Note: I've written this as a blog post rather than a private Facebook post so it can be more easily shared. Share away!
Thanks to my friend @ThisAllieKatz for pointing me at the VPN comparison table, the recommendation of VPNSecure, and StackSocial discounts. They're the best!
Updated 25/11 to add that OpenVPN is usable on iOS
What's going on in world politics right now?
Earlier this year, the United Kingdom held a referendum on whether to remain within the European Union, a referendum promised by David Cameron as a cynical attempt to get more votes in the 2015 General Election due to the gains being made by UKIP over fears about immigration. A referendum won by the Leave campaign in large part over fears about immigration.
A couple of months ago, the far-right, anti-migrant AfD - Alternative for Germany - party made big gains in regional elections.
Earlier this month, Donald Trump was elected as the next President of the United States, and the Republican party retained their majority in both Senate and Congress.
Stoking fears about immigration to control your population is a classic move of authoritarian nationalism - develop more power over your population by using "them" as a target of hate. Simply put, these parties are all the 'acceptable' faces of fascism. This has been building for a while and it is likely to continue building for the foreseeable future, both in these countries and elsewhere.
How does this affect my Internet usage?
It may be that you've read the above and you don't agree with the conclusion. Even if that's the case, you should be worried about the UK's Investigatory Powers Act 2016. This has passed in both houses, and is currently awaiting royal assent. Essentially, that means that this is about to become law - royal assent is in practice nothing more than a formality. The Verge has a great article detailing what this act means, but the short version is that everyone in the UK is now subject to a heavy amount of state-sponsored warrantless Internet surveillance, it's a crime for service providers to let people know that records have been requested on them and these service providers have to cooperate, these (UK-based) service providers are required to be able to remove encryption they are providing for their users, and allows for government-controlled hacking against UK citizens.
Yes, it's all pretty scary. And you should be scared even if you're not in the UK: The UK is part of the "Five Eyes" group, a set of five countries that share intelligence - primarily signals intelligence - with each other (to what extent, we don't know) including the USA, UK, Canada, Australia and New Zealand. This has been expanded a few times, and has gone from five to nine to fourteen to forty-one eyes. From the Privacy International article linked above:
"Here's what we do know: under the agreement interception, collection, acquisition, analysis, and decryption is conducted by each of the State parties in their respective parts of the globe, and all intelligence information is shared by default."
So, for those in the UK, our data is going to be shared with a whole bunch of countries, and data collected in the other countries is going to be shared with the UK and USA - two "enemies of the Internet". And it's quite possible that other countries will follow since the act passed quite quietly - particularly those countries where fascism is on the rise. What better way to be an authoritarian state in the age of the Internet than to surveil your citizens as much as possible.
Think I'm overstating how bad this is? The secret collection of citizen data by the GCHQ was deemed a breach of our human rights earlier this year. The Investigatory Powers Act 2016 makes it so that it's now legal.
You may feel like you've got nothing to hide, but with the rise of Fascism, you may find there's a risk of government-backed persecution where there previously wasn't one.
What can I do to better protect myself? VPN
The best thing you can do is to use a VPN connection to a country where surveillance isn't an issue. With any Internet connection you have a public IP address and from there you connect to websites, servers and such. A VPN allows you to have an encrypted tunnel to another location and you connect to websites from there. So, if you are connecting to a VPN server in a different country then instead of connecting to websites from a connection in the UK where the UK government will happily catalog everything you do, you send all of your Internet data through a server in a different country where the same tracking doesn't happen, and your link - called a tunnel - between yourself and this VPN server in a different country is protected by encryption, making it (hopefully) practically impossible for your data to be intercepted.
Calling it a 'tunnel' helps describes what happens: Imagine you're standing at the mouth to the Channel Tunnel, and you want to post a letter, so you put it in a postbox. It then gets transported by Royal Mail, a British delivery network. But let's say that the UK Government makes it so that they now read all your letters. Instead, you give the letter to someone you trust who is going through the Channel Tunnel to post from the other side. They go through the tunnel, then put the letter into a French post box and so it is now in the French delivery network. It's the same information on the letter, and it can still potentially be intercepted once it's in the general network, but as far as the network is concerned it originated in France, and so the UK Government didn't get to see it.
Fortunately, there are many choices for VPN services. A great place to compare services can be found here. Note the search feature on the web page so you can look for specific providers. What you're most interested in is what logging occurs, what the maximum strength encryption is, and whether the company headquarters is in a country that is an enemy of the Internet.
Let's break that down:
- You want a service provider that doesn't log anything. That way there is no trace of your connections through the service provider that they keep for them to hand over to authorities.
- You want strong encryption so that your tunnel is, in practice, unhackable.
- You want to work with a company that isn't based in a country that is an enemy of the Internet because the service provider may be required to hand over certain information about you. This is particularly important if you are with a provider that has any logging.
The last thing that you want to check up - that isn't covered on the website list above - is whether they have servers available in privacy-friendly countries (that link is based around torrenting but similar principles apply in this situation). One particular privacy-friendly country to consider for this is Switzerland; this is a 41-Eyes country but the Swiss have a history of high levels of personal privacy which extends to Internet usage, though of course you want to check on this before making any decisions in case the situation has changed since I wrote this article. You also want to find a privacy-friendly country that is geographically near to you to help with your connection speeds.
And, of course, before spending any money, it's always worth looking up reviews of the service or product. This goes for anything, not just VPN services!
Now you know the criteria on which to base whether a VPN provider meets your needs, I would suggest heading to StackSocial to see what current special offers are available (disclaimer: that's my referral link). At the time of writing they have quite a few lifetime offers going for super-cheap. You can also sign up for their newsletter - it gave me a 10% off code for $30 or more. You can then go through that list of providers with heavy discounts and see if the company fits your privacy requirements, and if they have servers in countries that you feel comfortable with.
Who did I go with? I went with VPNSecure. At the time of writing, there's a $39 deal on StackSocial for lifetime membership. The company is based in Australia, a Five Eyes country (but not an enemy of the Internet) but they don't keep any logs. They have good privacy options, good security options, and servers all around the world including in Switzerland. You can use their app on Windows or macOS, and if you're on a different platform you can use either a web proxy or an OpenVPN client. You can also use their stuff on Android,
but not on iOS and also on iOS, thanks to the free third-party OpenVPN Connect app from the App Store (there's an official VPNSecure iOS app but it didn't work for me, but this app has been working great). Their own client on my Mac also allows me to not send some websites through the VPN, so I can still access UK Netflix. In terms of speed, it's good: At home without VPN I get 74Mbps down and 17.5Mbps up. That's now around 54Mbps down and 13.5Mbps up, which is good. This is also using their "stealth VPN" setting which slows the connection down but ambiguously changes tunnel content, making it even harder for your tunnel traffic to be tracked.
What about my communications with people?
VPN will only help you so far - it stops the UK government from tracking your web history, but it doesn't necessarily stop them from listening in on any communications with people. The trick with this is that you want your messages to use what's called "end-to-end encryption". This is where the message you send is encrypted by the device you're sending the message from, and only decrypted by the device you're sending to, using keys on the devices themselves. That way, everything in between, including the messaging service provider, can't decrypt the message even if they are able to intercept it.
For instant messaging, a good option here is an app called Signal. This is available on iOS and Android, and for Google Chrome, and is an end-to-end encrypted messaging option. On Android it can also take over text message duties, though this won't have the same protection. Signal can also be used for phone calls too!
For other communications there has long been an option in PGP. Many email clients can have PGP apps added to them for convenience, and you can use PGP to encrypt other stuff, including bodies of text, files and folders. It's another end-to-end encryption method, but requires some setup to get going and requires the person you're talking to do the same - they have to be able to decrypt the message, after all!
Email has another good option in an email provider called ProtonMail. This is an email provider where all of your data on their systems is encrypted, and it uses end-to-end encryption. If you're sending emails to other ProtonMail users then it's all baked in for you, and it gives you the option of using end-to-end encryption - based on PGP - for sending emails to people outside of ProtonMail. They don't store any tracking information, and their servers are stored in Switzerland.
We all rely heavily on search engines to find websites, and the most popular by far of these is Google. This means that Google gets to track lots of information about you - which they do already since their primary revenue stream is from advertising - and since they have data centres all over the world, enemy-of-the-Internet governments can potentially access this data too. The best alternative in this case is DuckDuckGo. They don't track users, so they're a good bet in this case.
The last thing to be aware of is cloud storage. Many companies have their data stored in countries that are enemies of the Internet - a lot of places store data in in the US, for example. You also want to know how the data is stored - whether there is end-to-end encryption on this data, for instance. This applies to stuff such as online document storage, online photo storage, services such as Dropbox... All sorts!
When it comes to this, you have three options: find a cloud storage provider that meets your security needs, make your existing cloud storage fit your needs by encrypting the data you store on the cloud storage with end-to-end encryption such as PGP, or don't use a cloud storage provider. In the latter case, you can potentially host your own data. There are several companies that provide home server options, and they can be set up to be Internet accessible. This does mean you run the risk of being a target of hacking and having to be the one to secure or fix it, but it means you know how your data is handled. For alternative cloud storage providers, I don't have any particular recommendations but a search for "end to end encryption cloud storage" turns up several results.
The world is becoming a scarier place than it was a year ago. The far right is very much on the rise - after all, the lessons from World War 2 and the Nazis is out of most people's living memory, particularly their rise to power. But the world we live in is very different now, thanks to the development of personal electronics and the Internet. Governments want to use these to gather more data on their citizens, which is a scary thing. It also means that we have tools to fight against this, thanks to encryption. While no encryption is truly impenetrable, it can be practically impenetrable and can help keep your Internet activity, and your communications, secure. The biggest tools available in this are VPN to tunnel your Internet traffic through to a more hospitable country, using DuckDuckGo for your search engine, and end-to-end encryption for communication and file storage. Best to use these tools.