Header Ads

How To Get Around Australia's Data Retention Scheme

23:48 , , ,
from Gizmodo.com.au: The new Data Retention regime in Australia puts you and your family’s privacy at risk. To assist in preventing your personal information from falling into the wrong hands you should take action to protect yourself now. What follows is a simple guide to some sample technologies that can help protect your privacy.

For more in depth information on protecting your privacy that goes beyond this guide, a good starting point is the EFF’s “Surveillance Self Defence” site. In fact, many of the links below in regard to specific items will send you there.

Please note that this guide is intended for average everyday citizens desiring to take some action to protect their metadata from the ubiquitous mass surveillance of the new Australian data retention regime. If you are a journalist, a dissident, a whistleblower or political activist, or have some other higher order threat model, then you should seek further more specific technical & professional advice than this guide.

But for an easily digestible overview of a range of options to minimise your risk from the incoming Australian Data Retention regime, see below.

Web Browsing/Internet

Whether you are using your desktop computer, or a mobile device, you should protect your actions from indiscriminate surveillance. Despite claims that data retention does not intend to collect and store your browsing history, any interaction online that is not encrypted will leak private data about you, your activities and connections. The below options will go some way to protect your actions from some aspects of casual surveillance if set up correctly.

Important: How careful you are and what tools you choose to use will depend on decisions you make about your “Threat Model“.

VPNs

• VPN stands for Virtual Private Network.
• VPNs work by creating an encrypted tunnel between your computer and another server.
• Your ISP cannot read the traffic in this tunnel; they can only see that you are connected to the server and sending/receiving (encrypted) data.
• VPNs are widely used in business: they allow people working from home to connect to their office network securely, which is vital for people working with sensitive information.
• VPNs will also allow you to bypass website blocking from the government’s new anti-piracy regime, including any sites that could be accidentally blocked due to collateral damage.
• VPNs can also be used to bypass geo-blocking restrictions. (Have you ever been watching YouTube and seen that “This video is not available in your country” message? That’s geo-blocking. If your IP address showed you as coming from country where that video was allowed to be seen, you could watch that video, but for various licensing reasons you cannot. Aside from privacy benefits, getting around geo-blocking to access services that aren’t available in Australia had traditionally been one of the key uses for VPNs! Read More.)
• Using a VPN is legal.



Using a VPN
• The easiest way to use a VPN is to purchase a service from a VPN provider.
• The provider will manage the server and will usually provide you with software and simple instructions on configuring your connection.
• Remember that a VPN provider outside of Australia would not be subject to Australian data retention requirements, but may still keep logs of your Internet use.
• While a little dated, this article may also be of help in further securing your VPN connection.
• For discussions on VPNs and some tools to help test and use your VPN you may wish to try looking here.
Choosing a VPN
• Torrentfreak has provided a list of (self-proclaimed) anonymous VPN providers in this article here.
Crikey has a Aussie data retention specific guide to choosing a VPN here, and Gizmodo has one too.
• See also the EFF’s SSD guide: Choosing the VPN That’s Right for You.
• The above /r/vpn subreddit link may also be of use in choosing a VPN provider.
Downsides & caveats to a VPN
• You will need to pay monthly fees (although often not very high).
• It can be slower – your traffic is routed through a server outside of Australia.
• Content unmetered by your ISP will count towards your monthly quota.
• Your traffic is only protected until it reaches the server. Instead of trusting your ISP, you are trusting the VPN provider: a disreputable provider could still log and monitor your traffic.
• It only protects data in transit: if your computer is compromised (e.g. by a virus or snooping software), your data will still be vulnerable.
• Loss of localised experience: some websites such as Google serve up different content based on your location. When your VPN is located outside of Australia, many websites may behave differently. For example, if using a German VPN connection, a website may give you its German language version.
• Note: protecting yourself from the Australian data retention regime is not the same as protecting yourself from NSA programs.
• VPNs, while very useful and possibly one of the best front-line defences against data retention are not a magic bullet. Note that the legislation requires mobile internet providers to log each connection your phone makes, and the location of your device as it makes that connection. On a modern “smart phone”, with a VPN turned on, the phone will still make frequent connections (on the order of every few minutes) to check email, push notifications, updates etc. and your location during each of these connections will be logged – there is nothing a VPN can do to protect you from the location-logging data retention issue. In addition, please note that this guide is intended for average everyday citizens desiring to take some action to protect their metadata from the ubiquitous mass surveillance of the new Australian data retention regime. If you are a journalist, a dissident, a whistleblower or political activist, or have some other higher order threat model then you should seek further, more specific and more technical & professional advice than this guide.
Creating your own VPN
Unless you are an expert user and know exactly what you are doing, we would not recommend creating your own VPN.
• Personally created VPNs may very well suit some people’s use cases, with these people being happy to make some compromises.
• Keep the server and all its software updated, and if necessary spend time recovering from breakages.
• Generate and keep secure very strong certificates and keys.
• Know that they’re easily identifiable, should someone in their host country be listening.
• Be comfortable knowing they aren’t able to physically secure the server running their VPN.
• You will however at least know for sure that the VPN company isn’t keeping and sharing the logs with the NSA or ASIO, since the ‘company’ will be you. However this presumes any third party servers you use, or your own systems are secure and not compromised.
• As unlikely as it is, content companies would love the government to ban the use of VPN service providers.

If you insist on trying it, here’s a guide. But do so at your own risk, and do your research.

CONTINUE @ SOURCE
<--FULL STORY HERE-->


Post a Comment

No comments

Subscribe to: Post Comments ( Atom )