Data Protection

What You Can Do

For more in depth information on protecting your privacy that goes beyond this guide, a good starting point is the EFF’s “Surveillance Self Defence”  site. In fact, many of the links below in regard to specific items will send you there.

Please note that this guide is intended for average everyday citizens desiring to take some action to protect their metadata from the ubiquitous mass surveillance of the new Australian data retention regime. If you are a journalist, a dissident, a whistleblower or political activist, or have some other higher order threat model then you should seek further more specific technical & professional advice than this guide.

But for an easily digestible overview of a range of options to minimise your risk from the incoming Australian Data Retention regime, see below.

How to protect yourself and your family from Data Retention

 

Web Browsing/Internet

Whether you are using your desktop computer, or a mobile device, you should protect your actions from indiscriminate surveillance. Despite claims that data retention does not intend to collect and store your browsing history, any interaction online that is not encrypted will leak private data about you, your activities and connections. The below options will go some way to protect your actions from some aspects of casual surveillance if set up correctly.

Important: How careful you are and what tools you choose to use will depend on decisions you make about your “Threat Model” 

browser icons

VPNs

  • What is a VPN?
    • VPN stands for Virtual Private Network.
    • VPNs work by creating an encrypted tunnel between your computer and another server.
    • Your ISP cannot read the traffic in this tunnel; they can only see that you are connected to the server and sending/receiving (encrypted) data.
    • VPNs are widely used in business: they allow people working from home to connect to their office network securely, which is vital for people working with sensitive information.
    • VPNs will also allow you to bypass website blocking from the government’s new anti-piracy regime, including any sites that could be accidentally blocked due to collatoral damage
    • VPNs can also be used to bypass geo-blocking restrictions. What does this mean?
    • Using a VPN is legal
  • Using a VPN
    • The easiest way to use a VPN is to purchase a service from a VPN provider.
    • The provider will manage the server and will usually provide you with software and simple instructions on configuring your connection.
    • Remember that a VPN provider outside of Australia would not be subject to Australian data retention requirements, but may still keep logs of your Internet use.
    • While a little dated, this article may also be of help in further securing your VPN connection: http://torrentfreak.com/how-to-make-vpns-even-more-secure-120419/ 
    • For discussions on VPNs and some tools to help test and use your VPN you may wish to try looking here: http://www.reddit.com/r/vpn 
  • Choosing a VPN
  • Downsides & caveats to a VPN
    • You will need to pay monthly fees (although often not very high).
    • It can be slower – your traffic is routed through a server outside of Australia.
    • Content unmetered by your ISP will count towards your monthly quota.
    • Your traffic is only protected until it reaches the server. Instead of trusting your ISP, you are trusting the VPN provider: a disreputable provider could still log and monitor your traffic.
    • It only protects data in transit: if your computer is compromised (e.g. by a virus or snooping software), your data will still be vulnerable.
    • Loss of localised experience: some websites such as Google serve up different content based on your location. When your VPN is located outside of Australia, many websites may behave differently. For example, if using a German VPN connection, a website may give you its German language version.
    • Note: protecting yourself from the Australian data retention regime is not the same as protecting yourself from NSA programs. What does this mean?
    • VPNs, while very useful and possibly one of the best front-line defences against data retention are not a magic bullet. For example
  • Creating your own VPN
    • Unless you are an expert user and know exactly what you are doing, we would not recommend creating your own VPN.
    • Personally created VPNs may very well suit some people’s use cases, with these people being happy to make some compromises:
      • Keep the server and all its software updated, and if necessary spend time recovering from breakages.
      • Generate and keep secure very strong certificates and keys.
      • Know that they’re easily identifiable, should someone in their host country be listening.
      • Be comfortable knowing they aren’t able to physically secure the server running their VPN.
    • You will however at least know for sure that the VPN company isn’t keeping and sharing the logs with the NSA or ASIO, since the ‘company’ will be you. However this presumes any third party servers you use, or your own systems are secure and not compromised.
    • As unlikely as it is, content companies would love the government to ban the use of VPN service providers
    • If you insist on trying it, here’s a guide: https://www.webdigi.co.uk/blog/2015/how-to-setup-your-own-private-secure-free-vpn-on-the-amazon-aws-cloud-in-10-minutes/  – But do so at your own risk, and do your research.

Tor

 

Beyond the basics: More privacy protection tools

If you are worried about Data Retention, then you may also be concerned about other means by which companies, security agencies, governments and so on can track what you do and build a picture via your online activity.

Even if the current definition of what is to be retained under the data retention regime is limited to certain information, there is the likelihood that this definition will expand at a later date. Additionally there is the threat that innocuous activity could inadvertently raise suspicion through false positive identification. This could in turn increase the amount of warrants issued on innocent people, warrants which will then cause the retention of extra content in relation to these people. Thus, average users could be more likely to come under the increased scrutiny of a preservation order  so protecting data that is outside the purview of the mandatory data retention regime may be advisable.

Keeping these expanded threats in mind, there are some other general tools and practices that you may also wish to start employing as a result of the new data retention regime and a general increase in surveillance of communication activities.

