As I pointed out they also route all of their traffic through Cloudflare. They also have been caught red-handed logging the IP of an activist despite having previously advertised that they didn't keep any logs.
Now they are using misleading terms such as "privacy by default" which according to them means that by default they won't log you but that they can be "forced" to log a user if a law enforcement agency asks them to do so...
Not sure why you didn't mention the law ruled heavily in favor of protonmail as a result of that massive fight between Protonmail and the authorities after that happened( they had to comply, while fighting back) - so as a result, they now have legal law BACKING for privacy even more and cannot be compelled like that again-
when they got that court order that wanted them to retain logs, they , challenged it immediately- and the rulingcame down - and they won.
They can no longer be compelled to cooperate in cases of crimes in other countries that match crimes in Swiss laws, as happened here- and this happened because they fought back -it just took time for the ruling to come down.
As a result of this, Apple released a series of tools such as iCloud Advanced Security where they don't even have the keys (but causes user support issues, users can now "lose everything" with no recourse, which is why this isn't on by default; most users' "threat model" is more risk from deleting themselves accidentally than of nation state disclosure), along with the new feature that a phone not being actively used turns itself, off, and a few more things.
There exist different laws for different services. There VPN for example is exempt from the court order that got the IP while using there mail service.
Yup. Unless you're providing a truly zero-access encrypted service such as chat (e.g. Signal), there truly is no way of avoiding it while staying afloat as a private company. It seems people don't understand that email, which is Proton's bread and butter, CAN'T be fully anonymous and private in relation to the provider unless the provider severely limits functionality by only allowing PGP.
Framing the question a bit differently could help: The aim should be to engineer the system so that you don't (and can't) have access to the information, so you minimize vulnerability to legal attacks.
A strawman mod to protonmail could be to mandate the use of a VPN
> The aim should be to engineer the system so that you don't (and can't) have access to the information
So when law enforcement and/or a three-letter agency rocks up with the legal paperwork (whether it be a National Security Letter or a local equivalent) and demands that "the system" be changed to start collecting the information they require, how should managers and engineers respond?
Generally, in my experience, people want to help "catch the criminal" -- note these are usually the worst of the worst at first. Then you start getting less and less information and starts becoming a process rather than an event/discussion.
By pointing to your repo and inviting them to make a PR. Because your system is open source, uses reproducible builds, and attestation so users can directly verify the binaries you're running come from the open code they can audit. This is the same reason a three-letter agency approaching Linux and asking for a backdoor won't work.
> https://signal.org/bigbrother/
> "When legally forced to provide information to government or law enforcement agencies, we'll disclose the transcripts of that communication here"
Sure, except if there's a nondisclosure provision...
"A national security letter is an administrative subpoena issued by the United States government to gather information for national security purposes. NSLs do not require prior approval from a judge. NSLs typically contain a nondisclosure requirement forbidding the recipient of an NSL from disclosing the FBI had requested the information."
In a perfect world? The same way Apple did in ~2015. Argue that code is equivalent to speech, compelling them to write code to change the way the system works is compelling speech, and making that demand is unconstitutional.
Apple gets lots of shit for a multitude of reasons, but their stance of "We built it to be securely encrypted from everyone but the owner; if you want to change that then fuck you, make me" is something everyone involved with should be proud of
Realistically, we can't all be one of the richest companies in the modern era. Not every corporation has both morals, and pockets deep enough to pick a fight with not just a government, but the government of the country they're headquartered in. Frankly, shutting down like Lavabit is one of the better realistic scenarios if you're making promises of guaranteed privacy
I think this is easier: there isn't a single corporation on the earth with morals. Morality and profit-chasing are not generally coherent principles. Nobody doing any good on this earth has a need for an LLC.
I generally agree with your posts/comments, but anyone trying to "do good" in the USA absolutely needs to have liability protection, such as an LLC or a corporation shell of some kind. The moment one starts to make a difference in this corporate controlled nation, the full legal power of both the corporations and their owned government minions will rain down on you. I've seen it. If you're trying to make any kind of a difference, get liability shells around your activities, or you'll be ended the moment you gain traction.
Calling them "morals" was meant flippantly, though I suspect should have used quotation marks to call that out a bit more. "Multiple ad campaigns and a marketing posture based around privacy" is probably better.
The aim should be to engineer the system so that you had over every piece of information that you have and that it is totally useless to anyone, either through encryption (that you don't have access to) or through not collecting it in the first place.
Service has to follow the law more breaking news at 11....they even before this have always advocated to use a VPN or Tor if your threat model is law enforcement.
Proton is still very much worth recommending, you can ignore the noise. The article you linked was debunked in this article which provides overwhelming evidence pointing to the org being liberal: https://www.reddit.com/r/Anarchism/comments/1id5v21/does_pro...
Not that it matters though, since I assume all of us here know how encryption works.
Proton also suffers from a pathology similar to the LavaBit problem. Better off using some other email service that doesn't insist on keeping GPG keys on its servers and using something like Mega instead.
> Realize that some of these measures draw attention to yourself
This makes a good case for using them all the rest of the time. If you’re in a relatively safe position you can help to normalize privacy to provide cover for those who need it now, and perhaps for yourself should you need it in the future.
"realize some" was the comment. you're now assuming that biometric auth is part of that "some". assuming can get you into trouble. if biometric auth does not bring attention to yourself, that does not negate the validity of the comment.
people just need to calm down with the "gotcha" comments
One of the first things you can do with any of these kinds of lists is to see if they recommend Firefox over Chrome. It's an excellent shibboleth, because Firefox codes (rhetorically) profoundly more activist- and privacy- friendly than Chrome does, but Chrome has much more sophisticated and better tested runtime protections. Firefox seems like it would be the better recommendation, but if what you care about is not being easily (==cheaply) targeted by exploits, it's not.
The majority of activists aren't going to be targeted by a 0-day. Most probably won't even be purposefully, directly targeted. They're more likely to have their data given/sold to the government as part of a larger batch (geo-fence, etc.). I would not recommend a Google product with that considered.
The activists that are legitimately, specifically targeted should probably be past the "101" series of infosec and not be using either without significant other considerations and protections.
My new line when people rebut this is just to ask: did the guide we're talking about lay this out, so that people could make up their own mind about whether their organization was likely to be targeted by federal law enforcement agencies, which license zero-day vulnerabilities and delivery platforms from 4-5 different providers, or instead by commercial telemetry?
Of course, none of them do, because the premise of that question is alien to them. It requires understanding that Firefox and Chrome have different runtime security postures, and to talk about that you have to be willing to push through a fogbank of people ideologically opposed to the idea that Chrome could be, at a technical level, better.
Your original comment sounded like (how I read it, at least) you think Chrome should be the default recommend in this (and similar) guides. Full stop, end of story.
This comment sounds like you think guides should be more nuanced regarding the specific threat model that is trying to be mitigated.
No, I think people should use Chrome. But my actual docket of security advice wasn't the point; my point was: if they got this wrong (and by suggesting that Firefox is a categorically better choice than Chrome, they have), what else did they get wrong?
As a security person, I have borne witness to many, many "which browser is really more secure?" or "has Firefox caught up to Chrome?" arguments. I have seen "you should use Chrome (or Chromium) no matter what" as responses; I have seen "it's complicated" as responses. I have never seen "you should use Firefox no matter what".
As a security person, I agree that this guide is not great. I agree with pretty much everything you've said. However, I disagree with your original comment that a recommendation in favor of Firefox means writing off a guide entirely.
But that's probably for some other time, I imagine we can leave it at agreeing "this guide is not great". I doubt it is good for my career to butt heads with the tptacek on a security topic.
I just think it's an interesting way to think about these things. There are a couple recommendations these kinds of guides recurringly make that are "tells" that the people writing it aren't, let's say, super engaged with the communities of expertise the recommendations are meant to be drawn from.
I learned last cycle not to waste too much energy red-penciling security guides; there will be more of them following this one. But I am interested in general rules of thumb for how to read any of them.
For what it's worth, I comment here worrying that 'saurik and 'comex and 'pbsd are at any moment about to hand me my ass. Wherever I am in the heirarchy, it's not close to the top.
This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently. Shouts to the heroes on the inside, but what did I just hear about an AI removal pledge?
>> One of the first things you can do with any of these kinds of lists is to see if they recommend Firefox over Chrome. It's an excellent shibboleth, because Firefox codes (rhetorically) profoundly more activist- and privacy- friendly than Chrome does, but Chrome has much more sophisticated and better tested runtime protections. Firefox seems like it would be the better recommendation, but if what you care about is not being easily (==cheaply) targeted by exploits, it's not.
> This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently.
See, this is what I'm talking about. If you're trying to protect activists from threats, protect them from threats. Making a political statement about commercial surveillance isn't doing that. A lot of these guides are LARPs.
How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)
Commercial surveillance enables government surveillance. If an app constantly sends my location to a corporation by default, a government-level adversary can just demand it from that corporation, no need to burn a 0-day on me.
This is a complex thing. Don't give your location to the app. Turn off GPS, use VPN and don't use any apps/sites that linked with your real identity on the same device. Most of the other parameters in the commercial surveillance are too common to ID someone with a good probability.
Exploits, on other hand, can leak your full environment, including a photo from the cam.
This is another part of what I mean: people on message boards read these things as message board arguments, oblivious to the fact that the whole point of these guides, if they're for real, is to communicate with people who are making absolutely none of these inferences.
The point isn't that Firefox is less exploitable it's that it has less blatant tracking than alternatives like Chrome. If you're an activist I'd imagine that exploits are a scary thought but the more direct threat is the tracking we (un)knowingly succumb to every day.
Isn't it the software which is tracking you? You can switch off the cellular connection whenever you need to not be tracked by the towers (if you trust your software, or with a hardware switch on some phones).
See, again: this is how message board logic turns these kinds of guides into LARPs. "Turn off your cellular connection whenever you need to not be tracked. Also use ProtonVPN."
Do you think the blanket-pardon for J6 was ethically justifiable?
To me, a blanket pardon appears very problematic because I firmly believe that the underlying action (violent protest directly aimed at government representatives) was and is still a crime (I think that a group of protestors similarly storming the capitol or white house now would --and should-- not be pardoned either).
The whole thing is even more problematic because it basically directly rewards for loyalty to a person over the country/democratic ideals.
Personally, I have no doubt that a lot of them were honest, well-meaning protestors that caused little harm-- but definitely not all of them.
Commutations done for individual cases would have been much less problematic in my view.
> Yes, because the governments in 2020 have shown that rioting, setting building on fire, attacking police departments and declaring shit like CHAZ was totally ok and won't be persecuted.
Are you sure that this is not a distorted perception, fueled by media that profit off of outrage? There have been >14000 arrests following the George Floyd protests; I don't think it was ever established that setting public property on fire was fine (legally), not during the last administration and most certainly not now...
> But since Trump JD is not trying to put people from that summer in jail - I am totally fine with both group of thugs being free
Even if people had not been arrested during the protests (they were), this is still super iffy. This is a bit like saying "since Trump never did anything against Pelosis insider trading, its fine if he engages in it himself"-- in my eyes, thats not "morally cancelling out", thats him failing twice...
The best solution would have been for Biden to pardon everyone non violent (in violence defined something greater that what you would find in a hardcore mosh pit) and leave the rest - but that is long gone.
As a person that has set fire once to the building of my country parliament and overthrown the government - honestly it is not such a big deal
They've already said they're going to deport pro-Palestine protesters with student visas who attended protests in the past, and are opening up 15,000 units at Guantanamo Bay for other immigrants to avoid us mainland law, along with an offering for units in an El Salvador concentration camp like megaprison.
You're right, I went back and read and it looks like the officer who died had their stroke ruled as their cause of death, not the blunt force injuries they received, though it was ruled contributing to his cause of death.
Upon further reading it looks like they only intended to murder a bunch of people and were prevented from doing so while invading the capitol buildings holding nooses, a completely blameless activity.
Something like 170 officers were injured, 15 hospitalozed, and at least one suicide in the aftermath. Several gun charges.
An insurrectionist climbing through a window busted out with an American flag pole was shot for almost getting into a holed up area of law makers. Police and Secret Service warned "Get back! Get down! Get out of the way!"
I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor. We know that modern phones are full of proprietary firmware with swiss cheese tier security which allow for 0 day remote code execution exploits [1]. The operating systems, although better, also have been targeted by RCE exploits [2].
Not to mention even turning a phone off does not guarantee it goes silent. Apple's Find My network works even for turned off devices. Now of course you can turn that feature off, but once the capability to track a turned off device is there, we have to assume that a nation state actor has exploits/backdoors that allow agencies to bypass basic software switches.
You have to assume everything you do on a mobile phone will end up in law enforcement/intelligence agency databases if you're put on a watch list.
>I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor.
The majority of activists are not worth the effort or expense. And for the ones that are worth - those guides make no difference since they don't harden as much. If you want real security - then the least you must do is have two devices. One used for hotspot only.
Since the mid-2010s Apple has put every baseband / WiFi / Bluetooth radio either on USB or PCIe with an IOMMU that restricts access to only the pages required for networking and packet management.
I can't speak to when Android started doing this, but I know the common chipsets (Qualcomm, Exynos, Mediatek) also do this.
Why? I've personally seen more news articles about Tor users getting de-anonymized than I have VPN users. Purely anecdotal, I know, but the point being Tor is obviously not foolproof, so I am curious why recommending one over the other is apparently enough for you to call the entire article into question.
Because if I was running SIGINT at the NSA and collaborating with the FBI to arrest activists, the very first thing I would do is start up a bunch of VPN providers that bill themselves as "private" and then log everything aggressively.
The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes about Tor users being "de-anonymized" when VPN users are never "anonymized" to begin with. I would make sure these anecdotes never clarify whether it's "Tor users accessing Hidden Services and getting popped by a Firefox exploit" or "network attack that enables traffic correlation" so everyone fills in the blanks and assumes Tor is dangerous, when it isn't, thereby pushing activists to my VPN services.
