We are a pro-democracy movement in need of some advice/critique planning internet presence and communication security.
Movement/project objective:
Pressure concrete legislative change toward democratization and accountability of government. Popular support very strong, some organizing needed.
Adversary overview :
Nation state/government integrated deeply with local and international organized crime. Strongly influenced (partial controlled and supported) by other major Nation states which have strategic & economic interests in the region.
The legislative change would cost the current power structure to lose hundreds of billion USD, significantly curtail their power and put them at risk of legal prosecution.
Adversary has zero qualms on using institutional repression and deadly force towards specific small targets (individuals and small groups). Has repeatedly killed people through public gang-style executions and arranged accidents/suicides with clear message.
Security forces (and intelligence services) are used for political purpose routinely and semi-openly (as intimidation tactic).
Adversary is very reluctant toward using violence against major protests and large groups. Afraid of sparking the gunpowder keg of already present high tension.
Adversary loves secret/clandestine oppositions, since they infiltrate them expertly and pressure/take out key figures without much noise (!)... effectively avoiding the risk of civil unrest and international pressure.
When opposition is open (majority of population is observing the situation and informed) and has international media coverage, the use of violence takes a back seat. Instead the tools used are infiltration, compromising key figures to discredit them and the movement. Forming parallel "opposition" organizations to disperse the attention and carefully shift public narrative. KGB/FSB style tactics strongly favored.
Most mass media (print, radio/TV major web news sites) are under control of the political/criminal power structure. Achieved through systematic buyouts of media and pressuring.
Participants understand the risks:
Radical transparency of the movement will be used for protection of sorts. The adversary will uncover the movement anyway (experts against very large number of untrained common people with zero OPSEC)... at least with publicity and transparency will make public use of violence more difficult. The risks of getting harmed and/or killed are understood, but no more secure way is available (with realistic chance of success).
Advice needed and welcomed:
Public information sharing through the internet and offline means (obviously without major media support). The information system should be easy to access but difficult to disrupt and take down (DDOS, hacking etc):
Here is the current planned setup. Suggestions, advice and critique please:
Main website (should be DDOS resistant and editable through secure channel... also relatively cheap). Hosted on Wordpress.com premium plan with Cloudflare Business in front for DDOS protection.
Full page caching enabled (html included), so the Wordpress hosting gets only a few cache refresh hits per hour. Full SSL will allow easy editing (perhaps through Tor/VPN to fight MITM... more on that later). Backup with VaultPress.
Previous plan was static website generator with Cloudflare Business full page caching. But secure and timely editing of the website is more difficult (need to secure more complex endpoints and added security/availability procedures).
YouTube/Flickr for video/image sharing. YouTube account with 2-factor.
Facebook and Twitter (Facebook is very popular/big). With 2-factor on both.
Printable files for fliers, brochures, posters for individual (self printing) printing and distribution. Very decentralized offline distribution.
Communication channels:
Preferably confidential content. Metadata is more important. Should be more difficult for the adversary to do large scale/complete network analysis.
Gmail to Gmail (with 2-factor). Good security (adversary will have hard time pressuring Google for data, but possible through US on case by case). Vey unlikely to get complete data for all accounts. Good encryption (to Google) with Chrome certificate pinning. NSA doing Gmail network analysis on behalf of adversary is very unlikely.
Skype (with 2-Factor) for group Video Chat. Open group video meetings with recordings uploaded to YouTube. Maximum transparency is the only real defense. Hidden actors here can disappear/have and accident with ease... public ones less so.
Since most/all of the video meetings/chats will be made public, there is little need for confidentiality. Skype has better video quality than Hangouts and is more popular/easier to use. It's unlikely the adversary will get access to the Skype logs and contact lists en mass from Microsoft.
Could use mobile devices (iOS/Android) for both... better end point security.
Endpoint security questions/ advice needed:
Adversary could likely issue valid (from compromised CAs) certificates for Gmail/Facebook etc... for highly targeted (harder to detect) attacks on more important endpoints.
If using iOS, which browser supports certificate pinning for the major sites? Does the Gmail or Mail apps have it? What about the iOS updating mechanisms?
If certificate pinning is not sufficiently available, what iOS VPN will you recommend (once we get the traffic outside the country the risk for MITM is much lower). We need secure connection to block local ISP attacks on endpoints. Mullvad is great but iOS support is very poor. Privacy and anonymity are not issues, security is.
Please recommend a good password management app for iOS. KeePassX is great... but unavailable. LastPass, 1Password, something else ?
Apologies for the long and rambling post. For now had to strip down a lot of details.