In this chapter: The problem with phones at protests; Nail down your settings; Phone signal interception; Best phones to protect your data and best practices; Burner phones and apps
Given current events, I felt it was a good time to provide three chapters of this book and the corresponding resources for free, for whomever might need the information. I often describe this book saying, "it's like Smart Girl's Guide to Privacy goes to college," and was written with a team of professional hackers, in the spirit of our reaction to the 2016 US election.
Our phones are a crucial part of who we are. In our hands constantly, they go everywhere we do. With them, we're connected to each other and the world, sending status updates, posting photos and videos, making our voices heard sometimes over and above the most powerful news outlets in the world. Cell phones are the digital revolutionary's most important tool.
It's important to point out that while widespread, phone tracking isn’t going to be a major issue for most people. Some people just don't care, others like having their contacts know where they are, and some people want to leave a trail of places they've been. However, it's important that you're fully aware just how much phones are being used to spy on us.
You should know that our phones are spying on us 24/7. These little handheld sidekicks are law enforcement and Big Brother's most useful asset when it comes to tracking and surveilling anyone. Greedy corporations can't believe how lucky they are to be around in the time of cell phones without strong privacy laws. Apps have permission to search your mail, meddle with your settings, scrape your address book, and even record you. Many apps share the information they get with marketers, data brokers, and authorities.
The only way we can completely refuse to be tracked is not to use our apps, or leave our phones at home. But not using apps or going without a phone isn't a realistic option for anyone.
Smartphones leak your information and leave a trail of your information by design. Your info can be discovered and your habits known by any bystanders who know how to look. Hackers and developers have been trying to raise the alarm about phone security for years, but have gone practically ignored.
Every step you take, every place with WiFi that you visit, and even friends who end up in your physical proximity, are revealed to anyone with a couple of bucks and the will to violate your life.
In 2016, a hacker in Bordeaux, France named Mehdi decided to see what he could learn about the people around him with a couple of off-the-shelf gadgets. What he found is unsettling and creepy. Over the course of six months he observed information leaking from people's devices while he was on his daily train commute, just through the WiFi and Bluetooth data coming from their phones.
Mehdi found all this out without hacking into anyone's phone or planting hardware on them. He did it without a warrant, and with zero help from Apple or Google. Using a Raspberry Pi armed with a GPS, WiFi and a Bluetooth sniffer, he created a lowbrow NSA-style phone tracking operation.
Whenever someone's WiFi sent out probe requests for its home access points or their Bluetooth devices leaked information about what they were, he recorded it. The website Hackaday wrote: "In the end, he got nearly 30,000 WiFis logged, including 120,000 probes. Each reading is time-stamped and geolocated, and [Mehdi] presents a few of the results from querying the resulting database."
With this information, Mehdi tracked the entire commutes of strangers. He saw when someone's phone sent out probes for a Domino's pizza WiFi connection. Mehdi could even figure out "...which riders knew each other because they often connect to devices with unique IDs, which could be used to correlate them."
You can bet that every app you have installed is also slurping up this information, bundling it and selling it to advertisers. We didn't sign up for this. We've been boxed into this privacy nightmare by our smartphones and their apps, which don't allow us to have a functional phone unless we formally agree to a legally binding Terms of Service.
For many hackers this is old news. In fact, infosec researchers have been raising the alarm by demonstrating how easy it is to play Mehdi's game of "capture the probe" for years. Malicious hackers and companies like Facebook alike consider such gaping security holes a feature to exploit for profit, not a flaw (though, of course, if it makes Facebook look bad, the company will trot out the usual "it's a bug" excuse).
At hacker conference DEF CON 21 in 2013, security researcher Brendan O'Connor presented a talk called "Stalking a City for Fun and Frivolity." His presentation was bracketed by some heavy emphasis on the fact that everything we use is leaking way too much data about us.
With tools O'Connor used, he recorded data and combined it to create a visualization "to show people with real faces and identities and histories moving around a map in 3D," he told Computerworld. "Even if you don't connect, if you are wired on a network, we will find you. If you are a person in a city, we will find you, and we will do it all for very little money."
