Defeating the New Internet Privacy Threat

Email Print



It seems some
of us have been thinking thoughts not approved by the Prowlers That
Be and that something is to be done
about it

It's no wonder
they are concerned: Thoughts can quickly turn into beliefs, and
when you put enough sound ones together, consider them for a while
and let it all sink in – you end up with something dangerous
that is inevitably going to spread. Things are now starting to heat
up, because people with all kinds of ideas are beginning to see
that they have been hoodwinked.

All this is
bad news for the Powers That Used-To-Be. But am I really being fair
to them? Can't we give them any benefit of the doubt?

Alright then;
just for a moment, let's try and see it purely from the other person's
point of view. Let's delve — ever so briefly, if that's okay –
into the benevolent and paternal minds of officials, politicians,
and elites; they are People too, you know:

After all,
they have put a lot of time and effort into moulding and shaping
the media, who have helped us know quite clearly what the correct
and responsible thoughts are.

As if that
wasn't enough, they went to the trouble of taking society's
children at an early age and helped them to know the proper thoughts
that they should think, in school.

At great expense,
they have paid the properly qualified Experts handsomely and rewarded
compliant corporations richly, when they helped us to know what
to think.

Why, for our
own good, they even invested society's money for it in churches
and charities, helping us to understand how little difference there
is between charity and bureaucracy, giving and properly organised
theft, peace and war, faith in God and honouring and obeying them.

Surely it can't
have been easy for the Appointed Ones, having to make the tough
decisions with society's money to make all these things happen.
They felt our pain. Yes, and what thanks do they get? None whatsoever;
theirs is a thankless task – and what's worse, recently some
ingrates have even had the nerve to complain.

So, should
we not feel sorry for them, extend mercy and grace, give them one
more chance? Doesn't it seem unfair that all they have worked for
can be jeopardized in just a few years by… the internet?

….. You think

I thought not.
Of course, you're right.

That's just
what they are afraid of — because if they are shown no more mercy
than they have shown to their innocent war victims or their enslaved
taxpayers, they are in deep trouble.

The Internet
To The Rescue

So thank God
for the internet! Just when it seemed the grid of State power was
maxing out; along came the internet to short circuit everything.

It's too late
now, the cat's out of the bag and I doubt there is a way the internet
can be completely turned off — or if they try, it will be a last
dying act of desperation, because governments themselves and their
big corporate friends depend so much on it.

Instead, the
game plan is to regulate and to filter — to choose and approve the
thoughts we have access to – partly by creating dependencies
and alliances with mega-business gatekeepers like ISPs and search
engines, and partly by legislation.

That's why
in the US, legislation is now being crafted that is pretty much
in line with China and other totalitarian regimes:

Sites that
are not approved simply would not be served up to the user.

Popular encrypted
services such as Skype, based in privacy conscious places like Luxembourg,
would have to either close down or poison their software with back
doors and set up local surveillance offices for easy bullying. Skype's
local Chinese partner did just that some time ago and now US intelligence
agencies have painted a target on Skype almost by name in this legislation.

However, even
if it passes, a new Skype username on a mobile or unofficial
version of the software, from a random public Wi-Fi
or VPN connection is just one unknown and encrypted caller among
tens of millions. In that case, the chances of any effective eavesdropping
would still be slim to none.

In mysterious
harmony, new internet crackdowns are also being announced in the
UK and worldwide, supported by the most desperate and ridiculous
scaremongering: Why on earth would a power station want critical
systems to be on the internet anyway? As it turns out, most are
not, the recent scare was mostly exaggeration — and those that are
online should just pull the plug out.

They are getting
so desperate, I expect we are all going to be treated to a number
of new and exciting false-flag/molehill-mountain shows — anyone
remember golden oldie episodes like "Patsies on Parade,"
"The Poison Powder in the Post Mystery," "Great Balls
of Fire — the Underwear Bomber Reveals All," "Best Ever
Comedy Hotfoot" "Meet The World's Worst Osama Bin Ladin
Impersonator" etc? National security propaganda has become
almost as obvious to me as the spook-mail I got after writing the
article, "Practical Internet Privacy."

The Domain
Name System

There are several
ways of censoring the Net, but one of the easiest, most prevalent,
and a key method in the proposed legislation is to censor the internet
"Domain Name System," commonly known as "DNS."
Here's how it works:

Imagine there
is someone you want to call on the phone. So, you call directory
enquiries to get the number, only to be told the number is unlisted.
DNS internet censorship is basically the same idea.

When you put
a website name in your browser, it goes behind the scenes to a kind
of directory service, usually supplied by your internet provider
or its bandwidth provider, called a "DNS server." This
serves up the website number ("IP Address") and gets you
to the site.

Yes, all websites
are actually numbers — and quite often if you have the number, you
can still get through, even under censorship. Another simple way
round censorship could be to stop using your internet provider's
DNS and manually set another — it's not difficult and there are
many on the Net, in many countries.

There is one
more important matter about DNS enquiries.

In making a
regular phone call to directory enquiries for a number, you are
also telling them three things:

  1. Who you
  2. Who you
    are contacting, and
  3. The time
    of your conversation.

They may not
be able to actually listen in, but that's still a lot of useful
information for snoopers — and a starting point for more.

DNS internet
surveillance works in basically the same way, and this is one area
where most internet privacy services fall down.

Privacy Services

To help get
round surveillance and censorship, there are many free and paid
"proxy" services, but beware, some are owned by password-harvesting
hackers. Proxies can be made to work, but normally do not encapsulate
the whole of your internet activity. You can easily specify a proxy
in your browser or use proxy software, but there will be many possible
leaks. Of course, a good proxy is better than nothing and may be
perfectly adequate for some purposes and budgets. Also Tor
is a notable exception, with good anonymity for browsing –
but also slow.

The real route
to privacy is to completely wrap up all your internet activity in
an impenetrable tunnel and route it so that everything comes out
somewhere else. These services are generally called VPN (Virtual
Private Network) services. They advertise themselves as completely
encrypting your internet, using better-than-military grade technology,
and invite you to trust them completely.

If your privacy
is important, here is where you need to be careful.

they say may be true, about the content of your internet
activity – but remember the directory enquiries example and
the three things it exposes? You would think surely a VPN service
would wrap up the DNS enquiry too, but very often they do not.

Instead, the
internet provider's DNS server may still be used, informing them
and anyone watching, of every site you visit, including internet
calls made, to whom, and when. The VPN service will argue that it
is your computer and not their service that leaks this info, but
to be true to their privacy promises, they should at least have
an immediate solution ready for their customers. Very few do.

Tech Note:
In fact, I had to develop a full solution (also resolving e.g. browser
) purely for myself and private clients – but
did, a year or two ago post a basic solution for Windows users over
at the forum. It can easily be modified for
any VPN service. Mac users need to use "Viscosity" with
certain settings to connect. iPhone/iTouch basic VPN users seem
to be OK.

How To Choose
A VPN Provider

Happily, one
effect of recent aggressive intellectual "property" enforcement
has been to spawn a large number of new VPN services. Here
is one list
of more than a hundred.

First, I want
to assure you that I have no financial or other interest in any
provider. I have even been offered several free accounts and declined
them all. This information is only to help enlighten users and to
inspire more VPN services to compete harder for their business.

Because, depending
on your privacy objectives and uses, a VPN service can be as critical
as a bank. In order to be safe, you must seriously consider whether
a VPN service could be run by informants, crooks or spooks.

Bear in mind
– if sharing business secrets, organizing protests, orchestrating
WikiLeaks-type whistle-blowing, accessing trading or financial accounts
— that the owners of a VPN service or its technicians could be tempted,
blackmailed or threatened into betraying or robbing you.

Of course,
I can identify with VPN operators who may justifiably want to remain
hidden themselves and users should not want to be served by the
easily targeted, who do not practice what they preach.

So, here's
what we have to go on:

  • Reputation
    – over a period of time (discount obvious spam or slurs by
    competitors on forums).
  • Terms of
    Service – (spooks want a semi-legal front; sharks offer weasel
    terms in small print).
  • Location
    – legal and physical.
  • Technical
    factors and specifications.

In choosing
a VPN service then, here are some things to look for:

  1. An unequivocal
    no-logs policy. Not easily found, but there are some. The bottom
    line: logs that do not exist cannot be used. If logs exist, however
    obscured, they exist only to be read and present a target and
    temptation. Blind trust is not enough for critical privacy. Could
    a no-logs claim be false? Yes, but outright liars will soon manifest
  2. VPN server
    locations and route: For anything like internet calls, timely
    financial trading or offshore banking, you need to be able to
    choose the country and location of your VPN connection. Check
    your desired locations and routes are available.
  3. An extra
    "hop" means chaining one VPN server after another, which
    is good for privacy but, if fixed by the VPN provider, can make
    internet telephony etc. unusable. Tech Note: Also, if traffic
    is decrypted then re-encrypted for the second hop – that
    is an added vulnerability, especially if logs are kept. A less
    instant but better method will work with many VPN services: first
    a simple VPN connection of the user’s choosing, and then another
    unbroken "hop" straight through that, to a second VPN/proxy
    location, again of the user’s choosing.
  4. No bandwidth
    rationing: Rationing makes a service unsuitable for file sharing,
    downloading, or making the internet available to a whole home
    or office.
  5. File-sharing-friendly
    Terms Of Service – at least for countries where legally possible.
  6. Anonymous
    payment; or payment where personal details are not supplied directly.
    The VPN service will get your IP address anyway — but all the
    more reason for a no-logs policy.
  7. Multiple
    logins. At least for computers at the same address and to enable
  8. A business
    base well outside your home country, preferably in a privacy conscious
  9. Big enough
    to serve you… A big crowd is easier to get lost in. A small, little
    used service could mean you are the only one connecting in and
    going out of a VPN server at times. Normally this is OK, but it
    does make identification easy if the VPN server itself is under
  10. True believers:
    Hard-core principled privacy advocates will fight hardest for
    you. Over time, this will be evident in many ways, not just a
    pro-privacy advertising slogan.

Final Thoughts

Despite the
fact that most internet crime is committed with all identification
fully in place – i.e. identity theft – authoritarians
just hate the idea that they are not watching everyone all the time.

some VPN abuse is inevitable and this is used as an excuse to violate
everyone. VPN services have to deal with spammers and fraudsters
quite often, so it is important to have a service that will fight
rather than take the easy road. One VPN service I can fully recommend,
Perfect-Privacy, had a VPN server seized recently in Germany. As
promised, there were no logs so there were no problems, and they
have many alternate servers across the globe.

How much should
you pay for a VPN? If you pay annually, you can have a good service
for around $15 a month, or if paying monthly expect $30. Lower cost
may actually mean more petty abuse problems, but competition is
bringing prices down and new, unproven services may be a lot cheaper.

You can find
more specific VPN suggestions, warnings, and other privacy related
matters in three earlier articles: "Easy
Internet Privacy
" (Low/No-Tech), "Practical
Internet Privacy
" (Low-Tech), and "Practical
Internet Privacy — Postscript
" (Low/Mid-Tech).

From time to
time, I'll alert readers to significant changes or updates, and
focus articles on specific areas of internet privacy. Hopefully,
this article and the others will help you defend your privacy, get
round censorship, and select the best options to do it.

3, 2010

Green [send him mail] is
of British background and supplies computer security and privacy
services in the UK and Switzerland – while his wife home-schools
their children. Over the years he has also traded the financial
markets and worked in sound production.

Best of Paul Green

Email Print