If you're attending a large-scale protest, it's likely that the cell-towers (or stingrays) won't be able to handle everyone who is connected anyways, so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends. This also allows you to continue using Airplane Mode the entire time, while being able to communicate with people nearby.
Alternatively, investing in walkie-talkies that have encryption can be worth it as well, but unsure how legal they are around the world, think some countries put restrictions on those so you might have to acquire them while vacationing somewhere else.
It's mentioned in the body of the article, but get the feeling most people could miss it: Absolute best idea is to leave your "personal" phone at home! Either get a secondary (burner) phone with nothing useful on it and no real names, or skip out on the phone fully. If you do get a secondary phone, make sure it has a removable battery and keep it out from the phone until you arrive at location and as soon as you move, remove battery again.
I don’t understand under what logic AES encrypted radio communications (walkie-talkie) differ from AES encrypted radio communications (mobile network).
Well the whole point of hiding your tracks is evading law enforcement, why would you care if it’s illegal? Or is it because of the „only do one crime at a time“ thing?
I was thinking along the lines of „the state wants to oppress the protestors and makes it illegal“, but if you just want to avoid surveillance at a legal protest, yeah, you’re right.
Going into a protest with illegal communication devices is almost a direct sabotage of the protest's intent. It gives law enforcement a legitimate reason to act, even if almost certainly ex post facto. And it paints the protest as wilfully illegal--you went in intending to break the law.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." - Ed Snowden
Absolutely best idea is to make an encrypted PDA & play forensic scientist by recording everything.
1. Get a Google Pixel 9, 9 Pro, or 9 Pro XL smartphone (Cellebrite-proofn at time of writing).
2. Verify images & GOS.
3. Disable biometrics & wireless connections.
4. Memorize with Anki or your own head a new, NIST-compliant passphrase with ≥ 8+ words.
3. Get a cover for the smartphone.
4. Buy EMI tape and electrically insulating waterproof tape.
5. Tape the insides of the cover with EMI, layering it & govering the inner walls as well, no gaps (overlay two adjacent layer always, say ≥ 1 cm, if possible)
6. Add one layer of the other tape to insides of the cover
7. Story inside your underpants 24/7 powered off when you don't use it.
My setup is more secure than not having phone, a Qubes laptop, a 2G burner, or not having phone.
But that’s not security, it’s usability. Just by virtue of taking your phone to a less safe place you’re lowering its security. Taking a small offline camera would be a lot more secure if your concern is recording the events.
If you‘re opening the cover, disconnecting antennas might be the way to go instead. Depending on the device, it‘s relatively painless and even reversible.
I believe they mean a cover as in a case that has a folding cover, not as in the external layer of the phone itself. So you effectively turn that otterbox-ish thing into a faraday cage that will enclose your phone.
I am not sure how I follow how that isn't completely negated as soon as you go to actually use the phone, though.
Once the phone is on, they can tie it to a person with geolocation. Either directly if you do it at home, or indirectly when traveling in a vehicle associated with you.
This is advice for a world that doesn’t exist any more and hasn’t for a long time. The only thing you are going to do following this advice is to stand out immediately amongst a sea of data that you are someone who is taking very unusual security measures and worthy of a closer look. It’s a very easy to identify signature and it’s very literally the opposite of what you should be doing in 2025.
The countries I am familiar with in Europe (NL to name one) you can buy sim cards without any ID. Additionally there's at least 1 provider I know of that's giving them away for free while for the majority you pay 1-5 EUR but get some data after activation.
There's no limit on how many you can purchase at once either.
In Estonia, you could buy a prepaid SIM card in a convenience shop a few years ago, without any sort of ID verification. Not sure if that’s still an option but I think it’s not a priority there. You can then use it all over the EU.
And of course, buying a phone without a contract doesn’t require ID either.
Lots of groups have used https://briarproject.org/ successfully in the past, I've heard. Assumes you're using Android though which if you're using a burner, you most likely are.
Successfully in terms of communication or in terms of security?
Successful communication is easy if you don't worry about security. Just post it on Instagram.
How do you know if your security is successful? How do you know if your messages were intercepted and read, your app was hacked, data was extracted from it, etc.? The attackers (authorities or otherwise) are not going to tell you.
I’d go as far as to assume there’s no evading surveillance in a strict sense.
If you attend, leave your phone home (atypical usage), go with other people / meet them there / other people you know are there (facial recognition / gait analysis / clothing preference) those are all good data points to predict with high probability where you are and what you’re up to, especially given your typical movements, data usage patterns, purchasing habits, friends / acquaintances / social media interactions are all in at least a few databases.
Take the security measures you’re willing to make the tradeoffs for.
If history is anything to go by, we’re only ever an election, or other political churn, away from your particular sets of beliefs / identifiers being persecuted, or at least your least favourite political prisoners being released and coming after you.
And, as you allude to, relying on the security practices of others has its own problems. Even Perfect Forward Secrecy etc etc provides little help against Rubber Hose Cryptography.
>If history is anything to go by, we’re only ever an election, or other political churn, away from your particular sets of beliefs / identifiers being persecuted, or at least your least favourite political prisoners being released and coming after you.
it goes other way around too - you are only one election cycle away to be pardoned.
And if the protest is succrssfull, you dont need a pardon anyway.
Source -- been to places, done the things, a special law shields me from the thiengs being brough up by autorities
>A special law shields you? How does a law shield you from persecution?
We won, this is how.
>Being pardoned doesn't help much if you're dead.
There is an escalation ladder you need to climb to attain martyrdom. It takes effort and courage and not everybody can or should do it. It's okay to be on the part of the process that provides moral support to the more hardcore participants.
Depending upon which OS are on. If Android - Briar is the most famous and obvious choice. On iOS? There are not any options really but wasn't any usable one around a year back the last I had checked.
On iOS there are not many options for P2P w/o Internet (I assume that is what you meant - otherwise if you want P2P over Internet then there are some options although not really "truly" P2P of course - and of course if Internet is shut down or overwhelmed then it will be down). There's https://github.com/berty/berty (the last time I tried it was crashing incessantly but it might have improved). I do not know of anything else really (there might be few but I am not sure).
How safe is Bluetooth really? Cities has scanners used to track devices for monitoring road congestion, malls have scanners to measure foot traffic. I have to believe that anyone with access to stingray type of device can track Bluetooth as well.
Yeah, not sure many people are aware their beloved tech is spying on them.
At this point face recognition and other tech can make it such that everyone is traced, filed and automatically sent summons of some sort.
Usually, protests are located in one somewhat easily defined area, until you cannot be there anymore or the goal has moved somewhere else. So then you need to get to another spot, this is the moment you disconnect your battery until you've arrived at the other place.
So yeah, they'd be able to say that "person A was at location B and later C", but not necessarily the way there or after/before those specific locations.
I agree that the safest is to assume they can definitely track you no matter what protocol/antenna you use, so you have to chose what moment it's OK to be tracked (like large groups).
My note about overloaded towers is not about that they'll be unable to track you, but you'll be unable to use public internet to communicate with the rest of your group.
The battery thing can be important. One strategy law enforcement uses is to force your phone into a high energy state and zap the battery very quickly.
No need for the law enforcement to do anything. I suspect that a large, thick crowd where everyone carries a phone creates enough radio interference that phones lose contact with the tower very often, and try to reconnect very often, especially when people send or receive messages, auto-upload photos, etc. This keeps the phones in the active state for longer, draining the batteries.
Guessing from things I've heard, take this with a grain of salt:
- In order for most cellular protocols to work successfully, it's necessary for the transmission power level (phone to tower and tower to phone) to be lowest possible.
- So that tx power has to be constantly modulated because the phone's distance is always changing as it moves, meaning the optimum power level is always changing.
- The tower is in control of this - it tells the phone how powerful to transmit, and this can be done for each device.
- So I would suppose a malicious party in control of the tower could simply tell the phone to transmit at max power, which will drain batteries quickly, especially if the connection is being actively used I guess. This may have interference considerations but if the tower is really a box on top of a car or truck it may not really matter.
- I don't know how the phone is prevented from connecting to closer non-malicious towers.
I could hazard a guess that if someone made your phone really hot it would be able to be scanned by thermal imaging and pick you out of a crowd. Just leave phones at home, like, use 18th century methods if you have to. I dont pretend to care or know why people would be interested in this, but like, your phone probably is not your friend in a protest
I'm guessing in this context it means drain the battery. I haven't heard of this technique, but it seems plausible, by tricking the phone into constantly transmitting over WiFi or cell.
Couldn't you achieve the same by just enabling airplane mode or similar on regular devices? I don't think niche devices with hardware killswitches should be necessary
(I have no information and thus no opinion on this being a thing that happens but)
constantly keeping the cell antenna and CPU awake would probably do it. it's a BIG part of why weak cell signal and lots of noise at e.g. conventions drains your phone many times faster than normal, even when you're not using it. you could probably do that just by sending junk data to everyone occasionally, or delaying valid data to prevent going into sleep modes for longer periods.
If you ever forget to put your phone in Airplane Mode when flying (and you survive the flight!), you will notice that the battery is surprisingly depleted.
I think it has to do with the phone constantly renegotiating with cell towers along the route.
I've seen similar behaviour when a hurricane took out power to a local tower, and it was intermittently restored.
It might be possible to emulate that in a controlled environment/area.
Not exactly. The phone needs to transmit with enough power to communicate with the tower. When connected to the tower, the tower is constantly monitoring the signal and sending back information to the cell phone to tell it how much power it needs (without using more than it needs and wasting battery life).
If a phone isn’t connecting to any towers (like on a plane) it assumes it is out of range and is blasting out max power trying to find something to connect to. During hurricanes, many towers are down, which can overburden adjacent towers as well (since each tower only has a certain number of slots/channels it can handle). It means that you may not be able to communicate with your closest tower, since it is down, but you also may not be able to communicate with the next nearest tower, since it at capacity for current users, which puts you in a longer distance higher transmit power situation.
From what I have heard, those Stingrays act as fake towers, so I would assume they could set them to always tell the phones it needs max transmit power.
I think both 'sap' and 'zap' work in this context, and zap might be the better option because 'sap' can have the additional meaning of moving the energy somewhere else, whereas 'zap' can just mean to remove in general.
Keep in mind "Mens rea." If you are implicated in the crimes of the crowd all of these actions may be used to increase the penalties you face. Even if you "trust" the crowd, somehow, you should remember that agent provocateurs exist.
You might ask what attending a large scale protest is intended to achieve and decide for yourself if the personal risks are worth it.
> You might ask what attending a large scale protest is intended to achieve and decide for yourself if the personal risks are worth it.
True. But keep in mind that demonstration size can have an impact.
Even just relatively large, not even a Million Man March.
