đž Archived View for splint.rs âş threat_model.gmi captured on 2024-07-09 at 00:16:06. Gemini links have been rewritten to link to archived content
âŹ ď¸ Previous capture (2024-05-26)
âĄď¸ Next capture (2024-08-18)
-=-=-=-=-=-=-
People have parroted that old cyber-security phrase - âdepends on the threat modelâ - so often, so quickly, and so vacuously, that I find my toes curling at the sound of it. But after a run-in with the mods on Redditâs /r/privacy, some noteworthy gaffs came up which made the old phrase feel new.
It started with /r/NewIran, where hopeful and irate Iranians, sick of the Unitary Theocratic Islamic Republic (i.e. âgovernmentâ) and their Supreme Leader (his actual title), talk about dissent and share memes. Someone posted a message: âdo not share details with people on the subreddit, as NeáşÄm [âthe governmentâ/ âthe systemâ] may pretend to be a supporter in order to find out who you areâ (and we know what happens then).
âIt might be good to share a general cyber-security guideâ, I suggested in the comments.
âYou should definitely do thatâ, replied the OP.
Iranâs a million miles away, and I donât know much about the culture. But if a pro-privacy FOSS-enthusiast canât answer the call to keyboard-war, then what is the point in all those laptop stickers?
So I got to work, with a deep-seated feeling of dread, knowing that the wrong information, or even mixed messages, might land someone in bother.
Articles about Iran focus on big stories, womenâs rights, and the evils of their government. They donât talk much about encryption.
However, some facts were still available:
1. Briar (the secure chat app) was designed almost for this exact purpose.
2. Signal received such heavy limitations that people started running proxies.
3. Finding facts in the swamp of loud Americans having opinions about what this says about their politics isnât fun.
4. Iranians could access internet over their phones pretty much all the time, but house internet received serious restrictions or simply went down entirely (different ISPs, presumably).
I posted a request for information on /r/privacy, which was promptly deleted. The mod left a single reply saying âalready covered in the sidebar: âDigital Security Tips for Protestors[a]â.
You might want to stop here and check out the link. Otherwise, hereâs a run-down of the headers:
1. Enable full-disk encryption on your device
2. Remove fingerprint unlock
3. Take photos and videos without unlocking your device
4. Install Signal
5. Read our Surveillance Self Defense (SSD) guide for street-level protests
6. Use a prepaid, disposable phone
7. Back up your data
8. Consider biking or walking to the protest
9. Enable airplane mode
10. Organizers: Consider alternatives to Facebook and Twitter
Every point in this list - a full 10/10 - has at least one serious problem when viewed as a resource for an Iranian protest. Iâve put a small list at the end under âProblems with Privacy at Protestsâ.
I made my own little protest on /r/privacy, but the mod doubled down, and refused to see this guide as anything but universal. Apparently /r/privacy have a list of âprivacy factsâ, which theyâre content to parrot without further thought.
All the back-and-forth, random research, asking a graphic designer to compose the images, dealing with right-to-left and UTF-8 issues, font problems, re-translating mistakes, finding another translator after the first disappeared (I hope theyâre okay), double-checking statements with various folks from /r/NewIran, took weeks.
Seems implausible for a couple of little images, but there it is. Weeks.
Some young Iranians successfully used Tumblr to communicate online. They took to fandom spaces and spoke in veiled English. Picture young women in a Powerpuff Girls forum, speaking about plans to move against âMojo-Jojoâ (a gorilla, who shouts and wears a turban).
The Tor Browser seemed good, except for the obvious trail it might lead. Luckily, the Tor developers had thought of that - it has a âbridgedâ mode, where it looks like something non-tor. Initially I made a guide which involved changing the language, but it turned out later that a Persian version of the Tor Browser exists, so I just changed the link, and remade the screenshots.
The guide should not advertise itself as âHOW TO EVADE POLICE AND BRING DOWN THE EVIL GOVERNMENTâ. That sort of message could get people in trouble. Instead, it would simply say âhow to stay safe onlineâ, and use plausibly-generic cyber-security advice.
Pretty much every website uses ssl certificates nowadays, so DNS spoofing wouldnât be easyâŚexcept with standard users, who would presumably accept any self-signed certificates if they saw enough pop-ups. Iran also once had a country-wide hack, which redirected their traffic, and allowed total inspection of would-be encrypted traffic. And of course, on an individual level, spoofing certificates seemed a real challenge for a government which had historically reacted to internet-type problems by just shutting it down.
Ultimately, DNS and certs seemed too much to think about, so I put it aside.
The final guide didnât have quite the translation I was looking for, and the bridge connection mode ended up with the English version, with Persian notes (I donât recall why). Mistakes were made, but some Iranians gave it a final run, then I put it out on /r/NewIran for people to do as they please. I have no idea what, if anything, happened with the images after that.
