Privacy in the US got a whole lot more important

What the hell happened?

In short, Roe v Wade was overturned by the Supreme Court.

For those of you not following the news (in the past 50 years), Roe v Wade was a ruling that basically made it legal to obtain abortions. For the past 50 years, it was the thing allowing women in the US to get abortions. Now it is bye bye to that option.

How will they even track that?

If this happened 20 years ago, the method would’ve been good old police work. Going around, asking questions, interviewing suspects. Now? You give them that data and an algorithm “divines” that you’ve had an abortion. Believe it or not, that data is valuable not only to you, but to advertisers as well.

But I would never give them that data!

Oh, but you are. Your phone probably has a period tracking app installed as we speak. That app, in itself, may not mean much, but if the app is free, who is the product? The answer is you. Your period data is sold to third party companies, who then make a better and more accurate image about who you are and what products to push to you via advertisements. There have been situations in the past where purely based on what a girl shopped for at Target, a company was able to guess her pregnancy to a few weeks of accuracy! Source - Forbes article

What the hell do I do about it?

I am not in a position to order anyone to do anything, and even if I were, this is your decision. What I can do, however, is provide resources for you all to gain a little more privacy and a means for you to dissent safely.

Period tracking

This is most likely the first thing to take care of. The progress of your period is now information that may be used as evidence for the “crime of having an abortion.” The best way to go (but the least convenient) is to chart on paper. I could rant on about benefits of paper-anything for this, but there is a much better article that addresses just that. Point 4 of this article specifically mentions the fact that “[an app] is using your past data and tens of thousands of other user’s data, to predict whether or not you are fertile.” Pen-and-paper might not seem like the easiest way; however, it is the most secure method out there. You cannot data-mine paper over the internet.

In case you really can’t do without an app, there are solutions. These will be on-par with pen-and-paper in terms of accuracy (best-case scenario, they will not send any data out). Here is a link to F-droid search where you can find an Android app that may suit your needs. It is open-source, and it is not provided by Google. Just download F-droid (or the individual APK by itself) and you’ve got a period tracker that shouldn’t send your data out as much (if at all), since these apps are provided by very small companies and individuals, with their source code wide open. F-droid can also inform you if an application is sending data out or if it is collecting any metrics on your usage of the application.

Privacy on your device

Regardless of whether you have an Android device or an iPhone and you haven’t done anything to make your device more private, chances are your phone knows more about you and people you are close to than even you do. Therefore, if you want to dissent (as I’m sure many of you do), here are some things to do. This part will be “additive”, so we’re not removing anything. If you really want to go deep down the rabbit hole, this will be discussed later.

  1. Delete any period tracking app you may have currently, install one that respects your privacy (or get a FOSS application that does not track you). Alternatively, grab pen and paper and learn how to track periods offline.
  2. Install FOSS apps wherever possible (Organic Maps or OSMAnd+ for private navigation. Bonus: You can download maps and keep them offline!)
  3. Install secure messaging (WhatsApp / Messenger is not private. Get Signal, and get your friends on Signal. There are more secure ways, we’ll discuss those later)
  4. Get a VPN or learn how to use the Tor browser. It may come in handy in the future, better learn it now and never need it than never learn it and need it.

These 4 points alone should give you some peace of mind. If you still feel like you may be exposed in some way, we can go deeper

Going further on privacy

If you want to engage in dissent of any form (dissent, protests, providing information on underground clinics), you need to be careful. What you are stepping into is the realm of clandestine operations, and as such, it should be approached with everyone’s security in mind. To not get “rolled up” (as is often the case in spy operations where operatives get lazy or careless), we need to ensure you do your dirt in a way that won’t lead anyone back to you.

To do this, you may have to give up some of your former life, or adjust how you use the devices you have now.

Messaging for the paranoid

First step would be to stop sharing everything with data collection companies. Your google or iCloud account may be the most telling. Get a second e-mail address, not tied to your name, with a privacy-focused provider (Tutanota, ProtonMail). These companies encrypt your data by default, so anything in your inbox, not even ProtonMail can read. If you send e-mail from Protonmail to Protonmail (or Tutanota to Tutanota), the data is also encrypted in transit, so not even Tutanota knows what someone sent you from Tutanota.