After all. There is no real enforcement mechanism if a "private" VPN lies.
You mean the Silk Road which exposed the real IP of the web server due to misconfiguration? Tor can be compromised (run a bunch of exit nodes and do traffic correlation) but Silk Road made pretty basic mistakes.
>Because if I was running SIGINT at the NSA and collaborating with the FBI to arrest activists, the very first thing I would do is start up a bunch of VPN providers that bill themselves as "private" and then log everything aggressively.
Sure. But with a limited budget (of both the financial sort and the effort sort), this just isn't feasible. Who the hell wants to manage not one but twenty seemingly private industry vpn companies? Can they even reach break even status so that it's not a drain on the budget? How long for that? Worse, it entangles their revenue with that of the NSA, making the NSA more vulnerable to the sort of leaks they don't like to have, exposing them to foreign intelligence services and even journalists.
>spread vague anecdotes about Tor users being "de-anonymized" when V
Ulbricht found out the hard way. When you've got every fiber tapped around the world, it becomes trivial to deanonymize Tor users. Granted that it's nearly impossible to climb to the top of the US government's shit list like he did, but if you do manage the feat, they'll know who you are within days.
They did, and then they used something called parallel construction (legal term) to not give away the warrantless search that entails. Wanted to avoid fruit of the poison tree, or public backlash, or maybe even both.
Once he was identified, they trolled through his internet history to find something that if they were luckier than any investigators ever they might have found without cheating. Then claimed they actually did that. It was all horseshit. None of this is controversial. Didn't even have to hack Tor, traffic analysis sufficed.
A more constructive response is to explain why it won't work, rather than telling me to explain why it won't work.
My first post in this thread has a link that explains why VPN services aren't trustworthy.
But the thing I took more issue with is that Tor is omitted entirely. Tor is at least as safe as a VPN.
Trying to attack Tor users by registering exit nodes (a Sybil attack) is way more expensive than convincing users to simply not use Tor.
The fact that more effort is spent attacking Firefox (i.e., the Tor Browser) than the network is a data point worth considering when deciding your threat model.
Meanwhile, if you want to do traffic correlation against a VPN service that you don't already own, just pwn the datacenter that the VPN company is hosted in and watch packets coming in/out of the VPN.
If you want to try to reframe the conversation to be about defending Tor, you can have that conversation without me. I'm not here to defend Tor, I'm here to advise against using VPN services especially if you have a threat model where Tor is more appropriate.
Recommending ProtonVPN over Tor to motherfucking activists is an act of malfeasance that makes me distrust anything coming from this webpage.
There is one reason- VPN traffic, vs tor traffic monitoring. Tor traffic stands out and that has been used to nab people famously, like that bomb hoax incident. Which suggests cloaking tor with a solid VPN is the way to go. Yes, bridges may be an option as well, but I don't know that their ease of use is where it should be for everyone wanting to be hidden
IIRC they used NetFlow data to find the only Tor user. So as long as your VPN doesn't use a different exit than entry IP it's as easy to find you as the Tor user.
Or you know just use both because even the most shady VPN is more trustworthy than any ISP. There of course is always the option to just use a trustworthy vpn that even implements traffic analysis protection like mullvad
> The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes
An unfortunate factor at play in these matters (and that I note in the article) is that the intelligence services are known to run the occasional shell company [0]. It seems likely that some privacy-oriented providers are actually intelligence fronts - because if you were running an intelligence collection agency an obvious thing to try would be a privacy-focused email company or something.
If it isn't built on a trustless model it isn't trustworthy.
This page says it was last updated a few weeks ago, but the recommendation against iCloud backups seems to have glaring errors and omissions.
> Keys to unlock the phone’s full-disk encryption are also stored in the iCloud backup. This arrangement allows law enforcement to request the backup data from Apple and use the key to unlock the entire phone. It also offers a convenience, where if the user forgets their unlock code, Apple can still recover the device.
This is not true. Even if it were, the advice to activists should in all cases be to enable Advanced Data Protection so that almost everything (except iCloud mail, contacts and calendar) are end-to-end encrypted (including iCloud phone backups). Apple cannot access the data or help in any kind of recovery when Advanced Data Protection is enabled. It is up to the user to set up recovery contacts and recovery key (and keep this safe).
Is it correct that iCloud backups can lead to officials being able to unlock your physical device? That’s not consistent with my understanding of Apple’s circle of trust implementation.
I get that the backups can potentially be compromised, and of course having the backup means having most of what would be on the phone, but I would love to know more about how having a copy of a backup can compromise the physical device via iCloud.
Disproportionally more if you divide it on the user base to get the cost of targeting 1 user when you want them all (and most of evildoers want that exactly).
No, that's not at all how the market for high-end zero-day vulnerabilities work. It's interesting to see people just make random stuff up from first principles. Actual market participants have talked through this stuff; you can just find out empirically.
