Ask HN: My country is undergoing a coup, which encryption software should I use?
My country (Israel) is going through a coup d'état, which would result in a regime that can use surveillance without going through the courts.
Israel has one the most advanced surveillance capabilities, that has long been used to target other peoples and nations, but as far as is known, not its own people. This might now change.
I am trying to prepare in advance with encryption software, and optimally a way to communicate if traditional networks go down. Unfortunately other nations have gone through similar situations recently, so I'm wondering if there's a known guideline for these situations.
53 comments
[ 3.7 ms ] story [ 108 ms ] thread- https://old.reddit.com/r/PrivacyGuides/
- https://old.reddit.com/r/privacy/
You can also look here:
- https://www.privacyguides.org/
All of this can only be seen as a starting point. The provided links will not give a thoroughly picture. Look further.
- https://www.eff.org/
- https://ssd.eff.org/
- https://www.wilderssecurity.com/
- https://wiki.archlinux.org/title/Security
- https://wiki.archlinux.org/title/Category:Security
[1] https://github.com/privacytools/privacytools.io
[2] https://www.reddit.com/user/BurungHantu
[3] https://github.com/privacytools/privacytools.io/commits?auth...
[4] https://github.com/jonaharagon
[5] https://github.com/privacytools/privacytools.io/commits?afte...
[6] https://github.com/privacytools/privacytools.io/commit/4b60a...
[7] https://redd.it/tuo7mm
[8] https://twitter.com/privacytoolsIO
[9] https://redd.it/pxtw2y
[10] https://www.reddit.com/r/VPNTorrents/comments/raftz6/i_made_...
[11] https://redd.it/qk7vn0
Edit: I didn't check if anything OP says is correct. Just asuming and following along ...
Even under the most tyrannical regimes such as Iran, Myanmar, Russia, China etc. The elite are rarely targeted by the state apparatus. If you are a majority ethnic group with family links in the military, bureaucracy, big business politics etc. You are mostly safe. If not, well encryption is not going to save you. Take your family and run.
Overreach is a trend? So it will be passe eventually?
> global [...] run
To where, Mars?
(Thought I would complement your utterly unhelpful comment with one of my own.)
Pretty much my advice when some friends started to discuss having guns at home.
If I ever find myself in a situation where I need a gun (because of gang violence, robbery, etc), I'll move neighborhood->city->state->country as needed.
It's less critical (IMHO), when it comes to state surveillance (your privacy is jeopardized but your physical security may or may not be, it depends) but I'd apply the same approach.
I see so much support for Mao BECAUSE of his murder of landlords and business owners, not DESPITE of his atrocities
Seriously though using the english word landlord is a gross simplification that elides generation on generation of pervasive horrors. It is very difficult for us to imagine how all-consuming and oppressive this environment was, it was much closer to european manorialism than the current property ownership relationship we call landlords.
Shit like getting an usurious grain loan from your landlord to survive the winter, than having to sell your children to repay it in the spring. Having your wife seized as collateral and enslaved by your landlord. This sort of thing was routine and pervasive, and it lasted hundreds of years. We're lucky to live in an era where we can easily imagine comprehensive change to the conditions of life. These people were not. If you make any effort to understand it it is quite easy to understand why it went the way it did.
A famous quote about another revolution often considered to have overstepped:
> “There were two “Reigns of Terror,” if we would but remember it and consider it; the one wrought murder in hot passion, the other in heartless cold blood; the one lasted mere months, the other had lasted a thousand years; the one inflicted death upon ten thousand persons, the other upon a hundred millions; but our shudders are all for the “horrors” of the minor Terror, the momentary Terror, so to speak; whereas, what is the horror of swift death by the axe, compared with lifelong death from hunger, cold, insult, cruelty, and heart-break? What is swift death by lightning compared with death by slow fire at the stake? A city cemetery could contain the coffins filled by that brief Terror which we have all been so diligently taught to shiver at and mourn over; but all France could hardly contain the coffins filled by that older and real Terror—that unspeakably bitter and awful Terror which none of us has been taught to see in its vastness or pity as it deserves.”
