The protester's guide to smartphone security
210 comments
·January 26, 2025diggan
If you're attending a large-scale protest, it's likely that the cell-towers (or stingrays) won't be able to handle everyone who is connected anyways, so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends. This also allows you to continue using Airplane Mode the entire time, while being able to communicate with people nearby.
Alternatively, investing in walkie-talkies that have encryption can be worth it as well, but unsure how legal they are around the world, think some countries put restrictions on those so you might have to acquire them while vacationing somewhere else.
It's mentioned in the body of the article, but get the feeling most people could miss it: Absolute best idea is to leave your "personal" phone at home! Either get a secondary (burner) phone with nothing useful on it and no real names, or skip out on the phone fully. If you do get a secondary phone, make sure it has a removable battery and keep it out from the phone until you arrive at location and as soon as you move, remove battery again.
giantg2
"investing in walkie-talkies that have encryption can be worth it as well"
Generally not allowed in many bands in the US. Motorola sells some AES walkies. They're really the only ones I know of, and they're very expensive.
Aeolun
I don’t understand under what logic AES encrypted radio communications (walkie-talkie) differ from AES encrypted radio communications (mobile network).
op00to
Encryption allows you to use a public resource (GMRS, for example) for exclusive private use. To have private use of a frequency, you gotta pay.
echoangle
Well the whole point of hiding your tracks is evading law enforcement, why would you care if it’s illegal? Or is it because of the „only do one crime at a time“ thing?
giantg2
Why do you assume this is about doing illegal things? This is about protests, many of which never turn into riots or illegal acts.
Xen9
Absolutely best idea is to make an encrypted PDA & play forensic scientist by recording everything.
1. Get a Google Pixel 9, 9 Pro, or 9 Pro XL smartphone (Cellebrite-proofn at time of writing). 2. Verify images & GOS. 3. Disable biometrics & wireless connections. 4. Memorize with Anki or your own head a new, NIST-compliant passphrase with ≥ 8+ words. 3. Get a cover for the smartphone. 4. Buy EMI tape and electrically insulating waterproof tape. 5. Tape the insides of the cover with EMI, layering it & govering the inner walls as well, no gaps (overlay two adjacent layer always, say ≥ 1 cm, if possible) 6. Add one layer of the other tape to insides of the cover 7. Story inside your underpants 24/7 powered off when you don't use it.
My setup is more secure than not having phone, a Qubes laptop, a 2G burner, or not having phone.
dartos
How is it more secure than not having a phone?
MrDrMcCoy
By capturing evidence of what happens to you that cannot be tampered with.
thunfischbrot
If you‘re opening the cover, disconnecting antennas might be the way to go instead. Depending on the device, it‘s relatively painless and even reversible.
ignoramous
Or, use a Faraday cage?
_DeadFred_
Burner phones aren't safe. Security through obscurity worked with the 1990s cell network but not with today's vast logging/geolocation tagging.
scarface_74
The idea is that they can’t tie the phone to a person. You also have to make sure you don’t get the burner phone some place with cameras.
kevin_thibedeau
Once the phone is on, they can tie it to a person with geolocation. Either directly if you do it at home, or indirectly when traveling in a vehicle associated with you.
BrandonMarc
While true, I'm kinda wondering if that's even possible ...
seb1204
Can you still buy phones with sim cards that don't require ID to get working? Not in Europe, UAE or Australia.
ghxst
The countries I am familiar with in Europe (NL to name one) you can buy sim cards without any ID. Additionally there's at least 1 provider I know of that's giving them away for free while for the majority you pay 1-5 EUR but get some data after activation. There's no limit on how many you can purchase at once either.
em500
Some countries still allow that: https://www.comparitech.com/blog/vpn-privacy/sim-card-regist...
notpushkin
> Not in Europe
In Estonia, you could buy a prepaid SIM card in a convenience shop a few years ago, without any sort of ID verification. Not sure if that’s still an option but I think it’s not a priority there. You can then use it all over the EU.
