Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.
The only safe phone is a phone with no data.
Otherwise there will be tools to gain full access.
Without forgetting the good old rubber hose attach
FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider
Is this convenient? No Is this accessible to the average user? No
I just think something at certain point went extremely wrong in history. We accepted control in exchange of convenience
We accepted control at expense of convenience
I would have thought it would be more accurate to say we accepted convenience at the expense of privacy and security...
Yes, of course, it was a mistake, I reworded that sentece
Just also stop saving critical stuff on your phone you’ll never use nor open again. A good mailbox is an empty mailbox, empty signal chat and so on. With AI it is leaking any away possibly out your phone
For my apps, I use biometric unlocks. To get in passed the lock screen to get onto my phone's home screen, I have to enter a pattern. I figure that if they're already passed the pattern, more pattern won't stop any unauthorized user. So, it really isn't worth the inconvenience to enter the pattern for all my apps (like banking, cc, investments, etc.) over and over. But, if they can't figure out my pattern after so many tries, my phone auto-erases.
phone auto-erases.
i'm WAAAY too clumsy and forgetful to have auto-erase on!
Another thing for an overhauled Constitution. One's body and devices should be considered to be papers and effects.
that's precisely why i never stopped using a password to access my phone.
You actually type “hunter2” in every time you want to unlock?
Why did you type *******? You could just type a made up pass to use as the example, like "hunter2"
These days it has to be something like 1Hunt3r2!l} because enhanced security.
Instead of using your face or fingerprint to unlock it they could demand that you just type the password, could they not?
"I don't recall."
Good question. In the U.S. It violates your fifth amendment right not to testify against yourself/self-incriminate... unless a person doesn't know that and voluntarily unlocks it.
From a legal perspective, no. Passwords would be a 5th amendment issue.
Nope, believe it or not, that's treated entirely differently. Considered to be covered by the 5th amendment since you would be required to provide information that could be self-incriminating.
No.
There is no search warrant for the contents of your mind.
Of course "rubber hose decrypt" is always an option, but we're not quite there yet.
Of course “rubber hose decrypt” is always an option, but we’re not quite there yet.
I really think we are.
Aren't we?
I believe it gets a bit trickier because you can use your right to remain silent? They also can’t physically force you to speak the password but they can restrain you and unlock your phone by force.
Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.
You don't have to give them your password, and GrapheneOS has a convenient feature to turn off biometric unlock for only unlocking the phone, but still lets you use it in apps
Wasn't there a legal dispute around this that was trying to get them with tampering/destruction of evidence? Not sure if it's foolproof.
If you do use GrapheneOS, quickly restarting the device means your pin is required before biometrics unlock is available. As I understand it -- in the U.S. -- law enforcement can legally compel you to unlock your phone with biometrics, but not a pin. Not that you can trust law enforcement to be law abiding, but at least it's a stronger case in court.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any "evidence" by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
In this economy??!
You mean you're not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn't bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when 'at rest', ie shutdown.
In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn't fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
You should always turn off / reboot your phone if you expect it to be potentially be taken
Simply being locked after being unlocked once leaves the phone in a less secure state than if it was fully off or just rebooted and never unlocked.
If you need your phone to record the interaction, then you might only get as far as locking it, but always strive to shut it down.
Also, don't take your phone to protests. ACAB.
Wear clothing that can't identify you. Hide tattoos and anything that might make you stand out. Get clothes from a free giveaway place, without cameras. Walk a bit differently if you need to.
Cover your face and cover surveillance cameras, or break them, or hack them (do the latter two only if you know what you're doing).
Wear a body cam. Get bear and pepper spray. Pigs can fucking get it.
Bicycles don't have license plates if you need a faster way.
For the clothing thing, it should be enough to buy from a thrift store. Just pay with cash to be safe. Although if you're planning to do something that'll make you of particular interest this may not be enough. Thrift stores do have cameras, and the police could theoretically look for a particular set of clothing being purchased. Its incredibly unlikely and would take a ridiculous amount of effort, but it is possible.
I use biometrics to access some of the apps on my phone. But my home screen requires a password to unlock.