Internet Regulation, Security & Privacy

Apologies if this thread already exists in some form or other.

Thought it might be good to have a thread on this topic. I’m fairly clueless on it but looking at the current climate and increasing authoritarianism as seen in the new Police and Crime Bill I feel like it’s something I should start to be more aware of. I sometimes read things around or discuss certain political or social issues and think it wouldn’t be that surprising if there were people keeping records. Wondered about getting a VPN but not sure if that’s overly paranoid?

Please feel welcome to use this thread for any related discussion or sharing of interesting articles etc.

Prompted partially by this - it’s one of those ones where some things seem good and others questionable (what counts as ‘pornography’; is Reddit a ‘pornography site’?) but I have no real idea.

3 Likes

@Hostile_17 Appreciate the thread scope is a bit broad but would really welcome any thoughts you have or suggestions of things to read / people to follow etc :+1:

1 Like

Not sure if this would be better in Serious Matters?

Tbh been using a vpn for over five years, and using protonmail for email for three.

Spent the last decade in digital marketing which gives pretty stunning insight into how easy it is to pull absolutely mad amounts of data on someone, totally legally.

So if I can do it with £20 and a mid tier understanding of data searching, the govt are absolutely already doing it to a much more serious degree

It ain’t paranoid if everyone is out to get you

3 Likes

Really need to sort the absolute mess that is my passwords out as well :man_facepalming:

What VPN do you use?

1 Like

The very 90s-sounding cyber ghost.

Yearly sub but can’t remember how much. They’ve never let me down tho

1 Like

Would highly recommend everyone gets a password manager and gradually migrates their passwords across into it. Absolutely invaluable tool. I use Bitwarden’s free account, but there’s plenty of others around - both free and paid.

3 Likes

I’d say it depends on what you’re trying to protect yourself from. A VPN is a useful tool as part of a securing your online presence as a whole, but there are often more valuable things you can do first to keep yourself safe IMO, especially as the web’s migrated over to secure-by-default connections. (For example, in general these days, your ISP or GCHQ can only see that you visited a website, not the pages you accessed or any of the data you uploaded), and a VPN doesn’t protect information such as your location or traffic profile from being looked at.

I’d want to concentrate on setting up secure password management, 2 factor authentication wherever possible, making sure my devices are well secured and reducing my digital footprint before thinking about a VPN, but of course if you were actively accessing websites that may be considered subversive then your thoughts on priority might differ :slight_smile:

(I realise this doesn’t answer any of your questions about the current climate etc)

Biggest priority is stopping corporate profiling really, but the stuff around protests etc matters too.

Definitely wouldn’t use it for foreign Netflix or anything like that, obviously…

1 Like

Gotchya.

In terms of profiling and fingerprinting, the best thing you can probably do is potentially switching web broswer, but it’s something I haven’t really looked into yet. I’ve heard good things about Brave, but don’t know enough to recommend it to anyone.

A VPN on its own couldn’t hurt, but wouldn’t really stop you from being profiled by companies - your location would be different, but all the other info they use (and there’s a lot of it!) would be the same.

If you’re interested in how it works, then there’s a couple of decent primers at AmIUnique and How Browser FINGERPRINTING Works (and How to STOP It) | Privacy Angel

For stuff around protests etc, a VPN’s probably fairly well suited to your concerns, but to be combined with being careful about what you share online in general :slight_smile:

Wouldn’t blame anyone who wants to get around region locks these days tbh. I’m generally against piracy, but the whole media landscape is designed to be hostile to the consumer.

1 Like

Essentially the fact internet regulation is seen through security paradigms means every bungling, decades late lurch governments make minimises any kind of humanitarian aspects that the internet could benefit from. This bill doesn’t even look worth the paper it’s written on really.

I swear this online safety thing has been batted back and forth by Tories over the past three or four years and never, ever materialises? I always thought it was just an easy bit of PR to appeal to the more boomery bits of their base and get some nice media coverage to make it look like they’re being Tough On This Thing.

What even… (from First Direct)

Companies can see the keystrokes you make when inputting data? The voice recognition made me uneasy (and I had to constantly explain I was trans as it never worked which, yeah), but this makes me feel a bit on edge. It’s a company called Callsign who seem to deal with lots of company and create a fucking creepy profile of you. I’m the process of switching banks but they probably all do this kind of thing.

How are we okay with this level of creepy tracking??

From the email:

Here’s how the extra fraud protection works

We’ll ask you to type in your email address as well as your one-time passcode. We’re not actually checking your email address here or updating our records; it’s how you enter it that matters (including your keystrokes). It’s known as ‘behavioural biometric’ data and it should be unique to you. We’ll record this data and it’ll be stored for up to 3 months, so it can be compared against your previous entries. We’ll then use this data in future, together with other information like your location and how you use your device, as an added measure to help us check it’s really you making the payment and to reduce the risk of fraud.

Unless I’m searching the wrong things Google brings up very little in terms of ethical critiques of behavioural biometrics. Genuinely bemused how this isn’t an issue and we’re expected to know (and not care) that it’s part of the small print for any contract nowadays.

The general societal acceptance of enormous levels of monitoring of our digital activity is beyond weird. If we had even a tenth of this level of surveillance in your daily life (there’s probably too much of that as well but still…) people would raise hell but because it’s digital :man_shrugging:

From ICO

Examples of behavioural biometric identification techniques:

  • keystroke analysis;
  • handwritten signature analysis;
  • gait analysis; and
  • gaze analysis (eye tracking)

Wtf. Gait and gaze analysis?

This is so fucking weird. But apparently completely normal so I should probably feel weird for thinking it’s weird.

A few years ago my line manager at work called me in to say that HR had said that I had clicked on a job advert during work hours (I had clicked on a job advert that popped up on a LinkedIn email). My boss showed me am email printout from HR, showing an automated alert from something called Terramind - which I googled afterwards, and found that it was basically a system that companies can use to keep track on what staff are doing/viewing, and getting automated alerts if certain sites are visited etc, and other various things. I saw that this software would allow HR to pretty much go back and watch everything I typed or viewed on my computer at any point, watching it like a video.
I kicked up a fuss to say I hadn’t done anything wrong and argued against it, and at least got the company to rollback on their policy of them stopping staff from doing this.

Anyway, it just means that I don’t do anything on my work computer that I wouldn’t want HR to ever call me up on. Definitely no DiS or any social media on my computer!