Digital Security Risk-Mitigation Techniques for High-Risk ProtestsThe most s

1. Digital Security Risk-Mitigation Techniques for High-Risk Protests
2.  
3. The most secure option is not taking your phone, or using a burner. But a lot of people need to communicate during protests and can’t afford a burner. If you do take your personal phone, don’t put any incriminating information on it.
4.  
5. Before the action:
6. * Update your phone!
7. * Turn off face unlock, fingerprint unlock, and pattern unlock. Use a complex passcode. (ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice)
8. * Encrypt your phone. (ssd.eff.org/en/module/how-encrypt-your-iphone and softwaretested.com/android/how-to-properly-encrypt-your-android-device)
9. * Turn off location services (it will save your location throughout the day)
10. * Turn off auto-upload if you’re going to take photos or video. Or don’t if you’re filming the cops and want to make sure the photos are backed-up.
11. * Turn on “erase data after 10 failed passwords”
12. * Not security, but consider taking an external battery if your doing a lot of filming. Protest can last longer than expected.
13. * Delete or log out of any apps the cops absolutely should not access to (lastpass, icloud, dropbox, etc.)
14.  
15. At the action:
16. * Don’t take photos or video of comrades without their permission, and their knowledge that this could be incriminating, even if they’re bloc-ed up.
17. * Take photos and video from the lock screen without unlocking your phone. That way if cops snatch your phone while you’re taking the photo, it isn’t unlocked for them.
18.  
19. The police will probably be able to break into your phone if:
20. * Your phone isn’t up to date -> it’s hackable
21. * Your phone manufacturer doesn’t support your phone anymore -> it’s hackable
22. * Fingerprint or face unlock is enabled -> they can force you to unlock it
23. * Your password is less than 6 characters -> easy to crack
24. * You have an easy to guess pattern unlock -> easy to crack
25. * You don’t have full disk encryption enabled -> it’s hackable
26. * No digital security is perfect. Even if you don’t do any of these things, there is a chance the cops can get into your phone. This is why you don’t put any incriminating information on your phone in the first place.
27.  
28. The police will otherwise be able to get some of your information if:
29. * Your phone automatically uploads your photos to Google, Dropbox, Apple, etc.
30. * Location services is on and automatically uploads your location to Google (it probably does if you have an Android)
31. * You take your phone to the protest at all, and it’s on. The police will have IMSI-catchers (Stingrays) that your phone will connect to and that will establish your presence in the general location of the protest.
32.  
33. How to avoid getting doxxed:
34. * If mask laws permit (DC yes, VA no), cover your face and any identifying tattoos, birthmarks, etc. Sunglasses or a dust mask are much better than nothing.
35. * Make sure your important internet accounts have strong passwords and 2-factor authentication. (authy.com)
36. * Delete your address from these sites: (suburbanturmoil.com/how-to-get-your-name-and-address-off-the-internet/2013/01/24/)
37.  
38. Medics or others on a dispatch system:
39. * Do not distribute information on accessing dispatch to anyone on the ground.
40. * Time and location stamp messages to dispatch.
41. * Only relay information to dispatch that you can personally confirm.
42. * Check in and out with dispatch when you start running and when you stop, even if it's only for a break.
43.  
44. Further information:
45. * https://ssd.eff.org/en/module/problem-mobile-phones
46. * https://ssd.eff.org/en/module/attending-protests-united-states
47. * https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/