Tag: Online Anonymity – Tag

Metadata Retention Scheme Begins In Australia

The Australian’s controversial data retention laws have come into effect, requiring telecommunication companies and Internet service providers to retain their user’s metadata. The data collected will be available to the law enforcement agencies and intelligence agencies, which they will use to fight crime and terrorism. The scheme has sparked a huge debate on what is being perceived as massive government surveillance, and the effects it will have on the online anonymity of the Internet users in Australia.

What is the metadata retention scheme?

Metadata is "data about data".Two types of metadata exist: structural metadata and descriptive metadata.The metadata retention scheme is a mandatory retention of data by telecommunication companies, internet service providers from their customers. The new law will require the companies to develop systems that will be used to store their customer’s data for two years. The data stored will be accessible to law enforcement agencies without the need for a warrant.

What data will be retained?

Metadata is the information regarding a certain communication. This includes who, where, when and how. For example, telephone companies will be required to store data about their customers’ phone calls and text messages. The data collected will include who the phone call (or text message) was made to, when the call was made, and how long it took place. However, there has been confusion over what data will be collected by the companies. The government has denied allegations that the content of communication or Internet activity will be collected.

Information that will most likely be collected includes:

1.    Names, address and billing information

2.    Telephone numbers

3.    Location data for mobile phones or internet-enabled devices

4.    IP addresses and email address

5.    Download and upload volumes

6.    Communication source and destination

7.    Date, time and duration a communication is made

How has the scheme been received?

The data retention scheme has received both support and condemnation. It has especially received heavy opposition from critics who are worried about the invasion of privacy and lack of online anonymity.

Journalists have also criticized the scheme, terming it as an infringement on the freedom of the press. Under the new laws, security agencies can use the data collected to identify journalist sources. While the attempt to identify the source will require a warrant, the proceedings will be held without the knowledge of the journalists and away from the public eye. In addition, government agencies will not be required to obtain a warrant when searching for a source amongst their employees.

Individual Internet users, whose privacy and online anonymity will be affected most, have also received the scheme with mixed reactions. According to a poll that was conducted prior to the scheme becoming law, 44% of the Australians were against the implementation of the new law. In 2013 (during a previous attempt to implement the laws), the data retention received an overwhelming opposition from the public, who were worried that the scheme would invade the privacy and online anonymity of internet users.

In computing, a computer keyboard is a typewriter-style device, which uses an arrangement of buttons or keys, to act as mechanical levers or electronic switches.
The Australian government has, however defended the scheme, claiming that it is necessary to fight crime and protect the country against acts of terrorism. Australia’s Attorney General has stated that the scheme will give security agencies the ability to effectively investigate crimes in an era where there is a continuous advancement in technology.

What are the effects of the metadata retention scheme?

With the implementation of the metadata retention schemes, the following are some of the issues that are effects that are expected to be felt:

1. Reduced online anonymity

While the telecommunications company will not retain the content of communications, the data collected will greatly affect the online anonymity of Internet users. Law enforcement agencies can use the collected metadata to build a profile and obtain details that are more revealing even than the content of the communication.

For example, law enforcement agencies cab be able to tell your financial history, items you bought online, medical issues you might have, your friends, people you are in a relationship with, if you are having an affair, and other kinds of information by just looking at the metadata collected. Internet users will therefore have a hard time maintaining their online anonymity, as any information collected might be used to identify them, regardless of how small it seems.

2. Increase risk of data theft

One of the main concerns with the data retention scheme it that it will increase the risk of stealing users’ data. Under the new laws, telecommunication companies will be required to collect metadata from all their users and store it in one location where it can be easily accessed by law enforcement agencies. The companies have warned of the dangers of such a system, stating that it will become an easy target for hackers. Internet users’ online anonymity might therefore be compromised further if their data was to be illegally accessed by hackers.

How to bypass the metadata retention scheme

While the data retention scheme aims to collect information that will help security agencies protect Australia, most of the affected people will be innocent citizens with no criminal activity. Fortunately for the ordinary citizens with nothing to hide, there are ways of maintaining your online anonymity and ensuring that as little information as possible is available for people to see. Here is a look at some of the top ways on how to prevent excess collection of your data:

1.    Be careful about how you use the internet

Telecommunication companies will only have access to your information if you give it to them. Therefore, you should be careful of how you use the internet to prevent them from collecting your data. Avoid posting overly personal information and photos about yourself and your friends in online platforms.

2.    Using proxy servers

Proxy servers allow you to hide your IP address and browsing history, which can help to increase your online anonymity. Some proxy services even encrypt the traffic from your devices, ensuring that no one is able to view what you are doing. However, metadata information collected can still be used to give an idea as to what you are doing. For example, ISPs collect unique information about the computer or device used to access a specific website, which can be used to identify you.

