HK government's LeaveHomeSafe app is a public health risk
Updated: Dec 1, 2021
In February 2021 the Hong Kong (HK) government, servants to the totalitarian Chinese Communist Party (CCP), admitted that its 'LeaveHomeSafe' app, developed - as a COVID tracer app - had only been able to assist in contact tracing fewer than 20 COVID cases.
WTPOHK has always suggested that the purpose of the LeaveHomeSafe app is for HK government to later install CCP China's 'social credit system' into HK. Because of CCP's unlawful coercion and punishment, this app is a serious threat to public health in HK.
Most HKers do not want to be spied on by CCP's China, so HKers do NOT want this app on their smartphones. This is a violation of HK peoples' UN fundamental human rights including data privacy under HK's Joint Declaration and the rule OF law.
Communist HK government has now upped their surveillance game of HKers by requiring this app to be mandatory for entry into all government buildings, restaurants, events, large public gatherings, etc.
In leading democratic countries most people accept some degree of 'invasion' of data privacy on the grounds that public health must be protected - the key is that these governments are, by and large, accountable because they are governed by the will of the people. The same can NOT be said for CCP's China nor for the HK government.
Everyone in communist HK must now learn how to protect their data privacy. CCP's surveillance across HK will become at least as invasive as in China - if not worse!
In this blog we are sharing some ideas that we hope will help law abiding HKers to at least maintain their data privacy during CCP's all out assault on human rights.
Data privacy is a case of your balance between 'convenience' and 'data privacy': i.e. the greater the data privacy the greater the inconvenience.
Rule 1: Go to the internet to research, practice and incorporate data privacy fully into every aspect of your life. This may be a case of life or death.
Rule 2: The CCP and HK government blindly believes its own propaganda that they have an obedient populace in HK. HK protesters are the majority of HKers and they support each other. Many places in HK you can visit without using the LeaveHomeSafe COVID tracing app - or you pretend to use your smartphone's COVID tracing app while staff ignore you.
If HKers want to leave-home-safe do NOT carry with you a smartphone or any other online digital device. Cover as much of your face and body, change how you walk and talk, stay away from mass gatherings for tracing and COVID health reasons, etc. Don't use social media - or use 'slim' read only apps such as SlimSocial for Twitter and SlimSocial for Facebook (see below).
Use your hardwired home phone number as your 'public' number that you give to government, businesses, etc. If you have a home hardwired telephone use old fashioned voice mail with a recording device on your phone: Call forwarding and voice messages can be traced through your phone company if you use their cloud services.
If you do not have a hardwired telephone at home then use a 'dumb' non-smart mobile phone with an unregistered SIM: e.g. the older small Nokia phones with only SMS messaging. Dumb mobile phones can still be tracked by the police but they can not be hacked. Use a non-smartphone as your 'public' phone number.
Rule 3: The most powerful surveillance tool that any government has is the citizen's own smartphones: Government's can hack your phone, turn it on, use cameras and microphones, apps and programs. [To counteract this perhaps use open source repository f-droid.org app 'Vigilante' which alerts you if someone is using your camera, microphone, etc.].
Have at least one secure 'private' and one 'public' smartphone. Ideally your 'private' phone the GPS, microphone and cameras are removed - or at least choose to use 'Vigilante' app. All Android and Google settings ought to be as secure as possible.
Before SIM registration is required in HK your 'public' phone can be a 'burner' (throwaway) phone with an unregistered SIM. Currently SIM's in HK can still be anonymous - i.e. unregistered. However, all HK SIM cards must be registered within the next six months or so. [Alternative, at a higher price, to registering your SIMs in HK is to purchase Google's Fi phone plan using an untraceable credit card issued outside HK].
If you only have one phone for 'private' and 'public use you can leverage the 'work profile' feature of Android to provide an isolated space that you can install or clone apps into. For example, using Google Play Store or open source repository f-droid.org download app 'Shelter' which has features:
Installing apps inside a work profile for isolation;
"Freeze" apps inside the work profile to prevent them from running or being woken up when you are not actively using them;
Installing two copies of the same app on the same device.
