
How can I protect myself from government snoopers? - Graham24
https://www.theguardian.com/technology/askjack/2016/nov/24/how-can-i-protect-myself-from-government-snoopers
======
guilamu
Brilliant first recommanded comment by "stpman" in the article to answer all
those saying "I don't have anything to hide":

 _" Why should people care about surveillance? Because even if you're not
doing anything wrong, you're being recorded. You don't have to do anything
wrong. You simply have to eventually fall under suspicion, even by a wrong
call. They can use this system to go back in time and scrutinise everything,
and derive suspicion from an innocent life and paint anyone in the context of
a wrongdoer." -Edward Snowden

"If you give me six lines written by the hand of the most honest of men, I
will find something in them which will hang him." -Cardinal Richelieu_

You may not have anything to hide, but you should hide as much as you can
anyway, because anything you say or write may be one day used against you in a
court of law.

~~~
planetjones
I fully agree with the quote above, but I don't find this as clear a cut issue
as perhaps many on HN do. It's undoubtable that surveillance is becoming
harder now and that groups who would bring great harm to innocent people are
using the internet for research and communication. I don't know what the
answer is, but encrypting everyone's communications end-to-end with no-one
able to ever intercept does sound like it will make protecting us very hard
indeed. And yes, I know these tools for strong encryption are out there and
they can't be un-invented - but I can see why Governments want to do
"something". I am just saying what that "something" is becomes difficult to
define.

~~~
knz
The problem is that domestic mass surveillance is not that effective at
stopping these people. Everytime there is a terrorist attack or mass shooting
it seems that we get the same story of "they were known to the local
police/FBI" or that their family had concerns. Spying on everyone is just
increasing the size of the haystack and making it harder for someone to follow
up on actual hard intelligence.

Another alternative is to have limited surveillance that requires a judge to
sign off on it after seeing a good reason to suspect someone. Personally I
have no issue with that - it's a model that has worked for decades and strikes
a balance between public safety and personal liberty.

Terrorism and mass shootings are going to continue until we address the root
causes and even then we will still have occasional incidents. The public need
to have realistic expectations and stop with knee jerk reactions that result
in security theatre like the TSA.

~~~
eponeponepon

      > Spying on everyone is just increasing the size of the
      > haystack and making it harder for someone to follow up
      > on actual hard intelligence.
    

No no, you see, because big data. Probably also clouds. /s

Seriously, I think this ship has sailed; we can only find new ways to operate
under our new circumstances, rather than preventing them from coming about as
we could have done up until maybe 15 years ago.

The most charitable interpretation I can find for the nascent global
surveillance state is that world governments are (quite reasonably, in my
view) collectively anticipating great upheaval in the near to mid-term future,
and recognise that they must do _something_ to keep a hand on the rudder.

I do not believe that a unilateral panopticon (i.e. "we are watching you, but
you may not watch us") is the right response, and I dislike that it is being
presented as an anti-terror/anti-piracy/anti-{localized-name($bad-people)}
measure, rather than described honestly. What worries me enormously is that
the nationalist right is _also_ on the rise at the same time.

If we are lucky, it may all lead to greater worldwide unity in the long term,
but I am not hopeful that this will transpire within my lifetime.

~~~
visarga
> If we are lucky, it may all lead to greater worldwide unity

In order to reach that point, we need to protect diversity in the middle of
all this integration that is happening with the internet. "Integration in
differentiation", and "differentiation in integration", are necessary
principles for a healthy society.

Practically protecting diversity would mean protecting privacy, the right to
express political views the right to be different. If we can't protect
diversity we get to the regime of 1984.

There is a profound biological reason for this concept - neurons in the brain
are differentiated by being differently connected, and are integrated by
virtue of said connections. So they are both diverse and integrated, and the
result is conscious mind - a system that can handle both highly complex
dynamism and balance. The theory of integrated information is one of the most
respected theories about consciousness. We should strive to be more like the
brain.

Another practical point is that concentration of power is detrimental. It
leads to a decrease of diversity.