Kampuchea and|or Cambodia works.
https://usehyperlocal.com
That's why however great their tools are they seem totally incapable of Controlling the protests.
Though I agree it's best to speak IRL. Ideally away from voice activated, smart devices
https://www.bbc.com/news/world-middle-east-66258416
A controversial judiciary bill that was spearheaded by Netenyahu just passed in Israel despite massive opposition to it.
Also, to OP - nothing will work if Israeli ISPs and the Govt actually wanted to implement internal surveillance (which they in fact do in some limited manner).
That said, I doubt such a situation would arise.
A soft coup through “patriot act” style legislation
Who elected the Supreme Court in Israel? Nobody. The power will now lie in the hands of the legislature, which is the definition of democracy.
A coup is nothing like this.
[1] https://archive.ph/8RK3M
Obviously don't use Meta or Google apps, because that's where the backdoors are for governments. Don't use WhatsApp, don't use Telegram, don't use Threema. They're compromised.
Use AppWarden [3] to enable/disable/verify the usage of known trackers in your apps.
Use NetGuard [4] as an Android firewall.
Use F-Droid [5] and Fennec builds [6], with uBlock Origin to protect your smartphone from malvertisements.
Never synchronize your contacts, block contacts access for all Apps; and make sure you don't use their real names. Contacts stored on or accessed by SIM cards (e.g. call history) can be downloaded via Class 0 SMS, remotely.
If possible, I'd avoid MediaTek based SoCs because their rootkit was leaked a couple years ago and it works still on newer chipsets. I would recommend an "as open source as possible" device, like the Google Pixel devices or the Fairphones.
On your Desktop or Laptop machines you should switch to a Linux distro of your choice. The most reasonable secure ones are Arch (not beginner friendly), Manjaro, OpenSUSE - or as a beginner friendly alternative - LinuxMint.
Would advise against Debian/Ubuntu though for security reasons (which would include LinuxMint).
The Arch maintainers (and therefore Manjaro, too) heavily reduced the attack surface of SUID binaries or LOL binaries that could be abused for privilege escalations and/or remote exploits/persistence etc. [7]
[1] https://briarproject.org/
[2] https://wiki.lineageos.org/devices
[3] https://gitlab.com/AuroraOSS/AppWarden
[4] https://netguard.me
[5] https://f-droid.org/
[6] https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/
[7] https://gtfobins.github.io/
edit: clarification of LinuxMint
The issue terminology you want to look for is "diverged too much from upstream" or a bunch of different similar EOL or end-of-life or "end of life" tags that are not standardized in any security tracker's format. I'd argue that both security teams use a software that uses free-form textareas for setting the tags of the issues (e.g. closed, fixed, and other).
Accumulative word list that might be incomplete, to discover those kind of issues:
- "bug, not a security problem"
- "cannot reproduce"
- "eol"
- "end-of-life"
- "end of standard support"
- "end of esm support"
- "out of standard support"
- "reached end of life"
- "ignored"
- "changes too intrusive"
- "contains no code"
- "code is different"
- "code is very different"
- "code not built"
- "code not compiled"
- "code-not-compiled"
- "code not present"
- "code not-present"
- "code-not-present"
- "code not shipped"
- "not-in-code"
- "disputed"
- "fix would break"
- "intrusive"
- "not remotely exploitable"
- "was deferred"
- "was needed"
- "was pending"
- "no server code"
- "no update available"
- "no security impact"
- "not available"
- "not security vulnerability"
- "not supported"
- "not upstream fix"
- "ugly backport"
- "update not available"
- "upstream version is not redistributable"
- "removed from archive"
- "replaced by"
- "superseded"
- "superseded by"
- "too intrusive"
Source: Am building a scraper and vulnerability database that is cross-distro, and has different confidence factors for different linux distributions (for mentioned reasons). [4]
[1] https://www.debian.org/security/oval/oval-definitions-bullse...
[2] https://security-metadata.canonical.com/oval/com.ubuntu.jamm...
[3] https://salsa.debian.org/security-tracker-team/security-trac...
