1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to avoid the UK’s new online surveillance powers

Discussion in 'Technology' started by j4v3d, Nov 25, 2016.

  1. j4v3d

    j4v3d VIP Member

    If the government wants to hack you, it will, but you can stop the police from just scooping up your web history

    [​IMG]

    Jonathan McIntosh / Creative Commons

    The UK is about to pass into law sweeping surveillance legislation that will force ISPs and mobile operators to keep a complete record of every citizen’s browsing history for up to a year. This information will be accessible without a warrant to intelligence services, the police, and a number of other government agencies — including, bizarrely, the likes of the Gambling Commission and the Food Standards Agency.

    While much of the legislation is concerned with how the government can track down serious criminals like terrorists and child abusers, it’s the wholesale collection of every citizen’s web activity that has a lot of people worried. After all, there’s very little oversight about how the information is accessed, and it’s private companies that have to store the data, there is a good chance it will get stolen by hackers at some point. (If this sounds too pessimistic, remember that in the last year alone, there have been two major attacks in the UK stealing customer data from the ISP TalkTalk and the mobile operator Three.)

    So, if you’re a UK citizen who doesn’t want their browser history to end up in a government vault, how do you protect yourself?

    USE A VIRTUAL PRIVATE NETWORK

    This is really the simplest advice for anyone looking to use the internet with a little more privacy. A VPN or Virtual Private Network is a service that passes your internet traffic through different servers around the world. Not all VPNs are created equal, though, and companies differ on whether or not they encrypt that traffic, or whether they keep logs of users’ activity. (This doesn’t mean recording browser history, per se, but can include basic information like “computer with IP address X used our VPN network for Y hours on Z day.”)

    Ed Johnson-Williams, a member of the UK’s Open Rights Group, and someone who briefs journalists and NGOs on how to avoid surveillance for a living, says that if you want quality, you should expect to pay for your VPN. In the UK this could cost between £25 and £40 a year. “That is an investment that you just have to make if you want to take privacy seriously,” says Johnson-Williams. There are free VPNs available, but he advises against them. “A free VPN company will itself probably be analyzing what sites you’re looking at, or inserting its own advertising into your webpages to make money,” he says.

    The website TorrentFreak publishes a yearly survey of VPNs, and asks them questions about what information they store on their customers, where they store it, and how they deal with government requests for data. As the survey shows, most paid-for VPNs don’t keep logs and don’t hand over data, but at the bottom of the page you can find a list of companies you’ll probably want to stay away from. Some popular paid services include NordVPN, AirVPN, and Private Internet Access.

    ALTERNATIVELY, USE TOR

    If you don’t want to pay for a VPN (and again, if you’re worried about privacy, you should) then one alternative is to use Tor. Like VPNs, Tor bounces your internet traffic through different servers around the world making it difficult — but not impossible — to track. You can download a browser with Tor pre-installed for different operating systems here, and the whole thing is open source, meaning it’s verifiable by third-party security analysts.

    Compared to VPNs, Tor can be pretty slow (you’re not going to be able to stream 4K video on it) but it’s become a lot easier to use in recent years, and is being taken up by more widely. “It has in some circles got a bad reputation for being the browser of choice for people who distribute images of child sexual abuse and other online crimes,” says Johnson-Williams. “My view on that is that bank robbers use cars, but that doesn’t mean we ban cars.”

    [​IMG]

    Signal for iOS

    USE AN ENCRYPTED MESSAGING APP

    Although the police are not going to be picking up your phone conversations, or the content of your chats in Facebook Messenger or WhatsApp (not without hacking your phone anyway, and they’ll need a warrant for that), you might want to start using a more secure messaging app all the same. Experts agree that the best pick is Signal, which not only offers secure one-to-one conversations, but also group chat, and voice calling. You can download for iOS here or for Android here.

    WHATSAPP AND IMESSAGE ENCRYPTED YOUR MESSAGE TOO, BUT THEY KEEP OTHER FORMS OF DATA

    Services like WhatsApp and iMessage do also encrypt your conversations, but are less secure in other ways. WhatsApp, for example, has the right to keep metadata about your chats (that includes date, time stamp, and phone numbers involved), and it also shares some user data with parent company Facebook. Signal doesn’t store any of this. You can read a more thorough of Signal, WhatsApp, and Google messaging app Allo here.

    THINK ABOUT WHY YOU WANT TO STAY PRIVATE

    Johnson-Williams says that when advising companies and individuals on security he asks them to think about a threat model for how they use the internet. “It’s kind of like digital risk management,” he says. “It’s important that people think about what data they have, what data they want to protect, how likely it is that that data would get into the wrong hands, and how serious that would be if it happened.”

    For a journalist, that might mean protecting their sources; for a business person, their company’s secrets. For everyone else, they might just be information that could embarrass them, reveal something they don’t want to be public knowledge, or that could be used for blackmail.

    The advice in this article certainly won’t protect anyone against determined government surveillance. If the security services of the UK — or any other nation for that matter — want to hack your phone or your computer, there’s really very little you can do to stop them. But, if you simply object on principle to the idea of being watched online constantly, you might want to follow some of these steps all the same. It’s up to you.

    [​IMG]

    AND WHILE I’VE GOT YOU HERE...

    Okay, so this information isn’t necessary to stop government surveillance, and I’m not your parent or anything, but if you are thinking about online security, there’s so much more you can do! You should definitely start by downloading a password manager like LastPass (it’s free!) or 1Password, and then use it to create hard-to-crack passwords for all the sites you use. With a password manager you only need to remember one password, and your accounts will be safer because of it. It’s win-win.

    And while we’re at it, please don’t use the same password for different websites. Type your username or email into this site and it will tell you if services you use have ever been compromised. If they have, chances are hackers can find your password pretty easily. And if you use that same password for everything, including your bank account..? Well that is bad news and I feel bad for you.

    And, lastly, you should definitely turn on two-factor authentication for any site you can. This means that when you (or a hacker) tries to log in to your account on a strange computer, they’ll have to get a code generated by an app on your phone to do so. Two factor authentication isn’t perfect, but it’s better than not having it. You can find a full list of sites that use two-factor here, but to get you started, here are the links for setting it up for Gmail, Amazon, Facebook, Twitter, and Apple.

    Remember: it’s cool to be Safe Online.

    Code:
    [ Only registered users can see the bbcode. Click Here To Register... ]
     
    Last edited: Nov 26, 2016
  2. Gunshow

    Gunshow Member

    Very interesting.

    Would you guys think this is a must for using kodi and cable tv services?

    Would anyone know how to set-up VPM straight from a vermin router rather than using apps?
     
  3. itsme01

    itsme01 Member

    @Gunshow it might not be a must but streaming that content isnt legal so it wouldnt be a bad idea
     
  4. jimzgemma

    jimzgemma Member

    VPN all the way.
     
  5. Gunshow

    Gunshow Member

    Any guidance on how to set up a VPN from the router or how to use with Kodi and VU+?
     
  6. rhysishere

    rhysishere Member

    thanks for the info
     
  7. fayhal

    fayhal Member

  8. Barney636

    Barney636 Member

    Does anyone know if you are able to use a VPN from a BT hub? I know they are quite a pain with being unable to use static IP's etc (unless you pay them..)
     
  9. Janso

    Janso TK Veteran

    Best bet is to buy a router that you can flash with firmware that allows you to configure a VPN. DD-WRT and Tomato are two examples of this firmware. Can find them cheap enough on eBay, or buy them new, just depends on what you want to spend. Then attach it to your ISP router, and if you can, put the ISP router into modem mode. Your supplier should be able to give you a guide to put it on the router.
     
  10. Speedygonzal

    Speedygonzal Member

    Unless I am mistaken, streaming (but not downloading) is legal in e.g. uk under EU law. Obviously it may change, and is dependent on where one is.
     
  11. Alien Heads

    Alien Heads TK Veteran

    If the content is copyrighted streaming is as illegal as downloading.
     
  12. Speedygonzal

    Speedygonzal Member

    I am unsure if that is correct. I can't provide a link (not enough posts here), but if you google wiki you will find:

    "In Europe, the Court of Justice of the European Union (CJEU) has ruled that it is legal to create temporary or cached copies of works (copyrighted or otherwise) online. The ruling relates to the British Meltwater case settled on 5 June 2014.The judgement of the court states that: "Article 5 of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society must be interpreted as meaning that the copies on the user’s computer screen and the copies in the internet ‘cache’ of that computer’s hard disk, made by an end-user in the course of viewing a website, satisfy the conditions that those copies must be temporary, that they must be transient or incidental in nature and that they must constitute an integral and essential part of a technological process, as well as the conditions laid down in Article 5(5) of that directive, and that they may therefore be made without the authorisation of the copyright holders.""

    Until there is a change in EU case law or for the UK choosing not to accept the primacy of this EU ruling (amongst numerous such rulings that have been taken for granted as applicable laws) upon Brexit, even a UK Supreme Court ruling is not going to change the position on this.
     
  13. dillyp70

    dillyp70 TK Veteran

  14. Speedygonzal

    Speedygonzal Member

    I don't think that case has any meaningful implication on whether streaming of copyrighted material is legal in UK. Three things:

    1) That is still a test case, because its appeal has been allowed, and until the case has gone to the end of its appealing process, it is not law.

