Brilliant first recommanded comment by "stpman" in the article to answer all those saying "I don't have anything to hide":
"Why should people care about surveillance? Because even if you're not doing anything wrong, you're being recorded. You don't have to do anything wrong. You simply have to eventually fall under suspicion, even by a wrong call. They can use this system to go back in time and scrutinise everything, and derive suspicion from an innocent life and paint anyone in the context of a wrongdoer."
-Edward Snowden
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
-Cardinal Richelieu
You may not have anything to hide, but you should hide as much as you can anyway, because anything you say or write may be one day used against you in a court of law.
Most cops in the US are fighting against the use of body cams. Why? They don't want to be recorded.
Most courts don't allow recording equipment in them. Why? They don't want to be recorded.
Most government workings are hidden behind bureaucrat walls. It requires other laws such as the FOIA to force government to be open. And FOIA requests are widely ignored, delayed, redacted, etc.
If the people enforcing the law refuse to be recorded, why in living hell should you let them record you?
You should have as many rights as they do. Including the right to privacy.
I think you're spot on. A classic example of this:
The Jews didn't have anything to hide and lived in the open for many years prior to Hitler's rise to power... and then suddenly their innocent life was exactly what condemned them to their deaths...
So yeah, everyone has a responsibility to ensure their privacy. 99.9% of people aren't terrorists. Terrorists cause less death every year than heart disease. Why should the 99.9% of people give up privacy to fight a war caused only because of the "West"'s inability to negotiate fairly for access to foreign resources? Instead of raping and plundering other countries, installing puppet Governments and causing people to act with "an eye for an eye" or "I will rain what you rain down on us a thousandfold over."
It's a band-aid solution to a symptom of the underlying cancer that needs to be cured. They're using the war on terror as a land grab for more power and control. Realistically there should be no war on terror, for terrorism is only "an eye for an eye." If you want to stop it, someone has to be the bigger man and say "You know what, we're not doing this any more. This behaviour is bullshit and it ends now."
If you want peace, you've gotta live peacefully. You don't spread peace with bombs, guns, violence and invading everyone's privacy to maintain control. You spread peace and trust with acts of love and kindness.
I fully agree with the quote above, but I don't find this as clear a cut issue as perhaps many on HN do. It's undoubtable that surveillance is becoming harder now and that groups who would bring great harm to innocent people are using the internet for research and communication. I don't know what the answer is, but encrypting everyone's communications end-to-end with no-one able to ever intercept does sound like it will make protecting us very hard indeed. And yes, I know these tools for strong encryption are out there and they can't be un-invented - but I can see why Governments want to do "something". I am just saying what that "something" is becomes difficult to define.
Meh, I'm still waiting for an argument that is capable of convincing a larger audience. The problem with the threat imposed by privacy invasion is that it is just too hypothetical. It is near the bottom of people's problem lists, even below their "first world" problems.
Back in the early 1980s my household was one of the few on the estate to have a telephone. You knew by the lack of overhead cables. This was in Northern Ireland during the Troubles.
One day a distraught woman came to the door and asked to make a call to her husband. My mother consented, the woman made a very odd short call and left.
For months afterwards we had strange noises on our line, clicks and echoes. I suspect our line was monitored after that call had been traced back to us. I don't know who she called but it always stuck in mind that one mistake was enough to emd up on a list.
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
But I can imagine some scenario where I am in a court and the opposing side have had access to my internet history. It wouldn't be very hard to paint me in a pretty bad light if you were very selective - much like the quote above.
Eg. "The defendant has previously looked at gun videos on the internet, reads hacker message boards, and once even read how to make TNT."
What truly terrifies me about this is how little control most users have over the websites they "visit". This law requires ISPs to log the domain name of websites users connect to. All it takes is one dodgy advert on an otherwise ordinary website to incriminate you. Worse, you might not even know this has happened, as the ad itself might be completely innocuous. But by virtue of being hosted on a website the government considers suspect, you find yourself on a list.
I don't know if this actually happens in practice, but I have heard stories of bad actors using adverts to distribute malware - it doesn't take a stretch of the imagination to see the same bad actors using adverts to generate false positives to the authorities.
