Meanderer

01/2017

IP Bill | PhantomJS | Privacy | Raspberry Pi

Meanderer is a configurable tool that uses PhantomJS and a dictionary to randomly search for and browse through websites. It will happily run on a range of systems, including the Raspberry Pi. There's a brief guide to getting things set-up and working below.

Why?

In November of 2016 the UK government approved the Investigatory Powers Bill. Among other things, it means that internet service providers are now required to keep a record of all traffic on your internet connection for a year and make that information available to an oddly large number of departments and agencies.

That's information about every website you visit, every message, every email, every search. Your digital identity. Everything becomes available and searchable; and of course governments have never "misplaced" data or seen abuses of power through a lack of oversight when handling sensitive, private information...

Along with new powers, with the IP Bill the government are retroactively making the last 10+ years of illegal bulk-data collection by the UK's security services, legal. Sadly, not only is this a massive invasion of privacy for every citizen, it is unlikely to have any real benefit.

Mass surveillance is often invoked as an essential tool in the fight against crime - especially terrorism - but there is precious little evidence for this form of 'collect it all' surveillance succeeding in preventing terrorism, or even being a useful tool to do so.

It is far more likely to erode the rights, freedoms, and privacy of everyone it touches. There's a reason that the IP Bill was quickly dubbed as The Snooper's Charter.

I'm sure the prime minister would like us all to quietly think that if you have nothing to hide, there's nothing to fear, and it can be all too easy to respond to these kind of invasions with that mindset. However, I think Edward Snowden presents a more thoughtful response:

When you say I don't care about the right to privacy because I have nothing to hide, that is no different than saying I don't care about freedom of speech because I have nothing to say or freedom of the press because I have nothing to write.

Edward Snowden, The Guardian, 22/05/2015

This project aims to highlight some of these issues, and add a bit more noise to your connection and browsing history.

Liberty and The Civil Liberties Trust are currently crowd-funding a legal challenge to the IP Bill. If you've read this far I would encourage you have a look at The People vs the Snoopers' Charter and consider adding your support there.

Usage

Get PhantomJS / phantomjs-on-raspberry-pi
Install Python 3.x
Download or clone the Meanderer code
Enter the meanderer directory and run python runner.py

The reason for the `runner` is to handle when PhantomJS exits unexpectedly (i.e. it crashes) and the process ends. It starts a PhantomJS Meanderer instance, passing along any arguments and echoing the output back to the command line, and if/when PhantomJS crashes, will start things up again.

By default, some basic information is sent to the output while running. Pass the -quiet flag when launching to prevent that.

Config

Various settings can be configured via a JSON file. Check out the type definitions in Config.hx for more information on each of the properties. For example, if you want to keep a record of what it's doing, enable the url logging and/or enable screenshot capture.

You can also specify an alternate location for the configuration JSON file when starting the program -config path/to/config.json

Requirements

This should work anywhere that PhantomJS runs, and it works nicely on the Raspberry Pi.

There are no official builds of PhantomJS for the Raspberry Pi, but it can be built from source if you have a few hours to kill... Or, alternatively, there are some pre-built PhantomJS binaries from fg2it, so you don't have to bother building it yourself.

Download the version that applies to your Pi and follow the instructions there to get it installed and running. Use phantomjs --version to verify the installation.

Build

If you want to make changes, the project is built using Haxe and the phantomjs haxelib.

haxelib install phantomjs
haxe build.hxml

Note: I chose Python (requires Python 3) as the default target for the runner since it is available on most platforms. But if you prefer, building for C++ will result in an executable command-line application that does the same job on your system of choice.

Future

There are certainly a few things that could be improved and features that could be added, but I'm happy with it for now.

It seems fine running endlessly on my Raspberry Pi 3, but I think it would be nice to add a display output option so you can hook it up to a monitor and see the current/last site screengrab along with some basic information from the tool.

All the code is available on github, and I welcome anyone to fork it to improve or add features.