This is exactly why I was railing against some of the earlier protests which featured politicians openly asking protestors to take out their phones and send texts to opt-in for fundraisers. Besides all the obvious bullshit, it put those protestors who didn’t know better at serious risk.
Thankfully, I haven’t seen too much of that at the protests I’ve been to recently, but this is a good reminder that we have to keep educating people to leave their phone at home.
At protests you should not bring your smartphone but instead rely on anonymous drvices such as Meshtastic.
If you want to bring your smartphone to a protest, set Airplane mode and communicate with others through Bluetooth or WiFi networks using Briar or Bitchat
May I ask you how? Or if you have more info? No criticism here, honest question. Afaik the only way to do that would be to fingerprint a behavioural pattern, which albeit possible is surely more secure than cell communication.
Meshtastic with 3 jumps would be stretching for actual communication. Plus Bluetooth is even worse for security. Direct connection might be a better way to use the device.
I’ve had meshtastic for about 2 ish years now and its still being worked on.
What is unsafe about cell communication is that there is virtually no way to prevent being tracked. Bluetooth is not necessarily more secure but has several advantages:
Its Mac address can be easily changed. With a fake Mac address it’s more difficult to track someone down, albeit it needs some “technical skills” (going in the developer settings)
With these apps communication is encrypted by default unlike cell tower communication
The range is limited. If police listens over Bluetooth they’ll be able to track less people down
It’s amazing how many times I saw this knowledge being spread, together with thousands of umbrellas and hard hats during the Hong Kong riots from day one with “Hong Kong, add oil” as their first slogan combined with very mild mannered arguments (we don’t know if it could lead to more serious things) against the extradition law which was supposed to affect maybe half a dozen people per decade, all serious criminals. A law almost every country has on earth that the US used against the daughter of the owner of one of the largest companies in the world, for the flimsiest of reasons, in contrast to the walled-off-to-arrest-one-particular-teen-girl-axe-murderer-to-be-shipped-to-Taiwan-law Hong Kong tried to implement.
How many people have been affected by the Alien Enemies Act again?
And how did the The protests were call “No kings” remember that? Remember that it was called NO KINGS “Unbiased. Straight. Facts” SAN? Do you remember that? No? Okay, well… “anti-ICE” it is protests go?
Because apart from the shocker that you were being surveilled, I think the protests needed a little bit less “Zero demands, not one more” chants and a little more ‘We demand and protest until we win and get what we want’ kind of thing.
But we’re talking about a protest where bad actors (the police) just want the names of its attendants. Our phones scream to everyone “I am [name surname] and I am here!”. Bluetooth instead says the same but with a lower tone of voice, so less people can listen. Also, with little configuration you can instruct it not to broadcast its identifier.
Yeah, if you go protest you should leave your tracking device at home or, even better, with a friend or relative who you know will not be there. The US government doesn’t require subcutaneous tracking chips (yet), you can put yours away.
Cops use devices to pretend to be a celltower, so your phone connects to it, and then they use it to spy on you. Rayhunter looks for this behaviour and warns you if it detects a suspicious tower that behaves like cops pretending to be a tower.
What do you do if it comes up positive? Presumably if you know it’s a risk, you’d leave your phone in airplane mode or at home, and if you know it’s happening you’ve already been recorded?
I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.
Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.
The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.
On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
This is exactly why I was railing against some of the earlier protests which featured politicians openly asking protestors to take out their phones and send texts to opt-in for fundraisers. Besides all the obvious bullshit, it put those protestors who didn’t know better at serious risk.
Thankfully, I haven’t seen too much of that at the protests I’ve been to recently, but this is a good reminder that we have to keep educating people to leave their phone at home.
I like how the image clearly shows a blue sky for this very expected and foreseeable headline.
Pass paper notes
At protests you should not bring your smartphone but instead rely on anonymous drvices such as Meshtastic.
If you want to bring your smartphone to a protest, set Airplane mode and communicate with others through Bluetooth or WiFi networks using Briar or Bitchat
Bluetooth and WiFi can be tracked as well, even with “anonymized” WiFi MAC addresses.
May I ask you how? Or if you have more info? No criticism here, honest question. Afaik the only way to do that would be to fingerprint a behavioural pattern, which albeit possible is surely more secure than cell communication.
