this post was submitted on 01 Feb 2026
277 points (100.0% liked)

News

34978 readers
2993 users here now

Welcome to the News community!

Rules:

1. Be civil

Attack the argument, not the person. No racism/sexism/bigotry. Good faith argumentation only. This includes accusing another user of being a bot or paid actor. Trolling is uncivil and is grounds for removal and/or a community ban. Do not respond to rule-breaking content; report it and move on.

2. All posts should contain a source (url) that is as reliable and unbiased as possible and must only contain one link.

Obvious right or left wing sources will be removed at the mods discretion. Supporting links can be added in comments or posted seperately but not to the post body.

3. No bots, spam or self-promotion.

Only approved bots, which follow the guidelines for bots set by the instance, are allowed.

4. Post titles should be the same as the article used as source.

Posts which titles don’t match the source won’t be removed, but the autoMod will notify you, and if your title misrepresents the original article, the post will be deleted. If the site changed their headline, the bot might still contact you, just ignore it, we won’t delete your post.

5. Only recent news is allowed.

Posts must be news from the most recent 30 days.

6. All posts must be news articles.

No opinion pieces, Listicles, editorials or celebrity gossip is allowed. All posts will be judged on a case-by-case basis.

7. No duplicate posts.

If a source you used was already posted by someone else, the autoMod will leave a message. Please remove your post if the autoMod is correct. If the post that matches your post is very old, we refer you to rule 5.

8. Misinformation is prohibited.

Misinformation / propaganda is strictly prohibited. Any comment or post containing or linking to misinformation will be removed. If you feel that your post has been removed in error, credible sources must be provided.

9. No link shorteners.

The auto mod will contact you if a link shortener is detected, please delete your post if they are right.

10. Don't copy entire article in your post body

For copyright reasons, you are not allowed to copy an entire article into your post body. This is an instance wide rule, that is strictly enforced in this community.

founded 2 years ago
MODERATORS
JonsJava@lemmy.world
gedaliyah@lemmy.world
little_cow@lemmy.world
jeffw@lemmy.world
enu@lemmy.world
rjc@lemmy.world
Tenthrow@lemmy.world
277
Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now (theintercept.com)
submitted 2 days ago by tonytins@pawb.social to c/news@lemmy.world
67 comments fedilink hide all child comments
 

The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.

Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.

top 50 comments
sorted by: hot top controversial new old
[–] Tonava@sopuli.xyz 6 points 15 hours ago

I've been warning people around me for years about shit like this, and have been promptly ignored or thought delusional. Who's crazy now, huh?? I wish it wasn't this way though, it really sucks to see all my paranoia becoming reality. What's next, state approved, AI controlled drones hunting people on the streets based on AI risk assessment and recognition based on databases collected from stuff like assigned passports and voting records?

[–] CmdrShepard49@sh.itjust.works 16 points 1 day ago

Is this the same Washington Post that was informed of the planned illegal invasion and kidnapping of a foreign state leader 24 hours before it happened and chose to sit on that information in order to protect the president?

How odd to then claim just weeks later that they're "free press" and that the man they helped attack others is now attacking them.

[–] E_coli42@lemmy.world 8 points 1 day ago (1 children)

On LineageOS, hold the power button and click "Lockdown"

[–] Feathercrown@lemmy.world 4 points 1 day ago* (last edited 1 day ago) (3 children)

Android has this too, if you enable it in the settings.

load more comments (3 replies)
[–] neuromorph@lemmy.world 6 points 1 day ago (6 children)

Andoid implemented a lockout mode that when you activate, disables biometrics, usb access and hides notification.

Its been available since the OneUI update.

You activate by holding power and selecting lockput (where reset would be)

[–] SlimePirate@lemmy.dbzer0.com 1 points 17 hours ago

I can't find it? Do I need to enable it somewhere ?

[–] 0x0@infosec.pub 7 points 1 day ago (3 children)

OneUi isn't 'android', it's 'samsung'

[–] neuromorph@lemmy.world 1 points 6 hours ago

Thanks I don't know if this is built into general android OS or just the oneUI. But wanted to get it out there

[–] goombakid@lemmy.world 3 points 1 day ago

It's Lockdown on a stock Pixel.

