Skip to content(if available)orjump to list(if available)

The protester's guide to smartphone security

diggan

If you're attending a large-scale protest, it's likely that the cell-towers (or stingrays) won't be able to handle everyone who is connected anyways, so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends. This also allows you to continue using Airplane Mode the entire time, while being able to communicate with people nearby.

Alternatively, investing in walkie-talkies that have encryption can be worth it as well, but unsure how legal they are around the world, think some countries put restrictions on those so you might have to acquire them while vacationing somewhere else.

It's mentioned in the body of the article, but get the feeling most people could miss it: Absolute best idea is to leave your "personal" phone at home! Either get a secondary (burner) phone with nothing useful on it and no real names, or skip out on the phone fully. If you do get a secondary phone, make sure it has a removable battery and keep it out from the phone until you arrive at location and as soon as you move, remove battery again.

giantg2

"investing in walkie-talkies that have encryption can be worth it as well"

Generally not allowed in many bands in the US. Motorola sells some AES walkies. They're really the only ones I know of, and they're very expensive.

Aeolun

I don’t understand under what logic AES encrypted radio communications (walkie-talkie) differ from AES encrypted radio communications (mobile network).

op00to

Encryption allows you to use a public resource (GMRS, for example) for exclusive private use. To have private use of a frequency, you gotta pay.

bigfatkitten

In the US, you can't run anything but analog voice on the bands you can use somewhat freely (CB, GMRS, FRS etc). On the amateur bands, you can run digital voice but you can't apply encoding for the purpose of obscuring the meaning of a communication.

You can do this on land mobile frequencies, but unless you're an organisation, you won't meet the eligibility requirements to be granted a licence by the FCC.

Your only other lawful option is one of the 900MHz FHSS solutions, though I don't think any of these offer robust encryption.

echoangle

Well the whole point of hiding your tracks is evading law enforcement, why would you care if it’s illegal? Or is it because of the „only do one crime at a time“ thing?

giantg2

Why do you assume this is about doing illegal things? This is about protests, many of which never turn into riots or illegal acts.

hulitu

> Well the whole point of hiding your tracks is evading law enforcement, why would you care if it’s illegal?

Because it will make you an easy target.

Xen9

Absolutely best idea is to make an encrypted PDA & play forensic scientist by recording everything.

1. Get a Google Pixel 9, 9 Pro, or 9 Pro XL smartphone (Cellebrite-proofn at time of writing). 2. Verify images & GOS. 3. Disable biometrics & wireless connections. 4. Memorize with Anki or your own head a new, NIST-compliant passphrase with ≥ 8+ words. 3. Get a cover for the smartphone. 4. Buy EMI tape and electrically insulating waterproof tape. 5. Tape the insides of the cover with EMI, layering it & govering the inner walls as well, no gaps (overlay two adjacent layer always, say ≥ 1 cm, if possible) 6. Add one layer of the other tape to insides of the cover 7. Story inside your underpants 24/7 powered off when you don't use it.

My setup is more secure than not having phone, a Qubes laptop, a 2G burner, or not having phone.

dartos

How is it more secure than not having a phone?

MrDrMcCoy

By capturing evidence of what happens to you that cannot be tampered with.

thunfischbrot

If you‘re opening the cover, disconnecting antennas might be the way to go instead. Depending on the device, it‘s relatively painless and even reversible.

gknoy

I believe they mean a cover as in a case that has a folding cover, not as in the external layer of the phone itself. So you effectively turn that otterbox-ish thing into a faraday cage that will enclose your phone.

I am not sure how I follow how that isn't completely negated as soon as you go to actually use the phone, though.

ignoramous

Or, use a Faraday cage?

_DeadFred_

Burner phones aren't safe. Security through obscurity worked with the 1990s cell network but not with today's vast logging/geolocation tagging.

scarface_74

The idea is that they can’t tie the phone to a person. You also have to make sure you don’t get the burner phone some place with cameras.

kevin_thibedeau

Once the phone is on, they can tie it to a person with geolocation. Either directly if you do it at home, or indirectly when traveling in a vehicle associated with you.

krunck

Sure the phone can't be tied to a person. But try getting phone service in the US without giving away your identity. Can't be done.

BrandonMarc

While true, I'm kinda wondering if that's even possible ...

seb1204

Can you still buy phones with sim cards that don't require ID to get working? Not in Europe, UAE or Australia.

ghxst

The countries I am familiar with in Europe (NL to name one) you can buy sim cards without any ID. Additionally there's at least 1 provider I know of that's giving them away for free while for the majority you pay 1-5 EUR but get some data after activation. There's no limit on how many you can purchase at once either.

notpushkin

> Not in Europe

In Estonia, you could buy a prepaid SIM card in a convenience shop a few years ago, without any sort of ID verification. Not sure if that’s still an option but I think it’s not a priority there. You can then use it all over the EU.

And of course, buying a phone without a contract doesn’t require ID either.

jenadine

Just break your phone in two part after your call and you'll be safe /s

qwerty_clicks

What apps do you recommend with p2p messaging?

diggan

Lots of groups have used https://briarproject.org/ successfully in the past, I've heard. Assumes you're using Android though which if you're using a burner, you most likely are.

mmooss

> successfully

Successfully in terms of communication or in terms of security?

Successful communication is easy if you don't worry about security. Just post it on Instagram.

How do you know if your security is successful? How do you know if your messages were intercepted and read, your app was hacked, data was extracted from it, etc.? The attackers (authorities or otherwise) are not going to tell you.

DicIfTEx

Here's a guide to PET (peer-to-peer, encrypted, through Tor) apps, focussing on Briar and Cwtch: https://itsgoingdown.org/the-guide-to-peer-to-peer-encryptio...

crossroadsguy

Depending upon which OS are on. If Android - Briar is the most famous and obvious choice. On iOS? There are not any options really but wasn't any usable one around a year back the last I had checked.

On iOS there are not many options for P2P w/o Internet (I assume that is what you meant - otherwise if you want P2P over Internet then there are some options although not really "truly" P2P of course - and of course if Internet is shut down or overwhelmed then it will be down). There's https://github.com/berty/berty (the last time I tried it was crashing incessantly but it might have improved). I do not know of anything else really (there might be few but I am not sure).

nostradumbasp

Turn your phone off, and wrap it in 5 layers of tin foil. Or like you said leave the stupid thing at home.

HumanOstrich

Hey that should go well with my tin foil hat.

nostradumbasp

They actually sell those now. Well they use "faraday fabric". So that's another solution, but your phone one your head and put a foil hat on it.

morkalork

How safe is Bluetooth really? Cities has scanners used to track devices for monitoring road congestion, malls have scanners to measure foot traffic. I have to believe that anyone with access to stingray type of device can track Bluetooth as well.

theoreticalmal

Don’t both Apple and Android implement random BT MAC addresses specifically to prevent this kind of tracking?

mmooss

There could be other fingerprints besides MAC addresses.

snypher

How about my smartwatch, or my $29 earbuds? They are always conveniently near the 'random mac' and can be used to fingerprint.

diggan

Usually, protests are located in one somewhat easily defined area, until you cannot be there anymore or the goal has moved somewhere else. So then you need to get to another spot, this is the moment you disconnect your battery until you've arrived at the other place.

So yeah, they'd be able to say that "person A was at location B and later C", but not necessarily the way there or after/before those specific locations.

I agree that the safest is to assume they can definitely track you no matter what protocol/antenna you use, so you have to chose what moment it's OK to be tracked (like large groups).

null

[deleted]

esperent

> so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends

I can't even get Bluetooth audio to work reliably in a crowded cafe, are you sure these other protocols would fare better?

pclmulqdq

Messaging doesn't have the same real-time requirements. It's still often flaky.

iseanstevens

Also Meshtastic.org is a cheap (various <$50 options) open source LoRa based hardware bridge (or standalone device) that can be used with an app over bluetooth (or WiFi web interface).