The experiment, O'Connor explained, was to see how much data they could collect from local network traffic. "This means names, photos, services used, etc." It wasn't terribly difficult for him to make filters for grabbing data from specific apps, including "DropBox, Twitter, Facebook, and dating websites." He noted, "Now, many of these services encrypt their traffic, which is admirable." However, he added that in most instances "we can still get useful data that they provide in, e.g., their User Agent. And there's no reason for them to do this."
"This isn't even hard—and it should be hard. And that is pretty disturbing to me," O'Connor said. "People fix vulnerabilities when the kid on the street corner can abuse it. Maybe it's time to fix this now." Years later, we're no better off.
That talk was covered by a fair number of mainstream news outlets, and what O'Connor said has been repeated over the years in different ways by other security researchers. Still, it seems like most people don't realize what kind of data is being broadcast from their devices. Despite what appears to be consumers' growing concerns about privacy, 90% of people keep the location services function on their smartphones switched on at all times.
O'Connor soberly cautioned, "If every person on the planet can use this surveillance technology, I think we should start to design things not to leak information at every level. You leave behind a trail that can be tracked not just by the NSA or a law-enforcement agency, but by any kid in a basement with less than $500."
It may feel like there's no practical way to defy the built-in surveillance that phones provide. But I refuse to let phone and app makers show blatant disregard for the sanctity of our private lives. I won’t give up the fight for privacy, or accept that it's "too late." And you shouldn't, either.
Keep reading this chapter to learn how to fight this. You'll make better decisions about the risks and rewards of including your cellphone in your everyday digital revolutionary kit.
The problem with phones at protests
Thanks to the 230 people who were arrested at the Trump inauguration protests, we are starting know more about how the authorities use phones against people who are arrested. In this instance, Washington, D.C. police swept up everyone they could. Medics, legal observers, and six journalists (Voactiv, RT America, others) were in the mass arrests. All of their phones were confiscated and retained.
One of the people arrested at the December 20 inauguration protests got an email shortly after the arrests from Facebook’s "Law Enforcement Response Team" saying law enforcement wanted their data. In typical Facebook style, the letter was an inevitable countdown to that data being handed over unless the respondent figured out how to file an objection.
See also: Inauguration-protest arrests lead to Facebook data prosecution (Engadget)
Everyone arrested in those protests faced felony charges that carry penalties of up to 10 years in prison. In San Francisco, where we love a good protest, it's very rare that arrested protesters get prosecuted, so it's surprising for protestors to have their social media scrutinized after an arrest.
As with most cities across America, the SFPD will commonly search the social media of suspects arrested if they believe that the suspect posted something related to the crime (like photos of a beating). SFPD even has an officer devoted to following social media—most heavily, Snapchat and Instagram, as those are apparently where you find the best evidence of crimes.
As for protests elsewhere in California, Oakland Police and other agencies like CHP haven't hid the fact that they are monitoring Twitter to determine protestor movement and plans. It makes sense that they're in the open about it, seeing that the Bay Area is ground zero for ethically challenged startups that invade our privacy. Fighting Big Brother's Silicon Valley BFFs has become part of our DNA. But a wide-ranging Facebook subpoena for felony protest prosecution isn't something we've seen the likes of—yet.
A subpoena issued to Facebook by the U.S. Attorney's Office on January 27, 2017, one week after the inauguration, requested by a D.C. Metropolitan Police detective, is chilling. Issued on yet a different inauguration arrestee, it requests subscriber information from Facebook that includes all names, all addresses (home, business, emails), phone records, session details (IP, ports, etc.), device identification info, payment information, and more.
"The redacted blocks on the second page shield columns of phone numbers, which are connected to other arrestees for whom the District Attorney and police are seeking information," it read. The list of phone numbers may indicate that police have gained access to someone's phone and are building a case with what they found. A screenshot provided to The Atlantic's webzine CityLab indicates police began mining information from the confiscated devices right after the arrests.
It's possible that any activity reporters and lawyers observed coming from the confiscated phone might've been something like automated pinging by Gmail to Google's servers. But consider this: When phones are taken as evidence, they're supposed to be secured in a signal- blocking Faraday bag to prevent remote wipes. Fred Jennings, a cybercrime defense attorney at the firm Tor Ekeland, P.C. in New York, told CityLab "If it had been secured properly and placed in the bag to safeguard it, there'd be no way for it to ping the server."
Less than six months after the arrests, court documents surfaced revealing efforts of the authorities to crack around 100 of the arrestees' phones to access the contents.
"The government is in the process of extracting information from the rioters' cellphones pursuant to lawfully issued search warrants, and expects to be in a position to produce all of the data from the searched rioter cellphones in the next several weeks," the filing read. The prosecutors also plan to try the accused en masse to save time, which you'd be inclined to believe is a violation of everyone's right to a fair trial, because it totally is.
It's interesting to note that the prosecutors were stymied by the simple act of locking a phone. "All of the rioter cellphones were locked," the filing said, "which requires more time-sensitive efforts to try and obtain the data." Keep in mind that it's the prosecutors who are stopped; forensic tools are certainly available for law enforcement techs to crack these phones.
It's not too much of a leap to worry that what happened to protesters in D.C. could happen to anyone who is in the wrong place at the wrong time—for example, during a peaceful march or protest that gets weird. Most people aren't being targeted by the CIA, FBI, or even the "collect it all, sort it out later” NSA—so unless you're committing a federal crime, government surveillance is probably not at the top of your personal "threat model." However, attending a Women's March or crossing an international border might put a variety of authorities on your list of possible surveillance threats.
This is essentially the online equivalent of the U.S. having a secret police cruising around everyday society looking for anybody saying anything suspicious.
It is also used in so-called "profiling" software, like the kind used by police in Los Angeles, California called PredPol (short for "predictive policing"). Not surprisingly, PredPol has been shown to unfairly target and profile African Americans for crimes the authorities believe people will commit.
Along with startups like PredPol, there are similar companies like Geofeedia who sell social media data to authorities for real-time surveillance. Geofeedia specifically marketed its service to police for targeting activists of color. It is one of over a dozen surveillance software systems marketed and sold to law enforcement around the country, and the world. They're used every day by police in departments across the U.S. Some combine all this with big data's profiles, bought and sold in volume thanks to the online advertising sector that companies like Facebook cater to.
For instance, the city of Denver, Colorado saw its police department spend around $30,000 on surveillance software designed to intercept, aggregate, and store social media posts across at least a dozen networks, according to police records. We found out when the Geofeedia story broke in 2016 that the company used social media sites' developer tools to monitor and collect people's posts, even if the posts are private.
With Geofeedia, Denver police acquired the ability to simultaneously monitor posts on Facebook, Twitter, YouTube, Instagram, Vine, Periscope, and Flickr, among others. Its location-based search capabilities enable police to vacuum up nearly every social media post emanating from within specified geographical boundaries. The tweets, photos, videos, and live broadcasts of anyone identified by the software within the area are intercepted and recorded by police through a process developers call “geofencing.”
As you'd expect, this is a setup for abuse of power. It doesn't help that the big data profiles underlying many of these systems are based on incorrect information, leading to wrongful arrests. Basically, businesses are having a field day on selling data and access, while police and authorities are at an all-you-can-eat buffet of our data (so are advertisers, who are a huge part of the cycle). Lawmakers barely understand what's going on. So it's up to us to cut off as many avenues of surveillance possible, at the very least because absolutely no one is being responsible with our data.
Some of this could be solved by ditching our devices in favor of carrying on-the-scene burner phones, which is always an option (and described later in this chapter). But first, figure out what you can do to reduce your surveillance footprint with the phone you've got, because it may be all the protection you need.
Nail down your settings
Android or iPhone? You'll hear a lot of people telling you different things about what's safe and what's not. But what matters is that you know how to best use the phone you have, and find out about any limitations in function, form, or in securing your privacy before you use it.
