Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.
You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.
Do you have to mash it? Or will pressing it normally work?
Pretty sure Apple would replace the buttons with pressure sensors – not for user comfort but so that they are no longer replaceable with OEM parts and can be serialized. They did literally this with Macbook sleep sensors.
Further advice regarding civil disobedience:
LEAVE YOUR PHONES AT HOME. Write down some numbers in case you get arrested—or better yet, memorize them. There are journalists there for documenting. And there will be plenty of other people that don’t follow this advice. Leave anything they could use as leverage over you and your cohorts away. Don’t bring ID. Don’t bring anything except what you need for the action. It’s not worth the risk.
ETA: also, any of you with a new car? DONT DRIVE THAT SHIT TO ANY MEETING OR PROTEST. They’re spying on you. Don’t post about it. Don’t use any unencrypted messaging service to coordinate it—WhatsApp is not safe. Signal and probably some other less common ones are the only ones safe enough. Ride a bike there, stash it in a conveniently hidden spot. Bring a change of clothes, plan escape routes, plant the change of clothes either hidden on your escape route or wear them under your plain clothes. Cover tattoos. Leftist activists are not safe. And literally the rest of your life could depend upon how well protected you have made yourself.
https://www.theguardian.com/us-news/2022/feb/10/felony-charges-pipeline-protesters-line-3
So many states have pretty quietly passed laws to make you a felon for protesting. Even peacefully. And to make you a fuckin corpse. In the south especially, a few states were writing “go ahead, run over any protester in the road” laws.
Be smart. Be safe. Have a plan. Have a contingency plan. This isn’t “fuck around with the blunt end of the justice system and find out” territory, in 2024 US, it’s time to be as safe as you can while doing what’s right. Because doing what’s right is criminalized. Heavily.
I’ve avoided willingly using biometrics so far. Though I’m sure our faces, gaits, body shapes, etc, are all stored somewhere, willingly or not.
Say no to biometrics. It’s like having a password you can never change.
it’s not a password; it’s closer to a username.
but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.
personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.
It’s not a great analogy. Your house and its windows are exposed to your neighborhood/community. Your internet device is adjacent to every hacker on the web.
it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
Assuming the phone’s security works as intended, what you’re saying is true. However, it’s a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.
I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I’m not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we’ve seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer’s data.
I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don’t kid yourself that it’s secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it’s compromised forever.
First provide proof that you can pull out biometric data out of a secure element in a phone.