For example, relevant to recent news magnifying vile Nazi-saluting imbecile demographics: They tried to pull that at an event in Boston in 2017, but tens of thousands of counter-demonstrators showed up. https://en.wikipedia.org/wiki/Boston_Free_Speech_Rally
We need more reminders that the US can be good people.
> but tens of thousands of counter-demonstrators showed up
What social change did this lead to? It sounds like two ideologically opposed groups showing up in the street to war with each other. In the end the organization just built a new group and moved everyone into it. What is this meant to be an example of?
Seems like "Sound and fury. Signifying nothing." to me.
> reminders that the US can be good people.
The US /is/ good people. Will it ever be 100% "good people?" Of course not. Perhaps you shouldn't let salacious for profit media hyperventilation over the few bad apples that exist to tarnish your view of an entire country. Let alone allow this to encourage you to participate in meaningless street level shouting matches.
The last election proved otherwise. The police are corrupt and now are going to have immunity to it. The President just introduced a meaningless cryptocurrency to bilk his true believers and is just ripe for a rug pull.
We demonized a whole group of immigrants and said they were eating pets and they just pardoned 1500 violent criminals that even the police were opposed to pardoning.
Even when obviously crazy/corrupt/malevolent people seize control of most branches of government, demonstrations tell some of the people who feel most threatened that they're not alone, that the people around them are not what the news would have them believe, and that many others will come out and stand up for them.
That seems too lenient on yourself. Why not do the right thing and
hand yourself into the Inquisitor General for wrong-think about
protesting? Maybe they'll go easy on you.
At the least you should confess your temptation to wrongthink at the nearest Larry Ellison AI monitoring 'oracle'. Landru...I mean Oracle AIs maintain social order through their constant AI vigilance. The good is the harmonious continuation of the Body.
Also Meshtastic.org is a cheap (various <$50 options) open source LoRa based hardware bridge (or standalone device) that can be used with an app over bluetooth (or WiFi web interface).
It supports strong encryption layer and over 1 km/mile per “hop” in most circumstances.
Designed originally for off grid, it’s very flexible and pretty polished.
Abstracts your phone into a UI. Has a whole ecosystem behind it. I’ve been using it for festivals and tracking my vehicles (high theft area) for years.
Very handy should infra not be available. Should be great for protests also :)
I spend a lot of time in the RF space and Meshtastic is by far the most mature system out there for instant ad-hoc secure digital communications.
However...
The first rule of emergency communications is that if you can conceive of the need in the future, you need to practice using it now. Getting people to download the meshtastic app or figuring out a weird setting is a lot easier when you have working uncensored internet.
This would depend on your phone being able to permanently disable its radio, right? I don't know if I would trust my phone well enough for that, I would be worried even in airplane mode about it making some small beacon checks.
There are a few devices floating around with a hardware switch built in. If you use a Pixel, grapheme OS is probably pretty trustworthy so you at least no there's nothing nefarious down to the OS level.
But yeah, in general if you take a phone just assume it's tracking you or at least making it possible for those with access to know you where there.
Do you have any information about the privacy achievable by Meshtastic?
From a quick glance it looks like it‘s using static NodeIDs derived from the Bluetooth MAC address in the always unencrypted Packet Header.
So not only can you sniff these messages from far away at greatly simplified complexity when comparing to cellular communication, but also tie it to the hardware that you carry with you.
Mesh networks sure have its uses, but I‘d be wary of their offered privacy in the presence of adversaries you could be facing at protests!
For the next few years it's fine. Functionally the feds just don't have the infrastructure to care about Meshtastic. In a decade maybe that'll change but two decades in the best they can do against drones is receive the ID DJI manufactured ones voluntarily broadcast and lookup the owner if they registered it correctly.
They're far dumber than most people give them credit, unless you off a rich guy they just don't have the resources to even think about penetrating anything but cell networks.
The encryption is pretty good, they're not likely to break it any time soon. The device MACs are whatever, unless you go to protests then go wandering around an urban area with the same radios for an extended period of time they're not going to do shit about it. They would have to geolocate from the RF emission and that's difficult to do to an accuracy necessary to uniquely identify you. Further, LoRa is still a bit of a pain to work with outside of using vendor chips which don't have non-cooperative DF capability so we're in the realm of expensive custom solutions from an RF shop which is far more money than the feds are willing to spend to dragnet a couple people.
how have you been able to use it at festivals? I tried it once and maybe the default settings are terrible but no communication could be achieved. There were dozens of other nodes that it found in a tight space and I think the entire network was saturated with pings/messages that I couldn't get mine to work. Are there settings to change that get around network saturation issues?
If you just want to talk to a few friends, don't bother with the default public mesh config, setup your own with encryption enabled.
Don't use longfast, use a higher speed setting if possible. Longfast will go 10km+ in optimal conditions and in a city environment, won't go any further than medfast.
Don't use the default radio channel, pick another one.
MAKE SURE ALL SYSTEMS ARE CONFIGURED IDENTICALLY - meshtastic is picky about all the radio settings being the same for bits to go through. It cannot figure out that the sender is using a faster/slower bitrate than you are so you will just get nothing. Do not attempt to use them until you've verified that all systems reliably send and receive messages in an uncontested environment. It's very easy to misconfigure meshtastic but once you do, fixing it in the field is going to be very difficult.
Unfortunately this is a topic that attracts LARPers. Remember that if things get spicy, you are not going to settings nerd your way out of a bad interaction with the police.
Tech advice for legal and illegal protests is pretty much diametrically opposite, and advice for countries like the United States is much different than for somewhere like Egypt.
The fact that rubber-hose cryptanalysis exists doesn't mean that cryptography is useless. While settings nerding is indeed probably of limited use if you have a direct encounter with authorities, settings nerding can prevent being caught up in a dragnet search for, say, every cell service subscriber present at a protest gone sour, just as ubiquitous cryptography probably can't keep you safe from dedicated NSA attention but can protect against warrantless dragnet fishing expeditions.
As pointed out elsewhere, the line between legal and illegal protest is very blurry and can shift rapidly; if anything, the only way to be sure you're not going to a protest that could eventually be classed as illegal is to never go to a protest, regardless of how pure your intentions are.
What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die. In the US, Russian operatives organize a lot of the protests that turn violent. They also organize the counter protests.
In other countries, protests are often organized by foreign entities. The organizers will have good opsec, but everyone else is just (metaphorically) cannon fodder as far as the organizers are concerned.
It's been this way for decades. The Soviet Union organized protests in other countries for pretty much its entire existence. The US helped the Polish anti-authoritarian Solidarity movement and several others.
Huge shrug to that. Show me the evidence of the scale of it. 10%? 90%? There's an aspect of this reasoning that delegitimizes real protest movements, of which there are 'a lot', and of course there's a long history of 'a lot' of foreign geopolitical actors (including the US) of agitating actual grass-roots movements, muddying the waters even further.
At this point I think you're being less than honest with yourself. A group organizing 60 protests is organizing at scale because they want to create the perception of a movement.
> There's an aspect of this reasoning that delegitimizes real protest movements
Who cares? Our goal is to tell the truth, not to legitimize this or that. The fact is Russians organize a lot of protests in our country. And they're not the only ones who do.
> I think you're being less than honest with yourself
Are you sure that's me?
> A group organizing 60 protests is organizing at scale
Again: what scale? Are we talking all protests? Some? Half? What is "a lot"?
> > delegitimizes real protest movements
> Who cares?
You would, when the protest is about something that matters to you. The very thing that divides so-called Western democracy from the evil Russians is the right to organize, criticize, and protest against the government. When you can't do these things, you're living in an autocracy, something like, um... Russia?
I'll leave you to argue this one out with yourself.
Specifically, on that point they claimed "a lot of protests that turned violent," implying that Russian agitators were responsible for escalation. Unless the Russian agitators are members of the police, that seems very unlikely.
> What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die.
I mean, that’s kind of a given even for the protests that are legitimate. They really only happen when people reach a point of no return, and the organizers are more likely to be fanatics in the first place.
I don't think that's really true. If you made a list of all the protests in the US that happened in the last, say, 70 years and threw a dart I think you'd almost certainly hit a protest that was mostly performative. Essentially people LARPing, to use the parent commenter's term.
> If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model...
> Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions.
This can be really serious. It is far better to never have/collect/obtain data in the first place.
It got me curious; lets say I go to a protest, lose my phone and wipe it remotely. I couldn't possibly know who exactly got it (since I lost it) so if I remote wipe it while in police custody, could they really get you for "obstruction of justice" for example? Wouldn't that require intent?
You just don't even want to be at the "proving intent" stage.
If you had a function/service that just automatically wiped your device at intervals, regardless of where you were and what you were doing, that might be more defensible than wiping manually.
Best is if your device can't be locked and doesn't have any evidence of anything at all.
There’s a setting on iPhone called “Erase Data” which will erase the data on it after 10 consecutive failed passcode attempts. That seems like a recommended setting for any smartphone to be honest, especially if it is used for business.
There are some apps that detect fake base stations monitoring your traffic
There are apps that uses accelerometer and gyroscopic sensors to detect if phone is snatched execute certain action based on this
Use app lock, so in case your phone is opened, apps will still be locked --> lock galley + filesExplorer(any) + settings + playstore + Browser(All installed) + Cloud/RemoteDrives(any) + Any syncing apps + Contacts + Email+messaging apps etc
(Hell all apps for utmost paranoia)
Use apps that remotely sync your phone specific folder/gallery every time new file is created (So when taking photos or recordinf something, if pbone got snatched, data is deleted + phone is broken or formattef/wiped against your will, your files have already synced to remote location so no worries
> However, in this situation it may make more sense to disable biometric authentication.
In Face ID, there's a setting that requires direct eye contact in order to open your phone. Highly recommend enabling this when feeling insecure about someone forcing you to open your phone (if it's not already on by default) because it means somebody forcing you to open your phone with Face ID can be easily defeated by simply closing your eyes. I tried this a number of times during the BLM protests, and I/nobody else could get my phone to unlock unless my eyes were open and looking right at it. So with Face ID, I think it's actually way more secure to have biometric authentication turned on, using this setting. The thumbprint stuff might be a good idea to avoid though.
(WARNING: This will make your phone pretty much impossible to unlock with your face if you're inebriated on anything. Ask me how I know. xD You should probably disable it after the protest.)
While this is good info, it should also be known that in the USA, a judge (maybe and police officer?) can legally command you to unlock your phone via biometrics, but they cannot legally command you to unlock via password or passphrase.
“Legally command” = command you to do something with the force of law, and legally punish you if you resist
The reasoning behind this is that your fingerprints and face etc. are public knowledge. Whereas you can retain your right to remain silent (about your password/PIN), failing to provide these aspects of your person can be viewed as not cooperating.
>The reasoning behind this is that your fingerprints and face etc. are public knowledge.
Not really. You can be compelled to give blood sample for alcohol testing, but your blood is hardly "public knowledge". Same thing with strip searches.