Ad blockers are going to become more important than ever.
Lets face it: in the end, mass surveillance like this is a tool of terror, not of gaining knowledge. It's about injecting fear into society. And it already starts to work, obviously.
Yeah I was curious about what level of detail will be recorded. According to the article: "The law forces internet service providers to keep a record of all the websites – not the actual pages – you visit for up to a year."
If they aren't recording the pages, I'd doubt they've be recording the ads embedded on the page.
But who knows, I imagine it's down to how the ISPs implement the legislation.
There is no technical solution to such a problem. There is only a political solution. Either force government to change politics, or change government.
Some background of why I believe this. I grew up in communist East Germany (GDR) and lived there for 27 years, until - yes - we changed the government. Trying to change politics beforehand was not so successful after all. As you may know or may not know, that state was based to a good extent on the soft terror of broad surveillance. In the 70s and 80s of the last century, to achieve this a lot of human power was needed. Nowadays, surveillance can mostly be based on technology. I'm much concerned - given my life experience - about the trend over the last years to undermine democracy in the name of saving it - all over the (yet) free world. At least I know how a society looks like, that is no longer democratic.
The technical solutions like VPN or whatever are similiar to what we called "inner emigration" back in the past. It was a widespread phenomenon in that society. But only once many people have stopped this kind of hiding, and have publicly stripped off their fear, the system began to tumble. In the end, all the surveillance could not save it. They did know what happened and they could not stop it, simply because the people did not play their game anymore.
That petition mentioned here elsewhere is the right way. Sign it if you are a UK citizen. I'm unfortunately not, but I would do it now.
> yes - we changed the government. Trying to change politics beforehand was not so successful after all
East-German too, younger though. Yeah it's funny, all the time it seems impossible for "da people" to engender substantial change in governance. Then woopdidoo, some Gorbachev comes along, holds some talks with the Reagans of this world, eastern client states slowly learn they now can and should hold off a bit from total autocracy, and "the folk" get to exercise some agency for a brief time.
Beautiful. Where was this agency after Snowden, after other introductions or revelations of police/surveillance state measures? Looks like it wasn't quite as expedient to today's Reagans/Gorbachevs/etc of today. Sorry people, no illusion-of-agency for you when alignment with officious objectives is absent.
I am not from UK, but listen to me if any folks from UK are reading this.
This is one of the things that is harmful to your privacy. Should the list of websites that you visit be available for government unless you are under active investigation? Its not just the list of websites but every packet data that your devices send out, which means government could see your messages, data sent to dropbox, online spreadsheet like google docs etc. This is mass surveillance. You should be proud that your government have a website were you can start petitions. Now please use this feature and sign the petition so that this surveillance law can be repealed.
You sign the petition and ask your close friends and family to do the same. What you do not need is an intrusive government. I am voicing this because even though I am not a UK citizen, I do not want law makers in my country thinking "Oh those chaps has a fine surveillance law and their citizens are okay with it. Lets adopt that law".
Totally agree. Political action is the only thing that helps here. To all the people in the UK who not agree with that new law: there are many people all over Europe on your side. And if it comes to the need of action in our own countries, we will not hesitate.
I have taken to sending all traffic through my own IKEv2 VPN hosted in Germany.
I have a script to automate setup [1], which I will be updating shortly to use Let's Encrypt and to generate an on-demand Mac/iOS configuration profile that keeps one constantly connected.
I have half a mind to set up some semi-commercial service on the basis of complete transparency and the motivation to avoid the Investigatory Powers Act (most existing VPN services seem to come across as very shady).
Done. And it's not so much that I care about how much they snoop on me, but more that I know how absolutely useless they are at storing all this data so it can't be abused by malicious parties.
Does anyone happen to know if any of these petitions have actually stopped a bill or caused it to be amended? Would be disappointed to think it's just a placebo.
>But if they are not out to get you, why act as though they should be? It’s probably better to be as inconspicuous as possible, while limiting the amount of data that might turn up in some bored agency’s random fishing expeditions.
