Dodging Data Retention: How I Sidestep Government Spying

Australia's new data retention laws come into effect today, and a lot of people are looking for a way to keep their personal communications private. This is what I do to keep my mobile phone data, and the data from my PC and laptop at home, secure and encrypted and safe from unwanted surveillance from government or from any other interested party.

VPN image via Shutterstock

This is by no means a comprehensive guide, and it's by no means a comprehensive safeguard against unwanted snooping. Any party that was especially interested in surveilling me could do so by other means — by gaining access to my Gmail or work email account, through monitoring my everyday phone and SMS conversations which can't be secured via VPN, through breaking into my home Wi-Fi and sitting in the middle of any connection that takes place. But for the average user that doesn't already have ASIO or the Australian Federal Police after them, using a VPN — whether it's on a mobile device or a more permanent network installation — is enough to encrypt and anonymise internet data and hide it from plain view.

On My Smartphone And Tablet

I have an Android smartphone (a Samsung Galaxy Note 5) and an Apple tablet (an iPad Mini 4), and I change devices extremely frequently, so I wanted a service that could follow me easily between different phones and tabs. I also carry a 4G hotspot with me most of the time, so I'm not using my phone's measly data allowance too often. That means any service I choose would almost certainly have to run through a standalone app, for both iOS and Android, rather than require any diving into settings to input IP addresses and activate and deactivate every five minutes.

I'm using Private Internet Access, which has those all-important companion apps for both major mobile platforms — it's $US39.95 annually, or $US3.33 per month at that discounted rate. You can also sign up for six months at $US35.95 ($US5.99 per month) or one month for $US6.95. PIA has 2897 servers across 31 locations around the world, including the US and UK and Australia, each of which has a pretty straightforward host address — us.east.privateinternetaccess.com, or aus.privateinternetaccess.com, and so on. Encryption is user-adjustable, and the service uses the open-source OpenVPN standard.

When you sign up to PIA (you'll need to supply an email address, along with a PayPal account or credit card and billing details) you're sent a randomised username and password via email. Download the app, open it up, choose a server from the list, plug in your username and password, click connect, et voila — your internet session is anonymised and ready to go. The servers are fast, too — the closest Sydney server to my 4G connection at the Gizmodo office has a 4ms ping, Melbourne is 17ms, and the fastest US location is California at 190ms ping.

PIA hops connections, too. When I switch off my 4G hotspot or jump on the Gizmodo office Wi-Fi, it'll quietly go through the re-connecting and re-authenticating process in the background, and encrypted internet traffic continues on its way when the connection is secure again. A permanent notification in the notifications menu tells you when you're connected, and which server you're connected to — the app also shows you current download and upload speeds and the quantity of data transmitted so far. I don't notice any significant speed degradation, and I like knowing that my data is travelling securely to its destination.

On My Home Wi-Fi Router

Because I have a whole bunch of different internet-connected gadgets on my home Wi-Fi network — I counted a dozen last night, just sitting there snoozing and requesting the odd data packet around the clock — I wanted a VPN service that ran on my router, and therefore covered every single piece of traffic travelling through my internet connection. The alternative is to install a VPN on every single device that accessed the internet — chief amongst which is my desktop PC and laptop obviously, since they're full of my personal communications — but that's not feasible.

I'm lucky enough to have a Wi-Fi modem router that supports a PPTP VPN. PPTP stands for "point to point tunneling protocol", and it's one of the simplest secure ways to set up a VPN. Check to see if your router supports a VPN, and if it doesn't, you'll have to set up devices individually and on an ad-hoc basis. It's much simpler to set it up on your router if possible, and you can get a great Wi-Fi router (I'm using a Dovado Tiny AC as my internet gateway) for little more than $100.

I could use the same Private Internet Access account that I use on my phone, but I've had a UnoVPN service sitting idle ever since I signed up for a year's UnoTelly Gold— for $US59.95 annually, or $US4.93 per month at that discounted rate. The main feature of UnoTelly is a DNS redirection service that operates outside of a VPN, giving you access to US or UK Netflix or US YouTube and the like without redirecting the entirety of your internet traffic — which is useful for fast 'net browsing while watching international videos, but not what I'm after here.

The process with UnoVPN is a little more complicated than with PIA — you sign up (you'll need to supply an email address, along with a PayPal account or credit card and billing details) and then login details for UnoTelly's web portal are emailed to you. From there, you can choose an international gateway from either the US or UK offerings, and put that host address plus your UnoVPN user details into your router or any other device you set up. My Dovado router runs the PPTP VPN as part of its initial startup process, so as soon as it's started up and I'm connected to the internet, I know all my data is encrypted and travelling to an anonymous international location before hitting the rest of the web.


Comments

    You forgot to mention your tin-foil hat so they can't read your brainwaves. Seriously, they can put my data up on a billboard for all I care.

      I care a bit more about my data privacy than you care about yours!

        The only problem is that vpn usage is only one step (and inadequate by itself) in protecting against state actors or sophisticated black hats. You are describing here in this article a false sense of security.

        "But for the average user that doesn’t already have ASIO or the Australian Federal Police after them, using a VPN — whether it’s on a mobile device or a more permanent network installation — is enough to encrypt and anonymise internet data and hide it from plain view."

        Only from dumb criminals who don't have access to metadata. As the context of the article is state actors, your caveat doesn't lessen the problem that vpn is inadequate by itself.

        Save yourself some money by not using vpn as your security hasn't increased much.

        Last edited 13/10/15 10:13 pm

      So post up your real name and address then...

      Do us all a favour and prove it. Post 'your data' somewhere (I recommend pastebin for ease of use). I personally think some favorites could be:
      The name of your first pet
      Your address, phone number, and a scan of your driver's licence and passports
      Your email password
      I'm sure you can think of some things to add for yourself.

    I might be missing something, but isn't connecting to the Australian servers pointless, as they'll have to comply with the Australian meta data retention laws?

      At this stage the data retention scheme doesn't apply to VPN providers. Whether that changes at a later date, is another story.

    @campbellsimpson

    Campbell can you answer me a couple of very specific VPN-related questions?

    I also use PIA, and find it works great so far. I was however wondering what to do in a 'tether' situation - specifically I tether my iPhones mobile data connection to my Surface Pro 3 for internet access on work trips. Should I connect to the VPN via the iPhone app, or via the Windows app on the SP3? I'm not quite clear of the 'path' the data would take if I enabled one or the other, or both?

    Also on a general-networking-knowledge note I was unsure whether I should use the 'DNS leak protection' option because when I enable it it comes up with a warning about changing connection settings which it says may cause issues. How does that affect any snooping on me if I 'leak DNS'?

    Cheers if you (or anyone else) could answer this!

    Last edited 13/10/15 7:11 pm

      You want to use DNS leak protection because otherwise the sites you are connecting to can be determined from your DNS queries. It doesn't leak the pages you are visiting specifically, but it leaks the domain names of the sites you are visiting.

      In terms of tethering: I don't have an iPhone, but I would suggest connecting to a VPN on your iPhone, checking the IP address remotely visible for the iPhone (e.g. at http://whatismyip.akamai.com), tether the computer, and check if going to that same page produces the same IP address for your laptop. If the answer is yes, then you don't need to use a VPN on your laptop as well. If the answer is no, then you'll need a VPN for your laptop as well.

      Throughput may be using a VPN connection on your laptop than on your phone (due to sheer processing power for handling encryption) but since you'll want your phone to be on a VPN it probably makes sense to use the phone for establishing the VPN connection.

    Campbell I Ike your post. How do you find the speed using PPTP on your home router? I find that router resources. (NVRam and CPU) slow down the tunnel a bit.

      It takes a slight speed hit, true -- I go from 5Mbps down / 8Mbps up (on 4G) at home to 4/7 as far as I can tell from some very unscientific Speedtest results.

      Please don't use PPTP... at all. It was developed by Microsoft in the 1990s and it is the most insecure of all VPN protocols. It is barely more secure than using a proxy (which is not at all secure). The encryption of PPTP has definitely been compromised by the NSA, and the AFP can probably take care of it in 10 seconds as well.

      The only reason why VPN providers still support it, is because it's "better than nothing" in situations where you can't use anything else.

      For a router in your home you are far better off spending some money on a router with DD-WRT preinstalled. You can buy these on ebay, but the setup procedure is somewhat complex. Outfits like flashrouters.com will sell you one pre-configured for your particular VPN provider and you just plug and play, but there is obviously a cost premium for that service.

      Similarly you may find your VPN provider can sell you a router. Private Internet Access sell pre-configured routers... via flashrouters.com :)

    Way too much hassle.

    Come back with an easier and free alternative please.

    Cant some body else do it :)

    Last edited 13/10/15 10:09 pm

      Sorry, I'll just invent one... voila. Here's this rock, right? This rock will keep you safe from monsters.

      vpnbook.com (several countries) or vpngate.net (Japan) are 2 free open source community based projects.

      Good luck getting a webpage to load though, and as for torrents, forget it.

      If you want a VPN that can go as fast as your internet connection your going to have to choose a decent provider with a well established reputation that charges you for the privilege of access.

      However, not all paid VPNs are good and some are well worth staying away from.

      Google "is your VPN legit or shit" for a decent article with 2 handy tables.

    My problem is that I'm one of the lucky souls that is on the NBN. I have a 100/40meg plan.

    I have tried PIA and ExpressVPN and both of them had horrible speeds. I tried all troubleshooting with their customer support and eventually got a refund for both.

    Specifically I like myself and my partner to be able to download whilst I am also playing online competitve games(Dota2). Whilst using either of the VPNs I either got insanely shit ping whilst not using any other bandwidth or I got lag spikes constantly.

    Who's the best speed wise?

    PS I'm in Melbourne.

      Try Astrill

      No logs, accepts bitcoin, I have done over 90 megabits on their Australian and Canadian servers before.

    If you have a VPN then you can test if it's working here: ipleak.net (including testing torrent clients). You'll see Google Chrome "leaks" your true IP address even when using a VPN (that's worrying).

    I've done speed tests of some VPNs here:
    http://metadataprivacy.com/2015/10/11/vpns-tested-ready-for-australian-governments-data-retention-laws-coming-tuesday-13-october-2015/

    As I've mentioned in other posts, it's all well and good to protect your internet privacy using a VPN but your mobile phone will still be reporting your location for retention without any obvious solution.

    Why try to hide everything explicitly, we should all be hiding our information in plain sight, run something automatic that continually connects to random ip addresses, then your real metadata will be a series of needles hidden in another series of needles in an extremely large haystack. If the volume of data this generates becomes unmanageable and useless they may have to rethink things. I guess the real challenge will be to generate noise that is too difficult to filter and separate from the real data.

    I have been using smartDNS services for years now, and my problem with VPN is the single end point. Can soneone recommend a VPN/ SmartDNS combo service? Right now for example I can go from watching Hulu, to BBC player seamlessly without changing a single setting.

    Last edited 14/10/15 7:46 am

      Getflix works great! It has smartDNS and also includes a free VPN that seems to work pretty well (it has for me at least). There's a "lifetime" (30 years) offer on stacksocial (google it) for US$39. Totally worth it.

    I couldn't care less about data retention, I've got nothing to hide, though people forget the reason data retention is happening. To stop illegal activity on the interwebs. If the data retention is even able to stop one person from committing a terrorist act then I think the government is doing the right thing

      Not sure if troll or...

      Would you be happy to have security cameras installed in your home, along with everyone else's homes?
      Do you think that forcing ISPs to maintain huge databases of personal information isn't just a giant honey pot, perhaps facilitating criminal acts?

    I've been using PIA on my computer at home for a while, but haven't bothered using the service on my phone, until now. Just installed the PIA iOS app and it's working great.

    I'd like to apply PIA at my router level also, to cover all devices on my home network, but my understanding is that this will impact my un-metered Netflix, and I expect it will also adversely affect ping times for online gaming.

    Last edited 14/10/15 4:44 pm

    PureVPN's ambassadors are doing a good job, wonder if their service is as good as the pitch?

Join the discussion!

Trending Stories Right Now