If we want to become a happier society we need to protect both integration and
diversity. These two principles have many other social and technological
applications.

~~~
eponeponepon
You're describing a fear of civilisation becoming "unconscious"?

That's not a possibility that ever struck me before, so thanks, you've just
fuelled my nightmares for months to come now :-s

------
nicktelford
What truly terrifies me about this is how little control most users have over
the websites they "visit". This law requires ISPs to log the domain name of
websites users connect to. All it takes is one dodgy advert on an otherwise
ordinary website to incriminate you. Worse, you might not even know this has
happened, as the ad itself might be completely innocuous. But by virtue of
being hosted on a website the government considers suspect, you find yourself
on a list.

I don't know if this actually happens in practice, but I have heard stories of
bad actors using adverts to distribute malware - it doesn't take a stretch of
the imagination to see the same bad actors using adverts to generate false
positives to the authorities.

Ad blockers are going to become more important than ever.

~~~
treerock
Yeah I was curious about what level of detail will be recorded. According to
the article: "The law forces internet service providers to keep a record of
all the websites – not the actual pages – you visit for up to a year."

If they aren't recording the pages, I'd doubt they've be recording the ads
embedded on the page.

But who knows, I imagine it's down to how the ISPs implement the legislation.

~~~
redcalx
They can't record the pages if the request is over https, as per most web
sites these days. The IP address is known because it's necessary for routing
traffic, but the content of each HTTP request and response is encrypted, and
that's where the rest of the URL lives.

~~~
Warp__
Gov't can easily MITM HTTPS connections.

~~~
redcalx
True. Anyone know if this new IP law allows the gov to do this? I.e. if they
tried to prosecute and it came to light that the logs were obtained using a
MITM attack, would the evidence be nullified?

~~~
Warp__
I don't know.

I imagine that MITM on a large scale is par for the course for GCHQ.

~~~
redcalx
Sure, but can data obtained by that be used in a court of law. I /think/ those
are two different things (but not sure).

------
ischm
There is no technical solution to such a problem. There is only a political
solution. Either force government to change politics, or change government.

Some background of why I believe this. I grew up in communist East Germany
(GDR) and lived there for 27 years, until - yes - we changed the government.
Trying to change politics beforehand was not so successful after all. As you
may know or may not know, that state was based to a good extent on the soft
terror of broad surveillance. In the 70s and 80s of the last century, to
achieve this a lot of human power was needed. Nowadays, surveillance can
mostly be based on technology. I'm much concerned - given my life experience -
about the trend over the last years to undermine democracy in the name of
saving it - all over the (yet) free world. At least I know how a society looks
like, that is no longer democratic.

The technical solutions like VPN or whatever are similiar to what we called
"inner emigration" back in the past. It was a widespread phenomenon in that
society. But only once many people have stopped this kind of hiding, and have
publicly stripped off their fear, the system began to tumble. In the end, all
the surveillance could not save it. They did know what happened and they could
not stop it, simply because the people did not play their game anymore.

That petition mentioned here elsewhere is the right way. Sign it if you are a
UK citizen. I'm unfortunately not, but I would do it now.

~~~
mfukar
True. We tend to forget the lessons of history very fast.

~~~
wlll
Human memory is short. Currently hoping I'm not watching a slide into fascism
around the world.

~~~
ischm
As long as we keep watching - maybe. Once we start acting - maybe not.

------
rubberstamp
Like I said in the other thread
[https://news.ycombinator.com/item?id=13034747](https://news.ycombinator.com/item?id=13034747)
[https://news.ycombinator.com/item?id=13035114](https://news.ycombinator.com/item?id=13035114)

I am not from UK, but listen to me if any folks from UK are reading this.

This is one of the things that is harmful to your privacy. Should the list of
websites that you visit be available for government unless you are under
active investigation? Its not just the list of websites but every packet data
that your devices send out, which means government could see your messages,
data sent to dropbox, online spreadsheet like google docs etc. This is mass
surveillance. You should be proud that your government have a website were you
can start petitions. Now please use this feature and sign the petition so that
this surveillance law can be repealed.

The petition against this bill is at:
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

You sign the petition and ask your close friends and family to do the same.
What you do not need is an intrusive government. I am voicing this because
even though I am not a UK citizen, I do not want law makers in my country
thinking "Oh those chaps has a fine surveillance law and their citizens are
okay with it. Lets adopt that law".

Now get to action. Sign the petition at
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

~~~
wlll
I signed it, though I'm pretty sure that the government e-petitions are a well
crafted wind for people to piss into.

At least I become a +1 in the count of people who object.

~~~
ischm
Don't worry. If the petition does not help, there is a lot more in the
political toolbox. Next maybe a public demonstration.

~~~
wlll
Honestly not sure how well those really work either. As long as a majority (or
lets face it, significant minority, see US election) can be manipulated into
voting against their interests the only thing politicians need to fear are
actual threats to their power.

Maybe I'm too cynical :)

------
gmac
I have taken to sending all traffic through my own IKEv2 VPN hosted in
Germany.

I have a script to automate setup [1], which I will be updating shortly to use
Let's Encrypt and to generate an on-demand Mac/iOS configuration profile that
keeps one constantly connected.

I have half a mind to set up some semi-commercial service on the basis of
complete transparency and the motivation to avoid the Investigatory Powers Act
(most existing VPN services seem to come across as very shady).

[1] [https://github.com/jawj/IKEv2-setup](https://github.com/jawj/IKEv2-setup)

~~~
sdfjkl
What makes you think Germany is a better exit point for your traffic?

[https://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_d...](https://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_des_Brief-,_Post-
_und_Fernmeldegeheimnisses)

Much more comprehensive German version:
[https://de.wikipedia.org/wiki/Artikel_10-Gesetz#.C3.9Cbermit...](https://de.wikipedia.org/wiki/Artikel_10-Gesetz#.C3.9Cbermittlung_von_BND-
Erkenntnissen_an_andere_Staaten)

~~~
sammoth
What is a good country to host an end-point in within a reasonable distance of
the UK?

~~~
razakel
>What is a good country to host an end-point in within a reasonable distance
of the UK?

Iceland.

------
Fifer82
Please sign
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)
to help get rid of this disgusting invasion of privacy.

~~~
pauljohncleary
...and be put on the list of state enemies?

~~~
noir_lord
I have a brain and think they are (damn near) all hopelessly corrupt, someone
once said you can define a man by his enemies.

I'm at the point where I actively think the current round of politicians is
actively bad for the country.

------
kragniz
>But if they are not out to get you, why act as though they should be? It’s
probably better to be as inconspicuous as possible, while limiting the amount
of data that might turn up in some bored agency’s random fishing expeditions.

This makes me so sad.

~~~
hmmwell
So what this person is saying is that under something like the Nazis or
Stalin, they would have cruised right along. That is what they are actually
saying, and that's all they're saying. Saying "I don't have anything to hide"
really translates to "I am so far away from any adult responsibility and
intelligence that I don't even realize I should be hiding that.", and anyone
over 20 still saying shit like that you can write clean off, as far as I'm
concerned.

~~~
dTal
"Arguing that you don't care about the right to privacy because you have
nothing to hide is no different than saying you don't care about free speech
because you have nothing to say."

\--Edward Snowden, my favorite thing he's ever said.

------
david_mitchell
Some questions for anyone who happens to have been following this closely:

1\. What exactly is being stored? I have seen stories/comments saying it is
domain names visited from web browsing but does it also cover other internet
activity? Or is it being left vague?

2\. Does the requirement to keep data for one year come with a corresponding
obligation to delete it after that? Are they allowed to keep it longer
(perhaps summary/derived data for cost reduction) ?

3\. Can the organisations with access make bulk requests for all the data or
do they have to request records one ip addr/person at a time? (yes, I know an
IP is not a person etc).

4\. If the data does have to be destroyed at some point does that only include
data collected by the isp or also include copies made by those with access?

5\. Are there any published numbers on roughly how many people will have
access to collected data?

------
JamesBaxter
I just bought a subscription to F-SECURE FREEDOME VPN after a bit of research
but also heavily influenced by Troy Hunt's recommendation.

It's currently discounted with the coupon code BlackFriday.

Setup on the iPhone took 2 minutes, setting it up on my OpenWRT router tonight
will take longer I suspect...

~~~
estefan
> Setup on the iPhone took 2 minutes, setting it up on my OpenWRT router
> tonight will take longer I suspect...

I think you'll be disappointed:
[https://community.f-secure.com/t5/F-Secure/i-want-to-use-
fre...](https://community.f-secure.com/t5/F-Secure/i-want-to-use-freedome-
directly/td-p/77919)

------
cs02rm0
Small point.

This is about protecting yourself from ISP logging now required by government.
Using a VPN and to tunnel your connection via [another country] may not be
sufficient to avoid the government snooping Snowden talked about, as referred
to in the article.

~~~
your_ai_manager
You're quite right. It's more akin to drawing your curtains and locking your
front door. Anyone with enough motivation can break in but at least it's not
all out on display.

------
SEJeff
The surveillance self defense kit from the eff is a most excellent starting
point for anyone serious about this:

[https://ssd.eff.org/en](https://ssd.eff.org/en)

------
kseistrup
How about VPSes in UK datacentres, e.g. Linode, London? Should one consider
moving them to e.g. Germany?

------
vixen99
In spite of the virulent dislike for the Daily Mail usually expressed in these
pages, I'll stick my head out and offer a link to a list of the folk who'll be
snooping on your browsing if you live in the UK.

[http://www.dailymail.co.uk/sciencetech/article-3971214/The-4...](http://www.dailymail.co.uk/sciencetech/article-3971214/The-48-organisations-
entire-online-browsing-history-delete-it.html)

Edit: If that's a step too far . . . here it is.

Metropolitan police force, City of London police force, Police forces
maintained under section 2 of the Police Act 1996, Police Service of Scotland,
Police Service of Northern Ireland,British Transport Police, Ministry of
Defence Police,Royal Navy Police, Royal Military Police,Royal Air Force
Police, Security Service,Secret Intelligence Service, GCHQ,Ministry of
Defence,Department of Health, Home Office,Ministry of Justice, National Crime
Agency,HM Revenue & Customs, Department for Transport,Department for Work and
Pensions, NHS trusts and foundation trusts in England that provide ambulance
services,Common Services Agency for the Scottish Health Service,Competition
and Markets Authority, Criminal Cases Review Commission,Department for
Communities in Northern Ireland,Department for the Economy in Northern
Ireland,Department of Justice in Northern Ireland, Financial Conduct
Authority,Fire and rescue authorities under the Fire and Rescue Services Act
2004, Food Standards Agency,Food Standards Scotland, Gambling
Commission,Gangmasters and Labour Abuse Authority, Health and Safety
Executive,Independent Police Complaints Commissioner,Information Commissioner,
NHS Business Services Authority,Northern Ireland Ambulance Service Health and
Social Care Trust, Northern Ireland Fire and Rescue Service Board, Northern
Ireland Health and Social Care Regional Business Services Organisation,Office
of Communications, Office of the Police Ombudsman for Northern Ireland, Police
Investigations and Review Commissioner, Scottish Ambulance Service Board,
Scottish Criminal Cases Review Commission, Serious Fraud Office,Welsh
Ambulance Services National Health Service Trust.

------
antaviana
One way to protect youself is by writing a program that sends random requests
every few seconds to an URL of a database of millions of URLs. Then they will
have to find out which your actual visits were and which not.

~~~
pavel_lishin
So when you're hauled up in front of a court, the prosecutor can cherry-pick
the worst possible subset and sequence of all of those domains?

------
JupiterMoon
If you are in the UK then sign the petition (please don't sign it if you are
not).

[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

60,000 so far, less than 100,000 means it will be ignored out of hand.

There is another HN discussion about it at
[https://news.ycombinator.com/item?id=13035996#13036348](https://news.ycombinator.com/item?id=13035996#13036348)

------
exabrial
For one, stop idolizing the people that promoted it under his administration:
President Obama. It started under Bush, but Obama should have killed it.

------
heisenbit
I suspect on site level there won't be too much to allow effective
identification of threats without a lot of false positives. This may be
intention as with a "reasonable" suspicion more invasive procedures can be
justified.

The biggest practical near term threat could well be to the spouses of all the
parties that can request the data. Other likely threats are employers,
particularly public ones.

------
MichaelMoser123
They didn't mention TOR in the article; is there a reason for not mentioning
it? Is it still legal to use TOR in the UK?

~~~
Accacin
Tor is really for anonymity, not privacy.

~~~
MichaelMoser123
They can't log your browsing history if you use TOR.

------
_pdp_
If you need minimal no-fuss, pay for what you use type of setup, you can use
Amazon Lambda to proxy for you. Hook this up to FoxyProxy or something like
this with some good rules and you will be on a good track in terms of your
default browser.

That being said, VPN will be always better and it doesn't cost very much to
set one up on DO.

------
known
Check [https://prism-break.org/en/all/](https://prism-break.org/en/all/) and
[https://www.privacytools.io/](https://www.privacytools.io/)

------
IlPeach
An interesting movie on the topic, filmed before everything blew up, The
Listening (2006)
[https://en.m.wikipedia.org/wiki/The_Listening_(film)](https://en.m.wikipedia.org/wiki/The_Listening_\(film\))

------
spaceman77
Using someone else's computer (internet cafe) with a different set of
usernames/identities while not having your smartphone with you.

Using a laptop running a live Linux CD using public WI FI while leaving your
smart phone at home. Using fake log ins online.

