#dataretention is worthless #securitytheatre – how-to guides for Tor, VPN and https

Context: Roxon tries to allay fears over data storage [ABC News]

Under the plan, phone and internet companies will be required to keep logs of internet sites and phone calls made by their customers for several years instead of regularly deleting the data.

To show how easy it is for any punk kid (or middle-aged feminist blogger) who just doesn’t want to play along with Roxon’s plans for an expanded surveillance culture, please do some googling on the search strings below. If you don’t want a data-trail of following these links on your computer right now, I suggest that you might like to look up this post at an internet cafe with printing facilities, print out the pages you find most helpful from the searches below, and then configure what needs configuring accordingly on your own computers later.

how to use Tor
how to use VPN
how to use https
and for general principles
data encryption for dummies



Categories: culture wars, ethics & philosophy, technology

Tags: , , , , ,

8 replies

  1. I’ll be embedding some relevant tweets in these comments.

    TO illustrate my point on data retention http://t.co/XbvAQGCL AntiSec hackers leak 1,000,001 Apple device IDs allegedly obtained from FBI
    — Richard Crowden (@ScaredyCat44) September 4, 2012

  2. Those who have a computer running all the time connected to the Internet should consider running a Tor node themselves. The more there are the more usable the system will be and harder for governments to monitor.

    Also for people who are not familiar with technological tools to help preserve your privacy there are crypto parties being organized in most if not all states where people will help you become familiar with the tools you need.

  3. I may be stunningly naive on this issue but I can’t really see what the fuss is about. I am open to being convinced.
    This is how I see it. Our internal security agency with a four letter acronym starting with A and ending in SIO has about 1860 staff (from a quick google). There are around 21 million people in Australia. I will do some bucket maths to pull a figure out which won’t be that close to reality but close enough I think.
    21 million people in Australia (or thereabouts)
    65% of households have a computer with internet connection
    Lets assume 4 people per household (I know you can’t make this sort of assumption but this is bucket maths [like bucket chemistry you chuck a few things in and see what you get]
    21 million / 4 = 5 250 000 households x 65% = 3 412 500 households connected to the internet.
    Lets assume that four letter acroynm starting with A with 1860 staff does nothing but look at people’s computer usage.
    1860 x 7 hours per day x 5 days per week x 52 weeks per year (bugger em they don’t need holidays)
    3 385 200 hours per year checking people’s computers if that is all they did.
    Assuming 1 hour per computer (once) there would still be 27 300 computers not checked per year because they would run out of time. This is assuming that everyone working there was checking computer usage. Of home computers only. Not counting internet cafes, wifi, libraries, work places etc.
    Is it that people are worried about the data being looked at by spooks or is it the safety of the data and it being vulnerable to hackers?

  4. Is it that people are worried about the data being looked at by spooks or is it the safety of the data and it being vulnerable to hackers?

    There’s probably more in the hacker-vulnerability camp than the spook-wary camp, because as your numbers show, they won’t be monitoring all of us all the time. But there’s also some concern over how much all this extra data storage is going to cost the ISPs, and how much of that cost they’ll be passing on to consumers. Then there’s the privacy purists, and I don’t dismiss their concerns lightly – the potential for this level of surveillance to be abused in the future is very high.

  5. Thanks TT I can understand the hacker wary group much better than the spook wary one. I suppose given some people’s capacity to trawl through crap to find something that you said years ago to take out of context and attack you with having access to potentially reams of more data is a big issue. Also I don’t want my ISP to have any more excuses for less service for more money.

  6. Mindy – its not just as ASIO that would have access to the data initially, but also the AFP. Eventually this would spread to the state police forces and inevitably we’d share the data with overseas “friendly” intelligence agencies as well if asked. I suspect that a lot of companies would be interested in having a look at the data too (for example to track down copyright infringement). Also they don’t need a human to do much of the searching, they’ll have large supercomputers to do a lot of the analysis.
    On the upside they are at this stage not proposing that ISPs store all communication, but just meta-data (although IIRC the AFP representative mentioned that in an ideal world they would have access to the data as well). This would mean ISPs would store say who is emailing who, when, size of message, perhaps subject line, but not the actual contents. They may pick up some more private information through logging of URLs you access.
    As tigtog mentions there is the potential for even this data to be misused in the future by governments. We have a pretty harmless government at the moment, but these laws should be looked at in the light of having a government that is willing to push boundaries to hold on to power – and knowing things like who is talking to who can be very useful politically even if you don’t know the actual contents.
    And lastly as you mention there’s no reason to have confidence that ISPs will be able to secure the data properly. There will be information stolen and misused.
    I think an unintentional side affect of these laws is that more people are going to use encryption. And ironically this is going to make life more difficult for local police forces as when they do get warrants to intercept communication they will find it much harder to do so. When the majority of the population is using strong whole-of-disk encryption by default (so when they seize computers they can’t read the data), browsing with TOR (so they can’t see what websites they’re looking at) and using PGP to encrypt their mail (so they can’t read it) life is going to get a lot harder for them.

  7. Thanks Chris and Tigtog I am a babe in the woods when it comes to this stuff. Fasinating and a little frightening the ends it could be used for. I would say dystopian but then again I never thought I’d see the likes of what is thrown at our PM on a daily basis either.

%d bloggers like this: