Snooper's Charter and Keeping Your Privacy

 

Snooper's Charter and Keeping Your Privacy

Snooper’s Charter

Recently news feeds were buzzing about Britain passing the Snooper’s Charter (a law that, amongst other things, forces UK’s internet service providers to store browsing histories). Here’s a brief description of what it’s all about based on this article:

The law was introduced way back in 2012 by Theresa May and didn’t get passed until Wednesday the 16th November 2016 (if you’re reading it way-waaaay into the future), though there were attempts.

The gist of it is: internet providers are required by law to record every customer’s top-level web history for up to a year in real-time (so visited domains, like ‘http://www.reddit.com’, but not ‘http://www.reddit.com/r/aww’, for example) and the data will be available for access by government departments; the government might force companies to decrypt data on demand, or disclose new security features in products before release; intelligence agencies have the right to hack into computers of citizens.

This law is a major blow to one of the main human rights - the right to privacy.

I have already come across several people who tend to think in the vein of: if you have nothing to hide, you have nothing to fear. I suppose they also think that it would be absolutely fine for the government representatives to go into their home and start looking through drawers, if they have nothing to hide - surely it’s fine.

A neat quote that I recently came across on Reddit, relating to this stance:

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.

Ok, so what to do? Start by using a VPN.

What’s a VPN?

Imagine you’re a sixteen-year-old who wants to buy cigarettes. You find a grown-up, give them the money, they buy a pack of cigarettes and bring it to you. A VPN is sort of like that, only legal, and you can choose your grown-up. Okay, fine, it’s not really like that, let me try again.

VPNs (Virtual Private Networks) are all about establishing a private connection (a tunnel, if you will) to a server that lives somewhere far away (more on this below). The data you exchange with that server is encrypted, how well encrypted it is depends on the service you’re using. You access all the things you want to access through that server.

The benefits of this are:

  1. You keep your privacy. Without a VPN whether you’re using a public WiFi connection or browsing from the comfort of your home - your activity is visible, at the very least to your ISP. However, when you’re using a VPN the only connection anyone from the outside will see is your connection to it. And, like I said, all the data exchanged with a VPN is encrypted. Alternatively, from the other side of this browsing adventure - the websites that you are accessing will only be able to track you as far back as the VPN server.
  2. You can pick and choose the country you’re accessing a resource from. So, say you’re in China and want to access Facebook. Facebook is banned in China. No problem, through the magic of VPNs you make it look like you’re accessing Facebook from some other country and it works like a charm (unless you’ve picked Bangladesh, Iran, North Korea or Syria, Facebook is banned in those countries too). A less drastic example is watching US Netflix from UK.
  3. You can access your home or business network when travelling and safely mess around with your local resources without exposing them to anyone.
  4. Finally, a VPN can be used to bypass ISP restrictions, like line throttling when using peer-to-peer.
  5. Well yeah, also you can use a VPN to download files through applications like BitTorrent, I know what you’re thinking, but torrenting isn’t always illegal.

Remember, ISPs rarely provide any guarantees on protection of your information (especially with the Snooper’s Charter in force), on the other hand, the main selling point of VPNs is privacy and security of your data. If they don’t make it secure - they won’t have customers.

How to pick a VPN?

First, look where the VPN is based.

See, back in 1941 the Atlantic Charter was issued to define post-war goals. It was drafted by UK and US; later Canada, Norway, Denmark, West Germany, Australia and New Zealand joined as ‘third parties’. By 1955 it was formally acknowledged that UK, USA, Canada, Australia and New Zealand made up the main frame of the alliance. This became known as the ‘Five Eyes Alliance’ alliance.

Over the years these countries have agreed to freely exchange information as an attempt at enhancing everyone’s security. It’s not implausible that one of those governments might force a VPN provider to release information on its users. So, when you’re picking a VPN - pick one outside of these five countries.

In addition to that, some countries require communications companies to keep logs for a certain amount of time, sometimes laws relating to this apply to VPN providers, sometimes they don’t. According to this really user-friendly (seriously, a toddler can understand it) article on VPNs for beginners written in January 2016 you can safely pick a VPN from the Netherlands, Luxembourg, Romania or Sweden, because in these countries VPN providers are not required to keep logs.