And of course, buying a phone without a contract doesn’t require ID either.
jenadine
Just break your phone in two part after your call and you'll be safe /s
qwerty_clicks
What apps do you recommend with p2p messaging?
diggan
Lots of groups have used https://briarproject.org/ successfully in the past, I've heard. Assumes you're using Android though which if you're using a burner, you most likely are.
mmooss
> successfully
Successfully in terms of communication or in terms of security?
Successful communication is easy if you don't worry about security. Just post it on Instagram.
How do you know if your security is successful? How do you know if your messages were intercepted and read, your app was hacked, data was extracted from it, etc.? The attackers (authorities or otherwise) are not going to tell you.
DicIfTEx
Here's a guide to PET (peer-to-peer, encrypted, through Tor) apps, focussing on Briar and Cwtch: https://itsgoingdown.org/the-guide-to-peer-to-peer-encryptio...
crossroadsguy
Depending upon which OS are on. If Android - Briar is the most famous and obvious choice. On iOS? There are not any options really but wasn't any usable one around a year back the last I had checked.
On iOS there are not many options for P2P w/o Internet (I assume that is what you meant - otherwise if you want P2P over Internet then there are some options although not really "truly" P2P of course - and of course if Internet is shut down or overwhelmed then it will be down). There's https://github.com/berty/berty (the last time I tried it was crashing incessantly but it might have improved). I do not know of anything else really (there might be few but I am not sure).
nostradumbasp
Turn your phone off, and wrap it in 5 layers of tin foil. Or like you said leave the stupid thing at home.
esperent
> so worth planning to use apps that can chat over P2P WiFi or Bluetooth together with the rest of your friends
I can't even get Bluetooth audio to work reliably in a crowded cafe, are you sure these other protocols would fare better?
pclmulqdq
Messaging doesn't have the same real-time requirements. It's still often flaky.
AnarchismIsCool
.....please don't rely on cell towers being too overloaded to track you. The rest of the advice is solid.....but the premise is just gonna get you v&.
morkalork
How safe is Bluetooth really? Cities has scanners used to track devices for monitoring road congestion, malls have scanners to measure foot traffic. I have to believe that anyone with access to stingray type of device can track Bluetooth as well.
theoreticalmal
Don’t both Apple and Android implement random BT MAC addresses specifically to prevent this kind of tracking?
mmooss
There could be other fingerprints besides MAC addresses.
snypher
How about my smartwatch, or my $29 earbuds? They are always conveniently near the 'random mac' and can be used to fingerprint.
diggan
Usually, protests are located in one somewhat easily defined area, until you cannot be there anymore or the goal has moved somewhere else. So then you need to get to another spot, this is the moment you disconnect your battery until you've arrived at the other place.
So yeah, they'd be able to say that "person A was at location B and later C", but not necessarily the way there or after/before those specific locations.
I agree that the safest is to assume they can definitely track you no matter what protocol/antenna you use, so you have to chose what moment it's OK to be tracked (like large groups).
iseanstevens
Also Meshtastic.org is a cheap (various <$50 options) open source LoRa based hardware bridge (or standalone device) that can be used with an app over bluetooth (or WiFi web interface).
It supports strong encryption layer and over 1 km/mile per “hop” in most circumstances.
Designed originally for off grid, it’s very flexible and pretty polished.
Abstracts your phone into a UI. Has a whole ecosystem behind it. I’ve been using it for festivals and tracking my vehicles (high theft area) for years.
Very handy should infra not be available. Should be great for protests also :)
AnarchismIsCool
I spend a lot of time in the RF space and Meshtastic is by far the most mature system out there for instant ad-hoc secure digital communications.
However...
The first rule of emergency communications is that if you can conceive of the need in the future, you need to practice using it now. Getting people to download the meshtastic app or figuring out a weird setting is a lot easier when you have working uncensored internet.
nightpool
This would depend on your phone being able to permanently disable its radio, right? I don't know if I would trust my phone well enough for that, I would be worried even in airplane mode about it making some small beacon checks.
AnarchismIsCool
There are Meshtastic devices with keyboards that don't require a phone
_heimdall
There are a few devices floating around with a hardware switch built in. If you use a Pixel, grapheme OS is probably pretty trustworthy so you at least no there's nothing nefarious down to the OS level.
