Breaking Free: Part 1, why protesters should divorce big tech

Nathan Ferguson

4 min read
Breaking Free: Part 1, why protesters should divorce big tech
PDX Fascist Larpers

So, you’ve decided to stand up and protest against fascists. You feel safe(ish) in the crowd, but your phone is doing more work than you think:

  • It’s logging your exact location.
  • Every photo you take carries a timestamp and GPS data and potentially other identifiers as well.
  • That van parked on the street is likely running an IMSI catcher, a device that pretends to be a cell tower and tricks your phone into connecting.
  • SMS messages can be intercepted and read.

Once connected, police can collect your phone’s unique identifiers (IMSI, IMEI), link you to everyone you contact, and even map the entire protest network in minutes. That’s why privacy isn’t an abstract idea here.

Let's talk about what IMSI is and what this tool tracking it is capable of a bit more. IMSI is an acronym that means International Mobile Subscriber Identifier. It's how the carrier can identify your device and tie it to your account. There has been a long standing security vulnerability for GSM since the 2G protocol was launched. Unlike traditional security exploits there doesn't appear to be one specific Common Vulnerability Exposure or CVE assigned to this issue.

Phones work against protestors if not managed properly. They are designed to be connected to the internet at all times which is convenient, but also a liability but in a protest this is a liability for a few reasons:

1. Location Logging
Phones ping towers and Wi-Fi networks even when you aren’t actively using them. This leaves a detailed trail of where you were and when. Carriers keep these logs, and with a simple request, police can reconstruct your movements.

2. Metadata in Photos and Videos
Every image and video you take comes with metadata: the time it was captured, the GPS coordinates, the phone model, and sometimes even unique device IDs. Share that file, and you may be handing over evidence of where you were and who you were with.

3. Cloud Sync
Apple and Google love to back everything up “for your safety and convenience.” In reality, this means copies of your photos, texts, and notes live on their servers. Those backups can be subpoenaed or handed over in bulk to investigators. Even if you delete a file locally, it will likely still be available to authorities indefinitely.

4. SMS Interception
IMSI catchers can make SMS readable in the field, but how reliably that works depends on the device, the network, and the attack method.

  1. Protocol downgrade to 2G, where encryption is weak or optional.
    Attackers or law enforcement can force phones to connect over GSM (2G), which lacks robust authentication and can use weak or null ciphers. In that state, SMS is essentially sent in the clear over the radio and can be read by a man-in-the-middle.
  2. Active man-in-the-middle operation.
    An active IMSI catcher acts like a fake base station, routes traffic through itself, and can capture SMS, calls, and some data streams while the phone is connected. Some advanced IMSI catcher deployments explicitly include SMS interception capabilities.
    Newer standards help, but they are not a panacea; attackers can exploit other weaknesses or carrier cooperation.
  3. Signaling network attacks and carrier cooperation.
    Even if the radio link is not intercepted, attackers can exploit SS7 or other signaling weaknesses to request or redirect SMS via the carrier infrastructure. Separately, law enforcement can simply subpoena the carrier for stored SMS or delivery records. These are different from radio interception, but they get the same result: readable SMS content or metadata.

Best defense for protesters: do not use SMS for sensitive organization, prefer E2EE apps, Consider burner devices or leaving your main phone at home, disable 2G when possible, and assume carrier logs exist. Signal, or apps based on Matrix Such as Element are the best method of communication as they are End to End Encrypted. Get past the "but none of my friends are on Signal" head game, install it and take a look at the people you DO know that are using it. You might be surprised.

Real-World Case Examples

Geofence Warrants
Police in the United States have repeatedly used Google’s location data to identify people near protests, crime scenes, or political events. These are called “geofence warrants.” Instead of targeting a suspect, they request information on every phone that was in a certain area at a certain time. If you were present, you’re automatically swept into the arrest warrant.

iCloud Backups in Court
Apple markets itself as the “privacy-first” company, but iCloud is a goldmine for investigators. Multiple court cases have shown that even when people tried to secure their devices, iCloud backups provided chat logs, photos, and documents straight to law enforcement. The end result: the phone didn’t even need to be unlocked.

Why This Matters

Protest is about collective power, but phones shift that power imbalance back toward the state. With enough data, authorities can:

  • Identify who attended.
  • Map who is connected to whom.
  • Gather evidence without ever touching your device.

Big Tech’s ecosystem makes this process easy. Convenience for you means control for them.

What’s Next

First, my apologies for taking so long to get this series of articles out. I'm, going to try to get it done faster. This is just the first step in breaking free. In Part Two, we’ll talk about how to take back control of your device: starting with your phone’s operating system and the most critical settings to lock down.

In the meantime, remember: small changes add up. Turning off cloud backups, checking your photo metadata, and understanding how location tracking works already put you ahead of most people in the crowd.

Stay safe, stay aware, and stay connected, on your terms.

Read more