Good article, although it stresses the need to have trusted friends to protest with but doesn’t explain how to find, make, keep these friends. To be fair, I’ve been trying to figure that part put for like 10 years but it would be cool to have advice in that area as well.
I am really struggling to find ways to approve anything if you don't have 100% control over it. Signal seems to be a solid choice generally and I do believe they are doing their absolute best to keep it airtight but this is software and some obscene, tiny little hole may very well exist.
Generally speaking, with people like comrade elon having so much say into everything, people rushing to pump out new features daily, most often not putting too much effort into security, I've been making a hard push to cut myself off cloud services and self-host everything I can myself.
I wonder how many of the posts here saying "this is all useless" actually go to protest, or in their heart support those who do.
Can the full might of the fbi and nsa own you of they want? Likely.
The threat model here is local PD, and the goal is to make their job of incriminating you in any way, harder. Meaning making it harder to get into your phone. Harder to passively intercept data like sms and phone calls. Harder to get days by asking the big companies like google.
If I'm going to be involved in something like this I'm sure as hell not bringing my daily driver phone. Get serious. Grab a burner, go in expecting it to get discarded or to fall into unfriendly hands.
Signal leads to metadata by virtue of demanding a phone number. Use the fork Session instead that doesn't have this vulnerability. Or Mega, which does audio and video calls, chat, and file storage and transfer.
All of their advice is pretty moot because they are saying you should have your phone with you and that alone is going to hit cell towers and put you at the location of the action.
Not so if you EMI tape the GOS phone case, disable USB-C except for charging, use second profile to encrypt your actual data so you can attest before decrypting, and keep it turned off and in aeroplane mode when not in use. See my comments.
Your phone going “dark” during an action is in itself a signal that you are involved in the action. Especially when it deviates from your phones normal activity patterns.
It would make more sense to leave your phone on and at home. However, you can’t use any of the tools the articles lists if you have no phone.
"At no point during the interrogation did Thompkins say that he wanted to remain silent, that he did not want to talk with the police, or that he wanted an attorney."
"Thompkins did not say that he wanted to remain silent or that he did not want to talk with the police. Had he made either of these simple, unambiguous statements, he would have invoked his “ ‘right to cut off questioning.’ ” Mosley, supra, at 103 (quoting Miranda, supra, at 474). Here he did neither, so he did not invoke his right to remain silent."
Omitting pertinent information is the tool of debate not of discourse.
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
I cannot seem to find any supporting text in the SCOTUS text that merely being silent waives rights. Quite the contrary, my quote indicates it that as soon as the I would assert my rights, even in the middle of the interrogation, the interrogation would have to halt. (Additionally, the interrogated Thompkins did speak and answer, it was just terce.)
>I wish I were making that up. You now have to repeatedly state it.
Again, I can find no evidence in the SCOTUS opinion that once I assert my right, I have to repeatedly re-assert it.
From your note:
> unless tou break your silence to aay that you intend to be silent, yiu will be prosecuted for your silence
I find nothing of sort in this case. I can remain truly silent, and my silence cannot be used as evidence of guilt. Of course I can still be prosecuted with other evidence. Griffin v. California (1965) , Doyle v. Ohio (1976), and Salinas v. Texas (2013) just to name a few.
If I missed these, please point me to it so I can correct myself.
Just playing devil’s advocate here, but this idea of having to invoke your fifth amendment rights reminds me of a “Silent Man” (David Hampson) in the UK who would be arrested multiple times for blocking traffic by standing in the middle of the road. I’m not sure of the details, but in the process he would never speak to anyone at all (not even to his lawyer or psychiatrists, or just to confirm his name). It does seem problematic because what happens if the person arrested is actually mute?
Not only that, but do not say say "Gimme a lawyer, dawg" or else corrupt police will maliciously pretend you were merely asking for a legally trained canine, and another incompetent judge might let them get away with it.
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
No. Based on the opinion linked in one of the other comments, there are these possibilities:
- explicitly say you are invoking your right to remain silent -- the have to stop asking you questions
- say nothing -- you're fine, your right to remain silent means they can't use this against you
- answer questions (without being coerced) -- if they read you your rights properly and confirmed you understood, this waives your right to not do what you just did; if they messed up, then you can get your answers thrown out
Also note that repeatedly invoking your right to remain silent is going to be considered "resisting arrest" and you're going to get the shit kicked out of you.
Telling people how violent the police are tends to get applause in some circles online, but spreading misinformation that you can't get away with exercising your rights is pretty straightforwardly pro-police propaganda. The vast majority of police officers in the US will not kick you if you say you don't want to talk to them.
The correct number of police officers beating the shit out of you is zero. Not a tiny minority; zero.
