With reports that the witnesses in today’s murder by ICE were all detained (and their phones presumably confiscated), I’ve been thinking nonstop about if I were to record ICE or the cops doing something, how could I ensure that any videos I record are not able to be deleted, assuming my phone was confiscated? I’m talking about specific tactics.
My phone runs iOS. I already have a strong passcode which hopefully makes brute forcing difficult. I use ADP and the only thing I back up automatically are photos and videos. In theory, I think my setup is fairly secure, since it would be hard to get into my phone or my iCloud account. But I don’t know what vulnerabilities or tools I may be missing.
I’m asking for iOS, but I think it’s good to discuss Android and GrapheneOS as well.
A live streaming drone would be ideal.
but somewhat impractical
live streaming from a phone is very practical. I don’t think I’d be flying a drone around
Keeping a live stream going on a burner phone is a good idea, removing biometrics and identifying information from main phone where possible, remote backup to a different location (preferably 1-way) keeping them both in the fully off locked state when not in use. Burner phone should only have your livestream/1-way backup passwords, nothing else. I hope you don’t have to experience this, but better safe than sorry
As a few people have said, using mobile data to sync to a remote server is susceptible to local jamming of your mobile signal. So you might want to sync by wifi to some nearby device(s) instead. I guess it depends on the location, whether you can have a car parked nearby, etc. Or if it’s near your home or office, maybe you can have a fixed camera watching the scene.
On both IOS and android, you can activate the camera without unlocking the phone. On android it’s via a double click of the power button, by default. This makes it far more difficult to delete it quickly.
Combined with an auto upload script makes their job a lot harder.
https://tella-app.org/ not capable of live streaming yet, but otherwise does all the activist safety and witnessing. Open source, can sync to clouds, but currently requires manual triggering.
Kinda stepping into the gap the ACLU left behind. Worth looking at
That looks pretty great, actually.
If you run a modern Pixel with GrapheneOS sans fingerprint unlock, they’re not getting in
Auto upload to a remote location (e.g. VPS), ideally somewhere out of the country to really minimise chances of deletion. Could also have it auto upload to several places. You’ll need good enough internet connection to upload it though, so if they’re using signal jammers at a protest that could be a problem.
In terms of preventing deletion on the phone itself, you can’t really stop them from “losing” your phone, even if they can’t get into it.
If your phone is confiscated, you can’t count on getting it back. Upload the video to a server or another nearby machine (maybe another phone) as you shoot it. There are apps for that purpose of course.
My videos already sync to iCloud. My concern is if the cops were to get into my phone, they could just go to the Photos app and delete it from the device and my iCloud account.
Oh that’s interesting. Can you reach your iCloud stuff from a remote computer? Just have something on the remote machine auto-uoload the video from iCloud to some storage outside the US.
Disable faceID and secure your phone with a strong alphanumeric pin (which can include spaces to make it easy to remember) of at least thirty characters before going into any sort of situation where you know henchmen will be.
If henchmen get the drop on you and you’re not prepared, then ideally keep a six-digit pin at all times. It’ll be easier to get into, but it’ll still take them lots of work.
All of this can be bypassed on most devices except Graphene OS using the tools they now have available.
Ah fuck.
Well, they’re not immune to getting killed.
I was looking for the image to see if I saved it, but apparently not. There was a image floating around of a private meeting slide presentation that showed the various phones and their vulnerabilities. IIRC, the main things were some issue with the number of allowed log in attempts when all the mobile devices are in the initial boot lock versus regular lock state. The other was how the default USB behavior is handled in the locked state. These are default locked down in Graphene. Additionally, there are tools like a second lock screen password that factory resets the device completely in the background, and automatic reboots so that the phone goes into the initial boot locked state regularly.
If they can’t get into the device, they will probably just steal it.
iOS has lockdown mode. If you have proof of this being bypassed I’d love to see it.
How to activate?
Settings > Privacy & Security > Lockdown Mode
I’m not so sure this is the case, at least not trivially, but I’m no pro. There’s a reason the feds sued Apple trying to get them to unlock that one guy’s phone. Same goes for Android, the most important part is not using biometrics (face, fingerprint) and set a 6 digit pin (or whatever max it allows for).
Before going somewhere hot like a protest, make sure the screen locks automatically when you click power off button, and screen timeout to minimum. Make sure beforehand that your phone has device encryption turned on.
If you use something like google drive or whatever, make it auto-upload your photos/videos, and rather take many shorter videos than one long one, if you find it too technical to set up syncthing or similar, so finished film gets uploaded in the background while you take new one.
Instant screen lock is the most important I think, that way if the pigs come for you, just click the power button and your chances of keeping the vid are pretty solid. Oh, set “automatically backup over data” also, often by default it just does over wifi.
Try Proton. It’s based in Switzerland, is encrypted, and way more secure than using anything associated with Apple or Google, aka the fascist regime.
I pay for a Proton account already, this is a great suggestion, I’m going to look into this (can’t believe I forgot this)
If you have access to another device, you can log into icloud.com and remotely log out of the phone.
Files “deleted” from icloud can also be restored on icloud.com/recovery for up to 30 days after deletion.
Encryption is good but even better is uploading it somewhere as soon as humanly possible
set up the cloud app of your choice to upload automatically as soon as the files come in. i’d recommend anything from outside the jurisdiction you are protesting against, just in case. ideal scenario is a trusted party has access.
If it’s just photo/video: Immich does the job very well.
If it’s also files: Syncthing/resilio
Lots of discussion around encryption states at boot / disabling FaceID
For iOS, Invoking the shutdown dialog (Lock+Volume) or activating Emergency Mode (Lock 5x Fast) puts the device into a “Lockdown” state where FaceID no longer works, PIN authentication is the only means to unlock the device.
Auto upload to cloud that someone bas access to. Even Google photos with shared partners will automatically download your partners auto uploaded videos and photos. This should be more than enough until nazis take full control.
would be nice to have an ‘instant sync to remote location’ shortcut, i kinda have this on android with termux and rsync but not sure for ios
a live streaming method would be good too, also a burner phone
The ACLU used to provide an app & service specifically for such situations, but they discontinued it a year ago.
https://en.wikipedia.org/wiki/ACLU_Mobile_Justice
Live stream
Keep a consistent sync between a server you control and the phone.
Something like immich will make it easy.
