Investigatory Powers Act

So the IP Bill has got Royal assent, which means it will become UK law in 2017. Any UK listeners plan on getting a vpn as a result of this? Any other general thoughts on why we should (or shouldn’t) be bothered by it?

matty

You should be bothered by it; it is very worrying; I need to look into VPNs to see if I can just enable one trivially and not have it cut down all my lovely fibre bandwidth; more thoughts and suggestions in this vein are gratefully encouraged!

I’ve been thinking of getting a vpn since the bill was first proposed - it always seemed like one of those bills that was never going to be stopped. nordvpn have some interesting deals at the moment, but they seem to be jumping on the marketing benefit from folk like us wanting to protect our privacy as a result of the bill which makes me wonder that I’m missing something

I am bothered by it, but if you aren’t using one of the big ISPs (I’m not) then you are probably OK anyway. But there are a few good VPN services out there. My laptops/phones/etc… use PIA VPN.

I’ve got a lifetime subscription to VPN-Unlimited thanks to a Black Friday deal, so I use that. Before that, I used Private Internet Access. PIA has a better no-logging-none-ever policy than VPNU, but its client was a crashmonster and trying to use it with OpenVPN proved somewhat painful.

The only thing that takes some getting used to is making sure everything on my home network can still talk to each other – VMs on my main machine that used bridged interfaces no longer work in the same way, so I’ve had to figure that out a bit.

2 Likes

Can you explain to me how “not using one of the big ISPs” (for a definition of ‘big’, presumably) is helpful?

Thanks gmb, it’s very difficult to find anyone who’s prepared to name the vpn they use so thanks.
At the moment I’ve got my own server with openvpn deployed and I’m experimenting with that, the speed is ok but not amazing, but the hard part is going to be running it at a price that’s actually competitive.

I know this is El Reg, but: http://www.theregister.co.uk/2016/11/25/isps_with_no_history_of_working_with_spook_probably_wont_be_slapped_with_a_data_retention_order_following_ip_bill/

I’ve also seen some other tech outlets report similar. One stating a small ISP is less than 10,000 users and will only need to record the data with an explicit warrant.

On a related note: this analysis of the bill was posted yesterday from RevK (of A&A). http://www.revk.uk/2016/12/investigatory-powers-act-devil-in-detail.html

It makes for interesting reading

1 Like

I was under the impression if you get or use a VPN, then ISP must give notice to the Gov as well.
Wouldn’t that be an issue as then they can just partner with friends overseas to get VPN metadata ?
Or I’m sounding too much like a conspiracy theorist ? :stuck_out_tongue_closed_eyes:

If the government want to come after me, it doesn’t matter what VPN I use, they’ll get me. But if use a VPN server overseas then it makes it harder to get caught up in the dragnet

I use ExpressVPN. Great service and solid Linux support.

This. Although you do have to contend with the irritation of how Google and other service providers react to you apparently inhabiting multiple timezones at the same instant. With PIA my Gmail account was forever getting locked (though oddly, if I used Inbox, it worked perfectly). So far, with VPN-Unlimited, this hasn’t been an issue.

Seems to be a big difference in Price. http://www.cyberghostvpn.com is probably what I would go for and seems well known. I will go for one once I move house next year but price for me will be key. Also I will want some devices non encrypted as I am sure some websites won’t like it and refuse to work

There isn’t a single thing that doesn’t anger or terrify me about this. From the way it took 5 (I think) attempts to get this through, especially as it was pushed through behind the Brexit curtain. The fact that MPs are treated differently to everyone else; they have to been signed off by the PM. All the way to the fact it’s just legalising what the government have been doing for years anyway (and probably much more).

It represents a really upsetting regression in liberty that this government seems to be running with. A real march to the right, to the point of calling female ejaculation (and thus orgasm) “unconventional”. When I first read that, I kind of awkwardly laughed it off as coming from some very out-of-touch people, but - on reflection - it’s a very scary precedent being set.

I’m 25 years old. When I was young, I would ask my teachers / elders about history (because it fascinated me). I remember that the primary reasoning for why dictatorships are bad always being “because they spy on their citizens to oppress them”. Now, it seems, we’re there in the UK.

Using a VPN within the UK to encrypt your traffic across your ISP connectivity to avoid observation is moot, since any traffic egressing the UK will probably be caught by TEMPORA.

Using a VPN outwith the UK, your fully-encrypted traffic egressing the UK will likely be tagged as suspect. If your VPN endpoint is within the USA, you may be monitored by PRISM, et al.

Rather than attempt to workaround the problem, we should all be working to remove the problem in the first place. Write to Them is thataway.

s/Rather/As well as/, I think. Agreed the actual fix here is to have a government who doesn’t want to monitor. But… there is value in protecting oneself in the meantime, since at least part of the worry is that backdoors in the system can and will be used by non-government actors, and that’s less of a concern if one is VPNed (and uses https, and ssh rather than telnet, etc, etc).

1 Like

One thing I have noticed is no one has mentioned Tor as a viable way of hiding your traffic. Performance issues aside, is Tor no longer trusted? I’ve heard stories about governments owning endpoints so they can snoop, but I haven’t really paid much attention lately.

Speaking purely for myself: if you use Tor to only hide the secret bits of your traffic then you’re at greater risk if Tor is ever compromised, but if you use Tor for all your traffic, it’s unbearably slow. Also, using Tor itself marks you out currently as “someone who needs watching”, although a VPN would currently do the same.

2 Likes
Please respect our code of conduct which is simple: don't be a dick.