- cross-posted to:
- memes@lemmy.world
- cross-posted to:
- memes@lemmy.world
In light of recent ICE/DHS shenanigans in the US
- Most people lock their phones with biometrics which can be legally compelled from you. - If you use a password you can refuse to provide it. - If you’re living in a world where the police are willing to literally drug and torture you then your digital security requirements are beyond the scope of what you can get from social media and you should assume that everything you do is publicly known. - Both iPhone and Android have ways to disable biometrics until the next unlock via password/code. - Iirc, on iPhone, it was pushing the power button 5 (or 7?) times. On Android, long press the power button and select “lock”. - deleted by creator - Is it possible to setup this way;: - One password gets into your first profile that is protected with a
- Duress passcode
- 2nd password/just fingerprint gets you into a 2nd profile, that is, everything you don’t care about…
 - I haven’t tried graphene but thinking about it now… - deleted by creator 
 
 
- Press the power button and one of the volume buttons for 3 seconds. 
 
- I use biometrics for apps and such, but not my phone. Having worked apple support, the number of people who only used their fingerprint and their phone was restarted for whatever reason leading them to have to know their password, which they forgot… is numerous. - I suppose this is why Android occasionally refuses to take your fingerprint and says “for your security, enter your password.” - iOS does this as well so I have no idea how people manage to forget their passcodes 
- My phone says that’s a 3 day timer 
 
 
 
- deleted by creator - They have access to it if they threaten/indimidate/blackmail you into giving them access. Dummy phones are a real thing; saw a post today on masto by a company… person (?) who said they keep a stash of clean burner phones for when employees travel through US borders. These are all reasonable, and maybe even CalyxOS’s decoy partition (does it still have that?). The larger problem is that few people will use these things, not even bringing a clean phone. And once they start threatening your family and your long-term safety and freedom, it’s highly likely you’ll give them access, if they know there is any access to be had. Which they increasingly do, because universal surveillance blah blah. - deleted by creator - The NSA doesn’t generally give access to agencies on the ground like that - at most they flag individuals in the interdepartmental system, they don’t hand over what they have easily - But, if you have physical access to a device, there’s always a way in. Border control or a police department can buy tools to do it or hire contractors - deleted by creator - Rather than locked down, they’re basically a black box - I think they have their own firmware and hook into the OS and hardware in weird ways (part of the reason why Linux phones are so difficult to make work) - If the NSA wants to ping your phone location or even turn on the microphone, they can, supposedly even when the phone is “off”. If they want to side channel load in a rootkit, they probably can - But NSA surveillance comes in two main flavors - broad and focused. If they think you’re a terrorist or of strategic interest, there’s a lot they can do… But that means actual humans are interested in you, personally. - But for everyone else, they’re not going to sift through ten million phone storages - that’s way too much data to be useful, and they already have long collected way more than they could make use of. The broad stuff is about flagging people - the most effective is to look at networks of people. If you have connections to a terrorist, you’re a potential part of the network, and so you’ll be flagged as more interesting. I’ve heard rumors that certain keywords might be flagged on calls too, who knows. Too many flags and they might devote some man hours to looking into you personally - But generally, they’re very protective of their tech. They don’t use the good stuff widely, because it’s not useful, and it increases the chance for discovery and countermeasures. My understanding is they won’t share their surveillance systems either - they might put notes or flags on shared LEO systems or tip someone off, but they really, really, like to play it close to the vest. Even with other 3 letter agencies - So yes, this possibility exists - especially with llms to help filter through this information ocean - but there’s no shot they’re sharing capabilities with border control agents - deleted by creator - I mean, yes and no. They just capture device info for a location, which can often be tied back to a person, but they just grab the info the phone sends to the tower. These days with Bluetooth and Wi-Fi you can even do something similar with just your phone - I don’t love that it exists for obvious reasons, but it’s a far cry from looking through your phone - I mean, the cell providers already sell your location info to anyone (including LEO, which is unconstitutional without a warrant as far as I’m concerned), as can Google, apple, and all sorts of apps - so this is a niche thing - FWIW, you can defeat that pretty simply… Just leave your phone behind and/or in a faraday pouch. No signal, no signature, no location data (from your phone at least). It won’t necessarily stop the NSA, but it’ll protect you in a protest where your just another face in the crowd 
 
 
 
 
 
 
- and your google searches plus dns queries. - You all don’t encrypt your DNS? - DNS over TLS and similar are only encrypted to the first (local) DNS provider, and of course that provider knows the query as well. - It protects against 3rd-party eavesdroppers between you and your primary DNS provider, but does nothing for privacy beyond that. - ODOH could help - Not really, no 
 
 
- deleted by creator 
 
 
 
- I have a phone running GrapheneOS. What would happen if I gave them my duress PIN at the US border when compelled to do so? If entered, the duress PIN will immediately wipe the phone. - In a fair judicial system, they will protect you if you have nothing to be guilty of. Also on the other hand, if they have a judicial warrent for your phone, then it’ll be a crime to not produce it, or destroy it. - In a country with a lawless system, and this is a real story btw that happened to my friend: The ones with deleted whatsapp conversation or “lost phones” recived 10+ years extra while his peers who committed the same exact crime in the same group but opened their phones recieved 2 years. I myself have read the prosecution case papers where the judge added the crime of them deleting whatsapp conversations, and formatting or destroying phones. 
- If you’re not a citizen my absolutely uneducated answer would be: if you were suspected of having done anything like that you would be detained for tampering with evidence - because they would now detain you for tampering with evidence. I would have said this wouldn’t have been a huge issue before, they wouldn’t have anything to hold you on after that, but that is certainly not true now. 
 
- I’m not encrypting my stuff because of people who can legally punch me in the face if I don’t comply. I’m encrypting them against some dude who steals my backpack when I’m commuting. - I’m not saying that all authorities are great but if your biggest risk is your local authorities, you need to change something in your life. Possibly your place of residency. - And for the millions of people who can’t? 
- Yes that’s the summery of it 
 
- Law enforcement have tools that crack both Android and Apple phones en seconds. - Usually they just get an unencrypted backup from the cloud. 
 