(Don’t forget there are also the wide ranging NSA programs, copyright violation monitoring, censorship efforts, and criminal activities such as identity theft, in addition to our new domestic data retention regime).

This article from the Sydney Morning Herald gives a general overview of why just masking your IP address through a VPN may not be enough to protect you: Will Australia’s metadata retention scheme track your digital browser fingerprints? 

browser icons

General Good Online Practice

  • HTTPS
    • HTTPS Everywhere.
    • A simple browser extension made by the EFF
    • Will automatically push your browser to the HTTPS URL when a website supports HTTPS.
    • This forces an encrypted connection when connecting to a website that supports such encryption.
    • Guide for Installation and usagehttps://www.eff.org/https-everywhere 
    • Mobile support is available for this extension only for the Firefox Browser, and only on Android devices.
  • Ad-blocking

    Note. This section is under review. Adblock has been sold  and there are questions in regard to how much it should be recommended now due to the “acceptable ads” program  and other reasons.

    In the meantime uBlock Origin has been suggested as an alternative:

    • Adblock or Adblock plus.
    • These are Browser extensions.
    • Despite name similarity, they are separate competing software products.
    • Blocks popup ads, some ad banners and some tracking.
    • Blocking ads and associated items like tracking cookies etc will cut down on the amount of ‘metadata’ you generate and assist in protecting your privacy.
    • Adblock: https://getadblock.com/ 
    • Adblock plus:https://adblockplus.org/ 
  • Tracker Blocking
    Note: tracker blocking plugins often break the functionality of image galleries, video playback, commenting/discussion systems and social media widgets. You may have to whitelist trusted websites.

    • Ghostery
      • An add-on for your browser which detects and blocks tracking which a website may be trying to do.
      • Ghostery  is proprietary, but cost-free.
      • Available for all major browsers.
    • Privacy Badger
      • A browser extension for the Firefox and Chrome that will block all non-consensual tracking.
      • Privacy Badger  is open source, cost-free, a project of eff.org  and in Beta.
      • As the Tor Browser is based on Firefox, Privacy Badger will also work with that.
    • Disconnect
      • A browser extension which blocks advertising, analytic and social media requests which are without consent.
      • Disconnect  is open source and cost-free. Disconnect also offer additional non-free services, like limited VPN access.
      • Disconnect is available for all major browsers.
https everywhere logo

 

Email

 

Encrypted Phone Calls

There are a number of services like Wickr  (as used by Malcolm Turnbull recently, he has since moved on  to Signal) which provide endpoint to endpoint encryption; or encryption between their servers and all endpoints. These provide an unknowable level of protection and it cannot be guaranteed that there are no backdoor agreements between these services and any governments.

One should be especially careful when using a service that does not run on open source or freely auditable code as you are placing trust entirely within the organisation to deliver what they advertise. There have been examples where a company claims to protect your security and privacy have been found wanting when exposed to closer scrutiny.

The value of these services is often pinned on your trust of the company in question. The below apps are widely considered the best options at this time (but make your own judgement call).

for Android

for Apple iOS

 

Encrypted Text Messaging

for Android

for Apple iOS

  • Signal
    • Signal 2.0 has recently been released for iOS that now includes TextSecure support.
    • More information: https://whispersystems.org/blog/the-new-signal/ 
    • Get it from the Apple App Store.
    • Note that they are phasing out support for encryption for traditional SMS/MMS, so if you use signal to send standard SMS text messages they will not be encrypted. But you can get the same functionality by using Signal to send and receive “TextSecure” messages in encrypted formats.
      More info: https://whispersystems.org/blog/goodbye-encrypted-sms/  So please make sure you are aware of which version you are using and what it does and doesn’t encrypt.

Other options

 

Encrypted Instant Messaging

for Windows/Linux

  • Pidgin + OTR Plugin
    • Open source “universal chat client”.
    • Can be used with Google Hangouts/XMPP, Yahoo, and apparently Facebook accounts.
    • With OTR you get end-to-end encryption and forward secrecy. What does this mean?
    • Note that OTR is a separate plugin that you need to obtain separately and add to Pidgin.
    • Guide for Installation and usage:
      https://ssd.eff.org/en/module/how-use-otr-windows 
    • Note: OTR will not provide secure end-to-end encryption if you’re the only one using it. Make sure those you talk to also install the plugin.

for Apple OSX

  • Adium + OTR Plugin
    • Adium is a free and open source instant messaging client for OSX.
    • It is based on the same core as Pidgin but has a shiny Mac interface.
    • OTR is a protocol that will encrypt your conversations.
    • With OTR you end-to-end encryption, forward secrecy. What does this mean?
    • OTR comes built into Adium, you do not have to install it as a separate plugin.
    • Guide for Installation and usage:
      https://ssd.eff.org/en/module/how-use-otr-mac 
    • Note: OTR will not provide secure end-to-end encryption if you’re the only one using it. Make sure those you talk to also use OTR.

for Mobile (Apple iOS/Android)

 

Pirate Party © 2018 Frontier Theme