[–] Fedizen@lemmy.world 1 points 1 day ago* (last edited 1 day ago) (1 children)

I've got a pixel and it will not allow biometrics on a hard power off or restart, only for login from a previous session. if I was a journalist I'd be resetting my phone constantly if I had sources to protect.

It also hard locks if its been 24 hours since a password was typed. You can also intentionally cut your finger or fuckup your face guarantee biometric lockout. If you think you're about to be arrested and you have fingerprint unlock you can just slice or burn your finger as well.

[–] SpacetimeMachine@lemmy.world 2 points 1 day ago

You can also just disable it, which is much more secure. You can have it not open your locked phone but still be used to verify it's you in apps which is also nice.

[–] ayyy@sh.itjust.works 3 points 1 day ago* (last edited 1 day ago) (1 children)

iPhone/iPad/iWatch does this when you hold the power button to bring up the “turn off” slider. I’m pretty sure stock Android is similar. It’s great because it can be done in your pocket without even looking. I wish more people knew this, and did it every time they go through a security checkpoint or see a fascist in their periphery.

[–] boonhet@sopuli.xyz 2 points 1 day ago* (last edited 1 day ago) (1 children)

For me at least it's tap power button 5 times rapidly, rather than holding it, on iPhone.

Or hold power + volume down

Edit: Do keep in mind that this doesn't reset your phone to Before First Unlock status, so it's still vulnerable to tools like cellebrite. This only disables Face ID until you enter the passcode again. For better protection, you'd want to fully shut down your phone, which MIGHT protect it from unlocking altogether, or it might not. If they can't have it unlocked right away, they can get it in a few months or years since you won't be getting security updates and they do discover new vulnerabilities every now and then.

[–] phx@lemmy.world 3 points 1 day ago (1 children)

On my android the 5-tap activates SoS mode. Holding power for a moment gives the power off and lockdown option, as does pressing power+volup simultaneously. Power+voldown appears to be screenshot.

Most of these options will still keep the phone "active" though so I'm not sure about USB based hacks. If encryption is enabled I believe that forcing a reboot/shutdown means the data on the phone isn't accessible until after unlocking via PIN/password on boot.

[–] boonhet@sopuli.xyz 1 points 1 day ago

Oh yeah, so basically this will only protect from the police forcing you to look at your phone or touch the fingerprint sensor. It doesn't actually reset to BFU so you do indeed have to shut it down fully to be more protected. I probably should've mentioned that in my previous comment

[–] anakin78z@lemmy.world 1 points 1 day ago

Thanks, I actually didn't know about that. I had to enable it in settings for it to show up.

load more comments (2 replies)
[–] halcyoncmdr@piefed.social 58 points 2 days ago (2 children)

A reminder if you restart your phone biometrics don't work until you unlock it once with your code.

If you're about to deal with police, turn off or restart your phone so it resets to a Before First Unlock state where your information is encrypted and biometrics do not work.

If your phone allows you to set an automatic restart, set that up.

GrapheneOS by default automatically reboots after 18 hours of not being successfully unlocked. Devices in the Before First Unlock state are effectively not able to be accessed by standard law enforcement solutions. It also lets you set a duress password that will immediately make the storage contents permanently inaccessible, delete the eSIM, and power off the device.

[–] stoy@lemmy.zip 17 points 1 day ago (6 children)

If you press the lock button on your iPhone several times in a row, it will force the entry of a pin next time it starts.

Test it out, and learn how to do it quickly if the popo comes for you.

[–] psoul@lemmy.world 7 points 1 day ago* (last edited 1 day ago) (1 children)

iPhone users: Hold power and either volume up or down button for two seconds It will lock and ask for your pin, regardless if you shut down the phone or not.

Learn how to do it quickly and blindly, with your phone in your pocket.

[–] SkunkWorkz@lemmy.world 4 points 1 day ago* (last edited 1 day ago)

Also change the passcode type to alphanumeric even if you just use numbers. Makes it impossible for them to unlock it with that Mosad software.

[–] lauha@lemmy.world 5 points 1 day ago* (last edited 1 day ago) (1 children)

On my pixel I can just hold the power button and click "Lockdown" on the menu and it will force the code

[–] Zak@lemmy.world 5 points 1 day ago (1 children)

I don't like this because it's hard to do quickly without being obvious.

