This serves as a strong warning to those who value their anonymity. If you aren’t already accessing the Internet through VPN or another deidentifying service, you may be ‘on the list.’ Go silent today! VPN is one effective option. I use TOR. VPN will allow you to use some services that TOR blocks to protect you, but VPN costs money and TOR is free.
Important Message From JWR: The FBI’s Cookie Caper and the VPN Imperative
It has just come to my attention that from August of 2011 to November of 2011, the FBI secretly redirected the web traffic of more than 10% of SurvivalBlog’s US visitors through CJIS, a sprawling data center situated on 900 acres, 10 miles from Clarksburg, West Virginia. There, the Feebees were surreptitiously collecting the IP addresses of my site visitors. In all, 4,906 of 35,494 connections ended up going to or through the FBI servers. (Note that this happened several months before we moved our primary server to Sweden.) Furthermore, we discovered that the FBI attached a long-lived cookie that allowed them to track the sites that readers subsequently visited. I suspect that the FBI has done the same to hundreds of other web sites. I find this situation totally abhorrent, and contrary to the letter of 4th Amendment as well as the intent of our Founding Fathers.
I recognize that I am making this announcement at the risk of losing some readers. So be it. But I felt compelled to tell my readers immediately, because it was the honorable and forthright course of action.
Working on my behalf, some volunteer web forensics experts dissected some cached version histories. (Just about everything is available on the Internet, and the footprints and cookie crumb trails that you leave are essentially there for a lifetime.) The volunteers found that the bulk of the FBI redirects were selected because of a reader’s association with “Intellectual Property” infringing sites like the now defunct Megaupload. But once redirected, you were assigned a cookie. However, some of these were direct connections to the SurvivalBlog site (around 4% of the total.) So if they had kept this practice up long enough and if you visited us enough times then the FBI’s computers would have given you a cookie. This has been verified with sniffer software.
Bad Cop, No Cookies
For your privacy, I strongly recommend that you disable cookies when web browsing. Here are some detailed instructions on how to do so for the most popular web browsers:
•Disabling Cookies in MS Internet Explorer
•Disabling Cookies in Firefox
•Disabling Cookies in Safari
•Disabling Cookies in Netscape
•Disabling Cookies in Google Chrome
•Disabling Cookies in Opera
•Disabling Cookies in Konqueror
But beyond that, more must be done to protect your privacy. You need to be proactive.
Install and Use VPN!
I am now imploring all SurvivalBlog readers to immediately install and use Virtual Private Network (VPN) on their computers. This will allow you to surf the Internet anonymously. Anyone that tries to track web site visitors e-mails will see your visit as originating from one of dozens of anonymous URLs in Europe, or elsewhere in the United States. (With most VPN services, you may pick the city of your choice.) With VPN active, your connection to the Web is “tunneled”, emerging at a far-distant IP address, and it it would be very difficult to track back to your home IP address. Setting up VPN takes just a few minute to accomplish. Once installed, you can set VPN to turn on automatically by default when you start your PC, Mac, or Linux computer. Most VPN providers charge $5 to $20 per month. You can toggle off VPN with the click of your mouse. (You will find this necessary if you visit any of the few web site that disallow overseas IP addresses, such as Netflix). But I recommend that you leave VPN turned on, as much as possible. Set it up to turn on each time that you start up your computer. It is crucial that you use VPN whenever you visit web sites, blogs, and forums that are deemed politically incorrect, or whenever you purchase storage food or firearms accessories on the Web. For those of you that are not tech savvy, ask a friend or relative under age 25 to set up VPN for you. It is not difficult.
Some recommended VPN service providers include:
- StrongVPN ($55 to $240 per year. One of the most flexible in reassigning the far end of your tunnel on the fly. Superior speed.)
- 12VPN ($79 per year.)
- AceVPN ($55 per year. A bare bones service, but one of the least expensive.)
- HideMyAss. (Just under $79 per year.)
- PureVPN. ($75 per year for their basic service.)
(Some reviews of the various services are available here. )
Note that some of the lower cost services might see your connection speed suffer. Your Internet connect will seem noticeably slower than using your original ISP, alone.
It is my hope that in the next two months SurvivalBlog’s site visit map will shift substantially, giving the appearance that most of my readership has moved to Switzerland. Say “Ein Glück, dass wir den los sind” to the FBI’s snooping! It would warm my heart to soon see SurvivalBlog ranked as one of the most popular web sites for readers with Swiss IP addresses.
Because government agencies have access to lots and lots of computing power, VPN is not completely impenetrable. It is vulnerable to penetration during the key exchange phase. With the resources available to a state actor, sniffing the entirety of the traffic into and out of a web site is trivial these days. (They can use massively scalable horizontally-scaled virtual sniffers — i.e. using a visualization engine and a template they can keep adding more virtualized instances of a windows or Linux based sniffer program and not even impact the performance of the connections.) I believe that the next loop of the threat spiral in the privacy wars will be Quantum Key Distribution (QKD). But I must clarify that this will become important only for the most high profile media commentators, bloggers, and activists. This is because all the spook legions with all of the mainframe computers in the world simply cannot backtrack everyone’s VPN tunnels. (And, as VPN becomes more and more popular, this supposed goal will become even more elusive.) And if you are high profile, don’t worry. Some very bright people are already working on QKD. Stay tuned.
Our Liberty is Stake
I want apologize for the cost, inconvenience and time required in implementing the foregoing security measures. But you can sleep a little better, knowing that you’ve added a layer of anonymity to your Internet presence. We need to recognize that the early 21st Century is a delicate time for individual liberty. Technology is leapfrogging while at the same time databases are filling at an alarming rate. These databases could provide dossiers on demand, for nefarious purposes. How you vote and how you “vote with your feet” (physically or virtually) are both of tremendous importance. Pray hard. Choose wisely. Act accordingly.
- Japanese student sets up free VPN service (net-security.org)
- Cannot access all network resources over vpn (community.spiceworks.com)
- Spotflux: Finally, A Free VPN (mac.appstorm.net)
- Iran blocks use of tool to get around Internet filter (en.trend.az)
- Japan’s VPN Gate Brings Free VPNs to the Masses (techinasia.com)