The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.
Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-
It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.
The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.
The only safe phone is a phone with no data.
Otherwise there will be tools to gain full access.
Without forgetting the good old rubber hose attach
FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider
Is this convenient? No Is this accessible to the average user? No
I just think something at certain point went extremely wrong in history. We accepted control at expense of convenience
For my apps, I use biometric unlocks. To get in passed the lock screen to get onto my phone’s home screen, I have to enter a pattern. I figure that if they’re already passed the pattern, more pattern won’t stop any unauthorized user. So, it really isn’t worth the inconvenience to enter the pattern for all my apps (like banking, cc, investments, etc.) over and over. But, if they can’t figure out my pattern after so many tries, my phone auto-erases.
phone auto-erases.
i’m WAAAY too clumsy and forgetful to have auto-erase on!
Just also stop saving critical stuff on your phone you’ll never use nor open again. A good mailbox is an empty mailbox, empty signal chat and so on. With AI it is leaking any away possibly out your phone
Another thing for an overhauled Constitution. One’s body and devices should be considered to be papers and effects.
that’s precisely why i never stopped using a password to access my phone.
You actually type “hunter2” in every time you want to unlock?
Instead of using your face or fingerprint to unlock it they could demand that you just type the password, could they not?
“I don’t recall.”
Good question. In the U.S. It violates your fifth amendment right not to testify against yourself/self-incriminate… unless a person doesn’t know that and voluntarily unlocks it.
From a legal perspective, no. Passwords would be a 5th amendment issue.
Nope, believe it or not, that’s treated entirely differently. Considered to be covered by the 5th amendment since you would be required to provide information that could be self-incriminating.
No.
There is no search warrant for the contents of your mind.
Of course “rubber hose decrypt” is always an option, but we’re not quite there yet.
Aren’t we?
I believe it gets a bit trickier because you can use your right to remain silent? They also can’t physically force you to speak the password but they can restrain you and unlock your phone by force.
Use GrapheneOS so you can “unlock” your phone and enter the wipe code instead.
You don’t have to give them your password, and GrapheneOS has a convenient feature to turn off biometric unlock for only unlocking the phone, but still lets you use it in apps
Wasn’t there a legal dispute around this that was trying to get them with tampering/destruction of evidence? Not sure if it’s foolproof.
If you do use GrapheneOS, quickly restarting the device means your pin is required before biometrics unlock is available. As I understand it – in the U.S. – law enforcement can legally compel you to unlock your phone with biometrics, but not a pin. Not that you can trust law enforcement to be law abiding, but at least it’s a stronger case in court.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any “evidence” by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
In this economy??!
You mean you’re not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.
Always back up anything you don’t want to loose.
How should I protect the backups? Same story?
Your backups aren’t nearly as likely to be subject to an immediate civil forfiture as a phone is. Cops don’t need a judicial warrent to take your phone, but they do need one to search your home legally, and if you do your offsite backups in another country, they would need the cooperation of the local authorities of that country. Strong encryption can provide a relatively safe barrier for offsite backups.
Also, it’s possible to have some things that may only exist on your phone and not your server/backup system(easy biometric unlock for a password manager, or encrypted chat logs, to name a few examples).
These practices and tips are not for everyday people but for high targets and work devices
Actually, these tips are for every day people (just not people whose kids can get to their phones). High targets get their ram frozen with liquid nitrogen, their PSU spliced into a battery pack, and the entire system-state backed up for retries.
Don’t they make a copy of the phone before they go about trying to unlock it?
This kind of security is only going to work against a careless or incompetent atta-- oh. I see…
That requires USB connection to even be possible with a locked phone.
Yes, and you can disable usb completely on graphene.
It also will not accept new USB connections while the screen is locked.
Not for state sponsored campaigns. They’ll cut the damn chips from your phone and send signals directly to the individual pins if they have to. They’ll freeze your ram into super cold state to make it nonvolatile. They’ll do some crazy shit, man.
Holy Christ, what are you guys doing on your phones to fuel this much paranoia? I have a constitutional right to privacy and i dont want my information/data (the very essence that makes me me) harvested and sold – for those reasons im opposed to most searches and i’ve never used biometrics. But the need to nuke my phone because a cop got it is so far from a necessity that I cant think of what im doing that I would need it.
