And this is why you never, ever, EVER enable biometrics. EVER. Make a damn password or at least a very long PIN and enter that shit every time.
For people who don’t want to do that: turn off your phone if there’s the likelihood that your phone will be confiscated soon (crossing a state border or getting a perquisition). This will
- Disable biometrics
- Encrypt everything
On Android, entering lockdown mode does the same thing. You can do it by pressing volume-up and power at the same time, then tapping Lockdown.
Not all phones work that way. Just tried it on mine btw
And this only makes it more expensive and time consuming to unlock. So if you’re small fry, they won’t waste the resources. But if you are a “person of interest” don’t be dumb, bring a burner phone.
Or power it off when they ask for it to disable biometric unlock.
Not always an option. Sometimes reaching for your phone to turn it off will get you killed. Just don’t use biometrics.
Completely agree. There are a surprising number of folks who should know better who will swear up and down how safe they are. If they like the convenience and the “cool factor” of using them…that’s fine, whatever, none of my business. Just don’t try to gaslight me that they are safe.
What a terrible decision. That’s like saying if you have a house key they can search your house.
There’s a reason they keep you focused on the first two amendments. Don’t want you realizing how comfortable they are with unregulated search and seizure.
Honestly idk how the civil forfeiture can possibly be considered constitutional
They can’t be, at least not without a trial.
That won’t stop the Court.
Sneaky fuckers thought I forgot about the third amendment.
Wasn’t there a court ruling that forcing someone to unlock their phone was unconstitutional? The fourth amendment seems to indicate a warrent at least is required to search someone’s papers, in the modern era that should apply to phones, obviously the constitution is meaningless if they want to do whatever but still.
Edit: in Riley v. California (2014) the Supreme Court unanimously decided that warrentless search of a cellphone during an arrest was unconstitutional.
The appeals courts are always willing to test SCOTUS decisions. Now it’s up to SCOTUS to defend it or not. It was a unanimous decision, specifically based on data privacy rights. So there’s actually hope for it.
The laws vary from state to state, and I am not a lawyer. But in general, I think it works like this. Things like your fingerprints, face, retina, etc, identify you. In many states, if the cops ask for your identification you are required to give it to them, and they are allowed to force the issue. Things like passwords, access to the interior of your home or vehicle, access to your business files, and things like that are not your identity and normally require a judge to sign a warrant (unless there are “extenuating circumstances”).
Personally, I think the forcing you to unlock your phone without a warrant is bullshit, especially since they have the upper hand anyway. And the phone isn’t going anywhere and neither are you. In most cases they have plenty of time to get a warrant.
This is why everyone should go into their phone settings and enable the lockdown mode option if it’s avaialbe. When I get pulled over I hold the power button and choose lockdown mode and then the only thing that will unlock the phone is my password. But my camera still works.
If your phone doesn’t have the option, just restart your phone. There’s a reason phones require the password and not biometrics on startup.
Things like passwords, access to the interior of your home or vehicle, access to your business files, and things like that are not your identity and normally require a judge to sign a warrant
This is exactly it. If I get arrested and they confiscate my house keys as part of entering jail, they don’t have automatic implicit permission to search my house.
And I don’t understand how this is not a better analogy for phones. Why doesn’t the contents of my phone have the same legal protection as the contents of my house? You may confiscate my key but I do not permit. If you have good reason and sufficient reason, do the damn paperwork and get a judge to sign off
My house key identifies me almost as well as my license. Seems like if they can use my thumb to unlock and enter my phone they could use my house key to unlock and enter my house.
I guess the distinction might be: your fingerprints are physical attributes of your physical person. Your house & house key are objects / property owned by you.
So if you have a fingerprint smart lock cops don’t need a warent to enter your house?
A phone is also property owned by you. Or by the company you work for, so it’s not even yours.
This is really about how to ensure they can’t unlock your phone even if they have a warrant. They can’t physically force you to give them the right code. SO they have to buy expensive software to clone the phone and try various passwords on the clones.
Doesn’t it boil down to like what you know is safe, what you are can be used?
Like they can’t make you give passwords, but biometrics are vulnerable.
Restart your phone beforehand so that it won’t accept biometrics
Both iOS and Android have Lockdown options, so that isn’t even completely necessary, granted it will also work.
Before the police pull you over?
On iOS hold vol up (or down) and power at the same time. It starts SOS but you can cancel. At this point Face ID is disabled and you must enter your pin to reenable it.
So yeah. As soon as you see lights, hit that cop button.
Just make sure you have all your docs on paper so you don’t have to open your phone.
PSA FOR IPHONE:
if you press volume up, then volume down, then hold the power button until the power slider comes on, then it will disable biometrics until next unlock
For GrapheneOS (custom android), there is Lockdown button next to power off and restart which does the same thing. I think it may be on other Android phones as well but not sure.
