Snoopers Charter
Discussion
V8 Fettler said:
Obey the law and there's nothing to worry about. Even local caaancils might have access to the data under RIPA, fantastic.
This is the usual worry though, Bill brought in for good reason (bad bad terrorists of course) however imho every man and his dog will abuse their access privileges and for reasons un-thought about when the Bill was written.TX.
Terminator X said:
V8 Fettler said:
Obey the law and there's nothing to worry about. Even local caaancils might have access to the data under RIPA, fantastic.
This is the usual worry though, Bill brought in for good reason (bad bad terrorists of course) however imho every man and his dog will abuse their access privileges and for reasons un-thought about when the Bill was written.TX.
http://www.dailymail.co.uk/news/article-3986762/Po...
Snoopers Charter being discussed on Radio 4 now. Possibly a PR Puff piece.
I'm using a free VPN server on Cyber Ghost just get a feel for what it would be like running one full time. Just running through a Netherlands (free) server right now and a speed test is giving me a 18 ms ping (usually 10 ms) and 58 Mb down (usually 70 Mb) and 4.7 Mb up (usually 5). I could happily live with that and have even been playing some Armored Warfare over it which relies on a decent ping and suffered no issues.
Yesterday I was using one of their free Romanian VPNs which weren't as good speed and ping wise, but that's probably more to do with the extra distance involved.
Worth looking at for you chaps that like to keep your internet tinkering under wraps.
Yesterday I was using one of their free Romanian VPNs which weren't as good speed and ping wise, but that's probably more to do with the extra distance involved.
Worth looking at for you chaps that like to keep your internet tinkering under wraps.
All that jazz said:
I'm using a free VPN server on Cyber Ghost just get a feel for what it would be like running one full time. Just running through a Netherlands (free) server right now and a speed test is giving me a 18 ms ping (usually 10 ms) and 58 Mb down (usually 70 Mb) and 4.7 Mb up (usually 5). I could happily live with that and have even been playing some Armored Warfare over it which relies on a decent ping and suffered no issues.
Yesterday I was using one of their free Romanian VPNs which weren't as good speed and ping wise, but that's probably more to do with the extra distance involved.
Worth looking at for you chaps that like to keep your internet tinkering under wraps.
That's what I run- no noticeable difference to browsing etc. Would recommend.Yesterday I was using one of their free Romanian VPNs which weren't as good speed and ping wise, but that's probably more to do with the extra distance involved.
Worth looking at for you chaps that like to keep your internet tinkering under wraps.
didelydoo said:
That's what I run- no noticeable difference to browsing etc. Would recommend.
Have noticed the client chews quite a sizeable amount of CPU though. My ageing laptop peaks at 100% with a few Chrome tabs open and trying to play a HD YT vid. Not a major issue but worth noting for those of you on lower spec machines.didelydoo said:
Surely using a VPN with foreign servers bypasses this as the Gov can't do anything about?
Don't forget that they can jail you for not decrypting your PC: http://www.bbc.co.uk/news/uk-england-11479831 so they can still request full access to your PC and any logged browsing history at any time. If you are serious about not sharing your history then you need to use an OS that boots from a CD so you can't even inadvertently log where you have been at the local end.
Due to the nature of the five eyes program and that we leverage the hard work of the NSA it would be reasonable to expect a competent intelligence authority like the NSA to be able to compromise any VPN server without your knowledge. Equally if they wanted to they could compromise VPNs in a similar fashion to how TOR has been compromised in the past by monitoring exit traffic and individual browser identification. https://panopticlick.eff.org/tracker
tankplanker said:
on't forget that they can jail you for not decrypting your PC: http://www.bbc.co.uk/news/uk-england-11479831 so they can still request full access to your PC and any logged browsing history at any time.
If you are serious about not sharing your history then you need to use an OS that boots from a CD so you can't even inadvertently log where you have been at the local end.
Due to the nature of the five eyes program and that we leverage the hard work of the NSA it would be reasonable to expect a competent intelligence authority like the NSA to be able to compromise any VPN server without your knowledge. Equally if they wanted to they could compromise VPNs in a similar fashion to how TOR has been compromised in the past by monitoring exit traffic and individual browser identification. https://panopticlick.eff.org/tracker
I'm not doing anything that'll get me put to Jail, so should be safe enough!If you are serious about not sharing your history then you need to use an OS that boots from a CD so you can't even inadvertently log where you have been at the local end.
