How to protect your online communications

The Draft Communications Data Bill, aka “Snoopers’ Charter”, has passed the House of Lords. There is nothing stopping it from becoming law in the UK. This legislation makes extremely invasive eavesdropping and data collection legal. It legalizes direct hacking of devices (computers, phones, whatever), mandatory metadata collection by all ISPs in the UK, and a new fast track for warrants. If you live in or do business with the UK this directly effects you. This law will make every UK communication provider a spy.

This isn’t the sort of thing I usually write about. I like to write about design and code, but what this law allows is so egregious I felt compelled to put together this quick guide. So here are three simple steps you can take to protect yourself online.

  1. Make your voice heard
  2. Protect your communications with a VPN
  3. Use Tor

Step 1: Make your voice heard

If you object to this law and reside in the UK you need to write to your MP and express your honest thoughts about this bill. That’s it. Only takes 5 minutes.

Step 2: Protect your communications with a VPN

A virtual private network (VPN) is a service which encrypts traffic between your devices and the VPN’s servers. When you normally surf the web, all your communication goes through your internet service provider (ISP) unencrypted. The ISP can log this activity and store it for later. This is one type of data that the Snoopers’ Charter forces ISPs to collect.

With a VPN, all traffic from your computer to the VPN’s own servers is encrypted. Even if your ISP has tapped directly into your online communications they will only see an unintelligible mess.

Does a VPN give you complete privacy online? No, but it severely limits the data that eavesdropping can collect. There are a few things to keep in mind with VPNs:

  1. Your communications are only as secure as the VPN you use
  2. There are other methods available for tracking you online (cookies, ad & plugin fingerprinting to name a few)
  3. The VPN server you connect to (sometimes called “exit point”) must be outside of the UK to evade bulk data collection by your ISP. Most services have many to choose from.

So, which VPN should you use? There are many great providers with excellent security records. The two that I highly recommend are NordVPN and ExpressVPN.

Extra credit: Use Tor

For most people, a good VPN will provide a sufficient level of security. If you want to take your communication anonymity to the extreme, then using Tor is next step. Tor is a anonymity network which bounces your communications between a series of relays, encrypting it each bounce. No node knows the start or end point of the traffic, just where it needs to go next. This makes tracing any communication near impossible.

Setting up Tor is much more complicated than a VPN. If you're interested in trying it, I suggest downloading Tor Browser. Tor Browser is a modified version of the popular Firefox internet browser that has Tor enabled by default. Anything you do inside that browser is encrypted and anonymised.

In exchange for this extra level of security you will sacrifice speed. Because Tor bounces your traffic through other networks and computers, it can be anywhere for 10 to 20 times slower than your normal connection. That’s the tradeoff.

Start now

Whatever side of the internet privacy debate your fall on, you owe it to yourself to understand how your private communications are being attacked and how to defend against these intrusions. If you are as concerned about freedom of information as I am please consider supporting groups that are fighting for our rights, like the EFF, Liberty, and the ACLU.