Graphene even has an option to enter a fake pin and wipe the phone iirc.
Yes, known as Duress password.
Yes, and it may be a good idea to have it just in case. But the courts in the US so far mostly ruled that police forcing you to give biometrics to unlock is fine, as it is the same as fingerprinting you when you are arrested. But forcing you to give pin/password is the same as testifying against yourself, which is against the 5th amendment. So they usually can’t make you to give them a pin/password. At least in theory. Still better to have it in practice.
Yeah, it’s a feature on stock android. Should be in most android flavors
Legit.
You won’t have the time or ability to do this when the police are involved. DON’T USE IT. It’s not secure.
Why tf to use biometrics then?
99% of the time im not in a situation where i am being confronted by cops, but crossing a border or a traffic stop it is nice to know
deleted by creator
By physical here, they mean using your biometrics by force. They’re still not allowed to beat you with a rubber hose.
A court, however, can force you to give up a password or hold you in contempt (which is essentially the rubber hose option). Having false unlocks defeats that
A court, however, can force you to give up a password or hold you in contempt (which is essentially the rubber hose option)
That remains to be seen; I don’t think that there’s ever been a definitive ruling on this in the US. One real problem is that they would have to be able to prove that you knew the password, and that can be a real problem. I have an old Tails drive; it’s been years since I used it, and I have no idea what the password is anymore. Shit, I sometimes have a brain fart and can’t remember the passphrase for my password manager, and I use that a lot.
*Veracrypt, Truecrypt is no longer maintained
iPhone users:
-
DO NOT USE FINGERPRINT unless you absolutely have to for, say, disability reasons.
-
if you use facial recognition, don’t. Same as above.
-
If you find yourselves in a situation with the police, tap the lock button 5 times. This forces a passcode to open the phone and they cannot (yet) force you to enter a passcode.
Anytime I am filming a protest or anywhere near police, I just tap the lock button a bunch of times in my pocket and I can rest easy.
Holy crap this is a great tip I did not know! I haven’t had a run in with the police in like a decade, but better safe than sorry. Hopefully I never need to use it, but I just tried it on my iphone and works like a charm, so thanks mate!
Another dude pointed out you can hold lock + volume up as well
Samsung users (not sure if it also applies to other android flavors):
Go to settings>lock screen>secure lock>show lockdown option and turn it on.
Now if you hold the power button for over a second, a menu pops up with an option to turn on lockdown mode. This disables all biometric unlock methods until the next time you unlock it.
You can also turn the phone off.
Edit: and I also have this on my Pixel so this may apply to all versions of android
Is it a rumor or is there a legal requirement that you must have some battery juuce left (in your laptop iirc) in order to cross US or UK borders? I remember this as an answer to “sorry, can’t fire up my device I’m out of battery”.
I’ve seen it happen when flying back to the US through Germany. There was random additional searches at the gate for select passengers. The guy next to me could not get his laptop to turn on as it was out of juice. He was told either he finds / buys a charger or the laptop is not flying with him on the plane.
-
That’s why passwords are safer in this situation. Cops can’t compel you to reveal it.
Oblig:
I miss when crypto nerd meant cryptography nerd
It still does. People who like cryptocurrency are crypto bros (regardless of gender).
?
They mean literal cryptography.
https://en.m.wikipedia.org/wiki/Cryptography
Now, a lot of old crypto bros were the origins of crypto currency, but that’s a different breed of nerd than the modern crypto bro. The difference is how much you like math and how many posters of Alan Turing you have.
cryptocurrency is applied cryptography, no reason you can’t like both.
I don’t really know how you misunderstood his post in order to correct you, but I’ll try.
He’s saying crypto nerds like cryptography and crypto bros are cryptocurrency shills.
Ah, I see. The confusion happened because crypto nerd absolutely does not mean that to the casual public anymore, as bemoaned in the parent comment, and I didn’t realize he was insisting there is still a distinction.
I really don’t have a leg to stand on with that topic because I always put “libertarian” in scare quotes.
The thing is, however, that a lot of the crypto nerds are also crypto bros. Or at least, they’re who the crypto bros were trying to be, the guys who were mining Bitcoin when it was worth $0.13, but those two people sound exactly alike on the Internet on their shared interest because they’re both trying to sell you the coins.
Yeah, unfortunately, this isn’t a new thing, just upholding the old standard. I explicitly avoid fingerprint and face recognition features because of this. Your fingerprint and your face are legally considered what you are, so things like 5th amendment right to avoid self incrimination don’t apply, but passwords and PINs are legally considered what you know, so you can’t be forced to divulge.
The wrinkle in this case is that the thumb print giver was in parole. The conditions of parole stated that failure to divulge phone pass codes on phones could result in arrest and phone seizure “pending further investigation”. The parole conditions didn’t say anything about forcible thumb print taking.
So the logic here seems to be:
- If he had agreed to unlock the phone then the result would be the same.
- If he refused to unlock the phone, that is a legitimate grounds for arrest. Fingerprinting is a routine part of being arrested, so there’s really no harm if it’s done on a phone in a patrol car. Either way, the result would end up about the same.
Yeah that’s even less than what the standard is. That’s just saying “you have to do what’s in the conditions of your parole, and we won’t accept sneaky technicalities.”
But I suppose “appeals court rules that you have to obey the terms of your parole” is far less ragebaity.
The real story here is how terms of parole are often ridiculous and contribute heavily to our high recidivism rate. Not to mention stripping away rights.
You can use the lockdown mode on Android, but you have to remember to turn it on.
Android: Search settings for “Lockdown” and enable “Show lockdown option”
When needed hold the power button and the lockdown option will appear alongside the standard power menu options.
IOS: Hold the Lock button and either volume button to show the power off screen. Cancel out and FaceID will be disabled until you use your pin to unlock the phone.
Not sure about Android but IOS you can actually use FaceID for all the things you want like password managers, log into PayPal, and other biometric features but have it disabled to unlock the phone. It’s what I do, you don’t need to spam anything. Just use a pin to unlock.
I’ve never understood people who are happy to give their biometrics to fucking PayPal and every other random company. Just use a password for everything.
You don’t “give” your *biometrics to any of them. Your biometric data is used to encrypt and store each services password hash or auth token on your device.
*At least when it comes to login authentication. Nothing stopping them from acquiring your biometric data from a hundred data brokers.
Nothing stopping them
Stop using biometrics for everything, that’ll help
That’s a fair point, I don’t want my info given to every private company out there. However the idea of the biometrics (if you take it at face value [no pun intended]) is that the biometrics are stored on the chip in your device. Then the password or authorization is then granted based on approval from that.
It’s not like you can grab another phone and try to log into said service with your biometrics.
What an outrageously evil and dystopian ruling.
Bending over backwards to find logic that lets cops ignore the Constitution.
If it’s a search violation without biometrics then it’s a search violation with biometrics. Next up they’re going to rule that no matter how much you get recorded telling them you don’t consent to a search, a search is legal as long as they can smash their way into your car.
This is Graphene OS had a distress code you can enter that will wipe the phone.
I wonder though, if you had that set up and the cops ask you for the code to unlock and you told them the code to wipe and they end up wiping the phone. Would they be able to charge you with evidence tampering?
“Sorry, my distress pin is 1 digit off of my unlock pin, you probably fat fingered it by mistake. I guess we’ll never know. You really need to be more careful.”
I’d expect so. You have the right to remain silent. You do not have the right to destroy evidence. How is wiping your phone any different from running around your house flushing things?
Because they would be the ones actually entering it, you would just say some numbers out loud.
But probably the smarter thing to do would be to leave the wipe code on a sticky note inside the phone case and hope they try it.
You can also set it to wipe if you don’t enter a PIN after a set amount of time.
How would they know
Because instead of unlocking, everything would get deleted when they entered the code.
They wouldn’t know it was you.
Luckily GrapheneOS has a duress passowrd feature. Very useful for these situatuons!
I didn’t know that. Is that in settings somewhere?
Edit: yep, see it now. Damn this must be new or I never looked into it.
It’s new as of about 1-2 months ago.
It was released with the 2024053100 build, so not even a month ago.
How does it work? Can someone use a specified finger to trigger the password requirement?
Nore information at: https://grapheneos.org/features#duress
Worth noting, with the caveat that how criminals are treated could eventually become how everyone is treated on the right slippery slope:
provisions of his parole required him to surrender any electronic devices and passcodes
Not everyone, just proles.
Ole Donnie T is technically in parole right now. Would love to see this provision applied in that case.
AlternativeeEmergency PIN for deleting the Phone
Laughs in Galaxy S8 where the fingerprint scanner only works if all planets are properly aligned which happens only once in 28 years.
Dude I have this old Galaxy XCover thing for my work phone and I swear to god I’ve wasted 3x as much time repeating the stupid fingerprint unlock over and over than if I just always used my PIN. It’s such a piece of shit.
“Cover the entire fingerprint sensor” “The fingerprint doesn’t match” “Try wiping the fingerprint sensor” “Try fingerprint again in 28 seconds”
Try going ahead and fucking off, Samsung.
This isn’t new. This can also be compelled by the courts. If you want your phone secure, don’t have one. If you want it to be expensive to open, use a long passcode, do NOT use fingerprint or face unlock.