That is usually due to 'implied consent' laws. Most states have it written into what you sign to get your license that you must submit to DUI testing. Generally, you can refuse, but the penalty for refusal is worse than the DUI penalty.
IANAL, but I think the distinction is that "give us the password that unlocks this" is forcing you to testify against yourself, producing something from your own memory and forcing you to admit ownership/control of the object. (Which might not even be yours.)
In contrast, "the device opened in response to the same fingerprint/face that the suspect has" is a form of world-evidence which doesn't infringe on your mind, much like "the key found in your pocket unlocked the safe."
This has failed me. I was mugged while black out drunk, and they succesfully unlocked my phone, unlocked my banking app, etc, despite me having the eye contact feature enabled.
Briar messenger is specifically designed for things like protests. I think I would prefer it over Signal. The article says:
>Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most: ...
That is the all the information they claimed they had. We have no way to know what they actually collect. Briar runs P2P over Tor so they can't collect data, even if they should want to.
Whatever is used, an article like this should remind the potential protester to turn on disappearing messages with an appropriately short interval. The powers that be might use something like a Cellebrite box to get all your old messages by cracking the phone security.
> Briar runs P2P over Tor so they can't collect data, even if they should want to.
That makes the common, dangerous, naive assumption that the implementation is secure. Correct, complete, secure implementations are very hard.
(It also assumes the design is secure, which is impossible to tell based on that limited information. P2P is not any more secure than over the Internet: In fact, it's easier to identify (there are only a few Briar P2P signals and near-infinite Internet signals - you've outed yourself), and if you mean local mesh P2P networking, that doesn't help at a protest, where the authorities also are present.)
In the more public app world, only Signal has done it well enough that experts trust it, and they have lots of free help from the expert security community.
If you're not technical, signal is hands down the best solution.
If you have a group that's going to something and you are willing to take some extra steps, something like matrix/briar/simplex/whatever setup with a self hosted instance provides you with the knowledge that all the infrastructure is under your control and that the feds just aren't going to have the time to sit down and figure out how this shit works.
The thing this thread is wildly missing the point on is unless you off a ceo or are a prolific organizer, the feds are systematic. They pick a set of techniques and technologies that cast the widest net possible with the money they have, then spend their time trying to nail people within that venn diagram. Yes, security through obscurity is not ideal in-and-of-itself, but combined with encryption and chaos, you can get much farther than using the same stuff everyone else has been using for a decade+. If you stay near the leading edge of tech the feds are a decade behind you, they still have years of threat briefing powerpoints to sit through before they can even think about implementing a countermeasure.
You could find 1000 CVEs in briar but if only a handful of of people at a demonstration are using it, the feds are still going to be sitting there beating their heads against signal because that's what they know how to do. If they ever find a single high severity CVE in signal, it's game over for everyone.
What are the bases of your claims about what government authorities do and don't do, what their capabilities and resources are, etc.?
> the feds just aren't going to have the time to sit down and figure out how this shit works.
They have resources many orders of magnitude larger than you. The NSA has tens of billions of dollars per year and five or six figures of personnel. It's you who don't have time.
The point of end-to-end encrypted messaging is not having to care about what the server is running, which is why the threat models for most academic cryptographic research on these things is "assume a compromised server", and, if that gets you real compromises, the protocol is considered broken.
End to end encryption protects content. It doesn't protect things like information about who is talking to who. For that you need something like an onion network. As already mentioned, Briar uses Tor for that. Signal claims to not collect such information but my point is that we have no way to know what they collect. Claims don't count for anything for these sorts of things..
If you're this worried, don't bring your phone lol. If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.
Otoh, the main function of protests is to get media attention, so if they don't get publicized there was basically no point unless they evolve into direct action.
>If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.
If you record police brutality, it doesn't do any good if the police come and smash your camera and then deny it. Being able to live stream or to live backup photos and video can be useful.
Also, many recent causes have used social media to provoke "big media" attention. The Arab Spring used social media to circumvent government crackdowns on communications and bring international attention. The #BringBackOurGirls hashtag was started locally after the Boko Haram kidnappings and incompetent government response and brought global pressure and resources.
> don't take identifiable pics of people without consent
Hard disagree. Public events are public events. My conclusion, based on experience at street protests, historic trends, and current political events, is that there have been significant actions by provocateurs over the past decade or more, and particularly in Portland in 2020. Taking and posting pictures of these people is an important act. It the internet age makes this tactic impossible, it will be a huge win.
The upside is nonexistent anyway: the state is photographing everyone at these events, so you taking an additional photo does not change the risk surface for anyone with regard to state retaliation.
I can definitely see this perspective. I'm a bit torn myself on the public event section. The second consideration is, yes they are filming, but just because someone is filming it's not necessarily a useful picture (blurry, low res, bad angle, obstructions, etc). Your picture might be useful especially since you may be closer to the action.
As another Portlander, disagree with exceptions: surveillance footage made it harder to identify people from top down angles, and it meant that a lot of people had their charges dismissed because of that. (I will need to look it up.) The bigger risk to a protest movement, I would argue, is an opposing agent provocateurs trying to get people doxxed. That risk to more people outweighs getting minority of provocateurs shut down.
(On the other hand, you’re also right that agent provocateurs are old COINTELPRO-era tactics used by the state and right wingers against protest movements.)
When it comes to tactics to keep yourself safe when protesting, there aren’t ultimately too many hard beliefs to be had, especially when the right are perfectly happy to collaborate with the state.
I mean there’s two sets of social norms here, right? Set one is that whenever you see the first person advocating or starting to break windows or start fires or do something else illegal, you all point at the guy and chant “fed, fed, fed” until he slinks away in shame or maybe shove him out of the crowd and into the police lines and let the cops handle him. The other set of norms is that when you see people do those things, you don’t snitch. Various protesters will adopt either set of norms.
Maybe you’d argue that the second set of protesters are actually feds; I won’t argue the point because I prefer the first set of norms myself.
Or simply leave your phone at home. Need to meet with friends? Plan a meeting point. Need to take photos? Do you really? What right have you got to photo other people's faces? Just leave your damn phone at home.
If you want to take photos, bring a good quality video camera, preferably with optical image stabilization. It’s much harder for disinformationists to deny or reframe a long, uncut video.
>Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.
Good tip! I didn't know about disabling 2G support on my phone.
Th smartphone is the greatest mass surveillance device ever conceived, although AI monitored camera networks will probably exceed it very soon.
There are basically no countermeasures. Which means freedom is truly at the discretion of the powerful, because once the government goes North Korea there is no going back.
I actually think the biggest threat to humanity in the Great Filter sense is authoritarianism, more than nuclear Armageddon, grey too, or super AI.
Nothing can stop by he centralization of power that AI provides to the powerful, and the fact the elite have been brazenly antidemocratic and anti- institutionalism in public and podcasting platform is this election cycle is frightening.
> Nothing can stop by he centralization of power that AI provides to the powerful
The social acceptance of defeatism and quitting is incredible - they couldn't have a more ideal opposition. You'll never win if you quit before you start. It's mass cowardice in the face of danger, with an excuse of course.
Weapons evolve, defenses evolve. There are ways of trivially defeating cell phone tracking, and there are ways of trivially defeating AI cameras (850 ways specifically). Some auth dipshit will probably come up with some other way of betraying the working class and the cycle will repeat itself.
Potentially this is where the likes of the PinePhone should thrive [1].
As well as the methods suggested, you could have full disk encryption and just have the phone switch off if it suspects any shenanigans. If you want, it could still boot into an OS, but it just denies knowing about the encrypted disk. Done right, the image itself could be difficult to discern from something like a corrupted video file.
> Your Risks at a Protest
In addition, your SIM (likely traceable to you, especially if you have it) will be auto-connecting to their temporary telecom system (i.e. Stingray [2]), where they can find out the following:
1. That you were nearby to the event.
2. A tonne of operations available via the modem [3].
3. If you speak to somebody locally (as part of the routing).
4. Shift your connection down to 2G/3G where it is easier to hack [4].
I think each person needs to consider their security model.
Regarding #2, I thought AT commands were something you could send to your modem from your attached device. I'm not aware that they could be sent to a modem by another remote modem over the network link. Is that also possible?
You are correct, it's just there to give you an idea of the capabilities of the modem, what sorts of information it holds and what the cell tower may query.
It's unfortunate that Briar is android-only. I know it is due to Apple restrictions on battery usage (afaik). But it is decentralized and can operate locally over wifi and Bluetooth.
These seem like good practical steps.
GrapheneOS has duress pins (type it in, and the phone is wiped). It has secondary pins for biometric - the intent being that your real password is a long passphrase, and "quick " unlock is bio+pin.
I would add to this list some method of uploading video live to another service, in a way that the video can't be deleted via the phone. I know those exist for the express purpose of civil rights, I think the aclu has a list somewhere.
Most of this applies wherever but do check your local laws where applicable, I know that in the UK you can be compelled to provide a PIN/password under some circumstances.
It isn’t about trust, it is about how likely you are to encounter a risk and how big that risk, if encountered, is. Do you own a hazmat suit? A nuclear bunker? Did you install a 5-point harness and wear a helmet when you drive? Could you be tortured for information by the police? Yes. Is that in any way likely at all? No. Taking reasonable precautions against likely actions by law enforcement is better than acting like all things are possible so no point in doing anything.
The chance of encountering a police that operates unlawfully - especially since they have qualified immunity is a very big risk. The chance of other police covering for them is close to 100%
I keep a few handsets around for apps I don't want on my daily driver (ex:food ordering, 2FA).
More in line with the article: For alternate cell/SMS service I have a RedPocket SIM. (note: I see now it's $45/yr on ebay. I'm paying less, prob grandfathered).
>Old phones are an underappreciated resource, imo.
Not really. Old phones don't receive security patches and can be trivially unlocked to extract all relevant information. Sure, it might not have your nudes or bank login, but if you're using it to coordinate the protest that's plenty of incriminating evidence for the police.
>For alternate cell/SMS service I have a RedPocket SIM. (note: I see now it's $45/yr on ebay.
You have to be very careful with this, otherwise it's trivial to tie the phone/SIM back to you. Off the top of my head:
* the billing/shipping address used to order the SIM
* any payment information used to top-up the account
* location correlations with any other devices you own (for instance, if your burner phone pings the same towers as your primary phone for an extended period of time)
* using it for anything other than protests (eg. as a "burner" number when applying for jobs to avoid spam)
It depends on the threat model. A local police force vacuuming up cell data looking for easy targets and ways to intimidate protestors is different than a targeted investigation by a state actor to identify everyone at all costs.
The Jan 6 insurrection is a good example of how difficult it is in a real world scenario to ID specific people in a large protest, and many of them got caught because they talked about it afterward on Facebook. If you are cell phone 2,347 on a spreadsheet of 33,422 phones and the number has no associated locational data, open source information, etc. you are way safer than bringing your regular phone, while not being an easy target and being able to communicate if you need to.
They missed part with this. You could use external storage just for your current recording purposes so you can pop the SD card and take it with you if you think your phone will be taken.
You should be going into airplane mode at an isolated time before you get to the protest so you don't have a pattern of 10 friends all of a sudden dropping off the network together.
Infact it's probably not the best idea to protest (in a crowd) anymore. The cops know how to kettle, and they have the tech edge. Activists need to think and act more asymmetrically.
protesters deal with various agencies from private security, city police on up to federal FBI etc. These measures will help in the most common scenarios and prevent further escalation. 99.999% of protestors are not going against NSA counter-intel teams, they are encountering low-level private security or police who escalate the situation.
Every security practice is a risk/reward. The measures being offered here are no-cost measures which can reduce the exposure of evidence to casual security / police.
Re: iPhones - these suggestions are really good, AND it shows how hard it is to keep track of the attack surface of all of modern iOS features. I wish Lockdown Mode also set these hardening features on: it seems useless to harden your phone against spyware if you can still be surveilled in other ways.
Almost too many steps to remember here. Would it be possible for an app to prompt you to do all this? An app can bring up settings to allow your camera access, why not to quickly change those other settings?
Technically you could piggy back on another protocol and obfuscate your comms. Like piggy backing in an envelope across https connections from server to server. Nobody is looking there. And even if they are, good luck decrypting that. Looks like a legit site but it is actually a proxy for delivery encrypted payloads.
In the US, free speech is legal. You also have a right to congregate but lots of institutions find ways to subvert that, often by creating private spaces that seem public (and effectively are public but I am not a lawyer). The whole concept of civil disobedience in the US goes back to the Mexican American war, which many Americans felt was an opportunity to expand slavery to new states. Another example is the civil rights movement, where people thought it was acceptable to sit in the wrong part of the bus, even though it was against the law.
I am not advocating for breaking the law. You have to understand that if a police person or a security guard violates your rights of free expression you may not get bailed out by the ACLU.
There’s some strategic ambiguity going on here. If you’re going to a protest that looks like the Women’s March on Inauguration Day of 2017, you don’t have to worry about this kind of thing. If you’re starting fires or breaking into the Capitol building, you definitely do have to worry about this sort of thing. And just to make things even muddier, the exact same protest can radically change from one to the other based on specifics of time and place. In the summer of 2020, Seattle and Portland had mostly peaceful and uneventful protests by day in the exact same places where shootings and arsons would break out after dark, while on January 6th, just as some of the rioters were trying to force their way through the windows on one side of the Capitol building and clashing with Capitol Police, on the other side of the Capitol they were peacefully walking through wide open gates and doorways and milling around in the hallways as the Capitol Police looked on. And yeah, the peaceful ones get prosecuted sometimes too.
I think the "strategic ambiguity" here is ethics. Civil rights protestors were clearly breaking the law when they sat at diners that wouldn't serve black people. But who today thinks they were wrong? When I was a kid, students protested at Universities to divest from Apartheid era South Africa.
People can agree on what the law is, but they don't always agree on what is right. Sometimes a democratic government will zealously defend a law, war or principal that later generations of the same government will disavow.
> Civil rights protestors were clearly breaking the law when they sat at diners that wouldn't serve black people.
Sure, and then they let the police arrest them because the sight of peaceful people being hauled off to jail for sitting at the wrong diner or on the wrong seat on the bus is the statement. It’s called civil disobedience; Thoreau both practiced it and wrote about it a century before the civil rights movement. What none of those people did was try to obscure the fact that they were breaking the law or evade the consequences. Their plan was to go to jail over and over again to make the injustice of the system constantly manifest. So how does this even remotely apply to the article, which is about trying to avoid legal consequences?
I think you misunderstood me. My point is not that the law should align perfectly with my morality, it’s that in a functional democracy, there will _always_ be parties that have a moral position that does not align with the law. I believe it should be legal for them to protest, but in many cases it is not (speaking globally, not just in the USA). So I think it is good for protesters to be able to protect themselves, because my aspiration is that anyone who disagrees with the state should be able to make their voice heard.
So yes, to answer your question, I think my political opponents should be able to protest. If the state doesn’t allow them to, I am fine with them using tools to protect themselves legally.
The line I draw this at is violence and looting from innocents.
It seems you phrased your response as a “gotcha” but I’m really not sure what point you’re trying to make?
If you're attending a large-scale protest, it's likely that the cell-towers (or stingrays) won't be able to handle everyone who is connected anyways, so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends. This also allows you to continue using Airplane Mode the entire time, while being able to communicate with people nearby.
Alternatively, investing in walkie-talkies that have encryption can be worth it as well, but unsure how legal they are around the world, think some countries put restrictions on those so you might have to acquire them while vacationing somewhere else.
It's mentioned in the body of the article, but get the feeling most people could miss it: Absolute best idea is to leave your "personal" phone at home! Either get a secondary (burner) phone with nothing useful on it and no real names, or skip out on the phone fully. If you do get a secondary phone, make sure it has a removable battery and keep it out from the phone until you arrive at location and as soon as you move, remove battery again.
"investing in walkie-talkies that have encryption can be worth it as well"
Generally not allowed in many bands in the US. Motorola sells some AES walkies. They're really the only ones I know of, and they're very expensive.
I don’t understand under what logic AES encrypted radio communications (walkie-talkie) differ from AES encrypted radio communications (mobile network).
Encryption allows you to use a public resource (GMRS, for example) for exclusive private use. To have private use of a frequency, you gotta pay.
Well the whole point of hiding your tracks is evading law enforcement, why would you care if it’s illegal? Or is it because of the „only do one crime at a time“ thing?
Why do you assume this is about doing illegal things? This is about protests, many of which never turn into riots or illegal acts.
I was thinking along the lines of „the state wants to oppress the protestors and makes it illegal“, but if you just want to avoid surveillance at a legal protest, yeah, you’re right.
Going into a protest with illegal communication devices is almost a direct sabotage of the protest's intent. It gives law enforcement a legitimate reason to act, even if almost certainly ex post facto. And it paints the protest as wilfully illegal--you went in intending to break the law.
If you're protesting an oppressive regime then it's likely most privacy respecting methods are illegal.
If you're attending a protest with a phone, the cell tower ping will deanonymize you anyway.
The state has every reason (for itself) to demand perfect law-abiding behavior. The abstract Protest’s intent does not.
“If you have nothing to hide you have nothing to fear” right? That’s the same logic politicians are using to make spying on populations legal.
"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say." - Ed Snowden
No one was arguing this.
It’s possible to have encrypted communications without fucking up public parts of the spectrum.
Hiding from surveillance is not the same as planning to do something illegal.
... but it benefits the state if people think it's the same ...
Absolutely best idea is to make an encrypted PDA & play forensic scientist by recording everything.
1. Get a Google Pixel 9, 9 Pro, or 9 Pro XL smartphone (Cellebrite-proofn at time of writing). 2. Verify images & GOS. 3. Disable biometrics & wireless connections. 4. Memorize with Anki or your own head a new, NIST-compliant passphrase with ≥ 8+ words. 3. Get a cover for the smartphone. 4. Buy EMI tape and electrically insulating waterproof tape. 5. Tape the insides of the cover with EMI, layering it & govering the inner walls as well, no gaps (overlay two adjacent layer always, say ≥ 1 cm, if possible) 6. Add one layer of the other tape to insides of the cover 7. Story inside your underpants 24/7 powered off when you don't use it.
My setup is more secure than not having phone, a Qubes laptop, a 2G burner, or not having phone.
How is it more secure than not having a phone?
By capturing evidence of what happens to you that cannot be tampered with.
But that’s not security, it’s usability. Just by virtue of taking your phone to a less safe place you’re lowering its security. Taking a small offline camera would be a lot more secure if your concern is recording the events.
Any honest threat model assumes that any internet-connected device is already compromised…
If you‘re opening the cover, disconnecting antennas might be the way to go instead. Depending on the device, it‘s relatively painless and even reversible.
I believe they mean a cover as in a case that has a folding cover, not as in the external layer of the phone itself. So you effectively turn that otterbox-ish thing into a faraday cage that will enclose your phone.
I am not sure how I follow how that isn't completely negated as soon as you go to actually use the phone, though.
Or, use a Faraday cage?
Burner phones aren't safe. Security through obscurity worked with the 1990s cell network but not with today's vast logging/geolocation tagging.
The idea is that they can’t tie the phone to a person. You also have to make sure you don’t get the burner phone some place with cameras.
Once the phone is on, they can tie it to a person with geolocation. Either directly if you do it at home, or indirectly when traveling in a vehicle associated with you.
The rule is that you don’t use your burner phone at home, you use it when you are at the protest.
If you have two phones both turned on and they both move around similarly, they can be associated later.
They also tell you to keep one off until you get to the place. Never have both phones on at the same time.
This is all well documented
https://www.offgridweb.com/preparation/burner-phone-basics-h...
This is advice for a world that doesn’t exist any more and hasn’t for a long time. The only thing you are going to do following this advice is to stand out immediately amongst a sea of data that you are someone who is taking very unusual security measures and worthy of a closer look. It’s a very easy to identify signature and it’s very literally the opposite of what you should be doing in 2025.
Buy a burner phone with cash without taking your main phone and stash it somewhere. Then, before protest, take phone from stash and bring it with you
Sure the phone can't be tied to a person. But try getting phone service in the US without giving away your identity. Can't be done.
While true, I'm kinda wondering if that's even possible ...
Can you still buy phones with sim cards that don't require ID to get working? Not in Europe, UAE or Australia.
The countries I am familiar with in Europe (NL to name one) you can buy sim cards without any ID. Additionally there's at least 1 provider I know of that's giving them away for free while for the majority you pay 1-5 EUR but get some data after activation. There's no limit on how many you can purchase at once either.
> Not in Europe
In Estonia, you could buy a prepaid SIM card in a convenience shop a few years ago, without any sort of ID verification. Not sure if that’s still an option but I think it’s not a priority there. You can then use it all over the EU.
And of course, buying a phone without a contract doesn’t require ID either.
Anonymous prepaid cards still available in any corner shop
Some countries still allow that: https://www.comparitech.com/blog/vpn-privacy/sim-card-regist...
Just break your phone in two part after your call and you'll be safe /s
What apps do you recommend with p2p messaging?
Lots of groups have used https://briarproject.org/ successfully in the past, I've heard. Assumes you're using Android though which if you're using a burner, you most likely are.
> successfully
Successfully in terms of communication or in terms of security?
Successful communication is easy if you don't worry about security. Just post it on Instagram.
How do you know if your security is successful? How do you know if your messages were intercepted and read, your app was hacked, data was extracted from it, etc.? The attackers (authorities or otherwise) are not going to tell you.
I’d go as far as to assume there’s no evading surveillance in a strict sense.