So what this person is saying is that under something like the Nazis or Stalin, they would have cruised right along. That is what they are actually saying, and that's all they're saying. Saying "I don't have anything to hide" really translates to "I am so far away from any adult responsibility and intelligence that I don't even realize I should be hiding that.", and anyone over 20 still saying shit like that you can write clean off, as far as I'm concerned.
Some questions for anyone who happens to have been following this closely:
1. What exactly is being stored? I have seen stories/comments saying it is domain names visited from web browsing but does it also cover other internet activity? Or is it being left vague?
2. Does the requirement to keep data for one year come with a corresponding obligation to delete it after that? Are they allowed to keep it longer (perhaps summary/derived data for cost reduction) ?
3. Can the organisations with access make bulk requests for all the data or do they have to request records one ip addr/person at a time? (yes, I know an IP is not a person etc).
4. If the data does have to be destroyed at some point does that only include data collected by the isp or also include copies made by those with access?
5. Are there any published numbers on roughly how many people will have access to collected data?
This is about protecting yourself from ISP logging now required by government. Using a VPN and to tunnel your connection via [another country] may not be sufficient to avoid the government snooping Snowden talked about, as referred to in the article.
You're quite right. It's more akin to drawing your curtains and locking your front door. Anyone with enough motivation can break in but at least it's not all out on display.
There is a secondary risk, and that is that ISPs (who IME often don't have skills or decent budgets for this sort of thing) are storing your data. At some point an ISP is going to get hacked for this data. At least re-routing to a server somewhere bypasses that storage, even if it doesn't protect against overarching state snooping.
In spite of the virulent dislike for the Daily Mail usually expressed in these pages, I'll stick my head out and offer a link to a list of the folk who'll be snooping on your browsing if you live in the UK.
Metropolitan police force, City of London police force,
Police forces maintained under section 2 of the Police Act 1996, Police Service of Scotland, Police Service of Northern Ireland,British Transport Police,
Ministry of Defence Police,Royal Navy Police,
Royal Military Police,Royal Air Force Police,
Security Service,Secret Intelligence Service,
GCHQ,Ministry of Defence,Department of Health,
Home Office,Ministry of Justice,
National Crime Agency,HM Revenue & Customs,
Department for Transport,Department for Work and Pensions,
NHS trusts and foundation trusts in England that provide ambulance services,Common Services Agency for the Scottish Health Service,Competition and Markets Authority,
Criminal Cases Review Commission,Department for Communities in Northern Ireland,Department for the Economy in Northern Ireland,Department of Justice in Northern Ireland,
Financial Conduct Authority,Fire and rescue authorities under the Fire and Rescue Services Act 2004,
Food Standards Agency,Food Standards Scotland,
Gambling Commission,Gangmasters and Labour Abuse Authority,
Health and Safety Executive,Independent Police Complaints Commissioner,Information Commissioner,
NHS Business Services Authority,Northern Ireland Ambulance Service Health and Social Care Trust,
Northern Ireland Fire and Rescue Service Board,
Northern Ireland Health and Social Care Regional Business Services Organisation,Office of Communications,
Office of the Police Ombudsman for Northern Ireland,
Police Investigations and Review Commissioner,
Scottish Ambulance Service Board,
Scottish Criminal Cases Review Commission,
Serious Fraud Office,Welsh Ambulance Services National Health Service Trust.
One way to protect youself is by writing a program that sends random requests every few seconds to an URL of a database of millions of URLs. Then they will have to find out which your actual visits were and which not.
I suspect on site level there won't be too much to allow effective identification of threats without a lot of false positives. This may be intention as with a "reasonable" suspicion more invasive procedures can be justified.
The biggest practical near term threat could well be to the spouses of all the parties that can request the data. Other likely threats are employers, particularly public ones.
If you need minimal no-fuss, pay for what you use type of setup, you can use Amazon Lambda to proxy for you. Hook this up to FoxyProxy or something like this with some good rules and you will be on a good track in terms of your default browser.
That being said, VPN will be always better and it doesn't cost very much to set one up on DO.