It supports strong encryption layer and over 1 km/mile per “hop” in most circumstances.

Designed originally for off grid, it’s very flexible and pretty polished.

Abstracts your phone into a UI. Has a whole ecosystem behind it. I’ve been using it for festivals and tracking my vehicles (high theft area) for years.

Very handy should infra not be available. Should be great for protests also :)

AnarchismIsCool

I spend a lot of time in the RF space and Meshtastic is by far the most mature system out there for instant ad-hoc secure digital communications.

However...

The first rule of emergency communications is that if you can conceive of the need in the future, you need to practice using it now. Getting people to download the meshtastic app or figuring out a weird setting is a lot easier when you have working uncensored internet.

nightpool

This would depend on your phone being able to permanently disable its radio, right? I don't know if I would trust my phone well enough for that, I would be worried even in airplane mode about it making some small beacon checks.

AnarchismIsCool

There are Meshtastic devices with keyboards that don't require a phone

_heimdall

There are a few devices floating around with a hardware switch built in. If you use a Pixel, grapheme OS is probably pretty trustworthy so you at least no there's nothing nefarious down to the OS level.

But yeah, in general if you take a phone just assume it's tracking you or at least making it possible for those with access to know you where there.

red0point

Do you have any information about the privacy achievable by Meshtastic?

From a quick glance it looks like it‘s using static NodeIDs derived from the Bluetooth MAC address in the always unencrypted Packet Header.

So not only can you sniff these messages from far away at greatly simplified complexity when comparing to cellular communication, but also tie it to the hardware that you carry with you.

Mesh networks sure have its uses, but I‘d be wary of their offered privacy in the presence of adversaries you could be facing at protests!

AnarchismIsCool

For the next few years it's fine. Functionally the feds just don't have the infrastructure to care about Meshtastic. In a decade maybe that'll change but two decades in the best they can do against drones is receive the ID DJI manufactured ones voluntarily broadcast and lookup the owner if they registered it correctly.

They're far dumber than most people give them credit, unless you off a rich guy they just don't have the resources to even think about penetrating anything but cell networks.

The encryption is pretty good, they're not likely to break it any time soon. The device MACs are whatever, unless you go to protests then go wandering around an urban area with the same radios for an extended period of time they're not going to do shit about it. They would have to geolocate from the RF emission and that's difficult to do to an accuracy necessary to uniquely identify you. Further, LoRa is still a bit of a pain to work with outside of using vendor chips which don't have non-cooperative DF capability so we're in the realm of expensive custom solutions from an RF shop which is far more money than the feds are willing to spend to dragnet a couple people.

slowloraorwhat

LORA is a such a painfully low bitrate the best you would get is some text. I think 20/50 kbps in absolute best case, more like ~1000 bits per second.

leptons

1000 bits/s is still way faster than anyone can type a text message.

bryceacc

how have you been able to use it at festivals? I tried it once and maybe the default settings are terrible but no communication could be achieved. There were dozens of other nodes that it found in a tight space and I think the entire network was saturated with pings/messages that I couldn't get mine to work. Are there settings to change that get around network saturation issues?

AnarchismIsCool

Four rules:

If you just want to talk to a few friends, don't bother with the default public mesh config, setup your own with encryption enabled.

Don't use longfast, use a higher speed setting if possible. Longfast will go 10km+ in optimal conditions and in a city environment, won't go any further than medfast.

Don't use the default radio channel, pick another one.

MAKE SURE ALL SYSTEMS ARE CONFIGURED IDENTICALLY - meshtastic is picky about all the radio settings being the same for bits to go through. It cannot figure out that the sender is using a faster/slower bitrate than you are so you will just get nothing. Do not attempt to use them until you've verified that all systems reliably send and receive messages in an uncontested environment. It's very easy to misconfigure meshtastic but once you do, fixing it in the field is going to be very difficult.

idlewords

Unfortunately this is a topic that attracts LARPers. Remember that if things get spicy, you are not going to settings nerd your way out of a bad interaction with the police.