The same applies for Signal: If you send messages from Signal to someone who also has Signal, the messages are encrypted. Not even Signal knows what you are talking about. WhatsApp claims to have this functionality as well, however they cannot prove this fact. Signal, on the other hand, has its source code open to the world. If you want even more paranoid messaging, Briar or Session work for those purposes.

If you are technically adept, you may want to roll your own chat server. For that, Matrix or Prosody (an XMPP server) may suit your needs.

Your phone, the biggest snitch of all

I know you have heard this before, but it bears repeating. Your phone knows who you are, where you are, what you do and who you do it with. It is equipped with cameras and microphones and the reason Google provides Android OS for free is that you are the product. However, there are many things we can do to make our phones work less for the companies and more for us.

Faraday bag

The easiest thing (if you do not want to modify your phone in any way) is a Faraday bag. A simple pouch, which, if you put your phone inside it, kills all incoming/outcoming connections. Since many phones have non-removable batteries, this is your best option to make sure your phone is not communicating with any cell towers or reporting your location. Silent pocket is just one of many companies that sell these. This is a very good tool if you need a protest.

De-googling your phone

If you are willing to mod your phone, you may install a third-party Android ROM. This allows you full control over what you want to install in your phone, including (but not limited to) Google Play Services. I have not had a Google account since ~2013 and I am still alive, so there is no reason in my mind that would prevent you from installing something like LineageOS. They support many older devices, which means you may repurpose that old phone in your drawer and breathe new life into it. What I would recommend, though, at a higher cost, is a second phone, with no previous ties to you.

Privacy habits

The steps I outlined out here are easy to do. Getting a Protonmail address takes a few minutes, setting up Lineage may take an hour. However, as with everything, we may get lazy over time and start cutting corners. If you want to go down this rabbit hole, the biggest issue is consistency. I will now try to outline a few stories (from non-existent people) that may give you an idea of what I’m actually talking about.

  1. Mary Doe started living privately. She got a new phone, installed a ROM without Google Play Services, learned how to use Tor. However, once she was hidden in the Tor network, she went ahead and logged into her Facebook account. This gave Facebook a trail that literally said “On this date and time, Mary Doe connected from this Tor IP address.” Everything Mary did from that particular connection was now traceable to her as a person.

  2. John was scheduled to go to a protest. He got his private phone, he had his Faraday bag on him so he could disable the phone if need be. Once he got to the location of the protest, he put his phone in the bag and started expressing his dissent. After the protest was done, he took a train home, relaxed, and took his phone out of the bag. All went well, until three days later, when the police came and arrested John for taking part in the protest. The main issue was that the phone John used was traced to the protest, where it suspiciously went dead, and only after the protest did it turn on again. The police only had to ask the service provider for where the phone was seen (by the cell towers) and were given the location where the phone spends ~9-12 hours every day. That must be John’s home!

These two examples are two small mistakes that can lead to a full failure of anything these people have set up. Privacy is a process that must be adhered to. The higher the stakes, the higher the need for consistent and rigorous privacy practices.

More resources

I am by no means a ghost. Far too many people know who m4iler really is, and that number means that one day, I may have to “roll up” this pseudonym and go under a new alias. Furthermore, entire books have been written about privacy in today’s digital world, so what can I, a small techie, do in a few hundred words on a blog? Well, I can’t do everything, but I sure as shit can give you some resources to look at.

  • IntelTechniques.com - The author used to be a fed, but if you don’t interact with him and just listen to his podcast, you may learn many valuable pieces of information. His books are also a great source for those looking for privacy. The podcast comes out weekly and, at the time of writing, is going through basics of privacy on MacOS, Linux, etc.
  • LineageOS - The custom Android ROM I was talking about
  • GrapheneOS - the most private ROM to date. If you want an alternative, use Calyx. Only installable on Google Pixel devices, but as far as I can tell, it does the most for your privacy needs.
  • EFF SSD - EFF’s website on surveillance self defense. Very good read on the basics and advanced topics.
  • F-Droid - the FOSS app store for Android. Highly recommend.

This list is by no means exhaustive. If you want help, you can contact me on XMPP or e-mail at m4iler AT this domain.

Keep strong, people. I may not be present or have the right to vote in your affairs, but I will help wherever possible.