Archive for November 2015

Lest we forget

Some simple steps to bypass the British government’s new internet spy ring

The British government will shortly be requiring all Internet Service Providers (ISPs) to store the browsing history of every single person in the UK for a year.

Why are they doing this? For your own safety, of course. It’s to protect you from all the terrorists and organised crime gangs that they’re allowing into the country to enrich the fabric of society.

If you’re happy for the authorities to have access to your browsing history on demand then you’re not going to be interested in the rest of this post, you should probably get back to those cute kittens that can haz cheezburger. If you do have a problem with the authorities being able to see which political party you’ve taken an interest in, who you bank with, what your sexual preferences are, what religion you follow, who you’re talking to, which news stories you follow, whether you like cute kittens and every other little detail your internet habits can tell someone wanting to build up a picture of your private life to feed into their databases then you can do what the terrorists and organised crime gangs do and bypass big brother with an anonymising service.

I’m going to try and make what follows as simple as possible, partly because I’m not a networking god who knows intimately how this stuff works but mainly because you don’t need to know how it works to use it.

Tor

Tor LogoBy far the most widely used anonymising service is Tor which stands for The Onion Router. It’s so named because of the multiple layers of security it provides. It works by bouncing your traffic round the world through a number of proxies to hide where your internet traffic came from. In layman’s terms, instead of your computer contacting the web server where a website is located directly it contacts another computer in the Tor network which itself contacts another computer in the Tor network and after this has happened a few times one of the computers will get the website you wanted and pass it back the way it came. It sounds complicated and behind the scenes it is but you don’t see any of this happen, you just get the website you wanted and the web server thinks you’re in Istanbul or Taiwan or South Africa or some other random location.

The security in this comes from the fact that any computer in the Tor network in that chain only knows about the computer it got the request from and the one it’s sending it to and those two computers don’t know about each other. If criminals or terrorists or government agencies (try not to get them confused, they do much the same job) manage to compromise one of the computers in the chain they’re not going to get a picture of where the request has come from or where it’s going to because the computer they’ve compromised doesn’t know and what it doesn’t know, it can’t tell them. Connections are also encrypted all the way from your computer to the last computer in the Tor network that goes off to the web server to get your website and every time you request a website, your computer picks a different set of computers to go through.

There are some downsides to using Tor which you need to bear in mind. Some bad people use Tor. Hackers, scammers, criminal gangs, terrorists, drug dealers, black market weapons dealers, the US Navy, national intelligence agencies and more. It’s unlikely but one day you might end up with one of them at the start of the chain and that’s where your privacy and security can be compromised. The chances are it won’t happen to you and it is less likely to happen that using the internet in the traditional way but no system is foolproof. It will also be slower than you’re used to and sometimes you might find that a website is blocked in whatever country your request ends up in.

The most common way of using Tor is by downloading the browser bundle which gives you the Tor proxy service and a customised version of Firefox. You can download it from the Tor Project website, run the installer and follow the prompts. All you have to do then is remember to use the Tor browser to access the internet and to think carefully about how much of your privacy you’re giving away voluntarily.

There is also a Tor browser package for Android phones and tablets meaning you can get the same protection while you’re out and about as you do when you’re at home. You can get it from the Play Store and you don’t need to root your device to use it.

Tails

Tails ScreenshotTo add an extra layer of security to your browsing you can use Tor in in a secure virtual machine. Tails is a Linux distribution with Tor built in and you can download an ISO image that you can mount in VMWare or VirtualBox or your preferred virtualisation platform. Installation is straightforward and several security and privacy applications are installed with it. As long as you don’t snapshot the virtual machine and you have enough physical memory to run your virtual machine, nothing you do when using it will be saved once you’ve shut the virtual machine down. If you’re looking to avoid being flagged up as a user of anonymising services then it’s a good way of keeping the Tor browser away from insecure applications in Windows (or Windows itself) that can report back the fact that your have it installed. It also means you can continue your casual browsing to generate a browsing history whilst plotting your bloody revolution or looking at pictures of ladies wearing no pants on a browser that can’t be traced back to you.

You can get more information on Tails and download an image from the Tails website. There are far too any variations for me to tell you here how to install a virtual machine but there are lots of websites that will tell you how to do it for your particular operating system.

In conclusion

Following the steps above will give you the same level of security and privacy as the criminal gangs and terrorists that routine spying on our internet browsing history is supposed to protect us from but if you want to take advantage of that security you need to change your habits. If you use social media you have already given away your privacy. It doesn’t matter what you have your privacy setting set to in Facebook or Google+, if they’re issued with a warrant to hand over your data they’ll do it without a second thought. If you use any location-based services you’re creating a record of your whereabouts at any given time and depending on what the service is, you’re probably building up a picture of what you’re doing when you’re there. If you take a selfie in McDonalds and put it on Pinterest you’ve told the world where you are and that you like Big Macs.

You may be happy to share what’s going on in your life and the places you’ve been to – I know I do it a lot – but that doesn’t mean you have to be happy with government agencies, local councils, the police and other statutory bodies having access to your browsing history whether you want them to or not. It doesn’t matter what protections are promised when the legislation is passed, you only have to look at how RIPA, SOCA and anti-terrorism legislation has been abused by the authorities to the extent that you can be locked up for reading the names of dead soldiers at a national war memorial, put under house arrest after being found innocent by a jury and spied on to check you’re in a primary school catchment area.

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety
– Benjamin Franklin

It’s reasonable to assume that anyone associated with an anti-establishment political party or group is on a list and if you’re in a position of any influence you can pretty much guarantee that someone is taking an interest in you. If you want to maintain some privacy then this is a step in the right direction.

Remember, remember …

410 years and Westminster is still packed to the rafters with traitors. Come back Guy Fawkes, all is forgiven.