Now that the Investigatory Powers Act 2016 AKA Snooper’s Charter – is law, how can you protect yourself from government snoopers?
The new law forces internet service providers to keep a record of all the websites you visit for up to a year. It also obliges companies to decrypt data on demand and gives government security services the power to hack your computers, tablets, mobile phones and other devices.
Jim Killock, the director of Open Rights Group, described it as the “most extreme surveillance law ever passed in a democracy”. It more or less removes your right to online privacy.
The law forces internet service providers to keep a record of all the websites you visit for up to a year..
To some extent, the new law merely legalises the current “custom and practice” as revealed by Edward Snowden.
The most obvious difference is that it makes your web history readily available to almost 50 assorted police forces and government departments. These include the British Transport Police, the Department of Health, the Food Standards Agency, the Gambling Commission, and the Welsh Ambulance Services NHS Trust.
When you sign up with an ISP, the traffic from your PCs and other devices goes to your ISP’s servers, which feed most of it – except various blocked websites – on to the internet. You can track this process yourself using TraceRoute.
Your ISP therefore knows where you are going online. You can avoid this by using one or more anonymous “proxy servers” between your PC and your eventual destination. Your ISP will then know you visited the proxy server, but, if the anonymising is done properly, it won’t know where you went from there.
Most people aren’t interested in proxy servers, but often end up using them. For example, British people travelling or living aboard use UK-based proxy servers to watch TV programmes on BBC iPlayer, while people outside the US use American proxies to access Netflix and other services.
There are two big problems with using free proxies. First, you may not know who’s running them. They could be helpful hackers or criminals, or even CIA honeypots. Second, they may be unreliable and slow.
It’s better to use a virtual private network or VPN.
Multinational corporations have long used VPNs as a way of extending their private networks across the public internet. If they encrypt all the traffic between computers in their British, American and other offices, they can send their traffic securely over the internet without paying for expensive leased lines. VPN service providers offer the same facilities to ordinary users for a small monthly fee.
The traffic from your PC is automatically encrypted and sent to the VPN supplier’s server, so your ISP can’t see the final destination. The ISP’s records should only contain the VPN company’s server addresses.
Not many people use VPNs. However, I recommend them to people who travel a lot or work from public Wi-Fi hotspots, because they protect your traffic from snoopers who steal passwords – or worse. I also recommend them to people who are potential targets for other reasons. They might be diplomats, film stars, bankers or anyone with commercially sensitive data.
The next Dyenamic Solutions post will be how you can set up a VPN.