@naceugene
"Security Essentials"
- You should recommend FOSS options like KeyPass. And why Proton Pass at all given their current kerfuffle with supporting Trump?
- Brave with it's cryptoscam's and Brendan Eich's homophobia is hardly better than Mozilla
- Again, why Brave search and not DDG?
- Again, why Proton VPN for the same reasons?
"Prepare for a Protest"
- This sentence is misleading: "Disable GPS location tracking until home. (Airplane mode is not enough!)" Location tracking is not your biggest worry. Cell tower communications is. Airplane mode still leaks location data. Off is better. Off and in a faraday bay is better yet.
- In the section "Set your passcode to 10 or more random digits", your data makes no sense. 10-digit code is listed as 6 years. 2 diceware words is listed as 100+ years. The former is log2(10**10) = 33 bits of entropy. The latter is log2(7776**2) = 25. Something is off in how you calculated these. A source should be provided.
- Airplane mode section is equally misleading about tracking
- the "Signal Checklist" page 404s
- "Don’t share photos/videos with identifiable faces" is misleading as clothing, tattoos, and other visible features can get people arrested as well. This section needs serious elaboration.
- "Leave Signal groups that aren’t a part of this action" is unrealistic. It's correct to say that, but I cannot imagine anyone will actually do that unless they are part of very few groups and there are infrequent actions.
"Burner Phone" vs "Secondary Phone"
- Disagree that a secondary phone is a demo phone. There's threat modeling per individual here about whether the second phone should be for actions only or if it should be for organizing only (and not for actions). "reuse it over many actions" might suggest puttting all your organizing on to your secondary phone then bringing it to actions rather than for just *planning* them.
- "What data am I protecting?" needs to be split on secondary/burner/demo as it's not clear which phone offers what security properties
- This quote "You’re protecting not just yourself, but the people you’re organizing with who may be at higher risk than you because of their identity or circumstances (person of color, queer, trans, undocumented person, Arab/muslim)." and this one "You’re likely to be targeted by the cops based on identities you hold (person of color, queer, trans, documentation status, etc.)" belie the fact that cops *fucking hate anarchists* and they are highly targeted. I know it's popular to phrase it as you did, but that's not the most materialist of analyses. Just say "if you're highly targeted because of race, gender, or political activities." Because that's the actual criteria that matters.
- When you say "If you are already the target of state surveillance, it’s much less likely that they know about this secondary device (assuming you rarely use it)" you are blending secondary/burner. If you secondary is almost always at your home or paid with your bank card, then they very likely know it's you. This is not a reliable diversion and should be called out as such. Plus, if they raid your flat, they're going to find it.
- "Setup Guide" needs to be split into secondary/burner
- With how much data is collected and resold, I disagree that Tracphone is worth it. I would consider this to be a security risk for tracking even if it's cheap.
- You don't mention GrapheneOS at all. You should at least note this.
- The setup guide doesn't mention leaving all electronics at home while procuring the burner items.
- "Option 2: Migrate your existing account to this new number temporarily" completely undoes a huge amount of the security benefits of a seconday/burner phone. This should be removed.
"Action Research & Scouting"
- "Take scouting photos/videos directly in the Signal camera" I don't know what things you're scouting, but I would *never* suggest bringing a phone for scouting.
"DA Organizing"
- "Use Signal for secure texts/calls for action organizing" I think you're mixing protests and DA because, and maybe it's just my experiences, but we absolutely do not have phones involved in any stages of DA *at all* so 🤷
- "Use CryptPad for document collaboration related to the action/protest" Again, maybe we're talking about different actions, but for spicy things, we only do pen/paper.
- Don't recommend Proton Docs. They collaborate with cops.
- Don't recommend Zoom as they also collaborate with cops
- "Avoid using the Signal desktop app" without clarifying threat models about phone trackability or security of a mobile OS vs desktop OS amounts to FUD
- "Use VeraCrypt to create a secure folders on your computer" does not mesh with you saying not Signal. If someone hacks your laptop (spyware, trojan) then they will just wait for you to type your password.
Håkan Geijer
ch0ccyra1n
Nathan A. Stine
JamieGC 🏴 🏳️🌈 🖖
Erik van Straten
Karl Auerbach
blanknight
Erik Play2Learn
Claudius Link
All GNU social JP content and data are available under the