Simple steps to take before hitting the streets

  • 乇ㄥ乇¢ㄒ尺ㄖ@infosec.pub
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    Just leave your phone at home, and bring a Digital camera, and few SD Cards … Oh, wait… < insert company name here > makes Cameras that spy on you… nevermind…

    maybe we should hire a fast sketching artist to draw police brutality … What.!.. your pencil can track you now… come…ooooonnn

    • delirious_owl@discuss.online
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      No, its better to have a smart device that syncs photos to your encrypted cloud in case you’re attacked and your attacker breaks your SD card to destroy the evidence

    • rar@discuss.online
      link
      fedilink
      arrow-up
      1
      ·
      6 months ago

      Burner phone to anything that requires communication. Erase metadata of anything that will be shared and uploaded online.

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Burner phones are a strange concept. If you want to store sensitive data on it, you shouldnt use some cheap android phone or even a dumbphone without encryption support.

        • Snot Flickerman@lemmy.blahaj.zone
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          All Androids since 9 at least have been encrypted by default as long as you have a lock screen enabled. Doesn’t matter if its cheap, it is there.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            6 months ago

            All Android phones have Google malware installed by default, as system apps, which means those apps can do whatever they want.

            So every piece of data you put on there is possibly tracked and collected.

            Then there are 2 more problems

            • the software is proprietary and cannot be externally wiped clean
            • the software is outdated

            This makes it vulnerable to Pegasus attacks and others. There are tons of secure practices to avoid getting it, like LTE-only, HTTPS only, encrypted and trustworthy DNS, sandboxed processes, blocked javascript execution from unknown websites…

            But still if the phone is outdated there are unpatched and publicly known security issues. Just spamming them at all phones is likely to succeed as so many people run vulnerable versions, as vendors suck.

            Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

            The firmware is protected and signed by the vendors, so it is likely clean.

            But Pegasus installs itself to the phone storage.

            If you A cant obtain factory images or B cant flash the phone at all, you cannot wipe it clean.

            So a good activism phone needs

            • trustworthy and minimal system apps / stock software
            • modern software updates
            • possible to reflash whole device externally
            • nice to have: ability to verify checksum of system partition, like GrapheneOS Attestation

            This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

              • Pantherina@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                6 months ago

                I think 3a is already too old. I think 4a is a better minimum, but this is still insecure of course.

                  • Pantherina@feddit.de
                    link
                    fedilink
                    arrow-up
                    1
                    ·
                    6 months ago

                    Yes I know, and I want to try DivestOS one time. But they do incomplete patches.

                    They cannot update the kernel themselves or even worse the firmware. The kernel needs to be built and patched for the specific hardware, GrapheneOS relies completely on Google here. And the firmware needs to be signed by the vendors, so no chance either.

                    And especially baseband, cellular stuff has extremely many vulnerabilities in the code.

            • ReversalHatchery@beehaw.org
              link
              fedilink
              English
              arrow-up
              1
              ·
              6 months ago

              Most of that is solved by installing a ROM that’s not user hostile, keeping it updated of course, and using the phone strictly as a purpose specific device.

              That means you run a trusted VPN on it so HTTP/S and DNS concerns go out the window.
              Sandboxed processes, blocked JS? Fine if you only install what’s necessary and don’t use the web browser. JS blocking is not a huge hurdle though, ublock does it with just 2 clicks.

              Then if you have pegasus, the only way for security is to reflash the A/B partitions, both. Factory reset is not secure as it will keep what is already in the system partitions.

              That’s right but I don’t think that this is enough. If the Pegasus malware (package) really is able to do that many things, it’s a walk in the park for it to modify any of the partitions, including that which contains the modem, or just data like the modem’s IMEI and MAC addresses.
              In the cause I would either restore a backup of all partitions, or throw the phone away (not literally).

              The firmware is protected and signed by the vendors, so it is likely clean.

              Except if they patched the verification mechanisms of the OS.
              Also, the firmware may be protected, but what about data partitions which are read by vulnerable software.

              This makes them poorly pretty expensive. I think a slightly outdated GrapheneOS phone is okay though.

              Are you sure? My 6 years old phone still receives LOS updates

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          The point is not cheapness but that you don’t care about the future of that phone. It’s only a tool for the protest, if it lasts longer that’s good but you expect it to get confiscated and never given back, you don’t care what cops did with it if you get it back, it does not have data you need in your daily life or anything irreplaceable, and you’re not really afraid that it gets destroyed by accident or maliciously.