What do you want advice about?
Services to use
I live in Russia and can’t leave at the moment. I want to be private, but this is becoming increasingly hard. Cake Pay, LocalMonero and Tor are blocked in Russia. Crypto is illegal. VPN will also soon be blocked. Proton, Tutanota, Skiff and all email providers on techlore’s website are blocked. How can I circumvent this? (tor bridges don’t help)
this discussion may help:
Tor should still be accessible in Russia via the right bridges (tested fairly recently). Based on advice from the Tor project directly, Meek-azure or Snowflake bridges are likely to work most reliably, with Obfs4 being sometimes blocked by the Russian state.
Additionally the Tor project has mentioned providing bridges to users via Telegram if the above ones do not work. These bridges are “more private”, in the sense that they are not on a public list and thus harder to block.
Every private service that is blocked can still be accessed if you have the means to bypass censorship. Use tools that would take down the whole internet with them if they were to get blocked, like proxy servers with DPI-resistant protocols or peer-to peer networks like CENO Browser or Newnode VPN.
Search for different guides and tools on habr.com and 4pda.to They’re in russian so they’re easily accessible to you and you’re likely to find plenty.
And yeah, if default Tor bridges don’t work try getting private ones in Telegram or send any email via Gmail to this email address. Try meek-azure option too, it’s said to sometimes work even in China.
About crypto, i believe you can still get cryptocurrencies on decentralized exchanges like Bisq. Or you could hook up with someone on LocalMonero and pay with cash. So what if it’s blocked? If you can set up some obfuscated proxy and launch Tor browser it shouldn’t be a problem.
But don’t forget all the measures you should take to make acquiring crypto safe and anonymous.
Check out this post for some advice on how to set up obfuscated and censorship resistant proxy.
Like others mentioned, TOR can be used through the right bridges. If you can, try installing Whonix in a VM (Oracle VirtualBox is more than enough). You can not only use the TOR Browser but also route a variety of services through the TOR network. If you instead want to use a TOR-based OS without leaving a trace, install Tails OS in a flash drive and boot it whenever needed.
For emails, you could try and use PGP for any emails you send via the clearnet. Of course, it’s pointless if others won’t use it. Try using messaging apps like Signal, Session, SimpleX Chat, Briar, or even Element. Get others to do the same so that you can stay in contact with them.
The TOR Project does have various contact options:
On mobile (Android for sure, not sure about iOS) there are VPNs called RiseUpVPN and CalyxVPN. Both are open source based on the Bitmask protocol. You can set both to connect via Snowflake proxy to avoid censorship and blockage. Free, no account required. Would like someone here to verify this.
ProtonVPN has a ‘stealth’ mode/protocol that may have some effect depending on how VPNs are being blocked.
Some basics to consider to avoid malware: Adblocking, disabling Javascript in browsers, and set your browsers to HTTPS only modes. For messaging apps turn off auto downloading of attachments/images and link previews. Both have been used for zero-click attack vectors.
Also if you are using an iOS or MacOS devices please consider enabling Lockdown Mode. All other privacy efforts are moot if your devices are compromised. If on Android, consider a privacy focused ROM that may provide similar levels of protection to Lockdown Mode.
Please be careful and avoid doing anything explicitly illegal. The Russian governments surveillance is as aggressive as its punishments are harsh.
This reply is not another suggestion to bypass censorship, but rather another way to augment your threat model.
Keep in mind that if you use the services mentioned above to bypass censorship, you are at risk of being caught by the authorities.
The following measures reduce the chance that your data will be accessed by the authorities even if they have physical access to your devices!!!
Use full-disk encryption on all your devices. Use Veracrypt on windows. Android and Apple devices should be encrypted by default.
Install Linux on desktop if that’s possible. It is safer and more private than windows but most importantly, you can easily setup full-disk encryption
Setup a panic button that you or another trusted person can use to wipe your device/hide important apps. Good panic apps will have a remote-wipe feature where you can text a keyword to your device and it will trigger the wipe. I suggest Wasted on F-Droid
Combine this with often making encrypted backups of your files and devices through a cloud or with physical storage (like USBs).
Use strong passwords that cannot be easily cracked
Use MFA on all accounts that support it. I suggest installing a TOTP app like Aegis as a physical key like YubiKey might get seized
Consider getting Graphene OS on mobile because of their strong resistance to brute-force attacks and hardened privacy features
Enable auto-reboot of your devices at a certain time of day (I personally schedule my reboot in the middle of the night when I am not using my devices)
Clear your cookies and data of your browser after every use. Mullvad, TOR and Librewolf do this by default but you can also configure Brave do to so as well
If you have physical copies of your passwords, make sure that they are well-hidden
Disable biometrics on all devices
This is not a full list but it’s a good start. Make your own research to find what’s best for you.
Stay safe out there!
The Windows app does not support the ‘Stealth’ protocol as of yet, but ProtonVPN is supposed to be good against censorship even with other protocols, so you can try and see. Do be cautious about anything you do.
For browsers, you can set any Firefox based browser to never save data. Check out some hardening guides to reduce fingerprinting etc. My suggestions would be to enable privacy.resistFingerprinting, privacy.resistFingerprinting.letterboxing, and may be one or 2 others depending on your threat model. Of course, Librewolf comes with the optimal settings pre-enabled so it’s a solid choice.
For Android, if you have no way of using a custom OS, here are some tips:
Use adb to disable bloatware and tracking apps
Install an app like Orbot (with or without the RethinkDNS app) or InviziblePro so that you can use TOR for almost all your apps.
Use as many FOSS alternative apps as possible
Using a good firewall app (RethinkDNS and InviziblePro can do this) block connections for apps you don’t want to have access to the internet/make outside connections.
Use a strong password.