If you attend, leave your phone home (atypical usage), go with other people / meet them there / other people you know are there (facial recognition / gait analysis / clothing preference) those are all good data points to predict with high probability where you are and what you’re up to, especially given your typical movements, data usage patterns, purchasing habits, friends / acquaintances / social media interactions are all in at least a few databases.
Take the security measures you’re willing to make the tradeoffs for.
If history is anything to go by, we’re only ever an election, or other political churn, away from your particular sets of beliefs / identifiers being persecuted, or at least your least favourite political prisoners being released and coming after you.
And, as you allude to, relying on the security practices of others has its own problems. Even Perfect Forward Secrecy etc etc provides little help against Rubber Hose Cryptography.
>If history is anything to go by, we’re only ever an election, or other political churn, away from your particular sets of beliefs / identifiers being persecuted, or at least your least favourite political prisoners being released and coming after you.
it goes other way around too - you are only one election cycle away to be pardoned.
And if the protest is succrssfull, you dont need a pardon anyway.
Source -- been to places, done the things, a special law shields me from the thiengs being brough up by autorities
Being pardoned doesn't help much if you're dead.
A special law shields you? How does a law shield you from persecution?
Over ten years later, I've never forgot this comment:
https://news.ycombinator.com/item?id=6033481
>A special law shields you? How does a law shield you from persecution?
We won, this is how.
>Being pardoned doesn't help much if you're dead.
There is an escalation ladder you need to climb to attain martyrdom. It takes effort and courage and not everybody can or should do it. It's okay to be on the part of the process that provides moral support to the more hardcore participants.
It’s not clear to me what you’re getting at here.
Sometimes, when a protest makes the government extra uncomfortable, they'll shut off the internet. So it's probably best to not rely on Instagram.
> Successful communication is easy if you don't worry about security. Just post it on Instagram.
Nope, assume Meta is captured and will suppress such communication.
https://news.ycombinator.com/item?id=42777938
https://www.bbc.com/news/articles/c4g32yxpdz0o
This has been widely replicated on inauguration day before being rolled back.
I would assume any social media site whose CEO attended is captured as well.
Here's a guide to PET (peer-to-peer, encrypted, through Tor) apps, focussing on Briar and Cwtch: https://itsgoingdown.org/the-guide-to-peer-to-peer-encryptio...
Depending upon which OS are on. If Android - Briar is the most famous and obvious choice. On iOS? There are not any options really but wasn't any usable one around a year back the last I had checked.
On iOS there are not many options for P2P w/o Internet (I assume that is what you meant - otherwise if you want P2P over Internet then there are some options although not really "truly" P2P of course - and of course if Internet is shut down or overwhelmed then it will be down). There's https://github.com/berty/berty (the last time I tried it was crashing incessantly but it might have improved). I do not know of anything else really (there might be few but I am not sure).
Turn your phone off, and wrap it in 5 layers of tin foil. Or like you said leave the stupid thing at home.
Hey that should go well with my tin foil hat.
How safe is Bluetooth really? Cities has scanners used to track devices for monitoring road congestion, malls have scanners to measure foot traffic. I have to believe that anyone with access to stingray type of device can track Bluetooth as well.
Don’t both Apple and Android implement random BT MAC addresses specifically to prevent this kind of tracking?
There could be other fingerprints besides MAC addresses.
How about my smartwatch, or my $29 earbuds? They are always conveniently near the 'random mac' and can be used to fingerprint.
don't bring them to a protest, simple :)
Yeah, not sure many people are aware their beloved tech is spying on them. At this point face recognition and other tech can make it such that everyone is traced, filed and automatically sent summons of some sort.
Usually, protests are located in one somewhat easily defined area, until you cannot be there anymore or the goal has moved somewhere else. So then you need to get to another spot, this is the moment you disconnect your battery until you've arrived at the other place.
So yeah, they'd be able to say that "person A was at location B and later C", but not necessarily the way there or after/before those specific locations.
I agree that the safest is to assume they can definitely track you no matter what protocol/antenna you use, so you have to chose what moment it's OK to be tracked (like large groups).
> so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends
I can't even get Bluetooth audio to work reliably in a crowded cafe, are you sure these other protocols would fare better?
Messaging doesn't have the same real-time requirements. It's still often flaky.
.....please don't rely on cell towers being too overloaded to track you. The rest of the advice is solid.....but the premise is just gonna get you v&.
My note about overloaded towers is not about that they'll be unable to track you, but you'll be unable to use public internet to communicate with the rest of your group.
The battery thing can be important. One strategy law enforcement uses is to force your phone into a high energy state and zap the battery very quickly.
No need for the law enforcement to do anything. I suspect that a large, thick crowd where everyone carries a phone creates enough radio interference that phones lose contact with the tower very often, and try to reconnect very often, especially when people send or receive messages, auto-upload photos, etc. This keeps the phones in the active state for longer, draining the batteries.
What does this mean? What does the zapping accomplish?
Guessing from things I've heard, take this with a grain of salt:
- In order for most cellular protocols to work successfully, it's necessary for the transmission power level (phone to tower and tower to phone) to be lowest possible.
- So that tx power has to be constantly modulated because the phone's distance is always changing as it moves, meaning the optimum power level is always changing.
- The tower is in control of this - it tells the phone how powerful to transmit, and this can be done for each device.
- So I would suppose a malicious party in control of the tower could simply tell the phone to transmit at max power, which will drain batteries quickly, especially if the connection is being actively used I guess. This may have interference considerations but if the tower is really a box on top of a car or truck it may not really matter.
- I don't know how the phone is prevented from connecting to closer non-malicious towers.
I could hazard a guess that if someone made your phone really hot it would be able to be scanned by thermal imaging and pick you out of a crowd. Just leave phones at home, like, use 18th century methods if you have to. I dont pretend to care or know why people would be interested in this, but like, your phone probably is not your friend in a protest
Sounds like a great movie. When does it come out?
nice try diddy
I'm guessing in this context it means drain the battery. I haven't heard of this technique, but it seems plausible, by tricking the phone into constantly transmitting over WiFi or cell.
I wonder how useful purism phones are for this (all external communication, including GPS, has hardware shutoffs).
They are expensive though...
Couldn't you achieve the same by just enabling airplane mode or similar on regular devices? I don't think niche devices with hardware killswitches should be necessary
My S23 enters airplane mode and the WiFi and Bluetooth are still connected... Airplane mode isn't what it used to be!
I just have a 20 yo Nokia - doesn’t have all the fancy stuff, only can send texts
Reducing the ability for protestors to coordinate on the streets.
You dont coordinate on a protest with a phone and a network
I don't think it's a good idea either but people do text each other.
> One strategy law enforcement uses is to force your phone into a high energy state and zap the battery very quickly.
As a denial of service attack?
How do you force a phone into using more battery through external means?
(I have no information and thus no opinion on this being a thing that happens but)
constantly keeping the cell antenna and CPU awake would probably do it. it's a BIG part of why weak cell signal and lots of noise at e.g. conventions drains your phone many times faster than normal, even when you're not using it. you could probably do that just by sending junk data to everyone occasionally, or delaying valid data to prevent going into sleep modes for longer periods.
If you ever forget to put your phone in Airplane Mode when flying (and you survive the flight!), you will notice that the battery is surprisingly depleted.
I think it has to do with the phone constantly renegotiating with cell towers along the route.
I've seen similar behaviour when a hurricane took out power to a local tower, and it was intermittently restored.
It might be possible to emulate that in a controlled environment/area.
Not exactly. The phone needs to transmit with enough power to communicate with the tower. When connected to the tower, the tower is constantly monitoring the signal and sending back information to the cell phone to tell it how much power it needs (without using more than it needs and wasting battery life).
If a phone isn’t connecting to any towers (like on a plane) it assumes it is out of range and is blasting out max power trying to find something to connect to. During hurricanes, many towers are down, which can overburden adjacent towers as well (since each tower only has a certain number of slots/channels it can handle). It means that you may not be able to communicate with your closest tower, since it is down, but you also may not be able to communicate with the next nearest tower, since it at capacity for current users, which puts you in a longer distance higher transmit power situation.
From what I have heard, those Stingrays act as fake towers, so I would assume they could set them to always tell the phones it needs max transmit power.
If iPhone, have a case of active AirTags in the vicinity.
Nitpick: it's sap the battery, as in sapping energy.
I think both 'sap' and 'zap' work in this context, and zap might be the better option because 'sap' can have the additional meaning of moving the energy somewhere else, whereas 'zap' can just mean to remove in general.
"zap" has never meant to remove anything, in general, where are you getting this?
https://www.merriam-webster.com/dictionary/zap
zap: 2 of 3; verb zapped; zapping; zaps
transitive verb 1a: *to get rid of*, destroy, or kill especially with or as if with sudden force
I was using the "to get rid of" portion of the definition.
That implies you've detonated or otherwise destroyed the battery, not merely drawn the energy from it.
cold boot attack usually on pc and laptop, nowadays there are not much removable batteriez
Keep in mind "Mens rea." If you are implicated in the crimes of the crowd all of these actions may be used to increase the penalties you face. Even if you "trust" the crowd, somehow, you should remember that agent provocateurs exist.
You might ask what attending a large scale protest is intended to achieve and decide for yourself if the personal risks are worth it.
> You might ask what attending a large scale protest is intended to achieve and decide for yourself if the personal risks are worth it.
True. But keep in mind that demonstration size can have an impact.
Even just relatively large, not even a Million Man March.
For example, relevant to recent news magnifying vile Nazi-saluting imbecile demographics: They tried to pull that at an event in Boston in 2017, but tens of thousands of counter-demonstrators showed up. https://en.wikipedia.org/wiki/Boston_Free_Speech_Rally
We need more reminders that the US can be good people.
> but tens of thousands of counter-demonstrators showed up
What social change did this lead to? It sounds like two ideologically opposed groups showing up in the street to war with each other. In the end the organization just built a new group and moved everyone into it. What is this meant to be an example of?
Seems like "Sound and fury. Signifying nothing." to me.
> reminders that the US can be good people.
The US /is/ good people. Will it ever be 100% "good people?" Of course not. Perhaps you shouldn't let salacious for profit media hyperventilation over the few bad apples that exist to tarnish your view of an entire country. Let alone allow this to encourage you to participate in meaningless street level shouting matches.
The last election proved otherwise. The police are corrupt and now are going to have immunity to it. The President just introduced a meaningless cryptocurrency to bilk his true believers and is just ripe for a rug pull.
We demonized a whole group of immigrants and said they were eating pets and they just pardoned 1500 violent criminals that even the police were opposed to pardoning.
And over half the country is okay with that
> What social change did this lead to?
Even when obviously crazy/corrupt/malevolent people seize control of most branches of government, demonstrations tell some of the people who feel most threatened that they're not alone, that the people around them are not what the news would have them believe, and that many others will come out and stand up for them.
