The Cold War is far from over, but it has gone digital instead of being focused on political and economic actions. Countries are now using technology and the Internet to gain an advantage over the others, employing tactics that are questionable at best, and invasive at worst.
These days, you’ll find out that hiding your IP address may not be enough. There is an international intelligence-sharing agreement between select countries, which poses a risk to the online privacy of people living there. Later, we’ll learn what information these countries share and how they gather this data.
Five Eyes countries: Brief history
When we speak of the Cold War, we think about Russia and the US. Russia made headlines recently when it demanded VPN providers to connect to the government’s content-filtering system. The country’s censorship has led some VPN providers to pull out from the country.
The United States, on the other hand, is part of the Five Eyes countries. Here is the full list of the Five Eyes alliance:
- United States of America
- United Kingdom
- New Zealand
These countries are parties to the UKUSA Agreement, a multilateral agreement for signals, military, and human intelligence. The agreement started informally in 1941 but was officially enacted by the UK and USA in 1946, with the other three countries joining years later. To this day it revolves around top-secret information sharing among the countries.
The agreement was not publicly known until 2005. It was only in June 2010 when the UK released the text of the agreement. That’s the time the agreement’s full extent was truly known.
Five Eyes countries: Extended
Over the years, more and more nations entered the same agreement, forming a second tier of the intelligence-sharing network. Four countries joined the Five Eyes; together, they form the Nine Eyes. These four countries are:
A different group of countries later joined the Nine Eyes to form the Fourteen Eyes. The five additional countries are:
Recent news had also cited that Japan is helping the Five Eyes countries in an effort to counter China.
Five Eyes countries: What they do
We now know the members of the Five Eyes countries and the other countries that are helping them out. To what extent do they collaborate and cooperate? What exactly do they do, and how do they do this?
Aside from being able to dictate which technology players can enter in their alliances (as in the case of Huawei which they think is an espionage threat), the Five Eyes countries do heavy surveillance on their citizens through different means, which I’ll look at below.
Hacking telecommunication providers
Among the revelations of Edward Snowden was that Britain’s GCHQ intelligence department spied on Belgacom, a Belgian telecommunications company that is partly owned by the government.
The surveillance involved redirecting Belgacom’s key employees to websites that contain malware which is then stored in their computers. The malware can see everything that the employees do, including their access and activities within Belgacom’s infrastructure.
The document released by Snowden further stated that at that time, GCHQ was already planning to access Belgium’s central roaming router which processes international traffic. With this access, Britain planned to perform man-in-the-middle attacks on smartphone users.
Injecting malware into our devices
Aside from Britain’s use of malware cited above, it has also been revealed that the NSA also uses different types of malware, although the agency uses fancy names.
For instance, a document released by Der Spiegel revealed that the NSA is using “active implants” to intercept Internet traffic and route them through passive collectors which store the traffic in the NSA’s infrastructure. Even newly bought devices can already contain NSA-injected malware.
Trying to weaken encryption standards
The NSA is ahead of the game in this method since it makes use of supercomputers, government budget, and court orders to undermine the privacy of Internet users. The agency has deployed supercomputers to break encryption codes and even works with tech companies to allow them entry points.
This archived document from the New York Times reveals how the NSA fought against encryption. The NSA detailed this in its 2013 budget request; the tactics involve “actively engaging IT industries to covertly and/or overtly leverage their commercial products’ designs” to make them “exploitable through SIGINT collection.”
Among the key strategies in implementing this project is to insert vulnerabilities in commercial encryption systems.
Five Eyes countries and their effect on user privacy
No one is excused from the surveillance of these countries. As a matter of fact, the list of notable people they have spied on includes:
- Charlie Chaplin
- Princess Diana
- Nelson Mandela
- John Lennon
- Jane Fonda
However, just because you aren’t a political activist, celebrity, royalty, or a businessman doesn’t mean you are safe from surveillance. These countries spy on their regular citizens too, as revealed by Snowden.
The Five Eyes countries had warned tech companies in a joint Statement of Principles on Access to Evidence and Encryption that “privacy is not absolute.” They may employ “technological, enforcement, legislative, and other measures to achieve lawful access solutions.”
This could mean a lot of things, but for your online security, this boils down to two points: your online activities are being tracked, and authorities can demand access to encrypted data.
What this means to VPN users
The Five Eyes governments are concerned with VPNs because of the encryption that comes with these services. The slides leaked by Snowden show how serious these countries are in intercepting VPN IKE traffic and breaking the encryption.
So even though you are using a VPN to protect your online privacy, any of these Five Eyes or Fourteen Eyes countries are still trying to gain access to your data and share them with other countries.
You might be asking right now: Is there a way out of this surveillance?
