Thanks to the metadata retention law, nothing is private anymore. The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 has not just put our privacy at risk, but also the privacy and security of friends, colleagues and loved ones we communicate with. Fortunately, there are steps you can take keep yourself protected.
Australia Data Retention Law
The data retention bill has been brought into existence in the name of equipping “Australia against emerging and evolving threats.” The bill legally authorises all Internet Service Providers (ISPs) in Australia to retain the metadata of its customers for up to two years.
As per the retention policy, the ISPs have now complete statutory power to store the metadata of phone calls made by Australians. For instance, location from where the phone call is made, the number of the caller and the recipient, the time and date of the call, etc. will all be documented.
Apart from phone calls, the bill also allows ISPs to store browsing history and email activities of its users as well. For instance, the ISP can store the time and date of the email, the id of the recipient, and even the attached files.
Currently, the data retention is limited to certain metadata, but there is no telling when it can be extended to our detailed browsing history, call conversations, chats, etc.
What’s more troubling is the thought of losing your data to a rogue ISP. After all, you cannot expect every ISP to be honest in their dealings. A dishonest ISP may agree to maintain privacy policies while handling your private information but behind the scenes, it may end up selling it to third-parties.
Regardless, it is not like you can’t keep your online privacy intact after the implementation of this new mass surveillance policy in Australia. Fortunately, there are some tried and tested ways to hide your digital identity from ISPs for good.
4 Ways to Circumvent ISPs Tracking
IP tracking is the primary way to track and monitor the users on a network. Hence, the first countermeasure against ISP tracking could be through hiding the real IP.
There are many ways you can browse the Internet anonymously. For starters, you may try using a proxy server to conceal your real IP. It allows you to redirect your traffic through a different server while browsing, which ultimately makes it difficult for ISPs to track the real IP address.
You may also use popular services like TOR, aka The Onion Router. It is an anonymous browser that routes your traffic through a network of computers (nodes). It is like using a proxy on steroids, but it is way more secured than a simple proxy server.
It is imperative to understand that TOR isn’t for making your everyday browsing anonymous. Use it for activities that come under the umbrella of “sensitive information.” Also, don’t use TOR for large volume broadcasts such as p2p file sharing, etc.
Block Tracking Cookies:
Cache tracking is yet another way your online activities are tracked and monitored. To block these trackers, you may use browser add-ons or extensions like Ghostery or Privacy Badger. Privacy Bader is an open-source extension available on both Chrome and Firefox. It blocks all the non-consensual trackers used by websites to track on-site user behavior.
You may, in fact, find tracker blockers that block even analytical tools from monitoring your on-site activities such as Disconnect.
Encryption is perhaps the best way to make sure your online identity is safe. You may use encryption tools like the HTTPS Everywhere extension that turns a non-encrypted URL to an encrypted HTTPS if a website supports it. The HTTPS may not hide the website itself from the ISP but it will hide the activity you would do on the website because of an encrypted connection to the server.
Encrypt Phone Calls
Since the data retention law also includes your phone call metadata such as caller and recipient id, time of call, etc., it is imperative that we add encryption to our phone conversations as well. For encrypting voice calls, you may try mobile applications like Signal (for iOS) or Redphone (for Android). The apps use end-to-end encryption for voice calls and text.
The solutions mentioned in the article might not be fully bulletproof or shall we say cybercriminal-proof, but it’s better than nothing. These simple tools might not stand a great chance against sophisticated attacks, but it will definitely save you from everyday regular cyber-attacks.
Anas Baig is a Cyber Security Journalist by profession with a profound interest in online privacy & security & IoT. Follow him on Twitter @anasbaigdm, or email him directly by clicking here.