Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Digital Security Risk-Mitigation Techniques for High-Risk Protests
- The most secure option is not taking your phone, or using a burner. But a lot of people need to communicate during protests and can’t afford a burner. If you do take your personal phone, don’t put any incriminating information on it.
- Before the action:
- * Update your phone!
- * Turn off face unlock, fingerprint unlock, and pattern unlock. Use a complex passcode. (ssd.eff.org/en/module/animated-overview-how-make-super-secure-password-using-dice)
- * Encrypt your phone. (ssd.eff.org/en/module/how-encrypt-your-iphone and softwaretested.com/android/how-to-properly-encrypt-your-android-device)
- * Turn off location services (it will save your location throughout the day)
- * Turn off auto-upload if you’re going to take photos or video. Or don’t if you’re filming the cops and want to make sure the photos are backed-up.
- * Turn on “erase data after 10 failed passwords”
- * Not security, but consider taking an external battery if your doing a lot of filming. Protest can last longer than expected.
- * Delete or log out of any apps the cops absolutely should not access to (lastpass, icloud, dropbox, etc.)
- At the action:
- * Don’t take photos or video of comrades without their permission, and their knowledge that this could be incriminating, even if they’re bloc-ed up.
- * Take photos and video from the lock screen without unlocking your phone. That way if cops snatch your phone while you’re taking the photo, it isn’t unlocked for them.
- The police will probably be able to break into your phone if:
- * Your phone isn’t up to date -> it’s hackable
- * Your phone manufacturer doesn’t support your phone anymore -> it’s hackable
- * Fingerprint or face unlock is enabled -> they can force you to unlock it
- * Your password is less than 6 characters -> easy to crack
- * You have an easy to guess pattern unlock -> easy to crack
- * You don’t have full disk encryption enabled -> it’s hackable
- * No digital security is perfect. Even if you don’t do any of these things, there is a chance the cops can get into your phone. This is why you don’t put any incriminating information on your phone in the first place.
- The police will otherwise be able to get some of your information if:
- * Your phone automatically uploads your photos to Google, Dropbox, Apple, etc.
- * Location services is on and automatically uploads your location to Google (it probably does if you have an Android)
- * You take your phone to the protest at all, and it’s on. The police will have IMSI-catchers (Stingrays) that your phone will connect to and that will establish your presence in the general location of the protest.
- How to avoid getting doxxed:
- * If mask laws permit (DC yes, VA no), cover your face and any identifying tattoos, birthmarks, etc. Sunglasses or a dust mask are much better than nothing.
- * Make sure your important internet accounts have strong passwords and 2-factor authentication. (authy.com)
- * Delete your address from these sites: (suburbanturmoil.com/how-to-get-your-name-and-address-off-the-internet/2013/01/24/)
- Medics or others on a dispatch system:
- * Do not distribute information on accessing dispatch to anyone on the ground.
- * Time and location stamp messages to dispatch.
- * Only relay information to dispatch that you can personally confirm.
- * Check in and out with dispatch when you start running and when you stop, even if it's only for a break.
- Further information:
- * https://ssd.eff.org/en/module/problem-mobile-phones
- * https://ssd.eff.org/en/module/attending-protests-united-states
- * https://theintercept.com/2016/02/18/passcodes-that-can-defeat-fbi-ios-backdoor/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement