2w ago

Hypothetically, your government manages to ban all encrypted communication apps, what is your gameplan now?

63 comments

I ignore the ban and continue using my applications which are all open source.
- Same here, good luck implementing that ban
- i’ve read that many apps can be not just banned but blocked. now i don’t have a source at hand but i heard that russia blocks not just signal but also matrix, meaning that it doesn’t necessarily matter whether the app is open source. similarly i’ve read that deep packet inspection can block things like sslvpn and wireguard.
  still, blocking delta chat is really quite difficult, as russia has noticed and got angry about, so there should probably still be a way unless the country also blocks all email communication
  
  They can block Signal because it is centralized. Signal knows this and built proxies into the app for this purpose.
  Similarly they can block the main matrix.org server but since it's decentralized you can still use any of the thousands of servers they may not even know exists.
  
  Russia's long term plan seems to be blocking Western networks and force the bulk of domestic users to the Max messenger, which implements inspectability a la ChatControl. Apropos: https://fightchatcontrol.eu/
  
  They block the ip addresses for the server components of those applications. easily circumvented with a proxy outside of russia. most these communication apps have such proxy support builtin.
  The only way 'apps' can be banned is if they cut of the internet. soon as you have a data pipe from one end to another you can encrypt whatever you send.
  This is why i2p and p2p protocols are so important it makes it infinitely harder to control / ban. you end up having to have a directional whitelist (i.e. you need to only allow outgoing connections from home devices to a specific set of ip), and even then once thats in place..... if any of those things allow communication we can push data through them.
  
  You can tunnel through the Great Chinese Firewall fine, if you know what you're doing.
- Can we switch over android to open source operating system easily?
  What about windows on laptops?
  
  I don't know what you mean, e.g. GrapheneOS and AOSP based ROMs are all open source. Linux (or *BSD) on mobile devices is also an option.

Probably find ways to buy all the advertising profile data I can, sort through it until I find some related to the fools that voted for that, and give it to spammers.
The people that make these laws often have zero idea how anything works beyond "the lobbyist said do this, so I do this." So they should be educated about their poor decisions.

Manual encryption.
I have a few tools in backup and installed on my devices in case that happens.

The government banned pirating media. That hasn't exactly stopped the tech savvy from doing it anyway.
- hasn't even stopped the non-tech savvy lmao

It would ultimately have similar effects as when most governments banned The Pirate Bay: it stifled grandma from accessing it, but anyone who has any will to do so, or small amount of technical skill will bypass the ban.

To do whatever it takes - I certainly will not comply. No, I don't care that makes me a criminal. If somebody made it legally mandatory to eat babies, I wouldn't do that either.
- I have a modest proposal for you...
  
  No, not even if they're poor babies. It's just not palatable.

Get all my money out of the bank in physical and keep living. Since encryption is dead, internet commerce is dead and keeping any sort of money in digital is now unsecured.
- That would be really funny if a bunch of other people realized it at the same time
  
  Oh yeah I was looking from the sidelines back when something like that happened in Argentina with the banks trying to freeze draw-outs. Fun times.

Would switch to self-hosted matrix and persuade as many family members and friends to do the same, using my server if they want.

There are plenty of free and open source pgp tools out there. Nothing is stopping you from encrypting your own text and pasting it into messaging apps. Even if you dont trust some tool from the internet, sha2 isnt that hard to understand or implement with a bit of motivation

Use them illegally.

Stop talking to people altogether. It's not like my mental health can get much worse anyway.

Probably best investment now would be a ton of thumb drives. Thumbernet will be big.
- We used to call that the "Sneaker Network"
- I prefer SMARTernet.
  
  That was a wild URL preview…

Well, we'd be back to the 80s and I'd ask my parents about life back then. Online banking would cease to exist and I have to go to the bank teller's window to get or transfer money, also shops probably fall back to cash only. I'd need to open and start my car with a key unless that kind of cryptography is still okay and it's just phones... I'd plug my laptop and smartphone in with a network cable becase I'd be afraid the neighbours commit crimes with my Wifi... My employer might want to resort to paper instead of computers because there isn't any authentication for the company's data... I could cancel my Netflix and Spotify subscriptions because they'd either cease to exist, or I could just watch them without paying. I'd talk to my wife in the evening instead of arrange stuff via an instant messenger... I guess all of that is doable. People did it that way a while ago. It just needs restructuring of the entire economy, society and our lifes would lack most of the modern convenience. (And if it's just phones and every other cryptography is fine, I'd just get rid of the thing and use my laptop or whatever is still allowed for everything.)
And since the question was about the gameplan... First thing, I'd invest all my money into copper and fibre optic companies immediately, because people will need to install A LOT of additional, direct cables between things.

Flood all communication channels with constant AI bullshit.

Nice try!

