Ask HN: My country is undergoing a coup, which encryption software should I use?

83 points by botencat 2 years ago | 51 comments

My country (Israel) is going through a coup d'état, which would result in a regime that can use surveillance without going through the courts.

Israel has one the most advanced surveillance capabilities, that has long been used to target other peoples and nations, but as far as is known, not its own people. This might now change.

I am trying to prepare in advance with encryption software, and optimally a way to communicate if traditional networks go down. Unfortunately other nations have gone through similar situations recently, so I'm wondering if there's a known guideline for these situations.

toast0 2 years ago |

A lot of this depends on your threat model and how much of a target you think you are.

If you are worried about your safety, it's better to leave than figure out workarounds. And it's likely easier to get out before things get bad; consider going on an international vacation --- if things look fine, enjoy your trip and go back; if not, figure out what comes next from there.

If you aren't really worried about your safety, but just want to avoid getting hassled about communications and don't want to lose communications with the outside world... Definitely do encrypted messenger stuff. But also, try to set up alternate communications. Even though they're not hard to block, many government shutdowns don't block fixed line internet service, land line telephones, or international voice calling. If you can setup a dial-up internet account with an ISP in another country, you may be able to use that from your landline even if internet via domestic ISPs is all shut down. Of course, if the regime is interested, your telephone company would have records of the calls (at least destination and length) and that might get you put on a list.

But also note, if most of your contacts are local, and local communications are disrupted; having access to international communications doesn't help you communicate with your contacts, unless they've done the same thing and the more people who have set it up, the more likely it is to be noticed.

farseer 2 years ago |

State overreach and surveillance is a global trend. Don't mind me saying this: As a Jewish citizen with fair skin, a dual passport you would probably do fine, unless you are an Arab...

Even under the most tyrannical regimes such as Iran, Myanmar, Russia, China etc. The elite are rarely targeted by the state apparatus. If you are a majority ethnic group with family links in the military, bureaucracy, big business politics etc. You are mostly safe. If not, well encryption is not going to save you. Take your family and run.

tianqi 2 years ago | |

I'm afraid I don't agree with this. In China's Cultural Revolution(1966-1976), the elite were the prime target of persecution. They included the intellectual class, the rich, and even political leaders. Millions of elites committed suicide or were persecuted to death during this movement, including even the 2nd president of the country.

local_issues 2 years ago | | |

That many want to do this again is absolutely insane to me.

I see so much support for Mao BECAUSE of his murder of landlords and business owners, not DESPITE of his atrocities

appplication 2 years ago | | |

Same with the Khmer Rouge in Cambodia. Famously targeted journalists, doctors, lawyers, scientists, academics, business leaders, etc.

gtirloni 2 years ago | |

> Take your family and run.

Pretty much my advice when some friends started to discuss having guns at home.

If I ever find myself in a situation where I need a gun (because of gang violence, robbery, etc), I'll move neighborhood->city->state->country as needed.

It's less critical (IMHO), when it comes to state surveillance (your privacy is jeopardized but your physical security may or may not be, it depends) but I'd apply the same approach.

bagacrap 2 years ago | |

> trend

Overreach is a trend? So it will be passe eventually?

> global [...] run

To where, Mars?

(Thought I would complement your utterly unhelpful comment with one of my own.)

boeingUH60 2 years ago |

Coup d'état - an illegal and overt attempt by the military or other government elites to unseat the incumbent leader.

How about not exaggerating first. I had to run to Google to see if Israel was actually having a coup, lol. A coup is not something I'll even wish on my worst enemy.

botencat 2 years ago | |

Not all coups are violent/military.

Today Israel's extreme government passed the first laws of the judicial overhaul bringing Israel closer to an autocracy, where there is only one power, the government, with unbalanced and unchecked power.

rabidonrails 2 years ago | | |

The definition of a coup would include either a show of force or an illegal action. Neither of those is happening here.

[1]https://www.google.com/search?q=define+coup+d%27etat [2]https://en.wikipedia.org/wiki/Coup_d%27%C3%A9tat [3]https://www.merriam-webster.com/dictionary/coup%20d%27etat

toss1 2 years ago | |

Yes, that is a good definition of a coup. Notice that it does not require bloodshed or boots on the ground.

