this post was submitted on 28 Apr 2024
139 points (74.2% liked)

Technology

59583 readers
3287 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 135 points 6 months ago* (last edited 6 months ago) (8 children)

Further advice regarding civil disobedience:

LEAVE YOUR PHONES AT HOME. Write down some numbers in case you get arrested—or better yet, memorize them. There are journalists there for documenting. And there will be plenty of other people that don’t follow this advice. Leave anything they could use as leverage over you and your cohorts away. Don’t bring ID. Don’t bring anything except what you need for the action. It’s not worth the risk.

ETA: also, any of you with a new car? DONT DRIVE THAT SHIT TO ANY MEETING OR PROTEST. They’re spying on you. Don’t post about it. Don’t use any unencrypted messaging service to coordinate it—WhatsApp is not safe. Signal and probably some other less common ones are the only ones safe enough. Ride a bike there, stash it in a conveniently hidden spot. Bring a change of clothes, plan escape routes, plant the change of clothes either hidden on your escape route or wear them under your plain clothes. Cover tattoos. Leftist activists are not safe. And literally the rest of your life could depend upon how well protected you have made yourself.

https://www.theguardian.com/us-news/2022/feb/10/felony-charges-pipeline-protesters-line-3

So many states have pretty quietly passed laws to make you a felon for protesting. Even peacefully. And to make you a fuckin corpse. In the south especially, a few states were writing “go ahead, run over any protester in the road” laws.

Be smart. Be safe. Have a plan. Have a contingency plan. This isn’t “fuck around with the blunt end of the justice system and find out” territory, in 2024 US, it’s time to be as safe as you can while doing what’s right. Because doing what’s right is criminalized. Heavily.

[–] [email protected] 18 points 6 months ago (2 children)

If you’re going somewhere where you think you might be at risk, IMHO, it’s probably just easier to turn your phone off. Android and iOS both require a non-biometric passcode after boot.

Or, if you want to keep your phone on, enable lockdown mode on Android, or tap power 5 times on iOS to require a non-biometric password at the next unlock.

[–] [email protected] 46 points 6 months ago (21 children)

It’s never a good idea to bring your phone with you. It can be used, even while powered off, to track and surveil you. The BLM protests were just the tip of the iceberg. The apps you have on your phone track you. The government is buying that tracking data. Your phone is a massive privacy weak point. It’s basically a bug you carry on you willingly. It’s not safe. Period.

https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194

https://www.vox.com/recode/22565926/police-law-enforcement-data-warrant

Leave your phone at home. It’s not worth it. It may not bite you in the ass the day of, but could very easily come back to haunt you after they investigate, in case anything goes “wrong” in their eyes. It’s just not worth it.

[–] [email protected] 33 points 6 months ago (6 children)

IMHO, as someone that works in security / privacy, I tend not to view it as a binary thing. It depends on where you live, what you’re protesting, what you look like, who you are, etc.

Are you in Russia or China and are protesting the government? Yeah, I might leave that thing at home. Are you a white lady in San Francisco marching with a pink knit cat hat during brunch hours, then you’re probably well on the other side of the risk spectrum. You might actually be introducing more risk by having less immediate access to communication or a camera.

IMHO, it’s nuanced.

load more comments (6 replies)
load more comments (20 replies)
load more comments (1 replies)
load more comments (7 replies)
[–] [email protected] 98 points 6 months ago (10 children)

Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.

You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.

[–] [email protected] 45 points 6 months ago (16 children)

⚠️ WARNING: On android, mashing the power button 5 times calls emergency services.....

[–] [email protected] 24 points 6 months ago (2 children)

On android you can add a 'lockdown' mode to the power menu.

load more comments (2 replies)
[–] [email protected] 9 points 6 months ago

There are two ways you can do this on Android currently, but they're not as quick. You can try to unlock with the wrong finger 5 times and it will stop allowing fingerprint unlocks. Or, you can hold down the power button for 10 seconds and the phone will reboot and also disable fingerprint unlocking.

load more comments (14 replies)
[–] [email protected] 40 points 6 months ago (1 children)

I've always wanted a setting to create a lockdown key and an unlock key. So something like middle-finger to unlock but index-finger to force it into PIN/password only mode. So you can have some convenience of a quick unlock but if an authority figure asks or forces you to unlock it you can one-tap lock it down.

