Your phone is one of the most critical components of your digital ecosystem. Phones are essential to communication, strategizing, and community organizing. Most people around the world communicate primarily through their mobile phone, followed by their computers and tablets. However, for these very reasons, governments and corporations throughout the world use data collected through our phones to perform extensive surveillance.
As useful as it is, it is better for you to think about your phone less like an assistant and more like a frenemy. Your phone in the wrong hands can be a portal to serious violations of your privacy and security. Below is a graphic that shares all the different ways your phone collects and shares your personal data with cell phone service providers and phone manufacturers. This vulnerability may allow governments and hackers to access information about your physical location at any time, even when it’s turned off.
Today, law enforcement agencies use technology that provide police with data about the identity, activity, and location of any phone that connects to targeted cell phone towers over a set span of time. A typical broad data search covers multiple towers and wireless providers and can net information from thousands of phones—without the need for warrants.1
Organizations such as the American Civil Liberties Union (ACLU) and Electronic Privacy Information Center (EPIC), say that the power of even small-town police departments to quickly obtain cell phone data results in the erosion of privacy and the violation of Fourth Amendment protections against unreasonable search and seizure. But thanks to a unanimous Supreme Court decision in Riley v. California, this practice is now officially legal.2
In extreme circumstances, to prevent all tracking of your location from your phone the best option is to leave your phone at home. If that is not an option then shut the phone down and remove the battery. This is the easiest way to ensure that you can't be tracked,but it comes at the price of not being able to use your phone at all. If you need access to any data on your phone, back it up to a notebook or a computer before you power down your device.
If your phone’s battery cannot be removed, another option is using a Faraday Bag. A Faraday bag is a bag which blocks the transmision of electronic fields.3 Not all faraday bags are created equal and in order to use a faraday bag effectively you should test the bag. You want to confirm that, at a minimum, cell and GPS services are blocked.
To begin testing place the phone as close as you can to your router. If your phone does not receive the texts then the faraday bag is effectively blocking your cell transmissions. Do the same by testing a GPS enable application. If you find that the phone is blocking that as well then the bag is working. If you are unsure about how to do this process please work with a digital security professional as you do not want to risk being wrong. before putting the bag to use in everyday life.4
In addition to these scenarios, we face threats of information leaks during the everyday use of our phones. There are several simple safe practices that can be adopted to keep ourselves and our information safe. In the following section, we will explore a few of them.
If your phone uses a SIM card, you can set a lock on the card so it cannot be used by anyone who does not know the code. If your SIM is stolen, this measure can protect your identity.
We recommended setting your phone by using the PIN or password option to secure who can enter your phone. A PIN or password offers more protection then fingerprint ID's against law enforcement or theives. More sophisticated law enforcement agencies now have access to technology that will exhaustively try every single digit combination of a numeric password, until a match is found. In order to mitigate these automated law enforcement tools, it’s best to use an alphanumeric pin if you think your phone will be seized at a checkpoint or demonstration. A good PIN/PASSWORD would be at least six alphanumeric characters long and does not use any of the following items:
Once you have set your PIN/Password the next step is to activate your security lock timer. This determines the amount of time your phone will be open before the phone locks itself. You will vary this time based on the risk of your current activity. For maximum security, always choose the shortest possible time frame that suits you without becoming too taxing. You can always adapt your times to your activities as well. So if you use your phone for recipes keep security lock timer off, but then turn it back on when you resume regular activity. Use your risk assessment to figure out what makes the most sense for you.
With Androids, encrypting your phone is one of the best ways to protect your data if the device is ever stolen, seized, or confiscated. Encryption in the simplest of terms means the scrambling of data with complex math. The purpose of encryption is to ensure that only someone who is authorized to access your phone’s data will be able to read it using the decryption key.
When your phone is encrypted, its data is stored in an unreadable jumbled form. To If your phone is stolen, confiscated, or lost, this feature can protect data like your home address, email, bank accounts, communications, and other sensitive data because your phone cannot be used unless the encryption is unscambled by your PIN/Password.
When you enter your PIN or your pattern on the lock screen, your phone decrypts the data, making it understandable and accessible to you. Without the encryption PIN or password, a malicious actor can’t access your data. This is why Encryption is one of key building blocks of securing your phone.
