Overflow the Investigatory Powers Bill!

24-11-2016 | Remy van Elst


Table of Contents


ipbill

I read an article on The Register (via) regarding the Investigatory Powers Bill. The part were ISP's are forced to save their customers browsing history for a year is the most horryfing part, just as that whole bill. Let's hope the political process and organizations like the Open Rights Group and the EFF have enough lobbying power to change people's minds. If that fails, then we can all try to overflow the logging. Just as some people put keywords in their mail signatures to trigger automatic filters and generate noise, we should all generate as much data and noise as possible. This way the information they do gather will not be usefull, it will take too much time, storage and effort to process it and thus the project will fail. 2 years ago I wrote a small Python script which browser the web for you, all the time. Running that on one or two Raspberry Pi's or other small low power computers 24/7 will generate a lot of noise in the logging and filtering.

Background

The article on The Register is very well written and has a lot of information on the bill. I want to quickly recap why mass Surveillance is a bad idea, both in practice as well as the idea itself.

The EFF has a great article on the statement 'I have nothing to hide, so why should I worry?'. They also have an article which busts a counter arguments regarding mass surveillance.

The Dutch organization Bits of Freedom has a few good articles on European Data retention laws, on the Amsterdam Municipal Register during WWII (having nothing to hide) and more examples of big data usage. Bruce Schneier also has written on espionage vs. mass surveilance. The blog of Bits of Freedom (english) contains a lot of great articles.

I myself try not to get involved with the political side of issues like this, since other people, like the EFF, BoF and the ORG are much better on that front. I do however am technical enough to try to work against this bill.

Generating Noise

Just as in the early days where people put the word Bomb in their email signature to trigger the filters and generate noise, we use a script to simulate real browsing 24/7. If you have a Raspberry Pi or other small, low power linux computer, it's perfect for this purpose.

3 years ago I wrote a script, browsa.py. It is a small python script which uses BeautifulSoup4 to browse websites. It saves all the links and chooses a random link to visit next. If there are no links, on of the previously saved links is selected. There is also a fallback list which includes news.google.com and such. Between every page there is a small delay to simulate a real user and the user agent is set to a Firefox version.

Since the URL it chooses is random, you will never know where you end up, thus generating a lot of random data.

Make sure you have Git, Screen and Pip installed

apt-get install python2 python2-pip git screen

Clone the repository:

git clone https://github.com/RaymiiOrg/browsa.git
cd browsa

Run the script with a starting URL:

python2 ./browsa.py https://news.google.nl

Example output:

# Info: Count 1
# Info: Downloading URL: https://news.google.nl
# Info: URL's on page: 189
# Info: New URL: http://www.rtlnieuws.nl/gezondheid/ziekenhuizen-limburg-overvol-operaties-afgezegd
# Info: Count 2
# Info: Downloading URL: http://www.rtlnieuws.nl/gezondheid/ziekenhuizen-limburg-overvol-operaties-afgezegd
# Info: URL's on page: 47
# Info: New URL: http://www.rtlnieuws.nl/kleding-presentatoren
# Info: Count 3
# Info: Downloading URL: http://www.rtlnieuws.nl/kleding-presentatoren
# Info: URL's on page: 46

Sometimes the script hangs or crashes. You can start up a screen session and run the script for a set amount of time, 5 minutes, then restarting it automatically:

screen
while true; do timeout 300 python2 ./browsa.py https://news.google.nl; done

If you run this 24/7, the logging on you will be so large, it will be very hard to get anything usefull out of it. Plus, if enough people do this, there will be so much useless data that the ISP's, who have to save it, will complain and demand money from the government for the storage. (Or they will raise their prices to their customers...).


Tags: dns, investigatory-powers-bill, python, snoopers-charter, spying,