The government wants your data. Not the just criminals and terrorists. Yours. Right now. They want to to know that you read this website, who you texted after and what you said. To hear the policy maker’s side of things, check out our Attorney General’s explanation of the metadata collection project:
But the funny thing is that a few basic measures can obfuscate this low level, incredibly invasive surveillance.
Frankly the most scandalous thing I do is pirate game of thrones, but I believe that:
– privacy of thought is an inalienable human right
– the line between activism and terrorism will get blurrier as our government slides more to the radical right
– it’s a slippery slope to letting some skeezy 21 year old working at ASIO look at the dick picks I send my girlfriend.
This series will go through some basic measures you can take to make it harder for the government to acquire and store your data.
We’ll start with creating an encrypted network (it’s super easy don’t worry), so what you do is harder to track, and some easy ways you can chat and email without it going into a big ol’ vat of metadata.
This is only surface stuff, so if you’re under investigation by the NSA then this isn’t the article for you. However you can turn the glut of metadata the government plans to passively collect about you into a big ol’ question mark.
It’s argued that just doing this will get you on a list, but my theory is if enough people turn these basic things into part of their routine there’ll be so many question marks they won’t know what to do.
VPN – If you haven’t got a VPN then you need one.
A VPN, or Virtual Private Network, is simply an access point for your data that is encrypted. Instead of your data connecting to say, Wikileaks, your computer (as well as thousands of other users) talks to the VPN over an encrypted channel, and then that VPN connects to Wikileaks, as well as puppiesleaks.com and the requested websites of all the other users.
This means that you don’t get on a list flagged as “someone that reads wikkileaks” (ie potential dissident).
Getting one setup
Basically you pay for access (you will receive ‘login details’) and then download a client. You then turn that client on and connect to that and all your data gets encrypted.
I use Private Internet Access, they take bitcoin, so I can pre buy with no details, and I can set-up multiple devices.
Check them out here
Remember they are a 3rd party, so stay up to date with their status as a trusted party. Because you are not selling drugs on silk road it’s not mission critical if you use a comprised VPN for a week or two but it’s good to stay up to date.
Why use a VPN?
Anyone watching you will only see your computer linking to this VPN. This means your browsing history can’t be associated with your IP address (kind of like the street address for your modem or device).
Making it harder to associate your IP address to your browsing history will make it harder for ASIO to file your genitalia photos correctly. It also means that copyright trolls that try and catch people illegally downloading won’t be able to pressure your ISP for your details. Considering the push for more criminal penalties as well as Civil action, you’ll be glad you set up a VPN for at least your media acquisition needs.
You can usually choose what exit points you have so that you can choose which country you look like you’re in, which allows you to use services like Netflix and other restricted by geolocation. Read this guys story to understand the true joy of netflix via VPN compared to anything we have in australia.
All your search history through google gets associated with any google account you have if you are logged in. They also create device finger prints so even if you aren’t logged in they can associate history with your device.
Use Duck Duck Go, a search engine that is built on not retaining search data, neither as cookies on your computer or on their end of things. The issue is its search isn’t as effective as google. If you’ve got all your other measures set up right this probably isn’t as big a deal. Just don’t log in to Google’s panopticon of personal services.
Staying in touch
This is one of the strongest and most tested forms of encryption. The way it works is using public and private keypairs, so basically you can encrypt a message . You can use chat services based on these, and can also use them to sign emails (to verify your identity), and encrypt them (which means only people with corresponding private key can read them).
Get an overview of email signatures here
Add your public key and verify it here.
Frankly this is a big subject and I’ll be having a blackhat security guy I work with guest post on this later in the series.
This is a chat service built on GPG, it creates chat rooms that are encrypted. You can setup a chat room and direct connections with friends, agree on a chat room, and you can agree on secret questions and answers.
This is a rad service because you can actually log in to your Facebook with it, and when your friends do the same you will have encrypted chat as well.
What I would suggest is that you take your meaningful, real conversations onto a service not associated with your “drivers license” identity.
For this I’d recommend a service called Silent Circle, which allows for private phone, video and text.
Remember they can still get at the backdoors in any software so try and avoid associating any identity indices with the service.
Look, anything thats pumping to dropbox or any other data centre is vulnerable. Sure you can connect with a VPN and not use your identity but they’ll probably be able to associate it for you. The best ranked service is Jotta Cloud that claim to be out of reach of the NSA (and similair data retention schemes).
We will do a write up on creating your own home storage that you can access remotely, the right combination of VPN’s and a home server and you can get drop box without the snooping, so watch this space.
As I’ve said, this isn’t a be all and end all. If you are under serious scrutiny then this is nothing. They can triangulate your dark activity based on when your light is offline, thumbprint your device (not your account) and tonnes of other crazy stuff.
However a VPN and the use of chat services like the above will turn a hugely expensive low grade data mining program into a big waste of time.
Just avoid running your “drivers license” linked services (like Facebook) on your encrypted, private devices. Be like Neo from the matrix, have a meatspace, IRL, Facebook personality, but do the meaningful connections dark and encourage your friends do the same. Not because you are a criminal, but because you have a right to privacy.
Boycott the surveilled spaces and become a part of the new world we are building away from the luddites, fools and dinosaurs that so desperately want to drag us backwards into a hazily remembered golden age where the powers that be held the keys to communication, knowledge sharing and decision making.