this post was submitted on 30 Jan 2026
413 points (99.0% liked)

Privacy

46559 readers
642 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
413
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now (theintercept.com)
submitted 3 weeks ago by geneva_convenience@lemmy.ml to c/privacy@lemmy.ml
158 comments fedilink hide all child comments
 

The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.

Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-

It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.

top 50 comments
sorted by: hot top controversial new old
[–] Darkassassin07@lemmy.ca 82 points 3 weeks ago* (last edited 3 weeks ago) (6 children)

Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.

Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when 'at rest', ie shutdown.

In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn't fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.

[–] birdwing@lemmy.blahaj.zone 46 points 3 weeks ago* (last edited 3 weeks ago) (8 children)

Also, don't take your phone to protests. ACAB.

Wear clothing that can't identify you. Hide tattoos and anything that might make you stand out. Get clothes from a free giveaway place, without cameras. Walk a bit differently if you need to.

Cover your face and cover surveillance cameras, or break them, or hack them (do the latter two only if you know what you're doing).

Wear a body cam. Get bear and pepper spray. Pigs can fucking get it.

[–] Hideakikarate@sh.itjust.works 14 points 3 weeks ago (2 children)

I've been debating buying a burner phone for protests, leaving my main phone elsewhere, and only powering on the burner when it's needed. Probably the only way to bring a phone to a protest.

[–] Scirocco@lemmy.world 13 points 3 weeks ago (1 children)

Buy an older pixel and install Graphene

Keep it off/in a faraday bag at all times, never turn it on at home. Go to elsewhere to set it up.

If they REALLY want you, you will get got.

But there's no reason to make it easy.

load more comments (1 replies)
[–] domdanial@reddthat.com 8 points 3 weeks ago (1 children)

You can also buy faraday bags, if you want a phone available but not online. But it's still there physically so burner would still be a good choice.

[–] ColeSloth@discuss.tchncs.de 10 points 3 weeks ago (1 children)

Just test it first. I got a faraday bag of Amazon and it didn't work.

load more comments (1 replies)
[–] Headofthebored@lemmy.world 9 points 3 weeks ago

Bicycles don't have license plates if you need a faster way.

load more comments (6 replies)
[–] GhostlyPixel@lemmy.world 21 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern

On iOS, with a locked device, quickly press the lock button five times to do the same, it should bring up the power off/SOS screen, which you can dismiss.

load more comments (2 replies)
load more comments (4 replies)
[–] HiddenLayer555@lemmy.ml 51 points 3 weeks ago* (last edited 3 weeks ago)

hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics

This isn't bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.

[–] termaxima@slrpnk.net 41 points 3 weeks ago (6 children)

Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.

[–] this@sh.itjust.works 38 points 3 weeks ago (14 children)

Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any "evidence" by their own actions if in comes up In court.

[–] davetortoise@reddthat.com 33 points 3 weeks ago (4 children)

This sounds like a convenient way to have all your locally saved photos wiped by your kid

[–] this@sh.itjust.works 25 points 3 weeks ago (3 children)

Always back up anything you don't want to loose.

load more comments (3 replies)
[–] FirstCircle@lemmy.ml 9 points 3 weeks ago

You mean you're not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.

[–] daisykutter@lemmy.dbzer0.com 9 points 3 weeks ago (1 children)

These practices and tips are not for everyday people but for high targets and work devices

[–] partofthevoice@lemmy.zip 11 points 3 weeks ago* (last edited 3 weeks ago)

Actually, these tips are for every day people (just not people whose kids can get to their phones). High targets get their ram frozen with liquid nitrogen, their PSU spliced into a battery pack, and the entire system-state backed up for retries.

load more comments (1 replies)
[–] spizzat2@lemmy.zip 9 points 3 weeks ago (5 children)

Don't they make a copy of the phone before they go about trying to unlock it?

This kind of security is only going to work against a careless or incompetent atta-- oh. I see...

load more comments (5 replies)
load more comments (12 replies)
load more comments (5 replies)
[–] SabinStargem@lemmy.today 27 points 3 weeks ago* (last edited 3 weeks ago)

Another thing for an overhauled Constitution. One's body and devices should be considered to be papers and effects.

[–] TheLeadenSea@sh.itjust.works 23 points 3 weeks ago (1 children)

On iPhone say "Hey Siri, who's phone is this?" to disable biometric unlock temporarily.

