Proactive responses to data retention

Hey all,

With Labor looking like it will support data retention, we’re going to have to be doing something other than issuing press releases saying this is bad (like we have been).

Let’s get some ideas down and create a page showing people why data retention is bad (lots of resources for this, so that’s the easy part) and what they can do to get around it. Then we can promote this. Ideas can go here:

A second idea that will hopefully be developed is holding real-world events (similar to cryptoparties but with less nerds and less sexism). Not sure exactly how that will go, but one step at a time.


Just as a comment for those adding to this, keep in mind the intended audience. Discussing running your own VPN on a VPS is probably beyond the scope. Even stating which ciphers to use is probably out of scope.

There’s little talk of the “hacking the database” type concerns regarding retention. Point out some of the big-name hacks over the past few years, like the Target one in the US. By storing all Australians data for two years we are making a target for anyone wanting information on us.

Also, is it worth doing some sort of quick FAQ?

  • Is this illegal? No, there is no legislation (existing or proposed) which says you cannot use VPNs or proxies or other tunneling methods.
  • Aren’t you just giving criminals instructions on how not to get caught? The criminals already know of these tools. These are not secret espionage tools, they are tools that have been around for decades. There’s minimal chance any half-smart criminal will get caught.
  • Then why do we have this legislation? Good question. Go ask your local representative and see if they have better answers.
1 Like

Absolutely agree with you William! I’ve tried to put that at the top as a guide and will hopefully get some time to editorialise the content.

We’ll also knock up a page about “why data retention is bad” and have an FAQ I hope. I like your suggestions; feel free to add them to the pad :smiley: as well as any other concerns.

How about something along the lines of this…

Securing Your Online Privacy

With the impending mandatory data retention legislation coming into force, now is a good time to think about your online privacy and how to minimise any of your personal information being stored on behalf of the government.

One of the simplest ways to provide online privacy is to use a Virtual Private Network or VPN. This is a legitimate and legal way to encrypt your online traffic and there are many businesses available which specialise in this service.

For windows users it is as simple as downloading a VPN client and following some basic configuration instructions and then connecting to the service providers servers to provide an encrypted link to wherever it is you wish to surf.

A good guide to VPN’s can be found here:

Is it really this simple?

As with a lot of things in life the answer is both yes and no and depends on what online activities you are undertaking. For those who feel they would be at risk, say as whistleblowers, can find more information on advanced topics here: prefixed by http://

(This text is at the bottom of the pad however as a new user no more than 2 links are allowed hence the dodgy ipleak thingo)


Definitely along the right lines! :slight_smile: Giving me a bit of enthusiasm that maybe we can actually get this done successfully :stuck_out_tongue:

1 Like

as mentioned in IRC, first draft of a VPN diagram here: which has data retention specifics added.

Just looking for feedback on the technical details/accuracy and also the content. Once that’s down pat we’ll pass it on to graphic designer to actually make it look half decent.

As far as general website resource, that’s what this would be a part of, and we need to keep getting content sorted for that. Important to make it simple, we can leave out a lot of technical details and use links etc to go to more detailed stuff, think simple explainer to start with.

Still working in
There’s a space there for feedback re the diagram also (or feel free to work here too)
Down bottom, starting to add a simple dot point overview/FAQ/primer on data retention to go with the ‘how to protect your privacy’ advice/guide.

1 Like

Here’s How Hardcore Right Wing Groups Campaign For Tony Abbott, and now you can too.
The emails were sent through an easy-to-use tool on the website of the pro-Christian, anti-gay marriage pressure group, Australian Family Association. It is available to anyone and lets people send identical messages to dozens of Liberal politicians at once.

Bruce Schneier put it exceptionally well on Lateline:

You know, the “nothing to hide” argument comes up again and again and it’s obviously ridiculous. Privacy is not about something to hide. Privacy is about human dignity. Privacy is about individuality. Privacy is about being able to decide when and how we show ourselves to other people.

You know, to say that privacy is about something to hide: it takes a very narrow view about privacy. And I assure you all of those politicians don’t reveal everything about themselves.

Yeah as a side aspect coming off of all this i was hoping, whenever time would be available, hehe… to branch out into a bit that also debunks the ‘nothing to hide’ fallacy.

links etc on this:

Is there a working group I can join?

Latest draft has been upload to the dev site…

Thanks especially to Joe, Liam & Frew for recent additions/edits (and everyone else before them).

There’s still some holes and bits that could use rewording etc so if anyone else wants to have at it:

The more I find out the more I understand just what a vassal state we live in. The net is totally monitored by the USA / UK. We wont change that except possibly we can encrypt. But it has to be military grade.

I’ve recently discovered a rather nifty little project called Confidant Mail, which addresses a number of the problems we’re facing with data retention in a very nifty way. Furthermore, it achieves what so many people always thought might be impossible: providing GPG encryption in a user friendly form (well, potentially so, the UI still needs some work and, ideally, improved API and wrappers for people to make or modify their own). Anyway, I’ve invited its developer/inventor to pop by and give us a little run down on what it involves.

I will say that it’s not ready for the general public yet, but it is one of the most impressive implementations of a secure alternative to SMTP I’ve seen in years. I also think that with a bit of work on an API and user interface options it could certainly be ready for a major push within 12 months (i.e. before most or all ISPs implement the craziness from Canberra).

Hello, this is Mike, author of Confidant Mail. Confidant Mail is a new email protocol, not based on SMTP. It lets you send attachments of unlimited length (over 4 GB has been tested and works), and automatically encrypts and signs all your messages.

You can use your existing email address, and Confidant Mail puts a key identifier at the end so you can be sure you are talking to the right person. My key identifier is d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2.

The UI is not as fancy as Gmail or Thunderbird, but it’s functional for sending and receiving messages. The setup is automated, so you do not have to type in any server addresses or ports. There are servers available for anyone who wants to try it out. Windows, Mac, and Linux clients are available.

Is this new protocol documented? I tried looking through your documentation but couldn’t find details on the protocol (as opposed to the software).

Please take this discussion to a new thread. “Reply as a linked Topic” appears on the right every reply when you hover over it, so please do use that feature.