Thousands of protesters are filling the streets of American cities to protest the police killing of George Floyd, an unarmed black man, and police brutality writ large. Police officers have shown they’re more than willing to escalate violence with pepper spray, tear gas, rubber bullets, vehicles, and other dangerous crowd suppression measures. In addition, law enforcement are likely heavily surveilling protests with all sorts of tech and spying gear. Already, we've seen a Customs and Border patrol drone flying over Minneapolis protests.
It's not just the cops that protesters need to worry about: when much of a protest is broadcast via tweets, viral video clips, and livestreams, those watching may also want to digitally target protesters, perhaps by identifying them publicly.
So, if you're a peaceful protester, but you don't necessarily want your participation in a demonstration to follow you around or lead to harassment online, what sort of steps can you take around your digital security?
Bring a clean phone…
"They'll be, obviously, cell-site simulators," Matthew Mitchell, a founder of Crypto Harlem told Motherboard in a Signal call. These devices, otherwise known as IMSI-catchers, Stingrays, or more recently Crossbows, can record phones' geolocation, their phone number, and sometimes the content of texts and phone calls.
"If everyone is texting a couple of organizers, or calling a bunch of friends, that one friend that connected to all people could be identified," Mitchell said.
"What it'll say is this person was definitely at this place, at this time, and maybe you don't want that. Maybe you want to be able to show your support, show your political view, and having the ramifications for that, the cost of your free speech, to be low," he added.
SMS text messages are the easiest for police to intercept, and during a protest you should not assume that these will be private; if possible you should use an encrypted alternative (more info below).
READ MORE: What to Bring to a Peaceful Protest
If you'd rather make it harder for any data that is swept up by these devices to be linked to you personally, you might consider buying a new, dedicated device for the protest. Maybe a $100 Android phone, Mitchell suggested.
"Your privacy is worth more than that," Mitchell said. You could buy this with cash or a gift card too so it's not linked to your credit card records. Don't turn it on when at home with your normal phone, and switch it off when you leave the protest.
You may also want to quickly setup a new Gmail account, on public wifi, and then use that to download encrypted communication apps.
...Or bring no phone at all
Of course, those are several hoops to jump through, it's easy to screw it up somehow, and you might not have $100 to spend on a temporary protest phone. So the simpler, and probably more effective approach for protecting privacy, is to not bring a cell phone at all and rely on more traditional methods of activist coordination.
Agree to meet friends at a certain place, at a certain time. Maybe decide on multiple locations in case the protest is broken up or cordoned off by law enforcement.
Ultimately, there is a trade-off to be had between convenience and privacy while at a protest, and how much you're willing to sway on either side of that is up to you. That also depends on what particular information you want to protect and from whom; something that can be summed up as your own 'threat model' (for more on this, take a look at Motherboard's Guide to Not Getting Hacked).
If you do bring your personal phone, encrypt it
In the end, you may want to just use your own device when going out and protesting. Just keep in mind that it will be relatively easy for law enforcement to identify you and your movements if they do want to access your phone records in some form.
If you're worried about cops, or anyone else, physically seizing and examining your phone, you should encrypt it if you haven't already, and in general keep the device as free of unnecessary information as possible. If you have a passcode on your iPhone, the device is encrypted. Many Androids are also encrypted by default, but you can double check by going to the Settings app, and then tapping on Security, there should be an option for encryption in the menu.
Disable Biometrics
If you use your fingerprint or your face (for example with the iPhone’s FaceID) to unlock your phone, disable them before going to the protest. In case of detention or arrest, the cops can theoretically force you to unlock your phone if it’s protected by biometrics.
This does not mean, however, that you should disable your passcode—it's critical to leave that enabled. Cops cannot legally force you to give up your passcode. On that note, remember to use a strong PIN or passcode, made of at least 9 to 12 digits, ideally combining numbers and letters. If your phone is ultimately seized and a warrant is needed to unlock it, having a longer, stronger passcode or passphrase will make it more difficult to unlock. At least one forensic company also offers law enforcement a tool that will install a piece of software onto a phone so that once the device is handed back to its owner, the software will secretly record their password. The police then seize the device and can unlock it.
Use these messaging apps
Encrypted messaging app Signal has Disappearing Messages, which deletes messages in a conversation after they've been seen. If you don't want someone being able to rummage through your old chats if they do happen to get access to them, you could turn this feature on.
And although it's relatively unlikely an adversary is going to attempt to read your Signal or WhatsApp messages while in transit, it's probably worth verifying each of your protest contacts' cryptographic fingerprints: in Signal these are known as Safety Numbers and in WhatsApp, they are known as Security Codes. While WhatsApp messages are end-to-end encrypted, it's worth keeping in mind that Facebook does own the app, so take that into account when selecting a messaging app to use. iMessage is also encrypted, but if you have iCloud backups on, those are not encrypted. Wire is another good, end-to-end-encrypted app that also offers disappearing messages.
Scrub faces from your pictures
If you take pictures or videos of the protests, and want to post them publicly on social media, make sure there’s no faces in them that can help identify protesters. A new tool called “Image Scrubber” makes that process extremely easy. With it, it takes just a few seconds to anonymize a picture, potentially saving your fellow protesters from getting in trouble with the cops.
Create new social media accounts
"Media will be covering you, but you'll also be on livestreams and Twitter," Mitchell continued. Keep that in mind if you would rather your employer not know you're attending a protest for whatever reason, but also remember that plenty of other people will be monitoring social media looking for protesters to digitally harass.
If you did bring that phone and you're going to be sharing posts or photos yourself, you could make a new social media account for this purpose too. That way, those trying to dox protesters may have a harder time digging up your real identity.
"Understand that people who repost, retweet that the most—the timeline of where the original hashtag was created—all of that's of interest," Mitchell said.
If you do upload images and videos to social media, it's worth considering that street signs, the names of businesses, and other details in photos and video can easily give away your location; think about whether or not that is information you want to be public, and be especially careful if you are protesting very close to your home.
Consider turning off location services on your phone
If you want to share photos or updates on social networks such as Twitter and Facebook, without people knowing your exact whereabouts, you should turn off Location Services for those apps (you can do that on Android and iPhone).
Or, you could check you're not inadvertently sharing constant updates on your location via Twitter's metadata if you don't want to.
Subscribe to our cybersecurity podcast, CYBER.
from VICE https://ift.tt/2ZPFlW7
via cheap web hosting
No comments:
Post a Comment