Conversation

Notices

1. Embed this notice
   Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 04:02:02 JST Håkan Geijer

   Every time I log into Fedi, I see another post with a guide called something like "Activist's Guide to Smartphones" or "Phone Security Guide for Protesters," and every single one of these assumes that the threat model is the kind of police force that exists under liberal democracy where legal protections will afford significant protections. The world is changing, and these guides not only fail to address the threat of an actively hostile fascistic anti-democratic occupying force (I refer here to the police), but such guides generally are limited to "what" and "how" but not miss the more critical "why."

   If you believe that you are facing fascism (or even something close to it), can I please please please convince you to read something written by anarchists who have faced serious repression and are trying to convey just how much phones can lead to the imprisonment of you and your friends for even things that are allegedly "legal."

   https://opsec.riotmedicine.net/downloads#mobile-phone-security

   • Embed this notice
     jhavok (jhavok@mastodon.social)'s status on Sunday, 26-Jan-2025 05:10:35 JST jhavok

     in reply to

     @hakan_geijer Buy a road atlas to travel to demonstrations instead of using your phone to navigate.

   • Embed this notice
     Qybat (qybat@batchats.net)'s status on Sunday, 26-Jan-2025 06:27:12 JST Qybat

     in reply to

     @hakan_geijer I know enough tech to say that there is one fundamental rule of avoiding surveillance on your phone: Don't. There are too many different ways it can be compromised, if you are a person of sufficient importance that someone in government actually cares to try. If you want secure communications, the first rule is to get a Real Computer which runs a software environment you and you alone can control.

   • Embed this notice
     Hard Left News (hardleft@mastodon.social)'s status on Sunday, 26-Jan-2025 06:40:09 JST Hard Left News

     in reply to

     @hakan_geijer and with the techbroligarchy showing their true colors, a lot of these lower risk profile options are outdated. Most important are the tools of assessing risks & staying disciplined. We're not going to get press releases telling us when to be more careful.

   • Embed this notice
     rzeta0 (rzeta0@mastodon.social)'s status on Sunday, 26-Jan-2025 08:02:52 JST rzeta0

     in reply to

     @hakan_geijer

     I'm not an expert but I've always thought things like consumer VPNs, password management software and anti-virus software as increasing your risk, not decreasing it.

     The central point is they aggregate your information into the hands of one agent, and agent you don't know - making it easier for them, or those that attack them to get at your data.

     This is a question - I'd welcome comments.

   • Embed this notice
     Chris Real (_chris_real@kolektiva.social)'s status on Sunday, 26-Jan-2025 08:32:22 JST Chris Real

     in reply to

     @hakan_geijer

     Nothing said on surveilled social media is meaningful. The more bold and defying, the more subject to corruption and coopting.

     The revolution will not be televised. Or elevated by the status quo. Or given the win by the referee.

     And the pundits will bicker with the winners. Because that's their bread and butter.

   • Embed this notice
     rzeta0 (rzeta0@mastodon.social)'s status on Sunday, 26-Jan-2025 08:39:32 JST rzeta0

     @hakan_geijer

     Thanks for taking the time to reply. I have two follow on questions if you or anyone else has the patience to reply.

     1. All your passwords in one online service means adversaries (eg the state) have only one place to get your passwords. Perhaps this comes down to threat model as you say

     2. Isn't Tor a massive honeypot? It emerged from the US military. If it truly is as effective as people say it is, then it would already be banned already, surely?

   • Embed this notice
     Chris Real (_chris_real@kolektiva.social)'s status on Sunday, 26-Jan-2025 10:30:08 JST Chris Real

     @hakan_geijer

     "Real life" means actions that have consequences.

     Opinions on social media are the result of moderators, who monetize the drama of conflict.

     Nahhh . . . it's play-acting without consequences. "Social media is reality" is a selling-point for advertisers. Actions have consequences, not content in a medium controlled by algorithms.

   • Embed this notice
     undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Sunday, 26-Jan-2025 13:00:16 JST undead enby of the apocalypse

     • rzeta0

     @hakan_geijer @rzeta0 one thing I’ve been thinking about a lot, pen and paper might actually be a lot less secure when a significant threat is house searches by cops and stuff like that, since you can’t really encrypt it. (But also, paper can’t be hacked, paper doesn’t track your location and stuff)

   • Embed this notice
     undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Sunday, 26-Jan-2025 13:04:02 JST undead enby of the apocalypse

     • rzeta0

     @hakan_geijer @rzeta0 what about keepassxc?

   • Embed this notice
     Ozzie D, NP-hard :bikepump: :vegan: (ozdreaming@infosec.exchange)'s status on Sunday, 26-Jan-2025 16:24:12 JST Ozzie D, NP-hard :bikepump: :vegan:

     in reply to

     • MrTHF
     • Soatok

     @MrTHF SimpleX had a security design review last year (https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf), although I don't know if it addresses your concerns. And if you haven't already read them, @soatok looked at several messaging apps that get promoted as signal competitors:
     https://soatok.blog/encrypted-messaging-apps/
     (They're probably qualified to answer your questions if you wanted to hire them, but I don't know if they're taking clients.)

   • Embed this notice
     MrTHF (mrthf@ohai.social)'s status on Sunday, 26-Jan-2025 16:24:14 JST MrTHF

     in reply to

     @hakan_geijer I've read the entire English text & I wanted to consult some things

     Are you or do know someone qualified to check & compare decentralizable msg softwares like Matrix & SimpleX? I'm more interested in knowing the validity of "post quantum encryption" claims from SimpleX +possible backdoors, but I'm not tech savy

     Orbot & Riseup VPN would still be a good fit in a threat model that could include them?

     Not for comms, but are Tuta pqe and privacy claims also reliable, unlike Proton?

   • Embed this notice
     The Sleight Doctor 🃏🍉 (apostateenglishman@mastodon.world)'s status on Saturday, 08-Mar-2025 04:06:50 JST The Sleight Doctor 🃏🍉

     in reply to

     @hakan_geijer This a great guide, however, it's worth mentioning that if you're going to some protest or direct action, it's a good idea to buy an unregistered SIM and take a decoy handset with location settings turned off and a VPN turned on.

     You don't have to be a cybersecurity expert to just not use your everyday comms tech. Way easier and probably safer.