Slashdot Mirror
BBC To Deploy Detection Vans To Snoop On Internet Users (telegraph.co.uk)
product_bucket writes: The BBC has been given permission to use a new technology to detect users of the iPlayer who do not hold a TV license. Researchers at University College London have apparently developed a method to identify specially crafted "packets" of data over an encrypted Wi-Fi link without needing to break the underlying encryption itself. TV Licensing (the fee-collecting arm of the BBC) has said the practice is under regular scrutiny by independent regulators, but declined to elaborate on how the technique works. Dr Miguel Rio, a computer network expert who helped to oversee the doctoral thesis, said: "They actually don't need to decrypt traffic, because they can already see the packets. They have control over the iPlayer, so they can ensure that it sends packets at a specific size, and match them up. They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property." The BBC has been given such authority through the Regulation of Investigatory Powers Act.
(But *do* tell all the idiots out there who play multiplayer online games on wifi)
First off, Ethernet. Now that it's known, it's easily defeated.
Secondly, false positives. Now that hackers know what they're looking for, these will be trivially easy to implement: just send whatever traffic with the packet-size signature, and people will look like they're using iPlayer when they are not.
I think it'll be quite obvious when I notice the cat5 snaking up from a parked van to my wired network. :)
Boo.
don't use wifi!
If the BBC just proved that they need to be completely destroyed they just handed their anti-BBC crowd the ammunition to do it. Bet it won't take more then a few weeks before people start making honeypots to bait them, and wouldn't that be very fun to see in court.
Om, nomnomnom...
Only because you won a war thanks to spying on evil nazis doesnt mean you should spy on your own citizens.
I just came to say what everyone else already has - I use ethernet for streaming so fuck you BBC!
Although I don't watch it anyway - anything good appears on other streaming services eventually anyway and I'm long past caring about seeing things on day zero. I already get letters almost weekly telling me they are now in the last stages of their investigation (for not paying my license fee). They are welcome to visit anytime, but unless they have a warrant my answer to any of their questions will be " "
Will be next, to make sure you have a license for your cats......
The same way their detector vans did that detected whether you have TVs equipped for terrestrial reception, and the same way lie detectors work: They don't. They just scare you into thinking they work so you comply.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I think the UK has completely lost it's mind! Here's a novel idea that's so much simpler and how we approach it in Canada. Here we have the CBC (Canadian Broadcasting Corp) which is pretty much the same thing as the BBC - aka publicly funded TV, Radio, and Media. It is funded by the Federal taxes of all Canadian tax payers. Regardless of whether you use the CBC or not, you're paying for it. No special taxes that people must specifically pay, no special enforcement (except for maybe geo-ip), and no white vans running around snooping wifi traffic (which, here would be illegal) thanks to our Charter of Rights and Freedoms (something the UK DESPERATELY NEEDS). The UK people really get the shaft with their government and it's constant big brother mantra and it's excessive need to invade the lives of its people.
Can someone from the UK please explain to me the reason a 'TV' license still exists? It's not the 1950's!
The old TV detector vans were a hoax to scare people into getting a TV licence. Enforcement was actually done by visiting addresses with no record of a licence. This is another con.
Right, Viv - eat the WiFi!
To find me in SoCal.
Easily thwartable.
Seriously.... for the WiFi... just modify the encryption protocol so the source cannot influence the size or precise timing of the encrypted payload.
Since BBC control the iPlayer.... why not just put access controls on their website?
Users will be prompted to enter their street address and Television License ID# to link their Browser and IP address, before they can start playing content.
Also, if they don't have one, prompt them to register on the website and pay online Ala Netflix.
You mean apart from America being full of overcompensating revenge crazed heavily amed nutjobs?
Because the best government is MORE government!
Come on - PAY YOUR FAIR SHARE so we can all get MORE of this type of CRAP!
Because if we can all just give our governments even MORE money and resources TO USE AGAINST US, this is what we'll all get.
Did this change recently? iPlayer to watch catch up programs never used to require a license.
Besides all this, the answer is fairly simple. If they want to enforce license status, iPlayer should just require a login with an account the BBC can use to very status.
The candy van from limey land has come for you.
