Five Eyes alliance

If you’ve shopped for a Virtual Private Network (VPN) recently or if you’re interested in online anonymity as a whole, you’ve likely seen people talking about the Five Eyes. However, there seems to be a fundamental misunderstanding about how this group operates and what its capabilities are. As such, the discourse usually boils down to “avoid X service – it operates out of a Five Eyes country”.

This is a fairly reductive viewpoint, but don’t worry; we’re here to shed some light on the topic. We’ll dive deep into the history of the Five Eyes alliance (sometimes called FVEY or 5 Eyes), charting its expansion and transformation over the years, before dispelling a few common myths about mass surveillance. Most importantly, we’ll also explain what you can do to maintain anonymity while in these countries.

What exactly is the Five Eyes intelligence alliance?

Let’s start simple. The Five Eyes alliance is a group of five countries (the UK, the US, Canada, Australia, and New Zealand) whose intelligence agencies all work together to share information, usually in the interest of national security. A loose form of this alliance has been around for about 80 years, though the public only really started paying attention in 2013 after the Snowden leaks revealed the extent of America’s surveillance apparatus.

Being in this partnership comes with one major limitation: you’re not allowed to spy on the governments of other members. You can, however, monitor their citizens (provided this is done following the laws of the spying country). The resulting information can then be freely shared with other signatories, even if their laws usually don’t allow them to monitor citizens directly.

We’ve even seen situations where the rules were changed to allow foreign countries access to a wider range of information. Additionally, while countries are supposed to specifically request data from one another, there have been instances where it was simply offered.

Unfortunately, due to the secrecy surrounding intelligence agencies, there’s no way for the general public to know that these rules are being followed. Further, they have an extraordinary broad scope of powers, making it extremely difficult to hold them to account.

Are any other countries involved?

Absolutely. Since its inception, the Five Eyes has expanded twice (that we know of). The first time, it added Denmark, France, Norway, and the Netherlands to become the Nine Eyes. Later, Belgium, Germany, Italy, Spain, and Sweden joined, bringing us up to 14 Eyes. This partnership is also known as SIGINT Seniors Europe, or SSEUR.

Believe it or not, we’re still not done. Individual nations may have additional data-sharing agreements with countries that aren’t officially signed up. Further, countries like Japan, Iceland, and Switzerland have previously collaborated with the 14 Eyes to exploit computer networks.

What does this mean for citizens of Five Eyes members?

Most countries have some sort of protection in place to prevent the government from spying on its own people. However, due to a loophole in the way the Five Eyes works, these rules effectively go out the window. Essentially, anything you do online could theoretically be recorded and shared with every member of the 14 Eyes.

You’re not safe just because you live elsewhere. In fact, foreign countries like Iran and Russia are known for their history of cyber-warfare and could theoretically already be monitoring your activities. These governments aren’t limited in the same way as Five Eyes members, don’t seem to care about sanctions, and have repeatedly imprisoned people who try to bring legal challenges against the government. In short, once they have your info, they can do whatever they want with it.

Is online anonymity possible if I live in a Five Eyes country?

Yes, but it requires you to make a conscious effort to keep your data secure. On the plus side, unless you’re an international crime kingpin, you’re probably not important enough to even be on the authorities’ radar. Also, if it really wants to, the government can probably find out just about anything about you. Still, you can make it more difficult and as a bonus, the steps below will help protect you from a far more realistic threat: cybercriminals.

Use a reputable no-logs VPN

Virtual Private Networks (VPNs for short), are tools that encrypt your internet traffic and hide your real IP address. This not only prevents snoopers like the government from seeing what you get up to online, but also prevents ISP throttling and stops websites from learning where you are in the world.

Every VPN is different, so it’s important to choose wisely. For maximum protection, you’ll want a VPN with uncrackable encryption, a proven no-logging policy, and additional privacy tools such as a kill switch, obfuscation, or automatic tracker-blocking.

We recommend NordVPN: it’s quick, reliable, and capable of handling any day-to-day task without breaking a sweat.

WANT TO TRY THE TOP VPN RISK FREE?

NordVPN is offering a fully-featured risk-free 30-day trial if you sign up at this page. You can use our top VPN with no restrictions for a month. This’ll let you try out its obfuscated servers and anti-tracking features while seeing if it’s the right service for you. 

There are no hidden termsjust contact support within 30 days if you decide NordVPN isn't right for you and you'll get a full refund. Start your NordVPN trial here.

Adopt privacy-first services

It’s no secret that large tech companies collect a ridiculous amount of information. Even if you’re fine with giving this, it poses real problems since no database is completely secure. If a multi-billion dollar organization like Facebook can’t keep your data safe from criminals, what hope do smaller platforms have?

That’s why we recommend switching to privacy-first alternatives wherever possible. There’s no shortage of options; you can replace Google, Gmail, and Chrome with services like DuckDuckGo, ProtonMail, and Brave for starters. Alternatively, check out this fantastic list of privacy-conscious services for a brief overview of what’s available.