Most people use Android phones, though iPhones have advantages when it comes to security. That's not to say Androids can't be used securely, it means that iPhone has more control over their user's security—so you have less choice for ways to use your phone, and Apple has more control over you. Android has less control over your security, but it also comes with less limitation when you want to do something different, like use experimental apps.
Whatever phone you have, there are a few things you'll want to do to it while you're reading this chapter. We're going to do the basics in hack-proofing your phone.
First, grab your phone and set up a pass code or pin to unlock it, if you haven't already. Set it to time out with a duration that won't drive you nuts while you’re using it, but also won't let a thief get into your phone if they snatch it out of your hands on the street. If you have Touch ID or fingerprint recognition, turn it off—your hand can be held to the phone to open it without your consent, which happens more often than you'd think.
Next, go into your phone's settings and look in the Security section. Turn on encryption. Spend some time in the Security settings, and change anything that you think might leave you exposed.
Turn off Bluetooth and NFC if you're not using those features. Turn off anything that lets your phone connect to open (public) WiFi on its own. You never know when you're connecting to a hostile network, so you don’t want your phone randomly doing it without you knowing.
Device security 101:
• Activate a device password
• Turn on encryption
• Install and use a secure (encrypted) messaging service
• Install and use a VPN
• Keep your device and apps updated
Install a VPN app on your phone for when you connect to public WiFi, to protect your traffic from getting intercepted on those networks. Google's wireless data program Google Fi has automatic VPN built-in, so it detects when your phone is connecting to possibly insecure WiFi, and protects you automatically. Read up on VPNs in the next chapter ("Defy Surveillance") and select one that works best for you: Any reputable VPN will have an app for your other devices. Always use a VPN when you connect to WiFi outside your home network.
Next you'll want to make sure no one can figure out your location when you take pictures with your phone. Most photo apps give you the option to remove the data that's in a photo file that can give snoops your exact coordinates when you took that photo.
On an Android phone, go to Settings and Apps, then tap each app you take photos with to see if it's collecting your location. Toggle Location to "off" if it isn't already. To prevent your iPhone or iPad from saving location data in photos, you can follow these simple steps:
• Open up the Settings app.
• Navigate to Privacy > Location Services.
• You'll see a list of apps. Tap on Camera and then select Never.
Some apps will track your location in the background without your knowledge and send it to home servers in logs. Most phones allow users to toggle overall device location services on and off in Settings.
Phone signal interception
Just by the way it functions, a phone will routinely send your location to a base transceiver station, and records of your physical location will be stored in a database somewhere. It's not difficult to find (triangulate) where you are on a map even if you have location apps turned off, just by observing the cell towers and WiFi hotspots your phone connects to. In extreme cases, there may be times when you need to leave your phone at home or somewhere else if you're really worried about being surveilled (or tracked by police at a protest, for instance).
Authorities are more frequently using fake base stations, also called "IMSI catchers" or "Stingrays" to track the location of citizens at protests and intercept their communications. They're used by police and federal government for what's called "lawful surveillance." The "lawful" part is up for debate according to digital civil liberties groups. In countries outside the U.S., this practice has been commonplace for quite some time.
In 2014, protesters in Kiev (Ukraine) who got close to the scene of violent clashes unexpectedly received a text message from authorities. It read, "Dear subscriber, you are registered as a participant in a mass riot." Afterward telephone providers MTS and Kyivstar both issued a statement saying neither had been responsible for sending out the messages. The texts came from law enforcement who had intercepted the cell signals of thousands of people, and wanted to discourage their further participation in protests.
Stingrays have entered our wider cultural discussions about authorities and surveillance, from protests to U.S. immigrant targeting. The ACLU discovered in May 2017 that Immigration and Customs Enforcement (ICE) and U.S. Customs and Border Protection obtained a search warrant authorizing use of a cell phone tracker to locate an immigrant suspected of being removable.
"Although it has been publicly known for several years that ICE has purchased cell site simulator technology," ACLU wrote in a blog post, "this is the first time the ACLU has seen evidence of use of the technology in a particular ICE investigation or operation."
There is a lot of highly technical, frequently confusing, and often contradictory information about Stingrays and IMSI catchers. One of the pieces of advice you'll run into frequently online is that one symptom of IMSI (signal interception) use is noticing a fast battery drain on your phone.
However, it's also true that being in an area packed with lot of people using cell phones, or just doing a lot of photos, video, online status checks, or uploads will drain your battery just the same. If you're worried, keep your phone in "airplane" mode, or just shut off your phone. Turn it back on when you need it.
Ultra-cautious Android users will want to check out apps like SnoopSnitch. This app collects and analyzes mobile radio data to make you aware of your mobile network security. It warns about threats like fake base stations (IMSI catchers), user tracking, and red flags like unexpected, over-the-air updates.
See also: Privacy International
Best phones to protect your data and best practices
No matter which phone you have, some company is Hoovering up your data and doing whatever they want with it. For Android, it's Google. With iPhone, it's Apple. Other phones may see you handing over your info to Microsoft, Blackberry, or others. Not all of them handle your data with equal respect to privacy and security, and each of them may (or may not) fight on your behalf against inquiries, requests, or demands from authorities to get your info.
Some are better at security than others; namely, Apple's iPhone. That extra bit of security comes with trade-offs, of course, such as Apple's censorship in its app store (limiting the revolutionary tools you can use on your phone), and other of Apple's issues.
The iPhone, hands-down, has been the toughest for criminals to crack and the biggest pain for authorities who'd like to rifle through a user's digital belongings. That doesn't mean it's impossible to crack; no one phone is ever truly safe or secure. Next in line for tight security is Google's own Project Fi network and the associated Android phones (like the Pixel), but this service isn't available everywhere.
Ultimately, you can counteract data collection, malicious hacking, potential government spying, and stalkers by following these best practices:
• Go into your phone settings and review all the privacy and security choices. Turn off anything you can that sends data back to Apple, Google, or anyone else—even if they say it helps improve your experience or their product.
• Look for ways to opt-out of data sharing with third parties: Search online for how to do this with both your phone system (like Apple) and your carrier (like AT&T).
• When you're in an environment you think might be digitally hostile, turn off Bluetooth and put your phone in "Airplane" mode until you need to use it.
• Don't let your phone join open WiFi networks.
• Keep Bluetooth off to prevent hacking anyway.
• Never install an app you haven't researched to make sure it's safe first.
• Don't open texts or emails from anyone you don't know on your phone.
• Don't click links in texts or emails unless you have to, and only then from a person you trust. Same goes for opening attachments and images.
• Install and use a reputable VPN on your phone for when you need to use public WiFi.
• Don't let your phone out of your sight, or let anyone else use it.
• Keep your phone PIN or password protected, and make it a good one.
• Be aware of anyone looking over your shoulder when you unlock your phone. Look out for cameras or phones that might be pointed at your screen.
• Avoid using the fingerprint unlock for your phone: it's legally less protected than your password or PIN. Also, your finger can be used to unlock the phone without your consent, and authorities have been reported doing this.
• Never charge your phone on an unfamiliar charger or cord; these can also be hacked, and it's not difficult.
• If you're going across a border, log out of your accounts.
• If you're going to an event like a march or protest, log out of all non-essential accounts.
The essential ones would be the ones you're using to share the event (and media associated with it) and communicate with your group.
Burner phones and apps
A "burner phone" is just another name for a prepaid phone that's used in addition to (or sometimes instead of) your regular cellphone. A burner is usually bare-bones, and privacy-conscious people really like using burners for just that fact alone. You can buy a burner, or make your own. Typically, you'll buy a phone, or a phone plus a SIM card, and load up your burner with minutes.
Your burner can be a fully-functional, cheap, unlocked smartphone with a reloadable SIM card—perfect for keeping minimal personal info on, and taking with you to protests or across borders. It's your second phone. This way, your primary phone and all its information about you stays somewhere safe when you're in a tight spot.
Or, your burner can be a no-frills, no-apps, pseudononymous communication tool that makes it practically impossible to track you: Great for keeping you almost completely off the radar. One reason to go this route is to avoid carrying a device that has a WiFi chip in it.
In addition to apps tracking you, all tablets and smartphones come equipped with a WiFi chip, which is one of the main ways you can be tracked and identified. The chip includes a unique identifier number known as a "MAC address." When your device connects to the Internet over WiFi, the MAC address is reported and recorded.
Burners are great for privacy. When you buy one, you don't need a Google or iTunes account, GPS won't track your location, and you won't have ads in every app logging your activities. Prepaid carriers—like with the Ting SIM card—can’t share your personal information because it’s not collected unless you voluntarily give it to them. You can provide any name when you register your burner, or no name at all.
People get burners for a lot of different reasons. They're great to have as a backup if your phone dies. You can use them to avoid being tracked or spied on with your regular phone. Burners are hearty and can withstand being dropped, and you can use them with gloves because there's no touch screen.
It's important to know that burners can be legally traced, but it’s just a lot more difficult. Burners can be tracked by using a method called cellular triangulation, which can divulge a fairly accurate location. But without anything else to tie it to (like a name or other data), it's not as useful to whoever is trying to spy on you.
One common kind of burner phone is the fully-functional Blu Phone, which can be found at stores like Wal-Mart or Target, or online at Amazon (among other places). If you buy a burner from Amazon, go pick up an Amazon gift card with cash at a retailer. TracPhone and Boost Mobile are other popular burners. Most are prepaid Android or Windows Phones.
If you want to restrict your surveillance footprint to its absolute minimum, all you need is an unlocked "GSM" phone (no apps or WiFi) and a loadable SIM card. Be properly paranoid when you buy it; pay in cash for a gift card. Options for SIM cards include Ting, ZipSIM, GoPhone, Cricket, and others.
Start by popping the SIM card out of its package, and put it into your burner phone.
Now you're ready to activate the SIM card. Follow the instructions that came with the card, usually telling you to text in your zip code. A few minutes later, you'll get a text message back with your new local phone number. You're ready to go!
You might be wondering, what's the point of a digital revolutionary using a phone if it doesn't have apps for sharing and communicating? Guess what: Even if your burner phone only has SMS, you can still communicate with some apps and social networks. This gives you a way to make updates without Internet service. It'll also mean little-to-no tracking of your location and activities, plus you're not losing the farm if your phone gets dropped or confiscated.
For Facebook, log in and visit your mobile settings page. Follow the directions to add your new burner number, then you’ll be able to send and receive texts for new messages. After setup, you can text FBOOK (32665) to update your status.
One interesting option are apps that act as a burner number on your phone (some work with iPad). These app anonymize your texts and phone calls by routing your call or message through a new phone number. It’s an actual phone number that works, so you can give that number out to people without revealing your identity. If you want to "burn" and discard that number, just delete the number and it'll go out of service. You can also use them as a kind of caller ID, to keep your real number private.
The Burner app is $4.99 a month, and is available for iOS and Android devices. Burner has a Chrome extension that helps with managing numbers, but it doesn't do calls or texts on the desktop. It does, however, integrate with apps like Dropbox, Evernote, Slack, and SoundCloud to help you with sharing or storing voicemails and contacts. Burner also lets you lock it with a PIN code.
Hushed is similar to Burner. It starts with a five-day free trial, then $1.99 for seven days or $3.99 per month with limited calls and texts. Hushed will become VoIP, meaning it'll default to making calls over WiFi when it can, rather than using data. All texts between Hushed users are free, and they "disappear" (auto-delete after being read. Unlike Burner, Hushed is available in over 40 countries. It comes in iOS and Android flavors.
CoverMe is another burner app with end-to-end encryption for conversations between CoverMe users, including calls and texts made over phone numbers provided by the company. They don't like to be called a “burner app” though, preferring to say the provide a secure virtual phone system. Everything with this app stays in a password-protected, encrypted vault. You can send self-destructing messages, and remotely wipe messages you've sent. It has a lot of security features, like decoy passwords. CoverMe is available for Android and iOS, and starts at $4.99 for a basic package.
Image via Burner app.