diff --git a/guide_english.md b/guide_english.md index fe02ff467df57ce13bc3b32ac4e884e6f6ba09ef..25bf80e9b9419778c0591805471e43b952e7a1e2 100644 --- a/guide_english.md +++ b/guide_english.md @@ -96,7 +96,7 @@ The second most important thing to know about mobile phones is that they have a Your phone's IMEI is registered in the operator network together with SIM card. **That means when you put a new SIM card into your old phone, it can be easily linked to your old SIM card.** -So for a safe phone, both SIM card and phone need to be acquired and used in a way that does not link them to any other information, i.e. by buying phones with cash and getting pre-registered SIM cards or registering them anonymously providing fake information (where at all possible), for example via TOR (see below). In EU you might consider getting SIM cards from countries that don't have mandatory SIM registration. +So for a safe phone, both SIM card and phone need to be acquired and used in a way that does not link them to any other information, i.e. by buying phones with cash and getting pre-registered SIM cards. In EU you might consider getting SIM cards from countries that don't have mandatory SIM registration. Besides law enforcement, even private corporations may be able to obtain the data your mobile number was registered with ([source](https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024)). @@ -107,16 +107,16 @@ For users of centralized location services (like Google Maps), the police may be With targeted surveillance, triangulation and querying data from the phone can locate it down to 50m ([source](https://en.wikipedia.org/wiki/U-TDOA)), or even 5m with a GPS-equipped phone ([source](https://de.wikipedia.org/wiki/GSM-Ortung#cite_note-3GPP43059-3)). -To get a more time-accurate location profile, state agencies may use so-called stealth pings / silent SMS to make a mobile phone contact its base station more often ([source](https://en.wikipedia.org/wiki/Short_Message_Service#Silent_SMS)). +To get a more time-accurate location profile, state agencies may use so-called stealth pings / silent SMS or simple calls to make a mobile phone contact its base station more often ([source](https://en.wikipedia.org/wiki/Short_Message_Service#Silent_SMS)). As a last resort, police can use so-called *IMSI-catchers* which pretend to be the strongest network cell available, and then record what phones book into them, potentially even recording calls and text messages ([source](https://en.wikipedia.org/wiki/IMSI-catcher), [some real-world examples](https://github.com/CellularPrivacy/Android-IMSI-Catcher-Detector/wiki/Unmasked-Spies)). -Police have been known to use geodata on all kinds of incidents and extended cell phone surveillance of 10s of people on the most ridiculous accusations, or even deploying IMSI-catchers on sit-ins against fascist marches, so the technical possibilities are not to be taken lightly. +Police have been known to use geodata on all kinds of incidents and extended cell phone surveillance of 100s of people on the most ridiculous accusations, or even deploying IMSI-catchers on sit-ins against fascist marches, so the technical possibilities are not to be taken lightly. ### Room Surveillance / "Silent Calls" Much controversy exists whether it is possible to tap mobile microphones even when no calls are going on. [This](http://www.cnet.com/news/fbi-taps-cell-phone-mic-as-eavesdropping-tool/) article hints the FBI has done it, while [this](http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone) research hints it would be built-in functionality. -We *guess* that that this is at maximum used against high profile targets, because if any hicksville cop shop was able to use that, the evidence of it would be better known by now. +We *guess* that that this is at maximum used against high profile targets, because if any hicksville cop shop was able to use that, the evidence of it would be better known by now. However keeping in mind built-in part you should consider your phone compromised if it was in hands of the police at certain moment of time. Open source mobile operating systems offer no protection against those attacks, because there is usually a direct connection from the microphone to the (always closed source, as to comply with regulations) baseband firmware and it can not reliably be powered off. @@ -125,26 +125,33 @@ To make matters worse, mobile phones without SIM card might still pre-register t On smartphones, malicious apps provide additional surveillance (see *Smartphones* below). To err on the side of caution, it is advisable to leave your phone at home when visiting a sensitive meeting, or at least take out your phone's battery a good couple of km from the meeting point, because the attendants, (cell tower) location, time and duration of a sensitive meeting can easily be spotted by 30 people switching off their phones simultaneously. -Especially when meeting with small groups in densely populated areas, it might be as good to simply put the powered on mobiles in a location outside hearing distance (the fridge two rooms away, for instance). -It should be noted that mobile phones transmit power status (idle, running) during operation and send goodbye messages to the network when powered off properly (so that creates a different pattern than just ripping out the battery). +It should be noted that mobile phones transmit power status (idle, running) during operation and send goodbye messages to the network