Can you trust a network you don’t personally administer? No. The professors at the University of California are learning that lesson the hard way:
“Secret monitoring is ongoing.”
Those ominous words captured the attention of many faculty members at the University of California at Berkeley’s College of Natural Resources when they received an email message from a colleague on Thursday telling them that a new system to monitor computer networks had been secretly installed on all University of California campuses months ago, without letting any but a few people know about it.
“The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus, and has enough local storage to save over 30 days of *all* this data (‘full packet capture’). This can be presumed to include your email, all the websites you visit, all the data you receive from off campus or data you send off campus,” said the email from Ethan Ligon, associate professor of agricultural and resource economics. He is one of six members of the Academic Senate-Administration Joint Committee on Campus Information Technology.
When you control a network it’s a trivial matter to setup monitoring tools. This is made possible by the fact many network connects don’t utilize encryption. E-mail is one of the biggest offenders. Many e-mail server don’t encrypt traffic being sent so any network monitoring tools can’t read the contents. Likewise, many websites still utilize unencrypted connections so monitoring tools can easily read what is being sent and received between a browser and a web server. Instant messaging protocols often transmit data in the clear as well so monitoring tools can read entire conversations.
It’s not feasible to only use networks you control. A network that doesn’t connect to other networks is very limited in use. But there are tools to mitigate the risks associated with using a monitored network. For example, I run a Virtual Private Network (VPN) server that encrypts traffic between itself and my devices. When I connect to it all of my traffic goes through the encrypted connection so local network monitoring tools can’t snoop on my connects. Another tools that works very well for websites is the Tor Browser. The Tor Browser sends all traffic through an encrypted connection to an exit node. While the exit node can snoop on any unencrypted connections local monitoring tools cannot.
Such tools wouldn’t be as necessary to maintain privacy though if all connections utilized effective encryption. E-mail servers, websites, instant messengers, etc. can encrypt traffic and often do. But the lack of ubiquitous encryption means monitoring tools can still collect some data on you.
It would be interesting to run all your regular traffic through a VPN you control, along with a bunch of “junk” traffic up to your maximum rated bandwidth continuously and simultaneously to help give the man in the middle a few extra terabytes to store while they spy on your stuff.
The constant full band background garbage would also prevent meat-space doxing by watching a user’s arrival time and correlating it to encrypted traffic starting or stopping.