ISPs get hacked. I configured my phone and home network to route all traffic over a VPN through a server I set up in France last weekend. So when peoples browsing history gets leaked en masse, at least mine wont be amongst it.
Governments should be legislating in this area. They should be making it illegal for ISPs to
inspect/store this information. Not compulsory. Preaching to the choir I guess.
Did you look into the surveillance situation in France? I understand it's also fairly bad.
I'm not suggesting a nihilistic approach where there is no jurisdiction that's any better than any other, just wondering about the choice of France. (I also like to question people's intuitions about what makes for a good privacy-respecting jurisdiction: Switzerland because of banking secrecy of decades past but not taking account of https://www.theguardian.com/world/2016/sep/25/switzerland-vo...? Iceland because of the Althing's consideration of the IMMI law package several years ago, which has not yet passed?)
Does any part of the new U.K. law permit or require metadata monitoring that might reveal more about what people are doing with their VPNs because of the quantity or timing of their traffic?
I chose France for a couple of reasons. It's close, so the added latency is low and it's not a five eyes partner.
My main goal was to get my traffic out of the country which has direct control over me. The French government has no control over me. The British government very much does.
Of course they get hacked. That's part of the big evil plan. Eventually in a couple years, after ISPs have shown their incompetence, the call will go out for this data to be stored at a secure government location.
I am reminded of a quote from the BBC Wold debate. An audience member described typical ISP security in Australia as "Two men and a dog".
Being in a highly privileged position on the global Internet sounds cute, but it's not actually cute at all. It is opportunistic in nature and tantamount to living in an autocratic regime like China.
Apparently this bill respects human rights, but I disagree. Slurping up all the plaintext you can is outright opportunism and sly.
I did similar thing, but on "bigger scale" I bought opensource router Omnia Turris and configured OpenVPN client on the router for all, also hell no, endpoint isn't in France!
"Bigger scale" ? I do exactly the same. Except I rolled my own. I have an Intel NUC at the front of my home network which handles routing all traffic out over the VPN. Amongst many other tasks.
Opera now has a free VPN mode built into the browser, making it very easy to switch VPN to different countries and requiring just a flip of a switch in the settings.
Only browser based though, does nothing to stop all the other data being leaked...also, they haven't really given much detail on the security, privacy policy etc.
This article came a bit late. The Queen has already signed the Investigatory Powers Act as of this morning. Wikipedia has a decent summary of its provisions:
What I'm really interested in now is what happens if/when circumvention becomes significant.
I'll be particularly interested in what happens to websites that publish circumvention techniques - will they be blocked? Will specific services (e.g. tor) be targeted, and to what extent? Will foreign VPN providers be blocked?
It's probably worth pointing out that many of the most important anti-surveillance tools like Tor, Signal etc survive on minuscule budgets, most of which are from US based institutional or NGO grants (open disclosure: so is Umbrella App which we make). If the UK or others really wanted to hamper them, going after the funding for maintenance, not the tool itself would probably be more destructive in the long run unfortunately. Yes open source is great etc and might survive but development would drop dramatically.
> “The Investigatory Powers Act 2016 will ensure that law enforcement and the security and intelligence agencies have the powers they need in a digital age to disrupt terrorist attacks, subject to strict safeguards and world-leading oversight,” a statement from the Home Office reads.
And as expected some wheeling and dealing once they have the data:
> Many law enforcement agencies will be able to access this data, but so will lots of other, less obvious public bodies, including the Food Standards Agency, ...
First they steal private data of more than 60 million of innocent people. Then they share it with "less obvious public bodies", where we have to trust it is in save hands.. It is just a matter of time before this data is out in the open. How could we ever feel more safe when they do this? They better call it "The Criminal Act 2016". Is this what people vote for in a Democracy?
The petition already has a response from government
> The Investigatory Powers Act dramatically increases transparency around the use of investigatory powers. It protects both privacy and security and underwent unprecedented scrutiny before becoming law.
Basically they were already doing it, and it was becoming a concern that it was illegal, so they retroactively fixed that pesky law, as stopping was never an option.
Can I assume the response from the government isn't an alternative to the Parliamentary debate? It's not like "petitions that receive enough signatures will receive a response from the government or a debate in Parliament"?
I just want to know why the Food Standards Agency needs or wants access to my internet history? Is it a list of every Government agency including them? Just random?
- Securing my phone's traffic when surfing on a 'free' or tariff-ed wireless hotspot
Sure, the provider might not keep logs, but it's certainly not for casual surfing, or heavy surfing. Stick to old reliables like TLS, TOR, and ADBlockers for vanilla /ISP connections
You might want to read these concerning VPNs and privacy:
OpenVPN on a couple of low end VPSs, depending on where I want to appear to be.
It's a breeze to set up [0] and I can know for sure that logging is disabled. Of course, I have to trust the VPS provider not to snoop, but I'm not doing anything that would warrant attention from authorities, I just don't trust this government to have the infosec chops to protect my data.
I run everything through TorGuard. It's low cost and is somewhat reliable. They have lots of servers in many locations.
Honestly, the most annoying part is that I see more CAPTCHAs. This is because it mixes everyone's traffic together, and some of those users are bound to be bad actors.
https://news.ycombinator.com/item?id=12978300
https://news.ycombinator.com/item?id=13035996
https://news.ycombinator.com/item?id=12992672