[–] [email protected] 7 points 6 months ago (1 children)
[–] [email protected] 8 points 6 months ago (2 children)

In GrapheneOS, a single wrong fingerprint disables fingerprint unlock until the password is entered.

load more comments (2 replies)
[–] [email protected] 20 points 6 months ago (1 children)

Android has a similar feature. It's called "Lockdown mode" on the shutdown menu. Locks the phone and turns off any biometric unlocks.

[–] [email protected] 16 points 6 months ago (14 children)

Except it doesn't activate by mashing the power button 5 times. On my Pixel 8, that activates the emergency dialer that will automatically call 911 if you don't cancel the prompt in 5 seconds. I did not know that before. Probably a better use for that feature. It also points out the different ideologies of Apple vs Android.

[–] [email protected] 8 points 6 months ago (1 children)

It does the same thing on iOS, but face/Touch ID is disabled after.

load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 12 points 6 months ago (2 children)

In a getting pulled over situation, this works. But do it before you go protest anything. Or better yet, leave your phone at home. You don’t want to be reaching for something while a cop is pointing a gun at you and saying “Hands up!”

[–] [email protected] 11 points 6 months ago (1 children)

Not to mention it's pretty regular to track who is participating by checking the towers in the zone all the people are participating.

load more comments (1 replies)
[–] [email protected] 7 points 6 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 9 points 6 months ago* (last edited 6 months ago) (7 children)

That's terrifying. So once we have tech to forcibly see inside the brain, that will be legal too?

[–] [email protected] 6 points 6 months ago

“You shouldn’t be worried if you have nothing to hide” 🤷‍♂️

Tap for spoiler/s

load more comments (6 replies)
load more comments (5 replies)
[–] [email protected] 76 points 6 months ago (5 children)

The article pretty plainly says the guy was coerced into entering his password. So the headline feels a bit manipulative.

[–] [email protected] 22 points 6 months ago (5 children)

The headline is click-bait. I honestly don’t know why people still read this crap.

load more comments (5 replies)
[–] [email protected] 17 points 6 months ago* (last edited 6 months ago) (16 children)

It’s Gizmodo. Its all manipulative bullshit.

load more comments (16 replies)
load more comments (3 replies)
[–] [email protected] 51 points 6 months ago (13 children)

FYI Androids have a feature for this. If you are ever forced to interact with a cop you can press the side button and volume up(might be different on other phones) to select lockdown which will force your phone to only be opened with the password. Its gross that we need this feature, but now you know.

[–] [email protected] 12 points 6 months ago

iPhones do this too. Hold the lock and volume down button until your phone buzzes, to get to the SOS/reboot screen. Once that screen is activated, it’ll disable biometrics until the passcode is entered.

You can even take photos/videos with the locked phone, and the recordings won’t be able to be deleted from your iCloud until the passcode is entered. Handy for recording cops. Cuz even if they take your phone and delete the recording, it’ll still sit in your “Recently Deleted” for 30 days. And while the phone is locked, they can’t access that Recently Deleted folder to permanently wipe it. So you can just access your iCloud account from any computer and recover the “deleted” footage.

[–] [email protected] 10 points 6 months ago (1 children)

iPhones also have this feature, for a long time now:

https://ios.gadgethacks.com/how-to/keep-law-enforcement-out-your-iphone-your-privacy-intact-0194999/

Rather irresponsible of the article to not point out these features on Android and iPhone. Did a cop or government official write that article?

load more comments (1 replies)
[–] [email protected] 7 points 6 months ago

It's good that they have this, but there are a lot of situations involving cops where it's not going to be safe to stick your hand in your pocket. I'll just leave the biometrics off on my devices.

load more comments (10 replies)
[–] [email protected] 48 points 6 months ago (2 children)

Maybe don’t live in a fucking dystopia. The US is a police state and you have no freedom left.

load more comments (1 replies)
[–] [email protected] 46 points 6 months ago (14 children)

Terrible article. Even worse advice.