[4] https://github.com/tholian-network/vulnerabilities
Although, assuming worst case. I personally say, OpenBSD.
After double-checking, OP didn't ask to encrypt things from the past, and "read and share" isn't quite going to help get someone started, sort of becomes a catch-22 at that point. I really hope there's some info to offer people who don't have tech experience. It'd be a lot to ask to acquire a tech background then a security-specific one, especially if all we can say is "read"
Instead here's a quick review of what's happening. Currently the Israeli supreme court can strike down laws based on what they deem "reasonability." As you might guess, this is a pretty strong power for the court to hold because it's subjective. The new legislation would remove much of this power.
Those for this change argue that this is a good move because elected officials should be working for the people that they represent, not a court that gets to unilaterally make decisions.
The opposition argues that this power being handed to the elected officials without the oversight of the court's reasonability power and thus might allow bad actors to take additional control and do things that don't represent a substantial, but minority, population.
I'm not arguing for either side, but calling this a coup is wrong.
But no one elected official working for the court in israel. There is an important difference between a court able to block something and being able to do own legislation (as it does often in the US). The Israeli court was never able to do legislation, only to block the government from going too far in any new direction.
Remember Trump's "Muslim ban"? The US courts declared the law unconstitutional and prevented its implementation. The judicial reform would make it de facto impossible for the Israeli supreme court to strike down whatever crazy stuff the right-wing extremist government comes up with. Death penalty for stone throwers? No problem.
How about not exaggerating first. I had to run to Google to see if Israel was actually having a coup, lol. A coup is not something I'll even wish on my worst enemy.
Today Israel's extreme government passed the first laws of the judicial overhaul bringing Israel closer to an autocracy, where there is only one power, the government, with unbalanced and unchecked power.
[1]https://www.google.com/search?q=define+coup+d%27etat [2]https://en.wikipedia.org/wiki/Coup_d%27%C3%A9tat [3]https://www.merriam-webster.com/dictionary/coup%20d%27etat
In a self-determining society or democracy all institutions are largely independent; this includes both the institutions of government such as the Executive, Judiciary, and Legislature, as well as the institutions of civil society including the press, academia, industry, education, religion sport, etc. In an autocracy, these institutions are bent to the will of the executive.
When a group in a democracy takes actions to corrupt or co-opt the independence of the institutions, it doesn't matter whether or not violence is involved; it is legitimately a coup, especially as far as practical results are concerned for those newly under autocratic rule.
You are quibbling about dictionary minutiae and ignoring the very real threat posed to OP, and his request for help.
If you are worried about your safety, it's better to leave than figure out workarounds. And it's likely easier to get out before things get bad; consider going on an international vacation --- if things look fine, enjoy your trip and go back; if not, figure out what comes next from there.
If you aren't really worried about your safety, but just want to avoid getting hassled about communications and don't want to lose communications with the outside world... Definitely do encrypted messenger stuff. But also, try to set up alternate communications. Even though they're not hard to block, many government shutdowns don't block fixed line internet service, land line telephones, or international voice calling. If you can setup a dial-up internet account with an ISP in another country, you may be able to use that from your landline even if internet via domestic ISPs is all shut down. Of course, if the regime is interested, your telephone company would have records of the calls (at least destination and length) and that might get you put on a list.
But also note, if most of your contacts are local, and local communications are disrupted; having access to international communications doesn't help you communicate with your contacts, unless they've done the same thing and the more people who have set it up, the more likely it is to be noticed.
PGP and Luks could get you tortured.
Leave this hellhole or do nothing "incriminating".
There have been more than a thousand of unlawful Pegasus cases so far (tens or hundreds of thousands if you count text messages from other people on contact lists and WhatsApp group messages). It's possible that almost every smartphone user in Israel was affected in some way.
Some were even against the acting Prime Minister.
So, yes, you do need to protect your privacy, but for entirely diff. reasons. The only sure way to achieve this is by going off-the-grid.
--
Israel's Law Committee has approved a judge-led probe into the NSO Pegasus spyware.
https://www.jpost.com/israel-news/article-746164