Read on Twitter
1/ Use Tor, use Signal -- unless your life depends upon them. https://twitter.com/TinkerSec/status/1267158243866001409
2/ If your life depends upon the security of your communications, then there is no substitute for learning how these things work. Experts might also use Tor and Signal -- but not in the ways naive users would that would expose their privacy. Experts might use something else.
3/ If you wait until your life depends upon it (such as you've suddenly decided to take up arms against the government), then it's probably too late. The government will already have access to all the communications records up to that point.
4/ It's like Reality Winner's google search history: when she decided to cross the line, she had already left a trail up to that line.
5/ Thus, you should be using privacy protecting technologies now, such as the Brave browser (when not using Tor), Signal/WhatsApp/iMessage for routine communications, and so on.
6/ Signal (and some others) use end-to-end encryption, meaning it's impossible for anybody in between to eavesdrop on your messages/call -- not even Signal itself.
7/ But this does not protect the ends. If you've been tricked into installing malware on your phone, the malware is on the "end" and thus can eavesdrop on anything that end does.
8/ Nor does it protect metadata. Eavesdroppers can't know the contents of a phonecall, but will know that you are using Signal, and will often know who it is you are calling.
9/ Much of the controversy of NSA spying and FBI gathering phone records is based on interception of this metadata, rather than intercepting the contents.
10/ If you don't fully understand the endpoint protection and metadata problems (much better than I've described them here), then using Signal will give you a false sense of security that isn't warrented.
11/ Your phone is a GPS tracker. Your phone keeps a log of its own location to an accuracy of a few feet. The nearby celltowers keep records of your location with varying accuracy which can often be less than 20 feet, but is usually more like 500 feet.
12/ Your phone updates its log every few minutes, so if they get your phone from you and run forensics, they can draw map where you've been. Celltower records update much less frequently.
13/ I have no idea about Stingray IMSI catchers. I doubt they are used because they tend to disrupt communications. They can easily be detected at mass protests, and the fact they aren't also leads me to believe police don't use them.
14/ (If I weren't afraid of the violence, I'd be downtown right now running Android tools to catch this.)
15/ The last several tweets are intended to show you that when you run Signal on a mobile phone for communications, the mobile phone can give you away.
16/ You can get cheap "burner" Android phones for $50. It helps a lot, the police have limited resources to go after you. It's not perfect -- if they REALLY want to get you, they'll go pull security cam feeds from mobile phone stores to get your identity.
17/ In other words, burner phones help your security a lot unless your life depends upon them.
18/ According to current court cases, the police can force you to put your finger/face on the sensor to unlock the phone, but they can't force you to divulge a passcode. However, constantly typing in a passcode every time risks people being able to see it. Tradeoffs.
19/ I asked the last time I bought one. The store said "three months". I'm sure it's hit-or-miss -- they aren't trying to track burner phones but instead keep away the riff-raff. https://twitter.com/VessOnSecurity/status/1267168782738432000
