Ask Slashdot: Jamming UK Metadata Collection?

AmiMoJo writes: It looks likely that the UK will try to require ISPs to collect metadata on behalf of its security services, and various other agencies will have access to this vast, privacy- and security-destroying database.

How can individuals resist? Some metadata is trivial to hide, e.g. much email is encrypted between the user and server, but a record of an access will still exist. Would there be much benefit to creating fake traffic, say by sending dummy emails to yourself? What about fake browsing, or keeping TOR running 24/7 (not as an exit node, just a client)?

The goal is to make the data less useful and harder to tie to an individual or separate from fake data, and to increase the cost of collecting and storing such data. Don't worry, I'm already on the list of known dissidents anyway.

Add noise with TrackMeNot

[Somebody+Is+Using+My]

TrackMeNot is a browser-extension for Firefox and Chrome that sends semi-random search requests to several search engines with the goal of disrupting this sort of tracking. Well, it's more aimed at preventing commercial entities from creating an accurate picture of your web-browsing habits, but it probably adds some noise to the intelligence gathering too. By default it pulls random keywords from newspaper headlines, but you can configure it to use (or avoid) certain keywords, as well as tweak the frequency of the requests. It runs automatically in the background whenever your browser is open.

TrackMeNot isn't really useful in hiding your behavior; it just throws in spurious data that makes legitimate data look less accurate. It's really aimed more at devaluing marketing databases with the (admittedly vain) hope that they'll give up on the whole thing ;-)

Note: it does use extra CPU cycles and bandwidth, so if you are constrained in either this tool may not be for you. Also, tweak the timing of those search requests carefully or the search engines might blacklist you as a bot. Having said that, I've been using this plug-in for several years now and it's rarely caused me any problems.

Re:Exit node

[SuricouRaven]

It's risky though. Exit nodes can be used for all sorts of illegal activity - hacking, fraud, child abuse imagery, the usual suspects. There's a small but worrying chance of being busted by the police for a crime commited via your node. You can probably use the node to demonstrate that you are not guilty of the accused crime, but that doesn't until after they've siezed every computer, phone and storage device you own, destroyed your reputation, cost you your job and crippled you financially with legal costs. Criminal investigations are damaging even if no charges are eventually pursued.

I'm wondering what will happen if some well-intentioned but morally-dubious virus writer puts together malware that installs exit nodes. That would be amusing.

Re:People forget easily

[PhilHibbs]

Yes. It is aggregated data... You don't think they are really only accessing metadata do you? How cute!

Almost. The real meaning of the term is data about data. For files, it's the file name, size, extension, timestamps, and maybe the magic numbers could be called metadata (which is why I don't like magic numbers in files). For pictures, it's camera exposure settings, focus, GPS data, etc. For emails, body text is the "data", whereas email headers are "metadata". From, To, Subject, that sort of thing. You can then aggregate that to get a different kind of metadata (metametadata?), but in its un-aggregated state it's still metadata.

I'm So Meta, Even This Acronym.