[+] [-] guilamu|9 years ago|reply
"Why should people care about surveillance? Because even if you're not doing anything wrong, you're being recorded. You don't have to do anything wrong. You simply have to eventually fall under suspicion, even by a wrong call. They can use this system to go back in time and scrutinise everything, and derive suspicion from an innocent life and paint anyone in the context of a wrongdoer." -Edward Snowden
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." -Cardinal Richelieu
You may not have anything to hide, but you should hide as much as you can anyway, because anything you say or write may be one day used against you in a court of law.
[+] [-] adekok|9 years ago|reply
Most cops in the US are fighting against the use of body cams. Why? They don't want to be recorded.
Most courts don't allow recording equipment in them. Why? They don't want to be recorded.
Most government workings are hidden behind bureaucrat walls. It requires other laws such as the FOIA to force government to be open. And FOIA requests are widely ignored, delayed, redacted, etc.
If the people enforcing the law refuse to be recorded, why in living hell should you let them record you?
You should have as many rights as they do. Including the right to privacy.
[+] [-] balabaster|9 years ago|reply
The Jews didn't have anything to hide and lived in the open for many years prior to Hitler's rise to power... and then suddenly their innocent life was exactly what condemned them to their deaths...
So yeah, everyone has a responsibility to ensure their privacy. 99.9% of people aren't terrorists. Terrorists cause less death every year than heart disease. Why should the 99.9% of people give up privacy to fight a war caused only because of the "West"'s inability to negotiate fairly for access to foreign resources? Instead of raping and plundering other countries, installing puppet Governments and causing people to act with "an eye for an eye" or "I will rain what you rain down on us a thousandfold over."
It's a band-aid solution to a symptom of the underlying cancer that needs to be cured. They're using the war on terror as a land grab for more power and control. Realistically there should be no war on terror, for terrorism is only "an eye for an eye." If you want to stop it, someone has to be the bigger man and say "You know what, we're not doing this any more. This behaviour is bullshit and it ends now."
If you want peace, you've gotta live peacefully. You don't spread peace with bombs, guns, violence and invading everyone's privacy to maintain control. You spread peace and trust with acts of love and kindness.
[+] [-] planetjones|9 years ago|reply
[+] [-] austinjp|9 years ago|reply
Although, a worrying possibility is that a tendency toward privacy marks you out as a dissenter. Guilty before proven innocent.
[+] [-] amelius|9 years ago|reply
[+] [-] conover|9 years ago|reply
http://www.nytimes.com/2010/01/14/nyregion/14watchlist.html
http://www.nytimes.com/2006/02/14/business/jumping-through-h...
[+] [-] dingaling|9 years ago|reply
One day a distraught woman came to the door and asked to make a call to her husband. My mother consented, the woman made a very odd short call and left.
For months afterwards we had strange noises on our line, clicks and echoes. I suspect our line was monitored after that call had been traced back to us. I don't know who she called but it always stuck in mind that one mistake was enough to emd up on a list.
On
[+] [-] Create|9 years ago|reply
http://www.bbc.com/news/world-35961422
We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.
This should not actually be a complicated inquiry.
https://www.theguardian.com/technology/2014/may/27/-sp-priva...
Employee is held on suspicion of ‘extracting confidential information’ from law firm at centre of Panama Papers
https://www.theguardian.com/world/2016/jun/15/mossack-fonsec...
[+] [-] gmac|9 years ago|reply
[+] [-] adwww|9 years ago|reply
But I can imagine some scenario where I am in a court and the opposing side have had access to my internet history. It wouldn't be very hard to paint me in a pretty bad light if you were very selective - much like the quote above.
Eg. "The defendant has previously looked at gun videos on the internet, reads hacker message boards, and once even read how to make TNT."
[+] [-] nicktelford|9 years ago|reply
I don't know if this actually happens in practice, but I have heard stories of bad actors using adverts to distribute malware - it doesn't take a stretch of the imagination to see the same bad actors using adverts to generate false positives to the authorities.
Ad blockers are going to become more important than ever.
[+] [-] planetjones|9 years ago|reply
[+] [-] ischm|9 years ago|reply
[+] [-] treerock|9 years ago|reply
If they aren't recording the pages, I'd doubt they've be recording the ads embedded on the page.
