If you’re interested, look up the celebrite leak images. They require a little googling of jargon but you might get a couple years on an android device with a locked bootloader and at least four or so on an up to date ios device.

In my experience all the ios stuff won’t pair bfu but some android stuff will. There’s just too much out there to say for sure about everything.

Of course you don’t. The point of my reply wasn’t to encourage you to rig your car to explode but to explain some of the reasons why it’s perfectly understandable to take every possible precaution about your phone if you think it’s possible cops will get it.

You suppose in your earlier reply that a persons unique actions must be the precursor to a level of paranoia around law enforcement that approaches destroying the phones contents. I was trying to illustrate that everyone should be extremely apprehensive about cops getting their phones, not just those who are engaged in some clandestine bullshit ala the old mad magazine marginalia.

Of course, just turning your phone off if you’ve sufficiently hardened the settings is enough for four or five years of safety on ios and at least a year or two on android.

It’s easier if you think of it like a car. Say you get arrested while in or around your car: doesn’t mean you did anything wrong or broke a law, just that you were arrested. Now there’s a million ways for cops to do the backflip jetpack gymnastics to get to search your car.

Once arrested, some stuff happens but importantly, a prosecutor starts building a case against you.

Maybe you took the recycling out and a crumpled up beer can is in the back seat, that’s an open container. Maybe you picked up some starting fluid for the cold mornings, they found it in the glove compartment in a paper bag, better do that blood test on you to rule out inhalant use, that would give them dwi. Got a significant amount of cash in the locked center console, that’s drug money. Maybe you keep the sporterized bring back hunting rifle your uncle gave you in the trunk, now you have an unregistered firearm in your possession, intent to menace? How will that allow upgrading the charges they’re already building against you? Who can say?

And remember, they’re going to use any method they can to deny you your property if you somehow end up beating the laundry list of charges. You’re losing the gun and cash no question. Civil asset forfeiture will see to that. If there’s anything wrong with your car that would keep it from passing inspection even if it had a valid inspection at the time of impound they can choose not to return it to you and instead sell it at auction for their own gain or just crush it.

Now what lines and spirals are drawn in the cloud chamber of your life when that cop particle strikes your phone instead of your car?

Again, speaking as a radio operator, for this users needs its tough to recommend a radio solution to the non-technical especially when it’s a mesh based hobbyist one the user will be relying on to communicate securely.

Radio also sticks out like sore thumb and it’s important to be able to look normal.

Cell phones have three states: unlocked, locked afu (after first unlock) and locked bfu (before first unlock). When in bfu the phone is much more difficult to attack because it won’t allow access to the pairing or anything really. It becomes even more restrictive with lockdown on.

Turning the phone off frequently accomplishes two things, it keeps the user from messing with it and makes sure if someone grabs you up in your home while you’re reading your newspaper smoking your pipe then they grab your phone while it’s turned off, in bfu lock when it’s powered up.

The duress inputs can do a lot with a little. You can lock the phone, turn it off, dial 911 etc.

iOS devices already have wipe after a number of failed pin attempts. I’m dubious of much more than that for this user. The threat model here is police picking you up and using a far reaching warrant and off the shelf technology to peer into your devices, not someone dead bugging your devices’ security chip. It’s only got to last as long as the cops are allowed to hold your shit, so the four or five years lead that leaks from various cybersecurity companies indicate that devices in bfu have over their opponents in intelligence seems perfect.

It’s common practice for law enforcement to go ahead and do the ten tries or whatever makes the device wipe itself before they give it back to you anyway, so it’s a double edged sword.

No and no.

What this person is describing is a recent ios device with lockdown on, biometrics off, adp on and an understanding that no us carrier can offer cell service with security or privacy from the us government because of the lawful intercept backdoor.

They need to change their behavior to include turning their phone off frequently and incorporate practice using their phones duress inputs. They need to recognize that the phone is always a tracking device and cannot function in the way they want without being a tracking device. Because of that last part, and because the metadata delivered to phones is now used to direct police action, they need to understand that phones can’t come with them to organizing or protest and they can’t communicate about those things using the phone no matter what app or encryption is employed.

It’s also important to recognize that if the people they’re around don’t take these same precautions then it may be best to simply stop associating with those people in that way. Some friends are a lot of fun at parties but can’t be trusted.

Once all that is handled then a nice cherry on top is mullvad. Easy to understand and handle for even the most tech averse.

People will say that they don’t trust iphones because they’re not open source, but every leak from cop and intelligence tech companies like celebrite indicates that they are incapable of compromising an up to date ios device especially in bfu (not unlocked after being powered on) state. These leaks could be dismissed as limited hang outs, but the fact that we also see action based on metadata from the lawful intercept backdoor instead of direct compromise of devices seems to corroborate it.