Keep... using it? How are they going to enforce this?
Worst case scenario, and they somehow manage to remove access to every encrypted chat application in every store (including f-droid) and every repos of every distribution everywhere; and shut down every server in my country; and get telecoms to block every port of every secure chat client; I've got VPSes outside my country, and VPN configured. I'd probably build my own encrypted chat - centralized server hosted on my VPS - with PK E2E encryption.
For a big, public chat app, the bar is higher. For my family and friends, something I hacked together would be good enough. As long as encryption is done in the client, hiding metadata (who's talking to who) isn't important for my use (we're all family & friends). Chat is the most trivial of applications to build; it only starts getting complex when you want it to be serverless, or anonymous, or have PFS. Securing popular servers (attractive targets) makes things harder; being popular makes things harder.

I'll show them mine if they show me theirs. On a serious note, encryption is just complicated math added on top of ones and zeroes. They can't really ban that, it'll only make people all the more educated in circumventing such bans and then they're fighting an encryption hydra, becoming stronger with each iteration.

Briar. No servers to block.

Start speaking a dead language. Or just use genz language. Can you skibidi that for me?
- Ah, here we have the sigma rizzler, frfr no cap.
  
  I am old and have no idea what tf you just said. We need to just use Gen Z as live encryption devices. They could make a whole industry out of it and be like those "windtalkers" (was that the name?) from WW2.

Buy 2 copies of the same book. Provide the second party a copy of the book and the cypher order(ex. First number page, second number paragraph, third number word or letter).
Alice and Bob and Eve and Trent and Mallory.

Matrix, I would use only matrix anymore, and if they kill e2e in Matrix, I use a fork that has it not killed.

I have the knowledge to get around their bullshit and do it the hard way.

Ok, let's roll with it. Gov manages to ban all encrypted communication, The only logical conclusion would be that all communication has been banned, since you can always easily agree with your correspondant about an encryption. No communication means, no telephone, no mails, no internet, no speaking, no sign language, I guess paper is banned too, no pencil, no way to write anything...
Hmm, I guess the gov managed to get us back to living in cave then, and managed to erase everybody's memory of technology too.
My gameplan is then the following, get a big stick to defend my cave with my local community, growing food, chill and enjoy life until I die from a disease.

Quit smartphones. Use only air gapped computer, (hoping govt or biz does not send signal to trigger kill switches they are known to have in them.)
I did not have a cell phone for most of my life and I think I was happier without it. Internet was great but the enshitification makes it less and less useful.
At a minimum I want to switch to open source on computers and phone. Maybe the NSA types can still see everything you are doing, but one might be able to prevent the data brokers from getting it, which allows anybody willing to pay for tranches of it to know everything you have done, and that includes every single government agency which buys that data now.
One might think since you weren't doing anything wrong you have nothing to fear, this information is inherently harmful in the hands of these interests in ways that are not readily apparent. Such as micro targeting on Facebook and such.

pgp pigeon mail

many people in the comments say that they’d keep using the banned apps, which is a fair thing to say since we said that they’re banned not blocked.
however, i would a assume that banned encryption eventually means blocked encryption. as is the case in russia where matrix and simpleX are blocked too https://merlinux.eu/press/2025-05-14-russia-deltachat.pdf
now, blocked servers can be accessed via vpn as many people pointed out, but a government that really wants to crack down on encryption would use deep packet inspection like the uae. this allows detection and blocking of vpns too, as long as they’re well known enough, just like with the encrypted chat servers. so, vanilla wireguard may be blocked, but the latest obfuscated wireguard mod may not.
with all that in mind, encrypted communication would probably be a constant cat and mouse game, unless everyone built their own very tiny encrypted communication. if the variety was large enough, it would probably be too resource intensive to block it all, but it would also be very resource intensive for everyone trying communicate. also, not everyone is a programmer, capable of creating their own encrypted messaging.
i’d be really curious what people would do unter the described, very restricted circumstances that partially exist in some places of the world. i don’t really have an answer yet.
- The only reason the UAE and other nations you're referring to have success in their ban campaigns is because they have steep consequences for breaking the law by bypassing government restrictions - that is, assuming you're just some random citizen and not a connected Sheik or family member or political/church leader. They have public whipping, amputation, and death by firing squad (UAE) / decapitation (Saudi Arabia) in the long list of draconian punishments available to their judiciary, and they are known for making examples of people.
  What makes you think the UAE uses deep packet inspection on their entire outbound Internet links? That would be very expensive computationally, latency-wise, and of course in hardware and power costs. More likely they just have a team that tracks commercial VPN services server IP addresses and adds them to a block-list. Much cheaper and 99% as effective.
  
  i thought i had read that, but i may well be wrong. might look it up later, but either way thanks a lot for the additional context. you’re very right

ML based semantic obfuscation. Without going too much into details, the idea is to use a seq2seq+VQ-VAE model to create embeddings, then modify those embeddings via a key (ideally in a way that preserves the latent distribution of the training set). The model is trained with cycle consistency, i.e. minimising the difference between the input embedding and output embedding. By knowing the key, the embedding from the encoded output can be converted back to the embedding for the original input, and the encoded text appears as clear-text as long as you stay within the distribution.

Saddle that sentence and ride it to work as it runs on and on.

Signal with proxy with all my contacts, no other way

63 comments