Using Your Phone in Times of Crisis

Fight Censorship, Share This Post!

Secure communications are especially important in times of crisis. Just being aware of surveillance has chilling effects in how we exercise speech, which is often under attack by all sorts of actors from criminals to our own governments. With war in Ukraine and political crackdowns in Russia, it is critical for Russians and Ukrainians alike to let their loved ones know they’re ok, to stay informed, and to organize.

It is not surprising that in times of crisis many people default to the most widely available system for staying in touch–the mobile network. But communicating over mobile networks comes with risks you should know about. Not only are there plenty of tools to intercept communications on these networks, but anyone with access to the network does not even need to engage in interception. That leaves your communications vulnerable to malicious hackers, companies, employees, law enforcement, and foreign government agencies.

The mobile network does not encrypt calls or text messages end-to-end, nor does it conceal your location. Anyone with access to the network can see all of that information.

Phone calls and text messages are easily intercepted, in particular when carried over the oldest of cell networks: 2G. This is why we’ve asked Apple and Google to offer capabilities for users to turn off 2G. Google has rolled out this option for its latest devices, but it is generally not available in Russia or Ukraine. Apple, we’re still waiting.

While we’ve urged people to stay away from 2G when possible, the 3G, 4G, and 5G networks aren’t secure options for voice and text communications either, particularly for those in Russia and Ukraine. Using these networks, your communications aren’t protected with end-to-end encryption, which means anyone intercepting them—including intermediaries—can see and hear the contents of your communication.  

If you shouldn’t be using the traditional mobile network for calls and text, what should you use? 

There are many apps that provide end-to-end encryption for both voice and text conversations regardless of the network used to transmit the communications. But there are limits to these protections, because unencrypted metadata offers a lot of insights about you. Metadata is the information that is transmitted along with your message. For example, this can include who sent a message, the recipient of a message, and the location of who sent it.

Even when using end-to-end encrypted messaging applications, your location is still available through the mobile network while your device is connected to it. This is necessary for the system to work. When someone calls you, for example, the network has to know where to send the call. While obviously very useful, it also means that anyone with access to the network can get your location. Cell site simulators (CSS) can also be used to locate people in the vicinity of the CSS. Reports claim the Russian military has not only destroyed 3G and 4G towers in Ukraine but also set up CSS there— an act that has apparently backfired and made Russian communications vulnerable as well.

Regardless of where you are—and particularly in Russia and Ukraine—you should not rely on phone calls or SMS to protect the privacy of your communications from government actors. Regardless of the generation of your network, end-to-end encrypted messaging apps like WhatsApp, FaceTime Audio, Theema, Wire, Signal, or Viber will provide significantly more security for your calls and messages. For two factor authentication or 2FA (the code you get to login into your account) you should try to use an app over SMS when possible.

Because everyone has a different threat model, knowing the strengths and weaknesses of different types of communication will help you make informed decisions on what’s the best to do, which apps have the best fit for your risk, and when to turn off your phone, or just leave it at home if possible.


Fight Censorship, Share This Post!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.