It’s Going Down
Your Phone is a Cop
An OpSec/InfoSec Primer for the Dystopian Present
Are you hitting the streets in support of a righteous cause?
TL;DR Leave your phone at home. It is a conduit into your entire life and all of your networks. It contains years of passively recorded conversation transcripts. It has data on all of your associates, friends, and sexual partners. It tracks your movements down to the meter. It is a black box that can be recovered from your person and used against you in a court of law.
Leave it at home. Your phone is a cop.
If the above doesn’t make it abundantly clear WHY you should leave it at home, imagine the terror you feel when you hand someone your phone to show them a picture and they start swiping left or right. Now imagine The State swiping through your pictures. Hopefully we’ve convinced you! Information security (abbreviated to InfoSec because it sounds cooler) can seem intimidating, but it’s as easy as trading away some of your own convenience in exchange for obstructing the Panopticon of State/LEO/reactionary forces that seek to undermine your project. This document is not a deep dive into any of the topics covered. Devices and software exist in a state of flux, and what is considered secure now will likely be obsolete within months, weeks, or days of writing this. It is up to you to stay vigilant and informed.
The Case for Disconnection.
It’s important that we come to terms here. This is not aimed at the “Hold a sign and shout some slogans” crowd. If you are attending a Fully Permitted and Peaceful Protest and you want to bring your phone to document what you see and do, knock yourself out. Are you in the Black Bloc? Are you engaging in “black bloc things”? Are you covering your face? If any of these conditions apply to you, you need to leave that shit at home. We understand that these devices are integral parts of modern life, but if you are engaging in “effective resistance” the presence and use of any cell phone is a risk to everyone around you. If you are compelled to carry it or would somehow render yourself critically unsafe without it, you need to consider finding a different outlet for your dissent. While documenting abuses by state security forces is important, it is necessary to leave that task to journalists covering the action. Yes, they will do a horrendous job. Accept this and move on. Additionally, cell/LTE service breaks down quickly when towers get overpopulated. At a big protest, thousands of people are texting “R U HERE?” to each other simultaneously. The network will shit the bed in short order, leaving your device crippled until the traffic storm abates. It won’t be useful to you until you’re heading home or more likely until it’s sitting in an evidence locker waiting to be processed. If your device is limping along on a degraded network connection, there is a significant possibility that you aren’t communicating directly with the tower providing your signal. The police have access to technologies, Stingray among them, which will seamlessly intercept and record cellular communications. Calls and plain text SMS are vulnerable to these “man in the middle” attacks. Lock screen patterns are insecure. Four digit codes are insecure. They can be bypassed quickly and easily. You can be compelled to use your fingerprint to unlock your phone by a court order. Encryption can be bypassed using tool kits available to law enforcement. As careful as you think you’ve been, the odds are not in your favor. If your phone is seized as evidence, the fun isn’t over if the charges are dropped. Don’t assume present legal or cultural norms are going to protect you. Your information can sit in a database until it’s useful to The State.
We might be technical professionals, but it’s likely that you aren’t. You have fucked up when configuring something. Don’t leave things to chance, and don’t rely on some combination of official incompetence and your own perceived individual insignificance to protect you.