It looks as if Labor has caved and will pass the proposed data retention bill. You are now under suspicion. You are now under surveillance. You are no longer a citizen, you are a suspect, so it is time to start acting like one. Learn the tools which enable you bypass data retention, to communicate privately with your colleagues, friends and loved ones.
The most troublesome metadata collected by the proposed scheme is not your internet traffic, which has some exclusions; it is your phone, sms and location records. Switch to calling and messaging your contacts using the data connection of a smart phone, computer or tablet. Some of the best tools for this are:
Tor for anonymised web browsing on windows / linux / OSX.
GnuPG for encrypted emails (not very user friendly).
The purpose of mass surveillance is not to catch criminals, evidence shows that is ineffective. The true purpose of mass surveillance is to ensure conformity. Don’t conform. Don’t give people your phone number, give them your xmpp address. When your friends call, ask them to install the RedPhone app and call you back. Head to the protest on Monday.
In a fit of either curiosity or tinfoil induced paranoia, you decide to set up full disk encryption on your machine. But it’s really annoying because you have multiple physical disks, and you can’t be arsed entering passwords for each one separately at boot up. So what do you do? You stick a keyfile on the first encrypted disk, and decrypt the others with that instead of a password. That way they are “chained” together – the password decrypts the first disk, which unlocks the file to decrypt the secondary disks.
Here’s how you do it (works on debian wheezy):
Encrypt all disks normally using luks/cryptsetup/disk utility
Set them all up to be mounted at boot by fiddling with crypttab and fstab (arch wiki should have you covered)
reboot and go through the tedium of entering multiple passwords
generate yourself a new keyfile for the secondary drives: # dd if=/dev/urandom of=mykeyfile bs=512 count=8
stick that keyfile somewhere safe on the primary encrypted disk (with admin read only access)
add the keyfile to a luks keyslot on the secondary drives: # cryptsetup luksAddKey /dev/[volume] /path/to/mykeyfile
fiddle with crypttab to make it use the keyfile on boot: [volume]_crypt UUID=deadbeef-dead-beef-dead-beefdeafbeef /path/to/mykeyfile luks
reboot and test it
Be sure not to store the keyfile somewhere stupid where it will be unencrypted, like in /boot for instance. Bonus points for being patient and using a better source of randomness than /dev/urandom. The usual disclaimers apply, I don’t really know what I’m talking about, so don’t use this method to secure your nuclear launch codes, blame me if someone steals your data, or blame me if you can’t decrypt the drive and lose all your data.