Landlord will be watching my data traffic, as mentioned in the lease agreement

FINAL (hopefully) UPDATE: Well after all the very interesting and valuable discussion, it seems to me as though initial thoughts were correct. From the updated question, I would say that the restrictions are pretty standard for Germany.

My recommendation is that you ignore the noise and the concerns and simply make use of the service. Unless you have some very specific security needs that you haven't shared, using HTTPS wherever possible (which is best practice anyway) is sufficient.

In any case, the other options discussed would all add overheads to your traffic which would use up your 30GB even sooner and slow things down.


There are several things you can do. Provided that the terms and conditions of use are OK with them.

You don't say what country you are in but you might want to get the terms of use checked by a lawyer since some terms may not be legally permissible anyway.

Here are four of the main ways you can protect your Internet traffic from the prying intermediate.

  1. Make sure you always only connect to HTTPS sites

    When you use HTTPS sites, the traffic is encrypted between you and the endpoint. Your landlords infrastructure will not be able to do more than examine the destination IP address, port and DNS. In particular, things like banking and health sites will remain secure.

  2. Use a VPN

    A VPN in this case is a 3rd party service that encrypts ALL of the traffic (not just web traffic as in 1) between your machine and the VPN host. This prevents any inspection of the traffic at all and it will appear as though you only talk to the VPN destination.

    Unfortunately, it is possible that common VPN end-points might be blocked or even a smart security system used that will dynamically identify VPN traffic and ban it. Check the terms of use from your landlord carefully.

  3. TOR

    TOR is a way to obfuscate connections across the Internet and is often associated with "the dark web". However, it has legitimate uses as well. Unfortunately, it can add quite an overhead to traffic and may be unacceptably slow. Typically TOR will be used for web browsing, other network traffic would not be affected.

  4. Use the Mobile network

    If you are fortunate enough to live in an area with a) good (4G/LTE) mobile coverage and b) an affordable data tariff. Then using a 4G/LTE mobile router may be an option. You can get some staggeringly good data rates.

    Don't expect to be free of restrictions though. Many tariffs don't allow device sharing, you'll need a special tariff for mobile data. You might not be allowed to use all services (like VPN's) and you are more likely to have national-level restrictions applied such as the UK's national "firewall".


It goes without saying (so I will say it anyway!) that you should ensure that you are staying within the letter of the laws of your locality & the legitimate terms of use of the landlords network. However, none of the above are illegal in most countries (well in most Western countries anyway) as long as you are not using them to do illegal activities. TOR and VPN's may possibly be illegal or at least get you unwelcome attention in certain countries.


UPDATE: Without question, the most security would be provided by a VPN.

However, that will only be useful if the landlords network allows VPN traffic. In addition, VPN's also carry an overhead so things like real-time traffic (Skype voice/video for example) and online gaming would be impacted quite significantly.

In addition, VPN's will normally come at a cost though there are some discount codes around that might help.

It is possible to set up your own VPN if you have a server on the Internet to run it on. Most VPS hosts wont allow it but some will as long as you keep it private.

The real question is - do you really need to be bothered? That's why I mentioned HTTPS first. Since this protects your information to sites and since all decent online services already use HTTPS, you might find that this is a storm in a teacup.


UPDATE 2: As some others have pointed out. There are many flavours of VPN. A commercial service will be the easiest to consume but you need to do your homework to find the best for your region. Commercial VPN's can also be relatively easily blocked both by end point and by traffic inspection. Some VPN's require specific ports to be open on the network and these might not be available. Test before you buy. In general, those offering SSL-based or OpenVPN-based are likely to offer more options and be easier to get through any blocks.

Another form of VPN is to use an SSH client such as PUTTY (for Windows) connected to an SSH server (perhaps on your own or a friends VPS). You can throw in a local SOCKS proxy client and then you will have a very configurable private VPN service. Not especially easy to set up though if you don't understand the terminology. Note that many VPS services ban their use for even private VPNs.

Another thing to note is that there are several ways for security infrastructure to spot VPN traffic and therefore block it. Known end points for commercial services and known ports for VPN types are the easiest but it is possible to examine traffic patterns and work out that even apparent SSL traffic (e.g. if using port 443 for VPN) isn't actually.


I don't want to write about the technical details because I think the options have been clearly defined by the other posts. But I'd like to contribute some thoughts on the legal stuff.

Disclaimer: I'm not a lawyer, please understand my following words as a translation of readily available texts on German laws. Before taking real actions, I strongly recommend to consult an experienced lawyer

In my opinion, the attempt of your landlord getting a blank cheque for reading your traffic is illegal. I'll explain why.

Germany has a very strict law for the protection of private data (Bundesdatenschutzgesetz aka BDSG). It prohibits not only the collection of any data without consent of the concerned persons it also shows hard and reasonable limits even if consent was given.