Newer versions of Android (7.0 or higher) on more recent devices often have encryption enabled from the start, and only a pin code is required to enable it. To enable encryption on this, go to Settings → Security → Screen Lock and tap your current screen lock. From there, make sure “require PIN to start device” is turned on. You will then be asked for a your code every time you start up.
However, older or cheaper Android (6.0 or lower) devices requires a longer process to enable encryption. NOTE: Before starting the encryption process, ensure your phone is backed up, fully charged, and plugged into a power source. This ensures that the encrypting process is not interrupted. If it is interrupted, and your data is lost or damaged, you will have a backup of all of your data.
To begin encryption find out whether or not your Android has Encryption enabled. Some versions of Android come with Encryption already set up while others need to set it up manually. To discover where your phone is at please first visit Settings → Personal → Security → Encryption.
If Encryption is enabled it will say it here clearly. If not then your next step will require you to set a screen lock password (described above).
Once your PIN is selected make sure you phone is fully charged and backed up as you will not want to disturb the Encryption process. A back up also ensures that if anything goes wrong during encryption that your data is protected and your phone can be restored.
Once the phone is ready and plugged in, please begin by hitting Encrypt. The process should last anywhere from 30 min to a couple of hours.
We recommend keeping most networks turned off and only manually enabling them when necessary. One example is Bluetooth.
If your device supports Near Field Communication (NFC), it will be switched on by default and must be disabled manually.
Many people do not realize how much location information your phone is sharing with both phone manufactures and the companies who create the apps you use. One way to begin minimizing this information is to monitor and change your location settings on your phone. You can do this in your Android by going to the following settings.
Switch off wireless and GPS location (under Location Services) and mobile data (under Settings → Personal → Location)
You can hide your phone number from showing up to the person you are calling by adjusting this setting on your Android.5 However, you should note that your phone carrier and legal authorities will still have full access to logs showing who you called and when.
Go to Settings and then tap on Call → Additional Settings → Caller ID → Hide Number and it will be blocked.
To ensure that your phone remains secure, we strongly recommend you keep your phone and its software updated. These updates are crucial to keep the phone functioning and more importantly contain software patches to address the most recent malware threats. Keep in mind that before you update always always backup your data! There are two types of updates to check for:
Security needs can arise from simple scenarios. You might hand your phone to someone so they can make a call or look at a picture. You might even be stopped by the police or have your phone confiscated. While you have consented to allow these users to use one application you may want to be able to have additional discretion about whether they can access other apps that you have not given them permission to use.
Fortunately, there are ways to keep certain applications readily available while others are locked down. Keeping a password lock through an app like Applock8 on your phone prevents casual snooping through your contact numbers, texts, and data. In addition to requiring a passcode to unlock your phone, you can also download software that allows you to set a code for individual apps.
We recommend using AppLock8 on Androids. AppLock is a free app that extends your phone’s access controls to specific applications.
Photos we take on all electronic devices can often carry data that can be used to pinpoint our location and gather other information about us.
This information can be intercepted and gathered as part of the surveillance of our movements and habits. These details are often shared through the metadata of the picture. Metadata simply means data that provides information about other data. The Metadata in our phone photos will have additional data that would be useful to categorizing, locating, or describing a file.
Many of the files we use and create on our phones have metadata, including emails, text messages, and photos. So one of the ways we can secure our phones is by minimizing the metadata our phones share while we communicate.
The metadata in photographs are known as the Exchangeable Image File Format, or EXIF. This can reveal much about you, your subject, and where a photo was taken. Metadata embedded in a photo includes the following:
The metadata of an image is not always bad or always good. It really depends on your user needs. For example if you are shooting content that might be used to document a protest or even a police brutality incident then metadata could be a very crucial layer of additional information that further be used to establish the historicty of your image and bolster its use as evidence. Other times we don't want to share metadata because it can reveal sensitive information or feed corporate tracking of our lives. Only you can decide and it is our hope that these two workflows can help restore your consent to the way your photos are used.