The first thing to do is to know who has jurisdiction over your online activities while on a VPN. Look at the online privacy laws of your:
- Physical location: Be aware and updated of the digital laws in your own country, especially since not all countries have legalized VPN use.
- VPN provider’s business address: The laws and regulations in the country where the VPN provider is based can force the VPN provider to log and give users’ information to the authorities. The government can then share this data to other members of the Fourteen Eyes. Some countries with strict data retention laws include the UK and Russia.
- Server location: Another consideration is the country where the server you connect to is located. The government can seize any server within its jurisdiction and dig for information if there are applicable laws.
If a member of the Fourteen Eyes countries has jurisdiction over any of these three, then you may be under surveillance, and your privacy may have already been breached, unless you’ve chosen the right VPN provider.
Zero logging policy is important
It’s too difficult, if not impossible, to control the digital laws and regulations in a country. It would probably take years and thousands of petitions, as in the case of the Net Neutrality law in the US. As a regular Internet and VPN user, you don’t have much choice but to rely on your discernment when choosing a VPN provider. One of your criteria should be the provider’s logging policy.
If a VPN provider does not log any personally identifiable information, then the government won’t find anything even when it gains access to a VPN’s records through a subpoena.
There are so many VPN providers that claim to have a no-logging policy, but in reality they log personal data and share it with the government and other third parties. To know if a provider does not really log personal information, do some research, like reading our reviews.
We have reviewed several providers that claim to have a no-logging policy, and we found these three below to have genuinely proven their claim. Your identity and online activities will be safe with them, regardless of the country you are in and where they or their servers are based.
CyberGhost has a no logging policy, although the company keeps some statistical data for 24 hours. It doesn’t record any data that can be linked to a user; this has been proven when German authorities once requested for user activity logs. The company wasn’t able to comply with the demand since it doesn’t have any logs. Read our comprehensive CyberGhost review here, and learn more about its speed, features, and pricing plans.
“The company has not and could not in any circumstance provide user data to those who request it, because this would be in breach of CyberGhost VPN’s mission to protect its users, and because no user data records exist,” the provider’s Transparency Report stated.
Because of its no logging policy, CyberGhost allows any type of traffic, including P2P traffic. CyberGhost also has a large network with over 3,550 servers in 59 different countries.
The provider has also been audited externally by QSCert every year since 2012. This ensures that the implementation of the Information Safety Management System (ISMS) is in accordance with international standards ISO27001 and ISO9001.
Aside from its features, what makes ExpressVPN one of the top VPN providers is its zero logging policy. You can read our ExpressVPN review here for a complete assessment of its features, customer support, and logging policy.
The company doesn’t collect any data that might lead to the users’ identification. While most VPN providers claim the same, ExpressVPN was able to prove its no-logging policy in 2017 when the Russian ambassador to Turkey was assassinated. The suspect was believed to have used an ExpressVPN server to delete pertinent messages from his Gmail and Facebook accounts. The Turkish authorities seized the server but found nothing that could lead them to the assassin.
Private Internet Access (PIA)
PIA is a very popular VPN provider, and for good reasons. It has more than 3,200 servers in 52 locations across 33 countries, and it has features that make users all the more secure. PIA also has a feature that can block ads, trackers, and malware.
You can find out more about this feature and more in our comprehensive PIA review here.
Like other VPN providers, PIA advertises a no-logging policy but is among the few that actually sticks to this claim. The FBI has subpoenaed the provider’s activity logs more than once in the past, but it wasn’t able to find anything useful.
Our research team has found other no-log providers. You can check out the top five no log VPN providers here.
Protecting online privacy amidst surveillance
No matter how hard you try to stay anonymous on the Internet, online privacy is under threat, especially for people who are living in any of the Fourteen Eyes countries. These countries spy on their citizens and share what they gather to other member countries.
A VPN can protect you from surveillance, but efforts to undermine the encryption and security protocols used by the VPN industry has recently been initiated by these countries. Some of these countries even allocate a certain budget for the weakening of encryption standards. For this reason, you can’t just sign up with the first VPN provider you find on the Internet, and you can’t rely on any provider’s claims alone. You need to assess the providers before you can find the right VPN provider.
There are important considerations, like the provider’s logging policy, business location, and server locations. It is therefore important to do your research diligently. So read our reviews before signing up for any VPN provider.
Don’t stop here. Upholding your right to privacy also includes constantly testing your VPN to make sure that there aren’t any IP leaks.
What we learned after being in the industry for years is that we simply can’t entrust our privacy to the authorities and hope that our governments will protect it. These days, they are also the ones Internet users should be wary of. So we have to do everything we can to protect ourselves in the digital world.