And if those risks are too great due to state over-reach, best stay at home.
That seems too lenient on yourself. Why not do the right thing and hand yourself into the Inquisitor General for wrong-think about protesting? Maybe they'll go easy on you.
At the least you should confess your temptation to wrongthink at the nearest Larry Ellison AI monitoring 'oracle'. Landru...I mean Oracle AIs maintain social order through their constant AI vigilance. The good is the harmonious continuation of the Body.
Also Meshtastic.org is a cheap (various <$50 options) open source LoRa based hardware bridge (or standalone device) that can be used with an app over bluetooth (or WiFi web interface).
It supports strong encryption layer and over 1 km/mile per “hop” in most circumstances.
Designed originally for off grid, it’s very flexible and pretty polished.
Abstracts your phone into a UI. Has a whole ecosystem behind it. I’ve been using it for festivals and tracking my vehicles (high theft area) for years.
Very handy should infra not be available. Should be great for protests also :)
I spend a lot of time in the RF space and Meshtastic is by far the most mature system out there for instant ad-hoc secure digital communications.
However...
The first rule of emergency communications is that if you can conceive of the need in the future, you need to practice using it now. Getting people to download the meshtastic app or figuring out a weird setting is a lot easier when you have working uncensored internet.
This would depend on your phone being able to permanently disable its radio, right? I don't know if I would trust my phone well enough for that, I would be worried even in airplane mode about it making some small beacon checks.
There are Meshtastic devices with keyboards that don't require a phone
There are a few devices floating around with a hardware switch built in. If you use a Pixel, grapheme OS is probably pretty trustworthy so you at least no there's nothing nefarious down to the OS level.
But yeah, in general if you take a phone just assume it's tracking you or at least making it possible for those with access to know you where there.
Do you have any information about the privacy achievable by Meshtastic?
From a quick glance it looks like it‘s using static NodeIDs derived from the Bluetooth MAC address in the always unencrypted Packet Header.
So not only can you sniff these messages from far away at greatly simplified complexity when comparing to cellular communication, but also tie it to the hardware that you carry with you.
Mesh networks sure have its uses, but I‘d be wary of their offered privacy in the presence of adversaries you could be facing at protests!
For the next few years it's fine. Functionally the feds just don't have the infrastructure to care about Meshtastic. In a decade maybe that'll change but two decades in the best they can do against drones is receive the ID DJI manufactured ones voluntarily broadcast and lookup the owner if they registered it correctly.
They're far dumber than most people give them credit, unless you off a rich guy they just don't have the resources to even think about penetrating anything but cell networks.
The encryption is pretty good, they're not likely to break it any time soon. The device MACs are whatever, unless you go to protests then go wandering around an urban area with the same radios for an extended period of time they're not going to do shit about it. They would have to geolocate from the RF emission and that's difficult to do to an accuracy necessary to uniquely identify you. Further, LoRa is still a bit of a pain to work with outside of using vendor chips which don't have non-cooperative DF capability so we're in the realm of expensive custom solutions from an RF shop which is far more money than the feds are willing to spend to dragnet a couple people.
LORA is a such a painfully low bitrate the best you would get is some text. I think 20/50 kbps in absolute best case, more like ~1000 bits per second.
1000 bits/s is still way faster than anyone can type a text message.
how have you been able to use it at festivals? I tried it once and maybe the default settings are terrible but no communication could be achieved. There were dozens of other nodes that it found in a tight space and I think the entire network was saturated with pings/messages that I couldn't get mine to work. Are there settings to change that get around network saturation issues?
Four rules:
If you just want to talk to a few friends, don't bother with the default public mesh config, setup your own with encryption enabled.
Don't use longfast, use a higher speed setting if possible. Longfast will go 10km+ in optimal conditions and in a city environment, won't go any further than medfast.
Don't use the default radio channel, pick another one.
MAKE SURE ALL SYSTEMS ARE CONFIGURED IDENTICALLY - meshtastic is picky about all the radio settings being the same for bits to go through. It cannot figure out that the sender is using a faster/slower bitrate than you are so you will just get nothing. Do not attempt to use them until you've verified that all systems reliably send and receive messages in an uncontested environment. It's very easy to misconfigure meshtastic but once you do, fixing it in the field is going to be very difficult.
Unfortunately this is a topic that attracts LARPers. Remember that if things get spicy, you are not going to settings nerd your way out of a bad interaction with the police.
Tech advice for legal and illegal protests is pretty much diametrically opposite, and advice for countries like the United States is much different than for somewhere like Egypt.
It's complicated!
The fact that rubber-hose cryptanalysis exists doesn't mean that cryptography is useless. While settings nerding is indeed probably of limited use if you have a direct encounter with authorities, settings nerding can prevent being caught up in a dragnet search for, say, every cell service subscriber present at a protest gone sour, just as ubiquitous cryptography probably can't keep you safe from dedicated NSA attention but can protect against warrantless dragnet fishing expeditions.
As pointed out elsewhere, the line between legal and illegal protest is very blurry and can shift rapidly; if anything, the only way to be sure you're not going to a protest that could eventually be classed as illegal is to never go to a protest, regardless of how pure your intentions are.
What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die. In the US, Russian operatives organize a lot of the protests that turn violent. They also organize the counter protests.
In other countries, protests are often organized by foreign entities. The organizers will have good opsec, but everyone else is just (metaphorically) cannon fodder as far as the organizers are concerned.
It's been this way for decades. The Soviet Union organized protests in other countries for pretty much its entire existence. The US helped the Polish anti-authoritarian Solidarity movement and several others.
These are some pretty obscene claims to make with absolutely no proof or citation.
While they were exaggerating by saying, "a lot of protests", certainly there have been some protests that have been organized by Russian agitators
https://www.theguardian.com/world/2017/oct/17/russian-troll-...
> While they were exaggerating by saying, "a lot of protests"
This 7 year old article mentions 60 protests for a single election https://www.vanityfair.com/news/2017/10/how-russia-secretly-...
Obviously the number has grown since then, and this only includes a subset of the protests known to be organized by Russian agents.
Huge shrug to that. Show me the evidence of the scale of it. 10%? 90%? There's an aspect of this reasoning that delegitimizes real protest movements, of which there are 'a lot', and of course there's a long history of 'a lot' of foreign geopolitical actors (including the US) of agitating actual grass-roots movements, muddying the waters even further.
At this point I think you're being less than honest with yourself. A group organizing 60 protests is organizing at scale because they want to create the perception of a movement.
> There's an aspect of this reasoning that delegitimizes real protest movements
Who cares? Our goal is to tell the truth, not to legitimize this or that. The fact is Russians organize a lot of protests in our country. And they're not the only ones who do.
> I think you're being less than honest with yourself
Are you sure that's me?
> A group organizing 60 protests is organizing at scale
Again: what scale? Are we talking all protests? Some? Half? What is "a lot"?
> > delegitimizes real protest movements
> Who cares?
You would, when the protest is about something that matters to you. The very thing that divides so-called Western democracy from the evil Russians is the right to organize, criticize, and protest against the government. When you can't do these things, you're living in an autocracy, something like, um... Russia?
I'll leave you to argue this one out with yourself.
Yes I'm quite sure
Specifically, on that point they claimed "a lot of protests that turned violent," implying that Russian agitators were responsible for escalation. Unless the Russian agitators are members of the police, that seems very unlikely.
Have you considered reading any of the multiple reports put out every year about it? Or, I don't know, a history book?
> What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die.
I mean, that’s kind of a given even for the protests that are legitimate. They really only happen when people reach a point of no return, and the organizers are more likely to be fanatics in the first place.
I don't think that's really true. If you made a list of all the protests in the US that happened in the last, say, 70 years and threw a dart I think you'd almost certainly hit a protest that was mostly performative. Essentially people LARPing, to use the parent commenter's term.
Reputable sources or stop spreading fud
Try google?
Protester LARPers or police forensics LARPers?
[flagged]
Thankfully this attitude didn't set in during the civil rights movements of the 60s! Or we might still have had separate white and black bathrooms.
If we keep following such advice we may again have special water fountains and schools for those other people.
[flagged]
> If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model...
> Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions.
This can be really serious. It is far better to never have/collect/obtain data in the first place.
It got me curious; lets say I go to a protest, lose my phone and wipe it remotely. I couldn't possibly know who exactly got it (since I lost it) so if I remote wipe it while in police custody, could they really get you for "obstruction of justice" for example? Wouldn't that require intent?
I am not a lawyer.
You just don't even want to be at the "proving intent" stage.
If you had a function/service that just automatically wiped your device at intervals, regardless of where you were and what you were doing, that might be more defensible than wiping manually.
Best is if your device can't be locked and doesn't have any evidence of anything at all.
There’s a setting on iPhone called “Erase Data” which will erase the data on it after 10 consecutive failed passcode attempts. That seems like a recommended setting for any smartphone to be honest, especially if it is used for business.
Which is only effective on iOS against law enforcement before first unlock.
If you lost it and no police took it from you, wiping is the normal action.
There are some apps that detect fake base stations monitoring your traffic
There are apps that uses accelerometer and gyroscopic sensors to detect if phone is snatched execute certain action based on this
Use app lock, so in case your phone is opened, apps will still be locked --> lock galley + filesExplorer(any) + settings + playstore + Browser(All installed) + Cloud/RemoteDrives(any) + Any syncing apps + Contacts + Email+messaging apps etc
(Hell all apps for utmost paranoia)
Use apps that remotely sync your phone specific folder/gallery every time new file is created (So when taking photos or recordinf something, if pbone got snatched, data is deleted + phone is broken or formattef/wiped against your will, your files have already synced to remote location so no worries
Snoopsnitch https://f-droid.org/en/packages/de.srlabs.snoopsnitch/
Stayput https://f-droid.org/en/packages/org.y20k.stayput/
plucklockex https://f-droid.org/en/packages/xyz.iridiumion.plucklockex/
> There are some apps that detect fake base stations monitoring your traffic
Pixels (and soon other Android devices) have this functionality built-in: https://security.googleblog.com/2024/10/pixel-proactive-secu...
> However, in this situation it may make more sense to disable biometric authentication.
In Face ID, there's a setting that requires direct eye contact in order to open your phone. Highly recommend enabling this when feeling insecure about someone forcing you to open your phone (if it's not already on by default) because it means somebody forcing you to open your phone with Face ID can be easily defeated by simply closing your eyes. I tried this a number of times during the BLM protests, and I/nobody else could get my phone to unlock unless my eyes were open and looking right at it. So with Face ID, I think it's actually way more secure to have biometric authentication turned on, using this setting. The thumbprint stuff might be a good idea to avoid though.
(WARNING: This will make your phone pretty much impossible to unlock with your face if you're inebriated on anything. Ask me how I know. xD You should probably disable it after the protest.)