And every time one is uncovered, it is always the case that they've done it before, many times. That "vast majority" may not kick the shit out of you, but they seem willing to tolerate it when others do.
It's even worse at protests, when police officers have been told to expect violence. When you go to a protest, you assume that you are taking physical risks.
I've had the opportunity to work with the safari team in the past. I can't say a lot due to an NDA, but lets just say there is a good reason to prefer Firefox.
I use multiple OS's throughout the day. Firefox works on all OS's smoothly. Safari doesn't let you set a custom search engine. Firefox has some great extensions.
It's hard for me to believe that people actually think they can use Signal or some other 'security app' on a device that is fundamentally compromised already.
Sure, your messages are encrypted, but they (whoever they are) have the private keys (both sender and receiver) because the smart phones you are using are compromised by them.
It's really simple.
So next time you read a news story about criminals who were using some supposedly secure app to commit crimes, but got caught anyway... keep this in mind.
Yep, Cellebrite is popular among LE and my phone (a new Pixel) is able is be extracted. Even if I install a privacy OS such as GrapheneOS, I don't think it would help. The Librem phone looks nice, but it costs a lot and the camera/specs are bad.
Exactly. Just don't commit crimes and don't use a phone/computer to commit crimes thinking you will get away with it. It doesn't work, they know who you are and what you did.
This is a really, really ignorant imperative. First of all, the criminalization of poverty and structural injustice, generally, make technically criminal activity inevitable in some communities, but I recognize that what you actually mean is "don't commit criminal acts of protest" which is still ludicrously ignorant—and cruel!
Civil disobedience, by definition, involves the deliberate violation of a law. It is, nevertheless, our duty to perform when laws or systems perpetuate severe injustices, democratic failures, or lack legitimacy.
As John F. Kennedy famously put it, "Those who make [legal] revolution impossible will make [criminal] revolution inevitable."
If you have evidence of how the secure enclaves on mobile devices are compromised, you should share those details.
You can also believe that there is an industry-wide conspiracy in which everything is backdoored. But that's a philosophical/political claim, not a technical one.
Yes, they use Bing’s search index, but the relevant difference is that they promise not to retain logs of your searches associated with your IP address or other identifying data: https://duckduckgo.com/privacy
This is ridiculous, just don't use a network of any kind or you'll be tracked by someone somewhere. Simple as that. Misleading people into thinking they can use these tools and be safe is dangerous. I suppose the only way to be safe is to assume you're being tracked somehow and use burners or throw aways that don't matter.
While you’re not wrong, there’s a trade off between communication needs and security guarantees. Activism and protesting requires organization, which is effectively hampered by the inability to quickly and efficiently disseminate information.
I’ve read the EFF’s guide and it seemed reasonable for a layman. What caveats or disclaimers would you include that they haven’t already? What more do you feel could be done to make people with these needs safer while helping them pursue their goals?
Staying off the radar is the best advice I think - how to do that is the question. The thing that creeps me out is that even at the operating system level we have no idea what happens... look at Recall. I mean wow.
You need to coordinate with people. It could be as simple and necessary as getting your ride back home after the protest.
Yes, any use of the network is a risk. You take a risk just showing up. This is about mitigating risk, not eliminating it. You have to decide if it's a risk worth taking.
This is pretty much the 101 on how to get "caught". It is laughable that they recommend using ProtonMail and ProtonVPN and that there is not a single mention of things such as TOR.
Regarding Proton specifically:
- Proton has been lying about them not logging their users IP and other information in the past. It got caught red-handed in 2021 when they transmitted the data of a user to a french intelligence agency called DGSI. Source(s): https://therecord.media/protonmail-forced-to-collect-an-acti...
- Now they say: "Privacy by default", what they mean by it that by default they do not log the user's information but if an agency asks them to log then they "are required by law" to log the user's data. But the user has no way to know if he is still in the "privacy mode" or has switched to the "surveillance mode".
- It is actually possible that they log everything and use the "by default" wording as a "plausible denial". By saying that your account had been flagged earlier by law enforcement or an intelligence agency.
- All Proton mail traffic goes through Cloudflare. Let that sink in. Yes, they says that the traffic is encrypted using https and that Cloudflare can't see it's content, which might be true. But even if it is true Cloudflare gets to see a ton of interesting meta data, such as the end user's IP, the exact time and the length of what the user is being sending or receiving. Source:
So even if you are in Switzerland and you use ProtonMail which is in Switzerland too, your connection still gets tunneled through an American company.
Source: https://x.com/andyyen/status/1884907496705339544
Can't speak for OP's link, but as a contrast No Trace Project's resources contain lots of advice from people who actually routinely face state repression, with in-depth analysis of specific cases. The scope is international (though focused on the North Atlantic region) rather than english- & u.s.-exclusive. There are plenty of references to Tor+Tails.
