Tech Firms Seek To Frustrate Internet History Log Law

Plans to keep a record of UK citizens' online activities face a challenge from tech firms seeking to offer ways to hide people's browser histories. Internet providers will soon be required to record which services their customers' devices connect to -- including websites and messaging apps. From a report on BBC: The Home Office says it will help combat terrorism, but critics have described it as a "snoopers' charter". Critics of the law have said hackers could get access to the records. "It only takes one bad actor to go in there and get the entire database," said James Blessing, chairman of the Internet Service Providers' Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others. "You can try every conceivable thing in the entire world to [protect it] but somebody will still outsmart you. "Mistakes will happen. It's a question of when. Hopefully it's in tens or maybe a hundred years. But it might be next week."

Re:Go ahead

What will happen is eventually, the UK will do two things:

1: Do like Pakistan and make VPNs illegal, with a long sentence for using one. This is already in place. A judge can ask someone repeatedly for a password, even an ephremeral SSL session key, and for every "no" answer, the defendant gets 4 years.

2: Do like China and block/interfere with VPN traffic. This is more subtle and easily done, with the blame lying with ISPs.

Re:Go ahead

[JustAnotherOldGuy]

. . . you will only see me connecting to random servers all around the world exchanging what seems to be random noise.

Oh yeah, that's not suspicious at all. No sireee, not one bit.

"Sir, he's connecting to random servers all around the world exchanging what seems to be random noise."

"Well that seems totally innocent to me. Everyone connects to random servers all around the world and exchanges random noise."

Re:this is a uk goverment plan

[Joce640k]

"The Home Office says it will help combat terrorism"

So would a video camera in every room of every house, but there's a reason we don't do that.

Re:Go ahead

[AmiMoJo]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

A better way to tackle terrorism

[DrXym]

Hack the sites these jihadi fuckwits gather on or set up lots of honeypot sites for that purpose. Stir liberally with agent provocateurs. Then use the ip addresses, user ids and text gathered to profile what hours they're active, who they interact with, what they're up to, what their interests are, where they most likely live and ultimately who they are. Then serve the ISP with a court order and conduct more conventional surveillance.

Or gather all the ip interactions for the 99.99999% of non terrorist related activity and get swamped with noise.

Re:Go ahead

[NotAPK]

And if any of these become legislation in the UK then good luck being competitive economically with the rest of the world. If the UK does follow through on Brexit, and pushes ahead with these ridiculous anti-privacy laws, then the economy will definitely suffer for it in the longer term.

How do these snooping policies apply to businesses?

If they make no distinction, then businesses will not tolerate it. Those that can will relocate. Those that can't will suffer for it.

If they do not apply to businesses, then the workaround is for private individuals to route all their traffic through the workplace, if they have access, or VPS's commissioned as "business grade" services.

I live in the UK and think this all sucks pretty bad. Time to leave.

Re:Go ahead

[fuzzywig]

The government could try banning VPNs, and it would work for about five minutes before practically every company in the UK calls up their MP to point out that VPNs are an essential part of their business. Closely followed by the civil service, the military and the NHS.

Re:Go ahead

[Jahta]

I expect they will try the rubber hose method first. Not literally of course, they will pick someone who uses a VPN, take their equipment away for forensic investigation and maybe throw in some child porn charges for good measure. Make their lives a misery for a few years, then eventually return their equipment wiped and broken.

It will have to be someone who is innocent, so that people get the message that innocence is no defence if you use a VPN. You will be investigated and your life wrecked, name and face in the newspapers, unemployable and unable to afford legal council.

Unlike many other countries, the UK has no written constitution (despite periodic hand-waving about "Magna Carta"). The UK parliament can basically enact any laws they want. In the past, UK citizens could take a case to the European Court on the basis that a particular law contravened the European Convention on Human Rights. However leading Brexiteers, and even the current Prime Minister Theresa May (a notional Remainer), have made it clear that they want to plug that "loophole".

Makes you proud.