In this chapter: Phone prep; Make your own burner phone; Body cameras, point and shoots; Make a tiny wearable time-lapse camera; Batteries and cards; How to make/use a Wi-Fi "library" of resources, rights, maps; Docs to keep with you; Make an open source protest sign; Security gadgets; Charlatans and bad activist advice
Given current events, I felt it was a good time to provide three chapters of this book and the corresponding resources for free, for whomever might need the information. I often describe this book saying, "it's like Smart Girl's Guide to Privacy goes to college," and was written with a team of professional hackers, in the spirit of our reaction to the 2016 US election.
There's an unbelievable amount of versatile gear to help you document and share your experiences in creating change. Cellphones, wearable body cameras, security gadgets, and more are readily available to take your resisting to the next level. Yet even the best gear doesn't always do what we need it to, and there are items you can create that surpass anything you can buy.
In this chapter you'll find out how to make your phone a better tool, and how to pick the best gear. You'll also find out how to make an open source protest sign that can call a lawyer for you if confiscated, and a mobile library of "know your rights" documents anyone can access.
Your phone is your most important piece of gear. Every digital revolutionary needs her phone, locked down for security and ready to connect to the world. But that's not where your gear list ends because there are other gadgets you'll want (and need) in your revolutionary go-bag.
Get your phone ready for action. See "Your phone is a tracking device." After that, the basics of phone prep are:
• Back up your address book and all files.
• Activate "Find my phone."
• Sign out of every app you won't be using.
• Make sure your password is on.
Do a little inventory of the apps you use for taking photos, recording video, posting status updates, and communicating with your community. Make sure they're easy to access. Some phones will let you assign a key or make a shortcut for taking photos or video; set that up so you're always ready.
Media use can drain your battery faster than you expect. So can using WiFi when there are a lot of people around (among other things). Consider getting a small extra battery pack to stash in your bag so you don't run out of juice at the moment you need it the most. There are lots of inexpensive, slim, and light "juice packs" (small battery chargers) you can get that won't add a lot to your load.
If you're going to be out and about, you may want to do a little DIY work on your phone and attach a wrist strap to it. This way, if you phone gets knocked out of your hands, you won't lose it. Buy an inexpensive case on Amazon, and salvage or buy a small camera wrist strap—the kind that is just a cord. Then you can do one of two things. Before you snap the case on, attach the wrist strap through one of the case's available holes.
Snap it on and test it (over your bed or something soft). If the case doesn't fit snugly enough for you, there's another option: Drill a tiny hole in the bottom right corner of the phone case. This won't massively harm the integrity of your case, and it's a solid option. I've had my phone on a wrist strap in this fashion for years; the latest version has lasted for the year I've had my phone (and still going). And the only time I've ever dropped and cracked my phone's screen was when I wasn't using my DIY wrist-strap case.
Make your own burner phone
In "Your phone is a tracking device," you'll learn all about "burner" phones and "burner apps" that reduce your surveillance footprint. You'll also read about what to consider when bringing your phone to a rally, march, or protest. Read it so you can do a risk assessment about surveillance in public places and what happens if you lose your phone.
So often, our tech choices make us feel like we don't have control. This is especially true when it comes to our phone—a source of both joy and powerlessness. It just feels so wrong that our phones are tracking devices we pay for, but we can't do anything to open them up and change them. But guess what? You can actually make your own phone. It's a great choice if you're a bit handy and buying a burner phone or using a "burner app" isn't for you. As with a real burner, you won't be able to check Facebook from a DIY handset, but you'll have control over everything—including your data.
All it takes is buying parts (around $150 total), learning a few hardware hacker skills to put it together, and then getting a refillable SIM card. (A Ting SIM typically costs $9.) Making your own phone reduces your surveillance footprint to just about zero, and it's completely legal.
The easiest, cheapest and most complete tutorials on making your own phone are on Adafruit, where they also sell kits and a cheap 2G SIM card—everything you need in one spot. This project doesn't require a lot of parts. With Adafruit's libraries, you can make your own touch-screen dialer in just 200 lines of code.
Learning to build a little phone that makes and receives calls (as well as SMS) will explode your gadget powers. You can make it as simple or complex as you like; if you're technical, design your own interface or code up a custom app. When you program it, you can have it do things like call 911 when you send it commands. Attach it to your open source protest sign and you've got something that can send out messages or calls if the sign gets confiscated, or if there's trouble at an event.
Body cameras, point and shoots
For some people, their phone is all they need when it comes to capturing and sharing photos and video. That's great for traveling light—but you only have two hands, and your phone camera isn't always that great.
