Evading the Australian Metadata Funnel

Uhoh. The government can see what i’m doing on the interwebs.

I’m a big fan of privacy on the internet. If I must admit, i’m a little TOO paranoid about it. I regularly change all my passwords to RIDICULOUSLY long passwords, I was banned by Facebook for a week for not using my correct name, and I use an encrypted email service based in Switzerland.  Why all the fuss? Surely if your’e not doing anything wrong, then what’s to hide? Maybe you just want to download the latest game of thrones without worrying about getting busted? This article will attempt to briefly explain what metadata is, why the government needs it, and what you can do to protect your privacy.

What the hell is metadata?

Metadata is essentially data, words, numbers etc that are communicated when you access ‘stuff’ over the internet. Malcolm Fraser and George Brandis like to use the analogy of reading books in a library. i.e they record the title of the books you read, but do not monitor what you read inside the book.  In terms of internet metadata, something like a google search has metadata in the URL. For example if I search “Movie Times Hoyts Cinema Northland Friday 13th 2015”, google will come up with a search and show a link to Hoyts Cinema in Northland. If the government were to look at the retained metadata from the URL (the words in your browser address bar) of the google search I performed they would see this:

https://www.google.com.au/search?q=Movie+Times+Hoyts+Cinema+Friday+13th+2015&oq=Movie+Times+Hoyts+Cinema+Friday+13th+2015&aqs=chrome..69i57.334j0j7&sourceid=chrome&es_sm=93&ie=UTF-8#q=Movie+Times+Hoyts+Cinema+Northland+Friday+13th+2015

Using the metadata above, it doesn’t take a rocket scientist to figure out what I might be doing on Friday the 13th.

VPN, Australia, Metadata

Australia’s Attorney General George Brandis (2015), orchestrated the implementation of recent metadata laws. He woefully tried to explain metadata and retention in this wonderful video below:

Why does the government want it?

As of the 13th October, 2015 the Australian government requires that all Internet Service Providers (ISP’s), must store all their customer’s data for two years.  The Police, ASIO and government agencies will be able to access your metadata if required. Accessing information such as your google searches, phone calls, locations, and websites visited can provide insight into a person’s daily activities, and aid in investigations. The government claims that metadata retention is “at it’s heart, a counter terrorism measure”, with the primary aim of stopping terrorism and crime such as child pornography. Whilst I understand the importance of stopping ‘pedophile rings’ and terrorism, is it necessary to monitor the entire Australian population’s internet access to do this? Surely there is a more controlled approach that doesn’t sacrifice the privacy of the average Australian citizen.

Brandis

Why is Metadata Retention a Waste of Time and Money?

Any terrorist, amateur criminal, or educated citizen can easily hide their internet activity. VPN’s allow someone to hide their activity with relative ease (i discuss VPN’s later in this article). Other apps also allow for communication to be disguised. Which raises the question. Why implement a hugely expensive, risky metadata retention scheme, when people can easily circumvent it?  My guess, is that there are alternative motives other than counter terrorism and crime. But maybe i’m just paranoid?

This video sums it up nicely:

Whats the risk, and why should we value our privacy?

Put simply, we should all value our privacy, and not have to worry about someone else monitoring what we do. If personal information gets into the wrong hands, it can have devastating consequences. Can the ISP’s and the government guarantee that metadata is not hacked by external sources and used to extort, blackmail, steal or humiliate people? Could metadata be used to blackmail political opponents? Can journalists be monitored, to reveal their sources and restrict free press? There is too many scenarios that need considering.

The government explains that they only log the websites visited and the metadata contained, and this ensures limited privacy. However, using simple metadata you can gain a lot of insight into someone’s activities. The below image nicely sums up some scenarios:

Metadata
Metadata

How can I protect my privacy?

There are various steps you can take to minimize the chance of someone stealing your online identity, accessing your accounts, or viewing your metadata. Some measures are easy, others extreme. Below, I’ve listed some of the easy measures I take:

Use long, complex passwords

  • Don’t use the same password for everything. Try using different passwords for your email accounts, work accounts, facebook, blogs, instagram etc,
  • Use nice, long, complex passwords, and change them regularly. Big Ed Snowden talks about passwords below:

Use a secure email service

  • Hotmail, Gmail, yahoo etc are NOT secure email services. There is a reason why they are free, and that is metadata. They can potentially use the metadata in your emails to target advertising. I’ve lost track of how many times these services change their privacy rules, and who knows how much information these services provide to external sources.
  • Use a FREE secure email service such as ProtonMailStarted by a crowdfunding campaign, this service was setup in 2013 after scientists at CERN in Switzerland got the sh*t hacked out of them by a government agency. They now operate the world’s largest secure email provider. You need two passwords to get into your protonmail account. All the emails are encrypted, and Protonmail cant even access the emails on their servers!

    *Interestingly enough, ProtonMail was recently the victim of one of the largest cyberattacks in Switzerland, and managed to keep all data secure. The ferocity of the attacks suggest that the email service is not appreciated by people with vested interests in reducing online privacy. More info here.

Protonmail

Use a VPN

This is the most recommended measure you should take, and the main reason why nationwide surveillance is pointless. I use a VPN on my home computer, and my phone to protect my privacy.

VPN stands for ‘Virtual Private Network’. It is a secure, encrypted (jumbled up, unreadable) link between you and another location over the internet. Using your internet connection you can easily install applications or browser addons, or setup your router to connect directly to another location all the time. I like to connect to switzerland and browse from there. This means that the ISP can only log the connection between you and that other source, but cannot see anything inside that connection.  So if you were to setup a VPN, and complete a google search, download a movie, or watch something naughty, the metadata kept by the Australian ISP would not show this activity. This may sound complex, but its not.

Most companies offering VPN services, offer a log free service. Meaning that if they were to be audited by an agency, they should not be able to provide any metadata on your activity on the VPN. If you are going to choose a VPN, make sure they do not keep logs.

What’s a good VPN service?

  • ZenMate ‘Browser’ extention. Perhaps this is a good free one to start with. I’ve only tried a couple of VPN services, and this was the first one I tried. I used the free version of the firefox browser extension which I believe only encrypts your activity within the browser, not your entire internet connection. So if you want to try a VPN, and dont want to pay for it, then maybe start with this one.
  • Private Internet Access (PIA) – This is the service I currently use to encrypt all internet connections between my computer and the internet. I use a program that is easy to install and setup, and connects automatically when I log into my computer. The program allows you to switch between many different countries, and includes a ‘kill switch’ that disconnects your computer’s internet if the VPN connection drops.  This one costs be about $50 bucks AU a year, a small price to pay for privacy. Heck if you prefer Netflix in America, just change your country to america, and off you go!

Is using a VPN slower than not using one?

Yep. Expect a slower connection. Unfortunately, this is the downside of a VPN. However, I don’t really notice the difference. See the results of my speed tests below (ADSL2+ over copper. ISP: Australia):

Without a VPN on:

withoutVPN

VPN on, connected to Melbourne (slower):

withVPNMelbourne

VPN on, connected to Switzerland (even slower):

withVPNswitzerland

Conclusion

Hopefully this has provided you with the information to begin implementing measures to protect your online privacy. As a society we need to realize the importance of personal privacy, and speak up when a government has gone too far. Once a law like metadata retention is implemented, it is very hard to turn back. Expect more amendments to these laws in the future, further reducing online privacy and increasing the cost of Internet access.

If you have any questions, queries, or input, please feel free to comment on the article.

Mitch

Advertisements

2 thoughts on “Evading the Australian Metadata Funnel

  1. Pingback: Evading the Australian Metadata Funnel – Passwords, VPN’s, Secure Email | blogmitchblog

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s