Aractus

Blog of Daniel Baxter, now secure! :)

Free SSL from Let's Encrypt!

Archive for October, 2015

How to claim your online privacy

This follows on from my last post. In my last post I provided some broad information on internet privacy, and why it is important. People need it for all kinds of legitimate reasons – whether you’re watching some kinky 80’s porn in privacy, or whether you’re seeking debt consultation, you have every right to privacy. The legislation in Australia does not require detailed activity statements about your internet connection; however it does require email providers store all metadata associated with individual emails. Essentially your email provider now has to treat your email account like a phone account where call records are kept (and are also now made mandatory under the legislation). When you sign up for debt consultation, they might send you an email or call you. The fact that you have received an email or phone call from them now has to be stored. If you phone 1800-333-000 (Crime Stoppers) which is an anonymous service, you phone provider now has to store the details of you call. The police now have a way to find out that you called them using their anonymous service. The information that is retained by your service provider is the phone number you dialled and the exact time and duration of your call – that’s enough to fingerprint your unique call and trace it back to you. This is the kind of information that should be immediately removed from your phone records, not stored for 12 months.

No self-respecting email provider has ever kept detailed logs of your email activity.¬†Even privacy-invading GMail doesn’t keep that kind of information. It’s just as useful as keeping browsing history via DNS logs or similar. Why? Because when you sign up for that kinky 80’s porn you receive an email confirming your account. When you sign up for debt consultation, they send you an email or a phone call. When you access mental health services, or help for addictions, or food relief charities, or religious services, or specialised legal services, you will receive an email or a phone call. Is this an invasion of privacy? YES! Of course it is. It’s nobody’s business to know who contacts a legal firm, or who they speak to – and they may have a specific non-disclosure agreement with the service provider intended to protect the privacy of their clients … now these agreements are all invalid.

What the law enforcement agencies learned is that much less data is being kept and stored by service providers now compared with the past. And they didn’t like that. So without going over everything in the last post, I should remind you that your ISP is not required to log your DNS or browsing history – however that doesn’t mean they won’t or that they don’t. It is well known that OpenDNS logs all DNS activity forever. You need to use services that respect your privacy, not services that “might” invade it.

  1. Move off your ISP email address, and move off any email that is provided from Australian provider. I cannot understate the importance of this – your account activity will be logged and stored for 24 months by your service provider. This includes the details of all incoming and outgoing emails associated with your email account!
  2. If you have a website hosted in Australia, change your email settings so it is provided from a USA data-centre. Your registrar might provide you with a free service, there are plenty of cheap options out there, and there are many webhosts who would provide this for free to non-profit organisations. Hopefully Aussie webhosts step up and provide options or advice for their customers.
  3. Get the MVPS HOSTS file.
  4. Get a VPN. Websites I suggest visiting are Choice, TorrentFreak, Whirlpool, and Reddit/Vpncoupons.
  5. Change your router DNS servers to privacy-respecting alternatives. Do note that this can break free-bandwidth allowances on certain streaming services.
  6. Install DNSCrypt (and do not use an OpenDNS provider since they log usage). I recommend using the winclient to manage it (on Windows). Unfortunately installation is not completely straightforward. Be careful as you may not be able to access the internet if you install it wrong. DNSCrypt encrypts your DNS requests, preventing spying spoofing and man-in-the-middle attacks.
    • First download dnscrypt-proxy, then the winclient. Extract both to the same location (e.g. “C:\Program Files (x86)\dnscrypt-proxy-win32\bin”), and make a link to the winclient it in your start menu or on your desktop.
    • Open Network Connections (Start > Settings > Network Connections).
    • Right-click your network card and select Properties.
    • Select Internet Protocol Version 4 and click Properties.
    • Select “Use the following DNS server addresses:” and type 127.0.0.1 into the “Preferred DNS server” input box. Leave the second blank and click OK.
    • Open dnscrypt-winclient (you may need to run it with admin privileges).
    • There are two buttons at the bottom, if the first one says “Install” then click it.
    • If the second button says button at the bottom says “Start” button then click it and wait for the server to start.
    • Select the “Config” tab, and choose a provider (e.g. “CloudNS Canberra”).
    • Close the winclient. These settings are now saved and you do not have to open the winclient again, even after restarting Windows, unless you want to change something (e.g. if the DNS sever you selected goes down).
    • For good measure press Winkey-R and type “cmd/c ipconfig/flushdns” (without quotations) and hit OK.
    • Test the internet. If you can’t connect even after changing the provider in winclient then something with your settings is wrong. Open your network card and change the setting back to “Obtain DNS server address automatically”. Open the winclient and uninstall the service. Press winkey-r and run “cmd/c ipconfig/flushdns” again, and the internet should work as it did before.
  7. Use Firefox. Setting Firefox up for maximum privacy is fairly straightforward:
    • Click Options – Privacy. Under History select Firefox will: “Use custom settings for history”. Change the “Accept third-party cookies” option from “Always” to “From visited”.
    • Click Options – Search. Change default search engine to DuckDuckGo.
    • Install the Google double-click opt-out plugin.
    • Install the Google Redirects Fixer add-on. There are other add-ons that do the same job, what it does is prevent Google tracking which link you click by removing their redirection links.
    • Install uBlock Origin. Third-party ads and privacy do not mix, full stop. uBlock is far superior to AdblockPlus in every way, it is leaner and doesn’t come with “acceptable ads”. Open the uBlock settings (click the toolbar icon and then the version bar), select the 3rd-party filters tab, ensure all three options under Privacy are selected, then click “Apply Changes” and close the options.
    • Optionally install NoScript – it is aggressive and takes patience since you will regularly need to white-list new domains.

Of course you should also have Avast or another anti-virus program running. Security and privacy go hand-in-hand. Privacy cannot be understated – imagine if it was your credit card number that these companies were being directed to retain by the government! It would be a huge security risk to the customers, and not to mention go completely against best practise policies regarding the handling of such information.