110
linuxxx
6y

The new Dutch mass surveillance law goes into action on the first of May. I'll of course have a good security setup ready but that does not stop the bulk data collection.

I just setup a website which (still in English at the moment) requests a random search result from bing, google or DuckDuckGo every 3 seconds.

Will work on making it more 'real' :)

If stopping the surveillance isn't an option, let's add more data to filter out for them!

Comments
  • 8
    What about the track me not extension?
  • 2
    Not even usinga VPN helps?
  • 23
    @namenlossss Referendum was against it, they changed the following in the law:
    - data retention went from three years Max to one year max. Detail: they may extend this one year up to two times. Effectively still enabling three years of retention.

    - the bulk collection has to be more 'targeted'. No explanation except for that so no clue if it's even improved.

    - they have to weigh in whether a country has good Democratic values now when wanting to share raw bulk data with foreign countries. The difference is that its actually on paper now so about nothing changed.

    Yeah, that's it 😡
  • 8
    @Condor What's the point of blocking their surveillance servers when all they do is copy/duplicate traffic at interception points?
  • 7
    @gitpush Of course it does but adding shitloads of data is going to make the surveillance less effective :)
  • 3
    @korrat This isn't about Google tracking etc but about intelligence agency mass surveillance :/
  • 2
    @Condor Most of their surveillance will be done through those neighborhood Internet points and interception at ISP level so blocking anything wouldn't help much that way :(
  • 2
    @linuxxx i know. But what's the difference between your website and such an extension?
  • 3
    @korrat A do not track extension asks websites not to track you.

    My website generates loads of bullshit data/requests :)
  • 4
    @linuxxx I was talking about this specific extension:
    https://addons.mozilla.org/de/...
  • 3
    That's pretty fucking clever.
  • 1
    Wait! They can track ddg search? GET parameters are supposed to be protected by ssl/tsl, they can just track IPs no?
  • 2
    nice idea now you're thinking like me even if it's a bit overkill. personally I just use my vpn when I'm working or on personal sites and turn it off at night when I'm screwing around
  • 2
    @-vim- They probably own a root cert to decrypt the SSL traffic.
  • 3
    @linuxxx do you still recommend mullvad? or should i (atleast i was thinking of) get a vps in germany and installing OpenVPN

    Or do you recommend / know a different country with more / better privacy laws?
  • 1
    @linuxxx I see now, good thinking 😎
  • 2
    @linuxxx @sjoerd how about a open source project with raspberry pi's sorth of pihole but then crawling the web (trying To nimic random web searches, clicking links "reading websites")?
  • 1
    @incognito I had this idea myself but unfortunately it seems like most vps hosters don't support hosting a VPN Server.
    I'd recommend you to check that before you rent anything.
  • 2
    @incognito Yup still recommending it! NordVPN and AirVPN are good ones too :)
  • 3
    @Condor Oh I use vpn full time but this is not about hiding data, it's about generating loads of data which hopefully will make the surveillance less effective.
  • 3
    @Condor the intent of his project is to generate a lot of bogus traffic to mask the real traffic.
    Imagine having to search for a pebble with a small black dot in a pile of pebbles.

    @Linuxxx do you plan to open-source your project?
    I have had a similar project ready to go (school was spying on the URLs we where entering on our school PCs) a while ago but lost the source due to a server crash at home two years ago
  • 1
    Guys, hold your horses.
    Everything after ddg.com/ is encrypted by TLS, meaning the search query and of course the results.

    They can only decrypt traffic for websites that use the state owned TLS certificates.

    Just distrust those certificates.

    They will only be able to know the website you visit but not the content.
    If you use a VPN, not even that.
  • 1
    @Finnim the search string (URL n stuff) will still be in the browser history n stuff.
  • 3
    @incognito I don't know which country you should get but Germany isn't a great option. Lots of things are censored there so if you want to watch Youtube or play games while on the vpn I suggest picking another county.
  • 2
    @FinlayDaG33k
    True, but they don't have access to that unless they have access to your computer.

    The point is that traffic inspection can't decrypt TLS unless the site uses a certificate owned by the attacker (the state in this case). Almost no websites uses certificates issued by the Dutch government.
  • 1
    @Finnim idk the exact details of the new law out of my head, but I thought they where allowed to use zero-days and do MITM attacks (which combined with zero-days might become a dangerous thing)
  • 2
    @FinlayDaG33k Yes that is dangerous, but it will affect your system not traffic encryption.

    Traffic encryption is very very very unlikely to be compromised as long as people use trustworthy certificates.

    What I mean is that random ddg searches will accomplish nothing because unless your system is beached they won't know the content of those searches.
  • 1
    @Finnim it would still accomplish something and that thing is still winning you a lot of time by masking your real searches
  • 1
    @FinlayDaG33k if they breach your system they will almost certainly be able to tell apart a real search from an automated search.
  • 3
    @Finnim my interpretation of @linuxxx 's idea is to create a lot of garbage data that they need to filter through, they are allowed to store encrypted data for 5 years, so if you have A LOT of encrypted data of which 50% (or more) is garbage, filtering through that is going to be no easy task

    I'm even thinking of creating an open-source project that everyone can deploy on a pi, connect the pi to your network and let it crawl (let it create garbage data) for you

    Still awaiting @linuxxx reaction to this idea?
  • 2
    @Finnim they can track the IPs of media queries, or even the whole media query if it ain’t sll/tsl
  • 2
    I was thinking of making something like this. Beat the mass tracking by just giving them to much data. Like everything, folllow everything. Visit everything.
  • 4
    @incognito This is my exact idea!
  • 4
    @linuxxx do you want to help me create a type of pi hole? (ef-aivd) that crawls the web for you (and hopefully for other people in the netherlands as kind of a Digital protest)?
  • 1
    @incognito Yes! You've got me on Signal so that'll work out great 😃
  • 2
    @linuxxx @incognito if you need somebody to retard test it, feel free to hit me up :)

    I do have Signal, but I don't have you guys :\
  • 1
    @gitpurge They surely will . Point is what they gonna do about it 😈
    He is doing nothing wrong 😹 @linuxxx
  • 0
    @linuxxx I use my own VPN + tor that is on vps. And in addition to that some extra extension I use is privacy badger , https everywhere yes and for ad block I use ublock origin with nano adblocker(add-on to ublock) when I use normal internet otherwise tor browser as it is.

    Isn't that good for privacy???
Add Comment