Chicken Little rules the roost

By | | , , , ,
Comments Off on Chicken Little rules the roost

I’ve been reading a lot of posts regarding how ISPs will be logging every web site we visit and all of our e-mail based on an eu directive that came in to force today. I’ve also read the UK legislation and the EU directive and as far as I can make out it’s all bollox! No really it is.

The only source for the belief that ISPs will be logging web pages I can find is an article in the telegraph it isn’t in either bit of legislation. Well not unless it’s been very sneakily snuck in, in something that’s not yet online and that no one has referenced. In fact nothing that isn’t already logged will be logged, what has changed it how long the logs are kept for.

Your ISP already logs when you connect to them and what IP address they give you, if you use their mail servers they log who you send mail to and from. This is routine and is currently thrown away after a month normally never looked at unless there’s a problem. I used to look at it a lot when I worked on the abuse desk of a large well known UK ISP, and the bit they’re logging half of it’s easily forged in an way undetectable from those logs. I am quite prepared to accept this is the thin end of the wedge, but at the moment the blogosphere (gods I hate that phrase) is raging against phantoms of it’s own imagining.

There is a circumstance where ISPs might log the web sites you go to, if they force you through a proxy server, or if you choose to use a proxy server. This is however very easy to detect.
1) Go to http://find-my-ip-address.net/ make a note of what it says your IP address is.
2) Check what your IP address is on your computer if they don’t match you’re going through a proxy server. Or you have an ADSL router which is giving you a private ip address.
(Private IP addresses start 192.168., 172.16 or 10. )

If you’re running windows you can find out your IP address by opening a cmd prompt and typing ipconfig look for the lines saying
IP Address. . . .

So your web browsing habits are safe, and you can make your email safe by using an email provider in a more friendly location. Or run your own get together with some mates, bribe a geek with beer and pay 10 quid a month for a virtual server you have complete control over.

There is a lot you can do easily to reduce what they can see, but at present your web access isn’t an issue. I’d be more worried about the retention of cell phone data including call location especially in light of events at the G20 summit (“We know you called X who was outside the bank of England whilst you were at the climate camp at 11:30, now why was that?”).
For the thicker end of the wedge take a look at:
Obama’s Surveillance State Targets PCs, Laptops and Media Devices and Should Obama Control the Internet?

For the record apart from working for a few years at an ISP, I’ve also worked with most of the large UK celco’s and currently run mail for over 60 domains on my own servers, amongst a few other things.

Update Sorry the independent is also reporting that Personal web data to be stored for a year, but again only in headline and paragraph one not in the details.

0

Data retention starts today

By | | , , , , ,
Comments Off on Data retention starts today

For those of you that may not have been paying attention the EU directive on data retention comes into force today. This means that from today your ISP will be required by law (The Data Retention (EC Directive) Regulations 2009) to retain data regarding your use of “internet access, internet e-mail or internet telephony” for a year and make it available to the government on request. Technically the regulations use the wonderfully imprecise phrase:

(a) in specific cases, and
(b) in circumstances in which disclosure of the data is permitted or required by law.

so I think on request is probably a fair interpretation.

Ignoring the much simpler aspects regarding telephone calls where all telephone companies must record, who you called, when and for how long as well as in the case of mobile providers your location at the time. From the internet side of things they’ll be recording:

  • your IP address
  • Access time and duration of access (This to my mind shows up pre-broadband thinking, the longer your connection is online the less useful this data).
  • Who you’ve sent email to and when
  • Who you called via internet telephony (skype etc.) and how (Unless they snoop all your traffic which isn’t required I suspect this one applies to the internet telephony provider rather than your ISP

Of course this only applies to “public communications provider” run your own servers in conjunction with some friends and then you won’t be logged, use email providers outside of the EU and you won’t be logged (well not under this law at least). If you have a broadband connection log of as little as possible to reduce the utility of the logs and don’t use your ISP for email, as at the very least you can make it harder for them to join the dots. Also of course it’s worth noting that the original directive states
This Directive relates only to data generated or processed as a consequence of a communication or a communication service
so if you use services configured not to generate logs then nothing has to be kept.

Before we blame the EU however it’s worth remembering that it was our Government that asked them to create this rule see this Telegraph article for more background. Though the directive doesn’t contrary to that article seem to actually require that they record the websites you visit. The good news is that the ISPs and Telco’s shouldn’t put up their prices because of this, the bad news is that’s because the government our using our taxes to pay them to spy on us.

Further note despite what Anna Raccoon says and the Various comments (Same article posted to two locations), there doesn’t seem to be any requirement for usage of websites to be logged, it does seem to be “only” VOIP, email and connection to the internet that is to be logged. However if you fancy some spook baiting even though it’s probably not needed or useful then the Landed underclass has some good tips. Some Tory Lords at least are concerned about how this came into effect and where it’s going.

Will update this with further commentary as I stumble upon it, and will correct my interpretation of what is to be logged if I find an explanation of why my interpretation is wrong.

Update Further commentary:
A rather poor interpretation and udnerstanding of the directive from Himmelgarten cafe (hat tip: Charlotte Gore

Update 2
In response to the article from Himmelgarten cafe linked to above it occurred to me that it might be of interest to show people what the logs being retained typically show:

2009-04-06 17:46:02 Message-id <= sendinguser@address H=sending-hostname P=esmtp S=3115
2009-04-06 17:46:02 Message-id => <receiving-user@address> R=userforward T=address_file
2009-04-06 17:46:02 Message-id Completed

The interesting bits are the time stamps and the bits in blue, the bit in red is very trivial to forge. Also when he states that “No help is being offered on paying for the additional storage space.” that would appear to be at odds with what is stated in the directive, but for small email providers it isn’t a huge burden if you only consider the disk space and not back up facilities as each message only takes in the region of 0.5 kb to log.

-1

Trouble delivered as ordered

By | |
Comments Off on Trouble delivered as ordered

Summer of rage 09

So just as predicted if not required there was it seems a certain amount of trouble at todays G20 protests. Having been sat at home working I can only go by the reports sent in by the BBC, blogs and other media outlets. Which probably gives me as much authority to comment as most people we’ll see on TV or read in the papers.

Apart from the numpties that tried to bring an armoured car into the city, which I’d expect to encounter no small degree of interest even on the best of days. Especially when it does look so very confusingly like a real police vehicle:
Riot truck
The rest of the reported violence seems to have been to at least some extent remarkably staged managed, here we have a spontaneous bit of violence surrounded by a veritable wall of photographers.
Photo op
So it would seem that someone at least was making sure that the reporters got good images of things kicking off. There are also reports of “masked black clad” demonstrators running to the more peaceful bits of the demo (the climate camp) to make the atmosphere there more aggressive.

Given the banks that were attacked are already being bailed out by the Government, one way or another this was effectively state sponsored violence against state property. Even if the state didn’t directly provide a detailed script. With Barricades and fires being set up in the city there should be plenty more action for the mornings papers, certainly enough to drive any talk of expenses or problems at the G20 summit from the front pages. What remains to be seen is if how much more nonsense tomorrow will bring and if we’ll discover whose agenda this is all serving.

I do find myself left with one question still, what are these protesters actually protesting about? Given the mixture of interest groups and banners on display it seems that either:
a) G20 is just a convenient event for people with little to no commno ground to protest at
or
b) The protest is in favour of “Something being done” and “down with that sort of thing”

0