3.    Tor browser

A virtual private network (VPN) extends a private network across a public network, Tor is an online anonymity tool that encrypts the traffic going from your computer and bounces it through several servers around the world to mask your location. It is available free of charge, and is easily downloaded and installed on your computer. However, it can lead to latency issues. It can also make you a target of law enforcement agencies, since there have been quite a number of cases where criminals use it to hide their activities.

4.    Using a VPN

Virtual private networks (VPNs) are another great way of ensuring your online anonymity. VPNs encrypt the data coming to and from your device and completely secures the network you are using making it hard for anyone to obtain your data. VPN services will also offer you other advantages such as IP address hiding, which will make it impossible even for ISPs to tell your location or the websites you are accessing.

Tor’s .Onion Becomes Special-Use Domain Name

It was recently announced that .onion domain has been added to the list containing Special-Use Domain Names; this was done with help from the Engineering Task Force organization and Internet-Assigned Numbers Authority who together form part of ICANN. The technology was previously referred to as psdeuo-TLD, and made it possible for .onion domains to be applied on regular web. But now it’s only limited to the Tor network. There’s also possibility that site-specific encryption and use of Internet security certificates will follow.

Onion Domains

The level of online anonymity offered has numerous benefits not only to nefarious sites, but also news outlets which take it as a way of secretively gathering information, plus Facebook further uses it to protect accounts from unauthorized breaching.

Official recognition of this domain will help improve online anonymity for web users, by limiting the chances of their IP addresses being detected by other people. In light of these new changes, all applications including proxy servers which implement the Tor protocol must recognize .onion extension as unique by either accessing them straightly, or using proxy to do so. Similarly, those that don’t implement this network will generate a default error upon opening the onion site, they are also advised not to run a DNS checkup as this won’t help in resolving the issue.

Internet Domains

As for Libraries and Name Resolution APIs, respondents must either react to access requests by resolving them based on data from NXDOMAIN, also popularly known as tor-rendezvous. Similarly, Caching DNS Servers which may not have been explicitly improvised to interoperate with Tor shouldn’t attempt to check up records for network names, but must rather use NXDOMAIN for such queries. The same applies to Authoritative servers.

The prospects of TLS and SSL certification are important for standardization and wider recognition of Tor, both help give users confidence that the sites they’re dealing with are legit and capable of protecting their online anonymity. Generally, Tor ecosystem will benefit from same levels of security as the rest of the net but with an added layer of safety and online anonymity.

Behavioral Profiling: Tool That Can Shatter Online Anonymity

Researchers from GREYC research lab have engineered a behavioral profiling program that distinguishes different individuals through their keystrokes. Whether it’s your typing speed, consistency or frequency of making systematic typing errors, this technique obliquely shatters online anonymity. Though arguable benign data, it is crucial in identifying behavior and matching it to the right person. To further threaten your onlineanonymity, this technique easily pick up usernames and passwords when you visit membership-based websites; in essence, invading your privacy.

Online AnonymityWorking in close collaboration, behavioral biometrics and behavioral profiling precisely draft your online portfolio, making it easier to keep tabs on you as soon as you start typing and speaking online from a certain location; your facial features are analyzed as well. Whereas behavioral biometrics are based on subtle nuances in your typing patterns, voice, location and special features, behavioral profiling track your online presence after having analyzed your behavior. Each needs the other to accomplish what many loath; shatter your online anonymity without remorse. No one is in the clear when it comes to behavioral profiling.

Though it may appear relatively harmless when being collected by a single website, imagine the level of privacy breach involved when multiple websites, all big names in the industry and collectively owned by one entity, collect crucial information without the user’s content. These multiple sites act as information databases and when matched up and compared, your profile will be created within no time and with little or no gaps. The researchers at GREYC lab are using JavaScript or a profiling app to collect biometric data, especially keystrokes. The amount of time between your keystrokes is also noted and aids in creating your profile, further compromising your online anonymity.

If it’s perfectly normal for you to omit spacing your words, this technique developed by researchers will associate this behavioral trait with you more so if you frequent the same websites at a particular time of the day. Each time you add new information to these websites; this tool will gobble up the information, update it in your profile and continue mapping your different characteristics. Online anonymity, though bolstered by numerous passwords and sign-in options, will soon be an open book. Data mining entities are on the rise and some have already been bold enough to deny these claims even when evidence is presented.

Data MiningThe GREYC lab researchers have portrayed consistency in the results brought forth by their algorithm. Your keystrokes are not a rigid structure and from time to time, there will be considerable differences. Even then, the graphs used in identifying your online presence remain largely uniform, distinguishing you from anyone else whose behavioral traits seem to match yours. Just like fingerprints were and still are used for identification, this evolved to DNA and now keystrokes are beckoning to be the leading identifier online; the possibilities which this technology can unleash are limitless, especially in the cybercrimes units. Online anonymity may have been assured by private window browsing’ or application of passwords a few years ago but think again; the playing field has drastically changed and is no longer level.