If you’re all about anonymity, some services allow you to pay for their services anonymously: bitcoins, anonymously purchased store cards (Private Internet Access), cash sent by post (Mullvad).

They’re not that expensive either, some can be as cheap as $4 per month.

How to search for VPNs?

If you’re like, dude, googling VPNs and reading the fine print is a bummer - yo, privacy is nothing to be lazy about. However, here is a list of the best VPN services of 2016 (according to VPN Service Point) and here is another list of the best VPN services of 2016 (according to PC).

Last Notes About VPN Stuff

  1. It is probably worth mentioning, just in case, that if you’ve got a VPN set up on your computer - it means that all of your browsing on that specific computer is secure, but not on any of the other devices that you might have connected to that network. If you’d rather that wasn’t the case - you can use a router that supports VPNs, after you enter your VPN details - every device getting an internet connection through that router will enjoy the security of a VPN.
  2. If you’re curious about VPN protocols and are trying to decide which one to go with here is a quick rundown of the main ones (PCWorld) and here is another one (whatismyipaddress.com).

Other Things To Consider

If you’re browsing internet using Chrome, Firefox, IE or, I don’t know, Mosaic, I’d recommend considering a switch to Tor. These browsers are aimed at maintaining the user’s privacy. Tor uses onion routing to conceal a user’s location and network usage.

There might be little point in using Tor over a VPN, but there are benefits to using a VPN over Tor. Here is a pretty good explanation of why you might want to do that.

If you are extra cautious, you might want to try Tails. It’s a free live operating system built on Debian that can be started on pretty much any computer using a USB stick, SD card or a DVD. It is made to preserve the user’s privacy and anonymity.

Update: Why keeping your activity private is important?

I had a few people reach out after this post appeared, asking why digital privacy is that important. Am I not just telling people how to get away with illegal activity?

Well, I believe in the right to a private life. For example, everyone is free to decide whether they want to advertise their sexual preferences and kinks or not, but by default - everything you do in the bedroom is no one else’s business, especially not the Government’s. Why should it be different for everything else?

This collection of data is essentially the Government’s way of sticking their nose into your private affairs. Remember that Reddit post with a link that sounded too curious to not click that you regret clicking? They’ve got it. Accessing Pornhub a couple of times a week? They’ve got it too. Any normal, non-threatening person who is not a criminal will eventually end up with something in their browsing history that can be perceived as incriminating data if you really make an effort.

And sometimes you get put on a list just because of your interests. Read The Linux Journal? Congrats, you’re on the NSA list.

Everyone has the right to have their private stuff stay private, the fact that for some people ‘private’ and ‘illegal’ overlap is an unfortunate edge-case. With enough motivation, I’m sure a butter-knife can be used as a murder weapon, but it doesn’t mean that butter-knives should be outlawed or every single person who buys a butter-knife should be put on a list.

And finally, you can never assume that people with access to this data will only be using it for intended purposes. You cannot automatically assume that everyone who sees your private data is a whitehat. But even if they are - hacking is still a thing, social engineering is also still a thing. Having your private information in one place sounds pretty convenient, no?

  1. Wikipedia: ‘Draft Communications Data Bill
  2. ZDNET Article: ‘Britain has passed the “most extreme surveillance law ever passed in a democracy”
  3. Reference.com: ‘What is a VPN service?
  4. Wikipedia: ‘Five Eyes Alliance
  5. PC Advisor: ‘Best VPN 2016/2017 UK
  6. Wikipedia: ‘Virtual Private Network
  7. How-To Geek: ‘What is a VPN, and Why Would I Need One?
  8. bestvpn.com: ‘VPNs for Beginners - What You Need to Know
  9. PC: ‘The Best VPN Services of 2016
  10. VPN Service Point: ‘The 6 Best VPN Services of 2016
  11. whatismyipaddress.com: ‘What is VPN
  12. PCWorld: ‘How (and why) to set up a VPN today
  13. Wikipedia: ‘Tor (anonymity network)
  14. Tor
  15. The Tin Hat: ‘Tor and VPN: Using Both for Added Security
  16. Tails
  17. Reddit: ‘Britain just passed the “most extreme surveillance law ever passed in a democracy”
  18. Private Internet Access
  19. Mullvad
  20. The Linux Journal: ‘NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance