What's interesting is that the DC Circuit doesn't allow authorities to force someone to unlock their device with biometrics. I'm assuming that Natanson's home is not inside the DC Circuit.
It's a legally unclear area right now whether or not authorities can force you to unlock your device with biometrics. As such, it's better not to use them: https://decentproject.org/should-you-use-biometrics-on-your-phone
How is current USA administration performing these clear gestapo level violations of amendments and everyone's just like "okay". ?!
Because there's no resistance to follow. We have no leaders out there speaking against this. It's a massive population of sheep being governed by wolves
Pedowolves
Jokes on the cops, my finger barely works half the time and I have to end up doing my doodle.
I know this was in jest but seems on topic with the post - please switch from pattern to PIN (or better still, password). Pattern is orders of magnitude easier to crack than PIN.
I don’t know what it is on android, but five quick presses of the primary button on iOS will put the phone into a mode where you must enter your password to unlock it.
yeah that puts my phone in SOS mode, so maybe not that on Android
Also pressing the primary and a volume key for a couple of seconds.
Android has a feature you can turn on that adds "lockdown mode" as an option if you hold the power button, which requires a password. I just tried taking a screenshot, but I don't think I can while in the power menu.
You can also just turn your phone off. Biometrics don't work on a fresh boot.
You can just set it up so biometrics can't unlock the phone but can be used to get into banking apps, password managers, etc. I've had this set up for a couple years and it is no less convenient than using the biometrics honestly.
It's in: settings > screen lock and biometrics > unlock type set to PIN and then you can activate biometrics and turn off the slider that indicates unlock device.
Why? Apple and Google will just unlock it for them later.
Yep, unless you are using grapheneOS, Lineage, Fairphone, Jolla, .. you are screwed
Do you mean e/is? Fairphone is hardware, but uses either e/os or android
right, E/OS option
Yeah but you might as well make them work for it.
It might save the next guy because they don't have time.
Didn't apple go to war with the FBI over exactly this? Or did I miss where they changed their tune.
Yeah. Like 10 years ago. Not sure they would have the same stance now. MS just bent over backwards to give out bitlocker keys.
The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.
The only safe phone is a phone with no data.
Otherwise there will be tools to gain full access.
Without forgetting the good old rubber hose attack
FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider
Is this convenient? No Is this accessible to the average user? No
I just think something at certain point went extremely wrong in history. We accepted control in exchange of convenience
We accepted control at expense of convenience
I would have thought it would be more accurate to say we accepted convenience at the expense of privacy and security...
I think the only way to keep confidential information is hosted in another country
that's not good enough anymore. decades ago the US put enough pressure on switzerland to end the use of anonymous banking and set up what's called SWIFT and KYC. do you really think putting datacenters in other countries will be enough protection like banks in switzerland "was"?
Of course not! For this reason you need different providers and jurisdictions for datacenters, operating systems, encryption providers.
It’s the very same principle tor works: sure you can do traffic analysis and be able to “unmask” a tor user… and for this reason tor deliberately sends traffic across 3 different jurisdictions. Is it still possible to force 3 different nodes to cooperate for the unmasking? Sure… but you need 3 jurisdictions to collaborate with that.
Also, fun fact: bank secrecy is still in effect for Swiss residents (regardless of the citizenship) and people resident outside of the US and EU. Because things are always more nuanced than they seem 🙂
Alright, I already "umm, ackshually'd" someone in this thread but this post in particular hit a nerve with me. The Tor security model is based on 3 hops but does not guarantee 3 different jurisdictions. Their circuit building only takes into account "jurisdiction" in the way we're using it here if you use guard nodes or specific cases when you cannot access the network directly or look like you're exiting from a Tor node.
That said, it's still a very strong project and security model. And everything you said about spreading out your providers without a single point of failure (or pressure) applies.
What about if you use the disable USB on lock setting?
Another thing for an overhauled Constitution. One's body and devices should be considered to be papers and effects.
Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.
Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when 'at rest', ie shutdown.
In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn't fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.
Five clicks of the lock button on an iPhone will force a password or pin to enable biometrics again.
Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.
They can prosecute you for that in many places as destruction of evidence.
(Which is weird because if they fail to convict you for whatever BS they are going for then it is the Goose meme of "evidence for what???")
hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics
This isn't bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)