Talking about vans that snoop in Europe today are we spy? Slashdot is under control of the FBI.
ur
It is just a propaganda (should that be, conaganda?) organisation. A good response to this is to start blocking the BPC [sic] IP numbers:
IP-range/subnet 212.58.224.0/19 212.58.224.0 - 212.58.255.255
There are probably more IP numbers they use.
The number of false positives from the method they are using is going to be very high, so showing that you are actively blocking them could help with wrongful accusations. Blocking so you don't make outward connections is advisable. If you have a server blocking inwards on the IP numbers starts to send a message as well.
And, things like WEP and WPA will now be under scrutiny, if they can 'craft' packets of particular sizes. I assume it won't just be one packet size, but instead they will send a series of packets of particular sizes, and it is those sizes combined that would create the so called 'signature'. If that's the case then there is a weakness in WIFI security: packet size should not be so determinable.
The BBC Licence Fee (really, it is a tax) is 145.50 GBP per annum. A tin of baked beans and a loaf of bread after tax is about 60 pence each. A tin of beans is good for two meals, and a loaf of bread about 5 meals. 60/2 + 60/5 = 42 pence a meal. 145.50 / 0.42 = 346 meals. This is after tax if you were to remove all the taxation, that 346 meals would probably be closer to 800 meals.
So, in a way this is like the BBC coming over every day for a free (for them) meal of baked beans on bread. They are literally stealing the food from your mouths and tables, and they produce utter biased drivel. The type of 'newspeak' they use would even have O'Brien, of 1984 infamy, spinning in his metaphorical grave.
The countermeasures used in cryptography to fight differential power analysis can be used here if necessary.
In DPA, the dynamic power consumption is measured on a hardware device such as a smart card that performs crypto operations so that, when the challenge-response is begun, the card's regular crypto operations for asymmetric and symmetric encryption can be captured and analyzed using statistical correlation over many challenges and other means so that the correct keys for the device can be determined. The primary countermeasure is to introduce false operations in parallel with the actual operation at different times and with different power consumption patterns such that the correlation takes far too long for the number of challenge-response cycles.
Similarly, a countermeasure to this and for all VPN traffic is to accomplish the same thing by having an application that actively monitors the bandwidth across the physical interface used by the iPlayer and ensures that additional sources of bandwidth consumption via internal or external servers/clients are programmed. Even if the WiFi packets are monitored, the packet analysis could be much more difficult to conduct. In addition, one could randomly force routes across multiple physical interfaces at random to hop across multiple inexpensive routers that are bridged, further frustrating such efforts. In combination with a VPN, could defeat this outrageous and intrusive de facto taxation enforcement scheme.
Looks to me as if the Brits never seem to miss any opportunities to get closer to that creepy "Big Brother" state of things when it comes to privacy and surveillance, what with London already having millions of cameras canvassing every possible square inch of it.
I love when I wake up with the scent of pussy in my cock.
Harsh language and likely to be seen as a troll, I know, but fuck off. Seriously. The BBC and the British government can go fuck themselves. This is the final straw to get me to cancel my license entirely. I'll just record every series of every kids show I've got right now for a week and say goodbye. A few terabytes on loop should suffice for many, many months of mind-numbing alternative to proper parental supervision.
It's going to cost more to field these specially-equipped detector vans and the crews to operate them than they will EVER receive back in license fees.
Assume these costs:
the cost of the van ($30,000)
the cost of gas, oil, tires, and maintenance for the van per year ($3000)
the cost of the monitoring gear ($1000?)
the cost of the crew to operate the van ($20,000 per year per person?)
all associated upstream paperwork ($1000?)
the occasional accident(s) that the van will (statistically) be involved in over time ($$$$???)
So, probably a minimum of $50,000+ per year to operate...and how much will they get back? Nowhere near $50,000.
In other words, it costs more than it brings in, so it's another ridiculous sink hole for money.
Just cruising through this digital world at 33 1/3 rpm...
A Tor Project article from 2011
https://blog.torproject.org/bl...