On Android press the power and volume up buttons to open the power off screen, then press "lock down".

[–] birdwing@lemmy.blahaj.zone 13 points 3 weeks ago* (last edited 3 weeks ago)

On the iPhone you can also press both the upper left and right button. It will enable that you can only log in with a password, even if you have Face ID/Touch ID.

You can also establish that if there are too many false attempts to log in, the phone will delete all data. I could imagine that if you kept most phone data on the phone itself, rather than in the cloud, this can be useful. E.g. insert the password wrongly multiple times.

And if you're feeling really concerned, you can make a Faraday cage (preventing it from sending data altogether). Wrap a plastic bag around, then aluminium foil tightly without gaps, then plastic.. repeat three times.

Alternatively, put it in a microwave. Or a stainless trash can with a tight lid, lining the inside with (optional: cardboard first, then..) plastic wrap, maybe more foil. Phone also foiled.

[–] NauticalNoodle@lemmy.ml 22 points 3 weeks ago (11 children)

that's precisely why i never stopped using a password to access my phone.

[–] muusemuuse@sh.itjust.works 9 points 3 weeks ago (4 children)

You actually type “hunter2” in every time you want to unlock?

load more comments (4 replies)
load more comments (10 replies)
[–] JackBinimbul@lemmy.blahaj.zone 20 points 3 weeks ago (9 children)

Jesus fucking christ.

I don't use my phone for anything other than directions, phone calls, and texting my wife. Partially because I'm not going to carry around something with tons of shit that can be used against me.

This is fucking insane.

load more comments (8 replies)
[–] JoeMontayna@lemmy.ml 19 points 3 weeks ago (2 children)

The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.

[–] lavander@lemmy.dbzer0.com 23 points 3 weeks ago* (last edited 3 weeks ago) (8 children)

The only safe phone is a phone with no data.

Otherwise there will be tools to gain full access.

Without forgetting the good old rubber hose attack

FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider

Is this convenient? No Is this accessible to the average user? No

I just think something at certain point went extremely wrong in history. We accepted control in exchange of convenience

load more comments (7 replies)
load more comments (1 replies)
[–] pineapple@lemmy.ml 18 points 3 weeks ago (1 children)

I use biometrics to access some of the apps on my phone. But my home screen requires a password to unlock.

load more comments (1 replies)
[–] LeeeroooyJeeenkiiins@hexbear.net 15 points 3 weeks ago (1 children)

What if you take your dick and use that on the fingerprint scanner, do you think the cops would make you whip it out

[–] space_comrade@hexbear.net 16 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Probably, although they probably can't force you to reveal it's your dick that unlocks the phone.

load more comments (2 replies)
[–] sudoer777@lemmy.ml 15 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

Or better yet use GrapheneOS 2FA biometric + PIN + duress PIN + auto reboot:

  • If someone spies on you unlocking your phone, they don't get your encryption password
  • If they figure out your PIN, they can't unlock your phone without you physically being there, and your phone may reboot to the password unlock before they get it to you
  • If they compel you to use biometrics, they can't legally compel you to give them your PIN
  • If they decide to start trying out common PINs and you set your duress PIN to one of them, then it wipes your phone
load more comments (2 replies)
[–] RejZoR@lemmy.ml 10 points 3 weeks ago (2 children)

How is current USA administration performing these clear gestapo level violations of amendments and everyone's just like "okay". ?!

[–] FenrirIII@lemmy.world 11 points 3 weeks ago (1 children)

Because there's no resistance to follow. We have no leaders out there speaking against this. It's a massive population of sheep being governed by wolves

load more comments (1 replies)
load more comments (1 replies)
[–] Sunflier@lemmy.world 9 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

For my apps, I use biometric unlocks. To get in passed the lock screen to get onto my phone's home screen, I have to enter a pattern. I figure that if they're already passed the pattern, more pattern won't stop any unauthorized user. So, it really isn't worth the inconvenience to enter the pattern for all my apps (like banking, cc, investments, etc.) over and over. But, if they can't figure out my pattern after so many tries, my phone auto-erases.

load more comments (2 replies)
[–] DarrinBrunner@lemmy.world 8 points 3 weeks ago

I only use a 10-digit pin number I'm guaranteed to never forget. I type it in every time. But, I don't spend much time on my phone, sometimes I even forget it when I leave the house.

load more comments
view more: next ›