The Cold War is far from over, but it has gone digital instead of being focused on political and economic actions. Countries are now using technology and the Internet to gain an advantage over the others, employing tactics that are questionable at best, and invasive at worst.
These days, you’ll find out that hiding your IP address may not be enough. There is an international intelligence-sharing agreement between select countries, which poses a risk to the online privacy of people living there. Later, we’ll learn what information these countries share and how they gather this data.
Five Eyes countries: Brief history
When we speak of the Cold War, we think about Russia and the US. Russia made headlines recently when it demanded VPN providers to connect to the government’s content-filtering system. The country’s censorship has led some
The United States, on the other hand, is part of the Five Eyes countries. Here is the full list of the Five Eyes alliance:
- United States of America
- United Kingdom
- Australia
- Canada
- New Zealand
These countries are parties to the UKUSA Agreement, a multilateral agreement for signals, military, and human intelligence. The agreement started informally in 1941 but was officially enacted by the UK and USA in 1946, with the other three countries joining years later. To this day it revolves around top-secret information sharing among the countries.
The agreement was not publicly known until 2005. It was only in June 2010 when the UK released the text of the agreement. That’s the time the agreement’s full extent was truly known.
Five Eyes countries: Extended
Over the years, more and more nations entered the same agreement, forming a second tier of the intelligence-sharing network. Four countries joined the Five Eyes; together, they form the Nine Eyes. These four countries are:
- Denmark
- France
- Holland
- Norway
A different group of countries later joined the Nine Eyes to form the Fourteen Eyes. The five additional countries are:
- Germany
- Belgium
- Italy
- Sweden
- Spain
Recent news had also cited that Japan is helping the Five Eyes countries in an effort to counter China.
Five Eyes countries: What they do
We now know the members of the Five Eyes countries and the other countries that are helping them out. To what extent do they collaborate and cooperate? What exactly do they do, and how do they do this?
Aside from being able to dictate which technology players can enter in their alliances (as in the case of Huawei which they think is an espionage threat), the Five Eyes countries do heavy surveillance on their citizens through different means, which I’ll look at below.
Hacking telecommunication providers
Among the revelations of Edward Snowden was that Britain’s GCHQ intelligence department spied on Belgacom, a Belgian telecommunications company that is partly owned by the government.
The surveillance involved redirecting Belgacom’s key employees to websites that contain malware which is then stored in their computers. The malware can see everything that the employees do, including their access and activities within Belgacom’s infrastructure.
The document released by Snowden further stated that at that time, GCHQ was already planning to access Belgium’s central roaming router which processes international traffic. With this access, Britain planned to perform man-in-the-middle attacks on smartphone users.
Injecting malware into our devices
Aside from Britain’s use of malware cited above, it has also been revealed that the NSA also uses different types of malware, although the agency uses fancy names.
For instance, a document released by Der Spiegel revealed that the NSA is using “active implants” to intercept Internet traffic and route them through passive collectors which store the traffic in the NSA’s infrastructure. Even newly bought devices can already contain NSA-injected malware.
Trying to weaken encryption standards
The NSA is ahead of the game in this method since it makes use of supercomputers, government budget, and court orders to undermine the privacy of Internet users. The agency has deployed supercomputers to break encryption codes and even works with tech companies to allow them entry points.
This archived document from the New York Times reveals how the NSA fought against encryption. The NSA detailed this in its 2013 budget request; the tactics involve “actively engaging IT industries to covertly and/or overtly leverage their commercial products’ designs” to make them “exploitable through SIGINT collection.”
Among the key strategies in implementing this project is to insert vulnerabilities in commercial encryption systems.
Five Eyes countries and their effect on user privacy
No one is excused from the surveillance of these countries. As a matter of fact, the list of notable people they have spied on includes:
- Charlie Chaplin
- Princess Diana
- Nelson Mandela
- John Lennon
- Jane Fonda
However, just because you aren’t a political activist, celebrity, royalty, or a businessman doesn’t mean you are safe from surveillance. These countries spy on their regular citizens too, as revealed by Snowden.
The Five Eyes countries had warned tech companies in a joint Statement of Principles on Access to Evidence and Encryption that “privacy is not absolute.” They may employ “technological, enforcement, legislative, and other measures to achieve lawful access solutions.”
This could mean a lot of things, but for your online security, this boils down to two points: your online activities are being tracked, and authorities can demand access to encrypted data.
What this means to VPN users
The Five Eyes governments are concerned with VPNs because of the encryption that comes with these services. The slides leaked by Snowden show how serious these countries are in intercepting VPN IKE traffic and breaking the encryption.
So even though you are using a
You might be asking right now: Is there a way out of this surveillance?
The first thing to do is to know who has jurisdiction over your online activities while on a
- Physical location: Be aware and updated of the digital laws in your own country, especially since not all countries have legalized
VPN use. VPN provider’s business address: The laws and regulations in the country where theVPN provider is based can force theVPN provider to log and give users’ information to the authorities. The government can then share this data to other members of the Fourteen Eyes. Some countries with strict data retention laws include the UK and Russia.
- Server location: Another consideration is the country where the server you connect to is located. The government can seize any server within its jurisdiction and dig for information if there are applicable laws.
If a member of the Fourteen Eyes countries has jurisdiction over any of these three, then you may be under surveillance, and your privacy may have already been breached, unless you’ve chosen the right
Zero logging policy is important
It’s too difficult, if not impossible, to control the digital laws and regulations in a country. It would probably take years and thousands of petitions, as in the case of the Net Neutrality law in the US. As a regular Internet and
If a
There are so many
We have reviewed several providers that claim to have a no-logging policy, and we found these three below to have genuinely proven their claim. Your identity and online activities will be safe with them, regardless of the country you are in and where they or their servers are based.
CyberGhost VPN
CyberGhost has a no logging policy, although the company keeps some statistical data for 24 hours. It doesn’t record any data that can be linked to a user; this has been proven when German authorities once requested for user activity logs. The company wasn’t able to comply with the demand since it doesn’t have any logs. Read our comprehensive CyberGhost review here, and learn more about its speed, features, and pricing plans.
“The company has not and could not in any circumstance provide user data to those who request it, because this would be in breach of CyberGhost
Because of its no logging policy, CyberGhost allows any type of traffic, including P2P traffic. CyberGhost also has a large network with over 3,550 servers in 59 different countries.
The provider has also been audited externally by QSCert every year since 2012. This ensures that the implementation of the Information Safety Management System (ISMS) is in accordance with international standards ISO27001 and ISO9001.
ExpressVPN
Aside from its features, what makes ExpressVPN one of the top
The company doesn’t collect any data that might lead to the users’ identification. While most
Private Internet Access (PIA)
PIA is a very popular
You can find out more about this feature and more in our comprehensive PIA review here.
Like other
Our research team has found other no-log providers. You can check out the top five no log VPN providers here.
Protecting online privacy amidst surveillance
No matter how hard you try to stay anonymous on the Internet, online privacy is under threat, especially for people who are living in any of the Fourteen Eyes countries. These countries spy on their citizens and share what they gather to other member countries.
A
There are important considerations, like the provider’s logging policy, business location, and server locations. It is therefore important to do your research diligently. So read our reviews before signing up for any
Don’t stop here. Upholding your right to privacy also includes constantly testing your VPN to make sure that there aren’t any IP leaks.
What we learned after being in the industry for years is that we simply can’t entrust our privacy to the authorities and hope that our governments will protect it. These days, they are also the ones Internet users should be wary of. So we have to do everything we can to protect ourselves in the digital world.