6 tips to protect your data from increasing Australian surveillance
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email

BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. Photo Illustration: Thomas Trutschel/Photothek via Getty Images Israel

BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. Photo Illustration: Thomas Trutschel/Photothek via Getty Images Israel

If you are an Australian citizen, then you better boost your online security before ISPs and Telcos intercept your data

Australia’s parliament – which passed a controversial metadata retention bill in October 2015 – issued an 18-month deadline to all ISPs and Telcos. The deadline was given so that ISPs and Telcos could come up with a plan to follow the mandatory data retention order, which requires ISPs and Telcos to store metadata on every Australian civilian for at least two years. While the orders were made in the name of ‘precaution for national security,’ privacy advocates view this mandate as nothing more than bogus. Since the deadline has expired, ISPs are now forced to perform data retention.

Such measures exercise surveillance on all civilians in Australia through ISPs and Telcos, without any warrants. About one year ago, federal departments – who are unauthorized to access metadata – dodged the data retention bill restrictions and asked the AFP, Australian Federal Police, to work as companions.

According to Dr. Rob Nicholls of the University of New South Wales, Australia is “putting national security interests ahead of privacy concerns,” and the vast majority of metadata access is used for drug crimes, not terrorism or security operations.

What does metadata look like?

The following information might include your metadata since Telcos and ISPs both are now empowered to retain data in Australia:

  • Your name and address.
  • All the details of mobile phones and apps, including your SIM mobile number.
  • All the details of emails, except body content.
  • Recipients of your communications.
  • Date and timestamps of any communication via social media, email, messaging apps, websites, and mobile, etc.
  • Location of your internet-connected devices (cell towers and Wi-Fi hotspots), etc.

How to protect yourself from metadata retention

Here is how to protect your privacy against Australia Data Retention Law.

1. Get a VPN

Life without the internet might sound like pizza without pepperoni, or worse. Our ISP has access to our online information and activity. The ISPs store all this information to allow government authorities access to this information without any search warrant, as per the metadata retention laws.

To prevent ISP monitoring, you should get a VPN subscription that encrypts your internet data pockets so that your ISP cannot monitor your online activities. A VPN masks your IP address and relays your traffic through a series of different servers, making it difficult for ISPs to trace back to your original location. Thus, a VPN provides you anonymity.

Nevertheless, you must never go for a free VPN service, since they sell your information for profit. Therefore, it is worthwhile to pay for VPN services because you get what you pay for.

2. Get Tor

Being a security freak, if you are still uncomfortable with the services offered by a paid VPN provider, then you can switch to Tor network: a volunteer-based browser. It is not just similar to other browsers, but also bounces your traffic through different relay nodes after encrypting it, so that it becomes difficult for your ISP to track you down.

The only drawback associated with Tor browser is that it only encrypts the internet data that is limited to the browser; the rest of your online data remains unencrypted. Tor network also can be slow because it bounces your web browsing data through several relay nodes.

3. Encrypt mobile calls and SMS

Tapping on your mobile calls and SMS has been around for decades and is an old government surveillance tactic. With the new metadata retention laws, both surveillance agencies and mobile companies can spy on your metadata. You may not be able to prevent mobile calls and SMS tapping, but you can at least encrypt some of your information via end-to-end encryption.

Various secure messaging apps such as WhatsApp, Wickr Me, and Telegram provide end-to-end encryption, which is free for calls and messages. Since none of your communications get stored in these apps, metadata retention becomes useless.

4. Encrypt your e-mail

With the implementation of metadata retention laws, your email communications are also being monitored. Therefore, your top priority should be to secure your email. The most important aspects include the sender and recipient of email addresses, and timestamps. Tutanota or Protonmail are email services that provide end-to-end email encryption. Other services like Outlook and Gmail do not support such services, but you can use third party extensions. An example of such an extension is Mailvelope, which uses OpenPGP encryption to encrypt your emails.

5. Use HTTPs everywhere

HTTPs is abbreviated for HyperText Transfer Protocol Secure. This protocol lets you discriminate between a secure website and an insecure one. HTTPs ensures the encryption of the data that is being exchanged while browsing a website. Still, some websites use the HTTP service instead of the HTTPs, and some provide limited support for encryption over HTTPs.

On many websites, HTTPs can be offered as a default. Therefore, the HTTPs Everywhere browser extension – provided free by EFF – can be used to enforce SSL connections on various websites. This extension is used by many different browsers including Chrome, Opera, and Firefox, so that sensitive information can stay safe from metadata retention.

6. Block social media tracking

In this era, social networking has emerged as a portal to our online identity. It is perhaps the most important archive for metadata retention, a place where ISPs can easily gain insight into our daily lives. Such information is crucial for not just monitoring a person’s activities, but also for marketing analysis. But by blocking the scripts used to track you by different forums like Facebook and Twitter, you can easily avoid social tracking. To block such scripts, you can use extensions like Disconnect or Privacy Badger, which will send ‘DO NOT TRACK’ requests to these websites and protect you from metadata retention.


Since the Investigatory Powers Act in the UK, many countries that were not following mandatory data retention system before were forced to perform data retention of every netizen. Since the online privacy and security of every Australian citizen is thus at stake, encryption services are gaining popularity and strong footholds within the digital industry. Therefore, we suggest you follow the above-mentioned security measures to eliminate the risks of getting your sensitive information exposed.

The views expressed are of the author.

Geektime invites global tech and startup professionals to share their opinions and expertise with our readers. If you would like to share your point of view, please contact us at [email protected]

Share on:Share
Share on Facebook
Share on Twitter
Share on Google+
Share on Reddit
Share on Email
Peter Buttler

About Peter Buttler

Peter Buttler is a professional security expert and lecturer. He serves as a digital content editor for different security organizations. He writes about security trends and other technology stuff. You can follow him on Twitter.

More Goodies From Lists

Top 10 tech startups making noise in Melbourne, Victoria, Australia

Top 10 tech startups building in the Big Apple (New York City)

Top 10 tech startups in Calgary, Alberta

  • Anthony Migeus

    6 tips but the first and most important is to use a VPN. Agreed the free VPNs are garbage. I recommend either ExpressVPN or PIA. Both are logless and offer tons of servers (though I think ExpressVPN has more choices in Asia).

    • Craig Thomas

      “Logless” means nothing. Nobody needs to be intercepting your traffic to know which IP addresses are engaged in illegal activity.
      If Paramount sees your VPN’s IP address torrenting their intellectual property, they will take it up with your VPN provider who will sheet it back to you.

  • Craig Thomas

    Another uninformed article about Data Retention. There is nothing whatsoever subject to Data Retention in relation to mobile phone apps, social media, messaging apps and websites. As 187AA, 4, of the Act makes clear, these are not “relevant services”.
    Therefore a VPN changes absolutely nothing in relation to what is being retained. Not a thing.
    On the other hand, your VPN provider now has access to your unencrypted personal and private data – and if they are overseas, that makes your data vulnerable to their local laws (or lack thereof).
    Not to mention many VPNs are actually honeypots setup for the specific purpose of stealing people’s private data.
    “Get a VPN” is not just irrelevant advice in relation to Data Retention, but it will open you up to far worse risks than if you hadn’t. And your internet browsing will be slowed down.