Carefully consider what kind of information you’re making available. Consider whether you’ve been oversharing on social media, install an ad-blocker to prevent advertisers from following you across the web, and try not to do anything sensitive (like banking or online shopping) while on public wifi.

Secure your accounts, apps, and devices

Every service or device you use is another way for a hacker to target you. First, enter your email address into HaveIBeenPwned to see if any of your accounts have been breached in the past. Then, it’s a good idea to go back and delete any accounts you haven’t used in a long time, while changing the passwords on any you use regularly (we’d suggest using a password manager to remember all of these for you).

The next step is to activate two-factor authentication whenever you can and set some time aside to update your apps. You may even want to encrypt your hard drive so that your files are secure in the event that your device is lost or stolen. Remember: the less data an outsider can access, the lower your chance of cyberstalking, identity theft, or real-world harassment.

I’ve got nothing to hide – why should I care about surveillance?

This is a reductive viewpoint but it’s so common that everyone from Edward Snowden to Amnesty International has argued against it. Everyone, whether you’re an ordinary citizen or a saint, has something they’d rather the world not know about.

Let’s say you buy into the idea that the government has your best interests at heart and that it only monitors people to prevent crime or other national catastrophes. What if the opposing political party won the next election – would you still trust them to use their powers responsibly?

Putting aside the finer details, Neil M. Richard’s The Dangers of Surveillance notes, “most forms of surveillance seek some form of subtler influence or control over others”. He’s not just talking about discouraging certain activities, either, with a large section of this paper devoted to covering state-sponsored blackmail, discrimination, and coercion. Few would argue that Dr. Martin Luther King was doing anything wrong during the push for civil rights, and yet he still had his phones tapped by the FBI.

Digital surveillance: popular myths busted

Myth #1: The government can break any form of encryption

Make no mistake, intelligence agencies are extremely good at breaking codes and solving problems. However, the beauty of modern encryption systems is that they’re mathematically designed to be uncrackable with the hardware that’s currently available. If someone tried cracking a standard AES256 key, for instance (the encryption method used by most VPNs), humanity would probably go extinct before they succeeded. This could change as more powerful quantum computers become available ,but when that happens, cryptography will rapidly adapt to offset it.

Myth #2: The government takes good care of the data it collects

You’d think that, given the secretive nature of mass surveillance programs, information about them and the data they gather would be extremely difficult to access. However, the reality is that you don’t even have to be a government employee, so long as you have the right clearance.

How do we know this? Because whistleblower Edward Snowden was able to access confidential information about the government’s spying even though he was a contractor. There also appears to be a lack of accountability when it comes to the intercepted data – Snowden revealed that auditing processes were severely underwhelming and that intimate pictures of subjects were routinely passed around by employees, something that the NSA did not deny when confronted.

Myth #3: Officials can’t learn about my online activities without a warrant

In many countries, including the US, you do need a warrant to install wiretaps or intercepting communications. However, this just means that investigators have to convince a judge that such measures are proportionate and necessary. If one judge disagrees, authorities can simply ask another. Additionally, this limitation is only for targeted surveillance. If the government has a mass surveillance program in place, they can search for a subject at will.

Of course, this assumes that everything is done by the book. Most ISPs, social media sites, and telecoms companies keep records of their customers’ activity. Sometimes, all investigators have to do is ask, and they’ll be given whatever information they need. Finally, a huge amount of data is just available for sale – advertisers build profiles about each user, monitoring the sites they visit and which topics they search for. For the right price, they have no qualms about selling this info, even to organizations that should really require a warrant to access it.

Disclaimer: Although we’ve spent hours researching this topic, we are not legal experts. As such, nothing we’ve said above should be taken as legal advice. We encourage you to consult local laws to learn more about your country’s data-retention regulations and the legal oversight that governs them. 

Myth 4: My country doesn’t monitor its citizens’ online activities

That’s debatable. Without access to each government’s internal communications, we are working with an incomplete understanding as to each country’s surveillance landscape. Even still, the information we do have paints a concerning picture of our right to anonymity.

The vast majority of countries have some form of government data-collection program in place, even in locations with robust privacy legislation. Freedom House’s latest report reveals that more than 20 countries are actively hostile to privacy and freedom of expression, with many more capable of monitoring your activities under the right circumstances.

Myth #5: Country-wide surveillance is only used to keep us safe

You’ll often hear that surveillance is a necessary evil since it helps authorities prevent acts of terror. Conveniently, the people saying this are often against end-to-end encryption or any other tool that helps users take control of their online privacy.

Here’s the reality: 50 U.S. Code § 1881a allows intelligence services to “review, without a court order… information acquired under subsection (a) that was reasonably designed to find and extract foreign intelligence information, regardless of whether such foreign intelligence information could also be considered evidence of a crime.”

You might argue that this only applies to foreign citizens, but remember: if an American messages someone outside of the States, the contents of their communications then falls under the scope of the above provision and is fair game.