With reports that the witnesses in today’s murder by ICE were all detained (and their phones presumably confiscated), I’ve been thinking nonstop about if I were to record ICE or the cops doing something, how could I ensure that any videos I record are not able to be deleted, assuming my phone was confiscated? I’m talking about specific tactics.
My phone runs iOS. I already have a strong passcode which hopefully makes brute forcing difficult. I use ADP and the only thing I back up automatically are photos and videos. In theory, I think my setup is fairly secure, since it would be hard to get into my phone or my iCloud account. But I don’t know what vulnerabilities or tools I may be missing.
I’m asking for iOS, but I think it’s good to discuss Android and GrapheneOS as well.
if you want to be really super sure then you live stream the video. That’s how it was done at occupy.
There is a deep setting on iOS for full encryption of everything. It can make it harder to retrieve your things if you forget your password but that’s exactly what you want here.
Also, on top of other great ideas. Make sure iCloud sync is on, low battery isn’t, and it should sync if it is topped up enough
Auto upload to cloud that someone bas access to. Even Google photos with shared partners will automatically download your partners auto uploaded videos and photos. This should be more than enough until nazis take full control.
Encryption is good but even better is uploading it somewhere as soon as humanly possible
set up the cloud app of your choice to upload automatically as soon as the files come in. i’d recommend anything from outside the jurisdiction you are protesting against, just in case. ideal scenario is a trusted party has access.
A live streaming drone would be ideal.
but somewhat impractical
live streaming from a phone is very practical. I don’t think I’d be flying a drone around
Auto upload to a remote location (e.g. VPS), ideally somewhere out of the country to really minimise chances of deletion. Could also have it auto upload to several places. You’ll need good enough internet connection to upload it though, so if they’re using signal jammers at a protest that could be a problem.
In terms of preventing deletion on the phone itself, you can’t really stop them from “losing” your phone, even if they can’t get into it.
Set up syncthing on your phone and whatever other device (laptop/pc/another phone at home/etc). Point it to your photos/videos folder and sync to your device at home(or friend’s house). If your phone is confiscated and they manage to get it deleted from the cloud, you’ll have a copy on your device. Make sure you enable settings like trashcan or versioning so the files deleted on your phone aren’t auto deleted on the device.
This. One-way sync to a home server/NAS or secure cloud storage that is not logged into on your phone (e.g. if you sync to NAS or a cloud service, don’t be logged in on other apps/web).
if your phone is taken while filming, it Won’t upload until it’s done recording. The agents will probably hit stop, then delete. you’d have to do some testing to see if that will stop the sync.
if you sync to NAS or a cloud service, don’t be logged in on other apps/web
what?
The agents will probably hit stop, then delete.
I don’t think there will be a reliable work around for this. It will take a while to upload anyway.
chopping it up into short videos or livestreaming it could be a workaround.
set the fs watcher delay to something small in the advancdd folder settings in syncthing.
https://docs.syncthing.net/users/config?version=v1.29.6#config-option-folder.fswatcherdelays
It is my understanding that iOS does not support Syncthing.
Mayne that’s old? My quick google show Mobius Sync and Synctrain are two syncthing clients that work on ios.
Live stream
Take a burner and live stream. Do not keep any sensitive info or log into anything other than the live streaming platform.
If you have your personal phone on you TURN IT OFF when law enforcement is nearby. The most secure state for your phone is before you unlock it after it boots up. The first unlock decrypts it and makes it much more vulnerable.
Where do you livestream? I’m trying to find a service that isn’t shit.
Twitch.tv is most peoples preffered option. Theyre corporate, so i would be surprised if violence doesnt violate their tos, but i see protest livestreams all the time so idk. It also automatically saves a video of your livestream for two weeks iirc
Ugh. That’s the best option I’ve been able to find, but I really don’t trust Amazon to not just immediately roll over for the feds.
