• The Investigatory Powers Act was passed in the UK in 2016 • UK citizen’s online activity is heavily tracked and snooped-upon by GCHQ, even via webcam • Companies stand to gain from tracking your internet activities • A VPN can help protect your liberty and privacy by encrypting your most private data.
“Some people say privacy is dead – get over it. I don’t agree with that. Privacy is very important.” Tim Berners-Lee
When Tim Berners-Lee first coded what would become the World Wide Web, his vision was to create a completely free, radically democratic space for communicating, connecting and sharing information. No borders, no barriers, just open, unrestricted exchange. However, in recent years, Berners-Lee’s public discussions about his creation have increasingly focused on something else altogether. Rather than open exchange, he now talks about the rights people have over the information they share on the internet and the say they have in where that information goes, and who gets to see it. In his terms, he is concerned with how people can protect their ‘data’ online.
Why the change?
Berners-Lee shares one of the great modern concerns over the internet – privacy. When we use the internet, we leave traces of ourselves all over it: our unique IP address, digital footprints of where we go and what we like to do, personal details in payment and subscription forms, communications we send and things we share. This is all preserved in huge data silos, long after we have forgotten about it.
What concerns people, and what now concerns Tim Berners-Lee, is ownership of that information, who has access to it, and what they can do with it. This is why VPN services are seeing such an explosion in popularity.
Money and control
All this information is valuable for two reasons.
One, it can help people make money.
The internet has become a huge global marketplace for businesses to advertise and sell goods and services. Those businesses want to know as much as they can about potential customers to give themselves the best opportunity possible to make a sale, and therefore to make money.
Internet Service Providers (ISPs) store large amounts information about our browsing habits, our interests and where we shop, plus personal details like our names, email and home addresses and telephone numbers. A huge market has emerged for businesses looking to buy up this kind of personal information to help with their online marketing.
Personal information is not just valuable in this sense to legitimate businesses either. Cybercriminals use personal information gleaned from the internet to hack into systems and steal money, intellectual property and even identities.
Two, online data is valuable is the opportunity it gives people, mainly national governments and their agencies, to keep an eye on what people are doing.
In 2013, whistleblower Edward Snowden released documents which proved that government intelligence agencies in the UK, USA and other countries around the globe were engaged in mass surveillance operations using online information. In the UK, GCHQ was shown to have collected millions of email messages, Facebook posts, internet histories and calls. It even spied on video calls to test face recognition technology
Governments argue that this is entirely necessary to protect the public and fight crime. In the modern world, they say, they need to be able to collect information through online surveillance to counter terrorists, people and drugs traffickers, criminal gangs, pedophiles, even copyright infringements.
No one would dispute those aims. But what about the innocent majority who don’t fall under suspicion for any of the above? Is it right that they should have their private lives peered into as part of mass surveillance programs, and their personal data collected and stored? Is it even safe to have mass stores of private data all in one place when there are sophisticated cyber criminals out there looking for just those sorts of opportunities?
If you believe, like Tim Berners-Lee, in the value of privacy, you should be concerned by these questions. For many, the power of a national government to collect and store details of the personal lives of every citizen goes way beyond legitimate security, veering dangerously close to a Big Brother form of control. And in the UK, it is now completely legal.
The Investigatory Powers Act 2016
Following Edward Snowden’s revelations about GCHQ’s surveillance activities, the UK government decided to counter questions over the legality of the methods by introducing a new piece of legislation that would give public agencies massive new powers to peer into the daily lives of ordinary people.
In brief, the Investigatory Powers Act legalizes the tracking of any UK citizen’s online activity, the hacking of devices, the monitoring of innocent people and the sharing of private online data between huge numbers of people working for public bodies. It was quickly dubbed ‘the snooper’s charter,’ and has been referred to as the most extreme surveillance law of its kind in any democracy.
Tim Berners-Lee himself said of it:
“This snooper’s charter has no place in a modern democracy – it undermines our fundamental rights online. The bulk collection of everyone’s internet browsing data is disproportionate, creates a security nightmare for the ISPs who must store the data – and rides roughshod over our right to privacy. Meanwhile, the bulk hacking powers in the Bill risk making the internet less safe for everyone.”
Here’s why a VPN can help fight the new Act:
You’re being tracked. Right now. If you are a UK citizen using UK based ISPs and mobile carriers, your so called ‘Internet Connection Records’ are collected and stored centrally for up to a year. There is no targeting or filtering. Everyone is subject to surveillance.
It lets people hack you legally. So the police could hack you to steal data directly from you, place software on your devices, or bypass encryption. This is a power that the even USA government has so far not passed – and UK citizens should be very concerned that they are the guinea pigs for this tech.
People are watching you. Your data can be accessed by an astonishing number of people working for public bodies – practically every police, intelligence, health, justice and national administrative organization. If your neighbor works for your local ambulance service, for example, they may be able to see what you do online.
Your data can be misused. ISPs and public authorities do not exactly have exemplary records when it comes to data protection and security. Hacks, leaks, lost phones, stolen memory sticks, phishing, and more… Government organizations have never successfully managed data.
What you can do about it
The Investigatory Powers Act is a risk to your liberty and your privacy. It leaves the private online data of every UK citizen more susceptible to cyberattacks and data breaches, unauthorized prying and even legal hacking.
But you can do something about it. There are still ways to use the internet securely without putting your privacy and your personal information at risk. Probably the most effective is to abandon public ISPs altogether and opt to access the internet via a Virtual Private Network, or VPN.
What is a VPN?
A VPN is private network that uses a public network (i.e. the internet) to link users together. It works by routing connections via the internet; only the data sent along those connections is shielded from public access by so-called ‘tunneling,’ and is also encrypted.
VPNs were originally used by businesses as a means of creating secure but reliable communications networks that could link together different sites and provide access for remote workers. For business transactions, they offer the convenience of the internet’s infrastructure, without the risks associated with public communications.
Nowadays, more and more people are choosing VPNs as a secure means to access the internet. This makes sense when you are using public WiFi hotspots, as these are notoriously insecure. However, if you are also concerned about your online privacy in general, VPNs are a great way to avoid mass surveillance and corporate snoopers looking to sell your details to advertisers.
VPN subscription services basically offer you a private network connection with a remote server, which could be anywhere in the world. This server uses tunneling and encryption technology to access the internet on your behalf. With no ISP logs, the fingerprints you would normally leave all over the internet are wiped clean, and your privacy is protected.
How to use a VPN
The first thing you need to do is choose a subscription service. There are a number of factors to consider here, such as whether to opt for a free or paid for service, where the service is based, and what you want your virtual location to be (all will be explained). Let’s take each point in turn.
There are a few decent free VPN services available . However, as with anything in life, free things often have some drawbacks. Free VPN services are often paid for by advertising, so you can expect your web browsing to be supplemented with plenty of ads. Some free services may be slower and less reliable than paid for subscriptions. Moreover, if you are paying for a service, there is a better chance they will be protecting your privacy properly.
Where your subscription service is based is very important. If you are truly serious about protecting your privacy, don’t choose a country with laws in place that can force service providers, VPNs included, to store and hand over user data. The UK, USA, Australia, Canada and New Zealand all have an information sharing arrangement known as the Five Eyes. Therefore, if you choose a VPN service with servers based in any of those countries, the UK government could still access details of your online activities.
You also need to think about your ‘virtual location’, or the country you actually want to access internet services in. VPN services use secondary servers to pick up geographically specific internet services. So say, for example, you chose a VPN based in South America, but still wanted to pick up.co.uk sites, you would choose the UK as your virtual location. The South American server would then pick up public internet via a server in the UK, before routing it back to you, all done in a secure and encrypted private data tunnel. The beauty of this is, whatever your virtual location, no one knows where you really are.
To use a VPN, you have to download a software client. This can be done on any device, but it means the VPN is specific to that device only. If you want to run every device in your home on the same VPN, but don’t want to have to download the software several times over, consider getting an internet router which supports VPNs and setting it up on that.
The Benefits of a VPN
By far and away, the biggest benefits of a VPN are privacy and security. With tunneling technology and encryption, VPNs were designed to enable the secure transfer of data over public networks. That means that once you log on to your VPN account and your device and the remote servers authenticate one another, your real IP address is hidden and the information shared between the devices cannot be viewed by anyone else – not even government surveillance.
From the perspective of getting around the collection of data enabled by the Investigatory Powers Act, VPNs offer a perfect solution because, as well as tunneling and encryption, they operate via a remote server. If that server is outside the UK, it is beyond UK jurisdiction.
Another benefit is, because no identifying information is shared with the websites you access via a VPN, you escape the attention of businesses and advertisers, too. No cookies, no targeted adverts, no recommendations based on your search history.
If you travel around a lot and use many different WiFi connections, a VPN gives you peace of mind that, wherever you connect from, you can always access the web securely. This is especially reassuring if you do a lot of financial transactions online whilst travelling about.