SWITCH OFF LOCATION TAGGING FOR YOUR CAMERA The first step to minimizing the metadata in your photographs is to change your Camera app setting and disable geolocation. You can find that setting by opening the Camera app and tap the circle to the right of the shutter button. From the resulting menu, tap the Settings icon. Now, in the settings menu, tap the “Location” button. You can tell that geolocation is now disabled because of the icon overlaid on the options button.
INSTALL A THIRD-PARTY APP FOR SCRUBBING METADATA FROM IMAGES
Now we will work to scrub, or remove, existing metadata from images we have taken on our Android. To do this we recommend installing and using Exif Eraser for Android.
After installing Simply pick one or more photos with EXIF information from the Gallery or the app.
We recommended setting your phone by using the PIN or password option to secure who can enter your phone. A PIN or password offers more protection then fingerprint ID's against law enforcement or theives. More sophisticated law enforcement agencies now have access to technology that will exhaustively try every single digit combination of a numeric password, until a match is found. In order to mitigate these automated law enforcement tools, it’s best to use an alphanumeric pin if you think your phone will be seized at a checkpoint or demonstration. A good PIN/PASSWORD would be at least six alphanumeric characters digits long and does not use any of the following items:
So lets get started with setting up your iPhone. The first step is to set up the PIN passcode. Some phones may also allow you to set your fingerprint as your password through Touch ID. We absolutley do not recommend setting up Touch ID, as there are more protections for PIN Passcodes then there are for Touch Id. Further you can be physically compelled to open your device against your will. We also recommend avoiding facial recognition unlock for similar reasons. That is why we recommend setting a strong PIN and consider creating one that is alphanumeric.
You should choose a code that is at least six digits long. If you have simple code selected, tap Change Passcode, enter your current code, then choose a harder sequence. Enter your passcode again to verify and activate it.
Additionally, when you set up your passcode, there is an option to erase data after too many failed attempts. If you have this option selected, your phone will erase all the data after 10 failed passcode attempts. Once this data is erased, it's gone from your device. However if you've been backing up your phone you can restore it from your most recent backup information.
Different versions of iPhones may have different ways to get to the settings described in this section. We describe the general method but do a little searching around the settings areas of your particular phone to make sure you achieve the same results.
Additionally if you want further protection you can also lock your SIM Card. Learn more about how to do that here.6
Once you have set your PIN/Password the next step is to activate your security lock timer. This determines the amount of time your phone will be open before the phone locks itself. You will vary this time based on the risk of your current activity. For maximum security, always choose the shortest possible time frame that suits you without becoming too taxing. You can always adapt your times to your activities as well. So if you use your phone for recipes keep security lock timer off, but then turn it back on when you resume regular activity. Use your risk assessment to figure out what makes the most sense for you.7
Encryption is essentially one of the best ways to protect your iPhone’s data if it is stolen, seized, or confiscated. Encryption in the simplest of terms means the scrambling of data with complex math. The purpose of encryption is to ensure that only someone who is authorized to access your iPhone’s data will be able to read it using the decryption key.
When your phone is encrypted, data is stored in an unreadable jumbled form. If your phone is stolen, confiscated, or lost, this feature can protect data like your home address, email, bank accounts, communications, and other sensitive data because your phone cannot be used unless the encryption is unscambled by your PIN/Password.
When you enter your PIN or your pattern on the lock screen, your phone decrypts the data, making it understandable and accessible to you. Without the encryption PIN or password, a malicious actor can’t access your data. This is why Encryption is one of key building blocks of securing your phone
With Androids, you must enable device encryption, but almost all current Apple devices encrypt their contents by default. However, to protect yourself from someone obtaining your data by physically stealing your device, you need to tie that encryption to a passphrase or code that only you know. If you do not have your PIN Passcode activated that Encryption will not be enabled on your phone.
Once your passcode is set your phone is now encrypted. What is crucial then is to only back up to your computer or hard drive and never to icloud.This can be hard for folks because part of the ease of the apple ecosystem is the convenience of syncing content between your different apple devices. However if you backup your content to iCloud you know are allowing Apple to be a third party that can weigh-in on who can access your data. We recommedn that you retain maximum control of your data and break up with iCloud today and move to backing up your phone to an external hard drive.
