Important Message From JWR: The FBI’s Cookie Caper and the VPN Imperative

It has come to my attention that from August of 2011 to November of 2011, the FBI secretly redirected the web traffic of more than 10% of SurvivalBlog’s US visitors through CJIS, their sprawling data center situated on 900 acres, 10 miles from Clarksburg, West Virginia. There, the Feebees surreptitiously collected the IP addresses of my site visitors. In all, 4,906 of 35,494 selected connections ended up going to or through the FBI servers. (Note that this happened several months before we moved our primary server to Sweden.) Furthermore, we discovered that the FBI attached a long-lived cookie that allowed them to track the sites that readers subsequently visited. I suspect that the FBI has done the same to hundreds of other web sites. I find this situation totally abhorrent, and contrary to the letter of 4th Amendment as well as the intent of our Founding Fathers.

I recognize that I am making this announcement at the risk of losing some readers. So be it. But I felt compelled to tell my readers immediately, because it was the honorable and forthright course of action.

Working on my behalf, some volunteer web forensics experts dissected some cached version histories. (Just about everything is available on the Internet, and the footprints and cookie crumb trails that you leave are essentially there for a lifetime.) The volunteers found that the bulk of the FBI redirects were selected because of a reader’s association with “Intellectual Property” infringing sites like the now defunct Megaupload.  But once redirected, you were assigned a cookie.  However, some of these were direct connections to the SurvivalBlog site (around 4% of the total.) So if they had kept this practice up long enough and if you visited us enough times then the FBI’s computers would have given you a cookie. This has been verified with sniffer software.

Bad Cop, No Donuts Cookies

For your privacy, I strongly recommend that you disable cookies when web browsing. Here are some detailed instructions on how to do so for the most popular web browsers:

But beyond that, more must be done to protect your privacy. You need to be proactive.

Install and Use VPN!

I am now imploring all SurvivalBlog readers to immediately install and use Virtual Private Network (VPN) on their computers. This will allow you to surf the Internet anonymously. Anyone that tries to track web site visitors e-mails will see your visit as originating from one of dozens of anonymous URLs in Europe, or elsewhere in the United States. (With most VPN services, you may pick the city of your choice.) With VPN active, your connection to the Web is “tunneled”, emerging at a far-distant IP address, and it it would be very difficult to track back to your home IP address. Setting up VPN takes just a few minute to accomplish. Once installed, you can set VPN to turn on automatically by default when you start your PC, Mac, or Linux computer. Most VPN providers charge $5 to $20 per month. You can toggle off VPN with the click of your mouse. (You will find this necessary if you visit any of the few web site that disallow overseas IP addresses, such as Netflix). But I recommend that you leave VPN turned on, as much as possible. Set it up to turn on each time that you start up your computer. It is crucial that you use VPN whenever you visit web sites, blogs, and forums that are deemed politically incorrect, or whenever you purchase storage food or firearms accessories on the Web. For those of you that are not tech savvy, ask a friend or relative under age 25 to set up VPN for you. It is not difficult.

Some recommended VPN service providers include:

  • StrongVPN ($55 to $240 per year. One of the most flexible in reassigning the far end of your tunnel on the fly. Superior speed.)
  • 12VPN ($79 per year.)
  • AceVPN ($55 per year. A bare bones service, but one of the least expensive.)
  • VPNHQ. ($84 per year.)
  • PureVPN. ($75 per year for their basic service.)

(Some reviews of the various services are available here. )

Note that some of the lower cost services might see your connection speed suffer. Your Internet connect will seem noticeably slower than using your original ISP, alone.

It is my hope that in the next two months SurvivalBlog’s site visit map will shift substantially, giving the appearance that most of my readership has moved to Switzerland. Say “Ein Glück, dass wir den los sind” to the FBI’s snooping! It would warm my heart to soon see SurvivalBlog ranked as one of the most popular web sites for readers with Swiss IP addresses.

Beyond VPN

Because government agencies have access to lots and lots of computing power, VPN is not completely impenetrable. It is vulnerable to penetration during the key exchange phase. With the resources available to a state actor, sniffing the entirety of the traffic into and out of a web site is trivial these days. (They can use massively scalable horizontally-scaled virtual sniffers — i.e. using a visualization engine and a template they can keep adding more virtualized instances of a windows or Linux based sniffer program and not even impact the performance of the connections.) I believe that the next loop of the threat spiral in the privacy wars will be Quantum Key Distribution (QKD). But I must clarify that this will become important only for the most high profile media commentators, bloggers, and activists. This is because all the spook legions with all of the mainframe computers in the world simply cannot backtrack everyone’s VPN tunnels. (And, as VPN becomes more and more popular, this supposed goal will become even more elusive.) And if you are high profile, don’t worry. Some very bright people are already working on QKD. Stay tuned.

Our Liberty is Stake

I want apologize for the cost, inconvenience and time required in implementing the foregoing security measures. But you can sleep a little better, knowing that you’ve added a layer of anonymity to your Internet presence. We need to recognize that the early 21st Century is a delicate time for individual liberty. Technology is leapfrogging while at the same time databases are filling at an alarming rate. These databases could provide dossiers on demand, for nefarious purposes. How you vote and how you “vote with your feet” (physically or virtually) are both of tremendous importance. Pray hard. Choose wisely. Act accordingly.

P.S.: For those who are web software savvy, I had originally planned to post the latest version of the actual “foresee-alive.js” Javascript code that the FBI used to attach the cookies. But then it was pointed out to me that ironically, revealing this might constitute copyright infringement, opening me up to a intellectual property lawsuit. That has an odd sort of irony that got me thinking. This predicament somehow dovetails with two bits of history. The first instance is from the First World War: I have read that the U.S. Government paid patent license fees to Mauser before and during the hostilities of the Great War with Imperial Germany. This was because the M1903 Springfield rifle was correctly adjudged a patent infringement on the Mauser Model 1898. During the war, the patent payments continued, conveniently handled by Swiss bankers, acting as middlemen. The U.S. taxpayers paid Mauser of Germany about $1 per rifle plus additional penalties that would have eventually totaled $250,000 USD, up until the U.S. entered the war. It has also been rumored that some payments continued to arrive even after the U.S. Congress declared war on the Kaiser’s Germany. (We’ll have to wait for the release of Jon Speed’s next Mauser book to read the details.) This historical tidbit is just once notch below what happened two decades later when Germany’s Nazi regime had the temerity to sell full fare train tickets to some Jews, to cover the costs of their forced relocation to the designated ghettos before their planned extermination. Oh, but the Nazi bureaucrats were so conciliatory. They only charged children half fare to be sent to their deaths. (If you doubt this, then read the book Fathoming the Holocaust by Ronald J. Berger.)