In addition, a VPN also means you can always get the internet in your country of choice, no matter where you are. If you have ever been frustrated at not being able to use BBC iPlayer or Sky Go when abroad, a VPN is your answer. The same applies if you travel to China and still want to be able to access Facebook. As long as your virtual location is set to UK, it doesn’t matter where you actually are.
Other ways to protect your privacy online
One of the great strengths of a VPN is that it encrypts all of the data you send and receive over the internet. You do not, however, have to use a VPN to use encryption. Encryption basically involves using a code to transmit data, so even if people get access to it, they cannot read it. The internet supports encryption through the HTTPS secure protocol. If you want to make sure you are only using encrypted connections, download the HTTPS Everywhere plug in.
The problem with HTTPS is that not every website supports it. In addition to this, many governments are now pushing for powers that would enable them to force providers to unlock encryption codes if they were ordered to. This has already been approved in the UK as part of the Investigatory Powers Act.
Many browsers now offer a private browsing mode. In Google Chrome, it’s called Incognito. Private browsing stops your web browser storing details of the pages you have visited, and blocks cookies, but it does not stop the places you go storing your information, or your ISP logging your activity.
Cookies are small pieces of data sent by a website and stored on your computer to track information about your visit. Their uses include remembering login information, as well as which pages were accessed on your previous visit, and range from the innocuous to the sinister. Some types are exceptionally risky because of the amount of information they store, which is then available to the parent websites.
You can counter cookies by regularly clearing your cookie cache, which you can do through your web browser settings. Getting rid of Flash cookies takes more effort, but you can learn how to do it here. It is also a good idea to clear your DNS cache on a regular basis. The DNS cache stores the domain names of websites you have visited. DNS has been linked to security weaknesses even on VPN. For Mac users, use the Terminal command dscacheuitl –flushcache for OSX 10.5 and above, or lookup –flushcache for OSX 10.4 and below.
If you are serious about remaining anonymous on the internet, consider using The Onion Router (Tor). Tor gets its name from the way it uses a vast network of servers to create different encrypted layers, like those of an onion. This acts as a huge masking technique, making it very hard to identify who is doing what.
Tor has gained fame and notoriety for being a preferred networking tool for investigative journalists, political dissidents and, unfortunately, criminal networks. It is effective, but not perfect. Recent research has shown that more than 100 of Tor’s servers are collecting information on users, and no one is sure who is doing it.
Much of improving your privacy online is about changing your habits. Changing passwords regularly, making sure they fulfil the strong password criteria and being very careful about where you give your date of birth and telephone number are all basics we can do straight away. Search engines like Google and Bing are some of the worst offenders when it comes to storing information about your web browsing, so switching to a service like DuckDuckGo, which does not track any information about your searches, is a prudent choice.
Also, remember that accessing the internet on your mobile can compromise your privacy, too. Keeping GPS and WiFi switched on means you are transmitting huge amounts of information not just about your internet usage, but your location, your device and what apps you are running. Switch them off until you need them.
Protect your privacy – today!
When you look under the surface, there is no longer any privacy when using the internet. From web browsers, search engines and ISPs collecting, and then selling data about your online activities, cookies saving personal details entered online, to the threats posed by cyberattacks and surveillance by national governments, nowhere is safe.
In the UK, ordinary internet users are in a strange position. On the one hand, Data Protection laws are held up as evidence that privacy is still sacrosanct in our society, and those who flout the rules will be punished. On the other hand, the Investigatory Powers Act means every one of us is subject to mass online surveillance. Our personal data is collected on an unprecedented level, leaving us vulnerable to unauthorized prying and the attentions of sophisticated cybercriminals.
The only way to get reassurance about your online privacy is to take your own steps to protect yourself. Changing our habits by doing things like using encrypted channels, clearing our cookie cache, browsing in private mode and ensuring that all of our passwords are secure all make sense. However, none of them stops our ISPs from collecting data about our online activities, and that is what enables targeted online marketing and mass surveillance alike.
The most tried and trusted way to stop that happening, and still be able to enjoy the web the way you do now, is to use a VPN. Easy to install and just a few pounds per month for a subscription, VPNs offer the best way to hide your IP address and therefore surf the internet privately. Through a combination of tunneling technology, encryption and using remote servers in foreign countries, VPNs bypass the attentions of the Investigatory Powers Act in a way that is entirely legal and highly reliable.