How Edward Snowden Would Use A Smartphone
Originally Posted: September 22nd, 2019
How Edward Snowden Would Use a Smartphone
In a recent thread on Twitter, Edward Snowden broke down how he would use a smartphone, if he had to. For someone like him, using a smartphone is dangerous. He explains why:
Even with "location permissions" disabled, the radios in the phone connect and report your presence to nearby cell towers, which then create records that are kept forever. iOS and Android both conceal uncountable numbers of programming flaws, known as security vulnerabilities. Common apps like iMessage or web browsers are dangerous: you can be hacked.
If he had to use a phone, he wouldn’t buy a normal off the shelf iPhone or Android device like everyone else. He would use @DanielMicay's @GrapheneOS as the base operating system. He would physically disconnect the microphones and keep the radios (cellular, wifi, and bluetooth) turned off when he didn't need them. He would route all his network traffic through the @torproject network. He wouldn't use WiFi at home, because global maps of every wireless access point's unique ID—including yours—are free and constantly updated. For network access, he would use Ethernet; yes, Ethernet on a phone.
Software and Hardware Restrictions
He would deny network permissions to any app that doesn't need it using an app firewall. He would (and you should!) use an ad blocker, password manager and block third-party cookies in the browser. They're simple, cost little or nothing, and protect you while making your phone faster. Slightly more disruptive changes he’d suggest are disabling JavaScript, tracking, and fingerprinting in the browser, and ideally avoiding the browser on a phone entirely. It is more secure to browse on a laptop (with @QubesOS) which does not have a history of everywhere you’ve been, since it lacks GPS & Wifi, and has @Whonix built-in. He would not use email, except as throwaways for registration. Email is a fundamentally insecure protocol that, in 2019, can and should be abandoned for the purposes of any meaningful communication. Email is unsafe. He'd use @Signalapp or @Wire as a safer alternative.
Even with all of these precautions, he still wouldn't consider a smartphone "safe," merely "safer." The technologies underpinning our most basic systems of communication are insecure, and often insecure by design.
His main point is not that you should use a phone like him, it’s that you shouldn't have to.
Privacy should not be a privilege, but because the legal system is broken, the average person today stands, at every stage of life, naked before the eyes of corporations and governments. This system of predation has survived for so long because it occurs under the illusion of consent, but you were never asked your opinion in a way that could change the outcome. On the most consequential redistribution of power in modern life, you were never granted a vote.
The lie is that everything happening today is okay because ten years ago, you clicked a button that said "I agree." But you didn't agree to the 600 page contract: none of us read it. You were agreeing you needed a job; agreeing you needed directions, email, or even just a friend. It wasn't a choice, but the illusion of it. The consent you granted was never meaningful, because you never had an alternative. You clicked the button, or you lost the job. You clicked the button, or you were left behind. And the consequences were hidden for ten years.
They can point to the law and tell us this is legal. They can point to the world and say everything is okay.
I disagree.
If you want to be even more paranoid, this 2016 episode of Vice on HBO can help with that.