In a self-determining society or democracy all institutions are largely independent; this includes both the institutions of government such as the Executive, Judiciary, and Legislature, as well as the institutions of civil society including the press, academia, industry, education, religion sport, etc. In an autocracy, these institutions are bent to the will of the executive.

When a group in a democracy takes actions to corrupt or co-opt the independence of the institutions, it doesn't matter whether or not violence is involved; it is legitimately a coup, especially as far as practical results are concerned for those newly under autocratic rule.

You are quibbling about dictionary minutiae and ignoring the very real threat posed to OP, and his request for help.

ecshafer 2 years ago |

Is there an actual coup going on? I can't find any articles on this.

alephnerd 2 years ago | |

There isn't a coup.

A controversial judiciary bill that was spearheaded by Netenyahu just passed in Israel despite massive opposition to it.

Also, to OP - nothing will work if Israeli ISPs and the Govt actually wanted to implement internal surveillance (which they in fact do in some limited manner).

That said, I doubt such a situation would arise.

ajmurmann 2 years ago | |

It's probably about the vote to limit supreme court powers: https://www.reuters.com/world/middle-east/israels-netanyahu-...

local_issues 2 years ago | |

No, OP just disagrees with the vote on the judiciary.

A coup is nothing like this.

weard_beard 2 years ago | |

My understanding is there is legislation being enacted which strips power from elected or appointed groups and places that power with the executive.

A soft coup through “patriot act” style legislation

nceqs3 2 years ago | | |

>My understanding is there is legislation being enacted which strips power from elected or appointed groups and places that power with the executive.

Who elected the Supreme Court in Israel? Nobody. The power will now lie in the hands of the legislature, which is the definition of democracy.

kotaKat 2 years ago | |

As close to it as you can get.

https://www.bbc.com/news/world-middle-east-66258416

charlysl 2 years ago | |

Here is one article from today's Financial Times by famous Israeli author Harari, "Israeli democracy is fighting for its life" [1]

[1] https://archive.ph/8RK3M

gsatic 2 years ago |

The thing is their tools are totally useless if traditional networks go down. And the prob with surveillance, in the age of the info tsunami, is not having enough people to go break down doors. There is no use if the dumb tool is flagging 20000 posts a minute and you have 1 poor jackass staring at the flood trying to work out who to pick on.

That's why however great their tools are they seem totally incapable of Controlling the protests.

rabidonrails 2 years ago |

Let's level set here a bit. There is no coup d'etat. Here's the definition of a coup: _a sudden, violent, and unlawful seizure of power from a government_ that is not what's happening here on either side.

Instead here's a quick review of what's happening. Currently the Israeli supreme court can strike down laws based on what they deem "reasonability." As you might guess, this is a pretty strong power for the court to hold because it's subjective. The new legislation would remove much of this power.

Those for this change argue that this is a good move because elected officials should be working for the people that they represent, not a court that gets to unilaterally make decisions.

The opposition argues that this power being handed to the elected officials without the oversight of the court's reasonability power and thus might allow bad actors to take additional control and do things that don't represent a substantial, but minority, population.

I'm not arguing for either side, but calling this a coup is wrong.

lock-the-spock 2 years ago | |

Many countries have similar veto powers for their courts. The exact reasoning of course is different.

But no one elected official working for the court in israel. There is an important difference between a court able to block something and being able to do own legislation (as it does often in the US). The Israeli court was never able to do legislation, only to block the government from going too far in any new direction.

ctrlp 2 years ago | | |

Does it not amount to the same thing? Striking down laws (blocking) and finding interpretations that become precedent (making) seem like two sides of the same coin.

bjourne 2 years ago | |

German socialists also described Hitlers rise to power as a "coup" or implied that he "seized" the chancellorship unlawfully. It was too painful for them to admit that so many of their countrymen supported Fascism and that he won a democratic election. I'd imagine botencat is in a very similar situation.

Remember Trump's "Muslim ban"? The US courts declared the law unconstitutional and prevented its implementation. The judicial reform would make it de facto impossible for the Israeli supreme court to strike down whatever crazy stuff the right-wing extremist government comes up with. Death penalty for stone throwers? No problem.

sdfzguf 2 years ago |

Technical subreddits often have up to date wiki entries.

- https://old.reddit.com/r/PrivacyGuides/

- https://old.reddit.com/r/privacy/

You can also look here:

- https://www.privacyguides.org/

All of this can only be seen as a starting point. The provided links will not give a thoroughly picture. Look further.

nivertech 2 years ago |

What you're mistakenly referring to as a "coup d'état" is actually an effort to prevent the use of Pegasus on innocent citizens by the judiciary, law enforcement, and the State Attorney General, who were appointed by previous governments.

There have been more than a thousand of unlawful Pegasus cases so far (tens or hundreds of thousands if you count text messages from other people on contact lists and WhatsApp group messages). It's possible that almost every smartphone user in Israel was affected in some way.

Some were even against the acting Prime Minister.

So, yes, you do need to protect your privacy, but for entirely diff. reasons. The only sure way to achieve this is by going off-the-grid.

Israel's Law Committee has approved a judge-led probe into the NSO Pegasus spyware.

https://www.jpost.com/israel-news/article-746164

thrawa8387336 2 years ago |

PGP but realistically just talk in person.

paulryanrogers 2 years ago | |

Or GPG, or Veracrypt (hidden volume)

Though I agree it's best to speak IRL. Ideally away from voice activated, smart devices

cookiengineer 2 years ago |

Use briar [1] for online+offline end-to-end encrypted messaging. Use LineageOS [2] without gapps (aka without Google Play Services) and get a device that is officially supported with current LineageOS version. Don't use any XDA developer builds, because they're known to be infected with malware.

Obviously don't use Meta or Google apps, because that's where the backdoors are for governments. Don't use WhatsApp, don't use Telegram, don't use Threema. They're compromised.

Use AppWarden [3] to enable/disable/verify the usage of known trackers in your apps.

Use NetGuard [4] as an Android firewall.

Use F-Droid [5] and Fennec builds [6], with uBlock Origin to protect your smartphone from malvertisements.

Never synchronize your contacts, block contacts access for all Apps; and make sure you don't use their real names. Contacts stored on or accessed by SIM cards (e.g. call history) can be downloaded via Class 0 SMS, remotely.

If possible, I'd avoid MediaTek based SoCs because their rootkit was leaked a couple years ago and it works still on newer chipsets. I would recommend an "as open source as possible" device, like the Google Pixel devices or the Fairphones.

On your Desktop or Laptop machines you should switch to a Linux distro of your choice. The most reasonable secure ones are Arch (not beginner friendly), Manjaro, OpenSUSE - or as a beginner friendly alternative - LinuxMint.

Would advise against Debian/Ubuntu though for security reasons (which would include LinuxMint).

The Arch maintainers (and therefore Manjaro, too) heavily reduced the attack surface of SUID binaries or LOL binaries that could be abused for privilege escalations and/or remote exploits/persistence etc. [7]

[1] https://briarproject.org/

[2] https://wiki.lineageos.org/devices

[3] https://gitlab.com/AuroraOSS/AppWarden

[4] https://netguard.me

[5] https://f-droid.org/

[6] https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/

[7] https://gtfobins.github.io/

edit: clarification of LinuxMint

grayhatter 2 years ago |

Encryption is impossible* after the fact. The most important thing you could do today is read! Learn as much as you can. figure out the basics of both operational security, and bootstraping encryption. Then, and here's the important part, share everything you've learned as widely as you possibly can, write guides, write tutorials, make videos. All of information you need is available, but if the people you want to communicate with don't know it, or don't have access to it. It doesn't help either of you.

refulgentis 2 years ago | |

Thank you this is wise: is there anything more specific than that you could offer?

After double-checking, OP didn't ask to encrypt things from the past, and "read and share" isn't quite going to help get someone started, sort of becomes a catch-22 at that point. I really hope there's some info to offer people who don't have tech experience. It'd be a lot to ask to acquire a tech background then a security-specific one, especially if all we can say is "read"

grayhatter 2 years ago | |

Impossible but only for some definitions of the word. Put more simply it's much much easier to have it *before* you need it.

throwawayadvsec 2 years ago |

Israel will hack your devices, Mossad could come into your home when you're not there, encryption is kind of useless if you're actually targeted.

PGP and Luks could get you tortured.

Leave this hellhole or do nothing "incriminating".

froster 2 years ago |

Peer-to-peer Bluetooth messaging

https://usehyperlocal.com

dewey 2 years ago | |

This only says "Join waitlist" and "coming soon". Not exactly helpful.