Welcome to Netrider ... Connecting Riders!

Interested in talking motorbikes with a terrific community of riders?
Signup (it's quick and free) to join the discussions and access the full suite of tools and information that Netrider has to offer.

meta data laws work arounds?

Discussion in 'The Pub' started by A boy named Sue, Mar 19, 2015.

  1. What are some practical tips on protecting my valuable meta-data from the government? Pretty much the same as protecting it from google?

  2. Don't use the internet.
  3. these guys (https://www.bestvpn.com/the-ultimate-privacy-guide/#meta) say

    An important limitation to encryption is that it does not necessarily protect users from the collection of metadata. Even if the contents of emails or voice conversations cannot be readily listened in on, knowing when, where, from whom, to whom, and how regularly such communication is made can tell an adversary a great deal, and is a powerful tool in the wrong hands (i.e. just about anybody).

    For example, even if using a securely encrypted end-to-end voice service such as Silent Circle, your ISP (and anyone else watching) will still be able to tell who you are making the call to, whether you are calling from your usual location, how often you call, how long you usually chat, and much more. With such information it would be trivially easy to discover that you were having an affair (for example)…

    However, the reason we said ‘not necessarily protect users’ is that technologies such as VPN and Tor do make the collection of metadata very difficult. In the example above, if you always connected to a VPN service when using the internet, all a watcher could tell is that you are connected to a VPN server, not that that you are using Silent Circle, let alone where and when you are using it…

    Although the NSA does target individual communications, its primary concern is the collection of metadata.
  4. ...apparently journalists are exempt. So I should start a neighbourhood newsletter?
  5. Journos aren't exempt, the powers that be only have to get a warrant, which isn't too hard and doesn't give the journo any warning.
  6. If you must use the internet, use someone else's connection.
  7. Good point, I should hi-jack my neighbor's wifi.
    • Funny Funny x 1
  8. This meta data collection by the Australian government really is scary. I don't think 99.9% of population realise it's danger.
  9. It would be a start.

    The real threat that could be mounted would be a communal smart-phone campaign.

    If enough people had enough roughly equivalent mobile phones with data connections, and, say every couple of weeks, they swapped phones with other random folk........

    The large part of the meta-data would suddenly become fairly bloody useless.

    To be perfectly honest, I doubt if the powers that be actually have a system capable of making any great sense out of the meta-data they want collected, but <shrug> I'm just a cynic.

  10. This would be an incorrect assumption.
  11. burner phone and free wifi hotspots?
  12. Don't panic. Nothing has changed. It has always been available to Law Enforcement Agents.
  13. ow much effort are you willing to go to, how much performance are you willing to sacrifice, and how much money are you willing to part with? A decent VPN service is a good compromise, if you're only after basic protection, as they're inexpensive and give you an encrypted pathway out of the country without too big a hit to speeds (greater latency is unavoidable, but well sized servers will allow your bandwidth to remain much the same). Note, however, that it only provides a safe route from A-B and obfuscates where A is from B; any data you send will be secure until it reaches its destination, but what happens after that is out of the VPNs hands (PRISM, for example, worked by getting Google, Facebook, etc. to simply hand user data to the NSA [no snooping required] which VPN encryption cannot counter, as that'd be like using a screwdriver as a saw).

    I've been using IVPN for some years now, only disconnecting from it when I'm playing multiplayer games or if a site I need won't otherwise work. For me there isn't a big difference between having it off or on for general use, except some websites being less responsive. They tick pretty much all the right boxes for privacy, one of the most important being that they effectively don't log data/traffic -- they keep logs for about ten minutes so they can do network admin stuff an' make sure things don't explode, but any record of any connection you make is long gone just eleven minutes after you've done whatever it was, so it would be as good as impossible for someone to get a warrant (in Malta) in time to catch anything that could trace back to you.

    There are, of course, ways for a sufficiently resourced attacker to get around an anonymising VPN service (without hacking into the servers or or gaining/forcing cooperation or suchlike), but few people merit that level of international attention.

    EDIT: Err, sorry if that was a bit ramble-y.
    • Like Like x 1
    • Informative Informative x 1
  14. Excuse the nuby question but what's the difference in using a vpn or surfing with a Tor Browser?

    Say hypothetically one wanted to use torrents to illegally download movie content (Yes I am shocked that others would do this - I never would) what would be the best way to stay anonymous?
  15. Good info here. I thought I'd add #isis #bomb #threat for the entertainment of our public servants.
    • Funny Funny x 2
  16. They do different things. Tor is primarily designed to make it difficult to trace the origins of a given connection to do things like protect protesters from oppressive governments -- it allows people to get the word out about something or organise themselves without having to worry so much about being tracked down and disappeared, and also allows them to bypass attempts to block sites (such as Twitter or Facebook). It does this by routing traffic through a network of peers, with the endpoint not knowing what the startpoint was. One of the downsides of this is that it is slow, limited by the bandwidth of the people using it, and even watching videos (Youtube, etc.) is discourages because it chews up a lot of this limited resource.

    It would not be suitable for that purpose because it would be slow, using it in such a way would make things slower for a lot of other people, and some poor chump would cop any DMCA/equivalent notices that you triggered. A quality VPN service would be a much better choice, but you should expect to pay for it 'cause the free ones ain't gunna tick that "quality" box ;).

    In terms of privacy, a combination of the two is stronger than either alone, though you do get downsides from both (expense of the VPN, slowness of TOR).
  17. #18 BitSar, Mar 20, 2015
    Last edited: Mar 20, 2015
    I think it is important for people to understand what metadata 'means'
    It is data about data - it describes the data, it refines it, categorises what it is.
    "It" being the primary data object.

    To use an example.
    A torrent is the data "object"
    The metadata could include such values as:
    • Title
    • Description
    • MIME type
    • Format
    • Index
    • Size
    • Compression
    • etc, etc, etc

    Additional to the definition metadata which helps describe the primary data object, the metadata layer can also record network header values - this is the concern.

    Using the above example - the descriptive meta-values are somewhat innocuous. Albeit, they do help to define a potentially "volatile" data object. Never underestimate the power of context and semantic meaning.

    The network header values which will be persisted by your ISP, and which are now subject to audit, essentially point the finger directly at you for making requests for said "volatile" data.

    VPNs, IP-spoofing and other masquerading techniques do help. But as posted above - there is always an end-point.

    Every tunnel requires at least two openings.
    • Agree Agree x 1
  18. A simplified analogy would be the stuff what gets written on packages. One such box I have kicking around bears:

    *Name and address of the sender (oemcycle.com, in this case)
    *Name and address of the destination (me :-O)
    *Weight of the package
    *When it was sent
    *The courier used
    *That it was already paid for (not cash on delivery)
    *What was in it ("Motorcycle parts")
    *Probably more that isn't obvious

    That would be enough to figure out a bit about me and give significant leads to finding out more. If you could combine it with a similar level of information about my all other activities around the time, you could put together a fairly clear picture of what I was doing/my life in general.

    Metadata is essentially like that sticker, except it is attached to every bit of data sent across the internet, and it can contain a much longer list of details.

    Which makes it vital that you pay attention to who you're trusting to be that endpoint.
    • Like Like x 1
  19. Here is the metadata for this thread taken from the source code header. The bits in red text may concern some people as a simple list of URL's you visit doesn't always disclose a lot. You can see the metadata is quite descriptive and includes the thread title, the content of the first post and what appears to be the facebook ID of who posted it.

    <head><meta charset="https://netrider.net.au/" />
    <title>meta data laws work arounds? | Netrider - Australia&#039;s Best Motorcycle Community</title><noscript>
    <style>.JsOnly, .jsOnly { display: none !important; }</style></noscript><
    link rel="css.php?css=xenforo,form,public&amp;style=7&amp;dir=LTR&amp;d=1426417631" /><link rel="css.php?css=EWRatendo,Gritter,GritterEXTRA,SV_addtoHomeScreenDefault,SV_rrssbDefault,attachment_editor,bb_code,cta_featuredthreads,dark_postrating,editor_ui,message,message_user_info,moderator_bar,mood_display,nflj_showcase_wf_sidebar,profile_post_list_simple,quick_reply,rellect_favicon,thread_view,unread_posts_count,wf_default,wf_upcoming_events,xfa_blog_indicator,xfa_blogs_nav&amp;style=7&amp;dir=LTR&amp;d=1426417631" /><link rel="css.php?css=uix,netrider,EXTRA&amp;style=7&amp;dir=LTR&amp;d=1426417631" /><link href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css" rel="//fonts.googleapis.com/css?family=Open+Sans:400,700|Lato:400,700|Roboto:400,700,400italic,700italic|Roboto+Condensed:400,700' rel='/favicon.ico" rel="https://netrider-fcc.kxcdn.com/styles/netrider/NetriderLogo.og.png" /><meta name="styles/default/xenforo/startup-image.png"><link rel="forum/-/index.rss" />
    <link rel="https://netrider.net.au/threads/meta-data-laws-work-arounds.208564/" />
    <meta name="description" content="What are some practical tips on protecting my valuable meta-data from the government? Pretty much the same as protecting it from google?" /><meta property="og:site_name" content="Netrider - Australia&#039;s Best Motorcycle Community" />
    <meta property="og:image" content="https://netrider-fcc.kxcdn.com/data/avatars/m/36/36014.jpg?1351435946" />
    <meta property="og:image" content="https://netrider-fcc.kxcdn.com/styles/netrider/NetriderLogo.og.png" /><meta property="og:type" content="article" />
    <meta property="og:url" content="https://netrider.net.au/threads/meta-data-laws-work-arounds.208564/" />
    <meta property="og:title" content="meta data laws work arounds?" />
    <meta property="og:description" content="What are some practical tips on protecting my valuable meta-data from the government? Pretty much the same as protecting it from google?" />
    <meta property="fb:app_id" content="149725691312" />
    <meta property="fb:admins" content="645177999" /></head>