UPDATED 16/8/2020: Updated the dead Smartphone non root privacy hardening guide link with new 2.0 guide link.

Hello! Since I am a privacy advocate and help folks with threat modelling, it would be idiotic and ignorant not to have worked on such a guide for activists engaged with the protests going on in USA and other places.

This serves as a handbook, and I will improve it if there is a need (always room for improvement).

#WHAT IS A THREAT MODEL?

A threat model is simply analysing the requirements and the degree to which you need to utilise tools (in case of digital, software and hardware) for privacy in all aspects of life. It consists of:

  • threat actors (entities that can affect you like corporations, governments, police)
  • threat vectors (sources of spying or malware)
  • threat causes (X --> Y --> Z correlations)

#KNOWING THE PROTEST LOCATION AND YOURSELF

  • Use EFF’s guide on identification of type of surveillance (police cameras, drones, FLIR/thermal cameras).

  • If possible, take a covert trip yourself (or if your trusted comrade can) to the protest area before the actual protest to identify locations, area setup, objects like trees or area divisions or mini-landmarks, and prepare code words for these with your team or fellow activists secretly. You can photograph these places for better planning. Plotting 101.

  • Timing is key. Pre plan times you would send messages to each other, so you can keep device connectivity to a minimum. This allows for lesser chance of device comms interception.

  • Use masquerade eye masks, they are good enough for face recognition protection. Cheap and effective.

  • Wear less crafty and fashion-y clothes with complicated structures that could hinder your own mobility during running or sitting in protest area.

  • Someone could grab your hoodie hat to immobilise you. Wear a tight fitting T shirt or jeans with less pockets to not become an obstruction to your mobility. You get the drift.

  • The lighter stuff you carry on you, the more mobile you are. The lesser stuff you carry, the more independent you are.

  • COVID-19 instruction: wear a 3 ply mask or 3M N90xx mask to stay safe from virus breeding in crowds, do not be an idiot, keep and use 70% isopropyl alcohol sanitiser on you at all times before eating

#PROTESTOR/ACTIVIST THREAT MODEL

###Threat actors:

  • any ultra patriotic acquaintance of your friends or family or company coworkers
  • government or national surveillance programs by spying authorities (NSA in USA, CCP in China, NATGRID and CMS in India, Fourteen Eyes
  • police and other legal goons force suppressing your protest rights

###Threat vectors:

  • backdoors in phone software or hardware (from company of same country in which you live)
  • any SMS, Contacts, Telephone reading closed source apps
  • any app with Google or Facebook SDKs and internet permissions (use apps_Packages info from F-Droid to check such apps)
  • spying camera and microphone apps like Facebook (see this)
  • location misusing apps like Instagram or Snapchat (that openly uses location at all times to track friends and yourself)

###Threat causes:

  • backdoors in phone used by government in which you live (via phonemaker cooperating with government, subpoenas, data requests)
  • SMS, Contacts misusing apps that collect data to coordinate with government surveillance apparatus for legal threats and action
  • microphone, camera, location data easy to misuse against you for political opinions against own government
  • any closed source app with internet data or location access

###Safeguard measures:

  • DO NOT USE FINGERPRINT OR FACE UNLOCK. USE A STRONG ALPHANUMERIC PASSWORD WITH SYMBOLS. Plausible deniability is a great tool.
  • use the Lockdown feature in Android and iOS to cripple biometrics, or restart your phone quickly.
  • keep WiFi, GPS location, Bluetooth and cellular mobile data off as much as you can
  • use as much open source apps as possible
  • throw out those Google and Apple signed in accounts from your device
  • use Briar from F-Droid for anonymous nearby communication via WiFi and Bluetooth, no internet needed
  • use NetGuard app firewall from F-Droid to whitelist internet and WiFi app access, minimise list of apps that require internet
  • sandbox closed source apps or deny them their permissions as needed using Shelter from F-Droid
  • use CameraV app to click photos
  • use PilferShush Jammer from F-Droid with passive jamming to block microphone if not using
  • keep phone in secure pockets so it is not easily snatchable
  • use back covers with straps that allow stronger phone gripping

###Devices to use:

  • if possible, WiFi only tablet or device (Necunos Phone) or a smartphone without SIM card
  • if you must use a smartphone with SIM card, use a Huawei. (Cellebrite showed that Huaweis are uncrackable, while Samsungs or Pixels are less compromised, and iPhones are completely crackable. Also, Huawei attained BSI certification for data privacy management.) Huawei does not cooperate with governments which is proven by the lack of evidence to date.
  • rooted Asus/Motorola/FairPhone/LG/Sony with LineageOS and NetGuard app firewall, but these are easily crackable by Cellebrite’s tools so beware

#CONCLUSION

I guess this should do the job. If you have any suggestions, comment on the writeup. Good luck, fight for your rights, activists!