While this is good info, it should also be known that in the USA, a judge (maybe and police officer?) can legally command you to unlock your phone via biometrics, but they cannot legally command you to unlock via password or passphrase. “Legally command” = command you to do something with the force of law, and legally punish you if you resist
The reasoning behind this is that your fingerprints and face etc. are public knowledge. Whereas you can retain your right to remain silent (about your password/PIN), failing to provide these aspects of your person can be viewed as not cooperating.
>The reasoning behind this is that your fingerprints and face etc. are public knowledge.
Not really. You can be compelled to give blood sample for alcohol testing, but your blood is hardly "public knowledge". Same thing with strip searches.
That is usually due to 'implied consent' laws. Most states have it written into what you sign to get your license that you must submit to DUI testing. Generally, you can refuse, but the penalty for refusal is worse than the DUI penalty.
How does that mix with making direct eye contact
It’s not speech, ie not protected. I would assume they can force that in practice.
IANAL, but I think the distinction is that "give us the password that unlocks this" is forcing you to testify against yourself, producing something from your own memory and forcing you to admit ownership/control of the object. (Which might not even be yours.)
In contrast, "the device opened in response to the same fingerprint/face that the suspect has" is a form of world-evidence which doesn't infringe on your mind, much like "the key found in your pocket unlocked the safe."
On an iPhone, you can click the power button 5 times to disable Face ID until the next time you enter your PIN.
Depending on your settings, this may also call 911 automatically, but that can be canceled.
This has failed me. I was mugged while black out drunk, and they succesfully unlocked my phone, unlocked my banking app, etc, despite me having the eye contact feature enabled.
How do you know what happened if you were blackout drunk?
Briar messenger is specifically designed for things like protests. I think I would prefer it over Signal. The article says:
>Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most: ...
That is the all the information they claimed they had. We have no way to know what they actually collect. Briar runs P2P over Tor so they can't collect data, even if they should want to.
Whatever is used, an article like this should remind the potential protester to turn on disappearing messages with an appropriately short interval. The powers that be might use something like a Cellebrite box to get all your old messages by cracking the phone security.
> Briar runs P2P over Tor so they can't collect data, even if they should want to.
That makes the common, dangerous, naive assumption that the implementation is secure. Correct, complete, secure implementations are very hard.
(It also assumes the design is secure, which is impossible to tell based on that limited information. P2P is not any more secure than over the Internet: In fact, it's easier to identify (there are only a few Briar P2P signals and near-infinite Internet signals - you've outed yourself), and if you mean local mesh P2P networking, that doesn't help at a protest, where the authorities also are present.)
In the more public app world, only Signal has done it well enough that experts trust it, and they have lots of free help from the expert security community.
It...depends.
If you're not technical, signal is hands down the best solution.
If you have a group that's going to something and you are willing to take some extra steps, something like matrix/briar/simplex/whatever setup with a self hosted instance provides you with the knowledge that all the infrastructure is under your control and that the feds just aren't going to have the time to sit down and figure out how this shit works.
The thing this thread is wildly missing the point on is unless you off a ceo or are a prolific organizer, the feds are systematic. They pick a set of techniques and technologies that cast the widest net possible with the money they have, then spend their time trying to nail people within that venn diagram. Yes, security through obscurity is not ideal in-and-of-itself, but combined with encryption and chaos, you can get much farther than using the same stuff everyone else has been using for a decade+. If you stay near the leading edge of tech the feds are a decade behind you, they still have years of threat briefing powerpoints to sit through before they can even think about implementing a countermeasure.
You could find 1000 CVEs in briar but if only a handful of of people at a demonstration are using it, the feds are still going to be sitting there beating their heads against signal because that's what they know how to do. If they ever find a single high severity CVE in signal, it's game over for everyone.
What are the bases of your claims about what government authorities do and don't do, what their capabilities and resources are, etc.?
> the feds just aren't going to have the time to sit down and figure out how this shit works.
They have resources many orders of magnitude larger than you. The NSA has tens of billions of dollars per year and five or six figures of personnel. It's you who don't have time.
:)
Signal is open source and ships with verified builds, so yes, we have a way to know what they actually collect.
I meant at the server. We have no way to know that is running there.
The point of end-to-end encrypted messaging is not having to care about what the server is running, which is why the threat models for most academic cryptographic research on these things is "assume a compromised server", and, if that gets you real compromises, the protocol is considered broken.
End to end encryption protects content. It doesn't protect things like information about who is talking to who. For that you need something like an onion network. As already mentioned, Briar uses Tor for that. Signal claims to not collect such information but my point is that we have no way to know what they collect. Claims don't count for anything for these sorts of things..
How can the server collect data you aren't sending to it?
The server is open source too. You could download it and run your own server, afaik.
Signal occasionally drops something that could be the server code.
When they were working on their cryptocurrency they didn't release anything for over a year.
isn't that what the e2e encryption is for?
I guess they could collect metadata of course
If you're this worried, don't bring your phone lol. If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.
Otoh, the main function of protests is to get media attention, so if they don't get publicized there was basically no point unless they evolve into direct action.
If you're interested in this second point, read https://www.amazon.com/If-We-Burn-Protest-Revolution/dp/1541...
>If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.
If you record police brutality, it doesn't do any good if the police come and smash your camera and then deny it. Being able to live stream or to live backup photos and video can be useful.
Also, many recent causes have used social media to provoke "big media" attention. The Arab Spring used social media to circumvent government crackdowns on communications and bring international attention. The #BringBackOurGirls hashtag was started locally after the Boko Haram kidnappings and incompetent government response and brought global pressure and resources.
> don't take identifiable pics of people without consent
Hard disagree. Public events are public events. My conclusion, based on experience at street protests, historic trends, and current political events, is that there have been significant actions by provocateurs over the past decade or more, and particularly in Portland in 2020. Taking and posting pictures of these people is an important act. It the internet age makes this tactic impossible, it will be a huge win.
The upside is nonexistent anyway: the state is photographing everyone at these events, so you taking an additional photo does not change the risk surface for anyone with regard to state retaliation.
I can definitely see this perspective. I'm a bit torn myself on the public event section. The second consideration is, yes they are filming, but just because someone is filming it's not necessarily a useful picture (blurry, low res, bad angle, obstructions, etc). Your picture might be useful especially since you may be closer to the action.
As another Portlander, disagree with exceptions: surveillance footage made it harder to identify people from top down angles, and it meant that a lot of people had their charges dismissed because of that. (I will need to look it up.) The bigger risk to a protest movement, I would argue, is an opposing agent provocateurs trying to get people doxxed. That risk to more people outweighs getting minority of provocateurs shut down.
(On the other hand, you’re also right that agent provocateurs are old COINTELPRO-era tactics used by the state and right wingers against protest movements.)
When it comes to tactics to keep yourself safe when protesting, there aren’t ultimately too many hard beliefs to be had, especially when the right are perfectly happy to collaborate with the state.
>The bigger risk to a protest movement, I would argue, is an opposing agent provocateurs trying to get people doxxed.
That wouldn't be an agent provocateur right?
I mean there’s two sets of social norms here, right? Set one is that whenever you see the first person advocating or starting to break windows or start fires or do something else illegal, you all point at the guy and chant “fed, fed, fed” until he slinks away in shame or maybe shove him out of the crowd and into the police lines and let the cops handle him. The other set of norms is that when you see people do those things, you don’t snitch. Various protesters will adopt either set of norms.
Maybe you’d argue that the second set of protesters are actually feds; I won’t argue the point because I prefer the first set of norms myself.
> there was basically no point
Other good reads on this include the end of protest, the end of the end of history, capitalist realism
Or simply leave your phone at home. Need to meet with friends? Plan a meeting point. Need to take photos? Do you really? What right have you got to photo other people's faces? Just leave your damn phone at home.
Taking video can protect against police brutality or false claims by the police. Although I agree that it also is dangerous.
If you want to take photos, bring a good quality video camera, preferably with optical image stabilization. It’s much harder for disinformationists to deny or reframe a long, uncut video.
>Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.
Good tip! I didn't know about disabling 2G support on my phone.
I just checked my Samsung S21 and there's no option to disable 2G. I can choose 3G only, or if I want to use 4G/5G I need to enable 2G as well.
Th smartphone is the greatest mass surveillance device ever conceived, although AI monitored camera networks will probably exceed it very soon.
There are basically no countermeasures. Which means freedom is truly at the discretion of the powerful, because once the government goes North Korea there is no going back.
I actually think the biggest threat to humanity in the Great Filter sense is authoritarianism, more than nuclear Armageddon, grey too, or super AI.
Nothing can stop by he centralization of power that AI provides to the powerful, and the fact the elite have been brazenly antidemocratic and anti- institutionalism in public and podcasting platform is this election cycle is frightening.
> Nothing can stop by he centralization of power that AI provides to the powerful
The social acceptance of defeatism and quitting is incredible - they couldn't have a more ideal opposition. You'll never win if you quit before you start. It's mass cowardice in the face of danger, with an excuse of course.
Weapons evolve, defenses evolve. There are ways of trivially defeating cell phone tracking, and there are ways of trivially defeating AI cameras (850 ways specifically). Some auth dipshit will probably come up with some other way of betraying the working class and the cycle will repeat itself.
This would be the same 'working class' that just re-elected Trump?
Potentially this is where the likes of the PinePhone should thrive [1].
As well as the methods suggested, you could have full disk encryption and just have the phone switch off if it suspects any shenanigans. If you want, it could still boot into an OS, but it just denies knowing about the encrypted disk. Done right, the image itself could be difficult to discern from something like a corrupted video file.
> Your Risks at a Protest
In addition, your SIM (likely traceable to you, especially if you have it) will be auto-connecting to their temporary telecom system (i.e. Stingray [2]), where they can find out the following:
1. That you were nearby to the event.
2. A tonne of operations available via the modem [3].
3. If you speak to somebody locally (as part of the routing).
4. Shift your connection down to 2G/3G where it is easier to hack [4].
I think each person needs to consider their security model.
[1] https://pine64.org/devices/pinephone/
[2] https://en.wikipedia.org/wiki/Stingray_phone_tracker
[3] https://www.electronicsforu.com/special/cool-stuff-misc/gsm-...
[4] https://www.eff.org/deeplinks/2020/06/your-phone-vulnerable-...
Regarding #2, I thought AT commands were something you could send to your modem from your attached device. I'm not aware that they could be sent to a modem by another remote modem over the network link. Is that also possible?
You are correct, it's just there to give you an idea of the capabilities of the modem, what sorts of information it holds and what the cell tower may query.
It's unfortunate that Briar is android-only. I know it is due to Apple restrictions on battery usage (afaik). But it is decentralized and can operate locally over wifi and Bluetooth.
These seem like good practical steps.
GrapheneOS has duress pins (type it in, and the phone is wiped). It has secondary pins for biometric - the intent being that your real password is a long passphrase, and "quick " unlock is bio+pin.
