How to avoid the UK’s new online surveillance powers


VIP Member
If the government wants to hack you, it will, but you can stop the police from just scooping up your web history


Jonathan McIntosh / Creative Commons

The UK is about to pass into law sweeping surveillance legislation that will force ISPs and mobile operators to keep a complete record of every citizen’s browsing history for up to a year. This information will be accessible without a warrant to intelligence services, the police, and a number of other government agencies — including, bizarrely, the likes of the Gambling Commission and the Food Standards Agency.

While much of the legislation is concerned with how the government can track down serious criminals like terrorists and child abusers, it’s the wholesale collection of every citizen’s web activity that has a lot of people worried. After all, there’s very little oversight about how the information is accessed, and it’s private companies that have to store the data, there is a good chance it will get stolen by hackers at some point. (If this sounds too pessimistic, remember that in the last year alone, there have been two major attacks in the UK stealing customer data from the ISP TalkTalk and the mobile operator Three.)

So, if you’re a UK citizen who doesn’t want their browser history to end up in a government vault, how do you protect yourself?


This is really the simplest advice for anyone looking to use the internet with a little more privacy. A VPN or Virtual Private Network is a service that passes your internet traffic through different servers around the world. Not all VPNs are created equal, though, and companies differ on whether or not they encrypt that traffic, or whether they keep logs of users’ activity. (This doesn’t mean recording browser history, per se, but can include basic information like “computer with IP address X used our VPN network for Y hours on Z day.”)

Ed Johnson-Williams, a member of the UK’s Open Rights Group, and someone who briefs journalists and NGOs on how to avoid surveillance for a living, says that if you want quality, you should expect to pay for your VPN. In the UK this could cost between £25 and £40 a year. “That is an investment that you just have to make if you want to take privacy seriously,” says Johnson-Williams. There are free VPNs available, but he advises against them. “A free VPN company will itself probably be analyzing what sites you’re looking at, or inserting its own advertising into your webpages to make money,” he says.

The website TorrentFreak publishes a yearly survey of VPNs, and asks them questions about what information they store on their customers, where they store it, and how they deal with government requests for data. As the survey shows, most paid-for VPNs don’t keep logs and don’t hand over data, but at the bottom of the page you can find a list of companies you’ll probably want to stay away from. Some popular paid services include NordVPN, AirVPN, and Private Internet Access.


If you don’t want to pay for a VPN (and again, if you’re worried about privacy, you should) then one alternative is to use Tor. Like VPNs, Tor bounces your internet traffic through different servers around the world making it difficult — but not impossible — to track. You can download a browser with Tor pre-installed for different operating systems here, and the whole thing is open source, meaning it’s verifiable by third-party security analysts.

Compared to VPNs, Tor can be pretty slow (you’re not going to be able to stream 4K video on it) but it’s become a lot easier to use in recent years, and is being taken up by more widely. “It has in some circles got a bad reputation for being the browser of choice for people who distribute images of child sexual abuse and other online crimes,” says Johnson-Williams. “My view on that is that bank robbers use cars, but that doesn’t mean we ban cars.”


Signal for iOS


Although the police are not going to be picking up your phone conversations, or the content of your chats in Facebook Messenger or WhatsApp (not without hacking your phone anyway, and they’ll need a warrant for that), you might want to start using a more secure messaging app all the same. Experts agree that the best pick is Signal, which not only offers secure one-to-one conversations, but also group chat, and voice calling. You can download for iOS here or for Android here.


Services like WhatsApp and iMessage do also encrypt your conversations, but are less secure in other ways. WhatsApp, for example, has the right to keep metadata about your chats (that includes date, time stamp, and phone numbers involved), and it also shares some user data with parent company Facebook. Signal doesn’t store any of this. You can read a more thorough of Signal, WhatsApp, and Google messaging app Allo here.


Johnson-Williams says that when advising companies and individuals on security he asks them to think about a threat model for how they use the internet. “It’s kind of like digital risk management,” he says. “It’s important that people think about what data they have, what data they want to protect, how likely it is that that data would get into the wrong hands, and how serious that would be if it happened.”

For a journalist, that might mean protecting their sources; for a business person, their company’s secrets. For everyone else, they might just be information that could embarrass them, reveal something they don’t want to be public knowledge, or that could be used for blackmail.