[–] lauha@lemmy.world 1 points 1 day ago (1 children)

Do it very obviously as a fuck you instead

[–] Zak@lemmy.world 6 points 1 day ago

If it's obvious and slow, which it is, someone might be able to physically intervene to stop you.

load more comments (4 replies)
[–] ugo@feddit.it 7 points 1 day ago (1 children)

Good recommendations. Unfortunately the claim that phones in a BFU state are effectively inaccessible is not entirely true.

It’s more difficult than the alternative, but it’s possible in many cases. If law enforcement has your device, assume they can access to everything on it. Oftentimes even things that were deleted.

[–] ayyy@sh.itjust.works 1 points 1 day ago (2 children)

Got any examples? Apple has won in court and the feds got all butthurt because they couldn’t unlock phones that they wanted to access.

[–] ahetek@lemmings.world 5 points 1 day ago (1 children)

And then... Few weeks later unknown company from Israel did give an access to this Apple phone. Think just how was it possible 🤣 One suggestion, Apple makes always great PR.

load more comments (1 replies)
[–] ugo@feddit.it 1 points 1 day ago

I’m not sure about apple, but BFU access on some / many android devices is possible

[–] who@feddit.org 64 points 2 days ago* (last edited 2 days ago) (1 children)

explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it.

In other words, physical assault.

[–] FishFace@piefed.social 12 points 1 day ago (4 children)

Legitimate law enforcement does every day what would be assault by anyone else. This isn't wrong because it's touching people, it's wrong because the law enforcement agencies are illegitimate, so all uses of their power are illegitimate.

load more comments (4 replies)
[–] lka1988@sh.itjust.works 20 points 2 days ago* (last edited 2 days ago) (5 children)

Find your device's "lockdown" feature (disables fingerprint/face entry) and enable that in any potentially sketchy situation.

I don't know how to trigger it on iOS, but my Pixel has the "lockdown" mode option on the same window as "shutdown" and "reboot", which can be accessed at any time by briefly holding the power button.

[–] overthere@lemmy.dbzer0.com 9 points 2 days ago* (last edited 2 days ago) (1 children)

On iOS, you can press the power button five times in a row or hold the power button and volume up button together. Either one of those disables biometric login.

Of course, you need to know that you need to do that and have the chance to do so.

load more comments (1 replies)
load more comments (4 replies)
[–] Perspectivist@feddit.uk 5 points 1 day ago (1 children)

Handing out my fingerprint to a tech company has seemed like a really bad idea ever since that tech was introduced to smartphones. Never used it myself. I've just stuck to the pattern lock instead. And don't even get me started on FaceID.

[–] sp3ctr4l@lemmy.dbzer0.com 8 points 1 day ago* (last edited 1 day ago) (1 children)

Tiktok's new TOS explicitly states that by using the platform, you grant them a permanent liscense to use your face, your voice, etc, for anything they want.

Training LLM models, selling your biometric data to anybody, anything.

People were right that its a form of invasive spyware, all corpo social media apps are, including dating apps obviously.

But uh, its 'ours' now, its our 'panopticon in your pocket' killer app, so... now its good or something.

[–] azureskypirate@lemmy.zip 2 points 1 day ago (1 children)

Thank you, I'm so glad I left tiktok a while ago

Side note, creating a bitmoji on Snapchat grants them rights to your likeness and image

[–] sp3ctr4l@lemmy.dbzer0.com 2 points 1 day ago

Your first sentence:

Oh, wonderful!

Your second sentence:

Oh, wonderful.

Yeah uh, use signal, everything else is fucked.

It's pretty much that simple, as far as messaging apps go.

[–] nulluser@lemmy.world 1 points 1 day ago

https://archive.ph/JLpzz

[–] Thedogdrinkscoffee@lemmy.ca 10 points 2 days ago (3 children)

Biometrics are a username, not a password.

[–] dan@upvote.au 4 points 1 day ago

Except passkeys are replacing passwords, and a lot of people use their fingerprint as the passkey. It's nowhere near as common to use a physical key like a Yubikey.

load more comments (2 replies)
[–] cyberpunk007@lemmy.ca 7 points 1 day ago

Ya that's great but also if you power off you phone, you can't use biometrics once it boots up for the first unlock. If you have time to shut it off first, that is.

[–] CorrectAlias@piefed.blahaj.zone 4 points 1 day ago

Graphene can do two factor unlock which is nice.

load more comments
view more: next ›