It’s been a few days but it seems not being shared in PG so here it is.
I would suggest users from UK just enable network wide, always on VPN for your home network, also always on VPN on all mobile devices, reason being
“We use a leading third-party provider, which is widely used in the industry, to gather information on VPN usage. The provider combines multiple data sources to train its models and generate usage estimates. The data we access and use in our analyses is fully aggregated at the app level, and no personally identifiable or user-level information is ever included.”
From what I see, it seems they are literally monitoring all network traffic, first “filter“ all sites requiring “age verification“, then “filter“ IPs for VPN nodes. That means no matter you use VPN OR NOT, authority already scooped that data, and it is highly probable that they would retain the data for other purposes in future.
Nobody is getting access to your actual data because they can’t because it is encrypted with the VPN tunnel (if you’re using the right VPN). They only seem to be gathering info (akin to metadata) on how much data/internet bandwidth is being used and at best performing analysis on said encrypted traffic info like how Mullvad describes in their DAITA feature release blog post.
In other words, they are trying to gather how many people are using VPNs and at best what kinds of VPNs on what kinds of devices. This does not mean they have access to what websites you visit and what you do on there if you’re using a VPN. The latter isn’t even possible with HTTPS even if not using a VPN.
If you don’t use a VPN / Tor, ISP will see “your IP” and destination IP (the site you visit), and potentially DNS queries. If you use VPN / Tor, ISP will see “your IP” and VPN / Tor Node’s IP.
The authority is now saying they are actively monitoring it for VPN usage, so they need to harvest the above information so they can “filter“ out the percentage of VPN traffics.
So if you don’t use VPN / Tor, the authority now has your network activity history based on your IP. They could ask ISP to retain certain information to help them identify who used “Your IP” at certain period of time. And a lot of doors are now opened.
Given UK government’s current stance, I think UK people should be very concerned.
I can all but prove they were doing this before/have been doing this.
No shit.
–
I’m still not clear how you’re thinking about this. If you’re using a VPN, your ISP and your government cannot see your internet activity. They can only see how much internet bandwidth you consume. And they can perform analysis on this encrypted traffic. But they still can’t know what websites you have visited and what you do on there.
To thwart surveillance of this kind, I would guess technologies like Mullvad’s DAITA and Nym’s mixnet are needed. VPN, Tor, I2P etc. (low-latency high-bandwidth solutions) are better than no protection at all but looks like they alone won’t cut it anymore.