Body cameras take the pressure off when you want to keep your hands free to tweet, text, or just put the need to document everything on automatic pilot. These "action cameras" that clip to a hat, a body harness, or strap to tour belt or wrist can also come in handy when you're at an event that might need to be streamed, or gets disputed later. They're especially helpful if you're following advice from the Indivisible Guide for meeting with congressional representatives, which is to "record everything."
It's important to remember that they turn you into a walking surveillance device, so use caution about other people's need for privacy and consent, and know your rights about taking videos and photos in public (versus private) spaces.
Action cams are designed to be attached to helmets, sporting equipment, cars and other objects, and they're small, tough, and easy to use. GoPro is the name everyone recognizes, with their well-known boxy cameras. Action cameras also come in different prices, specialties, and styles, like a “bullet” shape. Other names to look for include the TomTom Bandit, Garmin Virb, Drift Stealth, Sony FDR-X1000V, and the iSAW Edge.
Here are a few to consider:
A body-mounted action camera isn’t just for video. You can set it to take a photo every second, ten seconds, or sixty seconds. You can also livestream from most of them, but if that's your main goal, you should do a little research before your buy to make sure your current setup is compatible with livestreaming services.
If you want to grab video or pics from the perspective of what you're seeing, a head or helmet mount is what you want. Something like GoPro's Head Strap and a QuickClip will do the job, and just the clip will let you put the camera on a hat, belt, or more. Helmet mounts come in different configurations; just make sure your helmet and the camera are compatible. Most helmet mounts will stick on your helmet with a powerful adhesive. Your camera can go on the front, back, or side, depending on what works best for you.
A chest harness is nice when you want to keep the camera view steady, forward, and difficult to jostle or knock loose. Straps like criss-cross suspenders place the camera on the center of your chest. They typically come in two sizes, which are fairly adjustable.
A wrist housing lets you do exactly what you'd think: You can change the angle whichever way you point your wrist, like a watch.
But sometimes a tiny detail can really matter, and that's when you'll curse your phone's grainy little camera—or simply wish you had more control over a shot. A point and shoot camera dedicated to the task, with an app for sharing on the spot, might be your new best friend.
Many new cameras come with onboard WiFi. It's not like regular WiFi, meaning it can't get you online. This WiFi connection is just for devices to connect to your camera. It will have its own password, so it's not "open." It isn't something you can secure completely when you're using
it in public, but it's not like using your computer in any local café—your camera's WiFi use is a very low-risk activity.
Some manufacturers of point and shoot cameras, like Sony, provide you with an app that connects your camera to your phone. This is great for taking better, more detailed photos and getting them online when you're on the scene. When you take both the camera and your phone out to events, you can transfer individual photos to your phone for quick sharing. The app saves it to a folder on your phone, and you can just post it online like normal.
It can help with identifying details, and also acts as an online backup of sorts if you lose your camera or phone. So if you capture something detailed like a lot of faces, uniforms or signs, and it needs to be posted right away, you can.
Make a tiny wearable time-lapse camera
For some, a body camera is a cool idea ... but feels like overkill in practice. Spending hours wearing a little box on your head or strapped in the middle of your chest on a harness isn't everyone's cup of tea. If your idea of hands-free documenting is more subtle and you really prefer less maintenance with your gadgets, consider making a DIY Time Lapse Camera.
This project puts a tiny little camera on a necklace (or clipped to a pocket or strap) where it hangs out and snaps a photo every few seconds for up to two hours. The photos are saved to an SD card (or mini SD), just like in a regular digital camera. Keep it running longer with a portable battery, and bring extra SD cards if you decide to have it quietly snapping pics all day. Transfer the photos into your computer at the end of the day, where you can review or make them into a time lapse video with a program like iMovie.
Batteries and cards
There's nothing worse than running out of battery or storage space when you need it most. And someday, you will. Especially if you take your phone out into crowded places, where it will fight for signal and wear the battery down before you know what's happening.
When you pack for an event, always bring extra storage cards for your camera or phone. That way you won't ever have to ration your photo-taking or have to delete anything. You'll also want an extra card or two in case something happens to your camera.
Extra batteries for everything are required in every revolutionary go-bag. It's great that they're cheap and small, and you can find all sizes and shapes on Amazon. Yet you've probably realized by this point that even the nicer portable batteries don't have great lifespans—they die, sometimes far sooner than they should. Then you need a new one, and the cycle begins again.