The advice in this article certainly won’t protect anyone against determined government surveillance. If the security services of the UK — or any other nation for that matter — want to hack your phone or your computer, there’s really very little you can do to stop them. But, if you simply object on principle to the idea of being watched online constantly, you might want to follow some of these steps all the same. It’s up to you.



Okay, so this information isn’t necessary to stop government surveillance, and I’m not your parent or anything, but if you are thinking about online security, there’s so much more you can do! You should definitely start by downloading a password manager like LastPass (it’s free!) or 1Password, and then use it to create hard-to-crack passwords for all the sites you use. With a password manager you only need to remember one password, and your accounts will be safer because of it. It’s win-win.

And while we’re at it, please don’t use the same password for different websites. Type your username or email into this site and it will tell you if services you use have ever been compromised. If they have, chances are hackers can find your password pretty easily. And if you use that same password for everything, including your bank account..? Well that is bad news and I feel bad for you.

And, lastly, you should definitely turn on two-factor authentication for any site you can. This means that when you (or a hacker) tries to log in to your account on a strange computer, they’ll have to get a code generated by an app on your phone to do so. Two factor authentication isn’t perfect, but it’s better than not having it. You can find a full list of sites that use two-factor here, but to get you started, here are the links for setting it up for Gmail, Amazon, Facebook, Twitter, and Apple.

Remember: it’s cool to be Safe Online.

Last edited:


Very interesting.

Would you guys think this is a must for using kodi and cable tv services?

Would anyone know how to set-up VPM straight from a vermin router rather than using apps?


Does anyone know if you are able to use a VPN from a BT hub? I know they are quite a pain with being unable to use static IP's etc (unless you pay them..)


TK Veteran
Best bet is to buy a router that you can flash with firmware that allows you to configure a VPN. DD-WRT and Tomato are two examples of this firmware. Can find them cheap enough on eBay, or buy them new, just depends on what you want to spend. Then attach it to your ISP router, and if you can, put the ISP router into modem mode. Your supplier should be able to give you a guide to put it on the router.
If the content is copyrighted streaming is as illegal as downloading.

I am unsure if that is correct. I can't provide a link (not enough posts here), but if you google wiki you will find:

"In Europe, the Court of Justice of the European Union (CJEU) has ruled that it is legal to create temporary or cached copies of works (copyrighted or otherwise) online. The ruling relates to the British Meltwater case settled on 5 June 2014.The judgement of the court states that: "Article 5 of Directive 2001/29/EC of the European Parliament and of the Council of 22 May 2001 on the harmonisation of certain aspects of copyright and related rights in the information society must be interpreted as meaning that the copies on the user’s computer screen and the copies in the internet ‘cache’ of that computer’s hard disk, made by an end-user in the course of viewing a website, satisfy the conditions that those copies must be temporary, that they must be transient or incidental in nature and that they must constitute an integral and essential part of a technological process, as well as the conditions laid down in Article 5(5) of that directive, and that they may therefore be made without the authorisation of the copyright holders.""

Until there is a change in EU case law or for the UK choosing not to accept the primacy of this EU ruling (amongst numerous such rulings that have been taken for granted as applicable laws) upon Brexit, even a UK Supreme Court ruling is not going to change the position on this.
A trader has already recieved 4years for selling boxes preloaded with kodi +all content so its deffintlly illegal.

I don't think that case has any meaningful implication on whether streaming of copyrighted material is legal in UK. Three things:

1) That is still a test case, because its appeal has been allowed, and until the case has gone to the end of its appealing process, it is not law.

2) Even if the bloke exhausts the appeal process, it does not follow that it becomes "illegal to stream copyrighted contents", the subject being disputed (by me anyway) - that is not how the law works, especially given the CJEU ruling I referred to above, which is crystal clear. All it would have meant is that a uk business can not sell Kodi boxes preloaded with e.g. Exodus/SALTS etc. To avoid any misunderstanding, it wouldn't even mean it becomes illegal to own a Kodi box loaded with those addons. For that to become law, another case law or a statute will have to establish that.

3) As a matter of fact, even if the bloke went to the end of his appeal process and lose, it does not mean that you can't buy such a box legally from abroad. For example, while a business is not allowed to sell air guns in UK without securing buyer ID in person etc., you are perfectly free to buy one by mail order from say Poland without disclosing such IDs. Why? because the EU freedom of movement/trade rules trump UK statutes, which criminalise sales without such specific checks and requirements.



