LEAVE YOUR PHONES AT HOME. Write down some numbers in case you get arrested—or better yet, memorize them. There are journalists there for documenting. And there will be plenty of other people that don’t follow this advice. Leave anything they could use as leverage over you and your cohorts away. Don’t bring ID. Don’t bring anything except what you need for the action. It’s not worth the risk.
ETA: also, any of you with a new car? DONT DRIVE THAT SHIT TO ANY MEETING OR PROTEST. They’re spying on you. Don’t post about it. Don’t use any unencrypted messaging service to coordinate it—WhatsApp is not safe. Signal and probably some other less common ones are the only ones safe enough. Ride a bike there, stash it in a conveniently hidden spot. Bring a change of clothes, plan escape routes, plant the change of clothes either hidden on your escape route or wear them under your plain clothes. Cover tattoos. Leftist activists are not safe. And literally the rest of your life could depend upon how well protected you have made yourself.
So many states have pretty quietly passed laws to make you a felon for protesting. Even peacefully. And to make you a fuckin corpse. In the south especially, a few states were writing “go ahead, run over any protester in the road” laws.
Be smart. Be safe. Have a plan. Have a contingency plan. This isn’t “fuck around with the blunt end of the justice system and find out” territory, in 2024 US, it’s time to be as safe as you can while doing what’s right. Because doing what’s right is criminalized. Heavily.
If you’re going somewhere where you think you might be at risk, IMHO, it’s probably just easier to turn your phone off. Android and iOS both require a non-biometric passcode after boot.
Or, if you want to keep your phone on, enable lockdown mode on Android, or tap power 5 times on iOS to require a non-biometric password at the next unlock.
It’s never a good idea to bring your phone with you. It can be used, even while powered off, to track and surveil you. The BLM protests were just the tip of the iceberg. The apps you have on your phone track you. The government is buying that tracking data. Your phone is a massive privacy weak point. It’s basically a bug you carry on you willingly. It’s not safe. Period.
Leave your phone at home. It’s not worth it. It may not bite you in the ass the day of, but could very easily come back to haunt you after they investigate, in case anything goes “wrong” in their eyes. It’s just not worth it.
IMHO, as someone that works in security / privacy, I tend not to view it as a binary thing. It depends on where you live, what you’re protesting, what you look like, who you are, etc.
Are you in Russia or China and are protesting the government? Yeah, I might leave that thing at home. Are you a white lady in San Francisco marching with a pink knit cat hat during brunch hours, then you’re probably well on the other side of the risk spectrum. You might actually be introducing more risk by having less immediate access to communication or a camera.
The problem is that the people doing the surveillance are hardly going around honestly telling people what's their surveillance profile.
For example in the UK that "pink knit cat hat white lady" would very likely be under surveillance if she was a member of the Green Party and participated in demonstrations. In fact, recently a number of cases came out where in the 80s and 90s the police had infiltrated Ecologist groups and even left some of the women in those groups pregnant with the children of men they late found out were undercover agents.
Further, the lower the barrier to entry to surveillance the lower the "threat profile" needed to end up under surveillance: if the authorities have already have well established and commonly used processes backed by ultra-broad surveillance court (or whatever those courts are called in your country) orders to just get from the mobile network providers all the phone numbers that connect to specific cell towers during a specific time period (such as the ones nearer a demonstration during that demonstratiom), pink knit cat lady is going to end up in the list just as easilly as baclava-wearing hard-core anarchist looking to break stuff.
They might not hack the pink knit cat hat lady's mobile to install eavesdropping software, but she's still in the list for every demonstration she attended carrying her phone and for the authorities finding out those who were at multiple demonstration and cross-searching with other databases to resolve those numbers to actual identities is pretty easy unless those people jumped through hops to keep those things disconnected (which, funny enough, smart anarchists are more likely to have done than your average pink knit cat hat lady)
We take on risk every time we decide to wake up and start the day.
I live in a place where I’m considerably more likely to get hit by a car while walking than thrown in jail as a political prisoner. That doesn’t mean I’m never going to go for a walk. I’m going to live life.
Leaving my phone at home seems pretty silly when the risk is very low in my nation and I do riskier things while cooking dinner.
