Of course, what I mean is "How can NORMAL PEOPLE THAT WANT TO MAINTAIN SOME PRIVACY IN THEIR OWN HOME bypass the IP Bill"?
So, I'll explain a few ways you can use the Internet and communicate reasonably privately. These are not new. These are explained in guides for journalists and freedom fights in oppressive countries. As an oppressive regime is something the UK is clearly aiming for, it is no surprise that these methods are the same. They can also be found in terrorist manuals, again, unsurprisingly.
Firstly, if you really are a terrorist or a criminal, please stop it now.
Simple instructions - time/place, etc.
If you want to send a simple instruction to your friends, perhaps because you are starting a video game or something, maybe “On est parti on commence.” then there are simple ways to do this and you can easily encrypt that message in totally uncrackable ways without even using a computer (see my simple encryption video). Of course, you can even just pre-arrange that when you say "elephant" in any message, that is the message to get started - you don't need encryption in any way at all. So none of the following really matters if you are sending something really simply like this - you could even use plain old SMS.
This is just hacking your computer, but legally! If you are a suspect they may have hacked your machine, or your web cam or whatever, so you are probably stuffed. Using good practice for security and firewalls and sensible use of the Internet may help avoid that happening. You may want good locks on your doors too. The best thing is not to be a suspect in a crime, if you can.
Accessing web pages
The simplest way to access web sites privately is to us Tor. This is a development funded by the US navy originally. You can download a Tor browser and use it. The browsing is bounced around multiple nodes on the Internet, many of which may not be in the UK, and all of that communications is encrypted. Each node only knows the next node, and they do not log anything. Eventually the data leaves an exit node - which could be anywhere in the world, and goes to the web site. The web site does not see your IP address, it sees the exit node's. The browser may leave some fingerprints of who you are, but a Tor browser would try not to. Obviously if you give a web site any details yourself then they will know who you are or claim to be. But the IPBill will only log that you are connecting to random nodes on the Internet, and that maybe you are using Tor. The ISP retention stuff will not show where you went on the Internet.
Using secure sites
Using an https (secure) web site outside the UK should be safe from the content being logged, but the fact you visited the site can be snooped. At present the name of the site may be too, but protocols are improving. Depends if you want to protect the content or meta data.
Sending and receiving email
For the content of email this is easy, get one of the PGP email plug-ins for your mail client. May be listed a GPG or GNUmail or similar. They talk an encrypted email protocol. Read up on handling keys properly and check the keys of your friends are really theirs. This protects the content of the email. Importantly it does not protect the subject line or the from/to email addresses. That could all be logged.
However, there are simple ways to protect the to/from and subject and so on - using encrypted links from your phone/PC to your email servers. This is normal, using imaps and smtps, and many mail services allow this. Or use https to a web mail system. But beware - the mail server may have logs, and if in the UK they could be collected under the IP Bill. To avoid this you need to run your own mail server - which is really not that hard (google it). You also need your friend to run their own mail server too. The snag then is that they can see this encrypted connection between your email server and your friends so assume you are communicating. Using Tor will help hide some of that too.
An alternative is use a common mail server in a sane country and use smtps and imaps to talk to it, and hope that country is not handing over logs to the UK. I don't know if there are email services in North Korea, but if there are you can bet they don't send logs to the UK.
There are a number of end to end encrypted messaging apps for phones, but even iMessage should be mostly safe unless Apple get coerced in to unlocking it. All the snooping will show is you are talking to Apple - it may not even be obvious you are using iMessage. There are also Tor messenger that makes use of message systems like irc but encrypts message and hides the parties to the chat channel.
Tricky - some things like Apple FaceTime are as safe as iMessage, to probably quite good. Some apps exist like Signal which help ensure content of calls is secret, but the fact you are using Signal will probably not be. The biggest issue is that any calls to or from the normal phone network are already logged. Same with SMS to or from the normal phone network. Using foreign SIP gateways and a VPNs to get to them could make it hard to link the calls to you though. It depends a little if you just want to protect the content of the calls, or the meta data (the fact you made a call, when, and who to).
One on the all encompassing methods it simply to make use of a VPN. This is an encrypted link to some point on the Internet. From there it is normal Internet traffic and all of the above may be useful, but if the VPN endpoint is in another country then that bypasses the IP Bill. The snooping shows only that you connect to that foreign endpoint using a VPN, not what you are doing.
Two main ways to make a VPN. One is to buy a VPN service. There are quite a few now, and some will allow connections via various countries. For a few quid a month you can make all of your Internet go via this.
The other way is to buy a cheap VPS (a virtual server) which is a computer on the Internet, and then install a VPN application on that server. Again, only a few pounds a month. This is then in your total control, but works in the same way. Of course if you and your friends all connect to a dedicated VPN endpoint like this, then the snooping shows you are connected somehow. Using a commercial VPN endpoint will hide that.
Either way you can make your phone or PC talk directly to the VPN endpoint, or you can even get some home routers now that handle IPSec (a VPN protocol) to put your whole house and wifi on the VPN.
The other end
Remember, if you are communicating with anyone, even a web site, the other end sees the communications. If they are compromised, hacked, or simply untrustworthy, they can reveal your communications. In some cases, such as Tor to a web site, they don't know who you are or where you are, but for email and messaging and so on, that is not so easy. Anonymity is a who other area of privacy which I am not going to try and cover here.
Yes, there a load of ways to make the logging in the IP Bill totally pointless. A lot of people would not bother with even these simple steps, but any criminal with any sense whatsoever will be able to hide what they are doing with ease. The real victims of the invasion of privacy will be the innocent citizens of the UK.
However, please, politicians, take this in the way I mean it - as an example that shows the futility of this endeavour. Concentrate the effort and money where it matters - police on the ground - following the leads you already competently get - stopping crime without invading privacy.
Quote of the day from the A&A irc channel:
I actually already do tunnel almost all my internet stuff
through a VPS, to deal with general local ISP rubbishness (e.g.
dynamic IP address, lack of IPv6) and very localised
surveillance/tampering (e.g. a dodgy wifi hotspot) rather than
to try to hide from the UK government.