But yeah, in general if you take a phone just assume it's tracking you or at least making it possible for those with access to know you where there.
red0point
Do you have any information about the privacy achievable by Meshtastic?
From a quick glance it looks like it‘s using static NodeIDs derived from the Bluetooth MAC address in the always unencrypted Packet Header.
So not only can you sniff these messages from far away at greatly simplified complexity when comparing to cellular communication, but also tie it to the hardware that you carry with you.
Mesh networks sure have its uses, but I‘d be wary of their offered privacy in the presence of adversaries you could be facing at protests!
AnarchismIsCool
For the next few years it's fine. Functionally the feds just don't have the infrastructure to care about Meshtastic. In a decade maybe that'll change but two decades in the best they can do against drones is receive the ID DJI manufactured ones voluntarily broadcast and lookup the owner if they registered it correctly.
They're far dumber than most people give them credit, unless you off a rich guy they just don't have the resources to even think about penetrating anything but cell networks.
The encryption is pretty good, they're not likely to break it any time soon. The device MACs are whatever, unless you go to protests then go wandering around an urban area with the same radios for an extended period of time they're not going to do shit about it. They would have to geolocate from the RF emission and that's difficult to do to an accuracy necessary to uniquely identify you. Further, LoRa is still a bit of a pain to work with outside of using vendor chips which don't have non-cooperative DF capability so we're in the realm of expensive custom solutions from an RF shop which is far more money than the feds are willing to spend to dragnet a couple people.
bryceacc
how have you been able to use it at festivals? I tried it once and maybe the default settings are terrible but no communication could be achieved. There were dozens of other nodes that it found in a tight space and I think the entire network was saturated with pings/messages that I couldn't get mine to work. Are there settings to change that get around network saturation issues?
AnarchismIsCool
Four rules:
If you just want to talk to a few friends, don't bother with the default public mesh config, setup your own with encryption enabled.
Don't use longfast, use a higher speed setting if possible. Longfast will go 10km+ in optimal conditions and in a city environment, won't go any further than medfast.
Don't use the default radio channel, pick another one.
MAKE SURE ALL SYSTEMS ARE CONFIGURED IDENTICALLY - meshtastic is picky about all the radio settings being the same for bits to go through. It cannot figure out that the sender is using a faster/slower bitrate than you are so you will just get nothing. Do not attempt to use them until you've verified that all systems reliably send and receive messages in an uncontested environment. It's very easy to misconfigure meshtastic but once you do, fixing it in the field is going to be very difficult.
slowloraorwhat
LORA is a such a painfully low bitrate the best you would get is some text. I think 20/50 kbps in absolute best case, more like ~1000 bits per second.
leptons
1000 bits/s is still way faster than anyone can type a text message.
idlewords
Unfortunately this is a topic that attracts LARPers. Remember that if things get spicy, you are not going to settings nerd your way out of a bad interaction with the police.
Tech advice for legal and illegal protests is pretty much diametrically opposite, and advice for countries like the United States is much different than for somewhere like Egypt.
It's complicated!
vueko
The fact that rubber-hose cryptanalysis exists doesn't mean that cryptography is useless. While settings nerding is indeed probably of limited use if you have a direct encounter with authorities, settings nerding can prevent being caught up in a dragnet search for, say, every cell service subscriber present at a protest gone sour, just as ubiquitous cryptography probably can't keep you safe from dedicated NSA attention but can protect against warrantless dragnet fishing expeditions.
As pointed out elsewhere, the line between legal and illegal protest is very blurry and can shift rapidly; if anything, the only way to be sure you're not going to a protest that could eventually be classed as illegal is to never go to a protest, regardless of how pure your intentions are.
AnarchismIsCool
Protester LARPers or police forensics LARPers?
slowloraorwhat
[flagged]
paulryanrogers
Thankfully this attitude didn't set in during the civil rights movements of the 60s! Or we might still have had separate white and black bathrooms.
