WIRED Goodness and Locking Down Your Phone

Security News for Activists 25 February 2026

This newsletter is a free publication by the Institute for Secure Activism (ISA), a 501(c)(3) nonprofit organization dedicated to promoting personal security for civil rights, human rights, and social justice activists. We believe that technology should work for activists, and that we can actively limit governments from using technology to suppress activism. We focus on individuals who advocate for LGBTQ+, Black, Indigenous, immigrant and other marginalized communities. We provide hands-on training, instructional guides, and direct consultations to help people in civil society organizations protect themselves and their connections. Please consider making a tax-exempt donation to support our mission.

Subscribe to an email version of this newsletter

Call to Action: Get Off Of Google

Google will give your information to the government without a judicial warrant. Google makes their money by mining your personal data to help companies sell you stuff. Start your own DeGoogle journey today! Here’s a few steps to start with:

• Move your documents and spreadsheets from Google Drive to Proton Drive or Cryptpad.
  • Consider using one of the many free Cryptpad instances for end-to-end encrypted documents, spreadsheets, presentations, forms, and more!
  • Or sign up for a free Proton Drive account without having to create a Proton email address! Just click “Use your current email.”
• Even better, actually get that free Proton email and start to intentionally switch from your GMail account. Start giving out your Proton address instead of your Gmail, start switching over your bills and subscriptions bit by bit. Enjoy end-to-end encrypted privacy protection!
  • Alternatively, look at Tuta.com for another free, privacy-oriented, end-to-end encrypted email service. Just remember that while emails between Proton users are fully encrypted, and emails between Tuta users are fully encrypted… emails from Proton or Tuta to each other or any other email service are NOT encrypted.

Your Call to Action today is: Get Off Of Google!

WIRED Hits Another Home Run

Every time a new personal digital security resource hits the ol’ World Wide Web, we here at ISA take note. Our mission is to make technology work for activists rather than letting it being leveraged against them. That lets us celebrate every time a new & excellent online resource is published. That’s more content we can use to help you build better habits and more effectively configure your tech!

WIRED.com has published a very thorough and accessible guide to using online tools to organize grassroots activism. Most importantly, the WIRED article emphasizes honest threat assessment: do you really need to keep everything secret? How can you protect your critical information while balancing actually getting out there and taking action?

ICE Is Copying Citizen’s Phones

According to this article by The Intercept Immigration and Customs Enforcement (ICE) agents detained US Marine Corps veteran Steven Saari in Minneapolis on January 24, 2026. An hour before they detained Saari, ICE agents disarmed and summarily executed 37 year old American citizen Alex Pretti, an intensive care nurse with the Veterans Administration. Saari was wearing his daily-wear Marine camouflage uniform and was legally carrying a 9mm Glock handgun on his hip. The article isn’t clear on whether the gun was concealed, but we might assume that it was openly visible due to Saari being in uniform. As Saari was standing on a sidewalk and observing ICE activity, agents were initially confused: they assumed he was officially representing another federal agency. Soon, however, they detained him at gunpoint. They then “took scans and samples of his biometric data and made a copy of his phone — without obtaining a warrant.”

While there are clearly significant legal implications to ICE agent’s actions, let’s focus on something that’s within the scope of this newsletter: the agents’ alleged technical ability to copy Saari’s phone. If ICE agents were telling the truth, they likely conducted a “field-expedient collection” – they broke into the phone and grabbed as much data as they could in a limited amount of time. This is opposed to a laboratory collection, where the phone is sent to a forensic expert who deliberately copies every single bit of data from the device. In this kind of situation, circumstances must line up perfectly for agents to conduct a successful field-expedient collection:

