Our government is currently mooting proposals to track all of us via
logging of our electronic communications. Much has been written about this recently and the main response seems to be along the lines of legal action at either national level or EU level. I however feel it is my patriotic duty as a subject of perfidious albion to come up with good ways to avoid and work around this new system.
The first step is of course encryption. This is a no-brainer but requires learning on the part of users to adopt it securely. Encryption should be a default aspect of email. Setting up a public-private key-pair should be a part of setting up an email account and we need tools to make it easy to manage and share these keys. I know there are drawbacks to this but I think that for too many years we have been concentrating on creating maximal security at the expense of ease of use and the result has been minimal uptake of email security. I think though that at this stage just changing the playing field from the default of plain text communication to encrypted communication so that plain text stands out from the network traffic like a sore thumb rather than the current situation where cypher text is the exception. Encryption has to become a default aspect of setting up an online email account, and online vendors must push this to their users, not necessarily enforce its use, but ensure that their users know that they are sending insecure messages.
Secure messaging is also required as a default rather than an option. At the very least there needs to be session based encryption between users so that no plain text message is ever available at the intermediate servers.
At the moment I have little idea about tactics for increasing privacy of web browsing other than suggesting onion routers and Tor networks. Whist their are weaknesses to these systems they are still better than what we have currently. I don't expect a wholesale move from traditional browsing to secure browsing. It is likely that an interim alternative might be adopted that poisons the data well. Basically to make the amount of browsing data collected by the government so huge, unwieldy, and confused that extracting anything useful becomes a difficult problem.
This could be achieved by standalone apps or browser plugins which browse to random URLs, or explore links in the background. An important aspect of this is of course to ensure that the browsing patterns from these tools are similar to those of a real user to make it even more difficult to determine what was real browsing and what was automated. A possible project might be to create a peer to peer app that shares real browsing data between users so that a real users suitably anonymised browsing is replicated in the background of peers elsewhere in the swarm. In this way real browsing patterns of remote users would be intertwined with those of local users making it difficult to discern the actual browsing pattern for that user. I can see a legal attack on this making a user responsible for all browsing that actually or apparently originates from a given machine but that would make me wonder how far down the road of neutering internet communication the government would wish to go down. A problem with this is that it will increase the burden on servers if traffic increases because of the addition of chaff. This does not strike me as a good thing, and feels to be an inadequate and inelegant tactic.
Whilst these measures will not be entirely secure they at least raise the bar. If you wish to take away our privacy then
-
You will have to fight us for it, and even if you win,
- We won't make it easy for you!