There's another option, and it has better benefits than the buy-and-dump cycle. Make your own small battery pack for recharging anything that has a USB cord, and you'll be free! My favorite solution is a DIY battery called the MintyBoost, which is easy to put together and has a total cost of around $20. It runs on 2 AA batteries, so you can also boost the environment with rechargeables as you like.
The MintyBoost is a tiny, very powerful USB charger for anything: Your camera, phone, tablet, or anything that needs to be powered-up. The whole thing fits into a little Altoids gum or mint tin. The battery pack will run your gadget for hours, 2.5x more than you'd get from a regular charger.
If you want to get started with hardware hacking or any of the projects in this book, the MintyBoost is the perfect place to start.
How to make/use a mobile WiFi "library" of resources, rights, maps
One of the problems we face is access to information. We're kept in the dark about our rights, we're constantly hacking our way through censorship, and everything we use for sharing seems to have a catch. With a tiny bit of tech, and a little easy-to-learn hacking, one solution is to make your own Digital Free Library. With this little gadget, you can stock it with digital documents and anyone around you can connect, download, and share. Put resources like the ACLU's "Know Your Rights" or an area map for a protest march on it, and you might really help someone when they need it.
A Digital Free Library is an electronic WiFi "library" whose concept is similar to something called The Little Free Library. You've probably seen one of these informal community libraries of used books in a café or hotel lobby. It's when a public space has a box or bookshelf where people can take a book, add books, or return books for the community to enjoy. The digital version was originally created to share digital magazines and projects with a neighborhood.
All it takes to make one is a Raspberry Pi Zero, and a WiFi adapter to make a hotspot that people can connect to. Follow this tutorial to make it happen. Consult the next section for more ideas of what to stock in your mobile community library.
Docs to keep with you
In general, it's a good idea to make sure you have your emergency contacts handy. This means your personal emergency contact, but also contact information for a legal hotline, or your lawyer if you have one.
You may want to keep a copy of these somewhere that's not your phone in case something happens to it. Sometimes the best way is the old fashioned way; while some might tell you to put this info on a USB stick, a print copy somewhere on your person is the most practical solution. A post-it stuck to your ID, or even written on your arm in ink (if you think things will be intense) works just fine.
Unless you're aiming for trouble, you should always keep your ID on you. This, and any information about medical conditions and allergies. If you're meeting with people in an unfamiliar building or area, consider keeping a copy of a map or building plan on you as well. Your mapping app might not always be available or fast enough, so either download a copy to your phone or print it to stash in your bag.
Along with these, you may want to consider keeping a few other documents on you that can come in handy if you're confronted by misbehaving authority figures.
See also: Talking to police (know your rights)
On the ACLU's Know Your Rights resource page, you'll find a variety of docs that list your rights in different situations. These are great because it's hard to focus when you're under stress. Examples of things you may want to keep with you include "Rights at Airports," "Visits from ICE," "Demonstrations and Protests," "If You're Stopped by Police," "Photographers," "LGBT High School Students," and more. Other popular documents to carry include the Bill of Rights, the US Constitution, and the EFF's Know Your Rights.
Make an open source protest sign
One of the best parts of being a digital revolutionary is making a better version of something, and then using it. Take the ordinary protest sign. It has one message, and pretty much just one function: That message. What if you had a sign you could change while you're in the moment? And it glowed in the dark?
That's the Open Source Protest Sign, and it's a snap to build. With a little bit of basic hardware hacking, the only thing standing between you and the most amazing sign you can imagine is an hour of your time and ideas about what to say. The Open Source Protest Sign is a wireless project, where one side will be glowing LED lights you command, and the other can be a whiteboard.
Simply make what's called a Raspberry Pi Zero wireless sign, by following the tutorial at Adafruit. The device can also be made into a stand-alone wireless broadcaster with a library of documents, like the WiFi library described in the previous section. Make an expanded version by incorporating an Adafruit FONA that can call your lawyer if the sign is taken away or damaged, or message your friends if it looks like there's trouble ahead.
The Lock-Pick Card: https://store.itstactical.com/its-entry-card.html Tumi: https://www.tumi.com/c/accessories/rfid-wallets-cardcases YubiKey: https://www.yubico.com/start/
Security gadgets: YubiKey
When it comes to logging in, you should use 2-step verification (sometimes called 2FA) with every service that'll let you. You can strengthen (and simplify) this by using a secure USB key. It's an actual, physical key that can go on your keychain, and you just plug it into whichever device you're using to sign in. They're inexpensive, and easy to use.