Tldr: switch to apple and go prodromal

E: another benefit I forgot to mention is looking normal. The context of the request is one where the users fellow citizens may be snitching on them to law enforcement. Being able to blend in is absolutely worthwhile because every nosy neighbor or coworker is gonna be looking for signs of a user being a weirdo. Having a “hardened” ios phone and changing your behavior lets you blend right in.

Your huawei device will stick out like a sore thumb to networks, giving another vector to track you by.

Your huawei device may be subject to cutoff due to factors completely outside your control, impacting your ability to use it.

Consider getting a normal person phone and locking it down as much as you can then not using it when you need privacy. A shadow cast by nothing gives away the most well camouflaged animal.

Well I’m American so idk how far away that is and it’s incredibly racist of you to assume I would.

Even if you stay with external drive backups, consider a kind of total loss copy.

You could easily end up being in a fire or some natural disaster and lose both your server and your backups.

An easy way to add this in your life if you’re already going there is a safe deposit box at the bank. You just gotta remember to take a weekly copy over there for safekeeping.

The usual way is called a low pass filter.

If you listen to electronic music you probably know what I’m talking about even without knowing it by name. It’s the sound in breakdowns where nothing really changes about the patterns or the music being played, but the sparkle and definition goes away and all you can really hear is the baseline and kick drums. The high hats are still playing and “in the mix”, their high pitched sound is just being filtered out electronically when the person playing turns a knob.

In everyday life it’s the sound of music through a closed door or rolls up window, muffled and low pitched. When the person opens their door or rolls down the window suddenly you hear more than the subs.

Waves propagating through a medium follow the inverse square law so the more dense or thick the “door” that sound has to go through, the quieter the blocked frequencies on the other side will be.

Since ultrasonic waves will be higher in frequency than audible ones, they’ll be scattered and absorbed much more readily than low frequency ones. Something that will absorb them well would be a flexible damping layer between the microphone and air, like the material of a disposable glove stuck over the top of the microphone hole.

This solution is better than a software one, because instead of relying on your software to correctly intercept and filter input from the microphone, you’re preventing it from ever reaching the mic in the first place!

Now you still need to be worried about solid objects. They can transmit sounds just like the air and are even better at high frequencies! Someone could have an ultrasonic exciter mounted on the bottoms of a table and vibrate your phones mic directly through its own chassis! So maybe stick your whole phone in the glove instead of just cutting out a little diaphragm for the chassis mic hole.

Free: stubby, dnscrypt-proxy

Up front cost: making your own dns how you want it with pihole or any of the alternatives to it

Paid: use your VPNs various dns resolution servers

Yeah but do you think that a frontend that makes ten requests for tags, including somewhere between 3 and 6 tags in the db and between 3 and 6 tags not in the db with the actual tag the user wants to know about as well would add enough obfuscation to prevent that?

Apologies, I didn’t want to assume you knew how hibp works based only on your verbiage. I think I misread your comment and assumed you were implying they werent trustworthy or something.

Out of curiosity, what do you think the vector of attack would be if someone had a honeypot of tokens they were offering people a look at?

Get the browsers unique id and tie it to the token they’re asking about? How would that not be defeated by naming a bunch of queries about extant tokens?

The problem I see is that there’s this public knowledge thing, the license tag number, and it requires monitored access to a restricted system in order to correlate that public piece of information to a human being. So would just fuzzing requests with tags in the db work?

What would you say is a better way to allow users to check if their password is in, last time I looked, over a petabyte of data breaches than to have them enter it?

They are waiting for a new jurisprudence that has decided how police are expected to respond to information from the panopticon.

If the new decisions end up painting a picture where it’s okay to be shown hearsay by the panopticon then as long as there’s a sound investigation and solid evidence they’ll be able to keep using these systems, now with codified policies.

If it comes down that cops aren’t supposed to look at the panopticon then they will just sell them off to people who can (the prison system) and cover up everything they did as best as is possible.

It lowkey literally is. They make these stretchy pull over balaclava things as athletic wear that you can pull up over your face.

You can always cover your face in public. Islam is the light.

Just cover your face in public

E: Islam is the light

Everything works fine. Stop worrying.

If you want to be 100% sure (and this is smart in general in all of life!), open a bank account and get a credit card tied to it for payments. Go to taobao or AliExpress or something where Alipay or WeChat are used and try them out with your new financial details.

It doesn’t matter what credit card you get because credit cards are an incredibly not private method of paying for stuff and merchants, processors and everyone else are strongly incentivized to collect and sell user transaction data.

This is going to sound counterintuitive, but don’t get a vpn to bypass the firewall if you don’t have a non-espionage reason to do so. The reason I say that is you’re pitting yourself against a nations cybersecurity people and there’s a good chance they’re smarter than you. It would be better to be able to say “I saw on reddit that I could use this vpn to access this forum for a game I play” and then show the cops all your cringey posts and your hundreds of hours of playtime than to say “I wasn’t doing anything!” or “I just value my privacy!”.