The protester's guide to smartphone security

Original Article ↗ Hacker News Discussion ↗

Cell Networks, Stingrays, and Power Drain

  • Discussion of “stingray” fake base stations: concern about downgrading to 2G and tracking devices; some phones don’t allow disabling 2G.
  • Pixels and some Androids now integrate detection of fake base stations; third‑party apps also exist.
  • Several participants suggest towers or stingrays can force higher transmit power, rapidly draining batteries and degrading coordination; others argue crowds and weak signal already cause similar drain without any special action.
  • Airplane mode is no longer trusted on all devices (e.g., some still keep Wi‑Fi/Bluetooth active).

Offline / P2P Tools and Radios

  • Briar (Android) is repeatedly recommended for P2P, Tor‑based, protest‑oriented messaging; iOS is seen as lacking mature, offline P2P options.
  • Other tools mentioned: Cwtch, Berty (stability questioned), Matrix/Simplex (if self‑hosted), and Meshtastic (LoRa‑based, encrypted text over cheap hardware).
  • Concerns: Bluetooth/Wi‑Fi P2P can still be tracked via MACs, side devices (earbuds, watches), and RF fingerprints.
  • Encrypted walkie‑talkies exist but are expensive and often illegal or restricted on common US bands; some argue using illegal comms invites extra charges and undermines “peaceful protest” framing.

Burner Phones and SIM Anonymity

  • Some argue burners are obsolete: movement patterns, tower logs, and unusual usage patterns can still tie them to you.
  • Others say they still reduce risk if:
    • bought with cash away from cameras,
    • used only at the protest,
    • never powered on near your main phone.
  • Debate over whether strict burner playbooks now make you stand out in modern data sets.
  • SIM registration laws vary by country; in some EU states anonymous prepaid SIMs are still sold.

Legal Access, Biometrics, and Wiping

  • In some jurisdictions (e.g., UK) people can be compelled to reveal PINs; in parts of the US, compelled biometrics are more permissible than compelled passwords.
  • iOS features: erase‑after‑10‑failed‑PIN, requiring eye contact for Face ID, and emergency sequences that disable biometrics. Reports of these sometimes failing in practice.
  • Remote wiping or revoking account access while a device is in police hands may trigger obstruction or evidence‑destruction charges; intent is key but hard to litigate.
  • GrapheneOS duress PINs and full‑disk encryption on niche phones (PinePhone, Purism) are discussed but seen as niche/expensive.

Phones, Cameras, and Documentation

  • Strong faction: best security is leaving your personal phone at home; meet via pre‑arranged points, or use simple cameras or old feature phones.
  • Counterpoint: phones enable livestreaming and rapid off‑device backups, critical for documenting abuses before devices are seized or destroyed.
  • Debate about photographing identifiable protesters:
    • One side: faces should be avoided to prevent doxxing/retaliation.
    • Other side: documenting provocateurs and violent actors is important, and the state is filming anyway, so marginal risk is low.

Limits of Security and Protest Context

  • Broad agreement that you can’t fully evade a determined state: face recognition, movement data, purchases, and social graphs still link people to events.
  • View 1: given rubber‑hose tactics and powerful agencies, many “opsec” steps are theater.
  • View 2: even partial hardening meaningfully reduces dragnet exposure to local police and low‑effort surveillance; tradeoffs should be chosen consciously.
  • Discussion of how legality, morality, and protest tactics diverge: peaceful protests can still be repressed, and “legal vs illegal” can flip with politics. Some reference foreign influence and provocateurs but others demand stronger evidence.