Organizing peaceful assemblies requires communication infrastructure that protects participant identities from surveillance, device seizure, and network interception. A properly configured burner device—a secondary phone or tablet used only for sensitive activities—forms the foundation of operational security for protest coordination. This guide covers the technical implementation from hardware selection through secure disposal, with code examples for automation where applicable.

Hardware Selection and Initial Acquisition

The goal is hardware with no personal data linkage. Purchase devices with cash from physical retail locations rather than online. Avoid devices tied to your identity through carrier accounts. Recommended options include:

• Budget Android devices (under $50): Easily replaced, sufficient for basic communication apps
• Older flagship phones: More capable hardware, still affordable when purchased used
• Prepaid flip phones: Maximum simplicity for SMS-based coordination

Do not use your primary device for protest-related communication. The security of your entire operation depends on maintaining strict separation between personal and operational identities.

Operating System Hardening

After acquiring the device, perform a factory reset before first use. Install a privacy-focused custom ROM or use the stock OS with extensive hardening. GrapheneOS and CalyxOS are the leading choices for Android devices—both remove Google dependencies and implement aggressive security defaults.

Initial Device Setup

When setting up the device:

1. Skip all account creation prompts
2. Disable WiFi and Bluetooth during setup
3. Use a local-only account (no Google, no cloud sync)
4. Disable location services at the system level

Network Isolation

Burner devices should never connect to networks associated with your primary identity. Use a dedicated mobile hotspot or public WiFi with a VPN. Configure firewall rules to block non-essential network traffic:

# Android iptables rules (requires root)
# Block all incoming connections
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow only necessary outgoing traffic
iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT

For automated VPN connection management, create a script that activates on boot:

#!/system/bin/sh
# /system/bin/vpn-autoconnect.sh
while true; do
    if ! ifconfig tun0 &>/dev/null; then
        am start -n com.windscribe.vpn/.ui.SplashScreenActivity
        sleep 10
    fi
    sleep 30
done

Communication Stack Selection

Choose communication tools based on threat model. For protest coordination, prioritize:

• End-to-end encryption (E2EE) by default
• No phone number linkage where possible
• Disappearing messages with configurable timers
• Group management that doesn’t expose member phone numbers

Recommended Tools

Signal remains the gold standard for encrypted communication. Configure it with a burner phone number and enable all privacy settings:

# Signal registration via command line (requires signal-cli)
# Install: brew install asukiaaa/tap/signal-cli

signal-cli -u +1555EXAMPLE register
signal-cli -u +1555EXAMPLE verify VERIFICATION_CODE

# Send encrypted message
signal-cli -u +1555EXAMPLE send -m "Meeting at 5pm, bring supplies" +1555TARGET

Briar offers mesh networking capability—devices can communicate directly via Bluetooth or WiFi without internet connectivity. This is valuable when internet access is unreliable or blocked.

Session provides no-phone-number messaging using a decentralized onion-routing network. Useful when phone number acquisition itself creates risk.

Configuration Checklist

Before deployment, verify these settings in Signal:

• Enable disappearing messages (set to 24 hours or less)
• Disable link previews (prevents metadata leakage)
• Enable screen lock with short timeout
• Disable notification content (prevents message preview on lock screen)
• Use Screen security (blocks screenshots)

Application and Permission Audit

Every installed app is a potential attack vector. Install only what is strictly necessary. Audit permissions aggressively:

# List all permissions for installed packages
adb shell pm list permissions -d -g

# Revoke specific dangerous permissions
adb shell pm revoke com.signal.android android.permission.CAMERA
adb shell pm revoke com.signal.android android.permission.RECORD_AUDIO

Create an app audit script to run weekly:

#!/bin/bash
# permission-audit.sh

echo "=== Permission Audit ==="
echo "Apps with camera access:"
adb shell dumpsys package | grep -A 5 "android.permission.CAMERA" | grep "pkg="

echo ""
echo "Apps with location access:"
adb shell dumpsys package | grep -A 5 "android.permission.ACCESS_FINE_LOCATION" | grep "pkg="

Remove any app that requests unnecessary permissions. A messaging app should need: network access, storage (for attachments), and notifications. Nothing else.

Data Hygiene and Operational Security

During active operations, maintain strict data hygiene:

Separate SIM cards: Use a dedicated SIM for the burner, purchased with cash. Remove it when not in active use. Store it separately from the device.

Minimal storage: Store no contact lists locally—memorize critical numbers or keep them on paper in a secure location. Never store meeting locations in message history.

Regular wipes: Configure automatic data expiration. Signal’s disappearing messages handle this for communications. For local files:

# Secure file deletion script
secure_wipe() {
    local file="$1"
    # Overwrite with random data 3 times
    for i in 1 2 3; do
        dd if=/dev/urandom of="$file" bs=1024 count=$(($(stat -f%z "$file") / 1024))
    done
    rm -f "$file"
}

Device Seizure Response

Prepare for the possibility of device seizure. The goal is to maximize time before device unlock and minimize exposed data.

Screen lock: Use a strong PIN (6+ digits) rather than biometric unlock. Biometric authentication can be compelled; PINs have protection against self-incrimination in some jurisdictions.

Secondary PIN: Many Android devices support a separate PIN for “guest mode” or work profile. Set this up with a different PIN that unlocks a limited shell with decoy data:

# Create limited user profile (Android 5.0+)
adb shell pm create-user --profileOf 0 --managed DecoyProfile

Auto-wipe: Configure your device to wipe after failed unlock attempts. On stock Android: Settings → Security → Strong → Auto-wipe after 15 failed attempts.

Faraday cage: Store the device in a Faraday pouch when not in use. This blocks all cellular, WiFi, and Bluetooth signals, preventing remote wipe or data extraction.

Secure Disposal

When a burner device’s operational life ends:

1. Remove and destroy the SIM card physically
2. Perform factory reset with “secure erase” (writes over all storage)
3. For devices with encrypted storage, the encryption key should be destroyed, making data unrecoverable
4. Physical destruction: drill through the storage chip or crush the device

# Verify full storage encryption is enabled before disposal
# Check encryption status
adb shell dumpsys diskstats | grep "Encrypted"

Related Articles

• How to Set Up a Burner Phone for Protests
• How To Set Up Encrypted Group Chat For Activist Organization
• How to Set Up Encrypted DNS-over-HTTPS (DoH) on All Devices
• Set Up VLAN Isolation for IoT Devices on Home Network 2026
• Threat Model For Protest Medic Protecting Patient Encounter

Built by theluckystrike — More at zovo.one