The “find my” networks still function with randomized macs and “fully” powered down devices
Meshtastic with 3 jumps would be stretching for actual communication. Plus Bluetooth is even worse for security. Direct connection might be a better way to use the device.
I’ve had meshtastic for about 2 ish years now and its still being worked on.
What is unsafe about cell communication is that there is virtually no way to prevent being tracked. Bluetooth is not necessarily more secure but has several advantages:
It’s amazing how many times I saw this knowledge being spread, together with thousands of umbrellas and hard hats during the Hong Kong riots from day one with “Hong Kong, add oil” as their first slogan combined with very mild mannered arguments (we don’t know if it could lead to more serious things) against the extradition law which was supposed to affect maybe half a dozen people per decade, all serious criminals. A law almost every country has on earth that the US used against the daughter of the owner of one of the largest companies in the world, for the flimsiest of reasons, in contrast to the walled-off-to-arrest-one-particular-teen-girl-axe-murderer-to-be-shipped-to-Taiwan-law Hong Kong tried to implement.
How many people have been affected by the Alien Enemies Act again?
And how did the
The protests were call “No kings” remember that? Remember that it was called NO KINGS “Unbiased. Straight. Facts” SAN? Do you remember that? No? Okay, well…“anti-ICE”it isprotests go?Because apart from the shocker that you were being surveilled, I think the protests needed a little bit less “Zero demands, not one more” chants and a little more ‘We demand and protest until we win and get what we want’ kind of thing.
Isn’t Bluetooth easy to intercept?
Not at the same scale as mobile traffic
Bluetooth by definition doesn’t go much past 10-20 meters
Super easy. You can also do basic triangulation with some specialty hardware.
But we’re talking about a protest where bad actors (the police) just want the names of its attendants. Our phones scream to everyone “I am [name surname] and I am here!”. Bluetooth instead says the same but with a lower tone of voice, so less people can listen. Also, with little configuration you can instruct it not to broadcast its identifier.
Yeah, if you go protest you should leave your tracking device at home or, even better, with a friend or relative who you know will not be there. The US government doesn’t require subcutaneous tracking chips (yet), you can put yours away.
You can help
I flashed a $10 orbic to take to local protests.
ELI5?
Cops use devices to pretend to be a celltower, so your phone connects to it, and then they use it to spy on you. Rayhunter looks for this behaviour and warns you if it detects a suspicious tower that behaves like cops pretending to be a tower.
What do you do if it comes up positive? Presumably if you know it’s a risk, you’d leave your phone in airplane mode or at home, and if you know it’s happening you’ve already been recorded?
At the moment, about all you can do is let others know and submit the log to EFF so they can better understand how these stingrays are being used.
Or I guess if you’re feeling froggy; look around for a van/trailer with suspicious antenna(s).
Sometimes you just gotta draxlum sclountszts
You triangulate the signal and pass the coordinates to artillery teams.
I don’t understand why cell phones don’t authenticate the towers they connect to. Is this really just a “standards lag behind modern security” thing, or is it on purpose to allow these Stingray devices to be used?
IMEI/IMSI are collected (and immediately linked, hence deanonymized even if SIM was inserted only once) by cell tower operators. Just not bring your device, period.
Yeah, I agree with that personally, but realistically, “your phone was near a place” is not the same as “you were involved”. If they hijack a phone onto a Stingray, they can get way more info than just IMEI.
Think long term movement patterns, correlations with others such, anomaly detection.
I believe it’s because they assume it’s not necessary because it was until now
… so I imagine there was no authentication because there was no practical threat beside few “fun” examples in CCC or DEF Con.
The use of Stingray by US law enforcement has been challenged on grounds that the law enforcement agencies have no spectrum license. Those challenges seem not to have found success.
On the other hand, prisons in the US have been stopped from operating cell phone jammers on prison grounds, on the same complaint of no spectrum license.
Even if they did, I don’t see government having trouble getting a proper authentication key.
I assume on purpose
EFF missed a fun opportunity to call the Rayhunter “DeCSS”.
Well I see a problem there. It doesn’t specify the cause of the danger or the reason the person is in danger in the first place.
We are always at war with Eurasia