Tech advice for legal and illegal protests is pretty much diametrically opposite, and advice for countries like the United States is much different than for somewhere like Egypt.

It's complicated!

vueko

The fact that rubber-hose cryptanalysis exists doesn't mean that cryptography is useless. While settings nerding is indeed probably of limited use if you have a direct encounter with authorities, settings nerding can prevent being caught up in a dragnet search for, say, every cell service subscriber present at a protest gone sour, just as ubiquitous cryptography probably can't keep you safe from dedicated NSA attention but can protect against warrantless dragnet fishing expeditions.

As pointed out elsewhere, the line between legal and illegal protest is very blurry and can shift rapidly; if anything, the only way to be sure you're not going to a protest that could eventually be classed as illegal is to never go to a protest, regardless of how pure your intentions are.

ants_everywhere

What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die. In the US, Russian operatives organize a lot of the protests that turn violent. They also organize the counter protests.

In other countries, protests are often organized by foreign entities. The organizers will have good opsec, but everyone else is just (metaphorically) cannon fodder as far as the organizers are concerned.

It's been this way for decades. The Soviet Union organized protests in other countries for pretty much its entire existence. The US helped the Polish anti-authoritarian Solidarity movement and several others.

rainonmoon

These are some pretty obscene claims to make with absolutely no proof or citation.

h0l0cube

While they were exaggerating by saying, "a lot of protests", certainly there have been some protests that have been organized by Russian agitators

https://www.theguardian.com/world/2017/oct/17/russian-troll-...

ants_everywhere

Have you considered reading any of the multiple reports put out every year about it? Or, I don't know, a history book?

null

[deleted]

Aeolun

> What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die.

I mean, that’s kind of a given even for the protests that are legitimate. They really only happen when people reach a point of no return, and the organizers are more likely to be fanatics in the first place.

ants_everywhere

I don't think that's really true. If you made a list of all the protests in the US that happened in the last, say, 70 years and threw a dart I think you'd almost certainly hit a protest that was mostly performative. Essentially people LARPing, to use the parent commenter's term.

AnarchismIsCool

Reputable sources or stop spreading fud

ants_everywhere

Try google?

AnarchismIsCool

Protester LARPers or police forensics LARPers?

slowloraorwhat

[flagged]

paulryanrogers

Thankfully this attitude didn't set in during the civil rights movements of the 60s! Or we might still have had separate white and black bathrooms.

If we keep following such advice we may again have special water fountains and schools for those other people.

notreallysur

[flagged]

djoldman

> If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model...

> Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions.

This can be really serious. It is far better to never have/collect/obtain data in the first place.

diggan

It got me curious; lets say I go to a protest, lose my phone and wipe it remotely. I couldn't possibly know who exactly got it (since I lost it) so if I remote wipe it while in police custody, could they really get you for "obstruction of justice" for example? Wouldn't that require intent?

djoldman

I am not a lawyer.

You just don't even want to be at the "proving intent" stage.

If you had a function/service that just automatically wiped your device at intervals, regardless of where you were and what you were doing, that might be more defensible than wiping manually.

Best is if your device can't be locked and doesn't have any evidence of anything at all.

layman51

There’s a setting on iPhone called “Erase Data” which will erase the data on it after 10 consecutive failed passcode attempts. That seems like a recommended setting for any smartphone to be honest, especially if it is used for business.

scarface_74

Which is only effective on iOS against law enforcement before first unlock.

lukan

If you lost it and no police took it from you, wiping is the normal action.

tomphoolery

> However, in this situation it may make more sense to disable biometric authentication.