Oh, in day to day usage I agree with you: we're all one little uninteresting datapoint in a whole lot of datapoints and there are plenty of other ways in which we are tracked.
However if you're part of a Political Party or Movement and/or attend demonstrations, it's probably wiser to leave the phone at home, if only because that makes you stand out as a much more interesting datapoint than average.
It can be used, even while powered off, to track and surveil you.
How? The only legit thing I can think of is if they are tracking you anyway, and then they see your phone is turned off, they might try to claim that you must be up to something. But they won't be able to track it while it's off.
That's not quite how it works, though. These devices are basically mini computers now, there's a limit to what they can do without fully booting. Devices that are plugged into the wall might be likely to retain some power-draining function while plugged in, but there's only so much you can do on a trickle charge while a phone is powered off.
They're still running in low power mode and can wakeup from the network so they can absolutelly be made to "boot up" without turning the screen on and you being aware of it.
This is not like a bloody PC were the lights turn on and you can hear the fans when the thing starts, it's a machine with a low power mode in which it can already do a lot and which can be brought to a high power mode if needed without there being any visible or audible side-effects to alert the user.
Unless you completelly cut it off from power (by taking the battery out, which you can't in most modern smartphones) that smartphone with the lights off, the screen off and making no sound at all can just as easilly be in low power mode waiting for you to press the On button, as it can be in full power mode with a mobile network connection active, accessing the microphone and the GPS microchip and sending that data out, and both will look exactly the same from the outside.
I think you are overestimating what these devices can do when turned off, specifically when whoever is doing the tracking wants to be covert. Devices like Cellular Radios and GPS chipsets are getting more efficient every year, but they still consume enough power that it would be noticed if they came on by themselves even if the device was off.
I have an EE degree and have actually done work with embedded systems, including GPS.
The peak consumption of things like GPS is maybe 100 milliamps, with the average being in the tens of milliamps.
The wireless networking stuff is similarly frugal.
Further, stuff like encoding of audio is all done on the hardware and very efficient so even voice capture and encoding to send over the network isn't processor intensive.
Further, the CPUs on those things are ARM designs or equivalent, specifically crafted for low consumption and which have tons of tricks to avoid spending even a mW extra of power if it's not needed (basically the CPU will tend to activate only the bits it needs and use only the resources it needs to accomplish the operations its running, so it's almost never running at peak consumption).
The really big power consumption in modern smartphones is the screen and from very high GPU/CPU usage in things like games.
I think you seriously overestimate the similarity between modern portable devices design to operate from quite small batteries and things like desktop Personal Computers which are designed to operate from mains power.
If all they're doing is sending your GPS position out over the netweork every couple of minutes you won't notice that the battery has drained a tiny bit faster than expected even if you keep a keen eye on consumption because so little power is used to run just that part of the functionality.
Doesn't a modern smartphone have something like a 4000 mAH battery? And that lasts most people all day with room to spare? Even 100 mA every few minutes will get noticed, if someone has their phone off and expecting consumption to stay minimal.
And that's the key thing here, you're not just building a tracking platform but you are building it into commodity phone hardware without the users consent, and without them noticing. Any phone that burns that much power while off would likely get replaced by the user. Do you think the phone vendors are in on it?
It's not 100mA every few minutes, it's 100mA when calibrating from scratch with no satellites known.
I looked it up and the consumption when in normal use is around 30mA, which would mean that, say, if it took 10 seconds (probably a lot more than needed if you're not travelling) every 5 minutes - which adds up to 120 seconds @ 30mA per hour - that would consume 1mA/h (PS: by pure absolute chance my numbers ended yielding a result of 1 ;)), which is 0.025% of that battery per hour. If you're lucky, in the phone screen were one would be visualizing the graph for the battery power charge over time that would make the line fall 1 pixel.
It really is a whole other world out there in the embedded and low power systems domain.
let's put aside everything @[email protected] wrote you;
if the French state was trying to legalize exactly this, it must be possible: la validation pure et simple de l’activation à distance des fonctions de géolocalisation de téléphone et autres objets connectés (voiture, balises airtag, montre etc) qui repose exactement sur le même procédé technique que le dispositif censuré : la compromission d’un périphérique, en y accédant directement ou par l’intermédiaire d’un logiciel espion pour en prendre le contrôle à distance.
