291
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now
(theintercept.com)
this post was submitted on 30 Jan 2026
291 points (99.3% liked)
Privacy
45174 readers
535 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.
You don't have to give them your password, and GrapheneOS has a convenient feature to turn off biometric unlock for only unlocking the phone, but still lets you use it in apps
Wasn't there a legal dispute around this that was trying to get them with tampering/destruction of evidence? Not sure if it's foolproof.
If you do use GrapheneOS, quickly restarting the device means your pin is required before biometrics unlock is available. As I understand it -- in the U.S. -- law enforcement can legally compel you to unlock your phone with biometrics, but not a pin. Not that you can trust law enforcement to be law abiding, but at least it's a stronger case in court.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any "evidence" by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
In this economy??!
You mean you're not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.
Always back up anything you don't want to loose.
How should I protect the backups? Same story?
Your backups aren't nearly as likely to be subject to an immediate civil forfiture as a phone is. Cops don't need a judicial warrent to take your phone, but they do need one to search your home legally, and if you do your offsite backups in another country, they would need the cooperation of the local authorities of that country. Strong encryption can provide a relatively safe barrier for offsite backups.
Also, it's possible to have some things that may only exist on your phone and not your server/backup system(easy biometric unlock for a password manager, or encrypted chat logs, to name a few examples).
These practices and tips are not for everyday people but for high targets and work devices
Actually, these tips are for every day people (just not people whose kids can get to their phones). High targets get their ram frozen with liquid nitrogen, their PSU spliced into a battery pack, and the entire system-state backed up for retries.
Don't they make a copy of the phone before they go about trying to unlock it?
This kind of security is only going to work against a careless or incompetent atta-- oh. I see...
That requires USB connection to even be possible with a locked phone.
Yes, and you can disable usb completely on graphene.
It also will not accept new USB connections while the screen is locked.
Not for state sponsored campaigns. They’ll cut the damn chips from your phone and send signals directly to the individual pins if they have to. They’ll freeze your ram into super cold state to make it nonvolatile. They’ll do some crazy shit, man.
Holy Christ, what are you guys doing on your phones to fuel this much paranoia? I have a constitutional right to privacy and i dont want my information/data (the very essence that makes me me) harvested and sold -- for those reasons im opposed to most searches and i've never used biometrics. But the need to nuke my phone because a cop got it is so far from a necessity that I cant think of what im doing that I would need it.
Not anymore you don't
I still have the right, but it's being routinely violated and not upheld by a supreme court that's clearly in the tank.
If a right can be violated without repercussion, you never actually had it to begin with. We're seeing the same up in Canada with the Conservative's use of the not-withstanding clause. Basically, "you have rights until they get in the way of what we're doing".
In a situation where you are raided like the journalist, it may be worth nuking the phone. Consider the sources that could be exposed.
Having your phone available to law enforcement is the equivalent of forfeit your right to remain silent.
And more, once they have access, what is stopping them from planting false evidence? In this fascist fever that US is living... I would prefer to avoid the risks.
Other than literally everything I think and feel you mean? I think it's perfectly reasonable to not want to allow police or especially federal agents into my own head. My note taking apps, my password manager which links to all of my online accounts, and my entire web browsing and search history are all linked through my phone. Also signal and discord and lemmy, and on and on...
Exactly this.
Read about the Hawthorne effect: https://en.wikipedia.org/wiki/Hawthorne_effect and how people change their behaviors when they are being observed. Being free of observation is vital to being able to think your own thoughts without outside influence.
If the problem is with the usage framing the hypothetical adversary as a country's law enforcement, pretend you live in a cyber North Korea and have a cellphone. The idea of an adversary is just a means of thinking about the problem. You want to build a system so that they can't capture your flag (your flag being some digital information that you want private).
Whatever the opposite of TL;DR is:
It isn't intended to be read as 'do this to avoid law enforcement so you can do crimes'.
When thinking about security/privacy (same thing), you don't know what kind of attack you may eventually have to defend against, maybe you have a partner who has decided to stalk you and so they screen read your PIN or a strong arm robbery where they'll try to use your phone to access your bank.
Instead of trying to imagine every single possible scenario, you imagine one model scenario. In this model scenario, the adversary has every possible capability that is available and your goal is to keep your flag safe, or be able to pass a flag between two people without it being seen, or various other scenarios (which are themselves just model problems of types of system that you need to secure).
This hypothetical adversary, in order to have these capabilities in real life, would be the equivalent of a sovereign nation with unlimited funding and access to all technologies that are possible (and some that are only hypothetical). This description fits one country pretty well and so, as shorthand, people often just write 'the feds'. I guess they could also write 'Eve' but that is a specific adversary in one kind of scenario and not the general Adversary.
If you've got nothing to hide you e got nothing to fear...?