Yeah, don't use Proton, they're several types of shady. If you can figure out running Matrix, that's better. Email isn't built for security, don't treat it as if it was. Use PGP on the body if you want, but the metadata will still be very talkative.
The Grugq has complementary advice which arguably is more important, regarding foundational principles, personas and so on:
As someone who has decades of tech experience and have been the target of various Government agencies for many years... I have a few things to add:
Most devices have some kind of GPS or positioning system. Phones in particular still communicate certain information to cell towers and E911 even if there is no SIM installed. Wrapping your phone in aluminum foil does not block all the signals as many have been lead to believe. It is not certain, especially with 5G what faraday bags can work. Your best bet is a phone where you can remove the battery. Even this could leave residual power in the device.
One of the most non technical aspects of Government surveillance, especially in the United States, is that their ability to request data depends on each specific provider. Usually, law enforcement has long standing relationships with all these companies and the higher up you go in the U.S. Govt, you get more of this. After all, there are a million ways the Govt can keep a device off the market if they do not comply with whatever the Government wants. Maybe most importantly, parallel construction is often used here. For example, law enforcement will only follow the rules and get a warrant if they intend to present a case in court. Often, they just want information and if they want to use it they will find a way to parallel construct its source. Do not rely on your constitutional protections or anything else. In many cases it is simply not a factor for them.
Everything about your phone comes back to the sim card. It is extremely difficult to get a working SIM without some form of ID. Most SIM cards are traceable this way, especially if you purchase them in the U.S.
Most services require a form of authentication as well, often a phone number which requires the SIM belong to someone, or an email address, which very often requires a phone number to create. Used burner phones are your best bet.
Any cloud service connection your phone initiates is able to be intercepted and the Govt can deploy a form of a man in the middle decryption attack with the help of your cell provider. This is not used as often but unless everything you have uses certificate pinning, and often this isn't the case, it is very easy to man in the middle your end to end traffic and decrypt it.
Applications also leak like crazy to various APIs and other things they use. Connections can be downgraded to HTTP and all other forms of tricks to monitor you are used.
For example, if you are using an end to end encrypted messaging app, and you have the content of those messages going to the apple or google notification system, you do not have end to end encrypted messaging. This is why Signal disables the content in the notification by default.
There are other attack surfaces here as well. Keyboard autocomplete is one as it uses remote services. If LE knows you are using something like Signal, and they can see you created a new contact on your phone to message them, they already know who you are talking to you, and if your phone keyboard is using autocomplete or grammar correct, they could potentially get what both sides are writing to each other without actually breaking the encryption.
There are other methods as well. iPhones have the ability to use a form of Remote Desktop that can be accessed over the cell connection. So as you are using the app, your screen can be monitored, thus defeating any encryption security you think you have.
If Law enforcement knows you have cloud accounts, say with iCloud or Google Docs, and you are working on something in there, you can be sure that it is possible for your work to be viewed as you are working on it. This has a ton of implications for people just doing normal non activist work as well. Maybe you're working on your own legal case and they can literally just watch you build a legal defense and then plan accordingly. It really is endless what they can do.
If the Govt is interested in you, most cities are full surveillance cities now. You can have no phone, no RFID anything, change your routes, change your appearance and you will still be found. There are rare exceptions to this but for the most part assume you cannot move around a city without being constantly monitored. Even if you only have a pair of bluetooth headphones, there are all kinds of devices collecting broadcast data, and these can be correlated with device lists uploaded when you pair a device.
This is just a short list of things I've experienced personally... There is so much more. Any large formal resistance basically cannot happen without the Govt knowing about it.
> We recommend Signal, which was built from the ground up for personal security.
WhatsApp has E2EE for all messages too, I don't understand why people think of Signal as a bullet-proof instant messaging solution for privacy, especially when
1. Requires Phone Number in order to use (I'm sure fanboys have explanations for that)
For me, the difference choosing between whatsapp and signal has more to do the who is in, and behind, the respective companies.
Liar Zuckerberg lost by fvcking mile.
It's complicated to explain, but in the republican(/conservative/trump supporter) mind "activists" are (in support of) "far-left marxist communist liberal extremists" like Biden, Obama or Harris, so the FBI/CIA/NSA under the Biden administration were protecting them and calls for making encryption illegal only targeted "the republican" so activists supported ending encryption because it benefited them in their unjust war against republicans. So if they now see activists discussing opsec, they view it as liberals being "scared" at the righteous Trump administration coming for them.
It’s not complex to explain. The establishment was all Democrats and they tried to ban encryption. Now the establishment is Republican and the same elites who tried to take away encryption are now using it.
Of course it's easy for you to say, but the rest of us do need some explanation to understand what you believe. I assume you aren't against encryption being widely available despite the elites/activists using it for nefarious purposes though? Like you are just pointing out the far-lefts hypocrisy when they tried to ban it before?
