How to beat Australia’s internet surveillance

Not content with monitoring the internet, the Abbott government now seeks to censor it.

In March, the Coalition passed legislation to store every Australian’s internet metadata for up to two years. Now legislation has passed the Senate, with Labor’s support, that will force internet service providers to block access to certain websites.

Censoring the internet has been attempted by many governments around the world. Britain has had similar website blocking laws in place since 2011, with minimal success. China’s “great firewall” is one of the most expansive, yet it has countless loopholes used by political dissidents. Even my old high school tried to block websites but could never outwit its students, who always found ways of getting around the restrictions.

After passing the metadata retention laws, attorney general George Brandis admitted, “I’m not saying it’s easy to get around, I’m allowing for the possibility that it may be got around”. Actually it is easy to get around. Here’s how.

Use the onion router

When you normally visit a website, your computer makes a direct connection with the server the site is hosted on. The IP address of the sending and receiving computers, along with what is requested, forms the basis of metadata.

In Australia, this metadata is now stored for at least two years and can be analysed by the government and police. A key way to evade this surveillance is by obscuring your metadata using a tool called the Onion Router (TOR).

TOR works by sending your website requests through a large multi-layered (like an onion) network of computers across the globe. The computer that eventually accesses the website is someone else’s at the end of the network.

TOR also encrypts your internet traffic, making any metadata it generates unreadable to prying government eyes. Its effectiveness is evidenced by it being a common tool used by whistleblowers around the world to hide their online communications.

TOR can be downloaded at torproject.org. It comes bundled with a custom version of Firefox that is configured for the TOR network. Once installed, it will launch this browser and will take you to a special “checking” website to confirm your browsing is now secure. This page will also alert you to any updates to the software, which are important to heed if you want to stay secure.

Take note that only this browser will use the network. TOR is also available for Android devices by searching for “Orbot” and “Orweb” in the Play Store. It is not currently available on Apple devices. Some products in the Apple Store do claim to be TOR clients. None are officially endorsed or independently proven to be secure.

Use a virtual private network

One limitation of TOR is that the rerouting significantly slows down your connection. It is not useful for any serious downloading such as on file sharing networks or streaming content that may be blocked in Australia.

In June 2013, the Standing Committee on Infrastructure and Communications published a report recommending that Australians should bypass such geolocation blocks. The fastest way to do this is with a virtual private network (VPN).

These types of networks are commonly used by universities and other organisations. They allow secure remote connections to their networks via the internet. They work similarly to TOR by encrypting your internet traffic, but they don’t go through the same multi-layers that provide its anonymity.

This means that the government can’t immediately access your metadata. If you are connected to a VPN in the United States, any website you visit will think that you are also in the United States because that’s where the computer requesting the actual data is from. This is a very effective way to get around accessing content that is blocked in Australia.

Despite the fact that legislation has been passed to allow the Australian government to block certain websites, use of a VPN will get around it. The government’s filter most likely would work by blocking websites by their IP address. By using a VPN, you would never directly visit the blocked IP address. Instead your VPN provider would. It would then send the website to you. The other logical flaw with blocking websites by IP address is that the website in question could just change its IP address to get around the filter.

There are many free and paid VPNs available, such as HotSpot Shield, IPVanish, CyberGhost and TigerVPN. Purchasing and setting up a connection is quite straightforward. It’s as simple as signing up with a VPN provider, downloading and installing their application and selecting where in the world you want to be connected to.

As long as the connection is maintained, all of your internet traffic will route through the VPN. Like TOR, many providers also have apps available for mobile devices to ensure you are secure wherever you go.

A few important things to consider when using a VPN are the security protocols used and the provider’s attitude to privacy. Each VPN provider will offer a range of different encryption methods that you can select with varying levels of security.

The most secure is OpenVPN (sometimes called SSL/TLS), followed by IPSec and L2TP. PPTP has known vulnerabilities and you should avoid services that offer only this method.

Whether your provider records your metadata or “logs” is an important consideration. Use of a VPN hides your metadata from immediate collection by your internet service provider or government. But your VPN provider might still collect it. Some providers have been known to hand this information over to requesting governments or corporations. Others refuse to keep any logs on their customers.

Doing your own research is important for finding a VPN provider that meets your needs. There are many websites such as Lifehacker and the Australian consumer advocacy group Choice that have some useful reviews of VPN providers and how-to guides for further information.

All attempts by the government to censor and monitor the internet need to be opposed. However, the reality is that vast monitoring is already happening. The suggestions above are not exhaustive but are important steps people can take to make our increasingly surveilled lives a little more secure.


The author can be contacted at [email protected] using this public key if encryption is required.