Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.
The only safe phone is a phone with no data.
Otherwise there will be tools to gain full access.
Without forgetting the good old rubber hose attach
FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider
Is this convenient? No Is this accessible to the average user? No
I just think something at certain point went extremely wrong in history. We accepted control at expense of convenience
We accepted control at expense of convenience
I would have thought it would be more accurate to say we accepted convenience at the expense of privacy and security...
For my apps, I use biometric unlocks. To get in passed the lock screen to get onto my phone's home screen, I have to enter a pattern. I figure that if they're already passed the pattern, more pattern won't stop any unauthorized user. So, it really isn't worth the inconvenience to enter the pattern for all my apps (like banking, cc, investments, etc.) over and over. But, if they can't figure out my pattern after so many tries, my phone auto-erases.
phone auto-erases.
i'm WAAAY too clumsy and forgetful to have auto-erase on!
Just also stop saving critical stuff on your phone you’ll never use nor open again. A good mailbox is an empty mailbox, empty signal chat and so on. With AI it is leaking any away possibly out your phone
Another thing for an overhauled Constitution. One's body and devices should be considered to be papers and effects.
that's precisely why i never stopped using a password to access my phone.
You actually type “hunter2” in every time you want to unlock?
Instead of using your face or fingerprint to unlock it they could demand that you just type the password, could they not?
"I don't recall."
Good question. In the U.S. It violates your fifth amendment right not to testif against yourself/self-incriminate... unless a person doesn't know that and voluntarily unlocks it.
From a legal perspective, no. Passwords would be a 5th amendment issue.
Nope, believe it or not, that's treated entirely differently. Considered to be covered by the 5th amendment since you would be required to provide information that could be self-incriminating.
No.
There is no search warrant for the contents of your mind.
Of course "rubber hose decrypt" is always an option, but we're not quite there yet.
Aren't we?
I believe it gets a bit trickier because you can use your right to remain silent? They also can’t physically force you to speak the password but they can restrain you and unlock your phone by force.
Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.
You don't have to give them your password, and GrapheneOS has a convenient feature to turn off biometric unlock for only unlocking the phone, but still lets you use it in apps
Wasn't there a legal dispute around this that was trying to get them with tampering/destruction of evidence? Not sure if it's foolproof.
If you do use GrapheneOS, quickly restarting the device means your pin is required before biometrics unlock is available. As I understand it -- in the U.S. -- law enforcement can legally compel you to unlock your phone with biometrics, but not a pin. Not that you can trust law enforcement to be law abiding, but at least it's a stronger case in court.
Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any "evidence" by their own actions if in comes up In court.
This sounds like a convenient way to have all your locally saved photos wiped by your kid
In this economy??!
You mean you're not having your photos automatically, immediately encrypted and backed up on remote servers? ente.io will do that for you and their free plan comes with 10G of storage which is quite a few pics.
These practices and tips are not for everyday people but for high targets and work devices
Actually, these tips are for every day people (just not people whose kids can get to their phones). High targets get their ram frozen with liquid nitrogen, their PSU spliced into a battery pack, and the entire system-state backed up for retries.
Don't they make a copy of the phone before they go about trying to unlock it?
This kind of security is only going to work against a careless or incompetent atta-- oh. I see...
That requires USB connection to even be possible with a locked phone.
Yes, and you can disable usb completely on graphene.
It also will not accept new USB connections while the screen is locked.
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn't bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
I use biometrics to access some of the apps on my phone. But my home screen requires a password to unlock.
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when 'at rest', ie shutdown.
In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn't fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
You should always turn off / reboot your phone if you expect it to be potentially be taken
Simply being locked after being unlocked once leaves the phone in a less secure state than if it was fully off or just rebooted and never unlocked.
If you need your phone to record the interaction, then you might only get as far as locking it, but always strive to shut it down.