But who knows, I imagine it's down to how the ISPs implement the legislation.
[+] [-] ischm|9 years ago|reply
Some background of why I believe this. I grew up in communist East Germany (GDR) and lived there for 27 years, until - yes - we changed the government. Trying to change politics beforehand was not so successful after all. As you may know or may not know, that state was based to a good extent on the soft terror of broad surveillance. In the 70s and 80s of the last century, to achieve this a lot of human power was needed. Nowadays, surveillance can mostly be based on technology. I'm much concerned - given my life experience - about the trend over the last years to undermine democracy in the name of saving it - all over the (yet) free world. At least I know how a society looks like, that is no longer democratic.
The technical solutions like VPN or whatever are similiar to what we called "inner emigration" back in the past. It was a widespread phenomenon in that society. But only once many people have stopped this kind of hiding, and have publicly stripped off their fear, the system began to tumble. In the end, all the surveillance could not save it. They did know what happened and they could not stop it, simply because the people did not play their game anymore.
That petition mentioned here elsewhere is the right way. Sign it if you are a UK citizen. I'm unfortunately not, but I would do it now.
[+] [-] dualogy|9 years ago|reply
East-German too, younger though. Yeah it's funny, all the time it seems impossible for "da people" to engender substantial change in governance. Then woopdidoo, some Gorbachev comes along, holds some talks with the Reagans of this world, eastern client states slowly learn they now can and should hold off a bit from total autocracy, and "the folk" get to exercise some agency for a brief time.
Beautiful. Where was this agency after Snowden, after other introductions or revelations of police/surveillance state measures? Looks like it wasn't quite as expedient to today's Reagans/Gorbachevs/etc of today. Sorry people, no illusion-of-agency for you when alignment with officious objectives is absent.
Maybe it'll come around somehow..
[+] [-] mfukar|9 years ago|reply
[+] [-] rubberstamp|9 years ago|reply
I am not from UK, but listen to me if any folks from UK are reading this.
This is one of the things that is harmful to your privacy. Should the list of websites that you visit be available for government unless you are under active investigation? Its not just the list of websites but every packet data that your devices send out, which means government could see your messages, data sent to dropbox, online spreadsheet like google docs etc. This is mass surveillance. You should be proud that your government have a website were you can start petitions. Now please use this feature and sign the petition so that this surveillance law can be repealed.
The petition against this bill is at: https://petition.parliament.uk/petitions/173199
You sign the petition and ask your close friends and family to do the same. What you do not need is an intrusive government. I am voicing this because even though I am not a UK citizen, I do not want law makers in my country thinking "Oh those chaps has a fine surveillance law and their citizens are okay with it. Lets adopt that law".
Now get to action. Sign the petition at https://petition.parliament.uk/petitions/173199
[+] [-] wlll|9 years ago|reply
At least I become a +1 in the count of people who object.
[+] [-] ischm|9 years ago|reply
[+] [-] gmac|9 years ago|reply
I have a script to automate setup [1], which I will be updating shortly to use Let's Encrypt and to generate an on-demand Mac/iOS configuration profile that keeps one constantly connected.
I have half a mind to set up some semi-commercial service on the basis of complete transparency and the motivation to avoid the Investigatory Powers Act (most existing VPN services seem to come across as very shady).
[1] https://github.com/jawj/IKEv2-setup
[+] [-] billybofh|9 years ago|reply
https://github.com/jlund/streisand
[+] [-] sdfjkl|9 years ago|reply
https://en.wikipedia.org/wiki/Gesetz_zur_Beschr%C3%A4nkung_d...
Much more comprehensive German version: https://de.wikipedia.org/wiki/Artikel_10-Gesetz#.C3.9Cbermit...
[+] [-] jgrahamc|9 years ago|reply
[+] [-] Fifer82|9 years ago|reply
[+] [-] philbarr|9 years ago|reply
[+] [-] lucozade|9 years ago|reply
[+] [-] pauljohncleary|9 years ago|reply
[+] [-] kragniz|9 years ago|reply
This makes me so sad.