If you’ve got nothing to hide you e got nothing to fear…?
In a situation where you are raided like the journalist, it may be worth nuking the phone. Consider the sources that could be exposed.
Having your phone available to law enforcement is the equivalent of forfeit your right to remain silent.
And more, once they have access, what is stopping them from planting false evidence? In this fascist fever that US is living… I would prefer to avoid the risks.
Other than literally everything I think and feel you mean? I think it’s perfectly reasonable to not want to allow police or especially federal agents into my own head. My note taking apps, my password manager which links to all of my online accounts, and my entire web browsing and search history are all linked through my phone. Also signal and discord and lemmy, and on and on…
Exactly this.
Read about the Hawthorne effect: https://en.wikipedia.org/wiki/Hawthorne_effect and how people change their behaviors when they are being observed. Being free of observation is vital to being able to think your own thoughts without outside influence.
If the problem is with the usage framing the hypothetical adversary as a country’s law enforcement, pretend you live in a cyber North Korea and have a cellphone. The idea of an adversary is just a means of thinking about the problem. You want to build a system so that they can’t capture your flag (your flag being some digital information that you want private).
Whatever the opposite of TL;DR is:
It isn’t intended to be read as ‘do this to avoid law enforcement so you can do crimes’.
When thinking about security/privacy (same thing), you don’t know what kind of attack you may eventually have to defend against, maybe you have a partner who has decided to stalk you and so they screen read your PIN or a strong arm robbery where they’ll try to use your phone to access your bank.
Instead of trying to imagine every single possible scenario, you imagine one model scenario. In this model scenario, the adversary has every possible capability that is available and your goal is to keep your flag safe, or be able to pass a flag between two people without it being seen, or various other scenarios (which are themselves just model problems of types of system that you need to secure).
This hypothetical adversary, in order to have these capabilities in real life, would be the equivalent of a sovereign nation with unlimited funding and access to all technologies that are possible (and some that are only hypothetical). This description fits one country pretty well and so, as shorthand, people often just write ‘the feds’. I guess they could also write ‘Eve’ but that is a specific adversary in one kind of scenario and not the general Adversary.
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn’t bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
I use biometrics to access some of the apps on my phone. But my home screen requires a password to unlock.
Good advice, thanks.
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when ‘at rest’, ie shutdown.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn’t fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
You should always turn off / reboot your phone if you expect it to be potentially be taken
Simply being locked after being unlocked once leaves the phone in a less secure state than if it was fully off or just rebooted and never unlocked.
If you need your phone to record the interaction, then you might only get as far as locking it, but always strive to shut it down.
Also, don’t take your phone to protests. ACAB.
Wear clothing that can’t identify you. Hide tattoos and anything that might make you stand out. Get clothes from a free giveaway place, without cameras. Walk a bit differently if you need to.
Cover your face and cover surveillance cameras, or break them, or hack them (do the latter two only if you know what you’re doing).
Wear a body cam. Get bear and pepper spray. Pigs can fucking get it.
For the clothing thing, it should be enough to buy from a thrift store. Just pay with cash to be safe. Although if you’re planning to do something that’ll make you of particular interest this may not be enough. Thrift stores do have cameras, and the police could theoretically look for a particular set of clothing being purchased. Its incredibly unlikely and would take a ridiculous amount of effort, but it is possible.
Bicycles don’t have license plates if you need a faster way.
I’ve been debating buying a burner phone for protests, leaving my main phone elsewhere, and only powering on the burner when it’s needed. Probably the only way to bring a phone to a protest.
Buy an older pixel and install Graphene
Keep it off/in a faraday bag at all times, never turn it on at home. Go to elsewhere to set it up.
If they REALLY want you, you will get got.
But there’s no reason to make it easy.
You can also buy faraday bags, if you want a phone available but not online. But it’s still there physically so burner would still be a good choice.
Just test it first. I got a faraday bag of Amazon and it didn’t work.
100%. I tested mine with calls and making sure the wifi and Bluetooth didn’t go through.
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern
On iOS, with a locked device, quickly press the lock button five times to do the same, it should bring up the power off/SOS screen, which you can dismiss.
This can also be done by holding down both power and volume up buttons for a few seconds.
TIL thanks!!!
