The UK Government have now passed a law (The Investigatory Powers Act brings) which makes it a requirement that all browsing history is recorded and stored, and can be used against an individual at any time. Every UK citizen is now a criminal by default.

Theresa MayThe UK Government has passed law which immediately means that everyone is now a suspected terrorist, making it a requirement that Internet Service Providers store all your internet history. As a general rule, most of us are not criminals - sometimes the line may be slightly blurred for people who are hobbyist ‘security testers’, but on the whole, people are good (with a biased shifted since as a general rule I hate most people). The people this law targets, on the whole already use these countermeasures, and have done so for years, which makes this law pretty much obsolete.

The idea that the government can now store everything about you, from your location (since this is now pretty much leaked on every smartphone), your browsing history, your email, your DNS lookups. everything. This kind of information would give the UK government enough data to be able to generate a profile on everyone. Their personal life, intimate life, work life, porn habits, your daily routine, everything.

This is not cool. This information can be used against you, or could potentially be sold (in this case though, it would be unlikely), and to be treated as a criminal without due cause is unacceptable.

This post explains the changes I have adopted myself to prevent my information from being stored. They are simple changes, with a little bit of up-front expense, but the benefits outweigh the cost.

So, for me, I have BT infinity, and I still had one of the white VDSL modems (A white BT Openreach box), so I have purchased myself an Asus RT-AC87U and flashed a new firmware onto it (https://sourceforge.net/projects/asuswrt-merlin/files/RT-AC87U/Release/). Skipping over the configuration of it to use the VDSL modem, the most important thing to do is set up a VPN connection.

I have used VPNs over the last few years, and always used the same one. I tried GoldenFrog’s VyperVPN but their support team were terrible, so I would advise you to steer clear from them! I personally recommend PrivateInternetAccess (no trackable stuff on this hyperlink), purely because they are reliable, their support is good (I have very high standards for technical support, and while they still do not hit that level, it is still good) and they are pretty cheap considering what they offer, with exit points across the globe.

So. Back to the story.  For me, my requirements are that I have none of my internet history tracked by the UK government, so  the first pre-requisite is that I do not use the UK as an exit. PIA already hits this. Secondly, the VPN needs to be secure, PPTP is by no means secure, so I need to be able to have 1024-bit or higher. Yep. openVPN does the trick, and PIA support this too.

Before we continue, you may be asking ‘Hey, what about Tor?’. Well. There’s a long story behind that, involving me, the police and an early morning raid on my house, and a less than understanding (now ex) wife. This, and losing my kit for about 4 months as they check it all over for ‘unsavoury material’. So lets leave that for another day. My advice - don’t use it. From exit node sniffing (there you have it, the story very loosely explained), its drugs and kiddie porn. Both of which do not interest me in the slightest.

So, back to the job in hand.

Two other requirements I need to make sure are covered:

  1. My Playstation has a shitfit when it is connected over a VPN, so I need to exclude this devices' traffic from the VPN
  2. Same with my Smart TV. First word problems override privacy for Netflix.

These are easily handled.

So. The next job is to get the VPN configured.

ASUSWRT screenshot

Basically, grab all the settings from the screenshot above, but the real magic (in the Custom Configuration) is as follows:

resolv-retry infinite nobind persist-key tls-client remote-cert-tls server auth-nocache comp-lzo verb 2 reneg-sec 0 cipher aes-256-cbc auth sha256 

I got fed up fiddling around to try and get the VPN working, so I went hardcore and wrote the config into the Custom Configuration instead of fiddling around with the UI.

Next to Authorisation Mode, you need to click on the link “Content modification of Keys & Certificates”, and under “Certificate Authority” add the following text:

-----BEGIN CERTIFICATE----- MIIHqzCCBZOgAwIBAgIJAJ0u+vODZJntMA0GCSqGSIb3DQEBDQUAMIHoMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ0ExEzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNV BAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIElu dGVybmV0IEFjY2VzczEgMB4GA1UEAxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3Mx IDAeBgNVBCkTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkB FiBzZWN1cmVAcHJpdmF0ZWludGVybmV0YWNjZXNzLmNvbTAeFw0xNDA0MTcxNzQw MzNaFw0zNDA0MTIxNzQwMzNaMIHoMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex EzARBgNVBAcTCkxvc0FuZ2VsZXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQg QWNjZXNzMSAwHgYDVQQLExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UE AxMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBCkTF1ByaXZhdGUgSW50 ZXJuZXQgQWNjZXNzMS8wLQYJKoZIhvcNAQkBFiBzZWN1cmVAcHJpdmF0ZWludGVy bmV0YWNjZXNzLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVk hjumaqBbL8aSgj6xbX1QPTfTd1qHsAZd2B97m8Vw31c/2yQgZNf5qZY0+jOIHULN De4R9TIvyBEbvnAg/OkPw8n/+ScgYOeH876VUXzjLDBnDb8DLr/+w9oVsuDeFJ9K V2UFM1OYX0SnkHnrYAN2QLF98ESK4NCSU01h5zkcgmQ+qKSfA9Ny0/UpsKPBFqsQ 25NvjDWFhCpeqCHKUJ4Be27CDbSl7lAkBuHMPHJs8f8xPgAbHRXZOxVCpayZ2SND fCwsnGWpWFoMGvdMbygngCn6jA/W1VSFOlRlfLuuGe7QFfDwA0jaLCxuWt/BgZyl p7tAzYKR8lnWmtUCPm4+BtjyVDYtDCiGBD9Z4P13RFWvJHw5aapx/5W/CuvVyI7p Kwvc2IT+KPxCUhH1XI8ca5RN3C9NoPJJf6qpg4g0rJH3aaWkoMRrYvQ+5PXXYUzj tRHImghRGd/ydERYoAZXuGSbPkm9Y/p2X8unLcW+F0xpJD98+ZI+tzSsI99Zs5wi jSUGYr9/j18KHFTMQ8n+1jauc5bCCegN27dPeKXNSZ5riXFL2XX6BkY68y58UaNz meGMiUL9BOV1iV+PMb7B7PYs7oFLjAhh0EdyvfHkrh/ZV9BEhtFa7yXp8XR0J6vz 1YV9R6DYJmLjOEbhU8N0gc3tZm4Qz39lIIG6w3FDAgMBAAGjggFUMIIBUDAdBgNV HQ4EFgQUrsRtyWJftjpdRM0+925Y6Cl08SUwggEfBgNVHSMEggEWMIIBEoAUrsRt yWJftjpdRM0+925Y6Cl08SWhge6kgeswgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0 ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl aW50ZXJuZXRhY2Nlc3MuY29tggkAnS7684Nkme0wDAYDVR0TBAUwAwEB/zANBgkq hkiG9w0BAQ0FAAOCAgEAJsfhsPk3r8kLXLxY+v+vHzbr4ufNtqnL9/1Uuf8NrsCt pXAoyZ0YqfbkWx3NHTZ7OE9ZRhdMP/RqHQE1p4N4Sa1nZKhTKasV6KhHDqSCt/dv Em89xWm2MVA7nyzQxVlHa9AkcBaemcXEiyT19XdpiXOP4Vhs+J1R5m8zQOxZlV1G tF9vsXmJqWZpOVPmZ8f35BCsYPvv4yMewnrtAC8PFEK/bOPeYcKN50bol22QYaZu LfpkHfNiFTnfMh8sl/ablPyNY7DUNiP5DRcMdIwmfGQxR5WEQoHL3yPJ42LkB5zs 6jIm26DGNXfwura/mi105+ENH1CaROtRYwkiHb08U6qLXXJz80mWJkT90nr8Asj3 5xN2cUppg74nG3YVav/38P48T56hG1NHbYF5uOCske19F6wi9maUoto/3vEr0rnX JUp2KODmKdvBI7co245lHBABWikk8VfejQSlCtDBXn644ZMtAdoxKNfR2WTFVEwJ iyd1Fzx0yujuiXDROLhISLQDRjVVAvawrAtLZWYK31bY7KlezPlQnl/D9Asxe85l 8jO5+0LdJ6VyOs/Hd4w52alDW/MFySDZSfQHMTIc30hLBJ8OnCEIvluVQQ2UQvoW +no177N9L2Y+M9TcTA62ZyMXShHQGeh20rb4kK8f+iFX8NxtdHVSkxMEFSfDDyQ= -----END CERTIFICATE-----

The username and password for the VPN connection can be found within the Client Control Panel within PrivateInternetAccess.

The Rules found at the bottom are machines I have specifically assigned to push traffic through the VPN. This means that other devices such as the PS4 and TV are not affected by the new VPN setup.

Finally - The Server Address can be one of many, depending where you want to have your location announced as - I chose Switzerland, but you can choose anywhere from Japan to Romania, America to India. These can be found here: https://www.privateinternetaccess.com/pages/network/

This connection is a 4096-bit VPN connection, so is extremely secure!