In Face ID, there's a setting that requires direct eye contact in order to open your phone. Highly recommend enabling this when feeling insecure about someone forcing you to open your phone (if it's not already on by default) because it means somebody forcing you to open your phone with Face ID can be easily defeated by simply closing your eyes. I tried this a number of times during the BLM protests, and I/nobody else could get my phone to unlock unless my eyes were open and looking right at it. So with Face ID, I think it's actually way more secure to have biometric authentication turned on, using this setting. The thumbprint stuff might be a good idea to avoid though.

(WARNING: This will make your phone pretty much impossible to unlock with your face if you're inebriated on anything. Ask me how I know. xD You should probably disable it after the protest.)

theoreticalmal

While this is good info, it should also be known that in the USA, a judge (maybe and police officer?) can legally command you to unlock your phone via biometrics, but they cannot legally command you to unlock via password or passphrase. “Legally command” = command you to do something with the force of law, and legally punish you if you resist

Terr_

IANAL, but I think the distinction is that "give us the password that unlocks this" is forcing you to testify against yourself, producing something from your own memory and forcing you to admit ownership/control of the object. (Which might not even be yours.)

In contrast, "the device opened in response to the same fingerprint/face that the suspect has" is a form of world-evidence which doesn't infringe on your mind, much like "the key found in your pocket unlocked the safe."

kevindamm

The reasoning behind this is that your fingerprints and face etc. are public knowledge. Whereas you can retain your right to remain silent (about your password/PIN), failing to provide these aspects of your person can be viewed as not cooperating.

gruez

>The reasoning behind this is that your fingerprints and face etc. are public knowledge.

Not really. You can be compelled to give blood sample for alcohol testing, but your blood is hardly "public knowledge". Same thing with strip searches.

null

[deleted]

HeatrayEnjoyer

How does that mix with making direct eye contact

arcanemachiner

On an iPhone, you can click the power button 5 times to disable Face ID until the next time you enter your PIN.

Depending on your settings, this may also call 911 automatically, but that can be canceled.

ryankrage77

This has failed me. I was mugged while black out drunk, and they succesfully unlocked my phone, unlocked my banking app, etc, despite me having the eye contact feature enabled.

fastball

How do you know what happened if you were blackout drunk?

upofadown

Briar messenger is specifically designed for things like protests. I think I would prefer it over Signal. The article says:

>Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most: ...

That is the all the information they claimed they had. We have no way to know what they actually collect. Briar runs P2P over Tor so they can't collect data, even if they should want to.

Whatever is used, an article like this should remind the potential protester to turn on disappearing messages with an appropriately short interval. The powers that be might use something like a Cellebrite box to get all your old messages by cracking the phone security.

mmooss

> Briar runs P2P over Tor so they can't collect data, even if they should want to.

That makes the common, dangerous, naive assumption that the implementation is secure. Correct, complete, secure implementations are very hard.

(It also assumes the design is secure, which is impossible to tell based on that limited information. P2P is not any more secure than over the Internet: In fact, it's easier to identify (there are only a few Briar P2P signals and near-infinite Internet signals - you've outed yourself), and if you mean local mesh P2P networking, that doesn't help at a protest, where the authorities also are present.)

In the more public app world, only Signal has done it well enough that experts trust it, and they have lots of free help from the expert security community.

AnarchismIsCool

It...depends.

If you're not technical, signal is hands down the best solution.

If you have a group that's going to something and you are willing to take some extra steps, something like matrix/briar/simplex/whatever setup with a self hosted instance provides you with the knowledge that all the infrastructure is under your control and that the feds just aren't going to have the time to sit down and figure out how this shit works.

The thing this thread is wildly missing the point on is unless you off a ceo or are a prolific organizer, the feds are systematic. They pick a set of techniques and technologies that cast the widest net possible with the money they have, then spend their time trying to nail people within that venn diagram. Yes, security through obscurity is not ideal in-and-of-itself, but combined with encryption and chaos, you can get much farther than using the same stuff everyone else has been using for a decade+. If you stay near the leading edge of tech the feds are a decade behind you, they still have years of threat briefing powerpoints to sit through before they can even think about implementing a countermeasure.