Once you’ve set a passcode, scroll down to the bottom of the Touch ID & Passcode Settings page. You should see a message reading “Data protection is enabled.” This means that the device's encryption is now tied to your passcode, and most data on your phone will require that code to unlock.8
USB Restricted mode is an iPhone setting that prevents USB accessories from connecting to an IOS device. This mode was introduced to iOS devices in order to deter governments and hackers from using special equipment to crack iPhone encryption. This feature should be enabled by people who are going through a customs checkpoint or airport border crossing. Instructions for enabled this mode can be found here:
https://support.apple.com/en-us/HT208857
Many people do not realize how much location information your iPhone is sharing with both Apple and the companies who create the apps you use. One way to begin minimizing this information is to monitor and change your location settings on your phone.
The first time an app tries to access your location it will ask for your permission, even when it’s running in the background. The app's developer may also explain how it uses your location.
Some apps will ask to use your location only while the app is in use. An app is considered “in use” when you are actively using it in the foreground or when it's running idly in the background, which the status bar will indicate. Other apps will ask for access to your location even when they are not in use. Your operating system will remind you which apps have this access with pop-up notifications, triggered when an app uses your location in the background.9
When Location Services are turned completely off, no apps can use your location in the foreground or background. This may limit applications like Maps and GPS requiring services like Uber or Lyft. Keep in mind that this workflow only addressed corporate location tracking because your phone can still ping information about your location. If you are concerned about a government agency tracking your locations then the best option is to leave your phone at home or review the section in the curriculum about farraday bags.
Whether you're working for an organization that wants to use iPhones to display information or you'd simply like your child to focus on their homework app, you can use Apple's Guided Access feature to lock your screen on one specific app.
Built as an Accessibility feature, Guided Accees limits users to one specific app, preventing them from switching to another program or returning to the Home screen. This can be extremely useful in a number of settings, including organizing,research, and businesses. Whatever the task Guided Access helps make sure that all attention remains on that app. It also prevents you from accidentally exiting to the Home screen or another app when you don't mean to.
Guided Access can even be used to create a "guest mode," allowing you to hand your device to someone so that they can use Safari, iBooks, Video, or a game without having to worry that they'll snoop through your personal information.
This is because Guided Access keeps your iPhone in a single app, lets you disable areas of the screen that aren’t relevant to a task, and disable the hardware buttons. You can even end a session by entering a passcode to return your iPad or iPhone to normal mode.
You can use Guided Access to:
With this, you have successfully enabled the Guided Access feature and can now lock Apps. To do so, open the app you want to lock, for instance, the Camera app.9
Once Guided Access is enabled, anyone trying to use or leave a specific app will require the passcode. Without the code, he or she will not be able to exit Guided Access.
Photos we take on all electronic devices can often carry data that can be used to pinpoint our location and gather other information about us.
This information can be intercepted and gathered as part of the surveillance of our movements and habits. These details are often shared through the metadata of the picture. Metadata simply means data that provides information about other data. The Metadata in our phone photos will have additional data that would be useful to categorizing, locating, or describing a file.
Many of the files we use and create on our phones have metadata, including emails, text messages, and photos. So one of the ways we can secure our phones is by minimizing the metadata our phones share while we communicate.
The metadata in photographs are known as the Exchangeable Image File Format, or EXIF. This can reveal much about you, your subject, and where a photo was taken. Metadata embedded in a photo includes the following:
The metadata of an image is not always bad or always good. It really depends on your user needs. For example if you are shooting content that might be used to document a protest or even a police brutality incident then metadata could be a very crucial layer of additional information that further be used to establish the historicty of your image and bolster its use as evidence. Other times we don't want to share metadata because it can reveal sensitive information or feed corporate tracking of our lives. Only you can decide and it is our hope that these two workflows can help restore your consent to the way your photos are used.
SWITCH OFF LOCATION TAGGING FOR YOUR CAMERA
INSTALL A THIRD-PARTY APP FOR SCRUBBING METADATA FROM IMAGES Now we will work to scrub, or remove, existing metadata from images we have taken previously on our iPhone. To do this we recommend installing and using PixlMet for iPhones. PixlMet helps return to consent to your understanding of what you are sharing with your metadata by showing you in its library the metadata for any given photo stored on your phone. It also allows you to share the photo to social media with or without this data whne you send it through the app.
