• Sarcasmo220@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    8 hours ago

    When I go to a protest with friends/family we leave our phones at home and then use basic walkie talkies. It’s open channel, so no privacy, but the main goal is to just communicate basics like “I’m safe.” We predetermine a couple of locations to meet up at if things get rough and we’re separated.

  • tired_n_bored@lemmy.world
    link
    fedilink
    arrow-up
    34
    ·
    2 days ago

    At protests you should not bring your smartphone but instead rely on anonymous drvices such as Meshtastic.

    If you want to bring your smartphone to a protest, set Airplane mode and communicate with others through Bluetooth or WiFi networks using Briar or Bitchat

      • tired_n_bored@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        1 day ago

        May I ask you how? Or if you have more info? No criticism here, honest question. Afaik the only way to do that would be to fingerprint a behavioural pattern, which albeit possible is surely more secure than cell communication.

        • lemming741@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 day ago

          The “find my” networks still function with randomized macs and “fully” powered down devices

    • mesa@piefed.social
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 day ago

      Meshtastic with 3 jumps would be stretching for actual communication. Plus Bluetooth is even worse for security. Direct connection might be a better way to use the device.

      I’ve had meshtastic for about 2 ish years now and its still being worked on.

      • tired_n_bored@lemmy.world
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        1 day ago

        What is unsafe about cell communication is that there is virtually no way to prevent being tracked. Bluetooth is not necessarily more secure but has several advantages:

        1. Its Mac address can be easily changed. With a fake Mac address it’s more difficult to track someone down, albeit it needs some “technical skills” (going in the developer settings)
        2. With these apps communication is encrypted by default unlike cell tower communication
        3. The range is limited. If police listens over Bluetooth they’ll be able to track less people down
    • folaht@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 day ago

      It’s amazing how many times I saw this knowledge being spread, together with thousands of umbrellas and hard hats during the Hong Kong riots from day one with “Hong Kong, add oil” as their first slogan combined with very mild mannered arguments (we don’t know if it could lead to more serious things) against the extradition law which was supposed to affect maybe half a dozen people per decade, all serious criminals. A law almost every country has on earth that the US used against the daughter of the owner of one of the largest companies in the world, for the flimsiest of reasons, in contrast to the walled-off-to-arrest-one-particular-teen-girl-axe-murderer-to-be-shipped-to-Taiwan-law Hong Kong tried to implement.

      How many people have been affected by the Alien Enemies Act again?

      And how did the The protests were call “No kings” remember that? Remember that it was called NO KINGS “Unbiased. Straight. Facts” SAN? Do you remember that? No? Okay, well… “anti-ICE” it is protests go?

      Because apart from the shocker that you were being surveilled, I think the protests needed a little bit less “Zero demands, not one more” chants and a little more ‘We demand and protest until we win and get what we want’ kind of thing.

      • lepinkainen@lemmy.world
        link
        fedilink
        arrow-up
        14
        arrow-down
        1
        ·
        1 day ago

        Not at the same scale as mobile traffic

        Bluetooth by definition doesn’t go much past 10-20 meters

      • mesa@piefed.social
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 day ago

        Super easy. You can also do basic triangulation with some specialty hardware.

        • tired_n_bored@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          1 day ago

          But we’re talking about a protest where bad actors (the police) just want the names of its attendants. Our phones scream to everyone “I am [name surname] and I am here!”. Bluetooth instead says the same but with a lower tone of voice, so less people can listen. Also, with little configuration you can instruct it not to broadcast its identifier.

  • djsoren19@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 day ago

    This is exactly why I was railing against some of the earlier protests which featured politicians openly asking protestors to take out their phones and send texts to opt-in for fundraisers. Besides all the obvious bullshit, it put those protestors who didn’t know better at serious risk.

    Thankfully, I haven’t seen too much of that at the protests I’ve been to recently, but this is a good reminder that we have to keep educating people to leave their phone at home.

    • IttihadChe@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 hours ago

      Wait politicians were telling people to take their phones and opt-in for fundraisers? I never saw this, what was the reasoning besides “give us money pls”???

  • ssillyssadass@lemmy.world
    link
    fedilink
    arrow-up
    24
    ·
    2 days ago

    Yeah, if you go protest you should leave your tracking device at home or, even better, with a friend or relative who you know will not be there. The US government doesn’t require subcutaneous tracking chips (yet), you can put yours away.

      • Nalivai@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        33
        ·
        2 days ago

        Cops use devices to pretend to be a celltower, so your phone connects to it, and then they use it to spy on you. Rayhunter looks for this behaviour and warns you if it detects a suspicious tower that behaves like cops pretending to be a tower.

        • egrets@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          2 days ago

          What do you do if it comes up positive? Presumably if you know it’s a risk, you’d leave your phone in airplane mode or at home, and if you know it’s happening you’ve already been recorded?

  • plz1@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    2 days ago

    I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?

    • einkorn@feddit.org
      link
      fedilink
      arrow-up
      18
      ·
      2 days ago

      I assume it’s the same as the Internet (or more specifically HTTP): It wasn’t designed with security in mind.

      Unlike HTTP, for some reason it wasn’t included in a new specification, though. My guess is that’s because of the more centralized nature of cellular networks. The barrier for entry is a lot higher as well so there are few but big players who have little incentive to improve over the bare minimum.

      IIRC encryption was initially proposed to be part of 5G but got shot down in the process.

      • theshatterstone54@feddit.uk
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        2 days ago

        Wait, 5G isn’t encrypted? I think it does have some protections still. I mean, not that it would matter to me, they only use NR-NSA in my country so it isn’t even full 5G with all its advantages.

        At the risk of sounding like an AI-generated ad, I use an app called Privacy Cell on Fdroid, that confirmed there is no true 5G anywhere in my country. I just wish there was a way to differentiate between the two versions of 5G natively, kinda like 4G-LTE showing up as LTE instead of just 4G.

        • mkwt@lemmy.world
          link
          fedilink
          arrow-up
          4
          ·
          1 day ago

          Encrypted data channels can still be vulnerable to man in the middle attacks. Like when you connect to an unknown host with SSH, and the client pops up a big warning.

          In this case, ICE or whomever sets up a “valid” cell tower that your phone connects to, and they (law enforcement) route your packets onto the rest of the Internet. They can decrypt the 5G data, and see all of the IP headers. They can’t necessarily read the TLS traffic, such as https. But most important of all, they can log all of the IMEIs that connect, which effectively gives them a database of all of the protestors.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 day ago

      I don’t know the specific methods, but 3G, 4G and 5G do authenticate bidirectionaly, just 2G doesn’t, partially why Android now has “Disable 2G” toggle.
      Also probably why they said they can downgrade you to 2G to intercept communication.

      What’s happening here is probably similar to anyone being able to send Wi-Fi deauthentification frame to your device to disconnect you. Unless you’re using WPA3.

    • utopiah@lemmy.ml
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      2 days ago

      why cell phones don’t authenticate the towers they connect to.

      I believe it’s because they assume it’s not necessary because it was until now

      • prohibitively expensive, but now a “tower” is less than 2k EUR e.g. https://www.crowdsupply.com/ukama/ukama
      • prohibitively complex, see above, namely you don’t need to be a TelCo engineer to get it going
      • probably illegal, namely you needed (and I bet still need in most places) wireless band allocation before you could deploy anything

      … so I imagine there was no authentication because there was no practical threat beside so “fun” examples in CCC or DEF Con.

      • mkwt@lemmy.world
        link
        fedilink
        arrow-up
        4
        ·
        1 day ago

        The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.

        On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.

    • lauha@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      2 days ago

      Even if they did, I don’t see government having trouble getting a proper authentication key.

    • eleitl@lemmy.zip
      link
      fedilink
      arrow-up
      2
      ·
      1 day ago

      IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.

      • plz1@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 day ago

        Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.

        • eleitl@lemmy.zip
          link
          fedilink
          arrow-up
          2
          ·
          16 hours ago

          Think long term movement patterns, correlations with others such, anomaly detection.

  • Em Adespoton@lemmy.ca
    link
    fedilink
    arrow-up
    9
    ·
    2 days ago

    Those circumstances include immediate threats to national security and situations where a person is in danger of death or serious injury.

    Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.