You could find 1000 CVEs in briar but if only a handful of of people at a demonstration are using it, the feds are still going to be sitting there beating their heads against signal because that's what they know how to do. If they ever find a single high severity CVE in signal, it's game over for everyone.

mmooss

What are the bases of your claims about what government authorities do and don't do, what their capabilities and resources are, etc.?

> the feds just aren't going to have the time to sit down and figure out how this shit works.

They have resources many orders of magnitude larger than you. The NSA has tens of billions of dollars per year and five or six figures of personnel. It's you who don't have time.

fph

Signal is open source and ships with verified builds, so yes, we have a way to know what they actually collect.

upofadown

I meant at the server. We have no way to know that is running there.

tptacek

The point of end-to-end encrypted messaging is not having to care about what the server is running, which is why the threat models for most academic cryptographic research on these things is "assume a compromised server", and, if that gets you real compromises, the protocol is considered broken.

Almondsetat

How can the server collect data you aren't sending to it?

mmooss

The server is open source too. You could download it and run your own server, afaik.

chikere232

isn't that what the e2e encryption is for?

I guess they could collect metadata of course

G_o_D

There are some apps that detect fake base stations monitoring your traffic

There are apps that uses accelerometer and gyroscopic sensors to detect if phone is snatched execute certain action based on this

Use app lock, so in case your phone is opened, apps will still be locked --> lock galley + filesExplorer(any) + settings + playstore + Browser(All installed) + Cloud/RemoteDrives(any) + Any syncing apps + Contacts + Email+messaging apps etc

(Hell all apps for utmost paranoia)

Use apps that remotely sync your phone specific folder/gallery every time new file is created (So when taking photos or recordinf something, if pbone got snatched, data is deleted + phone is broken or formattef/wiped against your will, your files have already synced to remote location so no worries

Snoopsnitch https://f-droid.org/en/packages/de.srlabs.snoopsnitch/

Stayput https://f-droid.org/en/packages/org.y20k.stayput/

plucklockex https://f-droid.org/en/packages/xyz.iridiumion.plucklockex/

ignoramous

> There are some apps that detect fake base stations monitoring your traffic

Pixels (and soon other Android devices) have this functionality built-in: https://security.googleblog.com/2024/10/pixel-proactive-secu...

tehjoker

If you're this worried, don't bring your phone lol. If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.

Otoh, the main function of protests is to get media attention, so if they don't get publicized there was basically no point unless they evolve into direct action.

If you're interested in this second point, read https://www.amazon.com/If-We-Burn-Protest-Revolution/dp/1541...

542354234235

>If you need to take pictures (and don't take identifiable pics of people without consent), just bring a camera.

If you record police brutality, it doesn't do any good if the police come and smash your camera and then deny it. Being able to live stream or to live backup photos and video can be useful.

Also, many recent causes have used social media to provoke "big media" attention. The Arab Spring used social media to circumvent government crackdowns on communications and bring international attention. The #BringBackOurGirls hashtag was started locally after the Boko Haram kidnappings and incompetent government response and brought global pressure and resources.

jMyles

> don't take identifiable pics of people without consent

Hard disagree. Public events are public events. My conclusion, based on experience at street protests, historic trends, and current political events, is that there have been significant actions by provocateurs over the past decade or more, and particularly in Portland in 2020. Taking and posting pictures of these people is an important act. It the internet age makes this tactic impossible, it will be a huge win.

