Conversation

Notices

1. Embed this notice
   DDRitter 🏳️‍🌈🎗️🇵🇸 (ddritter@paquita.masto.host)'s status on Saturday, 20-Apr-2024 05:34:51 JST DDRitter 🏳️‍🌈🎗️🇵🇸

   • emilygorcenski

   @emilygorcenski Thank the gods I don't live in that forsaken country. 😱

   • Embed this notice
     Mutesplash (mutesplash@uncontrollablegas.com)'s status on Saturday, 20-Apr-2024 06:10:13 JST Mutesplash

     • emilygorcenski

     @emilygorcenski Then they shoulder surf the pin or the password which is input at a higher frequency since turning those off?

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Tuesday, 23-Apr-2024 17:10:13 JST ⦺ irick 🐁🐈⚩

     • emilygorcenski

     @emilygorcenski
     Most custom roms have a panic switch option that lets you turn your phone off from the shortcut menu. Turning your phone off forces it to require your password to unlock the first time.

     We had mostly anticipated this ruling.

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 07:25:10 JST ⦺ irick 🐁🐈⚩

     • emilygorcenski

     @emilygorcenski
     O_o
     I mean we developed these tools specifically to protect protesters against extrajudicial abuse but go off I suppose?
     People really do be unable to hold the power button these days, damn.

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 16:06:00 JST ⦺ irick 🐁🐈⚩

     in reply to

     • emilygorcenski

     @emilygorcenski
     "Don't use quality of life features, they are insecure." Isn't bad opsec, but it is bad general advice because people are going to use those features anyway. Unless you are enforcing that protocol with some form of mobile device management software, it is always better to meet the user where they live and instead highlight the safety features but into the quality of life features they are already using.

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 16:06:05 JST ⦺ irick 🐁🐈⚩

     in reply to

     • emilygorcenski

     @emilygorcenski
     Likewise, it is reasonable for someone who is specifically targeted by law enforcement to not carry a smart phone at all. We meet people where they live, because people have various risk profiles and various risk tolerances.

     (cont)

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 16:06:09 JST ⦺ irick 🐁🐈⚩

     • emilygorcenski

     @emilygorcenski
     Risks are never mitigated. They are managed.
     You manage risk based on a risk profile. That risk profile gives you an idea of reasonable precautions. E.g. it is reasonable for someone who has infrequent contact with adversarial actors to keep in mind their quality of life features such as biometric login can be over-ridden by rebooting their phone when they may have need to temporarily increase their security.

     (Cont.)

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 17:41:25 JST ⦺ irick 🐁🐈⚩

     • emilygorcenski

     @emilygorcenski
     If your phone is not on your person, then it is likely going to require a warrant to retrieve.

     This particular ruling is only useful for a warrantless random stop and frisk scenario. It enables the officer to open the phone with your biometrics. If the police have a warrant it does not matter if you are using biometric unlock or not, you can be compelled to unlock your phone.

     (Cont)

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 17:49:22 JST ⦺ irick 🐁🐈⚩

     in reply to

     • emilygorcenski

     @emilygorcenski
     While you can not be forced to provide a password without a warrant, your phone actually doesn't care. It stores the encryption key in memory in order to facilitate features such as always on notifications, and the unlock screen merely provides one way to access it. We already know that PDs use automatic unlocking devices that bypass the unlock screen to get at phones that come in powered.

     The only way to prevent someone from being able to get into your phone is to turn it off.

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 18:09:33 JST ⦺ irick 🐁🐈⚩

     in reply to

     • emilygorcenski

     @emilygorcenski
     The tldr is, turn your phone off before interacting with police if you don't want them having access to it.

     Otherwise, live streaming is a good option for accountability.

   • Embed this notice
     ⦺ irick 🐁🐈⚩ (irick@this.mouse.rocks)'s status on Wednesday, 24-Apr-2024 18:09:34 JST ⦺ irick 🐁🐈⚩

     • emilygorcenski

     @emilygorcenski
     It's about either or not your device is in an After First Boot state or not. Android and iOS both have access to your files when your phone is in a running system your lock screen is just a method of preventing the screen from being accessed. Something that uses direct memory access can entirely bypass your password and just make use of the OS's access (easy) or even make use of the cached encryption key to dump the whole unencrypted disk image (hard).
     https://securephones.io/main.pdf