This is a draft.
I’m starting my own Secure Messenger Scorecard based on the prior work of the Electronic Frontier Foundation.
I’ve created an editable Google Doc for further input and development.
Please scrutinize and contribute by Signaling me, emailing me or tweeting at me.
Note: Be aware that these operational security guidelines are generally not applicable if you’re attempting to evade your own government’s surveillance. Not only do all new iPhone registrations (software and hardware identifiers) go through NSA-surveilled datacenters, the only way to avoid passive or active cellular tracking is to not use a cell phone. Further, everything listed here depends on your threat model.
- Assure that your iPhone is generation 6 or greater (A7, A8, A9) to benefit from Secure Enclave.
- Only use a randomly-generated (stored offline and/or memorized) 12+ digit alphanumeric passphrase.
- Enroll in TouchID to minimize shoulder-surfing passphrase disclosure, but be aware of where you leave your fingerprints.
- Register your iPhone on someone else’s account so not to attach SSN to IMEI/IMSI/SIM.
- Register a new, random phone number.
- Do not pay for your iPhone with your credit or debit card.
- Never pay service charges with your credit or debit card.
- Never share the iPhone’s real phone number with anybody.
- Use only VoIP phone numbers for app registration (Signal).
- Never connect your iPhone to PCs in order to minimize infection and to minimize security certificate sharing.
- Only charge your iPhone directly from power or using a power-only USB cable.
- Always keep Wi-Fi disabled. Wi-Fi networks track hardware MAC addresses that get reported to centralized databases (Cisco Meraki, etc) for tracking and/or advertising purposes, and you do not want to disclose your physical location any more finitely to third party services via IP address.
- Always keep Bluetooth disabled.
- Always turn your iPhone off at night.
- Always turn your iPhone off when you are going to be away from the device.
- Always turn your iPhone off when passing through security screenings.
- Store your iPhone in a locked safe when leaving unattended.
- Do not bring your iPhone to events that have moderate-to-high risk of being confiscated, or at least keep your iPhone off at these events.
- Do not let others use your iPhone.
- Remove the microphone from your iPhone.
- Remove all cameras from your iPhone or keep the cameras covered with tape or stickers.
- When needing to carry the device but minimize surveillance, power off your iPhone and store it in a Faraday cage.
- Be aware that the NSA CO-TRAVELER program keeps track of your iPhones location and which devices your iPhone is ever in close proximity to.
- Never use your iPhone for Web browsing.
- Sign out of iCloud.
- Do not enable Siri.
- Use parental controls to disable Safari.
- Only install trusted apps (Signal) to minimize exposure to remote infection.
- Never sign into any cloud-based email-, calendar-, or contact-syncing accounts.
- Manually input contacts and keep contacts stored locally.