If we keep following such advice we may again have special water fountains and schools for those other people.
notreallysur
[flagged]
ants_everywhere
What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die. In the US, Russian operatives organize a lot of the protests that turn violent. They also organize the counter protests.
In other countries, protests are often organized by foreign entities. The organizers will have good opsec, but everyone else is just (metaphorically) cannon fodder as far as the organizers are concerned.
It's been this way for decades. The Soviet Union organized protests in other countries for pretty much its entire existence. The US helped the Polish anti-authoritarian Solidarity movement and several others.
rainonmoon
These are some pretty obscene claims to make with absolutely no proof or citation.
h0l0cube
While they were exaggerating by saying, "a lot of protests", certainly there have been some protests that have been organized by Russian agitators
https://www.theguardian.com/world/2017/oct/17/russian-troll-...
null
Aeolun
> What a lot of people don't realize is that a lot of the protests are organized by people who do not care if you get hurt, arrested, or die.
I mean, that’s kind of a given even for the protests that are legitimate. They really only happen when people reach a point of no return, and the organizers are more likely to be fanatics in the first place.
ants_everywhere
I don't think that's really true. If you made a list of all the protests in the US that happened in the last, say, 70 years and threw a dart I think you'd almost certainly hit a protest that was mostly performative. Essentially people LARPing, to use the parent commenter's term.
AnarchismIsCool
Reputable sources or stop spreading fud
nanna
Or simply leave your phone at home. Need to meet with friends? Plan a meeting point. Need to take photos? Do you really? What right have you got to photo other people's faces? Just leave your damn phone at home.
Gasp0de
Taking video can protect against police brutality or false claims by the police. Although I agree that it also is dangerous.
cluckindan
If you want to take photos, bring a good quality video camera, preferably with optical image stabilization. It’s much harder for disinformationists to deny or reframe a long, uncut video.
G_o_D
There are some apps that detect fake base stations monitoring your traffic
There are apps that uses accelerometer and gyroscopic sensors to detect if phone is snatched execute certain action based on this
Use app lock, so in case your phone is opened, apps will still be locked --> lock galley + filesExplorer(any) + settings + playstore + Browser(All installed) + Cloud/RemoteDrives(any) + Any syncing apps + Contacts + Email+messaging apps etc
(Hell all apps for utmost paranoia)
Use apps that remotely sync your phone specific folder/gallery every time new file is created (So when taking photos or recordinf something, if pbone got snatched, data is deleted + phone is broken or formattef/wiped against your will, your files have already synced to remote location so no worries
Snoopsnitch https://f-droid.org/en/packages/de.srlabs.snoopsnitch/
Stayput https://f-droid.org/en/packages/org.y20k.stayput/
plucklockex https://f-droid.org/en/packages/xyz.iridiumion.plucklockex/
ignoramous
> There are some apps that detect fake base stations monitoring your traffic
Pixels (and soon other Android devices) have this functionality built-in: https://security.googleblog.com/2024/10/pixel-proactive-secu...
djoldman
> If you lose your phone, you may be able to locate or wipe your phone remotely depending on the model...
> Please be aware of the legal consequences of these actions. Wiping your device or revoking online account access could lead to obstruction of justice or destruction of evidence charges in some jurisdictions.
This can be really serious. It is far better to never have/collect/obtain data in the first place.
diggan
It got me curious; lets say I go to a protest, lose my phone and wipe it remotely. I couldn't possibly know who exactly got it (since I lost it) so if I remote wipe it while in police custody, could they really get you for "obstruction of justice" for example? Wouldn't that require intent?
djoldman
I am not a lawyer.
You just don't even want to be at the "proving intent" stage.
If you had a function/service that just automatically wiped your device at intervals, regardless of where you were and what you were doing, that might be more defensible than wiping manually.
Best is if your device can't be locked and doesn't have any evidence of anything at all.
layman51
There’s a setting on iPhone called “Erase Data” which will erase the data on it after 10 consecutive failed passcode attempts. That seems like a recommended setting for any smartphone to be honest, especially if it is used for business.
scarface_74
Which is only effective on iOS against law enforcement before first unlock.
lukan
If you lost it and no police took it from you, wiping is the normal action.
upofadown
Briar messenger is specifically designed for things like protests. I think I would prefer it over Signal. The article says:
>Signal has responded to 6 government requests since 2016, and in each case the only information they were able to provide was at most: ...