when powered off properly (no power down message is send upon battery removal so it might hide exact time when the phone was switched off). Digital Base Security ===================== Traditional means of communication don't feel so good anymore, so what about the Internet? + First we need to find a secure device that we can use it with. When it is about information, security is classically divided into integrity, confidentiality and availability. + We will see what they mean in a moment, but before, let's talk about encryption. Encryption and Passwords ------------------------ We won't go into any details here, but the basic idea of digital encryption is that there extremely many possibilities for a *key* to some encrypted data. + With enough possibilities, it takes too long to try all the keys (a *brute force attack*), although old ways of encryption get broken as computers become faster (for what the NSA supposedly can break, see [here](https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/)). + Because humans can't remember huge keys either, computers often use some really slow function to derive the key from a password. + This works fine if someone enters the password once or twice, but makes it hard to try all possible passwords. + But if your password is *1312* or *revolution* or similar, it may be broken by a *dictonary attack*. -Therefore, it's best to either use the first words of a random sentence (**T**his **s**ecurity **g**uide **m**akes **f**or **1** **c**ool **p**assword**!**) or simply put a lot of random words together (*pineappletelevisionconfusionsalat*). -Even a good password is for nothing if the cops have put a virus on your computer and get the password as you type, which brings us to the next point. + +Therefore, it's best to either use the first words of a random sentence (**T**his **s**ecurity **g**uide **m**akes **f**or **1** **c**ool **p**assword**!**) or simply put a lot of random words together mixing with some symbols (*pineAPPle#@t3levisi\nconfusion!@33salat*). + +Remember that even a good password is for nothing if the cops have put a virus on your computer and get the password as you type, which brings us to the next point. Choose Your Computing Device (Integrity) --------------------------------------- @@ -160,14 +167,19 @@ Besides sneaky network attacks, malicious apps are used for surveillance ([sourc Moreover, they are designed to collect crazy amounts of information on people by default (scary example: [article](https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/), [paper](http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf)) - information that is more often than not readily available to state agencies with or without request. Therefore **the use of smartphones for sensitive activist work is strongly discouraged**, as even the security of alternative Internet services like Jabber/XMPP is greatly diminished on the vast majority of mobile devices[^2]. + Yes - we are aware that most people reading this use a smartphone as their primary communication device. + If you aim for a halfway decent personal device, the choice really is between Android and iOS, because fringe alternatives like [Sailfish OS](https://sailfishos.org/) don't even offer personal data encryption by default yet. + Google's reason to make Android is to control a platform for advertising and the collection of data. + Apple's iOS has many built-in security features, but Apple's convenience features such as remote wipe come at a pretty high cost of privacy invasion itself, and apart from [exceptions](https://www.engadget.com/2016/03/28/apple-s-encryption-battle-with-the-fbi-is-over-for-now/), the company generally cooperates with state agencies. [^2]: [This security analysis](https://bits-please.blogspot.de/2016/06/extracting-qualcomms-keymaster-keys.html) illustrates quite well that even without any malicious intend, mobile devices as commonly used are just not very secure. -Open source versions of Android (like *[Replicant](http://www.replicant.us/)*, *[Copperhead OS](https://github.com/copperheados/)* or, more commonly, [Lineage OS](https://lineageos.org/)) allow for a Google-free Android, at the cost of loosing many convenient apps, and the general problems with smartphones still apply. +Open source versions of Android (like *[Replicant](http://www.replicant.us/)*, *[Graphene OS](https://grapheneos.org/)* or, more commonly, [Lineage OS](https://lineageos.org/)) allow for a Google-free Android, at the cost of loosing many convenient apps, and the general problems with smartphones still apply. + If necessary, our advice is to best use a tablet (because it can't be controlled from the mobile network), or if you must a smartphone, with one of the open source variants of Android. ### Laptops and Desktop Computers @@ -408,4 +420,4 @@ TL;DR: Example Setups -------------- * **Laptop / Desktop:** Tails for serious anonymity, encrypted Linux Mint with TOR Browser, Thunderbird+Enigmail for encrypted email, Veracrypt to encrypt external media, Gaijim for Jabber with OMEMO encryption, Signal Desktop if needed. -* **Smartphone:** Lineage OS on a supported Android smartphone with data encryption, Orbot for TOR, Conversations for Jabber with OMEMO if necessary and Signal as a messenger app. \ No newline at end of file +* **Smartphone:** Lineage OS on a supported Android smartphone with data encryption, Orbot for TOR, Conversations for Jabber with OMEMO if necessary and Signal as a messenger app.