Oddbean

That’s a quality idea I’m not surprised Whatsapp is there… Signal I am though The report also claims it’s reading passwords… so how secure is LastPass or BitWarden? I’m guessing, so long as they are closed to begin with they are ok since they require a password to open

It looks like it sniffs the phone for unencrypted data stored locally. A lot of defences assume that the attacker doesn't have the unlocked device. It may be using weaknesses in the OS authentication mechanism. Wiping your phone would be a pain but I'd do it in a heartbeat if I was picked up.

This I can understand. Guess it’s hard for me because of my admitted life history. The amount of times people have chosen to immediately “judge me as evil” based on my lived experiences is ridiculous. Hugs 🫂

Learning the history of the #PactAct could be helpful. 🫂🫡🙏 What’s the #PACT #Act and how will it affect my #VA benefits and care? The PACT Act is perhaps the largest health care and benefit expansion in VA history. The full name of the law is The Sergeant First Class (SFC) Heath Robinson Honoring our #Promise to Address Comprehensive #Toxics (PACT) Act. The PACT Act will bring these changes: Expands and extends eligibility for VA health care for Veterans with toxic exposures and Veterans of the Vietnam, Gulf War, and post-9/11 eras Adds 20+ more presumptive conditions for burn pits, Agent Orange, and other toxic exposures Adds more presumptive-exposure locations for Agent Orange and radiation Requires VA to provide a toxic exposure screening to every Veteran enrolled in VA health care Helps us improve research, staff education, and treatment related to toxic exposures If you’re a Veteran or survivor, you can file claims now to apply for PACT Act-related benefits.

I'm neither a veteran nor an American. The government that controls my jurisdiction has little respect for the privacy & preferences of its citizens. The most effective substance I've found for oxidising toxins in the body is chlorine dioxide solution (CDS). A substance that's been used for over a century to sanitise water. It's very cheap & easy to obtain the raw ingredients to make at home. If you're suffering or know people who are suffering from the effects of toxin exposure, I'd definitely look into CDS.

Me too I’d wipe it without a second thought. This is why you shouldn’t rely on Face ID to open but always put a pin in If you refuse to open it they’ll detain you for as long as possible… could start trying to brute force it… but if you wipe it, they literally have nothing… actually quite fancy the latter… more satisfying

This device is called a Cellebrite UFED Touch, it's a device sold by Cellebrite - a forensics firm from Israel. It's a tablet preinstalled with Cellebrite UFED, a software suite for mobile device data extractions, which can be run portably. Also has a SIM cloning tool attached to it. It's a tool sold to forensics firms or police to do forensic cloning of a phone's data. That footage is several years old and the software looks different now. There have also been newer generations of the device. It comes in a big carry case with cables for every major new and old smart device. Cellebrite use existing exploits (like checkM8 on older iPhones) or develop their own, unknown exploits to try and brute force the credentials of phones so an investigator can unlock them. Cellebrite sell unique variations of UFED (Cellebrite Premium, Cellebrite Insurers) strictly for law enforcement or government clients that use unknown/zero-day exploits on certain devices which have a far greater device support catalog. Cellebrite typically compromise new iOS versions or iPhones a few months after releasing. The only devices they struggled with long-term are Pixel devices with #GrapheneOS installed on it, where they have no brute force capability and can only work on versions before 2022. (This doesn't imply the exploit was AVAILABLE in 2022, and it likely wasn't). Here are their device catalog just before this year's generation of smart devices were released: https://image.nostr.build/e0e3fb4623c342ad785b17aa1b5303b00952d2ef6ead45632dc6f80520e94714.jpg https://image.nostr.build/7b2ed94d43cceed0df88a8269d0592aca0f868f67b43315cc0503aa9519afa48.jpg For apps like Signal, SimpleX or others, if a person can have total access of the device and navigate the screen etc. then they can just open your app like a normal user and read the messages. Cellebrite sell a tool called Physical Analyser which reads the UFED data extraction and automatically parses/loads the data to put all the messages in all supported apps in one timeline for the investigator to read. If an app is supported by PA, just read there, if not, then just navigate the phone and take pictures of a screen with the camera. Protecting the application data with encryption via a passphrase helps. Molly (hardened Signal fork) does that, if they can't brute force the passphrase then they can't read the messages. Duress PINs for the apps don't help in this case because the data is cloned. A duress PIN for the OS would be a better countermeasure because the device wouldn't be cloned in that state. Protections already exist against these tools: First best choice is to use a very strong password that is impossible to brute force. Cellebrite isn't the only retailer in this space, there is also MSAB who sell XRY, and Magnet who sell GrayKey. Their capabilities generally are the same across retailers.