Ask Slashdot: Jamming UK Metadata Collection?

AmiMoJo writes: It looks likely that the UK will try to require ISPs to collect metadata on behalf of its security services, and various other agencies will have access to this vast, privacy- and security-destroying database.

How can individuals resist? Some metadata is trivial to hide, e.g. much email is encrypted between the user and server, but a record of an access will still exist. Would there be much benefit to creating fake traffic, say by sending dummy emails to yourself? What about fake browsing, or keeping TOR running 24/7 (not as an exit node, just a client)?

The goal is to make the data less useful and harder to tie to an individual or separate from fake data, and to increase the cost of collecting and storing such data. Don't worry, I'm already on the list of known dissidents anyway.

People forget easily

[110010001000]

People forget how this data is really collected. They aren't looking at packets and breaking encryption between the client and server. They are tapping into the endpoint. They are accessing the Gmail/hotmail server endpoint databases. I am in the network monitoring field and I can tell you there isn't enough horsepower to do packet based monitoring of large numbers of people. They are getting the data because Google. Microsoft, Apple, etc are giving them access to their datastores.

Exit node

[ickleberry]

If you run an exit node you will generate lots of useless data for them to collect. Just dont forget to blacklist all the popular torrent sites that are blocked in UK in the tor config file, otherwise unsuspecting TOR users will get the 'this site is blocked' message. There are no laws against running an exit node, I did run one before in Ireland and had no trouble, although they are more fussy in UK mainly due to a difference in mentality - the powers that be think they are actually stopping real terrorists with the work they do.

Re:Exit node

I'm wondering what will happen if some well-intentioned but morally-dubious virus writer puts together malware that installs exit nodes. That would be amusing. I thought of this. It would be brilliant. Compromised Box's all over the world would be come TOR exit nodes.The TOR Network would be more powerful than they ever imagined.

Don't use a phone

[taustin]

Simple. If you use a phone, you use someone else's network, and do things that are impossible for them to let you do without them knowing what you're doing. You can't call someone without the phone company knowing who you're calling.

And the internet is a public place, period. Don't do anything on the internet that you wouldn't do in your front yard, with the neighbors watching.

If you don't like it, tough. The rules of reality don't need your approval.

Your post advocates a

[vivaoporto]

The goal is to make the data less useful and harder to tie to an individual or separate from fake data, and to increase the cost of collecting and storing such data.

Here is a new form, the same as the fighting spam one with minor changes. Feel free to use it as most of the measures proposed to fight surveillance fail for the same reasons.

Your post advocates a

( ) technical ( ) legislative ( ) market-based (X) vigilante

approach to fighting surveillance. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws not included here)

(X) Governments can easily use it to identify dissidents
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop surveillance for two weeks and then we'll be stuck with it
(X) Users will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from everyone
(X) Requires immediate total cooperation from everybody at once
( ) Many users cannot afford to lose business or alienate potential employers
( ) Governments don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for communication
( ) Open relays in foreign countries
(X) Ease of searching all text based communication
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in current solutions
( ) Susceptibility of other forms of encryption
( ) Willingness of users to install OS patches
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all surveillance approaches
(X) Extreme profitability of surveillance
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people
( ) Dishonesty on the part of everyone themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) Encryption should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Speech should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government decrypting my stuff
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

You won't like this comment

Back in the nineties, I discovered the internet and its freedom as a wonderful tool that proved the freedom-based values of the Western society. Moreso, as I was (and am) living in a former communist country in Eastern Europe. Imagine my delight, coming from a closely monitored society to such a wonderful and open global community!

However, I have noticed a worrying trend, mostly in opinions posted in forums or other places by Westerners (American and European alike), that too easily dismissed any threats to the personal freedom in various topics. From trivial but excessive forum moderation (which to me resembled too much to the communist censorship) to political issues where leaders pressed and were allowed to limit liberties such as the freedom of speech, for dubious reasons (political correctness, security in matters presented by exagerating imaginary threats, etc.). I understood one thing then: your society was utterly vulnerable to becoming a closed one, even to transform into an oppresive one, for one very simple reason: you didn't see first hand how a dictatorship works, how the officials' behavior in an oppresive state behave, and how they talk. We've seen those and painfully endured their effects, over a long time. I was able to detect the signs of the emerging surveillance society in the West since those times. I tried to express my concerns in open forums, and been bashed by the all-knowing arrogance of those who thought nothing bad can happen with the civil rights.

They were wrong. And now it's too late. You are asking what you can do as an individual. You can't do anything at this point, all you'll achieve will make you look suspicious, and they will monitor you even closer. Individuals can no longer make any difference, we would need a miacle to prevent the Western world repeat all the mistakes of the dictatorships in the Eastern Europe. It would involve a huge community coherence in working to change the laws, and only voting for those who don't want to control us all (although they are becoming an extinct species). And fighting with all available *legal* means against surveillance and control, without being tempted by using non-democratic shortcuts (such as voting for populists that only tell you what you want to hear). Very, very hard.

So, yeah, you won't like my response to your topic, but hopefully you do at least understand.

Re:Email?

This answer, like almost all the other answers in the discussion is an answer to the question

how can I hide?

that's not the question the article asked. The question was

how can I resist?

It's a completely different thing. The aim of reistance is to create consequences and problems for the authorities and visible protests shown to other people. It's something completely different. You do not resist by being entirely hidden. That makes no difference to other people. You resist by making things more costly / dlfficult / complex for the security services.

It's probably also not a good idea to resist the wrong things. The ostensible aim of surveillence is to stop terrorism. If you actually or apparently make investigation of terrorism difficult that won't work out for you. Instead you probably want to resist something different; e.g. deliberate spying for non-terrorist crimes (and keep paedophilia out of it too).

Bitmessage

One example that makes metadata collection much more difficult is Bitmessage. Its main feature is uncensorability rather than anonymity, but it scores very high on the anonymity scale as well. Its metadata is encrypted, so additional actions and costs are necessary to deanonymise the users. It also has uncensorable shared communication feature called chans. There are gateways that provide connectivity to email. Disclaimer: I am one of the developers of Bitmessage and I also operate one such gateway, https://mailchuck.com.