The upside is nonexistent anyway: the state is photographing everyone at these events, so you taking an additional photo does not change the risk surface for anyone with regard to state retaliation.

tehjoker

I can definitely see this perspective. I'm a bit torn myself on the public event section. The second consideration is, yes they are filming, but just because someone is filming it's not necessarily a useful picture (blurry, low res, bad angle, obstructions, etc). Your picture might be useful especially since you may be closer to the action.

nxobject

As another Portlander, disagree with exceptions: surveillance footage made it harder to identify people from top down angles, and it meant that a lot of people had their charges dismissed because of that. (I will need to look it up.) The bigger risk to a protest movement, I would argue, is an opposing agent provocateurs trying to get people doxxed. That risk to more people outweighs getting minority of provocateurs shut down.

(On the other hand, you’re also right that agent provocateurs are old COINTELPRO-era tactics used by the state and right wingers against protest movements.)

When it comes to tactics to keep yourself safe when protesting, there aren’t ultimately too many hard beliefs to be had, especially when the right are perfectly happy to collaborate with the state.

rightbyte

>The bigger risk to a protest movement, I would argue, is an opposing agent provocateurs trying to get people doxxed.

That wouldn't be an agent provocateur right?

philwelch

I mean there’s two sets of social norms here, right? Set one is that whenever you see the first person advocating or starting to break windows or start fires or do something else illegal, you all point at the guy and chant “fed, fed, fed” until he slinks away in shame or maybe shove him out of the crowd and into the police lines and let the cops handle him. The other set of norms is that when you see people do those things, you don’t snitch. Various protesters will adopt either set of norms.

Maybe you’d argue that the second set of protesters are actually feds; I won’t argue the point because I prefer the first set of norms myself.

hyperadvanced

> there was basically no point

Other good reads on this include the end of protest, the end of the end of history, capitalist realism

mtlynch

>Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.

Good tip! I didn't know about disabling 2G support on my phone.

xinayder

I just checked my Samsung S21 and there's no option to disable 2G. I can choose 3G only, or if I want to use 4G/5G I need to enable 2G as well.

nanna

Or simply leave your phone at home. Need to meet with friends? Plan a meeting point. Need to take photos? Do you really? What right have you got to photo other people's faces? Just leave your damn phone at home.

Gasp0de

Taking video can protect against police brutality or false claims by the police. Although I agree that it also is dangerous.

cluckindan

If you want to take photos, bring a good quality video camera, preferably with optical image stabilization. It’s much harder for disinformationists to deny or reframe a long, uncut video.

AtlasBarfed

Th smartphone is the greatest mass surveillance device ever conceived, although AI monitored camera networks will probably exceed it very soon.

There are basically no countermeasures. Which means freedom is truly at the discretion of the powerful, because once the government goes North Korea there is no going back.

I actually think the biggest threat to humanity in the Great Filter sense is authoritarianism, more than nuclear Armageddon, grey too, or super AI.

Nothing can stop by he centralization of power that AI provides to the powerful, and the fact the elite have been brazenly antidemocratic and anti- institutionalism in public and podcasting platform is this election cycle is frightening.

mmooss

> Nothing can stop by he centralization of power that AI provides to the powerful

The social acceptance of defeatism and quitting is incredible - they couldn't have a more ideal opposition. You'll never win if you quit before you start. It's mass cowardice in the face of danger, with an excuse of course.

AnarchismIsCool

Weapons evolve, defenses evolve. There are ways of trivially defeating cell phone tracking, and there are ways of trivially defeating AI cameras (850 ways specifically). Some auth dipshit will probably come up with some other way of betraying the working class and the cycle will repeat itself.

CamperBob2

This would be the same 'working class' that just re-elected Trump?

unethical_ban

It's unfortunate that Briar is android-only. I know it is due to Apple restrictions on battery usage (afaik). But it is decentralized and can operate locally over wifi and Bluetooth.

These seem like good practical steps.

GrapheneOS has duress pins (type it in, and the phone is wiped). It has secondary pins for biometric - the intent being that your real password is a long passphrase, and "quick " unlock is bio+pin.

I would add to this list some method of uploading video live to another service, in a way that the video can't be deleted via the phone. I know those exist for the express purpose of civil rights, I think the aclu has a list somewhere.