Lots of discussion around encryption states at boot / disabling FaceID
For iOS, Invoking the shutdown dialog (Lock+Volume) or activating Emergency Mode (Lock 5x Fast) puts the device into a “Lockdown” state where FaceID no longer works, PIN authentication is the only means to unlock the device.
If your phone is confiscated, you can’t count on getting it back. Upload the video to a server or another nearby machine (maybe another phone) as you shoot it. There are apps for that purpose of course.
My videos already sync to iCloud. My concern is if the cops were to get into my phone, they could just go to the Photos app and delete it from the device and my iCloud account.
Disable faceID and secure your phone with a strong alphanumeric pin (which can include spaces to make it easy to remember) of at least thirty characters before going into any sort of situation where you know henchmen will be.
If henchmen get the drop on you and you’re not prepared, then ideally keep a six-digit pin at all times. It’ll be easier to get into, but it’ll still take them lots of work.
All of this can be bypassed on most devices except Graphene OS using the tools they now have available.
iOS has lockdown mode. If you have proof of this being bypassed I’d love to see it.
How to activate?
Settings > Privacy & Security > Lockdown Mode
Ah fuck.
Well, they’re not immune to getting killed.
I was looking for the image to see if I saved it, but apparently not. There was a image floating around of a private meeting slide presentation that showed the various phones and their vulnerabilities. IIRC, the main things were some issue with the number of allowed log in attempts when all the mobile devices are in the initial boot lock versus regular lock state. The other was how the default USB behavior is handled in the locked state. These are default locked down in Graphene. Additionally, there are tools like a second lock screen password that factory resets the device completely in the background, and automatic reboots so that the phone goes into the initial boot locked state regularly.
If they can’t get into the device, they will probably just steal it.
I’m not so sure this is the case, at least not trivially, but I’m no pro. There’s a reason the feds sued Apple trying to get them to unlock that one guy’s phone. Same goes for Android, the most important part is not using biometrics (face, fingerprint) and set a 6 digit pin (or whatever max it allows for).
Before going somewhere hot like a protest, make sure the screen locks automatically when you click power off button, and screen timeout to minimum. Make sure beforehand that your phone has device encryption turned on.
If you use something like google drive or whatever, make it auto-upload your photos/videos, and rather take many shorter videos than one long one, if you find it too technical to set up syncthing or similar, so finished film gets uploaded in the background while you take new one.
Instant screen lock is the most important I think, that way if the pigs come for you, just click the power button and your chances of keeping the vid are pretty solid. Oh, set “automatically backup over data” also, often by default it just does over wifi.
If you have access to another device, you can log into icloud.com and remotely log out of the phone.
Files “deleted” from icloud can also be restored on icloud.com/recovery for up to 30 days after deletion.
Send it to someone else maybe, so there is a copy of it that can’t be deleted from your phone.
Oh that’s interesting. Can you reach your iCloud stuff from a remote computer? Just have something on the remote machine auto-uoload the video from iCloud to some storage outside the US.
Try Proton. It’s based in Switzerland, is encrypted, and way more secure than using anything associated with Apple or Google, aka the fascist regime.
I pay for a Proton account already, this is a great suggestion, I’m going to look into this (can’t believe I forgot this)
Keeping a live stream going on a burner phone is a good idea, removing biometrics and identifying information from main phone where possible, remote backup to a different location (preferably 1-way) keeping them both in the fully off locked state when not in use. Burner phone should only have your livestream/1-way backup passwords, nothing else. I hope you don’t have to experience this, but better safe than sorry
set up a local VPN on your NAS/file server and add your phone to the VPN. Next, map a local drive on your phone to the NAS. Dunno if you can do that on iOS, but at least on android you can. Disable modify and delete permissions on the NAS folder, so that the phone can only write/read from it, then use a camera app that lets you choose the save location and set it to record video to the network drive. Requires a pretty solid connection, but is extremely robust.
