Exclusive: Evidence of cell phone surveillance detected at anti-ICE protest
san.com
external-link
Mobile network anomalies consistent with cell phone surveillance were detected at a July 4 protest at an ICE field office in Washington state.
djsoren19
link
fedilink
English
313h

This is exactly why I was railing against some of the earlier protests which featured politicians openly asking protestors to take out their phones and send texts to opt-in for fundraisers. Besides all the obvious bullshit, it put those protestors who didn’t know better at serious risk.

Thankfully, I haven’t seen too much of that at the protests I’ve been to recently, but this is a good reminder that we have to keep educating people to leave their phone at home.

I like how the image clearly shows a blue sky for this very expected and foreseeable headline.

At protests you should not bring your smartphone but instead rely on anonymous drvices such as Meshtastic.

If you want to bring your smartphone to a protest, set Airplane mode and communicate with others through Bluetooth or WiFi networks using Briar or Bitchat

Bluetooth and WiFi can be tracked as well, even with “anonymized” WiFi MAC addresses.

tired_n_bored
link
fedilink
5
edit-2
18h

May I ask you how? Or if you have more info? No criticism here, honest question. Afaik the only way to do that would be to fingerprint a behavioural pattern, which albeit possible is surely more secure than cell communication.

@[email protected]
link
fedilink
English
416h

The “find my” networks still function with randomized macs and “fully” powered down devices

mesa
link
fedilink
English
620h

Meshtastic with 3 jumps would be stretching for actual communication. Plus Bluetooth is even worse for security. Direct connection might be a better way to use the device.

I’ve had meshtastic for about 2 ish years now and its still being worked on.

tired_n_bored
link
fedilink
4
edit-2
20h

What is unsafe about cell communication is that there is virtually no way to prevent being tracked. Bluetooth is not necessarily more secure but has several advantages:

  1. Its Mac address can be easily changed. With a fake Mac address it’s more difficult to track someone down, albeit it needs some “technical skills” (going in the developer settings)
  2. With these apps communication is encrypted by default unlike cell tower communication
  3. The range is limited. If police listens over Bluetooth they’ll be able to track less people down
@[email protected]
link
fedilink
6
edit-2
21h

It’s amazing how many times I saw this knowledge being spread, together with thousands of umbrellas and hard hats during the Hong Kong riots from day one with “Hong Kong, add oil” as their first slogan combined with very mild mannered arguments (we don’t know if it could lead to more serious things) against the extradition law which was supposed to affect maybe half a dozen people per decade, all serious criminals. A law almost every country has on earth that the US used against the daughter of the owner of one of the largest companies in the world, for the flimsiest of reasons, in contrast to the walled-off-to-arrest-one-particular-teen-girl-axe-murderer-to-be-shipped-to-Taiwan-law Hong Kong tried to implement.

How many people have been affected by the Alien Enemies Act again?

And how did the The protests were call “No kings” remember that? Remember that it was called NO KINGS “Unbiased. Straight. Facts” SAN? Do you remember that? No? Okay, well… “anti-ICE” it is protests go?

Because apart from the shocker that you were being surveilled, I think the protests needed a little bit less “Zero demands, not one more” chants and a little more ‘We demand and protest until we win and get what we want’ kind of thing.

Maeve
link
fedilink
51d

Isn’t Bluetooth easy to intercept?

Not at the same scale as mobile traffic

Bluetooth by definition doesn’t go much past 10-20 meters

mesa
link
fedilink
English
5
edit-2
20h

Super easy. You can also do basic triangulation with some specialty hardware.

tired_n_bored
link
fedilink
2
edit-2
19h

But we’re talking about a protest where bad actors (the police) just want the names of its attendants. Our phones scream to everyone “I am [name surname] and I am here!”. Bluetooth instead says the same but with a lower tone of voice, so less people can listen. Also, with little configuration you can instruct it not to broadcast its identifier.

Pass paper notes

Yeah, if you go protest you should leave your tracking device at home or, even better, with a friend or relative who you know will not be there. The US government doesn’t require subcutaneous tracking chips (yet), you can put yours away.

@[email protected]
link
fedilink
English
441d

You can help

I flashed a $10 orbic to take to local protests.

ELI5?

@[email protected]
link
fedilink
English
261d

Cops use devices to pretend to be a celltower, so your phone connects to it, and then they use it to spy on you. Rayhunter looks for this behaviour and warns you if it detects a suspicious tower that behaves like cops pretending to be a tower.

What do you do if it comes up positive? Presumably if you know it’s a risk, you’d leave your phone in airplane mode or at home, and if you know it’s happening you’ve already been recorded?

@[email protected]
link
fedilink
English
1121h

At the moment, about all you can do is let others know and submit the log to EFF so they can better understand how these stingrays are being used.

Or I guess if you’re feeling froggy; look around for a van/trailer with suspicious antenna(s).

chingadera
link
fedilink
217h

Sometimes you just gotta draxlum sclountszts

You triangulate the signal and pass the coordinates to artillery teams.

plz1
link
fedilink
English
191d

I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?

IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.

plz1
link
fedilink
English
118h

Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.

Think long term movement patterns, correlations with others such, anomaly detection.

@[email protected]
link
fedilink
6
edit-2
1d

why cell phones don’t authenticate the towers they connect to.

I believe it’s because they assume it’s not necessary because it was until now

  • prohibitively expensive, but now a “tower” is less than 2k EUR e.g. https://www.crowdsupply.com/ukama/ukama
  • prohibitively complex, see above, namely you don’t need to be a TelCo engineer to get it going
  • probably illegal, namely you needed (and I bet still need in most places) wireless band allocation before you could deploy anything

… so I imagine there was no authentication because there was no practical threat beside few “fun” examples in CCC or DEF Con.

The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.

On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.

Even if they did, I don’t see government having trouble getting a proper authentication key.

Fluffy Kitty Cat
link
fedilink
English
41d

I assume on purpose

Em Adespoton
link
fedilink
91d

Those circumstances include immediate threats to national security and situations where a person is in danger of death or serious injury.

Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.

We are always at war with Eurasia

Em Adespoton
link
fedilink
81d

EFF missed a fun opportunity to call the Rayhunter “DeCSS”.

Create a post

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

  • 1 user online
  • 29 users / day
  • 150 users / week
  • 309 users / month
  • 1.58K users / 6 months
  • 1 subscriber
  • 3.78K Posts
  • 47K Comments
  • Modlog