. They are also substantial risks. Protesting can be risky business.

load more comments (7 replies)
[-] NoLifeGaming@lemmy.world 26 points 7 months ago

Don't take it with you, or have a faraday bag and only take it put when you're done

[-] menas@lemmy.wtf 25 points 7 months ago

Pretty good stuff.

However I read many reactions : "don't take your phone with you" This is a common issue in a lot of activist place to don't ask ourselves why people are acting like this ? before telling them to stop. They may have good reasons, and in a case of protests, there is.

  • Filming the cops : I don't know in the US, but in a lot of countries, cops are less violent when they know someone is filming them. This may help people harmed by the police, in giving them evidence, or helping mobilization in the futur. After mass arrestation, it could be hard to know how as been arrested or not; some legal support hotline ask this kind of evidence for this reasons. Of course this some sensitive material, and need to be secured too. For example, the cops may target you if you are filming them.

  • Calling the legal support hotline : Some of them ask to be called just after arrestation or cops actions, to make a precise report. You could call them when someone you know have been attacked or kidnapped by the police.

  • Call medial support : I don't know how the emergency number is linked with the repressive force in the US, but in a lot of country, it's not. Even if it's rare, it could be a vital issue.

All this actions are important and individuals should compare the risks they take in taking them and what we lost in not acting like that. Of course this risks have to be documented; with flyers at the start of a protests for example.

I would recommend to mutualise actions to decentralize risks. Make a team with one or two people with burned phone and dedicated camera (paid by everyone); let your other phones at home. Stay (at least) by pair, and keep in eye someone with a phone.

They may be better plan of actions, but we couldn't just let down cop watch ant street medic just for the illusion of individual safety. Such thing simply do not exist

[-] Zetta@mander.xyz 23 points 7 months ago* (last edited 7 months ago)

I'm waiting for the first mass protest that utilizes Lora communications

Come on noobs, get with the times!

[-] PipedLinkBot@feddit.rocks 4 points 7 months ago

Here is an alternative Piped link(s):

Lora communications

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

load more comments (6 replies)
[-] electricprism@lemmy.ml 14 points 7 months ago

Anything with Bluetooth is a ID vector.

And since Apple AirTag tech is a thing there are other ID capabilities.

Maybe a Faraday bag to cut all radio.

[-] helpmyusernamewontfi@lemmy.today 12 points 7 months ago

imagine not being a gigachad bringing your nintendo 3ds, that actually has a physical switch to disable wireless communication and can record videos and take pictures ~~that totally don't look like they're from 2011~~

[-] toastal@lemmy.ml 11 points 7 months ago

Signal & WhatsApp are not secure enough. Meta/Facebook regularly give data & metatadata to the cops & Signal is centralized & not self-hosted by your crew so while messages are encrypted, the metadata still isn’t. If you must use Signal, I would pick Molly as an Android client since you can a) encrypt the messages under a separate password for storage on seizure & b) you can use the UnifiedPush version to make sure your notification metadata isn’t going thru Google’s Firebase servers. Protests are the ideal place for Briar as it is works via mesh net so internet & SIM cards are not required (but years ago wden I tried it, the app was a major battery drainer).

[-] toastal@lemmy.ml 13 points 7 months ago

Also worth noting that OpenStreetMaps works offline too.

[-] cyrus@sopuli.xyz 9 points 7 months ago

the metadata still isn’t.

That doesn't quite work in the case of Signal

The only data that they have, based on transparency reports and dissections of their source code, is the time you created your account and last connected to the servers.

Messages themselves are essentially only relayed, with sealed sender, and anything that would be actually useful to identify who was at a protest and who wasn't encrypted.

Things like, e.g when messages arrive at the server would have to be monitored live on compromised servers, which reasonably unless you assume* it is wiretapped already prior to a protest, isn't realistic.

*: of course, I am saying this because making an assumption and portraying it as truth (e.g assuming something is already wiretapped based on no evidence at all) is not the smartest of moves when it comes to threat modeling...especially if you wanna stay sane whilst having a threat model

load more comments (3 replies)
[-] BrikoX@lemmy.zip 7 points 7 months ago* (last edited 7 months ago)

You are absolutely right about metadata, but as far as protests, just having encryption is enough to prevent anyone from accessing the data. Extracting metadata from 3rd party companies or extracting a phone requires a lot more resources than cops can spare.

load more comments (1 replies)
load more comments (3 replies)
[-] Trent@lemmy.ml 10 points 7 months ago

I wouldn't even bring my phone, or if I absolutely needed something like that, I'd buy a cheapass pre-paid burner. And keep it off until you actually need it.

[-] possiblylinux127@lemmy.zip 7 points 7 months ago
[-] amongstthetrees@lemmy.ml 6 points 7 months ago

On a secondhand or wiped burner Pixel too. The Crowbar CVE can’t be patched by an OS.

load more comments (4 replies)
load more comments
view more: next ›
this post was submitted on 05 May 2024
331 points (97.4% liked)

Privacy

32492 readers
297 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS