Project: Fuck Censorship Data Retention

Project: Fuck Censorship And Data Retention

ICYMI: Data retention and censorship look really likely.

While not perfect, VPNs seem our best countermeasure to this unmitigated bullshit. Relatively straight forward to set up, able to circumvent filtering and deal with a good part of the data-retention privacy invasion.

I think it’d be a good time for us to put out a how-to on getting VPNs set up with android, iphone and the major desktop OSs.

It would be good to also do a how-to for setting up a commercial VPN account and, separately, how to roll-your-own on a VPS or something. The Party could avoid endorsing any particular VPN or VPS provider by having members discuss the providers they use, if they’re comfortable.

@mudgutz on twitter talked about flashing a TP-Link router with OpenWRT (something I’m pretty sure I’ll be doing as a stop-gap) so all traffic from the house is piped by default. Maybe part of the project could provide – at cost price or plus a small donation – pre-flashed routers running OpenWRT with instructions on setup.

I think it’d be a pretty powerful message if we’re the group helping people lawfully circumvent this catastrofuck.

Current Mood:

Not an official pirate but I’ll chime in anyway. I love the idea, especially the part about distributing pre-configured openwrt boxen. For browsing I generally lean towards Tor as a good (and $0) solution, but configuring that for other applications is beyond most users.

In terms of VPN providers, torrentfreak puts out a list every year which summarises things. I would avoid recommending that people set up their own VPS as then you miss out on one of the primary advantages of using a collective VPN, which is the anonymity of hiding amongst the crowd of other traffic going through it.

Edit: the big disadvantages of a VPN should be made clear too, namely slower speed, the trust required in your provider (no different to trusting your ISP though) and geoblocked content (i.e. no abc iview).

Something along those lines is definitely in the works. Membership is free at the moment if you’re interested in joining. The digital rights movement needs all the help and skills it can get right now.

You should absolutely join

Not to mention, right now you can pay what you want (no minimum) for the membership fee.

Those into DIY routers could check out this pfSense box:

https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/

I really like the idea of having events people can come to and learn how to bypass data retention.

Could be really successful working with other groups to promote and get this out. Pre-configured router sales would help pay for it and attendees can still bring their own to flash.

Something definitely needs to be done along these lines. The Pirate Bay proxies that several other Pirate Parties ran were effective in both opposing internet censorship policies, and drawing attention to the party.

The Australian public really needs a one stop shop website that outlines all the things they can do to protect their privacy. Though I’m not sure if it’s really appropriate for the Pirate Party to be giving advice on which providers to use, something along the lines of this secure messaging scorecard from the EFF would be very handy for many people who simply don’t have the technical knowledge and/or experience to evaluate these providers themselves.
https://www.eff.org/secure-messaging-scorecard

Well today sucks. Could we use the Wiki for this?
There are a lot of pissed off people today asking about VPNs, Tor etc. I think it would be great if we could point them to guide on what to use, how to configure it and so on. I’d love to be able to point people to one single guide and it would be awesome if it could be published here.

I’ve set up all the things @Joe mentioned, plus more. There are guides galore for doing everything someone would need to be near invisible to this scheme, but the problem is they are all over the place and you have to know what you are looking for first.

How to start though? Is it appropriate to have a party endorsed guide for this? Is there anything that would be inappropriate (HOWTO on setting up a proxy in a Torrent client for example)?

We’re working on soemthing at the moment

Latest draft has been upload to the dev site…

Thanks especially to Joe, Liam & Frew for recent additions/edits.

There’s still some holes and bits that could use rewording etc so if anyone else wants to have at it: http://pad.pirateparty.org.au/p/avoid_surveillance

Some thoughts on the current draft and the state of editing/contributing:

• Firstly, it’s very difficult to start contributing to the draft in the pad, since it’s raw HTML. It makes it hard to write anything without getting bogged down in formatting.

• The opening sounds too much like a PR. The potshots at Coalition and Labor and their Stasi-like regime come across as bitter and will probably turn off anyone who’s on the fence about whether data retention is a bad thing or not.

• Bullet points aren’t a good way to organise this type of information (leaving aside my posting this in bullet points). I’m not sure if they are intended as outlines for the final draft but I see that the quick guide I wrote on VPNs has been chopped up into bullet points, which makes it look like a Powerpoint presentation. I think it worked much better in paragraphs and bullet points should be saved for things that obviously work as lists (step-by-step guides, lists of benefits/drawbacks, types of data to be retained).

• The Email section contradicts itself several times and offers few practical tips. For someone who is just learning about data retention and online privacy, this would be impossible to follow. Secure Email Services is just a list of things I shouldn’t do, and the PGP section immediately states that it is just a good practice to follow and won’t protect you from data retention. A better tip for email would be explaining that your ISP is required to follow Australian data retention laws, but international providers like Gmail won’t have to (with a caveat that this does not guarantee your email data is private, and a link to learn more).

• The amount of apps, addons, and extra services is just overwhelming. What do ads or trackers have to do with government surveillance? What even are trackers? Why does it matter if something is open source? These are all WAY outside the original scope. I think the focus of this guide should be on realistic measures people can take to protect themselves under data retention, not a massive primer on how to lock down your internet completely. A followup guide on serious measures you can take to protect your data would be neat though.

Basically I’d like to see an easier way for people to edit the draft, and instructions to all editors on what the scope of this guide is and how it should be written. I think that would encourage more people to get involved in adding info while ensuring the text is clear and consistent.

Ive popped the content into a google doc:

https://docs.google.com/a/pirateparty.org.au/document/d/1Il0frHsQV2slhzGma_woc92p5hWdZGKjuDzyrNC71sk/edit?usp=sharing (stuff that appears in pop up dialogs etc are in table cells below the content that refers to them)

Hopefully this may help in editing content without worrying about the markup.

as far as dot points. I felt that going dot points might make it easier going for non-tech readers etc. This was mainly in an attempt to try and simplify everything as far as possible. Ive always perceived the target audience as relative ‘noobs’, so aiming for as simplified as possible with the intent of linking off to other existing guides and resources as far as possible. So that this is more an overview with particular focus on how it relates to data retention.
If anyone feels that paragraphs works better than dot points feel free to edit/swap/replace etc, im not attached to anything at this stage and much of the original pad content was superior but there’s so much across the board that i was just looking at seeing what could be culled/simplified.

Everything still all needs to be proof read etc, and theres still gaps to fill too. and yeah, lots of it could possibly be ditched.

As far as the content, a lot of it is from multiple authors and ive mainly been concentrating on getting it into a single thing like this, but text definitely needs revision (the stuff i wrote/added last night is even full of typos etc still that i haven’t gotten around to fixing yet)

Im more than happy for anyone to tailor the scope of this etc, and be brutal on culling bits out or rewording or changing how it reads etc. Now there’s the google doc format, will that help in the content editing aspect for others as well?
The written content overall certainly lacks a ‘consistent voice’, but i was aiming that that would be fixed in proof reads/rewrites etc

Oh, re Ad tracking etc, a method the NSA uses to follow/track people is by piggybacking surveillance on stuff like Google’s ‘supercookies’ and other advertising cookie type things. How that all relates to the specific Australian experience with data retention isnt entirely clear. If we do include a section on this, an explanation of this and why etc would be helpful, but yeah, we have no such content in there as yet.

Oh yeah, the opening probably sounds like a press release because I think i lifted it from our press release. heheh
again, not attached to it, could very much do with a rewrite for this purpose.

Maybe the term “user pays security” is worth having in the intro somewhere., the concept of “user pays” is something that politically aware people understand, and is usually rejected when it comes to security,

Looking like a damn good start. Having a read and getting a feel for the scope, I’ll add what I can without going overboard with tech heavy content.

The legislation specifies a minimum of what records need to be retained and made available, does it specify a maximum, and are “commercial service provides” allowed to sell it to third parties as well ?

Some corporations might be tempted to record more than required and sell it to 3rd parties to “maximize their return” on required infrastructure.

Also perhaps customers should have a right to see their own metadata.

Customer access to metadata is allowed. Telstra have a form through which you can view your collected data at a cost https://www.telstra.com.au/privacy/customer-access not sure if anyone else has implemented this yet

pretty sure it doesnt spec a maximum, ie it does REQUIRE them to store content, but if its cheaper and easier to keep content - ie not extract it - then it could be kept (and presumably accessed) … i might be wrong on that, but that’s my take atm. Someone with a better reading/comprehension of the Bill may correct me if need be

This is an example of what i fear might happen to our metadata (as i mention a couple of posts up).
“call centers sold mobile customer information to criminals”

Here’s something I found today - small, ToR wireless routers. http://arstechnica.com/information-technology/2015/04/review-anonabox-or-invizbox-which-tor-router-better-anonymizes-online-life/

Might be something worth looking into for no-hassle anonymisation.

On a related note, I toyed with OpenVPN on AWS free-tier and got it working to a point where can have my internet ‘presence’ come out of the US. The downside is this is PC-based, not IPSEC or similar. There’s plenty of good articles on this, I used https://docs.openvpn.net/how-to-tutorialsguides/virtual-platforms/amazon-ec2-appliance-ami-quick-start-guide/. It’s a bit technical but its a start if you want to send your traffic elsewhere. Just be aware if there are costs for data from your VPS to you.