536

Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now (theintercept.com)

submitted 3 days ago by geneva_convenience@lemmy.ml to c/privacy@lemmy.ml

161 comments fedilink hide all child comments

The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.

Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.-

It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.

top 50 comments

sorted by: hot top controversial new old

[-] sudoer777@lemmy.ml 15 points 1 day ago* (last edited 1 day ago)

Or better yet use GrapheneOS 2FA biometric + PIN + duress PIN + auto reboot:

If someone spies on you unlocking your phone, they don't get your encryption password
If they figure out your PIN, they can't unlock your phone without you physically being there, and your phone may reboot to the password unlock before they get it to you
If they compel you to use biometrics, they can't legally compel you to give them your PIN
If they decide to start trying out common PINs and you set your duress PIN to one of them, then it wipes your phone

[-] mazzilius_marsti@lemmy.world 8 points 1 day ago

Or grapheneos but compartmentalize sensitive data to a profile where you use no fingerprints, only pins. Duress can be entered anywhere right? So if you're being compromised , enter the duress pin.

[-] sudoer777@lemmy.ml 3 points 1 day ago

Why would you use only PIN when you can use both?

[-] tobiah@lemmy.world 5 points 1 day ago

You could set it up so that only your left pinky works. After they try the other more likely fingers they're just going to figure it didn't work.

[-] electric_nan@lemmy.ml 2 points 1 day ago

Yes maybe, but. Is that any more or less convenient than a pin/passcode? Also, the most cursory surveillance prior to arrest will note the strange way you unlock your phone.

[-] JamesBoeing737MAX@sopuli.xyz 3 points 1 day ago

Or just use lockdown mode.

[-] collar@lemmy.world 13 points 2 days ago

What's interesting is that the DC Circuit doesn't allow authorities to force someone to unlock their device with biometrics. I'm assuming that Natanson's home is not inside the DC Circuit.

It's a legally unclear area right now whether or not authorities can force you to unlock your device with biometrics. As such, it's better not to use them: https://decentproject.org/should-you-use-biometrics-on-your-phone

[-] RejZoR@lemmy.ml 15 points 2 days ago

How is current USA administration performing these clear gestapo level violations of amendments and everyone's just like "okay". ?!

[-] FenrirIII@lemmy.world 14 points 2 days ago

Because there's no resistance to follow. We have no leaders out there speaking against this. It's a massive population of sheep being governed by wolves

[-] derry@midwest.social 6 points 2 days ago

Pedowolves

load more comments (1 replies)

[-] Darkassassin07@lemmy.ca 111 points 3 days ago* (last edited 3 days ago)

Or at the very least; turn your phone entirely off (shutdown) whenever you expect or encounter police contact.

Biometrics only work when the device is already running. Mobile devices are in their most locked down/secure state when 'at rest', ie shutdown.

In android; there is also a 'lockdown' mode you can quickly activate from the power off screen, that disables Biometrics until next unlock with a pin/pattern, but doesn't fully shutdown so you can still quickly access things like the camera. This has to be explicitly enabled in settings first and will not offer much protection from various lockscreen bypass software available to law enforcement.

[-] birdwing@lemmy.blahaj.zone 59 points 3 days ago* (last edited 3 days ago)

Also, don't take your phone to protests. ACAB.

Wear clothing that can't identify you. Hide tattoos and anything that might make you stand out. Get clothes from a free giveaway place, without cameras. Walk a bit differently if you need to.

Cover your face and cover surveillance cameras, or break them, or hack them (do the latter two only if you know what you're doing).

Wear a body cam. Get bear and pepper spray.

[-] W98BSoD@lemmy.dbzer0.com 8 points 2 days ago

load more comments (12 replies)

load more comments (7 replies)

[-] JoeMontayna@lemmy.ml 27 points 3 days ago

The only safe phone is a phone with a strong password thats in a powered down state. Otherwise there are tools to gain full access.

[-] lavander@lemmy.dbzer0.com 30 points 2 days ago* (last edited 2 days ago)

The only safe phone is a phone with no data.

Otherwise there will be tools to gain full access.

Without forgetting the good old rubber hose attack

FWIW I think the only way to keep confidential information is hosted in another country, encrypted, with no credentials (or even the name of the server) cached, all on open sources stacks, with the infrastructure provider different from the operating system provider different from the application provider and encryption provider

Is this convenient? No Is this accessible to the average user? No

I just think something at certain point went extremely wrong in history. We accepted control in exchange of convenience

[-] bluesheep@sh.itjust.works 13 points 2 days ago

Relevant XKCD

load more comments (1 replies)

load more comments (7 replies)

load more comments (1 replies)

[-] HiddenLayer555@lemmy.ml 73 points 3 days ago* (last edited 3 days ago)

hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics

This isn't bypassing biometrics. This is using biometrics as intended. Bypassing implies this was an unexpected side effect when every security researcher ever has warned that biometrics is intrinsically vulnerable and a terrible password substitute for this exact reason.

[-] mazzilius_marsti@lemmy.world 2 points 1 day ago

i guess another way is to use those shitty privacy screen protectors that do not work with fingerprints at all. They can try all they want, its not gonna work.

[-] MadBits@europe.pub 3 points 1 day ago

Its really not difficult to take it off.

[-] thatsnothowyoudoit@lemmy.ca 12 points 2 days ago

I don’t know what it is on android, but five quick presses of the primary button on iOS will put the phone into a mode where you must enter your password to unlock it.

load more comments (4 replies)

[-] termaxima@slrpnk.net 54 points 3 days ago

Use GrapheneOS so you can "unlock" your phone and enter the wipe code instead.

[-] this@sh.itjust.works 45 points 3 days ago

Even better, set it to 1234567890 or 00000000 or similar easy to guess pin, and change it to the length of your actual pin, now if someone tries to bruteforce your phone it will instantly wipe and you can make a case that it was the law enforcement who destroyed any "evidence" by their own actions if in comes up In court.

[-] davetortoise@reddthat.com 36 points 3 days ago

This sounds like a convenient way to have all your locally saved photos wiped by your kid

[-] this@sh.itjust.works 29 points 3 days ago

Always back up anything you don't want to loose.

load more comments (3 replies)

load more comments (4 replies)

load more comments (18 replies)

load more comments (5 replies)

[-] myfunnyaccountname@lemmy.zip 12 points 2 days ago

Why? Apple and Google will just unlock it for them later.

[-] idriss@lemmy.ml 13 points 2 days ago

Yep, unless you are using grapheneOS, Lineage, Fairphone, Jolla, .. you are screwed

load more comments (2 replies)

load more comments (4 replies)

[-] SabinStargem@lemmy.today 31 points 3 days ago* (last edited 3 days ago)

Another thing for an overhauled Constitution. One's body and devices should be considered to be papers and effects.

[-] NauticalNoodle@lemmy.ml 25 points 3 days ago

that's precisely why i never stopped using a password to access my phone.

[-] DolphinMath@slrpnk.net 3 points 1 day ago* (last edited 1 day ago)

The downside to always using a passcode is that if you ever type it in public, cameras can capture what you type. Some of Flock’s cameras specifically have been shown to automatically zoom in on phones as well, I’m sure they aren’t the only ones that do so.

Personally, I’d just prefer locking it (by holding volume up and the side button), when I’m in a situation where LE might unlawfully demand I unlock it.

load more comments (14 replies)

load more comments

this post was submitted on 30 Jan 2026

536 points (98.9% liked)

Privacy

45362 readers

113 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS