The UK Government have now passed a law (The Investigatory Powers Act brings) which makes it a requirement that all browsing history is recorded and stored, and can be used against an individual at any time. Every UK citizen is now a criminal by default.

Theresa MayThe UK Government has passed law which immediately means that everyone is now a suspected terrorist, making it a requirement that Internet Service Providers store all your internet history. As a general rule, most of us are not criminals - sometimes the line may be slightly blurred for people who are hobbyist ‘security testers’, but on the whole, people are good (with a biased shifted since as a general rule I hate most people). The people this law targets, on the whole already use these countermeasures, and have done so for years, which makes this law pretty much obsolete.

The idea that the government can now store everything about you, from your location (since this is now pretty much leaked on every smartphone), your browsing history, your email, your DNS lookups. everything. This kind of information would give the UK government enough data to be able to generate a profile on everyone. Their personal life, intimate life, work life, porn habits, your daily routine, everything.

This is not cool. This information can be used against you, or could potentially be sold (in this case though, it would be unlikely), and to be treated as a criminal without due cause is unacceptable.

This post explains the changes I have adopted myself to prevent my information from being stored. They are simple changes, with a little bit of up-front expense, but the benefits outweigh the cost.

So, for me, I have BT infinity, and I still had one of the white VDSL modems (A white BT Openreach box), so I have purchased myself an Asus RT-AC87U and flashed a new firmware onto it ( Skipping over the configuration of it to use the VDSL modem, the most important thing to do is set up a VPN connection.

I have used VPNs over the last few years, and always used the same one. I tried GoldenFrog’s VyperVPN but their support team were terrible, so I would advise you to steer clear from them! I personally recommend PrivateInternetAccess (no trackable stuff on this hyperlink), purely because they are reliable, their support is good (I have very high standards for technical support, and while they still do not hit that level, it is still good) and they are pretty cheap considering what they offer, with exit points across the globe.

So. Back to the story.  For me, my requirements are that I have none of my internet history tracked by the UK government, so  the first pre-requisite is that I do not use the UK as an exit. PIA already hits this. Secondly, the VPN needs to be secure, PPTP is by no means secure, so I need to be able to have 1024-bit or higher. Yep. openVPN does the trick, and PIA support this too.

Before we continue, you may be asking ‘Hey, what about Tor?’. Well. There’s a long story behind that, involving me, the police and an early morning raid on my house, and a less than understanding (now ex) wife. This, and losing my kit for about 4 months as they check it all over for ‘unsavoury material’. So lets leave that for another day. My advice - don’t use it. From exit node sniffing (there you have it, the story very loosely explained), its drugs and kiddie porn. Both of which do not interest me in the slightest.

So, back to the job in hand.

Two other requirements I need to make sure are covered:

  1. My Playstation has a shitfit when it is connected over a VPN, so I need to exclude this devices' traffic from the VPN
  2. Same with my Smart TV. First word problems override privacy for Netflix.

These are easily handled.

So. The next job is to get the VPN configured.

ASUSWRT screenshot

Basically, grab all the settings from the screenshot above, but the real magic (in the Custom Configuration) is as follows:

resolv-retry infinite nobind persist-key tls-client remote-cert-tls server auth-nocache comp-lzo verb 2 reneg-sec 0 cipher aes-256-cbc auth sha256 

I got fed up fiddling around to try and get the VPN working, so I went hardcore and wrote the config into the Custom Configuration instead of fiddling around with the UI.

Next to Authorisation Mode, you need to click on the link “Content modification of Keys & Certificates”, and under “Certificate Authority” add the following text:


The username and password for the VPN connection can be found within the Client Control Panel within PrivateInternetAccess.

The Rules found at the bottom are machines I have specifically assigned to push traffic through the VPN. This means that other devices such as the PS4 and TV are not affected by the new VPN setup.

Finally - The Server Address can be one of many, depending where you want to have your location announced as - I chose Switzerland, but you can choose anywhere from Japan to Romania, America to India. These can be found here:

This connection is a 4096-bit VPN connection, so is extremely secure!