Defeating the New Internet Privacy Threat

     

It seems some of us have been thinking thoughts not approved by the Prowlers That Be and that something is to be done about it.

It's no wonder they are concerned: Thoughts can quickly turn into beliefs, and when you put enough sound ones together, consider them for a while and let it all sink in – you end up with something dangerous that is inevitably going to spread. Things are now starting to heat up, because people with all kinds of ideas are beginning to see that they have been hoodwinked.

All this is bad news for the Powers That Used-To-Be. But am I really being fair to them? Can't we give them any benefit of the doubt?

Alright then; just for a moment, let's try and see it purely from the other person's point of view. Let's delve – ever so briefly, if that's okay – into the benevolent and paternal minds of officials, politicians, and elites; they are People too, you know:

After all, they have put a lot of time and effort into moulding and shaping the media, who have helped us know quite clearly what the correct and responsible thoughts are.

As if that wasn't enough, they went to the trouble of taking society's children at an early age and helped them to know the proper thoughts that they should think, in school.

At great expense, they have paid the properly qualified Experts handsomely and rewarded compliant corporations richly, when they helped us to know what to think.

Why, for our own good, they even invested society's money for it in churches and charities, helping us to understand how little difference there is between charity and bureaucracy, giving and properly organised theft, peace and war, faith in God and honouring and obeying them.

Surely it can't have been easy for the Appointed Ones, having to make the tough decisions with society's money to make all these things happen. They felt our pain. Yes, and what thanks do they get? None whatsoever; theirs is a thankless task – and what's worse, recently some ingrates have even had the nerve to complain.

So, should we not feel sorry for them, extend mercy and grace, give them one more chance? Doesn't it seem unfair that all they have worked for can be jeopardized in just a few years by… the internet?

….. You think not?

I thought not. Of course, you're right.

That's just what they are afraid of – because if they are shown no more mercy than they have shown to their innocent war victims or their enslaved taxpayers, they are in deep trouble.

The Internet To The Rescue

So thank God for the internet! Just when it seemed the grid of State power was maxing out; along came the internet to short circuit everything.

It's too late now, the cat's out of the bag and I doubt there is a way the internet can be completely turned off – or if they try, it will be a last dying act of desperation, because governments themselves and their big corporate friends depend so much on it.

Instead, the game plan is to regulate and to filter – to choose and approve the thoughts we have access to – partly by creating dependencies and alliances with mega-business gatekeepers like ISPs and search engines, and partly by legislation.

That's why in the US, legislation is now being crafted that is pretty much in line with China and other totalitarian regimes:

Sites that are not approved simply would not be served up to the user.

Popular encrypted services such as Skype, based in privacy conscious places like Luxembourg, would have to either close down or poison their software with back doors and set up local surveillance offices for easy bullying. Skype's local Chinese partner did just that some time ago and now US intelligence agencies have painted a target on Skype almost by name in this legislation.

However, even if it passes, a new Skype username on a mobile or unofficial portable version of the software, from a random public Wi-Fi or VPN connection is just one unknown and encrypted caller among tens of millions. In that case, the chances of any effective eavesdropping would still be slim to none.

In mysterious harmony, new internet crackdowns are also being announced in the UK and worldwide, supported by the most desperate and ridiculous scaremongering: Why on earth would a power station want critical systems to be on the internet anyway? As it turns out, most are not, the recent scare was mostly exaggeration – and those that are online should just pull the plug out.

They are getting so desperate, I expect we are all going to be treated to a number of new and exciting false-flag/molehill-mountain shows – anyone remember golden oldie episodes like "Patsies on Parade," "The Poison Powder in the Post Mystery," "Great Balls of Fire – the Underwear Bomber Reveals All," "Best Ever Comedy Hotfoot" "Meet The World's Worst Osama Bin Ladin Impersonator" etc? National security propaganda has become almost as obvious to me as the spook-mail I got after writing the article, "Practical Internet Privacy."

The Domain Name System

There are several ways of censoring the Net, but one of the easiest, most prevalent, and a key method in the proposed legislation is to censor the internet "Domain Name System," commonly known as "DNS." Here's how it works:

Imagine there is someone you want to call on the phone. So, you call directory enquiries to get the number, only to be told the number is unlisted. DNS internet censorship is basically the same idea.

When you put a website name in your browser, it goes behind the scenes to a kind of directory service, usually supplied by your internet provider or its bandwidth provider, called a "DNS server." This serves up the website number ("IP Address") and gets you to the site.

Yes, all websites are actually numbers – and quite often if you have the number, you can still get through, even under censorship. Another simple way round censorship could be to stop using your internet provider's DNS and manually set another – it's not difficult and there are many on the Net, in many countries.

There is one more important matter about DNS enquiries.

In making a regular phone call to directory enquiries for a number, you are also telling them three things:

  1. Who you are
  2. Who you are contacting, and
  3. The time of your conversation.

They may not be able to actually listen in, but that's still a lot of useful information for snoopers – and a starting point for more.

DNS internet surveillance works in basically the same way, and this is one area where most internet privacy services fall down.

Internet Privacy Services

To help get round surveillance and censorship, there are many free and paid "proxy" services, but beware, some are owned by password-harvesting hackers. Proxies can be made to work, but normally do not encapsulate the whole of your internet activity. You can easily specify a proxy in your browser or use proxy software, but there will be many possible leaks. Of course, a good proxy is better than nothing and may be perfectly adequate for some purposes and budgets. Also Tor is a notable exception, with good anonymity for browsing – but also slow.