Every mobile phone in the world can be uniquely tracked across locations in real time, and the complete communication history between any two mobile phones is accessible by corporations and governments.
Many people find the use of virtual phone numbers critical in their work. A virtual phone number allows someone to make and receive phone calls and SMS messages through their phone but via an alternate phone number. Use of this technology can help obscure your real identity in situations when dealing with unknown persons in the general public. Common uses of virtual phone numbers include posting them as a number in social media apps for job hunting, dating, etc. In the activist world, common uses include giving out a virtual phone number when engaging in community organizing work for a hotline.
Consider the following use case: You are organizing a local protest and need to set up a helpline phone number that can be called in case of any emergency. Rather than circulating yours or your organization’s permanent phone, you can use your virtual phone number to generate a new number and make this number available to event attendees. Once the event is over, you can go ahead and delete the number and close that channel of communication. This goes a long way in maintaining privacy and securing your identity. Additionally these phone numbers can be useful when maintaining a public online presence, such as a contact point in a social media profile. Virtual phone number services can be found free or cheaply in much of the world.
In North America, two options include acquiring a free Google Voice number. This option is good for people that need a single phone number that can be used for a long period of time, such as a hotline number. It is also possible to use other security apps, like Signal Messenger, on top of a Google Voice number.
There are many other paid commercial providers of virtual numbers. In North America, popular apps include Burner App, Sideline, Hushed, Grasshopper, and Skype virtual phone numbers. Each of these providers have different price points and features, depending on the needs of an organization.
GOOGLE VOICE
Google Voice makes it very easy to generate multiple phone numbers and set up call forwaridng services. Once you create an account on Google Voice, the application allows the user to pick a U.S. telephone number from a list of available number and forwards calls to this number to the telephone number that you used to create the Google Voice account. Users in the U.S. and a few other countries can also use the Google Voice app to place calls to international and domestic destinations, though this is not free of charge. Here’s a step-by-step guide on how you can download, install and use Google Voice.
Before you begin, you’ll need a Google Account and make sure you have your phone handy and can receive texts. Download and install Google Voice from the Play Store. Setting up a number takes approximately 5 minutes, and instructions can be found here: https://support.google.com/voice/answer/7207482.
BURNER APP
Burner App is an app that allows you to get burner numbers that you can use from your smartphone. Like a burner phone, it provides you with anonymity and a temporary number that you can use. People use the Burner app in different situations including online dating, applying for jobs, online marketplaces like Craigslist and Etsy or any situation where you are giving away your contact information to a lot of new people.
Burner app allows you to get temporary numbers for as short as three days. This is perfect for activists and organizers, who are required to share their contact details with people including the press, event attendees and other acquaintances.
Start by downloading Burner app from the Google Play Store or iStore and creating an account. You can then set up a virtual number by following these simple instructions: http://support.burnerapp.com/customer/en/portal/articles/2728090-creating-a-burner
USE OF BURNER PHONES
At times, it is useful to employ the use of ultra-cheap feature phones to conduct operations without revealing location or identity. These phones are called Burner Phones because they are intended to be disposable and one-time for a given operation. Activists often use burner phones in order to communicate during a protest or provide a phone number to activate an online service. The use of burner phones in India is generally not available due to ID requirements for purchase of a SIM card.
.
1. http://www.usatoday.com/story/news/nation/2013/12/08/cellphone-data-spying-nsa-police/3902809/
2. https://www.eff.org/deeplinks/2014/08/cell-phone-guide-protesters-updated-2014-edition
3. https://mosequipment.com/blogs/news/56937861-how-to-choose-the-right-faraday-bag-for-forensics
4. https://www.amazon.com/Black-Hole-Faraday-Bag-Anti-tracking/dp/B0091WILY0
5. https://videotron.tmtx.ca/en/topic/google_nexus6p/hiding_your_phone_number.html
6. http://www.pcadvisor.co.uk/how-to/mobile-phone/how-to-set-up-a-sim-lock-on-an-apple-iphone-3304041/
7. http://www.howtoisolve.com/turn-on-off-change-auto-lock-screen-time-iphone/
8. https://ssd.eff.org/en/module/how-encrypt-your-iphone
9. http://www.imore.com/how-use-guided-access-iphone-and-ipad