Protest

Security

cypurr.nyc

slides.com/cypurr/protest-security/

Locking down your digital life

Outline:

  • Intro
  • Holistic Security & Threat Modeling
  • Protest Security
  • Locking down your phone

Who are we?

  • We are…
    • The Cypurr Collective
    • In bk/nyc
    • Cat enthusiasts
    • Tech unenthusiasts
    • Coming from a queer/feminist/anti-capitalist lens
    • Members of the Electronic Frontier Alliance
    • Here to learn from you as well

Ground Rules

  • Saf(er) Space

    • We DO NOT tolerate demeaning/harmful language or behavior

    • Don't pressure or question someone discussing their experience/threat model/situation

    • Consent: Ask before helping someone out!

  • Keep it constructive!

  • Share the space!

    • Stack!  Raise your hand, we'll queue speakers

  • Photo/Video- Ask for approval!

  • Identify yourself if you are a...

    • reporter, researcher, or law enforcement

Warmup

What are some things you consider when you...

  • Are out late at night?
  • Leave home for a few days?
  • Aren't allowed to have your phone?
  • Are attending a protest?

What are our goals today?

What does the word "hacking" make you think of?

Holistic Approach

https://myshadow.org/

Holistic Approach

holistic-security.tacticaltech.org/

Balance > Purity            Growing > Finishing

Threat Modeling

  1. What is being protected?
    • Assets
  2. Who am I protecting it from?  
    • Adversaries
  3. How likely is this threat?  
    • Capabilities
  4. What are the consequences of failure?
    • Threat
  5. How much trouble am I willing to go through to prevent the consequences?
    • Risk

ssd.eff.org

Balance Threats

holistic-security.tacticaltech.org/

Threat Responses

holistic-security.tacticaltech.org/

  • Groups
    • Harder Group Boundaries
    • Authoritarianism
    • Fixed Patterns
  • Individuals
    • Freeze
    • Fight
    • Flight
    • Comply
    • Tend
    • Befriend
    • Posture

Before a Protest

ssd.eff.org

  • Enable full-disk encryption on your device
  • Remove fingerprint unlock, pixel imprint, and FaceID
    • biometrics v. passwords - the 5th amendment
  • Install Signal
  • Back up your data
  • Prepaid phone or no phone
  • Face protection

At a Protest

ssd.eff.org

  • Take photos and videos without unlocking

  • Consider biking or walking to the protest

  • Enable airplane mode

  • IF arrested, remember:

    • request an attorney before/during questioning

    • You can't lie, but officers can (and will)

    • If asked to open your phone say you "do not consent to a search of your device"

    • Remember the 5th amendment!

    • Defending your rights may be penalized

  • Not designed for privacy and security
  • More locked down with proprietary code, making it harder to control than regular computers.
  • Many apps collect and share data
    • Might not need access to your phone to get assets
  • Phones and Phone #s attached to our identity, finances, etc

More at ssd.eff.org

The Problem with Mobile Phones

Code: Instructions for your computer to complete.

"Open Source": A program that lets you read the instructions it contains (and even change them)

Proprietary: A program that keeps their instructions a secret

First, some terms to keep in mind

Phone Prep

"Smart" Components

SD card- "Secure Digital"

Similar to a flash drive

 

 

NFC- "Near Field Communication"

Can speak to devices within 4cm. e.g. used for payments.

 

 

SIM card - "Subscriber Identity Module"

Unique card idenity, user identity when activated, contacts

Your info

  • What information are you making available to your phone?
  • What info is available to 3rd party programs?
  • What info can be picked when your phone communicates with other devices?
  • How is location tracked?

images by myshadow.org

  • Check your settings!
  • Marie Kondo app management
  • Use a browser instead of apps!
  • Use a computer instead of phone!
  • Turn things off! (bluetooth, nfc, etc)
  • Check your settings/permissions regularly
  • Update update update!
  • Avoid new proprietary apps
  • Make regular backups of important data!
  • Leave your phone at home
  • Educate others!
  • Advocate for policy changes! (e.g. eff.org)

Let's install Signal

  • What does it cost?
    • Nothing! it is a open source non-profit
  • Why?
    • Signal offers encrypted texts between users
    • Privacy needs herd immunity
  • Is it complicated?
    • It's like any other app, you can also make it your default text app on android
  • What are the downsides?
    • It uses mobile data, it is secure but not anonymous-- still uses your phone #

Data in Motion

holistic-security.tacticaltech.org/

How would you make a secret code?

  1. iOS/Android groups
  2. Go to your app store
  3. Search for "Signal"
  4. Install the app
  5. App setup
  6. Safety numbers!
    • What is "verification"?
  7. Send a message! (optional)
  8. Who will you help install signal?

Resources

  • NYC

    • CyPurr Collective- cypurr.nyc and cypurr@protonmail.com

    • NYC CryptoParty and Meetup.com for other events

    • Freedom of the Press Foundation (Freedom.press)

    • Tech and Learning Collective
    • Calyx Institute & CryptoHarlem
    • Pop Gym  (self defense)
  • Online
    • Tactical Tech Collective- tacticaltech.org
    • EFF- Surveillance Self Defense (ssd.eff.org) Security Edu Companion (sec.eff.org)
  • Tool Recommendations
    • privacytools.io
    • prism-break.org

Upcoming

Brooklyn Public Library every month

(Feb 2nd 2-4pm)

Monthly open meeting

(Feb 4th 6-8pm)

Movie night at Babycastles

(Feb 13th 7-10pm)

securiTEA time at Bluestockings

(Feb 16th 1-3pm)

 

And more! check out our social media or email list

Thanks!

Protest Security

By cypurr

Made with Slides.com

Protest Security

  • 169

More from cypurr