To be safe almost all apps in HK need to be installed inside Android's work profile - because nobody has any idea how much user data is being shared with CCP! At minimum these will be all CCP and HK government apps including MTR, RTHK, SCMP, Observatory, LeaveHomeSafe, e-Health, etc.
Stay away from data scrapers Facebook and their companies Instagram and WhatsApp.
Use the 'best' available messaging system used by most people - currently this is Signal Messaging system which stores your encrypted messages on your phone. Safest is to use 'Briar' as an anonymous messaging system, no phone number or identifying data is needed, and messages are encrypted on your phone.
Telegram, like WhatsApp, stores your messages in the cloud. Closely tied into the messaging app is your phone's 'Contacts' list: A lot of police 'arrests' of young HK protesters were for police to illegally search their smartphones and obtain data such as their Contact list, Telegram group membership, phone numbers, etc. Instead of using Google 'Contacts' use open source 'OpenContacts' from f-droid.org.
Never use WiFi in public locations - use only your data program from your service provider. Do not click on any link unless you are sure it is safe. Use as many aliases as you need.
Use anonymous emails from reliable service providers such as protonmail.com.
Some other good open source privacy focused apps from repository f-droid.org : Notally [replaces Google Notes], Habits, MoneyWallet, ClipboardCleaner [critical to make sure your clipboard is clean], SlimSocial for Twitter, SlimSocial for Facebook, Orbot [Tor VPN], Imagepipe [images META data scrubbed], NewPipe [alternative to YouTube, no history, no ads], etc.
If you want people to know everything then use the cloud. If you don't want people to know something then store it locally inside VeraCrypt encrypted USBs. For example, use a multi-platform password manager such as KeePass which you manually upgrade, etc.
Rule 4: Always use Tor browsers on your smartphones and computers - this is the easiest way to be 'anonymous' in your browsing. You can use a fast 'unsafe' browser such as 'Brave' if you are not accessing sensitive information.
Android smartphones can use f-droid.org 'Orbot' app which provides Tor as a VPN service for your phone. WhatsApp messaging system does not like Tor network: So anyone calling you on WhatsApp using Orbot as VPN can not always reach you - Orbot works fine with only messaging on WhatsApp.
If you want to use WhatsApp on your phone for calling, or otherwise want a VPN which is not Orbot, then consider a VPN such as UK's Windscribe who offer a free monthly service. At a minimum use a VPN - the ideal is to use Orbot.
Tor network is unavailable inside CCP China's firewall - so when HK no longer has access to the Tor network you know that HK is equivalent to China in surveillance!
Rule 5: If you want the highest level of security for your online computer browsing (e.g. protest blogging) then use exclusively Tails operating system (Linux based) installed on a USB. If a government really wants to find you they probably can, but it can take them time and a lot of resources.
A USB with Tails installed needs to first be fully encrypted using VeraCrypt. The first folder with password contains one worthless file that can be given by you to the police just before they pull out your fingernails: Tails should be installed inside a second hidden folder with a different password. This hidden folder ensures your defense of 'plausible deniability': i.e. it is your USB but you had no idea that the USB had a second hidden folder and you don't have the password for the hidden folder because you know nothing about it.
On your computer always use a VeraCrypt USB not the hard disc drives. Tails has a library of Linux software - LibreOffice - which is much like MS Office, and to a high degree compatible. Be prepared to remove a hard disc drive (to destroy) if you have to throw away your 'burner' laptop.
For internet access use a plugin mobile broadband USB with an unregistered SIM or tethering into your burner phone. Having said this you could move around and use different public WiFis as a less secure option - or use your burner phone as a hotspot for your computer access to the internet. Warning - wireless is easier to hack than a cable.
Keep learning, developing and using your own data privacy program. Good luck.
CCP please answer the following UN letters sent to you:
Please read and share our blogs with friends and family if you wish:
RTHK 23 November 2021 'LeaveHomeSafe mandatory at eateries from December 9'