From Hong Kong to Minneapolis, protesters around the world are standing up for their human rights. The right to peaceful assembly and protest are bedrocks of democracy, and we support everyone’s ability to exercise these rights. We created ProtonMail to protect people’s privacy and freedom from encroaching surveillance. For this reason, activists around the world have turned to Proton to keep their communications safe from monitoring and attacks.
However, it’s important for demonstrators to protect their privacy offline as well. Governments are monitoring protests with increasingly draconian methods, like the thousands of CCTV cameras in Hong Kong or the surveillance planes flying over cities in the US. And as protests become more and more publicized, it is easier for anyone paying attention to identify protesters by watching social media for photos and videos. Groups who oppose your beliefs could use this information to “dox” you, or reveal your identity, address, phone number, and other personal details online.
Law enforcement also has access to advanced tools that let them identify and track protesters by accessing their smartphones. They can then use this information to make mass arrests, even picking up peaceful and nonviolent protesters.
We firmly believe everyone has the right to peacefully voice their opinion, whether in the form of a blog post or a protest, which is why we compiled a guide that explains how peaceful protesters can protect their digital security.
Secure your phone
Smartphones have made it much easier for protesters to record what is happening in front of them. These video recordings can be powerful calls to action and also tools to hold those in power accountable. Smartphones also contain massive amounts of personal information and can be tracked. Many law enforcement agencies in the US have “international mobile subscriber identity-catchers,” or IMSI-catchers, such as Stingrays or Crossbows. These devices essentially act like a fake phone tower, letting authorities track a phone’s geolocation, its phone number, and sometimes even monitor the content of SMS and phone calls.
If you don’t want to risk having any of the data on your phone swept up, you have three options:
Leave your phone at home
This one is pretty self-explanatory: the authorities will not be able to track your phone at the protest if you don’t have it. To avoid any suspicion, leave your phone on while you are at the protest. For maximum digital privacy, you should not bring any device that can create an external connection, including smartwatches, fitness trackers, or Bluetooth headphones.
Depending on your threat model, you might decide the extra privacy of not having a phone at the protest is not worth the inconvenience.
Bring a clean phone
The phone you use every day is linked to your identity in all kinds of ways. If you are at a protest, it should remain at home (but still on) to make sure authorities cannot access it. If you want a phone with you at the protest, you should buy a new, cheap phone. However, for this to be effective, there are steps you will need to follow. This new phone can only be used at protests. You should not turn it on before you arrive at the protest, and you should turn it off before you leave. You will need a new SIM card. You cannot use your regular SIM in your “protest-only” phone. You should only load the apps that are essential. And you should not link your protest phone to your normal phone in any way.
If you buy a cheap, unlocked Android device and a prepaid SIM that you only use at the protest and then leave turned off the rest of the time, it will be very difficult for anyone to track or identify you. (If you get an Android device, do not log in to it with your Google account.) To be extra cautious, you should buy the phone and SIM with cash or a gift card. You could also use a trusted VPN provider, like ProtonVPN, to access the open source app repository F-Droid and download the apps you want for the protest. The goal is to put as little personal information as possible on this protest phone.
Buying a new prepaid phone can be expensive, especially if you’re only going to use it for one afternoon. If a new phone costs too much, you can bring your regular phone, but precautions should be taken.
Turn off all location data and keep your phone off unless you need it
This option offers you the least digital privacy. There are steps you can take, like deleting any apps that you do not need while you are at the protest, turning off your Android’s Location Tracking or iOS device’s Location Services, and disabling Bluetooth and WiFi. You should also disable background app refresh. However, if this is all you do, it will not be difficult for law enforcement to track your movements if they access your phone records.
You could also turn off your phone (and remove the battery, if possible) until you need it.
Encrypt your phone
Regardless of what phone you bring, if you have a phone at a protest, you must encrypt it. This will prevent the police or anyone who gets physical access to your phone from accessing your data. If you set a passcode on your iOS device, it is already encrypted. Most Android devices also automatically encrypt themselves, but if you are uncertain, you can tap Settings, then Security, and see if Device Encryption has been activated.
You should also make sure you update your device’s settings so that it does not display notifications when the screen is locked.
Turn off biometrics on your phone
You should not use biometric authentication, like face or fingerprint scans, to secure your iOS or Android device. While a US lower-court judge ruled that you cannot be forced to unlock your device using an eye, fingerprint, or face scan, it is far from settled law. These protections also vary from country to country: in both the UK and Australia, authorities can compel you to unlock your phone with a warrant. In any case, it is more difficult for someone who takes your phone to forcibly unlock it if it is protected by a passcode. A strong PIN or passcode should be at least 10 digits long and ideally will have a combination of numbers and letters. Americans should also remember that they are not obligated to share their passcode with law enforcement.
