from the what-about-shared-IP-addresses? dept.
If you used the World Wide Web anytime after 2007, the United Kingdom's Government Communications Headquarters (GCHQ) has probably spied on you. That's the revelation contained in documents published today by The Intercept, which detail a GCHQ operation called "Karma Police"—a program that tracked Web browsing habits of people around the globe in what the agency itself billed as the "world's biggest" Internet data-mining operation, intended to eventually track "every visible user on the Internet."
Karma Police—apparently named after the Radiohead song—started as a program to track individuals listening to Internet streaming audio "radio stations" as part of a research project into how radicals might "misuse" Internet radio to spread their messages. Listeners to streams that included Islamic religious content were targeted for more data collection in an effort to identify their Skype and social media accounts. The program gradually grew with its success. According to GCHQ documents, by 2009 the program had stored over 1.1 trillion "events"—Web browsing sessions—in its "Black Hole" database. By 2010, the system was gathering 30 billion records per day of Internet traffic metadata. According to another GCHQ document, that volume grew to 50 billion per day by 2012.
I'm sure none of are really surprised by this, but I'm curious... How many of you (if any) are tunneling all their traffic through VPN providers to get around this monitoring?
Related Stories
GCHQ are a bunch of over-achievers, save for one achievement: reporting the security flaws they discover in order to get them fixed. Instead, their hacking capabilities have substantially increased:
The UK has substantially increased its hacking capabilities in recent years, an official report says. This includes the ability to attack other country's communications, weapons systems and even infrastructure. The details were revealed in the annual report of the Intelligence and Security Committee, which oversees the work of intelligence agencies. It said GCHQ had "over-achieved", creating double the number of new offensive cyber-capabilities expected.
The report said GCHQ's allocation of effort to develop hacks had increased "very substantially" from 2014. The programme of developing the capabilities is divided into three tranches and GCHQ said that it had just finished the first. "We... actually over-achieved and delivered [almost double the number of] capabilities [we were aiming for," an official from the agency told the committee. The details of the successes are classified in the public version of the report.
GCHQ is also upgrading its supercomputers, an effort referred to as Project Golf:
Project GOLF (£***m over ten years) is a project to enhance the supercomputing capacity that supports much of GCHQ's work. GCHQ has told us that this project is particularly critical, as it predicts that "projected mission needs will exceed existing data centre capacity limits in ***". GCHQ noted that its relationship with the US brought significant benefits ***. GCHQ has reported that this project *** is on track to be fully operational in early 2018.
Here are the annual reports (2016-2017 PDF).
Related: How GCHQ Manipulates Online Opinion
UKs Cyber Emergency Response Unit to Launch
Court Rules UK-US Surveillance Data Sharing was Illegal
GCHQ Tried to Track Web Visits of "Every Visible User on Internet"
GCHQ Tells CEOs They Won't Rat Out Data Breaches
(Score: 3, Funny) by Anonymous Coward on Saturday September 26 2015, @04:04PM
I use a VPN for all my internet access. I picked a VPN with thousands of exit nodes and on my PC I switch between them multiple times per day in order to obfuscate IP-based tracking. I set up my router to run a separate VPN tunnel for each device on my home network, again to reduce IP-based tracking. But I'm doing it to hide from Big Data not from Big Government because Big Data is an immediate threat to everyone - Big Government is only a threat to people who become interesting enough for the Eye of Sauron to focus on them. That's not to minimize the threat of Big Government, its just the cost-benefit ratio of deliberately hiding from Big Government is not high enough in my personal case -- ideologically I fully support both political and technical developments to degrade the Eye of Sauron.
(Score: 0) by Anonymous Coward on Saturday September 26 2015, @06:05PM
Recommendations? and I'm unclear what you mean by VPN tunnel each device via router in conjunction with the VPN service you purchased...
(Score: 0) by Anonymous Coward on Saturday September 26 2015, @06:21PM
My router has ~15 VPN tunnels operating simultaneously, I use policy based routing to send the traffic for each device on my home network through a different tunnel.
(Score: 2) by Whoever on Saturday September 26 2015, @09:35PM
Unless all your traffic is all https, you can probably still be tracked by your browser info, or the cookies that are passed between you and the websites you visit.
(Score: 0) by Anonymous Coward on Saturday September 26 2015, @10:15PM
My browser info is randomized and cookies are erased routinely.
(Score: 0) by Anonymous Coward on Sunday September 27 2015, @12:16AM
> Unless all your traffic is all https, you can probably still be tracked by your browser info, or the cookies that are passed between you and the websites you visit.
HTTPS prevents eavesdropping, if non-government actors are eavesdropping on all VPN exit points then they are so rich that they might as well be a government.
Cookies: Self-Destructing Cookies [mozilla.org]
3rd party tracking: Request Policy [github.io]
(Score: 1, Offtopic) by Gaaark on Saturday September 26 2015, @04:42PM
...but have only been using it for some activities.