That is the all the information they claimed they had. We have no way to know what they actually collect. Briar runs P2P over Tor so they can't collect data, even if they should want to.
Whatever is used, an article like this should remind the potential protester to turn on disappearing messages with an appropriately short interval. The powers that be might use something like a Cellebrite box to get all your old messages by cracking the phone security.
mmooss
> Briar runs P2P over Tor so they can't collect data, even if they should want to.
That makes the common, dangerous, naive assumption that the implementation is secure. Correct, complete, secure implementations are very hard.
(It also assumes the design is secure, which is impossible to tell based on that limited information. P2P is not any more secure than over the Internet: In fact, it's easier to identify (there are only a few Briar P2P signals and near-infinite Internet signals - you've outed yourself), and if you mean local mesh P2P networking, that doesn't help at a protest, where the authorities also are present.)
In the more public app world, only Signal has done it well enough that experts trust it, and they have lots of free help from the expert security community.
AnarchismIsCool
It...depends.
If you're not technical, signal is hands down the best solution.
If you have a group that's going to something and you are willing to take some extra steps, something like matrix/briar/simplex/whatever setup with a self hosted instance provides you with the knowledge that all the infrastructure is under your control and that the feds just aren't going to have the time to sit down and figure out how this shit works.
The thing this thread is wildly missing the point on is unless you off a ceo or are a prolific organizer, the feds are systematic. They pick a set of techniques and technologies that cast the widest net possible with the money they have, then spend their time trying to nail people within that venn diagram. Yes, security through obscurity is not ideal in-and-of-itself, but combined with encryption and chaos, you can get much farther than using the same stuff everyone else has been using for a decade+. If you stay near the leading edge of tech the feds are a decade behind you, they still have years of threat briefing powerpoints to sit through before they can even think about implementing a countermeasure.
You could find 1000 CVEs in briar but if only a handful of of people at a demonstration are using it, the feds are still going to be sitting there beating their heads against signal because that's what they know how to do. If they ever find a single high severity CVE in signal, it's game over for everyone.
mmooss
What are the bases of your claims about what government authorities do and don't do, what their capabilities and resources are, etc.?
> the feds just aren't going to have the time to sit down and figure out how this shit works.
They have resources many orders of magnitude larger than you. The NSA has tens of billions of dollars per year and five or six figures of personnel. It's you who don't have time.
fph
Signal is open source and ships with verified builds, so yes, we have a way to know what they actually collect.
upofadown
I meant at the server. We have no way to know that is running there.
tptacek
The point of end-to-end encrypted messaging is not having to care about what the server is running, which is why the threat models for most academic cryptographic research on these things is "assume a compromised server", and, if that gets you real compromises, the protocol is considered broken.
Almondsetat
How can the server collect data you aren't sending to it?
mmooss
The server is open source too. You could download it and run your own server, afaik.
chikere232
isn't that what the e2e encryption is for?
I guess they could collect metadata of course
tomphoolery
> However, in this situation it may make more sense to disable biometric authentication.
In Face ID, there's a setting that requires direct eye contact in order to open your phone. Highly recommend enabling this when feeling insecure about someone forcing you to open your phone (if it's not already on by default) because it means somebody forcing you to open your phone with Face ID can be easily defeated by simply closing your eyes. I tried this a number of times during the BLM protests, and I/nobody else could get my phone to unlock unless my eyes were open and looking right at it. So with Face ID, I think it's actually way more secure to have biometric authentication turned on, using this setting. The thumbprint stuff might be a good idea to avoid though.
(WARNING: This will make your phone pretty much impossible to unlock with your face if you're inebriated on anything. Ask me how I know. xD You should probably disable it after the protest.)
theoreticalmal
While this is good info, it should also be known that in the USA, a judge (maybe and police officer?) can legally command you to unlock your phone via biometrics, but they cannot legally command you to unlock via password or passphrase. “Legally command” = command you to do something with the force of law, and legally punish you if you resist
kevindamm
The reasoning behind this is that your fingerprints and face etc. are public knowledge. Whereas you can retain your right to remain silent (about your password/PIN), failing to provide these aspects of your person can be viewed as not cooperating.
null
gruez
>The reasoning behind this is that your fingerprints and face etc. are public knowledge.
Not really. You can be compelled to give blood sample for alcohol testing, but your blood is hardly "public knowledge". Same thing with strip searches.
HeatrayEnjoyer
How does that mix with making direct eye contact
Terr_
IANAL, but I think the distinction is that "give us the password that unlocks this" is forcing you to testify against yourself, producing something from your own memory and forcing you to admit ownership/control of the object. (Which might not even be yours.)
In contrast, "the device opened in response to the same fingerprint/face that the suspect has" is a form of world-evidence which doesn't infringe on your mind, much like "the key found in your pocket unlocked the safe."
arcanemachiner
On an iPhone, you can click the power button 5 times to disable Face ID until the next time you enter your PIN.
Depending on your settings, this may also call 911 automatically, but that can be canceled.
ryankrage77
This has failed me. I was mugged while black out drunk, and they succesfully unlocked my phone, unlocked my banking app, etc, despite me having the eye contact feature enabled.
fastball
How do you know what happened if you were blackout drunk?
mtlynch
>Some law enforcement agencies use "stingrays," devices which can impersonate a cell tower to track visitors to an area. While the capabilities of the most modern ones isn't fully known, you should definitely protect yourself from the subset of stingrays which abuse the lower security standards of older, 2G networks.
Good tip! I didn't know about disabling 2G support on my phone.
xinayder
I just checked my Samsung S21 and there's no option to disable 2G. I can choose 3G only, or if I want to use 4G/5G I need to enable 2G as well.
raybb
404 Media just released a great related article "The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds"
https://www.404media.co/the-powerful-ai-tool-that-cops-or-st...
dang
HN had a thread about that tool last year:
AI Photo Geolocation - https://news.ycombinator.com/item?id=40232755 - May 2024 (102 comments)
scarface_74
This is what the other side is telling law enforcement about iOS devices.
https://cellebrite.com/en/glossary/bfu-iphone-mobile-device-...
iOS is amazing insecurely to a determined law enforcement agency after the first unlock when you turn your phone on.
And a mitigation that Apple is doing.
https://lonelybrand.com/blog/iphones-operating-on-ios-18-1-w...
As far as having a strong pin to help protect you, it won’t protect you from rubber hose decryption.
echoangle
> As far as having a strong pin to help protect you, it won’t protect you from rubber hose decryption.
I wonder why no one adds a „decoy pin“ which looks like it unlocks the device but secretly deletes sensitive data.
Probably, most people don’t see rubber hose cryptography as a real threat, and in most cases, they’re probably right.
scarface_74
I don’t have any trust in the police or even more so the various 3 letter agencies.
Potentially this is where the likes of the PinePhone should thrive [1].
As well as the methods suggested, you could have full disk encryption and just have the phone switch off if it suspects any shenanigans. If you want, it could still boot into an OS, but it just denies knowing about the encrypted disk. Done right, the image itself could be difficult to discern from something like a corrupted video file.
> Your Risks at a Protest
In addition, your SIM (likely traceable to you, especially if you have it) will be auto-connecting to their temporary telecom system (i.e. Stingray [2]), where they can find out the following:
1. That you were nearby to the event.
2. A tonne of operations available via the modem [3].
3. If you speak to somebody locally (as part of the routing).
4. Shift your connection down to 2G/3G where it is easier to hack [4].
I think each person needs to consider their security model.
[1] https://pine64.org/devices/pinephone/
[2] https://en.wikipedia.org/wiki/Stingray_phone_tracker
[3] https://www.electronicsforu.com/special/cool-stuff-misc/gsm-...
[4] https://www.eff.org/deeplinks/2020/06/your-phone-vulnerable-...