I advocate for the right of Internet Privacy in the home and corporate environment, and have a strong moral objection to Internet Censorship. I have many regrets as a young child signing up to many services; services such as Facebook, SnapChat and Instagram being high on the list. The internet is a nigh on infinite abyss of social circles and “handy” services; probably second only to the lurking predators and threats.
As a parent, I feel it is your parental requirement to not sign your child up to Facebook, to share photos of them on the internet, and not to allow them freedom on the internet – it’s a dangerous place, and they do not know what they’re getting into.
You might think I am a paranoid person, but that does not mean I am wrong; too many people out there know too much about you. You’ve signed up for services, shared personal information, and do not even recall it. Facebook owns your data; your own images are used as marketing material for Snapchat:
worldwide, perpetual, royalty-free, sublicensable, and transferable license to host, store, use, display, reproduce, modify, adapt, edit, publish, create derivative works from, publicly perform, broadcast, distribute, syndicate, promote, exhibit, and publicly display” any content you upload to the app, “in any form and in any and all media or distribution methods (now known or later developed)
Think about all the images you’ve shared on SnapChat, family images, intimate videos and the like; some SnapChat member has the full legal right to trawl through your daughters SnapChat, and if wanted, save images.
Yes, I am paranoid. Very paranoid. So therefore, in this post I want to discuss a few topics of interest:
- Internet Anonymity;
- ISP Metadata
- Content Restrictions
- TOR and VPN Usage
- Citizen Surveillance;
- Phones (IMSI Devices)
- Unauthorised Government Movements
The term internet anonymity can mean an array of things, depending on context. To me, the term means:
Using the world wide web in a form such that ISP, Governments and Services are unable to share, collect or track personally identifiable information about the users, without explicit consent
Similar to these requests, the TOR Network aims to provide users a means to search the web anonymously. Without being able to use the internet at your discretion goes against the very meaning of the internet; the ability to share information peer to peer. We all have things we do on the internet that we’re not proud of, or that we do not want to disclose to others, and it is our human rights to have this privacy.
If, for whatever reason, we decided that a service, regardless of nature, should have the freedom to save our IP Address, Browser Type and to use your profile picture for their services that’s fine. Not until we allow it, however.
Metadata is, in the simplest form, defined as:
a set of data that describes and gives information about other data.
In Australia, our pathetic government has indicated its support for a controversial “data retention” platform. Undoubtedly they’re “acting in the best interests of Australia” to help thwart criminal activity (Even though Malcolm Turnball uses Wickr to hide his criminal activities), by using a blanket tactic to spy on their citizens.
When you spread your net too vast, you miss out on so many opportunities.
In the movement, it became clear this was just a method to spy on Australian Citizens. The Government defined their metadata to cover:
- Telephone numbers;
- The time and length of phone calls;
- The internet protocol addresses (IP addresses) of computers from which messages are received or sent;
- Location of parties making phone calls;
- To and from email addresses on emails;
- Logs of visitors to chat rooms online;
- Status of chat sites – whether they are active and how many people are participating;
- Chat aliases or identifiers (the name a person uses in a chat room online);
- Start and finish times of internet sessions;
- The location of an individual involved in communications and;
- The name of the application someone uses online and when, where and for how long used
Now, I am no expert on Metadata whatsoever, but I am aware that whilst there is no legal definition of Metadata in Australia, there are 3 clear types of Metadata:
- Descriptive metadata describes a resource for purposes such as discovery and identification. It can include elements such as title, abstract, author, and keywords.
- Structural metadata is metadata about containers of data and indicates how compound objects are put together, for example, how pages are ordered to form chapters. It describes the types, versions, relationships and other characteristics of digital materials.
- Administrative metadata provides information to help manage a resource, such as when and how it was created, file type and other technical information, and who can access it.
Personally, I advocate for no Descriptive Metadata to be collected unless there are fair grounds for monitoring the user (performing crimes). Understandably there are some instances where collecting this personally identifiable information is warranted, but for the most part, unnecessary.
Please use appropriate methods (VPN Providers, TOR and Secure Messaging Applications) to mitigate the personal information collected by the Government
Preventing Collection of Metadata
Whilst Metadata can be done at an ISP level, there are methods to circumvent Metadata collection (or limit). For example, using a VPN and/or TOR will help add a level of encryption to your data, and thus, make it more difficult to collect Metadata.
Avoid accessing emails from an non-encrypted VPN tunnel and try to use providers off shore; for Australia, Google Mail is an alternative.
Geo-Tagging, and restricting internet access is another flaw in modern-day life.
Geo-blocking or geoblocking is a form of technological protection measure where access to Internet content is restricted based upon the user’s geographical location.
For example, many people complain about the geo-restrictions on Netflix for content. Furthermore, Korea and China have a very censored internet; if you’re in China you cannot use Google.
There are fair ground for Content Restrictions based on content considered inhumane, racist, sexist or other defaming, however many countries attempt to block websites, services and content that oppose the leading power in the country (political and religious).
Of course, using Google’s DNS Servers, TOR and a VPN will mitigate censorship, it should be an internet standard to provide unbiased, uniformity for access regardless on location.
TOR and VPN Usage
The recent trends (my perspective is from Australia) of internet freedom (the deprivation of it) has led to a massive influx of using technology to hide one-selves online activity from prying eyes.
The usage of such technologies oppose those in power and sub-sequentially, are in a constant to and fro to come out dominant over the other. For internet freedom, support to the TOR network, in my opinion, is paramount.
What is TOR?
The Onion Router (Acronym form being TOR) is defined as:
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
In essence, through means of encryption, obfuscated bridges send your data through a unique route, each passing adding another layer of Encryption. Once connected to the TOR network, you achieve a list of nodes available to route your data, as depicted here:
Then, a randomised path (I believe bridging nodes) is selected, and at each interval another layer (“Onion”) of encryption is added:
It is important to understand that each route is unique; you receive a new address and lease on the TOR network for routes, as depicted here:
I urge you to read up on Staying Anonymous using TOR and to ascertain a better understanding of the underlying technology (and flaws) being implemented in this project.
What is a VPN?
A virtual private networkextends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
At this point I am not going to cover all the details of these technologies; this post is not about educating people on how technologies work, moreover giving you awareness of technologies to help with internet freedom.
In the current day and age, the American “Powers” are abusing their assets, and are imposing strict monitoring programs to “spy on their own citizens” in an effort to “fight terrorism”; even though the mass surveillance has not stopped a single attack. According to the Homeland Security Report, there were no recorded arrests or successful interception of terrorist acts (killings, bombings).
Edward Snowden, former Central Intelligence Agency (CIA) employee, is notorious for “leaking” sensitive information including “numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments”. You can watch this here.
In coexistence with Content Restrictions and services monitoring their users, it comes as little surprise there a database cataloguing every user. Regardless of the intention, I believe it a morally incorrect approach to managing a diplomatic first-world nation, as to secretly (or publicly for that matter) aggregate personally identifiable information about the citizens of the country.
Phones (IMSI Devices and StingRays)
Through the use of IMSI Devices and Stringrays (a version of IMSI), the United States, and assuredly other governments, are making fake mobile towers to record users calls, text and locations without consent.
IMSI-catchers are used in the United States and other countries by law enforcement and intelligence agencies, but their use has raised significant civil liberty and privacy concerns and is strictly regulated in some countries such as under the German Strafprozessordnung (StPO / Code of Criminal Procedure).
There are known methods to mitigate the use of an IMSI device, using 3G network for mutual authentication (as opposed to LTE), thus allowing the collection of International Mobile Subscriber Identities (IMSI).
According to the content (which is also readily available on Wikipedia), the most common use of a “StringRay” is to perform a man-in-the-middle scenario, forcing mobile phones in the vicinity to connect and broadcast data.
Furthermore, the following is a list of active mode operations an IMSI device can perform:
- Extracting stored data such as International Mobile Subscriber Identity (“IMSI”) numbers and Electronic Serial Number(“ESN”),
- Writing cellular protocol metadata to internal storage
- Forcing an increase in signal transmission power,
- Forcing an abundance of radio signals to be transmitted
- Interception of communications content
- Tracking and locating the cellular device user,
- Conducting a denial of service attack
- Encryption key extraction.
- Radio jamming for either general denial of service purposes or to aid in active mode protocol rollback attacks
Whether these devices are capable of decrypting encrypted VoIP traffic through applications reliant on 4G is, at this stage, an unknown fact (although there are speculations).
- How the Government Surveillance Cellphones;
- Tracking our phone: how its done;
- Overview of Cell Phone Technology
To further elaborate on the aforementioned levels of data being encapsulated by services such as Facebook and Instagram, a service generally requires:
- First and Last Name
- Email Address
Whilst that may seem harmless enough, by referencing your name and email, all the other services you’ve signed up to become easily located; Facebook alone has photos, date of birth, family and friends, and, more importantly, location.
So, suddenly you have an online presence where you’re sharing more than what you initially signed up for. The fact that Facebook now tries to integrate with your calendar is alarming to say the least.
It is worth mentioning that by part of having Facebook installed on your iPhone or Android allows the application (whether by consent or not) to scan all the webpages you visited, photos and places you’ve visited to provide you “targeted advertisements“.
Therefore, if hacked or convinced, social services are able to accurately identify you, your habits and potentially even pinpoint your location. Unless you have superuser access over your device and are able to restrict permissions (most likely rendering the app useless), there are methods wherein you can be tracked, your data sold or shared with other entities, all without explicit consent.
Unauthorised Government Movements
There are a plethora of discussions where the FBI (American Government) has requested illegitimate methods to break into services, devices and to spy on users. The FBI and Apple dispute about enabling software to bypass encryption on iOS being a prime example. Other examples such as Wickr can be referred to as well.
There are, of course, hundreds of resources at your disposal, countless discussions and much more technical information to accompany these topics (that I will not go into detail on). It is important to always understand what data you share, who you share it with, and the legal barriers dictating what can be done with that data.
To summarise my fears:
- The “Freedom” and “Anonymity” of the internet is, at best, in jeopardy;
- Ensure you’re aware of the data you are sharing with services;
- Try to utilise technologies that help improve your security and overall anonymity on the internet and;
- do not trust your government.