I was never sure about Briar, but I felt there wasnât much use in reminding people they could use Whatsapp - surely they already know! Briar also has the ability to communicate over Bluetooth and local Wi-Fi. Two people in the vicinity of a cafe where they have both had a coffee and connected once could communicate. Thatâs not amazing, but itâs not nothing, and the communication wouldnât advertise itself outside of that network. It could also keep this anonymity going through an entire chatroom, where different people have different responses and replies, or could host blogs to pass from phone to phone, simply via Bluetooth. A simple blog post about where thereâs danger, or how to circumvent danger, could be invaluable if it could spread through a city-wide movement.
Briar uses the tor network, which threatens to tell authorities that youâre using tor if you donât take extra precautions, but every report Iâd heard suggested that home-internet providers cooperated with NeáşÄm while mobile phone providers did not. One last tipping point for it was the generally unknown icon - authorities might be less likely to inspect that app if they couldnât immediately see it was a chat-app. This was a shaky judgement call, but in the end I went for it, recommending Briar.
I donât think I have a copy of the absolute final translation. This was before I reflexively wrapped every project and text note in a git log. So some changes were probably made since this material, but the translation would look something like this:
~~~~~~~~
Briar - chat app
[ QR Code Shows link to Briar on Google Play Store ]
Computer Safety at Home
What Your ISP Sees
~~~~~~~~
Tor Browser
When you use Tor browser, people cannot see which sites you visit, but they will know that you are using Tor! To remain more safe, install Tor, and then connect to a âbridgeâ, so nobody knows that you are using Tor.
[ installation instructions ]
~~~~~~~~
This guide to protests looks fine for the USA, and many points work for most European countries, but it absolutely does not work as a general guide.
1. Enable full-disk encryption on your device
Protestors who use full-disk encryption will simply be told to unlock their phone. This should be obvious, in addition to being confirmed by Iranians online, and also itâs really bloody obvious.
Why are you using full disk encryption anyway? It says right here in the settings, you have full disk encryption. What are you trying to hide?
Step this wayâŚ
So at this point, the âfull disk encryptionâ advice might have gotten someone dragged into a dark room for police to break their body.
2. Remove fingerprint unlock
Why bother? The article says âthe authorities can compel you to unlock with biometrics, but not a passwordâ. But of course, this means âthe American police, assuming they obey the rulesâ.
3. Take photos and videos without unlocking your device
Why? And why take photographs at all? To document police abuse, and later instigate a prosecution against the Iranian police?
The American mods apparently envision going to a Judge [ in Iran ], and saying âI was at a protest against the government, and filmed the police attacking my friend, who was with me at the anti-government protestâ.
At this point the judge in their head says âSorry your freedom was violated, here is lots of moneyâ, and presumably the rest of the world works the same way or whatever - theyâre foreign anyway so who cares?
4. Install Signal
How about Facebook, instead? /r/privacy objected to this on the basis that âthe governmentâ is watching Facebookâ, but NeáşÄm is not watching Facebook. Better yet, how about putting Whatsapp on the homepage of your phone, and burying Tumlbr with a bunch of other apps, for system settings, Maths, and Youtube?
Or how about swapping app icons, so the music app leads to Whatsapp?
Signal is blocked, and bypassing the block with a bridge doesnât mean anything unless everyone else uses Signal, which they wonât. So weâre back to the problem of a single super-private person with a Gopher page served over tor. Sure - itâs private, but itâs not âprivate communicationâ unless youâre communicating with someone.
5. Read our Surveillance Self Defense (SSD) guide for street-level protests
Is this guide available in Persian?
6. Use a prepaid, disposable phone
Can people in Iran buy pre-paid phones, without ID? Can they even buy sim cards without identification?
I read online, asked a few, and got mixed messages. I really donât know, and until someone knows, this is possibly useless and potentially dangerous advice.
Besides, how will a crowd of people get the money for a new phone every night for a month? Assuming they all have the funds for a phone-a-day, do local shops have the stock to supply burner phones to a crowd of thousands, night after night?
As usual, Americans think about how to keep themselves safe in the moment, not about how wider society functions.
7. Back up your data
Why? Because you might lose your cat photos and memes when the police confiscate your phone at the local rally? This really has no bearing on taking on a government.
8. Consider biking or walking to the protest
âŚbecause otherwise police cameras can pick up your carâs licence plate. You know - the car all Iranians go everywhere in, due to lack of public transport in America.
9. Enable airplane mode
The article mentions this will cut communication, so it may not be a good idea. Thatâs true enough - it may be an awful idea. Perhaps information from friends and colleagues has more value.
But this isnât information, or a tactic. The message simply says to turn off aeroplane mode and provides a couple of caveats after.
Of course if their ninth point had been âBriarâ, then aeroplane mode wouldnât cut the phoneâs ability communicate through Bluetooth.
10. Organizers: Consider alternatives to Facebook and Twitter
âŚor Mark Zuckerberg will have them deported for being foreign.