The real route to privacy is to completely wrap up all your internet activity in an impenetrable tunnel and route it so that everything comes out somewhere else. These services are generally called VPN (Virtual Private Network) services. They advertise themselves as completely encrypting your internet, using better-than-military grade technology, and invite you to trust them completely.

If your privacy is important, here is where you need to be careful.

Everything they say may be true, about the content of your internet activity – but remember the directory enquiries example and the three things it exposes? You would think surely a VPN service would wrap up the DNS enquiry too, but very often they do not.

Instead, the internet provider's DNS server may still be used, informing them and anyone watching, of every site you visit, including internet calls made, to whom, and when. The VPN service will argue that it is your computer and not their service that leaks this info, but to be true to their privacy promises, they should at least have an immediate solution ready for their customers. Very few do.

Tech Note: In fact, I had to develop a full solution (also resolving e.g. browser uniqueness) purely for myself and private clients – but did, a year or two ago post a basic solution for Windows users over at the perfect-privacy.com forum. It can easily be modified for any VPN service. Mac users need to use "Viscosity" with certain settings to connect. iPhone/iTouch basic VPN users seem to be OK.

How To Choose A VPN Provider

Happily, one effect of recent aggressive intellectual "property" enforcement has been to spawn a large number of new VPN services. Here is one list of more than a hundred.

First, I want to assure you that I have no financial or other interest in any provider. I have even been offered several free accounts and declined them all. This information is only to help enlighten users and to inspire more VPN services to compete harder for their business.

Because, depending on your privacy objectives and uses, a VPN service can be as critical as a bank. In order to be safe, you must seriously consider whether a VPN service could be run by informants, crooks or spooks.

Bear in mind – if sharing business secrets, organizing protests, orchestrating WikiLeaks-type whistle-blowing, accessing trading or financial accounts – that the owners of a VPN service or its technicians could be tempted, blackmailed or threatened into betraying or robbing you.

Of course, I can identify with VPN operators who may justifiably want to remain hidden themselves and users should not want to be served by the easily targeted, who do not practice what they preach.

So, here's what we have to go on:

  • Reputation – over a period of time (discount obvious spam or slurs by competitors on forums).
  • Terms of Service – (spooks want a semi-legal front; sharks offer weasel terms in small print).
  • Location – legal and physical.
  • Technical factors and specifications.

In choosing a VPN service then, here are some things to look for:

  1. An unequivocal no-logs policy. Not easily found, but there are some. The bottom line: logs that do not exist cannot be used. If logs exist, however obscured, they exist only to be read and present a target and temptation. Blind trust is not enough for critical privacy. Could a no-logs claim be false? Yes, but outright liars will soon manifest themselves.
  2. VPN server locations and route: For anything like internet calls, timely financial trading or offshore banking, you need to be able to choose the country and location of your VPN connection. Check your desired locations and routes are available.
  3. An extra "hop" means chaining one VPN server after another, which is good for privacy but, if fixed by the VPN provider, can make internet telephony etc. unusable. Tech Note: Also, if traffic is decrypted then re-encrypted for the second hop – that is an added vulnerability, especially if logs are kept. A less instant but better method will work with many VPN services: first a simple VPN connection of the user’s choosing, and then another unbroken "hop" straight through that, to a second VPN/proxy location, again of the user’s choosing.
  4. No bandwidth rationing: Rationing makes a service unsuitable for file sharing, downloading, or making the internet available to a whole home or office.
  5. File-sharing-friendly Terms Of Service – at least for countries where legally possible.
  6. Anonymous payment; or payment where personal details are not supplied directly. The VPN service will get your IP address anyway – but all the more reason for a no-logs policy.
  7. Multiple logins. At least for computers at the same address and to enable "hops."
  8. A business base well outside your home country, preferably in a privacy conscious one.
  9. Big enough to serve you… A big crowd is easier to get lost in. A small, little used service could mean you are the only one connecting in and going out of a VPN server at times. Normally this is OK, but it does make identification easy if the VPN server itself is under surveillance.
  10. True believers: Hard-core principled privacy advocates will fight hardest for you. Over time, this will be evident in many ways, not just a pro-privacy advertising slogan.

Final Thoughts

Despite the fact that most internet crime is committed with all identification fully in place – i.e. identity theft – authoritarians just hate the idea that they are not watching everyone all the time.

Unfortunately, some VPN abuse is inevitable and this is used as an excuse to violate everyone. VPN services have to deal with spammers and fraudsters quite often, so it is important to have a service that will fight rather than take the easy road. One VPN service I can fully recommend, Perfect-Privacy, had a VPN server seized recently in Germany. As promised, there were no logs so there were no problems, and they have many alternate servers across the globe.

How much should you pay for a VPN? If you pay annually, you can have a good service for around $15 a month, or if paying monthly expect $30. Lower cost may actually mean more petty abuse problems, but competition is bringing prices down and new, unproven services may be a lot cheaper.

You can find more specific VPN suggestions, warnings, and other privacy related matters in three earlier articles: "Easy Internet Privacy" (Low/No-Tech), "Practical Internet Privacy" (Low-Tech), and "Practical Internet Privacy – Postscript" (Low/Mid-Tech).

From time to time, I'll alert readers to significant changes or updates, and focus articles on specific areas of internet privacy. Hopefully, this article and the others will help you defend your privacy, get round censorship, and select the best options to do it.

November 3, 2010