Big Bruvver
Sucks. Period.
Ah well. VPN to the rescue as ever.
The UK's Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty's stamp of approval before becoming law. Also known as the Snoopers' Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British …
This post has been deleted by its author
This post has been deleted by its author
I am no security expert. What we need from one of you frighteningly clever chaps is an idiots guide to setting up this vpn
Most providers have simple HOWTO guides for it, it's not that hard.
However, I would keep on searching if I were you. When you choose a provider to protect your privacy, you should IMHO expect them to take reasonable care to indeed protect your privacy - all of it.
Sadly:
www.citizenvpn.com: runs on Rackspace servers in the US
mx citizenvpn.com: all their email is handled in the US, possibly Yahoo.
No thanks. Next!
Yes it would.
Your connection gets encrypted all the way to the VPN providers server.
E.g. citizenvpn.com which is located outside EU/UK/USA so don't have to log anything (which they mention on their site). I use this and it is fast and always work. Basically you can't trust any VPN that is hq'ed inside the US or UK or EU. The US has f.ex secret courts (FEMA) that can secretly demand VPN providers to log information and ban them from disclosing that they are even doing it(!) Seriously. There was also a scandal some years ago with hma who are hq'ed in the UK and they turned over one of their users to the government, so much for the name then...
When are you going to do a piece on how to circumvent this fucking invasion into ordinary peoples PRIVATE lives..
An idiots guide, if you will.
Sure, we can use VPN (not as secure as some may think depending on whom you choose to provide the service) and TOR but what about the rest of the populace who will just want to be able to surf their porn sites without worrying some snooping nosey gubbermint bastard is watching everything they do!!!
"but what about the rest of the populace who will just want to be able to surf their porn sites without worrying some snooping nosey gubbermint bastard is watching everything they do"
They just need to download their porn now, and keep it on a hard drive stored in a brown paper bag in the cupboard under their stairs.
Or in the hedge, for added security.
Sorry, not going to happen, Royal Assent is always granted on 'the advice of ministers' who are assumed to have the backing of the elected House of Commons, so it would be a massive constitutional crisis if the sovereign were to override the wishes of the Commons.
IIRC, an outright refusal to grant assent hasn't occurred since Queen Anne.
Dear Sir,
also, the Sovereign could pull a Belgian move:
1) Abstain from signing the law by resigning from Queen-ship and move to the East End
2) let the prime minister take over for a day
2a) Sign anything into law to the Sovereign disagrees with
3) The day after all the signing is finished, the Sovereign says: "Actually, now that I lived for a day amongst the likes of Del Trotter, I'd like to still be Queen, please"
4) Everybody cheers, the Commons got what they wanted, the Sovereign is back, nobody is any the wiser, accept the British are now hampered by surveillance against the UN human rights...
Police state calling itself a Sovereign Democracy... What a bleedin' scam...
Regards,
Guus
Could happen and I doubt it would be such a constitutional crisis as feared. If Her Maj stood up and insisted we must not accept the 'Big Brother police state' parliament has decided upon I am sure there would be a hasty change of mind before her subjects arrived with pitchforks, burning torches and a few lengths of rope.
In a Regina versus Those Tossers in Parliament death match I know which side I would bet on.
Unfortunately Her Maj is not going to stand up for her subjects.
Sorry, not going to happen, Royal Assent is always granted on 'the advice of ministers' who are assumed to have the backing of the elected House of Commons, so it would be a massive constitutional crisis if the sovereign were to override the wishes of the Commons.
IIRC, an outright refusal to grant assent hasn't occurred since Queen Anne.
That's why it would have been more fun to have Prins Philip involved. With his sense of humour, he'd say no just to see what would happen. Stirring things up has been his favourite pastime for years :).
well that only a amendment right now and it does not have Gov backing so its likely it wont pass and if you want to help it not pass sign this https://www.openrightsgroup.org/campaigns/digital-economy-bill-hub/stop-uk-censorship-of-legal-content,
tho its unlikely the sites will be blocked anytime soon and if they did you are going to see a huge spike in VPN use in the UK (and its already happening over the IPbill)
It probably won't be an amendment (which would need scrutiny) but our old "friend" the "Statutory Instrument" much beloved of the Dark Lord Mandelscum himself.
Basically "We collect all the stuff listed in Appendix 2
Current App 2 "The IP address of the user"
Statutory instrument.
Change Appd 2 to include.
"Name of account holder." "Address of account holder"....."And anything else we decide to collect."
We have a similar law here in the Colonies, except it's known by the wildly misnamed PATRIOT* Act. No doubt former vice president Dick Cheney still masturbates himself into a frenzy each time he thinks about it. Although I don't recall that Queen Elizabeth -- a lovely woman -- was dragged into the matter.
Okay, British cousins: What happens if your queen tells Parliament** to go fuck itself on this or any other law?
* A tortured (possibly waterboarded) acronym meaning, "Providing Appropriate Tools Required to Intercept and Obstruct Terrorism." Yeah, sure.
** Also a cigarette brand made by Philip Morris.
I might be mistaken, but I suppose Her Majesty is not given a deadline on signing the bill. Which means she could delay until change of government or until someone tabled a proposal to change this law. Assuming I am right on this, it would be still frowned upon and might even trigger constitutional crisis.
The fixed term parliament act does contain a get out clause. An early election can be held in the event of a vote of no confidence in the government. Presumably that would be easy enough to do in this sort of extreme situation.
In answer to the broader question of what happens if the queen refuses to sign legislation. We stop pretending to be a monarchy I guess.
"We stop pretending to be a monarchy I guess."
It's always difficult to explain to Yanks how our laws can say one thing, very explicitly, in writing, and yet in reality the system is actually something else.
On paper laws only happen after the monarch signs off on them, and is merely advised by parliament.
In reality parliament have held the power since 1649, and any monarch that thinks differently is quietly reminded what happened to Charles I. Still, having a queen doesn't half bring in those tourist dollars :)
If the queen refuses to sign the act, what follows is a constitutional crisis the like of which we've not seen since at least 1909.
Which probably ends with completely removing the queen's role in signing legislation, among other changes that may or may not, but smart money says 'not', be for the better.
I'll be quite happy to see my Internet Service Provider keep a record, provided of course the instruction from the Secretary of State is in writing, and is from the Secretary of State, not from anyone else acting their behalf - and if the records are used for any purpose whatsoever other than "antiterrorism", the Sec State themselves can be hauled up in court and face personal sanctions. It'll be hilarious.
I suppose I should be thankful my parents are no long alive to see what has become of the country they fought and suffered for - still grieving many years later for all the family and friends they lost.
Today's puppeteers have become far, far, worse than what the elders tried to save us from.
So the snooper's charter is going to become law. Hopefully they will now define "ISP" and "Internet connection records".
I provide Internet services (web hosting, email hosting, DNS, etc.) but I don't provide Internet connectivity (ADSL, cable, etc.). Will I, and many others like me, have to store these ICR thingies?
It seems to be a bit like the EU Cookie Law: impossible to enforce and logically pointless. I suppose the politicians think there are votes in the idea, and/or they like the feeling of power over the population obtained by snooping on ordinary people.
The terr'ists and black market dealers won't have anything new to fear, of course. In fact the law is likely to make them more careful, and more difficult to find.
> Will I, and many others like me, have to store these ICR thingies?
And will there be any specific requirements on how we store them? For example, if I write the ICRs out to an aged SSD and never run integrity checks (as to do so could be construed as unauthorised access), is it likely to be too big a drama when those records aren't available (because the SSD didn't start making whining noises to warn me it was going to fail)
Would at least be novel, advising on how to increase the risk of data-loss...
Ok so you have my internet history what exactly are you going to do with it?
This question has not been answered and should have been a fundamental question when proposing this law rather than blanket surveillance that could be used for everything. Well to be honest it should never have got this far in the first place.
Here's a thought that I'm think no one else has pondered. (though I am probably wrong)
Who is responsible for the search engines? Let's say I search for information about IS and there are results that are pro-IS and anti-IS, who is responsible for the links I click as I could inadvertently click one that is pro-IS, end up on a watch list and have my house raided at 6am by giddy police looking for bombs, beards and overtime.
The internet is about to become a place where you have to watch your every move.
Yesterday the big story was that some android phones ring home to China with detailed user information. Yet posters above whinge at the very limited measures sought by the British government to protect the nation from its enemies.
Yes,enemies; this is a wicked world and some people out there really do want to humiliate and exterminate our nation, for profit or for fanatical reasons.
Or to put in another way: the minds of men are not blank slates imbued with natural goodness.
Some people have no sense of proportion.
We can choose not to have a mobile phone for things other than making calls or even, at a stretch, a game of Angry Birds. We can't easily choose to move away from these regulations.
Perhaps twenty years ago I would have moved back to Europe and stayed there but I am not able to do any longer as I am a full time carer for my disabled wife and no country that I would wish to live would want us to live there.
So, whilst I can choose not to use a smartphone I can't choose this law.
AC for obvious reasons.
Governments love terrorists. As long as they're not actively targeting the government they make the government's job of taking money from the population to give to their prospective employers much easier.
Oh, and I'm sure I'm not the only person who doesn't give a shit what the Chinese government knows about me because they're not in a position to send me off to be tortured in some hellhole.
Really..the government could not give a shit about terrorists...they have more to fear from losing elections, or the people eventually finding-out that they have been selling them down the road from year one. The scandal of the expensesgate, where people found out that they were paying for floating birdhouses on ponds, lawn drainage installation and flats for mistresses has now faded, and that information is now no longer available. Now it's payback time....peoples memories are short.
Once upon a time we had care.data.....well, we still have it, it's just gone underground for now. And all your identifiable hospital data has already been sold anyway....
This is not about protecting people, keeping your children secure (capita has your childrens data....secure? !!) or protecting you from bombs on the underground....
It's not just the government. Despite being really jolly cross about the IPB, peers just waved it through in the end too. Not because they had to - they could have made all sorts of trouble by using the processes of parliament to obstruct the bill indefinitely - but because it would be bad form.
After the last few months, you do have to wonder what the point of democracy is.
@ Primus Secundus Tertius
I believe you're wrong there. A Chinese slurp is better for several reasons:
1) If you exercise reasonable precautions (and don't use your Android phone for banking or business secrets) there's not a lot the Chinese can do to you. Unless you give them the means to get at your money or company secrets (and if you're doing that on an operating system written by a marketing company you really have nobody but yourself to blame) you're out of their jurisdiction and they are not interested in you. Plus, for the price of their slurping, they have to pay a translator to be bored shitless; which isn't justice, exactly, but is nonetheless somehow vaguely pleasing.
2) The data bill covers every machine; not just one already shonky OS.
3) It's done by our own side by people who have powers to make your life crap for no reason at all.
4) It *will* be abused
As with everything the UK government tries to do with computers, it will be an unmitigated disaster.
They have no idea of the sheer volume of data they'll be trying to harvest. The clueless overpaid software shysters will sell them all sorts of worthless "analysis" software to comb through the vast amounts of data they'll collect, and after they raid a few schools for children connecting to inappropriate websites, they'll quietly drop the nonsense after squandering squillions of quid of our money.....
it's much easier to focus your attention on those on VPN, than on browsing of the whole nation. So why exactly are you so keen on protecting your privacy, Mr Abhani of 32 Terror Close, that makes you so keen to pay for such services each month, eh?! Inquisitive minds want to know, and now they have VARIOUS vectors of approach to find out :/
Perhaps you're paying for a VPN service because you don't trust open wifi hotspots?
Or perhaps you're using a free service you get when you pay for Giganews usenet access. But VyprVPN do at least log when you're connected and what IP address you're assigned for time you're connected, mainly so they can pass on the blame to you in the case of DCMA stuff and I wouldn't doubt they log a lot more.
I still have a few scripts I knocked up ages ago for causing chaff to echelon.
They take a a file with a lost of words / phrases to search for.
Went through file, pinged the searches at a search engine & randomly went to one of the inks.
When end of file hit, start again
It repeated ad infinitum (or until parameter based limit reached)
Similar scripts running on lots of machines generates a lot of haystacks with no genuine needles.
Chaff variation:
Submarine ELF stations are always transmitting random data when not transmitting actual messages, so no assumptions can be made from transmission bursts.
In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.
When I've previously suggested doing this en-masse, someone suggested that this would only damage the ISPs rather than the government, and prices would then rise due to the need to store that extra data..... the market can only support a max price per subscriber. Once the ISPs' costs/subscriber rise above that max price/subscriber then ISPs are running at a loss; their CEOs will apply so much pressure to the Home Office that they will have to repeal at least the "retention of sites visited" part of this law, if not the whole thing.
Or they'll redefine "hacking" as also "visiting a website with no intention of viewing that website"... that'll be fun watching the CPS try to prove that, or proving that the GET came from Powershell rather than my Browser.
> In a similar way, I'll be running 24x7 a random IP address generator that will then, for a random number of minutes, do a random number of GETs to that IP address and any subpages that are returned..... both massively increasing and poisoning the haystack with random data, and obscuring my actual surfing.
If you do, be very careful.
I did some work a little while back examining the effectiveness of cover traffic on encrypted links.
You'll need to pay attention to the size of the response body and adjust the time between that and the next page accordingly (but not proportionally).
The time a human takes to switch between pages isn't consistent (we might load a huge page, read 1 sentence and click off because it looks crap, or lead a tiny page and take 5 minutes to read because we went and made a cuppa). But that's very different to random intervals as there is some correlation between the amount of text and the amount of time we spend reading.
You also need to make sure that the start and end times of your cover traffic aren't particularly consistent. Having a sleep at the beginning of the script helps a little, but if the traffic always starts within 60 seconds of quarter past the hour, it quickly becomes identifiable
> In a similar way, I'll be running 24x7 a random IP address generat
Don't do that. You don't want it running 24x7, you want it vaguely aligned to your sleep/wake cycle (as well as taking into account things like you going to work all day). Any traffic generated when there's a high probability it wasn't you gives an observer further means to analyse your countermeasures.
If they decide they're going to capture HTTP Host headers (which really, they'll want to), simply connecting to a given IP and requesting pages isn't going to do anything except make the traffic identifiable too.
There's a lot of other things to be considered too.
When observed over time (which is what an ICR will effectively be) the little differences in behaviour between a script and the average human become readily identifiable, and that's when the traffic is using an encrypted link. It's even harder with plaintext (which, to some extent, includes HTTPS because things like SNI are in the clear)
TL:DR running effective cover traffic is fucking hard, assuming your aim is to thwart anyone with any more than a passing interest.
Is not all hacking offensive, can some types of hacking be in-offensive?
Penetration testing of systems that you own is pretty inoffensive.
Did not the last Labour Government try to bring similar laws into force? If so, why did they now abstain in the vote for this?
I would guess two reasons.
1) Current Labour hierarchy regards New Labour as the anti-Christ.
2) A bill which says "The government should have access to everyone's records, but should promise not to abuse it" doesn't sound at all scary when you are the government, but very scary when you're the opposition.
I only have one question …… Is anyone/anything exempted from surveillance ….. for such a facility will always be abused and taken advantage of for private and personal enrichment at the expense of others?
And/But surely there is nothing to be really worried about, for bad laws are never followed/obeyed and are always ignored by the smarter being and/or more enlightened citizen. The madness that abounds would be in the thinking that any such laws would make a great deal of difference.
The current elitist establishment systems of administration have much more of a burgeoning problem with sensitive secrets being openly shared randomly and spontaneously with everyone and their dogs, rather than with secrets and dirty deeds done dirt cheap being squirrelled away out of sight and sound on servers.
First of course is the fact that if you believe the bull about elections the two parties involved .. .Labour and Conservative ... have been chosen by the majority of the idiots of this country to decide such matters for them. These people make choices based on interesting factors (he has a nice smile, his suit doesnt fit properly) and deliberate lies (we have lower taxes than they do...). Personally I think restricting the voting to people with an iq greater than 1 and enough interest to see what their 'representatives' actually do would create a far smaller number of votes and a better caliber of ruler.
Second given the mealy mouthed way our politicians and civil servants act and the downright dishonesty of the police (we didnt beat the newspaper sales man to death, we dont jump and down on peoples cars when we stop them and we certainly dont cause mass deaths in football stadiums...) I wonder at the idea that the isp keeps it for 12 months in case it is wanted for investigation. Does that mean that everyone is placed under investigation every 11 months and all data requested from the isps and then stored by gchq or the police national computer service for ever and ever (like dna samples).
This post has been deleted by its author
This post has been deleted by its author