[+] [-] hmmwell|9 years ago|reply
[+] [-] SixSigma|9 years ago|reply
[+] [-] david_mitchell|9 years ago|reply
1. What exactly is being stored? I have seen stories/comments saying it is domain names visited from web browsing but does it also cover other internet activity? Or is it being left vague?
2. Does the requirement to keep data for one year come with a corresponding obligation to delete it after that? Are they allowed to keep it longer (perhaps summary/derived data for cost reduction) ?
3. Can the organisations with access make bulk requests for all the data or do they have to request records one ip addr/person at a time? (yes, I know an IP is not a person etc).
4. If the data does have to be destroyed at some point does that only include data collected by the isp or also include copies made by those with access?
5. Are there any published numbers on roughly how many people will have access to collected data?
[+] [-] JamesBaxter|9 years ago|reply
It's currently discounted with the coupon code BlackFriday.
Setup on the iPhone took 2 minutes, setting it up on my OpenWRT router tonight will take longer I suspect...
[+] [-] cs02rm0|9 years ago|reply
This is about protecting yourself from ISP logging now required by government. Using a VPN and to tunnel your connection via [another country] may not be sufficient to avoid the government snooping Snowden talked about, as referred to in the article.
[+] [-] your_ai_manager|9 years ago|reply
[+] [-] wlll|9 years ago|reply
[+] [-] SEJeff|9 years ago|reply
https://ssd.eff.org/en
[+] [-] kseistrup|9 years ago|reply
[+] [-] vixen99|9 years ago|reply
http://www.dailymail.co.uk/sciencetech/article-3971214/The-4...
Edit: If that's a step too far . . . here it is.
Metropolitan police force, City of London police force, Police forces maintained under section 2 of the Police Act 1996, Police Service of Scotland, Police Service of Northern Ireland,British Transport Police, Ministry of Defence Police,Royal Navy Police, Royal Military Police,Royal Air Force Police, Security Service,Secret Intelligence Service, GCHQ,Ministry of Defence,Department of Health, Home Office,Ministry of Justice, National Crime Agency,HM Revenue & Customs, Department for Transport,Department for Work and Pensions, NHS trusts and foundation trusts in England that provide ambulance services,Common Services Agency for the Scottish Health Service,Competition and Markets Authority, Criminal Cases Review Commission,Department for Communities in Northern Ireland,Department for the Economy in Northern Ireland,Department of Justice in Northern Ireland, Financial Conduct Authority,Fire and rescue authorities under the Fire and Rescue Services Act 2004, Food Standards Agency,Food Standards Scotland, Gambling Commission,Gangmasters and Labour Abuse Authority, Health and Safety Executive,Independent Police Complaints Commissioner,Information Commissioner, NHS Business Services Authority,Northern Ireland Ambulance Service Health and Social Care Trust, Northern Ireland Fire and Rescue Service Board, Northern Ireland Health and Social Care Regional Business Services Organisation,Office of Communications, Office of the Police Ombudsman for Northern Ireland, Police Investigations and Review Commissioner, Scottish Ambulance Service Board, Scottish Criminal Cases Review Commission, Serious Fraud Office,Welsh Ambulance Services National Health Service Trust.
[+] [-] antaviana|9 years ago|reply
[+] [-] pavel_lishin|9 years ago|reply
[+] [-] JupiterMoon|9 years ago|reply
https://petition.parliament.uk/petitions/173199
60,000 so far, less than 100,000 means it will be ignored out of hand.
There is another HN discussion about it at https://news.ycombinator.com/item?id=13035996#13036348
[+] [-] exabrial|9 years ago|reply
[+] [-] heisenbit|9 years ago|reply
The biggest practical near term threat could well be to the spouses of all the parties that can request the data. Other likely threats are employers, particularly public ones.
[+] [-] MichaelMoser123|9 years ago|reply
[+] [-] Accacin|9 years ago|reply
[+] [-] bogle|9 years ago|reply
[+] [-] _pdp_|9 years ago|reply
That being said, VPN will be always better and it doesn't cost very much to set one up on DO.
[+] [-] known|9 years ago|reply