On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.

I suspect the same is true on Android.

Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.

With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.

If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.

[–] [email protected] 10 points 6 months ago (1 children)

Or they make a copy of your phone, alphanumeric password and all, and just sit on it for ten years until quantum computers make solving the password a piece of cake.

You should assume that any device confiscated by authorities will be copied and broken into eventually. Treat all data on said device as if it's already compromised.

[–] [email protected] 15 points 6 months ago (1 children)

Copying an iPhone isn’t as straightforward as you seem to think. Copying data from a locked iPhone requires either an exploit or direct access to the SSD / memory chips on the device (basically, chip-off forensics, which likely requires bypassing the storage controllers), and I assume the same is true for Android devices.

I’m not saying such exploits don’t exist, but local police departments don’t have access to them. And they certainly don’t have the capability to directly access your device’s storage and then reassemble it without your knowledge.

Now, if your device is confiscated for long enough that it could be mailed off to a forensics lab for analysis? Sure, then it’s a possibility. But most likely if they want your data that badly they’ll either hold onto your device, compel you into sharing the info with them, or try to trick you into giving it to them. Hanging onto your data without a warrant for over a decade is a high risk, low reward activity.

Your data’s more vulnerable to this sort of attack in transit.

load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 46 points 6 months ago (2 children)

It's frustrating to no end that fingerprints and face ID are treated like passwords when they should be treated like usernames.

load more comments (2 replies)
[–] [email protected] 27 points 6 months ago (1 children)
[–] [email protected] 9 points 6 months ago

Why does this comic always give me Lain vibes

[–] [email protected] 22 points 6 months ago* (last edited 6 months ago) (2 children)

## How to disable Face ID through the Power Off screen

  1. Hold down both the Side Button and either Volume Button at the same time for three seconds.
  2. The Power Off slider should appear. Tap Cancel.

You actually don't need to hit cancel, you can just hit lock, so you can do this whole thing with your phone in your pocket.

https://appleinsider.com/inside/iphone/tips/how-to-quickly-disable-face-id

This is easier and less intrusive than the lock-button-5-times method because it doesn't start making a phone call that you have to quickly cancel.

[–] [email protected] 14 points 6 months ago

This is the advice people (with iOS) should follow, not disabling biometrics altogether. Using FaceID or TouchID prevents shoulder surfing to find out what the password to your phone is. When local passwords have so much control over a device, using biometrics to prevent anyone from seeing what your passcode is is very useful.

load more comments (1 replies)
[–] [email protected] 16 points 6 months ago* (last edited 6 months ago) (14 children)

On pixel, if you ever need to - press and hold the power button, select "lockdown".

(It might apply to other androids too, I don't know.)

You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.

Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.

Universal: You could also just the tap the sensor with a "wrong" finger a few time, and the pin will be required.

Maybe don't do this one in front the cops...if you find your self in a postion where they are trying to unlock your phone, you probably don't want to piss them off. .


Edit: I'm surprised no one called me out on "if you're ever need to". The sentence was going to be "if you're even in a situation that needs...", but that was getting too long. Forgot to change you're to you.

load more comments (14 replies)
[–] [email protected] 15 points 6 months ago
[–] [email protected] 9 points 6 months ago* (last edited 6 months ago) (2 children)

A stipulation of Payne’s parole agreement was that he be willing to provide a passcode to his devices, though that agreement didn’t explicitly refer to biometric data. However, the panel said the evidence from his phone was lawfully acquired “because it required no cognitive exertion, placing it in the same category as a blood draw or a fingerprint taken at booking, and merely provided [police] with access to a source of potential information.”

These both seem like bad calls. You have a right to privacy, right? And for police to access your files/home/phone tap requires obtaining a warrant.

Fingerprints at booking gives access to public records. Not your own personal private data. Pretty sure drawing blood is justified suspicion of DUI.

load more comments (2 replies)
load more comments
view more: next ›