The New York Times had an interesting piece out this week about the lengths their reporters in China go to try and protect their sources and their data from the digital surveillance state. To quote a bit from the piece:
I use an iPhone because Apple tends to be more secure than Android. That’s especially true in China, where the blocks against Google mean there are a huge number of third-party Android stores peddling all kinds of sketchy apps.
It’s also important to realize that because Beijing controls the telecoms, your domestic phone number can be a liability. For secure apps like Signal, I toggle the registration lock so that if they try to mirror my phone, my account still has a layer of protection.
To get around the Great Firewall, I use a few different VPNs, which I won’t name because when we do bring them up they usually get new government attention….
In some parts of China, the police will demand to check your phone, usually to delete photos. Having two phones helps with this — to make it even trickier, I have the same case on both phones. But it’s also good to have other ways to protect your data. I use a few apps that disguise themselves as something innocuous but in fact hide and protect data. It’s also always handy to have a USB drive that can plug into your phone and be used to save stuff quickly.
I am always interested to see what others are doing. To a certain extent precautions like these are a fool’s game: if a state actor really wants to know what you are doing, then they will find out what you are doing. But the state cannot expend those kind of resources on every potential target of interest. A lot of security precautions are best thought of as ways to overcome the automated dragnet.
To that end, here is my proposal for secure communication in places like China: lose the phone altogether. Instead, buy an iPod Touch.
This is not an original idea on my part. Major media outlets like Wired and Vice have both suggested the idea before. On his old website, Justin Carroll wrote up a detailed five part series on how to set one up for privacy and security use. Michael Bazzell has described how he uses a iPod Touch as a central part of his privacy and security strategy on the Privacy, Security, and OSINT Show a few dozen times. The basic logic behind using an iPod instead of an iPhone is similar across all of these use cases. Cell phones are location tracking devices. Unless yours is stored in a Faraday bag, multiple providers, government agencies, and (in America) anyone with a few hundred dollars to spare can locate you. The strongest phone security can be defeated by “sim-swapping” attacks, a problem you will not have to worry about with an iPod Touch. And in my experience, security personnel are less likely to demand access to a “mere” iPod than they are to a phone, especially if you have some music or podcasts loaded onto it.
When I am traveling abroad, I usually have two devices with me: an iPod Touch and a very cheap alternative phone. This alternative phone will have a local sim card, if necessary; it will also have apps like WeChat or Line, whose privacy and security credentials I do not trust. (When in America, I keep this phone in a Faraday bag, and only log onto it when outside my home). On the iPod Touch there will be a set of secure communication, VPN, and 2FA apps, as well as potential sensitive (but not too sensitive) data I might need immediate access to. This device has a very, very long password and is set to automatically erase itself if false passwords are entered too many times.
Perhaps the most important app included on my ‘secure communication’ device is MySudo. MySudo is a cool app that lets you have multiple phone numbers hosted on one device. When in America, I communicate strictly through MySudo numbers. The number listed on my business card is one such number, that given to family members another, and so forth. I have a standing policy never to give out my actual phone number—to be honest, I do not know what it is.
Michael Bazzell has described how he uses MySudo to sync calls across multiple devices: an iTouch connected to his home WiFi is used for phone calls at home; iPhone connected to the same app does the job when he is outside the house. He places the iPhone in a Faraday bag at a set location before returning home to ensure that his carriers can’t leak his home address to those willing to pay for it.
I am a great fan of all this, but my use case is different. When traveling to a country (like China) where MySudo is not supported, it is useless for communicating with subjects in country. However, it is extremely useful for communicating with associates back home. A fast VPN, combined with MySudo, means that I do not need to leave any “call me back in three weeks when I return to America” inbox messages. As long as I have an internet connection, I can place calls directly with anyone in America. If my associate also has MySudo as well, these calls will be encrypted.
Do not put too much trust in encrypted calls if you believe you are actively being targeted. The easiest way to hear what is said in an encrypted conversation is simply to bug the room where the call is being made. But if your goal is to avoid pinging the automated dragnet, this is not a bad solution—especially in countries like China, where most foreigners are using VPNs anyway.
On a final, non-China related note: two other privacy/security products I strongly recommend using are privacy.com and Yubikey. An American who uses MySudo, privacy.com, Yubikey, and then has activated a credit freeze will be a hardened target when identity thieves or crazed readers come looking for you. If you have a public presence—that is, if you might potentially write or say something that will arouse irate twitter mobs of any sort—it is worth it to protect yourself with basic privacy and security measures like these before the barbarians are at the door.
 Paul Mozer, “Limiting Your Digital Footprint in a Surveillance State,” New York Times (27 February 2019).