In an ideal world you never lose your phone or have it on you when there is a risk of arrest. Of course, this isn’t always practical. Keeping your phone locked at all times when not in use is great protection, but some of your data could still be at risk if the cops get their hands on it. Here’s how to lock down your phone settings to keep your data as safe as possible, and what to do if your phone is lost or taken.

Best practices before anything bad happens to your phone

  1. Delete anything you don’t need from your phone — as many old contacts, photos, videos, apps as possible. If it’s not there, the bad guys can’t find it.
  2. Set disappearing messages for all your Signal groups. Even if you’re not sure if a conversation is sensitive, set messages to disappear in a week. This is the best way to protect conversations on your phone, and the only way to protect your messages on other people’s phones. Set a Signal PIN and enable the registration lock so that your Signal account is protected. Write down your Signal PIN somewhere secure. If you forget it, you lose your Signal account. Delete all signal messages and groups before heading out to a protest (or leaving the country).  Make sure Signal notifications are not activated at all (or your contacts and/or messages will appear on your home screen and cops can just screenshot your messages).
  3. Protect your phone with a good passphrase and lock settings. Use a passphrase generator (e.g. DicePass] with at least three words. This is the key to encrypting everything on your phone, so it’s important to make it as strong as possible! Write it down (or use secure password manager like 1Password) somewhere safe so you don’t forget it!
  4. Set your phone to automatically lock within a few minutes of inactivity. This will help keep your phone protected. Data, but not all data (see below), is only protected if it is locked. Take photos or video directly from the lock screen instead of opening your phone to access the camera.
  5. If your phone allows, enable remote-wiping. If you lose control of your phone, remote wipe it.
  6. Turn off message previews or notifications. If you can see it on your lock screen, so can the cops.
  7. Turn off voice controls. Voice control is one way for cops to be able to control and access an unlocked phone.

Before you suspect something bad might happen to your phone

If possible, power down your phone completely.  Make sure you have disabled biometric accessibility (fingerprint, facial recognition) by changing/disabling in your phone settings.

Your phone has been lost or confiscated

If your phone was confiscated, you should expect that the data on your phone was or will be copied by the bad guys/State using a universal forensic extraction device (e.g. Mass Extraction Device). How much of your data they will have access to depends on your phone’s state when they do this:

  • Unlocked? Everything. Including data from accounts that are signed into on your phone (like Gmail, X, Facebook).
  • Locked but turned on? Not as much, but still a fair amount, like your address book and recent messages. Basically, anything that might make it onto your lock screen, including your whole address book.
  • Turned off? Practically nothing, if you have a strong passphrase so they can’t just guess at the pass code needed to activate your phone. That’s why it’s always best to power down your phone if you can.

So what do you do now?

  1. If your phone goes missing, remote wipe it. This is a race between you and someone finding your phone.
  2. Get a replacement sim card (for the same phone number) ASAP, and access a new phone. This will let you take control of your phone number for things like 2-factor authentication. Install and access Signal on the new phone. This will also revoke Signal access from your confiscated phone.
  3. Change all your account passwords. Gmail, X, Facebook — everything. Actually, you could and should delete your Google account(s) completely and get on E2EE apps like RiseUp, Keybase, or Proton, instead!
  4. If and when you get your phone back, don’t trust it. If your phone leaves your sight, it’s an unusable brick and assume it could be “compromised.” If you can afford it, sell the phone (to a non-activist), trade it in to your cell provider, and/or replace it. If you can’t, factory reset the phone until you can scratch together money for a replacement phone. Factory reset any used phone before using it.

How do you figure out how to do these things? Ask a trusted friend or your friendly local tech genius . . . or the sales person at your cell provider’s nearest store.

Recommended Webinars

To request on-demand access to a recording, please visit our activist webinar web page.

• Security Culture, Grand Jury Resistance, & Ensuring Activist Network Safety (3/18/21) with Lauren Regan, CLDC Executive Director & Senior Staff Attorney. Join CLDC staff to learn more about how you can improve your digital & physical security practices to minimize the risk of corporate & government snooping, misinformation, & other interference. We’ll also discuss grand jury resistance — what that looks like & how activists can best support grand jury resistors & protect their community networks in the process.

• Activism & Security Year-End Tune-Up (12/17/20) with Stephanie Tidwell, CLDC Deputy Director; Marianne Dugan, CLDC Senior Staff Attorney; and Cora Borradaile, CLDC Digital Security advisor. As the year draws to a close, join us to review digital and physical security culture best practices, including threat assessments (and why they are essential!) to help keep you and your network safer in 2021.

• Replay: Digital Security for Activists, with live Q&A (9/24/20) with CLDC Digital Security advisors, Cora Borradaile and Michele Gretes. As the State ramps up efforts to criminalize dissent, join us to learn more about how you can keep yourself and your friends safe by using digital security best practices. We will have live Q&A after the replay of the webinar.

• Mutual Aid and Digital Security (4/9/20) with Lauren Regan, CLDC Executive Director & Senior Staff Attorney; Michele Gretes, CLDC Digital Security Specialist; Soraya Okuda, Education & Design Lead, Electronic Frontier Foundation; Organizers from Mutual Aid Disaster Relief.

**This blog was originally posted on June 23, 2021. This version was modified to provide the most up-to-date digital security information.