Tech Firms Seek To Frustrate Internet History Log Law

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories. Internet providers will soon be required to record which services their customers' devices connect to -- including websites and messaging apps. From a report on BBC: The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter". Critics of the law have said hackers could get access to the records. "It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others. "You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. "Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

this is a uk goverment plan

...........to increase the general use of VPN's

Re:this is a uk goverment plan

[Joce640k]

"The Home Office says it will help combat terrorism"

So would a video camera in every room of every house, but there's a reason we don't do that.

Re:this is a uk goverment plan

[Pig+Hogger]

So would a video camera in every room of every house, but there's a reason we don't do that.

That would be double plus good!

Go ahead

Anybody with half a brain is using VPNs anyway. Go right ahead and inspect all my activity, you will only see me connecting to random servers all around the world exchanging what seems to be random noise. The only people who will be hit negatively by this are facebook-using idiots and other related scum, we've never needed them on our internet anyway. Let them suffer, they don't know how to use it anyway.

Re:Go ahead

What will happen is eventually, the UK will do two things:

1: Do like Pakistan and make VPNs illegal, with a long sentence for using one. This is already in place. A judge can ask someone repeatedly for a password, even an ephremeral SSL session key, and for every "no" answer, the defendant gets 4 years.

2: Do like China and block/interfere with VPN traffic. This is more subtle and easily done, with the blame lying with ISPs.

Re:Go ahead

[JustAnotherOldGuy]

. . . you will only see me connecting to random servers all around the world exchanging what seems to be random noise.

Oh yeah, that's not suspicious at all. No sireee, not one bit.

"Sir, he's connecting to random servers all around the world exchanging what seems to be random noise."

"Well that seems totally innocent to me. Everyone connects to random servers all around the world and exchanges random noise."

Re:Go ahead

[AmiMoJo]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

Re:Go ahead

[NotAPK]

And if any of these become legislation in the UK then good luck being competitive economically with the rest of the world. If the UK does follow through on Brexit, and pushes ahead with these ridiculous anti-privacy laws, then the economy will definitely suffer for it in the longer term.

How do these snooping policies apply to businesses?

If they make no distinction, then businesses will not tolerate it. Those that can will relocate. Those that can't will suffer for it.

If they do not apply to businesses, then the workaround is for private individuals to route all their traffic through the workplace, if they have access, or VPS's commissioned as "business grade" services.

I live in the UK and think this all sucks pretty bad. Time to leave.

Re:Go ahead

[fuzzywig]

The government could try banning VPNs, and it would work for about five minutes before practically every company in the UK calls up their MP to point out that VPNs are an essential part of their business. Closely followed by the civil service, the military and the NHS.

Re:Go ahead

[Jahta]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

Unlike many other countries, the UK has no written constitution (despite periodic hand-waving about "Magna Carta"). The UK parliament can basically enact any laws they want. In the past, UK citizens could take a case to the European Court on the basis that a particular law contravened the European Convention on Human Rights. However leading Brexiteers, and even the current Prime Minister Theresa May (a notional Remainer), have made it clear that they want to plug that "loophole".

Makes you proud.

Re:Go ahead

[AmiMoJo]

The worry is that some post-truth arsehole will come along and convince people that they want to act against their own best interests, like Brexit. They will campaign on the grounds of safety, catching terrorists and paedophiles, and after all if you have nothing to hide you have nothing to worry about.

I'm more convinced than ever that we need to use technology to build secure systems, because we can't rely on democracy to protect us from abuse.

You are right, it's time to leave.

Re:Go ahead

[gweihir]

Well, establishing full-blown fascism in the west is not easy today. What they have done with the snooper's carter is an important step on that way. So kudos for effort. Of course, I hoper these evil fuckers get reincarnated as cockroaches for the next hundred million times or so.

Re:Go ahead

[AHuxley]

The UK could later go after any UK bank with a CC linked to any VPN as allowing circumvention of ISP policy.
Any VPN in the EU, NATO member might have to help thanks to national treaty obligations (UK in the EU or not). National telco laws are often secret and have to be followed without much public comment.
The US, Canada, NZ, Australia would help by default or have laws that make network retention equal to that of the UK.
A method would be to cut off VPN's from UK banks and then hint that banks that want access to the UK not work with VPN's and VPN host nations that still help hide UK users.
The final offer would be a deal with a trusted VPN to work with the UK gov on all UK ip's. A bit like a US NSL but much more direct and with onsite UK hardware globally.
Work with the UK gov as a VPN and enjoy promotion, full banking services and be allowed to attract UK accounts.
By allowing a few international VPN's to work well in the UK, word would soon be spread about a quality of service and no payment issues. Tracking would then be very easy thanks to a few deals with say 10 or 20 trusted global VPN brands. All other real VPN's would have issues and endure constant negative reviews, tech issues, comments to herd UK users to VPN's that are UK gov friendly.