I would add to this list some method of uploading video live to another service, in a way that the video can't be deleted via the phone. I know those exist for the express purpose of civil rights, I think the aclu has a list somewhere.
404 Media just released a great related article "The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds"
https://www.404media.co/the-powerful-ai-tool-that-cops-or-st...
HN had a thread about that tool last year:
AI Photo Geolocation - https://news.ycombinator.com/item?id=40232755 - May 2024 (102 comments)
What does this have to do with protests? Aren't protests by definition events where the organizers want people to be aware of?
Protest also attract polarizing provocateurs, you may not want to be associated with all that is done in your name.
Most of this applies wherever but do check your local laws where applicable, I know that in the UK you can be compelled to provide a PIN/password under some circumstances.
This is what the other side is telling law enforcement about iOS devices.
https://cellebrite.com/en/glossary/bfu-iphone-mobile-device-...
iOS is amazing insecurely to a determined law enforcement agency after the first unlock when you turn your phone on.
And a mitigation that Apple is doing.
https://lonelybrand.com/blog/iphones-operating-on-ios-18-1-w...
As far as having a strong pin to help protect you, it won’t protect you from rubber hose decryption.
> As far as having a strong pin to help protect you, it won’t protect you from rubber hose decryption.
I wonder why no one adds a „decoy pin“ which looks like it unlocks the device but secretly deletes sensitive data.
Probably, most people don’t see rubber hose cryptography as a real threat, and in most cases, they’re probably right.
I don’t have any trust in the police or even more so the various 3 letter agencies.
It isn’t about trust, it is about how likely you are to encounter a risk and how big that risk, if encountered, is. Do you own a hazmat suit? A nuclear bunker? Did you install a 5-point harness and wear a helmet when you drive? Could you be tortured for information by the police? Yes. Is that in any way likely at all? No. Taking reasonable precautions against likely actions by law enforcement is better than acting like all things are possible so no point in doing anything.
The chance of encountering a police that operates unlawfully - especially since they have qualified immunity is a very big risk. The chance of other police covering for them is close to 100%
Old phones are an underappreciated resource, imo.
I keep a few handsets around for apps I don't want on my daily driver (ex:food ordering, 2FA).
More in line with the article: For alternate cell/SMS service I have a RedPocket SIM. (note: I see now it's $45/yr on ebay. I'm paying less, prob grandfathered).
>Old phones are an underappreciated resource, imo.
Not really. Old phones don't receive security patches and can be trivially unlocked to extract all relevant information. Sure, it might not have your nudes or bank login, but if you're using it to coordinate the protest that's plenty of incriminating evidence for the police.
>For alternate cell/SMS service I have a RedPocket SIM. (note: I see now it's $45/yr on ebay.
You have to be very careful with this, otherwise it's trivial to tie the phone/SIM back to you. Off the top of my head:
* the billing/shipping address used to order the SIM
* any payment information used to top-up the account
* location correlations with any other devices you own (for instance, if your burner phone pings the same towers as your primary phone for an extended period of time)
* using it for anything other than protests (eg. as a "burner" number when applying for jobs to avoid spam)
It depends on the threat model. A local police force vacuuming up cell data looking for easy targets and ways to intimidate protestors is different than a targeted investigation by a state actor to identify everyone at all costs.
The Jan 6 insurrection is a good example of how difficult it is in a real world scenario to ID specific people in a large protest, and many of them got caught because they talked about it afterward on Facebook. If you are cell phone 2,347 on a spreadsheet of 33,422 phones and the number has no associated locational data, open source information, etc. you are way safer than bringing your regular phone, while not being an easy target and being able to communicate if you need to.
> Not really. Old phones don't receive security patches.
For a phone that was off until 2 hours ago and it's only login is the app they comm with, there don't seem to be a lot of meaningful risk vectors.
> and can be trivially unlocked to extract all relevant information.
The unlocker will maybe get one app login and 2 hours of location data.
> if you're using it to coordinate the protest that's plenty of incriminating evidence for the police.
It's one app login and 2 hours of location data. Most of that same info can be gleaned by directly observing the individual.
Mobile Phone Security For Activists and Agitators
https://opsec.riotmedicine.net/downloads#mobile-phone-securi...
Most of this is everyday security.
"Avoid External Storage"
They missed part with this. You could use external storage just for your current recording purposes so you can pop the SD card and take it with you if you think your phone will be taken.
You should be going into airplane mode at an isolated time before you get to the protest so you don't have a pattern of 10 friends all of a sudden dropping off the network together.
Infact it's probably not the best idea to protest (in a crowd) anymore. The cops know how to kettle, and they have the tech edge. Activists need to think and act more asymmetrically.
A sufficiently motivated state actor will have little issue with finding what they want/need, no matter what measures are taken.
protesters deal with various agencies from private security, city police on up to federal FBI etc. These measures will help in the most common scenarios and prevent further escalation. 99.999% of protestors are not going against NSA counter-intel teams, they are encountering low-level private security or police who escalate the situation.
Every security practice is a risk/reward. The measures being offered here are no-cost measures which can reduce the exposure of evidence to casual security / police.
Re: iPhones - these suggestions are really good, AND it shows how hard it is to keep track of the attack surface of all of modern iOS features. I wish Lockdown Mode also set these hardening features on: it seems useless to harden your phone against spyware if you can still be surveilled in other ways.
Almost too many steps to remember here. Would it be possible for an app to prompt you to do all this? An app can bring up settings to allow your camera access, why not to quickly change those other settings?
Just use Meshtastic! ;-)
See also the EFF Surveillance Self-Defense guide for activists and protesters:
https://ssd.eff.org/playlist/activist-or-protester
Technically you could piggy back on another protocol and obfuscate your comms. Like piggy backing in an envelope across https connections from server to server. Nobody is looking there. And even if they are, good luck decrypting that. Looks like a legit site but it is actually a proxy for delivery encrypted payloads.
yes, will need this in the upcoming class revolt.
[flagged]
The great thing about this article is that it's equally applicable to both far left and far right posters. Very inclusive <3
It's called a burner phone. Learn from the professionals...
I don’t understand the issue. Protesting is legal. Are we advocating for illegal activity?
In the US, free speech is legal. You also have a right to congregate but lots of institutions find ways to subvert that, often by creating private spaces that seem public (and effectively are public but I am not a lawyer). The whole concept of civil disobedience in the US goes back to the Mexican American war, which many Americans felt was an opportunity to expand slavery to new states. Another example is the civil rights movement, where people thought it was acceptable to sit in the wrong part of the bus, even though it was against the law.
I am not advocating for breaking the law. You have to understand that if a police person or a security guard violates your rights of free expression you may not get bailed out by the ACLU.
https://en.wikipedia.org/wiki/2012_Quebec_student_protests
Mostly legal protests that got violently repressed by enforcement of unconstitutional laws in Quebec.
https://en.wikipedia.org/wiki/2010_G20_Toronto_summit_protes...
Same thing in Toronto.
Canada rates very high on democracy indexes. Even if you beat the charge in court you can still get arrested on bullshit in every country.
1) Protesting is illegal in many parts of the world.
2) Authoritarians have been known to act illegally to solidify their power.
Are we imagining only “good guys” will be the ones breaking the law?
No, basically by definition. What's your point?
That depends on whether the police like your protest.
There’s some strategic ambiguity going on here. If you’re going to a protest that looks like the Women’s March on Inauguration Day of 2017, you don’t have to worry about this kind of thing. If you’re starting fires or breaking into the Capitol building, you definitely do have to worry about this sort of thing. And just to make things even muddier, the exact same protest can radically change from one to the other based on specifics of time and place. In the summer of 2020, Seattle and Portland had mostly peaceful and uneventful protests by day in the exact same places where shootings and arsons would break out after dark, while on January 6th, just as some of the rioters were trying to force their way through the windows on one side of the Capitol building and clashing with Capitol Police, on the other side of the Capitol they were peacefully walking through wide open gates and doorways and milling around in the hallways as the Capitol Police looked on. And yeah, the peaceful ones get prosecuted sometimes too.
I think the "strategic ambiguity" here is ethics. Civil rights protestors were clearly breaking the law when they sat at diners that wouldn't serve black people. But who today thinks they were wrong? When I was a kid, students protested at Universities to divest from Apartheid era South Africa.
People can agree on what the law is, but they don't always agree on what is right. Sometimes a democratic government will zealously defend a law, war or principal that later generations of the same government will disavow.
> Civil rights protestors were clearly breaking the law when they sat at diners that wouldn't serve black people.
Sure, and then they let the police arrest them because the sight of peaceful people being hauled off to jail for sitting at the wrong diner or on the wrong seat on the bus is the statement. It’s called civil disobedience; Thoreau both practiced it and wrote about it a century before the civil rights movement. What none of those people did was try to obscure the fact that they were breaking the law or evade the consequences. Their plan was to go to jail over and over again to make the injustice of the system constantly manifest. So how does this even remotely apply to the article, which is about trying to avoid legal consequences?
Yeah, I think a key point here is recognizing that the law isn’t always aligned with morality, depending on the issue you’re protesting for/against.
How would you feel if your political opponents made similar justifications? Are they laws for the thee and not for me?
I think you misunderstood me. My point is not that the law should align perfectly with my morality, it’s that in a functional democracy, there will _always_ be parties that have a moral position that does not align with the law. I believe it should be legal for them to protest, but in many cases it is not (speaking globally, not just in the USA). So I think it is good for protesters to be able to protect themselves, because my aspiration is that anyone who disagrees with the state should be able to make their voice heard.
So yes, to answer your question, I think my political opponents should be able to protest. If the state doesn’t allow them to, I am fine with them using tools to protect themselves legally.
The line I draw this at is violence and looting from innocents.
It seems you phrased your response as a “gotcha” but I’m really not sure what point you’re trying to make?
IIUC, the parent [1] is talking about 2 scenarios going on
1. If you're planning to commit arson you want to have encrypted radios to not get caught.
2. If you're planning a peaceful protest at a location somebody might commit arson you want an encrypted radio so you don't get unfairly punished.
I don't think anybody is arguing that (1) is desirable. They're arguing that the people involved with (2) shouldn't be punished for (1)'s crimes.
[1]: https://news.ycombinator.com/item?id=42833935
Agree, nobody (at least not I) is suggesting the former
>Protesting is legal
first of all, where?
secondly, what has legality of protest got to do with privacy?
The concern of your phone being taken by authorities or capturing incriminating evidence
Are you making the "if you've got nothing to hide" argument?
That would be sharing your phone and password with the police because there is nothing to hide.
I’m asking why you’re expecting to be booked by authorities and your phone confiscated for attending a “protest”.
1. because the U.S. is not the only country on Earth
2. because even in nations with strong constitutional protections, law enforcement likes to play dirty
[flagged]