Slashdot Mirror
Canadian ISP Shoulder Surfing
1nfamous writes "Canada's Largest ISP, Bell Sympatico, has informed its customers that it intends to 'monitor or investigate content or your use of your service provider's networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request.' The new customer service agreement is effective June 15, 2006."
... Big Brother
Prove that you no longer have the keys, otherwise you go to prison for a set period of time. Thats the law under the RIP II Act.
To help you surf the web without being spyed on I recommend installing Tor then installing FoxyProxy.
Tor takes care of the proxy encryption, and FoxyProxy lets you use all those proxies while you surf.
Invaluable for the privacy conscious, or rather anyone living in the 21st century.
Meet new people, and kill them.
Crypto's perfectly legal here, as far as i know there aren't any laws (yet) that say we have to hand over the keys..
MABASPLOOM!
No, HTTPS is just the HTTP application protocol transacted across an encrypted (SSL or TLS) TCP transport protocol. The only data passed in the clear is the IP#s of the remote endpoints. Once connected, the client requests the server send the identified object (eg. "GET /home_explosives.html HTTP/1.1") during the encrypted transaction.
Of course HTTPS is vulnerable to traffic analysis and attacks on HTTPS itself, but proxies and tunnelling protect HTTPS even more.
The increase in HTTPS would come from the public perception of HTTPS as more private, hindered only slightly by imperfections in the protection.
--
make install -not war
There are virtually no restrictions on the use of cryptography or encryption technology in Canada. Famously, this is the reason that the OpenBSD project is based in Canada and not the US - the extensive use of encryption in OpenSBD would mean that, amongst other things, if it were US-based its development and distribution would be severely curtailed. People distributing the software may technically even be arrested, depending on how stringently their laws were interpreted.
This proposed "warrantless" internet surveillance bill will encounter a great deal of resistance in Canada, and with a minority government it's passage is by no means guaranteed. In the event that it does become law, at least people can encrypt anything & everything they send over the internet. A law such as this, however, would be challenged in the courts almost immediately here.
HTTPS has a disadvantage over HTTP in that virtual hosting is harder to achieve: all hosts on the same IP address would share the same certificate. There are (more) recent RFCs which don't have widespread support, which I'm sure some helpful people will point out in due course.
All HTTPS traffic is encrypted, however, so the advantage of the existing method is that the full URL is hidden. It's an easy matter to trace DNS lookups to find what virtual hostname you were requesting, and which IP address the data's coming from, of course.
The sad thing is that essentially all Canadian (over the phone) ISPs essentially ARE Bell. The others are just Resellers. Primus? Nope, they resell Bell. (I know, I worked there). This is because Bell owns nearly all the phone lines in the country. So switching providers won't get you out of it. It's also the reason why when you call your provider, their Tech support can't do Jack-All when Bell is having an 'outage'.
This is an outrage. And here I thought that all the news about it happening in the US was not affecting me... so much for that.
Yes, we have VERY strict privacy laws. One of those laws requires that companies disclose WHAT information they're gathering, WHY they're gathering it, and WHO they're gathering it for. That same law requires that unless there is a court order, that company is not allowed to disclose that information to a 3rd party for any reason unless they have your express, written permission. IE, them saying "well, we added in to our contract a clause that lets us sell or give away your information to anyone we want" is not allowed. I worked for a bank that tried that and got slapped hard.
Basically, Bell is doing this to comlpy with the privacy laws. They're keeping your http logs (like every ISP out there), and now they're just following through on their obligation to tell their customers why they're doing it and who could possibly see it. Should they ever actually release your information, they still have to have a court order, OR your signature on a contract that specifically says who you're authorizing the release of information to, and what that third party intends to do with your information.
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
See here. I bet there are a whole bunch of good, small ISPs where you are. I am with a small ISP and they are a refreshment after Rogers (local cable, 40% packet loss at peak times) and Bell. No phoney "unlimited" accounts, all ports open, servers allowed, static IPs available, no scripted $7/hr bots on the phones, SLAs available...
look.ca offers a high speed service that does not use phone lines (dsl). It uses microwave towers and requires line of sight and a small antenna. This is kind of a secret as most people I tell either don't know about it or believe it's out of business. It's not. Being wireless it's not effected by power outages, I know as I've surfed during the last few. I just plug the modem and my laptop into a UPS. In a traceroute to my co-lo server I don't see any bell routers just a few owned by look then the big pipe. If you are lucky enough to be in view of one of the towers (one is on the CN Tower which should cover a lot of Toronto) They also offer TV and a higher speed, fixed IP service.
the reason why openbsd holds their hackathon in canada is because of crypto legislation (or lack thereof). here's my source: http://en.wikipedia.org/wiki/Hackathon
2 1337 4 u!
If you use Tor, you're actually going through a sequence of several proxies, using different encryption keys for each hop along the route. The first proxy in the chain knows who you are, but can't see where you're going; it can only see the next proxy in the chain. The last proxy in the chain can see where you're going, but it doesn't know who you are, because all it can see is the previous proxy in the chain. Those in the middle can't see either the origin or the destination.
Unless an attacker manages to compromise all the nodes along your route (which changes every few minutes), the Tor network can't figure out who was going where.
You can use any of these DSL providers. Vote with your dollars people.
The chief difference between Canada and America? At least the Canadians get fair warning. June 15th, the date this went into effect, was two weeks ago, and the Globe and Mail article was posted yesterday. So either Bell Sympatico told people with little to no warning, or the Globe and Mail didn't bother to run this until everything was said and done. Either way, this sucks. Matter of fact, I'm a Sympatico Customer, and this is the first I've heard of it. You do the math.
Truecrypt has an option to hide an encrypted volume within the random-ish data of another. You have a different password for each, and they suggest leaving sensitive-looking stuff in the outer one. See, I showed you what was there, can I go home now?
Ironic that Bell Security Solutions (a division of the very same Bell Canada) has been funding Tor development. No, put your tin foil hats away: there is no way for Bell to get any sort of "backdoor access" nor is there any indication that they want to. Probably Bell's legal department just wanted to be up-front with their customers for when (if?) the Modernization of Investigative Techniques Act gets revived in the autumn. PIPEDA privacy legislation probably makes such open disclosure obligatory, even when the third party requesting the information is the government.