• The phone copying (“extraction”) tool must be readily available. Extraction tools like Cellebrite Inseytes UFED cost thousands of dollars annually (over US$7k per year when I last checked) and must be continuously updated to be effective. Most local, state, and federal agencies do not issue such tools to every single officer or vehicle. There’s also no obvious reason why ICE street thugs would regularly carry such tools. These are snatch-and-grab crews “trained” only to tackle our neighbors and toss them in the back of blacked-out SUVs. They don’t have any obvious mission to gather intelligence “in the field.” They’re not collecting evidence to prosecute a case. They’re simply gangs of kidnappers.
• A moderately experienced technical operator must also be available. Extraction tools like Cellebrite attempt to be as “plug and play” as possible, but it’s never that simple in practice. A technical operator learns tips and tricks through repeated practice and regular training. These techniques often make the difference between a successful phone copy and a failed extraction.
• The phone MUST either be unlocked or have a vulnerability which the extraction tool can exploit. That vulnerability can be the phone’s human owner: agents can physically force a detainee to unlock their phone via face or fingerprint, or they can illegally coerce the phone’s owner into giving up their PIN. Alternatively, older phones with older operating systems tend to have unfixed technical vulnerabilities which can be exploited by advanced extraction tools.

You Can Do Simple, Effective Things RIGHT NOW

You can protect your phone from this kind of illegal access:

• Put a long and strong PIN on your phone. 8 digits minimum, 12 or more is preferable. Random numbers are best. Numbers associated with you or your family are the worst. Birthdays, anniversaries, phone numbers, or addresses are things a competent adversary will guess.
• Set your phone to wipe itself after a number of incorrect PIN guesses. This setting is usually found in your Settings app near the PIN options. Where this specific setting can be found depends on your model phone and operating system version. Note: don’t do this if you have a toddler in your household! Ask me how I know.
• Disable your Face or Fingerprint unlock whenever you enter a situation where your phone might be taken from you. On a daily basis, in lower threat environments, I believe that the benefits of biometric unlocks outweigh the risks: Face and Fingerprint unlock prevents anyone else from seeing your secure PIN. However, it’s a constant tradeoff between convenience and security.
• Practice how to quickly deactivate your phone’s biometrics. If a risky situation arises too quickly to properly disable your biometrics, you may still have an option. On many Android phones: first unlock the phone, hold down the Power button, and then tap the “Lockdown” button. On iPhones, press and hold the Side button and one of the Volume buttons until the “Slide to power off” screen appears, then tap “Cancel.” These actions should disable your Face or Fingerprint unlock function until you enter your PIN again.
• Check if your phone has a “Duress” PIN function. I’ve only seen a Duress PIN in Graphene OS so far, but I have hopes that more mainstream OSes might implement it. The Duress PIN is an alternative PIN which, if entered, causes the phone to immediately wipe itself. This is the PIN you might give to an agent attempting to coerce you into unlocking your phone. Be sure to berate the agent soundly for “breaking your phone” when the phone “unexpectedly” rolls over and dies after they enter your Duress PIN.
• Update your operating system and all of your phone apps IMMEDIATELY when new versions are available. Apple and most leading Android manufacturers (Google, Samsung, etc) typically put out security updates very quickly. They don’t want your phones cracked open any more than you do: it’s bad for business.
• Replace your phone every 2-3 years. Older devices are more vulnerable simply because companies like Cellebrite have had a longer time to find physical vulnerabilities. For example: I sincerely hope no-one is using an iPhone 10 (or older!), but if you are it is DEFINITELY time to upgrade. Every iPhone 10 and older has an unpatchable (meaning un-fixable) hardware flaw.
• Back up your phone! Be willing to let your phone wipe itself. The emotional security and mental flexibility we build through reliable backup habits are invaluable. If you’re on an iPhone and you’re using iCloud for backup, be sure to enable Additional Data Protection in iCloud settings: this end-to-end encrypts all of the data you sync to iCloud, to the point where not even Apple can read it. Unfortunately there isn’t currently any equivalent protection for Android phones.

Fundraising Success

While we didn’t quite meet our fundraising goal for February, we did receive an incredible gift: secure digital radios! These will help our partner Community Watch and Rapid Response organizations immensely. Thank you so much!

Thank you!

As always, thanks for subscribing, send me your questions and comments, and please consider donating! We’re all in this together.

We take care of us, we keep our community safe, we look out for each other. Go do good work!

Brian C. Stearns

Executive Director, The Institute for Secure Activism