In light of recent ICE/DHS shenanigans in the US
Most people lock their phones with biometrics which can be legally compelled from you.
If you use a password you can refuse to provide it.
If you’re living in a world where the police are willing to literally drug and torture you then your digital security requirements are beyond the scope of what you can get from social media and you should assume that everything you do is publicly known.
Both iPhone and Android have ways to disable biometrics until the next unlock via password/code.
Iirc, on iPhone, it was pushing the power button 5 (or 7?) times. On Android, long press the power button and select “lock”.
I configured my Graphene OS to require both fingerprint and passcode to unlock. I also have a “duress passcode” that I can input to wipe the device.
Is it possible to setup this way;:
- One password gets into your first profile that is protected with a
- Duress passcode
- 2nd password/just fingerprint gets you into a 2nd profile, that is, everything you don’t care about…
I haven’t tried graphene but thinking about it now…
I have a 2nd profile for all the KYC stuff that I need.
Press the power button and one of the volume buttons for 3 seconds.
I use biometrics for apps and such, but not my phone. Having worked apple support, the number of people who only used their fingerprint and their phone was restarted for whatever reason leading them to have to know their password, which they forgot… is numerous.
I suppose this is why Android occasionally refuses to take your fingerprint and says “for your security, enter your password.”
iOS does this as well so I have no idea how people manage to forget their passcodes
My phone says that’s a 3 day timer
so… dummy phone? even before that, don’t they have access to your cloud stuff?
They have access to it if they threaten/indimidate/blackmail you into giving them access. Dummy phones are a real thing; saw a post today on masto by a company… person (?) who said they keep a stash of clean burner phones for when employees travel through US borders. These are all reasonable, and maybe even CalyxOS’s decoy partition (does it still have that?). The larger problem is that few people will use these things, not even bringing a clean phone. And once they start threatening your family and your long-term safety and freedom, it’s highly likely you’ll give them access, if they know there is any access to be had. Which they increasingly do, because universal surveillance blah blah.
i meant more with nsa type surveillance, they pretty much have a little leg on every us corporation. it seems they really want to start utilizing that data more against its own populace now.
also they have cyberweapons that can exploit their way inside most common phones anyway.
and your google searches plus dns queries.
You all don’t encrypt your DNS?
DNS over TLS and similar are only encrypted to the first (local) DNS provider, and of course that provider knows the query as well.
It protects against 3rd-party eavesdroppers between you and your primary DNS provider, but does nothing for privacy beyond that.
ODOH could help
Not really, no
No. I don’t think the queries from a recursive can be encrypted. Can they?
in the likely scenario people are using google or cloudflare dns, which is what usually comes by default, i don’t think it matters.
I’m not encrypting my stuff because of people who can legally punch me in the face if I don’t comply. I’m encrypting them against some dude who steals my backpack when I’m commuting.
I’m not saying that all authorities are great but if your biggest risk is your local authorities, you need to change something in your life. Possibly your place of residency.
And for the millions of people who can’t?
Yes that’s the summery of it
I have a phone running GrapheneOS. What would happen if I gave them my duress PIN at the US border when compelled to do so? If entered, the duress PIN will immediately wipe the phone.
In a fair judicial system, they will protect you if you have nothing to be guilty of. Also on the other hand, if they have a judicial warrent for your phone, then it’ll be a crime to not produce it, or destroy it.
In a country with a lawless system, and this is a real story btw that happened to my friend: The ones with deleted whatsapp conversation or “lost phones” recived 10+ years extra while his peers who committed the same exact crime in the same group but opened their phones recieved 2 years. I myself have read the prosecution case papers where the judge added the crime of them deleting whatsapp conversations, and formatting or destroying phones.
If you’re not a citizen my absolutely uneducated answer would be: if you were suspected of having done anything like that you would be detained for tampering with evidence - because they would now detain you for tampering with evidence. I would have said this wouldn’t have been a huge issue before, they wouldn’t have anything to hold you on after that, but that is certainly not true now.
Law enforcement have tools that crack both Android and Apple phones en seconds.
Usually they just get an unencrypted backup from the cloud.
