In an ideal world you never lose your phone or have it on you when risking arrest. Of course this isn’t always practical. Keeping your phone locked at all times is great protection, but some of your data could still be at risk if the cops get their hands on it. Here’s how to lock down your phone settings to keep your data as safe as possible, and what to do if your phone is lost or taken.
Best practices before anything bad happens to your phone
- Delete anything you don’t need from your phone — as many old contacts, photos, videos, apps as possible. If it’s not there, the bad guys can’t find it.
- Set disappearing messages for all your Signal groups. Even if you’re not sure if a conversation is sensitive, set messages to disappear in a week. This is the best way to protect conversations on your phone, and the only way to protect your messages on other people’s phones. Set a Signal PIN and enable the registration lock so that your Signal account is protected. Write down your Signal PIN somewhere secure. If you forget it, you lose your Signal account.
- Protect your phone with a good passphrase and lock settings. Use a passphrase with at least three words. This is the key to encrypting everything on your phone, so it’s important to make it as strong as possible! Write it down (or use secure password manager like 1Password) somewhere safe so you don’t forget it!
- If needed, activate fingerprint unlock. This lets you quickly unlock your phone and so you can actually use a long passphrase. Practice deactivating fingerprint unlock by pressing the wrong finger over and over. This will make your phone unlockable only with your passphrase, which you should do if you fear your phone is about to be confiscated. Bonus: practice with your phone in your pocket!
- Set your phone to automatically lock within a few minutes of inactivity. This will help keep your phone protected. Data, but not all data (see below), is only protected if it is locked. Take photos or video directly from the lock screen.
- If your phone allows, enable remote-wiping. If you lose control of your phone, remote wipe it.
- Turn off message previews or notifications. If you can see it on your lock screen, so can the cops.
- Turn off voice controls. Voice control is one way for cops to be able to control and access an unlocked phone.
Before you suspect something bad might happened to your phone
If possible, power down your phone completely. If not, disable fingerprint unlock by trying to unlock with the wrong finger multiple times.
Your phone has been lost or confiscated
- Unlocked? Everything. Including data from accounts that are signed into on your phone (like Gmail, Twitter, Facebook).
- Locked but turned on? Not as much, but still a fair amount. Like your address book and recent messages. Basically anything that might make it onto your lock screen, including your whole address book.
- Turned off? Practically nothing, if you have a strong passphrase. That’s why it’s always best to power down your phone if you can.
So what do you do now?
- If your phone goes missing, remote wipe it. This is a race between you and someone finding your phone.
- Get a replacement sim card (for the same phone number) ASAP, and access a new phone. This will let you take control of your phone number for things like 2-factor authentication. Install and access Signal on the new phone. This will also revoke Signal access from your confiscated phone.
- Change all your account passwords. Gmail, Twitter, Facebook — everything.
- If and when you get your phone back, don’t trust it. If your phone leaves your sight, it’s an unusable brick — assume it could be “compromised.” If you can afford it, sell the phone (to a non-activist) and replace it. If you can’t, factory reset the phone until you can scratch together money for a replacement phone. Factory reset any used phone before using it.
To request on-demand access to a recording, please visit our activist webinar web page.
• Security Culture, Grand Jury Resistance, & Ensuring Activist Network Safety (3/18/21) with Lauren Regan, CLDC Executive Director & Senior Staff Attorney. Join CLDC staff to learn more about how you can improve your digital & physical security practices to minimize the risk of corporate & government snooping, misinformation, & other interference. We’ll also discuss grand jury resistance — what that looks like & how activists can best support grand jury resistors & protect their community networks in the process.
• Activism & Security Year-End Tune-Up (12/17/20) with Stephanie Tidwell, CLDC Deputy Director; Marianne Dugan, CLDC Senior Staff Attorney; and Cora Borradaile, CLDC Digital Security advisor. As the year draws to a close, join us to review digital and physical security culture best practices, including threat assessments (and why they are essential!) to help keep you and your network safer in 2021.
• Replay: Digital Security for Activists, with live Q&A (9/24/20) with CLDC Digital Security advisors, Cora Borradaile and Michele Gretes. As the State ramps up efforts to criminalize dissent, join us to learn more about how you can keep yourself and your friends safe by using digital security best practices. We will have live Q&A after the replay of the webinar.
• Mutual Aid and Digital Security (4/9/20) with Lauren Regan, CLDC Executive Director & Senior Staff Attorney; Michele Gretes, CLDC Digital Security Specialist; Soraya Okuda, Education & Design Lead, Electronic Frontier Foundation; Organizers from Mutual Aid Disaster Relief.