It’s very likely that the Australian federal government will soon pass laws that allow a wide range of government agencies to access large datasets collected by telecommunications companies and internet service providers about who you call, who calls you, who you email, who your friends are, where you are and where you have been.
Techy people just respond “yeah sure they can do all this, but I’ll just use a virtual private network (VPN) and then the gubmint knows diddly-squat”. Non-techy people say VPwhat? And this is a problem, as it means that tech-literate people will have more privacy than non-technical people, a perverted “might is right” style outcome.
So let’s look at what you can do to lock down your family’s, or business’ privacy using inexpensive, proven tools.
Get Crikey FREE to your inbox every weekday morning with the Crikey Worm.
What is a VPN provider?
There are thousands of companies out there that will allow you to securely connect your devices to their network, such that when you then exchange information with other computers on the internet, those computers think you are wherever the network says, and not where you actually are. Sophisticated virtual private networks also provide tools that re-write the “metadata” that goes with each packet, to make it resistant to even the most detailed “deep packet” inspection. To the outside world you might appear to be living in some data centre in the United States, instead of your home, or office, or wherever your mobile says you are.
Prerequisites, jargon, and assumed knowledge
Unfortunately, choosing a VPN provider means learning some jargon. but to keep it super-simple, imagine it like this. Your device (phone, laptop, router, fridge, whatever) opens a secure connection to the VPN using one of the following encryption protocols, in order of worst to best: PPTP, L2TP/IPSEC. or OpenVPN (also known as SSL/TLS). From there, the VPN provider creates a tunnel between the outside world and your device. Your exit point is the location where you have told your VPN provider you want it to appear you are coming from. Good VPN providers have many hundreds or even thousands of exit points in many countries. In this way you can appear to be in the US to HBO and Netflix through your AppleTV (via paid subscription), but in the UK when you want to watch the BBC’s iPlayer. It also means, while you are travelling overseas, you can make the ABC’s iView think your iPhone is in Sydney instead of Istanbul.
So how do you choose one? Here’s a simple checklist:
1. Do they keep logs? Only choose a VPN that doesn’t track your use of their system.
2. Do they offer OpenVPN (aka SSL/TLS) and L2TP/IPSec, in addition to plain old L2TP and PPTP (which are not considered secure anymore)? Always choose a provider that supports OpenVPN.
3. Do they allow unlimited devices? A VPN is not secure if only some of your devices use it.
4. Do they offer unlimited bandwidth?
5. Do they offer a system for obfuscating your metadata?
6. Are they based in a “Five Eyes” country (US, UK, Australia, Canada, New Zealand), or politically unstable, or corrupt country? If so, go with another provider.
7. Have they been around for a while?
8. Do they offer good quality support?
I went through about 200 of the main VPN providers, and the ones on this list arguably satisfy the criteria, apart from the desire for unlimited devices.
Each of these comes with software and configuration instructions for most flavours of desktop and laptop computer, as well as iOS and Android devices. Because all of these services support OpenVPN, it is, in theory, possible for you to configure your home or business router (or get a techy friend to do this) to send all traffic via the VPN, thus protecting all the devices in your house.
The use of a VPN doesn’t stop some random technocrat from working out where you are from phone-tower records, as the device with your EMEI number (type *#06# on your phone to see it) moves between them, as well as the time and endpoints of every call and text message, as well as browser history, which apps are requesting network access — basically any “metadata” they can scoop up. Even an “off” phone will ping the towers every so often and report its device and SIM identifiers. A VPN won’t protect you from all of that, but it will keep your browser history and app traffic-profile secure, and if you make your calls with SilentPhone, Facetime, or any of the many end-to-end encrypted phone apps, then having the VPN will mask the type of data being sent, and when calls get made. A VPN won’t protect your SMS messages, but it will stop anyone knowing when/if you use iMessage, Telegram, Blackberry Messenger, SilentText or any other secure messaging system that sends its data via the internet.
Having a VPN installed on your laptop and phone is typically a matter of downloading and running a simple config app, which comes with your subscription for any of the services I’ve listed, as well as many others. Setting up your router to direct all your local network traffic via your VPN is a more complex proposition but a great way to protect your family’s privacy.