When going to a protest or an aboveground action there are risk factors to analyse before taking a phone. Sure, someone is doing social media and needs to take some photos and sometimes we might feel vulnerable without a pocket device that can call friends if something happens and you are left stranded in the middle of a field. The issue is, telephones are little spying devices, they are able to spy on you live if they have been previously infected, and even if they haven’t, they hold so much information about you and your activity and behaviour that if they are to be arrested, they can really unearth extreme amounts of information about you and your friends.
Over the next few episodes, we will discuss different ways we can protect ourselves from harming our safety or our comrades’ safety when handling technology at demos and protests, but remember that threat modelling is crucial and you should be able to analyse what your current threat model is, and what the threat model of the action is, making decisions about your best course of action relating to your phone!
To start with, even tho we have talked about this multiple times in the past, we will give two pieces of advice that apply not only to when you are going to a demo, but at all times:
1- NEVER USE BIOMETRICS.
FaceID and FingerprintID are incredibly convenient. You don’t need to introduce a very long password to access your phone, and on a day-to-day basis, it is difficult for other people to try and replicate your face or your finger! The issue is there are huge vulnerabilities with using biometrics. In case studies, folks have managed to 3d print fingerprints out of data or replicate a FaceID verification with a flat photo. But do you know who has your fingerprint data as soon as you are arrested? The police.
This is not just about some sophisticated method to print and implement your fingerprints either. Whilst passwords are memorable things and you could potentially forget your decryption password if you were to be forced by the police to decrypt your device, you are simply not able to forget your fingerprints or face. The police have been seen forcing people’s fingers into screens to unlock devices or holding the head of activists in front of the smartphone’s camera to trigger the faceID. YOU SHOULD NEVER, EVER, USE BIOMETRICS!
2- STRONG PASSWORDS ARE A MUST.
We have talked about this in the past, but your smartphone’s lock screen password is most likely your smartphone’s decryption key. You should have a long, alphanumeric password that you are able to remember but that would be very hard to guess. You can read more about how to create a smartphone password by reading “CREATING A SAFE PASSPHRASE FOR YOUR SMARTPHONE” on our website.
In future issues of “So you’re taking a phone to a protest” we will talk about burner phones, IMEI numbers, messaging and managing social media from a protest, not taking phones to a protest and more. Tune in for the next one and please drop a comment if you have any questions!
Your local anarchist cyber-counsellor.