    2) Even if the bloke exhausts the appeal process, it does not follow that it becomes "illegal to stream copyrighted contents", the subject being disputed (by me anyway) - that is not how the law works, especially given the CJEU ruling I referred to above, which is crystal clear. All it would have meant is that a uk business can not sell Kodi boxes preloaded with e.g. Exodus/SALTS etc. To avoid any misunderstanding, it wouldn't even mean it becomes illegal to own a Kodi box loaded with those addons. For that to become law, another case law or a statute will have to establish that.

    3) As a matter of fact, even if the bloke went to the end of his appeal process and lose, it does not mean that you can't buy such a box legally from abroad. For example, while a business is not allowed to sell air guns in UK without securing buyer ID in person etc., you are perfectly free to buy one by mail order from say Poland without disclosing such IDs. Why? because the EU freedom of movement/trade rules trump UK statutes, which criminalise sales without such specific checks and requirements.

    Cheers!
     
  15. dillyp70

    dillyp70 TK Veteran

    Taken from another article.....

    One has just finished, and resulted in one man receiving a four year jail sentence for conspiracy to defraud.

    In what was first to be the first sentencing of its kind, Terry O’Reilly was handed the tough term for flogging over 1,000 boxes to pubs, who used them to illegally stream Premier League footy.

    Following the result, Premier League Director of Legal Services Kevin Plumb said: “The courts have provided a clear message: this is against the law and selling systems which allow people to watch unauthorised Premier League broadcasts is a form of mass piracy and is sufficiently serious to warrant a custodial sentence.

    “There can now be no doubt for consumers that these systems are illegal.”



    It obviously is illegal to stream material if they lock you up for it...
     
  16. Speedygonzal

    Speedygonzal Member

    You are of course free to believe what the "Premier League Director of Legal Services" (or indeed FACT) might have said, but they would have used the ruling to suit them each and every way, wouldn't they? Crucially, that is not what Premier League's lawyers explained as what is "illegal" in that case, at QEB | News. Essentially, those guys were convicted for selling subscriptions to live match streams as well as boxes en masse, thereby defrauding Premier League for clear and substantial sums.

    On the other hand,

    1) Because an appeal was allowed (and is ongoing) in the Brian Thompson case, that means as far as the law is concerned there is a real prospect that the ruling (that selling such boxes is illegal) was unsafe. That is why Brian Thompson is not in jail.

    2) There is no indication that "these systems are illegal" (or indeed exactly what does that mean?). For example, even if the Court on appeal in the Thompson case ultimately decides that him flogging such boxes is illegal in UK, that does not mean that building one yourself (from e.g, a perfectly legal Fire TV stick), mail ordering an all singing/dancing one from the EU, or owning one is illegal. Certainly simply using one is NOT illegal. As an analogy, by law a business can't sell you a "realistic looking" air-soft gun without making you jumping through hoops far tougher than if you were to buy airguns (which happen to be more powerful/dangerous), yet you can lawfully own and use such air-soft replicas without jumping through said hoops - it shows that the law is not necessarily about being "logical" or "right", else what is there to study in Law? :binoculars::)

    3) If any UK court decides to rule it "is illegal to stream material" as you say, such a ruling would be meaningless, because a CJEU ruling (which takes precedence over any UK court ruling, including that of the UK Supreme Court) has already decided that streaming copyrighted material is legal in 2014 (as the wiki article I referred to above explains).

    Let me put it this way, has anybody in UK been fined, let alone "locked up", for streaming copyrighted material for their own purposes since May 2014?

    The answer is no, because such a prosecution will not "succeed", until the prosecutor is prepared to appeal numerous necessarily negative rulings against them, all the way to the CJEU, which then has to decide to revert their 2014 decision.

    At the moment nobody knows selling such boxes is illegal in UK (and as I indicated above, even if it were, it would still be legal to source one by mail order from the EU). Councils which thought otherwise remains uncertain, see Set-top TV box store Geeky Kit was raided 13 months ago - what's happening now? - Gazette Live. let alone for buying, making, owning or using one.

    Cheers!
     
  17. claktv

    claktv Member

    Great information. I've always used a VPN - don't want to chance my arm.
     
  18. jolly3434

    jolly3434 Member

    please delete wrong section
     
    Last edited: Apr 19, 2017
  19. Sarah Bishop

    Sarah Bishop Member

    Thanks for sharing the article. It's always best to use different strong passwords for each service. A strong pass nowadays is 30 chars+, uppercase, lowercase, special charts, and numbers.
    192.168.1.1
     

Share This Page