Re:Go ahead

[JustAnotherOldGuy]

Being "suspicious" in somebody's eyes is not a crime, it's not even a misdemeanor.

It may not be a crime, but it's often treated like it's a crime.

Go look at some of the First Amendment audits* on Youtube and let me know if being "suspicious" is treated like it's a crime or not. (SPOILER: It often is.)

* Some channels to try: "News Now Houston", PINAC, "The Battousai", or HONORYOUROATH

Hackers

> Critics of the law have said hackers could get access to the records.

While well-intentioned, this is the totally wrong way to go about it. It's a technical argument to a problem which is political.

The point is, that in a modern state of Law, law enforcement has *no fucking business* in mass-surveilling people without a probable cause. And just because technology makes that possible these days, still: *no fucking business*

(And if you are really to discuss technical dangers, the real elephant in the room is: what happens if your state slides into some totalitarian mess? Unrealistic, you say? Watch closely what's happening in Turkey. Watch how easily "state of exception" is implemented in e.g. France because of "terrorists". The "hacker" scenario is really lame).

Re:Hackers

The hacker scenario doesn't need to be invoked, because this kind of mass scale invasion of privacy should be unacceptable in the first place. If you don't collect huge amounts of digital records for God only knows what reason, you don't have to worry about hackers getting their hands on them. We don't need arguments about how this can and will be misused though, because it is fundamentally unacceptable, on a principle.

It's like trying to argue that ethnic cleansings should not happen because they lead to a large reduction in workforce and hits to economy. While technically true, that is evading the core of the issue, and the fact that this situation should not be even considered in any circumstances, no matter what its outcome is. If mass snooping was able to prevent, say 5 terrorist attacks per year (it isn't, but let's say for the sake of argument), it still wouldn't be acceptable.

Re:Hackers

[AmiMoJo]

It's not just law enforcement that will have access to this data. Trading Standards and various other organizations will too. Snooping through someone's emails is a great way to see if they were selling dodgy microwave ovens, much easier than having to actually physically examine one.

Re: Hackers

[pakar]

Having someone following you around, doing recording with you as the main subject, can be classified as harassment.

What i would expect is some type of privacy if being on public land out in the middle of nowhere, but expecting privacy when on a public street in the center of a city is quite absurd..

Ie, if i see other people around me i do not expect privacy.. If i don't see any people or cameras (or signs about cameras) around me i do expect some type of privacy.

Re:Tell us how great Europe is, please!

The European Parliament is the only government-like structure in the world that actively and consistently stays on the side of consumers in all its proceedings. This is why UK wanted out of EU, they weren't progressing towards nightmarish totalitarian dystopia nearly fast enough for their liking.

Think about the children

[LordWabbit2]

Think about the children seems to be getting swapped for "Think about the terrorists!"
This is such a bad idea, but hey, when it's up and running I wouldn't mind a look in that database, I'm sure just 30 minutes with it and I would have enough blackmail material to retire.

Re:Think about the children

[K.+S.+Kyosuke]

Why not both?

A better way to tackle terrorism

[DrXym]

Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose. Stir liberally with agent provocateurs. Then use the ip addresses, user ids and text gathered to profile what hours they're active, who they interact with, what they're up to, what their interests are, where they most likely live and ultimately who they are. Then serve the ISP with a court order and conduct more conventional surveillance.

Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

Re:A better way to tackle terrorism

[jimbolauski]

Your pretty optimistic if you think any of the data is going to be analyzed in real time. The data will be manually scanned after an attack to try to find accomplices. The throughput and/or competency to be able to analyze that much data is not something I'd expect from bureaucracy laden entities. For example all retirement paperwork for the federal employees in the US is managed by 1000's of people in a giant cave where the data is stored in filing cabinets. 3 or four attempts to digitize records and automate the process have been unmitigated disasters.

Re:A better way to tackle terrorism

[AHuxley]

The profit is in all the help needed with the "related activity and ... noise.". Any gov has a few mil teams that can track the interesting people.
Why have a few elite gov staff get overtime tracking sites, languages and nations?
That secret gov funding is closed, secret and locked up for generations.
Think of the domestic overtime, funding, legal teams and contractors needed to watch an entire nation every year, 24/7.
The new optical taps, the hardware, software, logs, 24/7 on call, support, keyword searches and political gratitude after reporting local protesters.
To build and look after a vast new domestic spy system that is open court ready is great private sector growth.
Staff ready to present logs to open court everyday. Entire new sectors of profit to be funded by gov and ISP users.

Re:A better way to tackle terrorism

[strikethree]

Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

I get your point; however, this is not about finding terrorists. It is about being able to know about YOU as much as possible when, not if, you end up on THEIR radar. I suppose it is possible that the politicians were sold this package in the way you describe, but is is clear that whomever designed this legislation did not do it for catching terrorists. It would be like shooting at a fly with a shotgun. It could work, but really, there are much more effective ways of killing flies.

Yup because nobody every figured out this problem

[silas_moeckel]

Ya know back in the 80's one way fiber a static mac and arp entry with UDP. That is about as one way as things get. Not impossible to hark just rather hard. It works great for syslog actualy.

No it does not insure that the data is received or that it was not tampered with, but the treasure trove is the long term storage not what people are doing right then.

Mind you the whole things is a bit moot less and less traffic is not encrypted.

Re:Noise Generator Needed

UK user here.

I've been doing this for months. Nearly 400,000 visits logged. Hoping to hit 500,000 by new year.

That aside, I'm interested in the UKs new insane plan to have the BBFC rating websites and blocking those which fail. (And yes, they do plan to go through with this...)

They're also going to be blocking non-conventional porn sites too. (E.g. spanking, female ejaculation, etc.)

commentsubject

[Falos]

>The Home Office says Because Terrorism
Stopped reading there. Partly because my bullshit meter overflowed and needs to reboot.

Okay it's online again. It should be fine until someone pretends the golden DB will be safe from hackers. The previous exposure should insulate it when the next member of the Ministry of Truth says Because Thinkofthechildren or Because Illegaldrugs.

Overload it.

[Pig+Hogger]

Let’s just overload the system. Let’s have an application that requests 10 random websites every minute (but cut the connection as soon as 10 bytes come in, so to save bandwidth), 24/7. With 14,400 websites per day per user, the logs will quickly overflow, and it will become more arduous to snoop on people. Better yet, le 10% of those websites be questionable websites; when everyone is guilty of browsing questionable websites, no one is guilty of it.

Re:Overload it.

[Agripa]

Leave a web crawler running.

Re:Yup because nobody every figured out this probl

[gweihir]

Slight other problem: You cannot request specific data, i.e. no web, email or really anything else. Are you drunk?

Re:Yup because nobody every figured out this probl

[silas_moeckel]

No you walk into the room with the data and query it. Not sure on the UK but in the US you get to charge outrageous prices to handle subpoena's so not like the manpower is an issue. Is it realy that hard to go access a locked room?

Re:Well...

[AHuxley]

Re 'Who wants to visit a country where ... you get monitored 24/7"
Select a VPN and hope the GCHQ does not find you interesting....
Any consumer VPN will not hold up to the CGQH.
Hope the UK gov does not do a secret deal with the very distant and safe VPN that had the best reviews for use in the UK.
Do not enter or exit the UK with any computer like device due to the risk of a "random" inspection and gov OS upgrades during a search.
Buy local hardware after arrival, get your own networking, install a new OS, VPN using secure and trusted international methods.
Send and get any data via the VPN, but no local storage at all. The laptop gets booted into a safe OS but keeps no local data.
Avoid any offers of free wifi or network deals. Buy your own networking and only use your VPN and safe OS.
Exit the UK with a few books (paper) and clothing. Get a phone for a game or photos on the last day just to fit in with everyone else waiting to exit.

A petition to oppose, educate and inform

[flashquartermaster]

I believe we need to disseminate the information necessary to make this unworkable https://www.change.org/p/reque...

Re:Tell us how great Europe is, please!

[cshark]

Yeah, right.

If Sweden were a US state, it'd be like the 35th wealthiest by purchasing power.

But you go ahead, keep telling yourself European-style socialism is wonderful.

It's interesting you mention that. We don't really think of Sweden the way we think about Kansas and Nebraska. Maybe we should. Puts the whole thing in perspective.

Official Parliamentary Petition

[flashquartermaster]

This petition is currently getting a signature a second by my reckoning. https://petition.parliament.uk...