So you value your privacy and don’t appreciate the amount of access that governments have to your information? You’ve signed up for Signal or ProtonMail or other encrypted messaging systems. You might use a more secure browser like Brave or Firefox with a good ad blocker – I’m a fan of all of these, and if you haven’t already, I’d suggest you check some of these products out. They are essentials to protect our privacy.
But in the Australian context we need to be aware of the most pervasive surveillance that the government and enforcement agencies have. A surveillance system that is still collecting information on all of us as we make our encrypted voice calls via Signal.
Metadata retention was legislated in 2015, requiring all telecommunications companies to store information about the websites we visit, the phone calls we make, the SMS that we send and all the connections that we make over the internet.
This information will be stored for a minimum of 2 years and all major law enforcement agencies in Australia have access to this information without a warrant.
Image caption : ABC raids highlight Australia’s war on whistleblowers and journalists highlights why we need to protect privacy.
For an idea of the scale of use of this metadata, the NSW police made almost 100,000 requests for information in a recent 12 month period*, while VIC Police followed closely behind with almost 93,000 requests. In comparison, the number of warrants to listen in to phone calls and internet communications is around 1% of those numbers.
If we care about our privacy, we need to consider metadata. Which brings us back to that voice or video call via Signal. Firstly, props to you for using Signal. It’s a great app which in my opinion gets the balance of security and usability about as good as it gets. When you send a message via Signal, information is sent to the Signal servers and then on to whoever you are sending it to. All the teleco knows is that you connected with Signal.
On the other hand, when you make a voice call, the communication is sent directly from your phone to the phone you are talking with, and your telco records this detail. As far as metadata retention, they store as much information on a Signal voice call as they do on a regular phone call. This would likely apply equally for many other voice or video systems.
Your Brave browser goes a long way to stopping Google or Facebook tracking every site you visit on the internet, but it can’t stop your telco collecting similar information.
Image caption : Once your data’s out there, there’s no way of getting it back
Adding a VPN changes this equation. A VPN or Virtual Private Network is an encrypted connection to a server somewhere on the internet. It allows us to surf the internet from that server, so websites we visit or other services we access see our location as that server rather than our computer. Once we use a VPN all that our telco sees is that we are using a VPN. Our metadata record will simply show which VPN we use (and when we use it). It will not show that we use Signal or Protonmail or Facebook.
Of course government agencies have the power to get a warrant to access VPN providers, particularly if they operate in Australia. So it is worth getting a VPN that doesn’t keep logs of your activity (or keeps logs for short periods like 24 hours). Many will advertise this. You may also consider services located outside the 14-eyes intelligence alliance, a group of 14 nations that work together on intelligence and surveillance issues.
But even if we can be surveilled via a warrant, this is still less likely to occur than through vast metadata access, simply due to the effort and time it takes to access.
If you are ready to take the VPN leap, I’d suggest ProtonVPN. It is outside the 14-eyes countries, does not keep logs and is a trusted name in secure private communications. They even provide a free version to give it a try. You should always be suspicious of free services – always ask what their profit model is – in the case of ProtonVPN, they hope that the free version will encourage you to buy their premium services which are well worth it.
No doubt there are many other excellent services that others will advocate for, but in the end all security conscious folk will agree, that in order to protect our communications and those that we communicate with one of the best moves you can make will be to get a VPN.