In detail: §3a demands "Datensparsamkeit", which translates into austerity in collection of any data. This means, anybody wanting to collect private data related to identifiable persons has to restrict this attempt to the minimum amount necessary to fulfil either legal necessities or duties from a contract with the concerned people.

Neither of these applies here. There are no legal obligations for your landlord to store or evaluate data. TKÜ (Telekommunikationsüberwachung = telecom intercept) was always in duty of the public authorities in Germany. To refer to the TKG to insiinuate anything different is a blatant lie.

The so called Vorratsdatenspeicherung (VDS, an obligation for ISPs to store connection related data for police investigations) was declared void by the highest court in Germany twice. A modified version passing legislation is still far away. Anyways this law only applies to ISPs and I doubt your landlord can be deemed as an ISP. Furthermore the VDS would only enforce the storage of IP-Addresses and connection times, never any content.

The remaining, rather difficult issue could have been the so called "Störerhaftung" which made everyone who gives other people access to the internet over his own accont liable for any damage caused by the one given access. But this specimen of case law has been toppled by the German Bundestag on 6/1/2016. Still even if liability for giving access was still in effect it would empower your landlord only to store IP addresses and connection times.

I'd suggest the following: Sign the contract and send the contract information to the responsible federal office. (Bundesdatenschutzbeauftragter / Landesdatenschutzbeauftragter) Let the relevant authorities crack down on this moron of a landlord.

In Germany it can be considered "contra bonos mores" to chisel your basic rights out of you in way like this. Having signed such a contract does not sanctionise the unlawful parts. They are simply spoken void. You can even get a temporary restraining order at a court prohibiting your landlord from performing any surveillance tasks on your connection. Prior to this you can file a reminder, but you may need an lawyer with certain expertise in this field.

addendum

Some of you may think, "why is Ariser so rabid about a landlord who is sooo nice that it lets you use its internet uplink. It's just a contract, they can write in it whatever they like, and who cares what they can see when logging?".

Because it's basically the same as saying: "To prevent our tenants from throwing used condoms, rags and hygiene products into the toilet, they agree we have a camera installed in the bowl". You all would easily refuse to sign a contract not because anybody has a problem with the prevention of clogged sewers, but because noone wants to be stared on the buttocks or genitals when washing hands. Think of it how often we have our pants down in our digital conversation figuratively. And in this case the landlord even had a personal interest because plumbers are expensive. But we won't let him watch either. In the origignal case there's nothing to bother for the landlord. The content of the transmission is absolutely of no concern for the landlord.


HTTPS, TOR and VPN have all been mentioned already. Yet, there another two viable solutions: proxying and plain tunneling (non-VPN tunneling).

Proxying

A proxy is just a server that you connect that will relay your connection to the actual destination. If you use a proxy which allows for the traffic between the proxy and you to be under TLS (e.g. HTTPS) then from the perspective of your landlord you are always connecting to the same server.

Caveat: A TLS proxy is (somewhat) vulnerable to sslstrip since you are always HTTPS connecting to the same place. And a proxy without TLS is useless to hide traffic.

Plain tunneling

This is my favourite. Assuming that you have a server (or just a simple VPS) running outside of the premises of your landlord (e.g. in some data center) you can SSH tunnel traffic between your machine and that server. This has two advantages over VPN:

  • No one can complain that you're connecting through SSH to your server.
  • Does not require anything special from the router on the way between you and your server.

Assuming *nix OSes, you can do a simple:

ssh -Y user@server firefox

And browse the internet (or use a chat program, or whatever) whilst your landlord can only see SSH traffic.

For better security it is wise to perform SSH login with RSA keys (instead of typing the password each time), and keep a note of the fingerprint in the known_hosts. No sslstrip problems because you are not using CAs.

Caveat: This may be slightly expensive in some parts of the world (VPSs are expensive in Asia and Oceania, and you need the server to be close to you to have reasonable speed); and this is slightly slower than all other options but TOR, since you are sending X11 updates over the network instead of plain HTTP(S).


Extra notes

  • Both of these possibilities are pretty similar. You are connecting to a single point which is relaying the traffic. You can even combine them (for a speed increase) by running your own proxy on your VPS.

  • A simple SOCKS proxy can be made with ssh -D <port> (sshd on the server side will act as a SOCKS proxy). This is useful for plain browsing but you need to configure the browser to use the proxy. You will need to configure the proxy settings to localhost and the port used in the ssh -D call. Ask Ubuntu has a great answer about the proxy configuration from a ssh -D call.

  • Remember to configure DNS to go through the proxy. That is often not the default setting (at least it isn't in Firefox). Allowing the DNS to go through the normal network will reveal your browsing habits to your landlord.