Use secure messaging apps that are end-to-end encrypted
If you are at a protest and are worried about your privacy, you should not use SMS. It is the easiest messaging method for law enforcement to intercept. Instead, you should use an end-to-end encrypted secure messaging app. The most secure messaging app is Signal. As a backup, you could use WhatsApp, which is also end-to-end encrypted (though Facebook controls the metadata).
Both of these apps secure your communications with end-to-end encryption, making it virtually impossible for anyone to intercept your messages while they are in transit. Signal allows you to set up disappearing messages, which deletes your messages from your device after you’ve read them.
Apple’s iMessage is also end-to-end encrypted. However, if you turn on iCloud backup on your iOS device for WhatsApp or iMessage, your messages will be saved in an unencrypted state.
Protesters should not use Bridgefy. Despite marketing itself as a “protest app” and an end-to-end encrypted messaging service, it is not end-to-end encrypted and should not be trusted with sensitive communications.
Bridgefy uses Bluetooth and a mesh network routing so that users can message each other without an Internet connection. However, a group of researchers devised a series of attacks against the app and discovered it puts an incredible amount of user data at risk. As Ars Technica reported, even attackers with only moderate resources can deanonymize users, decrypt and read messages, and tamper with messages in transit.
The researchers shared these vulnerabilities with Bridgefy in April, but they have not yet been fixed.
Use end-to-end encrypted email
As the world’s largest secure email service, ProtonMail’s messages are protected by end-to-end encryption and zero-access encryption. ProtonMail lets you send self-destructing messages, which are erased from your recipient’s inbox at a specified time you set. You can also protect the inbox on your phone with a PIN code. That way, even if someone is able to unlock your phone, they still will not be able to access your inbox.
The ProtonMail iOS app also has a feature known as the AppKey Protection System. If you have enabled PIN protection for your inbox, then the AppKey Protection System is automatically activated. It essentially prevents forensic searches from penetrating the ProtonMail app unless it can crack the PIN to your app.
With ProtonMail, all your messages are stored on servers in Switzerland, which means they are subject to Swiss law. We are prohibited by Swiss law from responding to a user data request from foreign law enforcement unless a Swiss court has approved it.
Be wary of posting to social media
You can put yourself and other protesters at risk by posting on social media. There is little point in going through the effort to protect your smartphone from being monitored if you are going to share everything you are doing on Facebook or Twitter. To preserve your privacy, you should be mindful of the information you share about yourself, your friends, and the protest in general.
Strip photos and videos of faces and metadata
If you do post to social media, you need to be careful what information those photos inadvertently expose. If you take a photo or video with your smartphone, it will record information about where, when, and with what device these images were taken. This is known as the photo’s metadata (or EXIF metadata). What you capture in the picture itself can also reveal this information.
You can prevent your smartphone camera from adding location metadata for both iOS and Android devices. You can also edit the metadata afterward using photo editing programs, like Gimp. Or, if it’s urgent, you can take a screenshot of your photo and share the screenshot. Screenshots do not collect the same metadata as regular photos, making them a more private alternative for sharing.
Your face is your identity
By the same token, if you are at a protest, it will be impossible for you to control who takes photos of you. You should plan on covering at least part of your face while at a protest so that attackers cannot easily identify you using other people’s photos. Covering your face entirely or covering part of your face and your hair will make you even harder to identify.
As a Swiss organization, we are politically neutral; however, we are unequivocal in our defense of citizens’ fundamental human rights. We believe everyone, including protesters, has the right to security, privacy, and freedom. Peaceful popular protests are often catalysts for long-overdue policy changes. If you are protesting peacefully and you want to protect your privacy, you should:
- Secure your phone (or leave it at home)
- Use end-to-end encrypted messaging and email apps
- Be careful about posting on social media
- Scrub out identifying information from photos and videos
It is also important to note that as a Swiss organization, ProtonMail is subject to Swiss law, meaning we will take firm action against those who use our service for purposes that are illegal in Switzerland. We have clear terms and conditions as well as a zero-tolerance policy for crime. If any user violates those terms and conditions or uses Proton in the commission of a crime under Swiss law, such as the destruction of property, we will disable their account.
We’re proud that ProtonMail and ProtonVPN have become tools that protesters and demonstrators use to share their voices. We are firm in our stance that everyone has the right to privacy, and we hope this guide helps peaceful protesters stay safe.
UPDATE Aug. 25, 2020: This story now includes information about the Bridgefy messaging app.
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy. ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support.