Slashdot Mirror
Canadian ISP Shoulder Surfing
1nfamous writes "Canada's Largest ISP, Bell Sympatico, has informed its customers that it intends to 'monitor or investigate content or your use of your service provider's networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request.' The new customer service agreement is effective June 15, 2006."
To help you surf the web without being spyed on I recommend installing Tor then installing FoxyProxy.
Tor takes care of the proxy encryption, and FoxyProxy lets you use all those proxies while you surf.
Invaluable for the privacy conscious, or rather anyone living in the 21st century.
Meet new people, and kill them.
No, HTTPS is just the HTTP application protocol transacted across an encrypted (SSL or TLS) TCP transport protocol. The only data passed in the clear is the IP#s of the remote endpoints. Once connected, the client requests the server send the identified object (eg. "GET /home_explosives.html HTTP/1.1") during the encrypted transaction.
Of course HTTPS is vulnerable to traffic analysis and attacks on HTTPS itself, but proxies and tunnelling protect HTTPS even more.
The increase in HTTPS would come from the public perception of HTTPS as more private, hindered only slightly by imperfections in the protection.
--
make install -not war
There are virtually no restrictions on the use of cryptography or encryption technology in Canada. Famously, this is the reason that the OpenBSD project is based in Canada and not the US - the extensive use of encryption in OpenSBD would mean that, amongst other things, if it were US-based its development and distribution would be severely curtailed. People distributing the software may technically even be arrested, depending on how stringently their laws were interpreted.
This proposed "warrantless" internet surveillance bill will encounter a great deal of resistance in Canada, and with a minority government it's passage is by no means guaranteed. In the event that it does become law, at least people can encrypt anything & everything they send over the internet. A law such as this, however, would be challenged in the courts almost immediately here.
Yes, we have VERY strict privacy laws. One of those laws requires that companies disclose WHAT information they're gathering, WHY they're gathering it, and WHO they're gathering it for. That same law requires that unless there is a court order, that company is not allowed to disclose that information to a 3rd party for any reason unless they have your express, written permission. IE, them saying "well, we added in to our contract a clause that lets us sell or give away your information to anyone we want" is not allowed. I worked for a bank that tried that and got slapped hard.
Basically, Bell is doing this to comlpy with the privacy laws. They're keeping your http logs (like every ISP out there), and now they're just following through on their obligation to tell their customers why they're doing it and who could possibly see it. Should they ever actually release your information, they still have to have a court order, OR your signature on a contract that specifically says who you're authorizing the release of information to, and what that third party intends to do with your information.
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
If you use Tor, you're actually going through a sequence of several proxies, using different encryption keys for each hop along the route. The first proxy in the chain knows who you are, but can't see where you're going; it can only see the next proxy in the chain. The last proxy in the chain can see where you're going, but it doesn't know who you are, because all it can see is the previous proxy in the chain. Those in the middle can't see either the origin or the destination.
Unless an attacker manages to compromise all the nodes along your route (which changes every few minutes), the Tor network can't figure out who was going where.