In android; there is also a ‘lockdown’ mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn’t fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
2 things. Unless I accidentally enabled this setting, it’s on by default. And what do you mean by lockscreen bypass software. What would be the point of lockdown if its not effective against law enforcement trying to brute force your privacy?
it’s on by default
It may well be on by default now. I just know I had to enable it the last time I looked at this.
what do you mean by lockscreen bypass software
Tools such as those provided by Cellebrite and similar.
Lockdown mode is mainly to disable biometrics, to prevent someone on the street forcibly using them to unlock your device. It’s not going to stop an entire agency with more sophisticated tools.
People, if you are taken into custody and are forced to unlock the phone and you wipe the phone instead, you are living in a fantasy world if you think you can’t get in trouble for that.
Maybe that’s worth it but let’s not kid ourselves that there wouldn’t be consequences.
Remember plausible deniability is a social concept not a legal one. It might of helped you get out of being grounded but it won’t save you from jail time.
That’s why you need a second account the distress pin opens that looks like it’s used for some stuff which leaves the rest encrypted.
It’s just risk management. If the only record of incriminating or sensitive (contacts for journalists, gps history etc) is on your phone it’s much better to get in trouble for deleting it than whatever else it implies or proves you or someone else did.
That is highly dependant on the country you do it in.
In matters where the judgement of the courts cannot be trusted and I would be jailed either way, I’d rather have the option to wipe my phone.
Like I said, maybe it worth it to you. Some people commenting like a distress pin is some sort of pancea.
Not relevant. The distress code on Grapgene OS wipes the data on the phone, not encrypt it. Can’t give what doesn’t exist
deleted by creator
Jesus fucking christ.
I don’t use my phone for anything other than directions, phone calls, and texting my wife. Partially because I’m not going to carry around something with tons of shit that can be used against me.
This is fucking insane.
It does not matter. The phone still uses you, no matter how much you use it.
For directions you can use a separate GPS navigation tool. Phone and text calls -> just get a dumb phone.
Just know that SMS and regular phone services are inherently insecure and to not use them for any conversations you wouldn’t want broadcasted to the whole world.
Fair point, what’s then the safest?
I don’t think there’s necessarily a safest, thats a moving target and everyone’s threat level is different. There’s a number of open source E2EE encrypted messaging apps though and lots of resources comparing their pros and cons. I can try to find you a link a bit later when I have more time if you’d like.
Sure, I’m always open to it. And even if it has no use for me, all the more use for other queers and demsocs :3
I’m not sure what demsoc means, but I’ve found these sites to be helpful.
https://www.privacyguides.org/en/real-time-communication/ https://eylenburg.github.io/im_comparison.htm
Simplex is probably the safest.
But I would say signal is very safe while being more convenient.
What if you take your dick and use that on the fingerprint scanner, do you think the cops would make you whip it out
Probably, although they probably can’t force you to reveal it’s your dick that unlocks the phone.
What if I compromise and reveal that it’s a dick that unlocks it, but not whose?
then they’d probably punch you in the dick
On iPhone say “Hey Siri, who’s phone is this?” to disable biometric unlock temporarily.
On Android press the power and volume up buttons to open the power off screen, then press “lock down”.
On the iPhone you can also press both the upper left and right button. It will enable that you can only log in with a password, even if you have Face ID/Touch ID.
You can also establish that if there are too many false attempts to log in, the phone will delete all data. I could imagine that if you kept most phone data on the phone itself, rather than in the cloud, this can be useful. E.g. insert the password wrongly multiple times.
And if you’re feeling really concerned, you can make a Faraday cage (preventing it from sending data altogether). Wrap a plastic bag around, then aluminium foil tightly without gaps, then plastic… repeat three times.
Alternatively, put it in a microwave. Or a stainless trash can with a tight lid, lining the inside with (optional: cardboard first, then…) plastic wrap, maybe more foil. Phone also foiled.
I only use a 10-digit pin number I’m guaranteed to never forget. I type it in every time. But, I don’t spend much time on my phone, sometimes I even forget it when I leave the house.
I prefer grapheneos’s numeric pin+fingerprint or alphanumeric password. Plus I get to brag that I have MFA on my phone login (even if you can use only the password).
Don’t forget the duress password and the protections in BFU state! :)
I only enable duress password when I may need it. With my luck I’ll wipe my phone putting it in my pocket.