USB keys are gaining in popularity, and Google and Facebook have added this functionality to their log-in processes. It's for people who don't mind carrying a key around with them, and comes with the bonus that you can still securely log in when there's no WiFi or cellular data available.
One popular, reputable brand is called YubiKey. Some hackers always carry a YubiKey with them everywhere they go.
The key is used instead of having a code texted to your phone or sent via email (both of which have their disadvantages, like if you lose your phone). It means you need to have the key on you in order to get into your Google or Facebook accounts. You're a lot harder to hack if you use a USB key, and it's also that much harder for nosy, overstepping authorities to access your accounts should your phone get confiscated.
Phishing, malware and other attack methods simply won't work because they'd need your username and password, and to plug in your YubiKey to work. The little USB key acts like two- factor authentication for any service or site you register it with (ones that support two-factor, that is). What's more, it requires no special software, works across multiple devices, and rides along discreetly on your keychain. You can find them online at Amazon and other shopping spots.
Security gadgets: PortaPow
Attacks like ransomware, viruses, and trojans can spread between devices when you connect them, but often times we can only charge our phones or tablets from a USB port. This means we run the risk of viruses or data hacking if we pull a little extra battery life from an unknown socket. Plus, it usually means slow charging.
PortaPow solves all of these problems: it's a lightning-fast charge and blocks the transfer of data. PortaPow's Micro USB Cable is the same thing but in micro cord form: it prevents your device going into data transfer mode by blocking data on the line, and like the PortaPow USB, it charges faster than standard USB cables. This is another one you'll find easily on Amazon.
Security gadgets: RFID wallet
If you've been keeping up with the news, you may know that malicious hackers can easily clone your passport or steal your credit card, debit, or driver's license credentials just by brushing up against your wallet or purse. That's because anything with an RFID (Radio-Frequency Identification) chip in it can be cloned by someone using very inexpensive hacking tools.
The only way to prevent that is to carry an RFID-blocking wallet or passport case, which physically blocks this kind of personal breach. They can be found on Fossil, Amazon, and Tumi, among others.
Security gadgets: Emergency lock picks
Picking locks isn't hard to learn, but few people pick up the skill. If you ever get locked out of your house, need to get out of handcuffs, or don't want to call some creepy locksmith to help you get into your home, then you should learn how to use a set of lock picks. Learning to pick locks isn't illegal (unless you're in Japan), and it's great for learning how secure—or not—a lock is. You can find a lot of great tutorials on YouTube.
A small set of lock picks will fit into a bag no problem, but you can find very small sets that pin to a lapel, or slide unnoticeably into a wallet. The Lock-Pick Card is a wallet-sized card that's actually a nine-piece lock pick toolkit. Simply snap the tools out of the card whenever you need to save your own bacon.
Security gadgets: Onion Pi
One of the most popular "snake oil" privacy gadgets is the so-called "Tor in a box." This is (supposedly) a plug-and-play gadget that promises to make you anonymous online by running Tor—a browser people use for anonymity—in a separate gadget. The thing that "anonymity box" fakers don't want you to know is that it's cheap to securely make your own "Tor in a box." It's called an Onion Pi, and it actually works.
Tor is great for privacy and anonymous browsing, but it's not a "silver bullet" solution for being perfectly anonymous. Read about its pluses, minuses, and quirks before you use it. These are detailed in Chapter 5, "Defy Surveillance."
Not everyone who wants to browse anonymously can install Tor on their device, laptop, or work computer. Plus, some devices don't have Ethernet ports. The Onion Pi solves both of these quandaries. The Onion Pi is also a great solution for guests or friends who want to use Tor but doesn't have the ability or time to run Tor on their computer.
The Onion Pi is an excellent gadget for dedicated privacy and security enthusiasts. It lets you browse the internet anonymously anywhere you go with its Onion Pi Tor proxy. This weekend project isn't for beginners, though Adafruit's tutorial practically does most of the work for you. You'll need hardware hacking and programming skills. If you go with Adafruit for the project, you can get all the parts in one kit for $69.95. The end result is a small, portable, low-power privacy gateway for all your internetting, and uses a Raspberry Pi, a USB WiFi adapter, and Ethernet cable.
Follow the Onion Pi tutorials, including the "Raspberry Pi as WiFi Access Point" tutorial at Adafruit (all links are in the "Digital Revolutionary Project Guide" chapter). They explain how to set it up and install Tor. with helpful scripting, code, and tests to run.
The final result is easy to use. Plug the Ethernet cable in anywhere you'd like to access the Internet. Give it power: Plug the Onion Pi into your laptop or a wall adapter with its micro USB cable. Your little Pi will come alive, showing up in your WiFi list as a secure wireless access point called Onion Pi. Connect to it, and you're using Tor—automatically routing your web browsing through the anonymizing Tor network.
Charlatans and bad activist advice
A magic anonymity and privacy box that makes all internetting safe for activists and those who want to avoid surveillance? Apps with "military grade encryption" that promise a "cloak of invisibility" and protects against ransomware? More like a pack of dangerous lies. Alarmingly, these lies are told specifically to activists and people who are at risk of being targeted for surveillance.
Combined with heightened public concern about hacking and security, a never-ending wave of too-good-to-be-true privacy gadgets and apps have been steadily hitting the market and putting people at risk with their false claims of security and enhanced privacy. It's a problem that isn't going away anytime soon.
The security snake oil salesman is one of the most disturbing trends to come out of all the constant government-surveillance headlines. With a new administration putting government trust at an all-time low and our interest in security and privacy at an all-time high, these profiteers are swindling unknowing users with fake gadgets like crazy.
Despite debunkings, these "magic privacy box" charlatans keep coming. Because there's a lack of awareness, people keep funding them on sites like Kickstarter, and crowdfunding sites don't seem well-equipped (or interested enough) to stop them. On top if it all, the security reporting gold rush has produced a green crop of security reporters who, for now at least, are easily fooled into believing these entrepreneurs' claims and unintentionally send trusting consumers off to buy these awful, risky products.
Real security products that do what they promise, especially gadgets, are few and far between. Just because they get a glowing write-up in a mainstream news outlet, it doesn't mean they're on the level.
Look for red flags when you shop, and keep an eye out for trouble. There is no such thing as "military grade encryption," which has been a claim that's only recently started to get debunked. Other claims, such as "protects from crypto-lockers" or "would have prevented the Sony hack" are flat-out false. Same goes for lies like "No more backdoors!" and "leaves no trace on your computer," as well as claims saying "it can be used inside countries like North Korea safely."
If the people behind the product act weird, something's wrong. When people asked technical questions about a "Tor in a box" gadget on Kickstarter called Anonabox, the inventor went on the attack, avoided the questions, used a barrage of buzzwords, and played mind games. Security snake oil product Sever's founder made a bizarre video to mock the highly respected infosec professionals who asked questions and wrote criticism.
Do they claim to make the whole thing from scratch, or suggest a fishy history of prototypes?Something's rotten, and you should stay away. If a product promises a "powerful new" or "secret" encryption algorithm, something's not right. Same if it describes basic Internet or computer functions as if they are special features, or claims to be open source and proprietary at the same time. As a general rule, run far and fast from anything that confuses (or conflates) privacy and anonymity, promises super speeds, or is a privacy product that comes with an app store.
Use the power of search. Google for blog posts, where researchers might have debunked crazy claims, and definitely search Twitter, where infosec communities will chat about the gadgets and pick them apart. Search by using the product's name as a hashtag.
Security gadgets are one instance where you actually should read the comments. Few people understand security minutiae, let alone the basics in ways security pros do—so it remains all too easy for fakers to hype the hacking fears, make impossible promises, take the money, and run.
The same problems are happening with online advice for anonymity, surveillance, and other pressing privacy and security issues. Bad activist advice is rampant. When you see Medium or other posts about defeating facial recognition surveillance, being totally anonymous online, or securing your phone for crossing a border, proceed with extreme caution.
Most of us know that you should always double-check and research what we read online. But that's doubly important when it comes to learning about things that are supposed to protect you from being hacked, surveilled, or exposed to harm online.
But it's tough to tell the good advice from the bad when it comes to privacy, security, identity protection, and things like surveillance. These topics come with complicated technical aspects that not a lot of people know or understand. Which makes it a ripe arena for exploitation by people who mean harm, or just want to look like they're "experts." Especially in an area as trendy online as digital activism. And the trendy anti-surveillance crowd tend to be people who haven't endured a genuine risk in their lives, with little inclination to empathy for people who can't afford iPhones.
If something doesn't look right, or you can't find anyone to answer your questions about it, then avoid it. Use your bullshit detector. The advice to read the comments and see what security professionals are saying (on social media and blogs) applies here just as strongly as with shopping for security gadgets.
People who work in infosec and in the trenches of fighting for online privacy have more than a work-related stake in making sure accurate information is out there. For them, it's personal.