I am not on either side of the 2 party system. I am pointing out the hilarity of former members of the panopticon now understanding the value of privacy preserving technologies.
Ahh I see a liber - but no of course labels don't apply to me - tarian, they tend to believe the same nonsense trumpists believe nowadays so it can be hard to tell sometimes
I don’t care if you call me names or say my beliefs are nonsense. I’m most enthused now that so much government funded “nonsense” is being defunded, and all of the federal and NGO employees being fired, so they can be free to actually contribute to society.
A bit of a tangent, but modern protests are subject to hijacking from agents provocateur and general shit stirrers -- it's been quite effective in delegitimizing public protests. It would be nice to find ways to counter that.
I think this was the whole point of the "self purification" process that Dr ML King Jr describes in his Letter from Birmingham Jail [0], where they had workshops on non-violence etc.
Interesting. I read an article stating the opposite.
That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
In particular it was stated that part of those particular riots were a distraction to (successfully iirc) lure the cops away from the police station.
> That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
There's a lot to be unpacked there, but I'm not sure about what you think is "effective action" and why peaceful demonstrators are a bad thing.
There are multiple documented cases where emergency vehicles are blocked by "blocking a highway" as a "peaceful protest" that resulted in deaths. e.g., London (2022) - Mark Heap and Lisa Webber.
It is still a peaceful protest, whether you like it or not, contingent on the definition of "peaceful" being the absence of violence.
You do not have to like the outcome of a protest, but if it is not a violent one, you are expected here to describe it in accurate language.
You are not doing that.
To illustrate my point: your logic dictates that not pulling over for an emergency vehicle is tantamount to assault. It is not, and should never be in any rational society. Agree? Disagree?
I was responding to your note that it is peaceful, not that is or is not a riot.
A gathering where someone dies because of the gathering it is no longer undisturbed by strife, turmoil, calm, and tranquil. It is no longer peaceful.
> ... contingent on the definition of "peaceful" being the absence of violence.
The breaking of peaceful to me is not absence of violence. It is no longer peaceful because force was used to stop the emergency vehicles. Force is one way to be no longer peaceful. In this context, when force is used it implies resistance from someone that was forced to do something they did not want to do (emergency vehicle did not want to stop). It is no longer peaceful; yet no direct "violence" was used.[1]
I can fathom where your response comes and grasp your interpretation, but I disagree.
That's what makes it effective. That's the point. A protest that doesn't affect anyone is just performative. Protests aren't to spread the word. It's to jam up the gears, aka, sabotage, to make leaders act. "You're just making us late to work, it's not causing us to join your side!" Jamming up commerce and the functions of a city is how you get people to act. Not by filling out a permit to have a block party in a park. That's a rally, not a protest.
Unfortunately our leaders have successfully convinced the masses that it's only acceptable to protest as long as they do it at a scheduled time and place, without disrupting or offending anyone, and without any implicit threats of escalation and violence if the protestors' grievances aren't heard and rectified. That way people can vent to temporarily release frustration but we're powerless to effect any meaningful change, by design.
Yep and our country doesn't have a history of beheading or tossing leaders out of windows like Europe does which gives us a faux sense of being more civilized, or above it. Violence isn't always the answer, but sometimes it's the only answer.
A physical action (like occupying infrastructure) that limits other people’s freedom to move, or brings harm to them or their property, is a violent act to most people. The only people that would claim otherwise are those who want to downplay illegal acts that align with their own politics.
Here’s a definition for ‘violence’, so you’re clear on how blocking highways is violence:
> violence: an unjust or unwarranted exertion of force or power, as against rights or laws
Here’s a definition for riot, so you’re clear on how a violent takeover of public infrastructure constitutes a riot:
I'm not at all a fan of the tactic of blocking highways as a protest move, I think that's not the same thing as a riot -- it's civil disobedience.
The link that I shared explicitly pointed out that the riot was started by a white supremacist. It's documented and a fact. So were dealing with 1+N cases here.
> Near me, I would say all of them that were riots were that way on purpose.
Look, it worked. It has framed BLM in millions of peoples minds as just black people rioting, and who wants to support riots eh?
I feel that the label of “civil disobedience” is misused as a tactic to justify illegal acts. Infrastructure is not there to serve as anyone’s political platform, and it is built with taxpayers’ money for other purposes. If the gathering does not have a permit, it is illegal, and therefore a disturbance of the peace - in other words, a riot.
> If the gathering does not have a permit, it is illegal
This is not true, unless it is in a public forum limited in “time, place, and manner”. The first amendment grants freedom of assembly. You do not need a permit to meet up with (dozens of) your friends any more than you need a permit to write in a journal.
reply