Metadata, Internet Security, Data Retention and VPN

Whilst Australian politicians are still confused [2] about metadata and are still unable to define metadata without the use of silly metaphors, I decided to write this post to clarify what it is, what potential threat it carries to your privacy and how you can protect your sensitive data from the prying eyes of an oppressive regime.

What is Metadata?

Metadata is a structured array of data about other data. I’ll try to simplify and present a more realistic meaning of this definition. Metadata is the information pertaining to your digital and electronic activity. This information contains a lot about you given the fact that a lot of the things we do these days have an electronic gateway in it at some point. Try counting the instances in your previous day when you were making a phone call, using your favourite health app, sending an email, visiting a web page, making a payment transaction to buy something. It is all metadata. Metadata in these cases will contain information like:

  • The time, destination, geo-location and the duration of your phone call
  • Geo-location, duration and amount of time of your fitness routine
  • Recipient, email client you use and timestamp of the email.
  • Time duration you were connected to the internet. Description, address, keywords and content type of the web page you visited. If you watched a youtube video, the data can comprise of information about the contents of this video (such as transcripts of conversations and text descriptions of its scenes) is not directly understandable by a computer, but where efficient search is desirable.
  • Timestamp and geo-location
a mail's normal view

A simple email with just a attachment.

metadata of an email

metadata of this email containing the sender’s & recipient’s address, sender’s mail client, timestamp and other technical details.

All these items combined can portray a very precise and thorough picture of your daily life. The above items are just a few examples of the metadata that can be collected and by no means lists all potential items. The Australian Government is yet to spell out their definition of metadata but this should give you an idea. Zeit Online has compiled a report based on the information collected on Germany’s Greens politician – Malte Spitz by Deutsche Telekom over just six months. The report uses the data provided by the telecom company and combines the geo-location data with information relating to his life activities such as Twitter feeds, blog entries and websites, all of it freely available on the internet. The profile created using your personal data will be much more thorough and will contain information that you yourself might not be aware of or remember yet anyone but for yourself will be able to access this profile.

How would the proposed Data Retention Laws impact you?

For starters, the internet bills can go up by $10 per month [4]. Storing millions of users’ metadata for two years, as hinted by the minister of communications – Malcolm Turnbull [5] in his speech, will consume a lot of resources (we’re talking petabytes of storage here) and ISPs will have to make arrangements for that on their own. Ironically this extra cost is being called ‘the internet tax’ [4] which is quite funny because practically it means that we’ll be paying an additional tax to the government in order to facilitate them to collect our kids’ private data that even we aren’t aware of. Effectively, it will also mean that 18.1 million Australian citizens [6] will be placed under a constant surveillance and their every word can and will be used against them to issue warrantless arrests by secret services like ASIO. You will be guilty until you prove yourself innocent.

A word on Internet Security

There is no one click solution to achieve Internet Security. There are a few steps which I will be discussing to help secure your digital information.

Step 1. Securing your computer

Internet Security begins with securing your hardware and operating system. There’s no point worrying or being concerned about your privacy if someone has got a usb transmitter plugged into your computer relaying all your data to him anytime he wants. You should chose your operating system very wisely. Your choices are restricted to Windows or Mac if you are a professional as the major software are created and maintained for these two OS mainly. Luckily a lot of people use their computers just for browsing the internet, accessing the email and listening to music. If this describes your digital routine, take some time to explore Linux systems. Windows and Mac password protection can be bypassed easily by a teenager let alone a trained professional. You can take some steps however to secure your system to prevent this from happening. {I plan on doing a thorough post to show how to achieve this, you can subscribe to get an update when it’s published.} You’ve won half the battle by securing your computer. The next step is to secure your internet connection. The NSA leaks revealed how easily the governments can access your data and how all your communication can be intercepted. The leaks also revealed how easily your activities can be tracked. There are a couple of ways to prevent such incidents. One of them is to make use of a VPN (Virtual Private Network). You can also make use of the Tor browser to stop being tracked.

Step 2. Securing your internet Connection

Any website you visit can collect a large amount of data. Visit stayinvisible.com yourself and see what data your computer has been offering. If you are an avid traveller, your internet communication is even more vulnerable to such eavesdropping while you are using public wifi in a café, hotel or a train. Theoretically this can be secured by the use of a VPN.

What is a VPN?

A VPN or the Virtual Private Network is a service that lets you plug into their servers and browse the web anonymously. The service allows the VPN client (installed on your computer) to make use of the private network and boost your security by encrypting your connection and kicking out the eavesdroppers. Encapsulation is a fundamental concept in all seven layers of the OSI Model. A VPN client simply adds an additional layer of encapsulation on a packet to be relayed at layer 3 or layer 2 on one end and then removes (de-capsulates) that layer at the other end. This simple on the fly encapsulation, de-capsulation technique at the two ends is often referred to as tunnelling and is the working principle of all Virtual Private Networks. Choosing a good VPN provider is absolutely critical. You must know under what legislation a VPN operates & if they log your data because quite frankly, there’s no point in taking all these safety steps if your VPN provider is logging all your activity and providing a backdoor access to the goons. Let’s go an extra mile and add another layer (or in this case – layers) of encryption. Once you’ve got your VPN setup, you can use Tor browser to encrypt your digital traffic.

What is Tor?

Tor is a package of software (browser included) that utilises the technique Onion Routing in order to conceal your identity and geo-location. Whilst there’s a continuous technical tug of war between the Tor developers and ‘intelligence agencies’, it remains the leading free privacy mechanism as it continues to make it extremely hard to track you down. The NSA itself described [10] Tor as “the King of high secure, low latency Internet anonymity” with “no contenders for the throne in waiting”. You can download and start using the Tor browser in tandem with your VPN. Metadata of an email. Bonus: A list of five VPN Providers with a good reputation. As I have mentioned before, chosing the right VPN service provider is absolutely critical. Although many of them claim that they ‘do not log’ any of your information but if you go an extra mile and have a read of their privacy policy services, you will find out they log a significant amount of your information. For example, I had a look at xyz VPN Company that advertises ‘no logs’ on its front page Sounds pretty good, what can possibly go wrong? But when I had a closer look at their privacy policy page, here’s what I found: For me, ‘personalised experience’ and digital privacy are the two things that do not go hand in hand and hence I chose to stay away from such companies. Besides, the legislation of a lot of countries forces the VPNs to log their customers’ activity. The United States, for instance, does not have a mandatory data retention law for VPNs but most companies keep logs to avoid being sued for copyright infringement under the DMCA Act. Yes, I hear you, the situation is very complicated. I have compiled a list of five best VPNs that do not log your activity and have decent Privacy Policies.

  1. Private Internet Access

https://www.privateinternetaccess.com/

Pros:

  1. Let’s you make an anonymous payment
  2. Operates under US Legislation (no mandatory data retention laws)
  3. Traffic or session data is not logged
  4. You cannot be tracked if a DMCA complaint (copyright infringement) is received.
  5. Reasonable pricing, allows five devices to be connected simultaneously.
  6. Accepts anonymous payments

Cons:

  1. No trial available
  1. Privacy.io

https://privacy.io/
Pros:

  1. User activity is not logged
  2. Based in Australia (no mandatory data retention laws for VPNs at the time of publication).
  3. DMCA requests are ignored.

Cons:

  1. Anonymous payments not accepted
  2. Free trial not available.
  1. VyrVPN

http://www.goldenfrog.com/vyprvpn Pros:

  1. User Activity is not logged.
  2. Based in Australia.
  3. Free Trial Available.

Cons:

  1. Expensive.
  2. Only one simultaneous device allowed in the basic plan. Higher end allows three simultaneous connections.
  3. Stand on DMCA complaints unclear
  1. Torguard

https://torguard.net/
Pros:

  1. User activity is not logged.
  2. Operates under the US Legislation.
  3. A DMCA complaint can’t be tracked back to you.
  4. 5 devices allowed to connect simultaneously

Cons:

  1. Expensive.
  2. Trial not available
  1. NordVPN

https://nordvpn.com/
Pros:

  1. User activity is not logged.
  2. All DMCA requests are ignored.
  3. Reasonable Pricing

Cons:

  1. Trial not available.
  2. P2P traffic is not allowed on certain servers.

Conclusion

The metadata can be theoretically safeguarded by taking the measures discussed in this post but since the claims of these companies can not be 100% proven, it’s better to stay safe and not share your sensitive information on the internet. Don’t share your loved ones’ photos with anyone, don’t enable the navigation services on your smartphone, don’t install software that can not be trusted, use a firewall that lets you monitor all your incoming and outgoing connections, stay updated and informed on the internet security by subscribing to Internet security blogs and actively seeking consultancy regarding your privacy. References:

  1. http://www.oaic.gov.au/news-and-events/statements/privacy-statements/australian-governments-data-retention-proposal/australian-government-s-data-retention-proposal
  2. http://mashable.com/2014/10/31/aaustralian-politicians-meta-data-confusion/
  3. http://www.niso.org/publications/press/UnderstandingMetadata.pdf
  4. http://www.smh.com.au/it-pro/government-it/data-retention-scheme-would-lead-to-surveillance-tax-on-consumers-say-telcos-20140729-zy4ch.html
  5. http://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users
  6. http://www.minister.communications.gov.au/malcolm_turnbull/blog/post…
  7. http://en.wikipedia.org/wiki/OSI_model
  8. http://compnetworking.about.com/od/vpn/a/vpn_tunneling.htm
  9. http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
  10. http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity

Tags: , ,

Trackback from your site.

Comments (3)

  • Avatar

    Michael Taylor

    |

    I couldn’t resist commenting. Very well written!

    Reply

  • Avatar

    Maurice

    |

    All regimes have progressively become more and more ‘oppressive’. The solution to ‘terror threats’ does not reside in spying on your own people and watching their private lives but in building trust so that people know that governments are actually looking out for them. Unfortunately, I am yet to see one government that REALLY cares about it’s people.

    Reply

Leave a comment


 Sitemap