Experimental Defense for Website Traffic Fingerprinting
Website fingerprinting is the act of recognizing web traffic through surveillance despite the use of encryption or anonymizing software. The general idea is to leverage the fact that many web sites have specific fixed request patterns and response byte counts that are known beforehand. This information can be used to recognize your web traffic despite attempts at encryption or tunneling. Websites that have an abundance of static content and a fixed request structure tend to be vulnerable to this type of surveillance. Unfortunately, there is enough static content on most websites for this to be the case. ...
They're about to change the rules to include catch up TV.
When they announced it logins was exactly the idea I thought of. It's how Netflix, Amazon etc do it so why not the BBC. All the apps it'd break would just need an update.
It's looking at packet size. Pretty trivial to alter a VPN client to always send max size MTU's via padding.
No sir I dont like it.
You mean apart from America being full of overcompensating revenge crazed heavily amed nutjobs?
Better than Islamofascist jihadis running people over with trucks, blowing up trains, shooting people, and knifing them in the street.
But hey, that's not ISLAMIC TERRORISM.
Can I just install the iPlayer chrome app or android app and watch from the US without a license?
It would be great to be able to see all those boring Ken Loach movies for free.
You are welcome on my lawn.
This is the old watermark idea that has been touted for years: rather than measure and crunch the intrinsic signal properties contained in the transmitted program, you inject or add a predefined watermark (likely a PRBS), then detect it at the other end.
Would be interesting to hear whether this has legs. Questions I have:
1. Are the packet lengths guaranteed to be untouched by the Wifi router (etc) end to end?
2. What about other data from other machines on the network, other client connections on the same machine, etc?
3. Is a directional antenna meeting RIPA requirements feasible?
"The BBC has been given such authority through the Regulation of Investigatory Powers Act."
So, granting powers to a TV station no less. What's next, outsourcing police work to OmniCorp?
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
What does the test to get a "TV License" look like?
It presumably looks like the form mailed to you when you respond to a PBS pledge drive. BBC is their counterpart to PBS, and it has made a deal with Ofcom (their counterpart to the FCC) to ban watching any broadcast TV (whether BBC or not) without a valid BBC subscription.
As a Brit, I used to love the quality programs that came out from the 70s, 80s and a little bit of the 90s. Horizon used to be a quality, science program that would present topics that required the watchers to have some decent education, but they finally bastardized to cater for lower IQ audiences. The Old Grey Whistle Test, was abandoned for Top of the Flops, John Peel struggled to keep his shows, the obscure films shown late Sunday night and analysed by cool directors faded away.
I could go on and on, but at the end of the day the BBC is just another shit TV station pouring out main stream crap that the other channels do. So they should just loose their forced subscribers and join the rest in the sector competing for advertising.
It's going to cost more to field these specially-equipped detector vans and the crews to operate them than they will EVER receive back in license fees.
You didn't get the memo: the point of the detector vans was always to make people believe that there are detector vans and that they'll get caught if they watch TV without a license. The real enforcement was always done by comparing the list of people who have bought TV receivers with the list of addresses of TV license holders, or knocking on doors or sending nasty letters and hoping they'd confess. Its widely suspected that the old detector vans were either fake or ineffective, but even if they were genuine (the theory was vaguely plausible, with old-style TV sets) I doubt the "business plan" was ever to have enough vans roaming the country to directly catch significant numbers of offenders.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
I think "Cat Detector Vans" are a more urgently needed service.
For a slightly more critical take on this than the Torygraph, there's an article in The Register that actually digs in to the subject a bit and has dug out the actual government report (which is pretty silly but doesn't quite seem to involve fleets of detector vans randomly snooping on WiFi at random).
NB: This is all because of the "iPlayer loophole" - people have been able to watch catch-up TV on iPlayer without a license and, while technically you're meant to have a license to use the Live Streaming features of iPlayer its pretty unenforceable. They're trying to have a crackdown to appease anti-BBC astroturfers and you're now going to need a TV license to use iPlayer (oh, the injustice!) If you wonder why iPlayer doesn't simply ask for a name, address and TV license number, or require a user account, then you're a very silly person who is trying to apply logic and rationality to politics.
Personally, I assume that they're going to record people's WiFi and sneak the results into the SETI@Home work queue to examine for signs of intelligent life. So, you're OK unless you're watching BBC4 :-)
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
As iPlayer is a BBC product, why do they need detector vans to determine who is streaming it? It is coming from their servers, so the they know (or could know) the IP addresses to which iPlayer is streaming. In most cases this will be the router address of the ADSL, Cable or Fibre subscriber, from which the address could be determined. Even with a detector van, if someone is streaming via a WiFi hotspot, there will be no way they could tell if the users of the smartphones, tablets and laptops have licences at their home address (and the licence covers use outside the home by equipment powered by internal batteries). Similarly with anyone streaming via 3G/4G.
Why would you waste bandwidth to pad it? You can slice up the packets and reassemble them to the max MTU size without decrypting the data.
First they came for top gear and I did nothing, then they came for iPlayer and I did nothing...
Seriously the only incentive for anyone to do this was to watch top gear. I'd think they'd be happy to have anyone watching them now legal or illegal. It's like they are trying to run themselves into the ground. Is there any other population on the face of the earth as tolerant of surveillance as the British?
What drug are you on? Have you not seen the BBC? The CBC is DEAD. DEAD, DEAD, DEAD. The BBC has VASTLY SUPERIOR PROGRAMMING. Apples and rotten mouse carcasses,
There are no AIR TV detection vans, let alone this load of bullshit. Fuck the BBC. Why should the entire country have to pay for state controlled propaganda? Let them have adverts and see how long they last with their shitty, anti-white bullshit 'programmes'.
Play a public domain recording from a legitmately held iPlayer user, capture the packets, then replay the packets whenever your wifi connection is idle. Perhaps make a OpenWRT module that does this for you.
They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property.
I live in the US, so whatever, but I have the transmission power on my AP (D-Link DAP-2660) set to just 25%. Wi-Fi works just fine everywhere inside my house but I can't detect any signal outside the house. Suck it BBC.
It must have been something you assimilated. . . .
https://www.youtube.com/watch?...
Just like the old 'detector vans' they supposedly wheeled out to detect whether you had a TV (which was impossible technology at the time (1952) and is probably still impossible) this is just another way to scare people into not dodging the licence fee.
The reason they won't elaborate is because even if it is possible, which i doubt, how are they going to prove the router belongs to me when it's pressed against the wall adjoining me and my neighbour?
The BBC has no legal right to enter your property (or even set foot on your land if you forbid it) so all they do is send you countless letters and make veiled and not so veiled threats which they cannot follow through.
Good job BBC, you wankers.
....against all of the Orwellian tyranny that has been growing rapidly there for the past couple decades? Or had the gov't locked everybody in full body restraints including rigid mitts (figurtavely, maybe starting literally?) so fighting back is now impossible?
Openvpn for android is my favourite app - it works better than the Windows version
Saying the BBC is free of govt influence WHILE AT THE SAME TIME forcing everyone in the UK with a TV to pay for it BY LAW is hypocrisy.
If you want to make it independent of govt influence, just have it funded every year by voluntary donations. If you can't fund it that way, obviously nobody (to a numerically significant number) thinks the shows are worth it.
In America, PBS will give you all the thoughtful left-leaning educated shows or news coverage you could want.
How do you check the size of the packet without decrypting the L2 frames?
I see my shadow changing, stretching up and over me...
The "detection van" urban legend has existed for decades. But OK, let us think about it : how much cost that tech and how much would it cost to *sweep* around single family home ? How much that would give back in money ? keep in mind the beeb license is "cheap" 150 pound per year and at worst they can only ask you, or make such hoax to try to convince people. Not sue you AFAIK. And that's not even counting if such evidence would even be acceptable. And that's single home family. not try to imagine that's a multi home dwelling. This is the license van hoax for this decade apparently.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
It's all over the news in the uk-"BBC closes the iplayer loophole"
Just one small thing. We're talking about the BBC. BBC != Government.
Yes! This is how you catch the terrorists. That's what this law was all about, right?
The doctoral thesis explaining the techniques upon which this detection technology relies can be found here
Are the vans painted black with "FOR YOUR PROTECTION" written on the side in a very imposing red font?
It's the TV detection van lie again, they're trying to scare people into paying BBC TV license fees.
