Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| phone_security [2025/04/06 17:51] – [Do not activate or power it on at home.] moosatx | phone_security [2025/04/06 18:02] (current) – [Avoid External Storage] moosatx | ||
|---|---|---|---|
| Line 53: | Line 53: | ||
| for secure & encrypted communication methods that we'll cover below as well. Using a secondary device only at the protest allows you to leave your primary device powered on and at home. This potentially provides some plausible deniability, | for secure & encrypted communication methods that we'll cover below as well. Using a secondary device only at the protest allows you to leave your primary device powered on and at home. This potentially provides some plausible deniability, | ||
| + | ===== Secure Your Device ===== | ||
| + | |||
| + | If your phone falls into the wrong hands, the information on it could be hugely damaging to yourself or others. Make sure you've taken the necessary steps to prevent it from being broken into. | ||
| + | |||
| + | ===== Use a Strong Screen Lock ===== | ||
| + | |||
| + | |||
| + | At a bare minimum, you should use a 6-digit PIN, but ideally you should protect your phone with an alphanumeric passphrase. This prevents people from trivially accessing your data, and additionally protects your data with strong encryption. | ||
| + | |||
| + | Barring a massive security exploit (more on this later), most law enforcement tools work by essentially brute-forcing your PIN, running tons of guesses until it gets one right. This makes a long and unique passphrase your strongest protection against your data being stolen by people in possession of your device. | ||
| + | |||
| + | In the United States and many other countries it is legal to refuse to unlock your phone or provide your passcode to law enforcement. Know your rights wherever you're located before attending a protest, so you aren't blindly following orders later. | ||
| + | |||
| + | ===== Disable Biometric Authentication ===== | ||
| + | |||
| + | |||
| + | We commonly recommend using biometric features like Face ID or Touch ID to prevent " | ||
| + | |||
| + | However, in this situation it may make more sense to disable biometric authentication. Authorities are trained and known to use biometrics quickly to forcefully unlock your device, so you should be mindful of this | ||
| + | |||
| + | fact when deciding what to do. If you disable biometrics, be wary of shoulder surfing attacks and prying eyes by obscuring or covering your phone whenever you unlock it. Whatever you do, make sure you know how to quickly shut down your | ||
| + | |||
| + | phone or disable biometrics at a moment' | ||
| + | |||
| + | Modern iPhones require you to hold down the side button and either volume button before the power-off slider appears. Even if you don't get a chance to slide to power off, getting to this screen will at least disable biometric authentication, | ||
| + | |||
| + | In the United States, it is still a legal gray area when it comes to whether | ||
| + | |||
| + | law enforcement can force you to use biometrics, but many court decisions have leaned toward saying they can compel you to use your fingerprint. Using a passphrase and disabling biometrics gives you more robust 5th Amendment rights. In other countries you should again familiarize yourself with your rights in this scenario, so that you can make the most informed decision. | ||
| + | |||
| + | ===== Hide Your Notifications ===== | ||
| + | |||
| + | |||
| + | Even with your device locked, law enforcement can see everything you're up to simply by scrolling through your notifications. Reducing the amount of information accessible on the lock screen improves your security and the security of those you're messaging, so make sure your notifications are only visible when your device is unlocked. | ||
| + | |||
| + | On an iPhone: | ||
| + | |||
| + | 1. Open Settings | ||
| + | |||
| + | 2. Navigate to Notifications | ||
| + | |||
| + | 3. Navigate to Show Previews | ||
| + | |||
| + | 4. Select Never (or, When Unlocked) | ||
| + | |||
| + | On Android: | ||
| + | |||
| + | 1. Open Settings | ||
| + | |||
| + | 2. Navigate to Notifications | ||
| + | |||
| + | 3. Touch Notifications on lock screen | ||
| + | |||
| + | > Select Don't show any notifications | ||
| + | |||
| + | 4. Switch Sensitive notifications to off | ||
| + | |||
| + | ===== Minimize Your Stored Data ===== | ||
| + | |||
| + | |||
| + | The best way to protect your data is to not have it on your phone in the first place. If you're using a secondary device, simply don't install anything other than what will be absolutely necessary during the protest, like a secure messenger. | ||
| + | |||
| + | Otherwise, delete any cloud storage apps you don't need access to during the protest. If you're able to delete an app and then download it later and log in without experiencing any data loss, then that app probably doesn' | ||
| + | |||
| + | Some password managers' | ||
| + | |||
| + | certain vaults from your devices, 1Password calls this Travel Mode for example. You can do this manually as well, by having a separate password manager or vault with only the essentials you will need at the time, and removing your primary password manager from your device for the duration of the event. | ||
| + | |||
| + | ===== Disable Lock Screen Actions ===== | ||
| + | |||
| + | |||
| + | In a similar vein, any functionality you have enabled while your device is unlocked can pose a security risk. It is always best practice to reduce your attack surface by disabling these options whenever possible. Even though these features are typically designed to not pose a security risk to your data, they have been known to be exploited in the past to bypass lock screens and other security features. | ||
| + | |||
| + | 1. Open Settings | ||
| + | |||
| + | 2. Navigate to Face ID & Passcode | ||
| + | |||
| + | 3. Scroll to the Allow Access When Locked section | ||
| + | |||
| + | 4. Switch all features you don't need off | ||
| + | |||
| + | On Android, disabling functionality while the phone is locked will vary widely by manufacturer. Some like Samsung provide more flexible options in their lock screen settings, but others like Google do not provide the option to disable the quick settings panel or other similar features. | ||
| + | |||
| + | |||
| + | ===== Avoid External Storage ===== | ||
| + | |||
| + | |||
| + | Your Android phone might have the option to store files or photos on a microSD card, but these cards are not always subject to the same encryption standards as your phone' | ||
| + | |||
| + | computer later. Additionally, | ||
| + | |||
| + | Consider Your Phone' | ||
| + | |||
| + | Exploits against smartphones are discovered on a very regular basis, and spyware companies that work with law enforcement-like Cellebrite- abuse these exploits to crack into stolen devices. If your phone is no longer receiving regular updates from its manufacturer, | ||
| + | |||
| + | In general, we consider the latest iPhone and latest Google Pixel to be the most secured against this sort of threat. You can increase your security further by using a hardened alternative operating system on your Google Pixel. | ||
| + | |||
| + | Robust security information about phones from other manufacturers is less common. If you use a different device you may still consider the risks to be worth it, but if confiscation is of particular concern to you, or especially if your phone no longer receives security patches, you may want to consider leaving the phone at home. | ||