If you are going to a protest, consider not bringing a phone with you. But if you do bring one along, there are some steps you can take to minimize your risks.
I helped update The Markup's guide originally published in 2020:
https://themarkup.org/the-breakdown/2024/05/04/how-do-i-prepare-my-phone-for-a-protest-updated-2024
@dphiffer that's bad #Disinfo because neither #WhatsApp nor #Signal are #secure!
They don't even provide real #E2EE nor #SelfCustody of Keys!
DO NOT USE THEM - OR ANY OTHER #Centralized #SingleVendor and/or #SingleProvoder SOLUTION!!!
@[email protected] people who use any #centralized, #SingleVendor and/or #SingleProvider #Communications Service like @[email protected] , #WhatsApp, #Telegram, ... for anythibg serious should be disqualified per law to teach others about #InfoSec, #ComSec, #OpSec or #ITsec, because their #Disinformation will sooner or later kill people! Use proper #E2EE and exercise #SelfCustody of #Keys, like with #XMPP+#OMEMO. Fortunately, @[email protected] / #MonoclesChat, @[email protected] and others make that easy to do. Fon't forget to *NEVER EVER* use #biometrics to unlock devices, properly encrypt your stuff and tunnel all comms over @[email protected] / #Tor so even if they eavedrop your entire comms, all they get is a garbled mess you can't decrypt even if you wanted to!
@moehrenfeld @dphiffer that doesn't matter because @signalapp / #Signal falls under #CloudAct and collects #metadata that the #NSA publicly admitted to use to kill people.
Not to mention their ability and willingness to restrict access and functionality to their services in part or whole based off #PhoneNumbers thes never had a "legitimate interest" to collect in the first place...
@[email protected] @[email protected] again: That is mitigateable by having plausible deniability of said identities *and* using @[email protected] / #Tor to connect to said services. In fact, just using #Orbot and @[email protected] / #monoclesChat allows you to connect to [any XMPP Service]( https://github.com/greyhat-academy/lists.d/blob/6baa1cd666a4d41874b00e86b41ef0aede9d5719/xmpp.servers.list.tsv ), including those that have an #OnionService. It takes mere seconds to get someone setup and ready to go! Whereas with #centralized, #proprietary & #SingleVendor / #SingleProvider services, your only security is said provider/vendor saying *"#TrustMeBro!"*... Espechally tying accounts to #PhoneNumbers is a big no-go IMHO because that's trivial if not already being spied upon by LEAs and in more juristictions than ever before it's basically illegal to acquire any #SIM without *"identification"* aka. self-doxxing towards the provider! And if you really need like an organization group chat, self-hosting #Zulip is an option, as the messages are kept on the server and you just kick user accounts if they get arrested or their equiment confiscated. #ComSec & #InfoSec necessitate proper #OpSec & #ITsec anyway...
@kkarhan You stated two completely untrue things. I think that matters. Also, #Signal does not collect metadata, they even go lengths to prevent metadata collection. They can provide timestamps for account creation and last connection to the service and that’s it.
https://signal.org/blog/sealed-sender/
Phone numbers are used for Spam prevention and (optional) contact discovery, and while I understand why that might be an issue for some I also understand why they do it. (1/2)
In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, ...
@moehrenfeld No, #Signal does not go out of their way, and there are way better options to prevent spam than collecting #PII such as #PhoneNumbers, for which "#Spam prevention" is not a "legitimate interest" as per #GDPR.
Not tocmention their #ToS suck and they are not only able but also willing to use said PII against users in restricting access to it.
@signalapp knows that, and I consider them just as much of a #Honeypot as #EncroChat or #ANØM aka. #OperationIronside aka. #OperationTrøjanShield were...
All #centralozed aka. #SingleVendor and/or #SingleProvider solutions are bad - and Signal is no exception from that rule!
@kkarhan @moehrenfeld @signalapp
So you agree they don't collect Metadata
It'd be nice if you refrained from writing fud
Dan Phiffer
several horny cats
Feu d'jais 
DocRekd
Kevin Karhan 
Sebastian
Cali Spera