I thought "no way would people buy this", but look, here it is on slashdot, along with gullible comments, and a daily telegraph article at that...
Standards here have really dropped.
Americans kill each other far more than terrorists kill people in Europe, and thats a good thing, thinning the herd of stupids like you.
Man didn't have the right van...
They aren't going to use the trucks to prevent iPlayer use without a license. All they need to do is require someone to enter a receipt number as a login to authenticate.
What this change will mean is that overseas people won't be able to use a proxy anymore...
TV License, Congestion Zone, VAT ... and all things stupidly British. Try shopping for goods overseas and try bringing them into the UK, you will be wacked with import duty.
##
Use some sort of proxy software. There ya go.
The packets will have extra information stored on them, which will vary the size. The packets might also be compressed, which would vary the size.
Furthermore, the proxy software might merge two small packets or split up one big one.
Why doesn't iPlayer just require a username/password or a key that you get on your license (that can only be used by a few IP addresses at once, so people don't share between homes).
Sure seems like an easier way to do it.
really??? so the propaganda you see on it every day that happens to match what the government wants you to think is a coincidence?
what a relief!!!
In a way, this is less snoopy than having a login to watch shows. At least this way, they're not tracking which shows you watch. A login would allow that.
Your ad here. Ask me how!
VPN only needs to go to the firewall so pretty much just over wifi for most people. I would doubt they would be sending to many packets to often as this would all seem to be sourced from iplayer to give the vans something to find. Mind you many VPN's allready can do compression and merging of small packets.
No sir I dont like it.
Oh come on everyone, how can anyone take this seriously. Even in the old days it was very obvious that the whole strategy was simply to worry people into buying their license. I know that it was theoretically possible to detect a faint signal emitted by a TV when switched on and receiving but I'm firmly convinced that the detector vans were nothing but dummies designed to worry people. Furthermore whenever I have met people who worked for the licensing folk they would always clam up and say absolutely nothing, neither confirming nor denying my theory. Even if they strongly suspected someone of viewing without a license they had no right of entry so unless someone chose to let them in or managed to photograph a television they could never make a case. Even if this new technique works it is still likely that it would be far too expensive to implement and pay for a fleet of vans, drivers and technicians. What will actually happen is that apart from the odd van for worrying purposes, they will look on their database for a particular density of people without licenses that makes it worthwhile to send inspectors round. Unless they have a right of entry things will stop there. If they have a right of entry and the right to seize and forensically analyse the contents of the occupant's computer then they may have a case. Since I consider the price of the license to be fabulous value, I find it much easier just to buy one.
I don't understand all this love for the BBC, weren't they just outed for protect a pedophile ring both inside the BBC and the government?
That and being forced to pay for TV in the first place is just beyond crazy.
http://www.democracynow.org/2012/11/13/bbc_scandal_exposes_cover_up_of
Is more prosaic.
It's assumed that every address has a television, therefore those addresses without a license are watching illegally.
Once they have enough in an area to justify the costs, they break out the "detector vans" (which have 7 seats in the back and no electronics) and go doorknocking. The idea is to elicit an admission or observe the TV in use. (This was long before it was farmed out to Crapita)
I know, because I've been one of the door knockers.
Yes, it was possible to "detect" TVs or radios in the dim dark past, usually by listening for the heterodyne frequencies - but the reality is that that it only works when they're uncommon devices and it will be trivial to generate spoof traffic.
The fact that the BBC's enforcement arm (which is a wholly-owned, fully commercial subsidiary) has apparently managed to obtain permission to use RIPA is far more disturbing, both because it is the first time a private company has been allowed to use RIPA and because it means they can simply hit ISPs with orders to disclose what customer is on what IP at what time - and it's a criminal offence for the ISP to send a headsup to the subject of the RIPA investigation
IE: If you want to avoid "the detector vans", use a proxy.
For a more prosaic evaluation of their level of competence: I've had a UK TV license for the last 14 years and for the last 12 years they've been sending me nasty letters threatening prosecution because I don't have a TV license. The one time an "inspector" showed up, he ran away when I started filming him.
Would love to know how this all works, sounds crazy!
Adam Personal Holiday Planner