Now i'm wondering what big brain fart made me miss that i should be using it for almost ALL activities. ("Sure is smelly in here": signed, your brain!)
Will have to start, and i also missed the idea of switching throughout the day: another brain fart.
("DAMN SMELLY!")
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 1) by number11 on Saturday September 26 2015, @06:13PM
It's good to use VPN for everything. First, because it's hard to know what innocuous detail, perhaps combined with other seemingly innocuous details, may breach your security. Second, because the more VPN traffic there is, the more difficult it is to identify and crack any particular session, it increases the background noise.
The hard part is knowing if any particular vendor is trustworthy. And even if they are, it may be that all their traffic is being recorded, correlated, and perhaps cracked. The Torrentfreak survey [torrentfreak.com] is probably the best info we have, but it assumes the VPN vendors are competent and honest.
Using a VPN does play hell with checking the local weather, though.
(Score: 2) by takyon on Saturday September 26 2015, @07:17PM
http://forecast.weather.gov/MapClick.php?CityName=Modesto&state=CA [weather.gov]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by gidds on Monday September 28 2015, @01:58PM
A VPN doesn't solve this problem, though, does it? Just moves it around. After all, the VPN still has an endpoint (exit node).
If you have one that's safe, secure, under your control, and not filtered or redirected or throttled, then fine — but what about those of us who don't? Perhaps, like free IP4 addresses, the long-term solution isn't to fight over the remaining ones, but to fight for something better.
(Yes, I'm afraid I'm repeating [soylentnews.org] myself, but no-one replied before, so nerr.)
[sig redacted]
(Score: 3, Interesting) by Anonymous Coward on Saturday September 26 2015, @07:17PM
Why the UK has had a relatively pourous border to extremist Muslim elements, this explains why.
Same as the US they're using the 'extremist threat' as an excuse for illegal programs and infringement of Western liberties while simultaneously allowing elements they know to be potential threats in so that when something happens their budget will recieve a surge.
While the terrorists think they are winning the only true winners are those scamming the public.
(Score: -1, Troll) by Anonymous Coward on Saturday September 26 2015, @07:58PM
Don't worry about the terrorists. Allah's getting [bbc.co.uk] very impatient [bbc.co.uk] with them now.
(Score: 1, Funny) by Anonymous Coward on Sunday September 27 2015, @12:18AM
> Why the UK has had a relatively pourous border to extremist Muslim elements, this explains why.
Is it racist weekend and no one told me?
(Score: 0) by Anonymous Coward on Saturday September 26 2015, @08:24PM
uhm ... errr ... we were to poor to buy wifi at the time and we just "abused" the DSLAM my friend and I were connected to at the time.
i doubt the volumetric non-dns-lookup but rather direct to ip-adresses ftp traffic across the street made a u-turn via london.
of course this could be wrong and this tripple number supporting spy agent( double -oh -seven) working for the english speaking 4 letter agency had alllll the monies in the world to install some hardware super-compression listening device (you gotta get the shit home somehow) in every indonesia, india, china. brazil slum (*) backwater ISP.
(*) feels like a slum if comparing the call girl stickers in greater london phone boots to what i'm seeing everyday
(Score: 4, Funny) by captain normal on Sunday September 27 2015, @04:18AM
No wonder the latency on my connections is so slow. What with routing between the NSA, GCHQ, Google Analytics and the TelCos' meta-data gathering, it's a wonder any page every loads at all.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 0) by Anonymous Coward on Saturday September 26 2015, @11:40PM
This article strongly implies that what we know the NSA does at home is being done on a global scale. We've already seen articles about where the NSA has packet sniffers in strategic locations around the globe, so it makes sense GCHQ does it as well--in fact, more likely, they're shared among all the 5 Eyes countries, especially since it allows the whole "I spy on your citizens for you, you spy on my citizens for me" thing from a technical standpoint. 5 Eyes (and probably Russia and China as well, at least) are trying to do an end-run around TOR and VPN by having a sniffer ready to catch traffic coming from the exit node, and maybe even the entrance node. Combined with defeating certificates at the CA level, it's only a matter of time--if they're not there already--before they can monitor you the vast majority of traffic in real time.
BTW, another article linked to from the first said that they were really interested in traffic from the Bahamas as well as Afghanistan. That one is obvious, but what's so special about The Bahamas?
(Score: 4, Informative) by turgid on Sunday September 27 2015, @10:33AM
The Bahamas is the traditional tax haven used by the British rich and powerful. I dare say a lot of money from iffy sources finds its way there.
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 1, Funny) by Anonymous Coward on Sunday September 27 2015, @05:10AM
I just run a background process that continually searches for, downloads, and then deletes goatse and tubgirl images. The bastards want to track me they pay with their sanity.
(Score: 0) by Anonymous Coward on Sunday September 27 2015, @04:25PM
Or low cost VPN?