[DecoPerson]

The Flipper Zero is great, and could handle all of the hacking/investigation part by installing custom firmware.

The original product understandably arrives with heavily-restricted firmware (I imagine to reduce the amount of flak the company receives). However, it is incredibly easy to install Flipper Unleashed or similar, which removes all said restrictions and adds a lot of additional functionality.

Possessing the tools that could be used to commit a crime is not necessarily a crime in and of itself! Just be careful with what you do or, depending on what country you’re in, you might find some men in suits knocking at your door.

Personally, I wanted to replay “encrypted” 433MHz signals for my own devices (electric gate, roller door, roller shutters, …) and this was disabled with the Flipper’s region set to Australia.

[0xEF]

> Possessing the tools that could be used to commit a crime is not necessarily a crime in and of itself!

While I do agree 1000%, I also want people to be careful with this thinking since I have gotten in some minor trouble in the past. Always assume the authority questioning you can and will create whatever narrative they wish, that it will be accepted, and that your own reasoning will likely be used against you.

I will always encourage exploration and curiosity in tech, but if we stick with the Flipper Zero example, there's a few things one should keep in mind, regardless of the jurisdiction they're in:

* Don't carry it around unless you intend to use it.

* Read all documentation before you start practicing, then practice being subtle.

* Taking a note from my outdoorsy side, adopt the "leave no trace" ethos.

* Pay attention to the effect your presence and actions have on the environment and your target and how that might be interpreted by an outside observer, then take action to mitigate suspicion.

These apply to lots of devices, everything from your disposable smartphone to a cheap RFID card copier from Temu.

Our eagerness sometimes gets the best of us, especially new-comers, and we want to jump to the part where we can be like the hackers we see in tv and video games. There's a reason those guys are fictional characters. Innocuous actions or not, the perception of the authority questioning you is all that will matter, in the end.

[NoSalt]

> "Always assume the authority questioning you can and will create whatever narrative they wish, that it will be accepted, and that your own reasoning will likely be used against you."

And with that, I give you:

Don't Talk To the Police:

https://www.youtube.com/watch?v=d-7o9xYp7eE

[lucb1e]

Would really like GP's thoughts on this. Sounds like they were questioned but not indited, the thing which the cop in that video denies ever happened. It also depends on the country. Watching police shows in NL, everybody talks and it often really does matter what they say, e.g. for the police to believe whether that bicycle is theirs, or whether they get a contact prohibition to their ex (where someone has to make the decision whether their request is reasonable), etc.

Do heed what's mentioned in the video, it's mostly true I presume and probably doubly so for their country of origin, but also consider there exists a balance

[crtasm]

Or perhaps go for the opposite of subtle - in many places it's quite normal to see people in hi-vis vests taking readings etc.

[0xEF]

That's an excellent additional thing to consider and I'm a bit mad that I neglected it since I have accidentally been that guy.

My job requires me to wear hi-vis (as well as other PPE) and it is crazy how little security pays attention to me in some of the very-big-name plants I visit, often with a laptop bag full of flash drives and a bunch of other tools that allow me to get into the machines.

Early in this part of my career, I found myself in a very large plant for the first time, and my escort got pulled away on some other task (I now expect this to happen since it's such a common occurrence), leaving me to fix the machine I was working on. The place was the size of a small town, and I needed to use the restroom, but nobody was in the vicinity to ask, so I did my best to follow the floor markings and signs. Found it, but took a wrong turn coming back and found myself in a completely different area. Since I was new, I tried to find my way back without asking anyone I saw because I did not want to look stupid, but nobody stopped me, questioned me, etc.

Probably one of the best lessons in social engineering is looking like you're supposed to be there.

[aeturnum]

One should not practice these things in actual high security areas, but it can be fun to simply walk around a strange place with a look of purpose and velocity. Not making eye contact, perhaps on a phone. As long as you won't get in trouble it's easy to practice the body language of belonging and that skill can be really useful even if you are not trying to use it for malicious purposes (i.e. if you are actually supposed to be there, the best thing for everyone is you look the part and don't cause more worry than required).

[johnwalkr]

I used to do contracted engineering and maintenance work in railyards, and in each facility would obtain (always with permission from my recollection) a well-worn supervisor vest and hard hat. They are usually color-coded.

[butlike]

The 'shade curve' as I call it, where one reaches a point where their actions could be considered so shady, it's automatically assumed it couldn't possibly be them.

Smoking pot in a dark parking lot with friends at night gives more cover, but smoking pot walking down your city's main street in the middle of the day gives you the cover of just smoking an innocuous "rollie," like any other person could be.

[JoshTriplett]

It's hard for anyone with a nose to mistake one for the other.

(The underlying point is completely valid, though. Audacity is a powerful thing.)