Stop Using Your Face or Thumb to Unlock Your Phone
Stop Using Your Face or Thumb to Unlock Your Phone
The laws surrounding 5th Amendment protections and biometric passwords are still undecided, so just turn it off.
Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.
You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.
Further advice regarding civil disobedience:
LEAVE YOUR PHONES AT HOME. Write down some numbers in case you get arrested—or better yet, memorize them. There are journalists there for documenting. And there will be plenty of other people that don’t follow this advice. Leave anything they could use as leverage over you and your cohorts away. Don’t bring ID. Don’t bring anything except what you need for the action. It’s not worth the risk.
ETA: also, any of you with a new car? DONT DRIVE THAT SHIT TO ANY MEETING OR PROTEST. They’re spying on you. Don’t post about it. Don’t use any unencrypted messaging service to coordinate it—WhatsApp is not safe. Signal and probably some other less common ones are the only ones safe enough. Ride a bike there, stash it in a conveniently hidden spot. Bring a change of clothes, plan escape routes, plant the change of clothes either hidden on your escape route or wear them under your plain clothes. Cover tattoos. Leftist activists are not safe. And literally the rest of your life could depend upon how well protected you have made yourself.
https://www.theguardian.com/us-news/2022/feb/10/felony-charges-pipeline-protesters-line-3
So many states have pretty quietly passed laws to make you a felon for protesting. Even peacefully. And to make you a fuckin corpse. In the south especially, a few states were writing “go ahead, run over any protester in the road” laws.
Be smart. Be safe. Have a plan. Have a contingency plan. This isn’t “fuck around with the blunt end of the justice system and find out” territory, in 2024 US, it’s time to be as safe as you can while doing what’s right. Because doing what’s right is criminalized. Heavily.
## How to disable Face ID through the Power Off screen
- Hold down both the Side Button and either Volume Button at the same time for three seconds.
- The Power Off slider should appear. Tap Cancel.
You actually don't need to hit cancel, you can just hit lock, so you can do this whole thing with your phone in your pocket.
https://appleinsider.com/inside/iphone/tips/how-to-quickly-disable-face-id
This is easier and less intrusive than the lock-button-5-times method because it doesn't start making a phone call that you have to quickly cancel.
FYI Androids have a feature for this. If you are ever forced to interact with a cop you can press the side button and volume up(might be different on other phones) to select lockdown which will force your phone to only be opened with the password. Its gross that we need this feature, but now you know.
Terrible article. Even worse advice.
On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.
I suspect the same is true on Android.
Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.
With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.
If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.
On pixel, if you ever need to - press and hold the power button, select "lockdown".
(It might apply to other androids too, I don't know.)
You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.
Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.
Universal: You could also just the tap the sensor with a "wrong" finger a few time, and the pin will be required.
Maybe don't do this one in front the cops...if you find your self in a postion where they are trying to unlock your phone, you probably don't want to piss them off. .
Edit: I'm surprised no one called me out on "if you're ever need to". The sentence was going to be "if you're even in a situation that needs...", but that was getting too long. Forgot to change you're to you.
A stipulation of Payne’s parole agreement was that he be willing to provide a passcode to his devices, though that agreement didn’t explicitly refer to biometric data. However, the panel said the evidence from his phone was lawfully acquired “because it required no cognitive exertion, placing it in the same category as a blood draw or a fingerprint taken at booking, and merely provided [police] with access to a source of potential information.”
These both seem like bad calls. You have a right to privacy, right? And for police to access your files/home/phone tap requires obtaining a warrant.
Fingerprints at booking gives access to public records. Not your own personal private data. Pretty sure drawing blood is justified suspicion of DUI.
No.
For Android: learn the hard reset combo for your phone, especially if you encrypt it.
After rebooting, pattern/PIN will be required to decrypt the phone. Biometrics won't work for this step. This is what graphene does for security, tries to keep the phone in a "before first unlock" state by rebooting on a timer. You can't even read anything over USB/ADB, it's scrambled until you unlock the phone.
The only drawback to just keeping your phone in this state is none of your apps are loaded, so no notifications/updates/processing at all.
No.
This is the best summary I could come up with:
Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.
The case didn’t get a lot of coverage, especially because the courts weren’t giving a blanket green light for every cop to shove your thumb to your screen during an arrest.
The ruling was also complicated by the fact that Payne was on parole at the time, back in 2021, when he was stopped by California Highway Patrol where he allegedly had a stash of narcotics including fentanyl, fluoro-fentanyl, and cocaine.
However, the panel said the evidence from his phone was lawfully acquired “because it required no cognitive exertion, placing it in the same category as a blood draw or a fingerprint taken at booking, and merely provided [police] with access to a source of potential information.”
The Electronic Frontier Foundation, a digital rights group, has offered guides for best practices when attending protests, and one of those is to turn off your thumbprint or face unlock before you hit the street.
“The general consensus has been that there is more Fifth Amendment protection for passwords than there is for biometrics,” Andrew Crocker, the Surveillance Litigation Director at the EFF, told Gizmodo in a phone interview.
The original article contains 988 words, the summary contains 217 words. Saved 78%. I'm a bot and I'm open source!
I really think this depends largely on who you are and what you do with your phone. I have face recognition and fingerprint recognition both enabled on my phone. It's good enough to prevent a thief from gaining access to my device, and if law enforcement asked, there's nothing on my phone that could possibly be incriminating. Realistically, I'd have no issue just unlocking my phone and giving it to a police officer, although I do know well enough to always get a lawyer first. Biometrics add an extra layer of convenience; it's nice to just look at my phone and it unlocks. My concern personally is more about someone stealing my phone and accessing my accounts than self-incrimination.
If I ever was going to put myself in a situation where I'd run afoul of the authorities, I'd leave my phone at home anyway.
Stop using biometrics period.
Thank you.