Taken from another article.....

One has just finished, and resulted in one man receiving a four year jail sentence for conspiracy to defraud.

In what was first to be the first sentencing of its kind, Terry O’Reilly was handed the tough term for flogging over 1,000 boxes to pubs, who used them to illegally stream Premier League footy.

Following the result, Premier League Director of Legal Services Kevin Plumb said: “The courts have provided a clear message: this is against the law and selling systems which allow people to watch unauthorised Premier League broadcasts is a form of mass piracy and is sufficiently serious to warrant a custodial sentence.

“There can now be no doubt for consumers that these systems are illegal.”

It obviously is illegal to stream material if they lock you up for it...
Taken from another article.....

One has just finished, and resulted in one man receiving a four year jail sentence for conspiracy to defraud.

In what was first to be the first sentencing of its kind, Terry O’Reilly was handed the tough term for flogging over 1,000 boxes to pubs, who used them to illegally stream Premier League footy.

Following the result, Premier League Director of Legal Services Kevin Plumb said: “The courts have provided a clear message: this is against the law and selling systems which allow people to watch unauthorised Premier League broadcasts is a form of mass piracy and is sufficiently serious to warrant a custodial sentence.

“There can now be no doubt for consumers that these systems are illegal.”

It obviously is illegal to stream material if they lock you up for it...

You are of course free to believe what the "Premier League Director of Legal Services" (or indeed FACT) might have said, but they would have used the ruling to suit them each and every way, wouldn't they? Crucially, that is not what Premier League's lawyers explained as what is "illegal" in that case, at QEB | News. Essentially, those guys were convicted for selling subscriptions to live match streams as well as boxes en masse, thereby defrauding Premier League for clear and substantial sums.

On the other hand,

1) Because an appeal was allowed (and is ongoing) in the Brian Thompson case, that means as far as the law is concerned there is a real prospect that the ruling (that selling such boxes is illegal) was unsafe. That is why Brian Thompson is not in jail.

2) There is no indication that "these systems are illegal" (or indeed exactly what does that mean?). For example, even if the Court on appeal in the Thompson case ultimately decides that him flogging such boxes is illegal in UK, that does not mean that building one yourself (from e.g, a perfectly legal Fire TV stick), mail ordering an all singing/dancing one from the EU, or owning one is illegal. Certainly simply using one is NOT illegal. As an analogy, by law a business can't sell you a "realistic looking" air-soft gun without making you jumping through hoops far tougher than if you were to buy airguns (which happen to be more powerful/dangerous), yet you can lawfully own and use such air-soft replicas without jumping through said hoops - it shows that the law is not necessarily about being "logical" or "right", else what is there to study in Law? :binoculars::)

3) If any UK court decides to rule it "is illegal to stream material" as you say, such a ruling would be meaningless, because a CJEU ruling (which takes precedence over any UK court ruling, including that of the UK Supreme Court) has already decided that streaming copyrighted material is legal in 2014 (as the wiki article I referred to above explains).

Let me put it this way, has anybody in UK been fined, let alone "locked up", for streaming copyrighted material for their own purposes since May 2014?

The answer is no, because such a prosecution will not "succeed", until the prosecutor is prepared to appeal numerous necessarily negative rulings against them, all the way to the CJEU, which then has to decide to revert their 2014 decision.

At the moment nobody knows selling such boxes is illegal in UK (and as I indicated above, even if it were, it would still be legal to source one by mail order from the EU). Councils which thought otherwise remains uncertain, see Set-top TV box store Geeky Kit was raided 13 months ago - what's happening now? - Gazette Live. let alone for buying, making, owning or using one.

Thanks for sharing the article. It's always best to use different strong passwords for each service. A strong pass nowadays is 30 chars+, uppercase, lowercase, special charts, and numbers.


I think the lawyers who advise sly and all the other interested parties opposed to IPTV/Streaming/Kodi and so on are unsure of their position due to the appeal and previous European rulings. Therefore they have only blocked the 3pm kickoffs, where the ruling is perverse, but perfectly clear. I would suggest if they had received firm advice on the illegality of this service they would have blocked it completely throughout there customer base