Nothing in your links above indicate that the spyware operates while the phones are powered off (although I relied on a crappy translation of the French). Could spyware mock the shutdown process so that it looks like the phone is powered off while the phone is actually running? Sure it can, but the victim will be tipped off when the phone's battery is being drained even while it is "shut off". (And someone who is paranoid enough to shut down their phone would pay attention to that.) . It seems like it's not worth the effort.
read, listen to people that were spied on using the pegasus software. Easy to find
i don't know if you've met any real activists, militants in your life but they're rarely geeks. And checking the battery of their phone or reading about battery life isn't one of their priorities
Yes, info on Pegasus is easy to find. And never says Pegasus is active when the phone is powered off. It's undetectable and insidious in what it can grab, but at no point is there any reference at all to being active while the phone is powered off.
If you have a reference that states otherwise (that isn't written by an AI), please supply it. I'll be happy to give up on this if someone can prove their point.
And that is because it is way too easy to detect when the phone is off, not only because of the battery drain, but because the radios would be transmitting when they shouldnt . Plus, persisting across a reboot requires some trace of the Trojan to be on physical storage, which is more likely to be found on a scan.
I am assuming that when a state-level actor is hacking a phone, they are targeting a person directly, and know how to get the Trojan on undetected. Their main goal will be to continue to siphon data off it while it is in use. It's not worth the risk of detection to track it while it is off (and not being used, after all.) Don't you think they would prefer to use the same method they used the first time to infect the burner phone that's actually being used?
I think the fact that we are able to record everything that happens and automatically upload it seriously outweighs what you are saying.
The only reason cops get in trouble is only because people are filming. If it's not caught on camera, it didn't happen in the eyes of the law if it's just our word against a cops.
It’s your life. This advice is important in more active circles. There are also jobs that should be given out. Just like there are medics that come out, there should be journalists—in leftist action circles, this isn’t EMTs and NBC photographers. See what I’m saying?
It’s ultimately your choice. But depending on what’s happening, the cause, the state, the cops, the current state of the govt of the country, etc., this advice can literally be invaluable.
For 200-250$ you can get very decent used compact cameras (like the RX 100). It won't upload the photos immediatly, but it is still pretty much on par with most current cell phones.
The concern with bringing your phone is that police have subpoenaed cell providers to force them to turn over cell tower records. The police then used the lists of cell phones connected to those towers to track down protestors.
You shouldn’t bring your phone to a protest because it could end with police kicking your front door in three weeks after the protest has wrapped up.
you can always modify your tattoos, you can't modify your face once it's identified. I saw a man literally draw a face on his face before attending a protest. He looked ridiculous but perfectly "defaced".
I've also read about some blackBlocs getting identified, where i live, through their shoes. Police photographed people before and after the movement and their shoes are used as identifying information.
There is always the oldBloc who put their faces and names behind their words and proudly struggle through unions.
it's already may 1st here. They will be out in about 10 hours. May the force be with them.
No. Several Jan 6 participants tried burners and they still got caught because the burners were still linked to their movements and activities and their personal phones were unusually unused/off/immobile for the amount of time the burners were used. You would have to expend a lot of effort to make sure your burner was completely disconnected from yours and your phone’s location, as well as making sure your phone showed signs of appropriate activity in your absence.
Just having a burner phone works against dragnet surveillance if one is not doing really stupid shit like logging in to one's personal social media accounts from one.
If however it's an actual crime which actually gets investigated by actual criminal investigators, they're going to be coming at it individually and using much more specific techniques than just "use a surveillance warrant to get a list of all mobile phones that connected to certain cell towers at certain points in time and plonk them all on a database to cross-check with similar data from other demonstrations".
You can't just treat a burner phone as a second phone that you have active anywhere near your home, place of work or places you normally frequent and you can't just keep it and keep on using it for a long period of time: the longer one holds on to that burner phone the more data points there will be that can be bulk checked with other, identifyable, data from other sources (say, car tracking data) to find out a more than normal overlap.
I wouldn't at all be surprised if those people with the burner phones had them with them active whilst ridding their personal vehicles which had something like OnStar or were dumb enough to log-in to their Facebook account from them.