Due to the nature of the five eyes program and that we leverage the hard work of the NSA it would be reasonable to expect a competent intelligence authority like the NSA to be able to compromise any VPN server without your knowledge. Equally if they wanted to they could compromise VPNs in a similar fashion to how TOR has been compromised in the past by monitoring exit traffic and individual browser identification. https://panopticlick.eff.org/tracker
tankplanker said:
on't forget that they can jail you for not decrypting your PC: http://www.bbc.co.uk/news/uk-england-11479831 so they can still request full access to your PC and any logged browsing history at any time.
If you are serious about not sharing your history then you need to use an OS that boots from a CD so you can't even inadvertently log where you have been at the local end.
Due to the nature of the five eyes program and that we leverage the hard work of the NSA it would be reasonable to expect a competent intelligence authority like the NSA to be able to compromise any VPN server without your knowledge. Equally if they wanted to they could compromise VPNs in a similar fashion to how TOR has been compromised in the past by monitoring exit traffic and individual browser identification. https://panopticlick.eff.org/tracker
True, but if you were doing proper dodgy sIf you are serious about not sharing your history then you need to use an OS that boots from a CD so you can't even inadvertently log where you have been at the local end.
Due to the nature of the five eyes program and that we leverage the hard work of the NSA it would be reasonable to expect a competent intelligence authority like the NSA to be able to compromise any VPN server without your knowledge. Equally if they wanted to they could compromise VPNs in a similar fashion to how TOR has been compromised in the past by monitoring exit traffic and individual browser identification. https://panopticlick.eff.org/tracker
t then you'd be connected to the internet using an unregistered sim rather than a fixed VirginMedia cable line to your house in your name and you wouldn't be doing it sat in your house or anywhere near it either.I don't know if TrueCrypt is still a thing these days but back in the day you could create an encrypted container within a container, give the authorities the password to the outer one without your dodgy s
t on and then use plausible deniability about there being any other containers because there was no evidence of its existence.All that jazz said:
True, but if you were doing proper dodgy st then you'd be connected to the internet using an unregistered sim rather than a fixed VirginMedia cable line to your house in your name and you wouldn't be doing it sat in your house or anywhere near it either.
I don't know if TrueCrypt is still a thing these days but back in the day you could create an encrypted container within a container, give the authorities the password to the outer one without your dodgy st on and then use plausible deniability about there being any other containers because there was no evidence of its existence.
I believe truecrypt was eventually compromised. t then you'd be connected to the internet using an unregistered sim rather than a fixed VirginMedia cable line to your house in your name and you wouldn't be doing it sat in your house or anywhere near it either.I don't know if TrueCrypt is still a thing these days but back in the day you could create an encrypted container within a container, give the authorities the password to the outer one without your dodgy s
t on and then use plausible deniability about there being any other containers because there was no evidence of its existence.You shouldn't be storing anything, even temporary data if you want to remain invisible. Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are. Google, Yahoo, even Reddit now (as they recently removed their privacy canary from their terms of service) regularly handover what you've been up to on their websites/services.
A PAYG SIM bought for cash is a good idea if you rotate them often enough, but I'd be concerned about snooping via stingray in that situation. Wardriving with a VPN would be my preferred approach.
The Beaver King said:
I've just been reading back through the Parlimentary debates on the Charter and they make for some interesting reading.
I found Alistair Carmichael's comment quite funny:
Reading back of Teresa May's comments from the time; when asked about protecting that data from third-parties, she seem fixated on the fact that the bill is protect by the fact that they've made it illegal to access this data without authorisation. As if that is going to stop anyone!
No doubt there is some sweaty 16 year old sitting his bedroom somewhere in America scared off by the prospect of UK legal action
The stupid thing is that the Government don't seem to realise that making it illegal to hack the database is punishment for successfully committing the act, not a form of security that stops it happening. If Sony/Microsoft?IBM/The US Government/Apple etc are all vunerable to hacking, what the hell makes the UK so special, especially when the prize is so great?!
These databases will be like a digital library for everybody's online habits; data that will be worth a fortune to the right people. Hackers will see this like a challenge, the holy grail of data theft with a massive payoff.
Frightening times....
Thanks for doing the leg work. Good to see there is someone representing us that understands the implications.I found Alistair Carmichael's comment quite funny:
Alistair Carmichael 7th June said:
Andy Burnham reminded us that it was 15 years ago today that he and I were elected to this House. I have seen a lot happen in that time, and I like to think that I have learned a thing or two, one of which is that when Government Ministers and Government Back Benchers shower the Opposition Front Bench with praise, it is time to head for the hills because we are going to do something that is seriously bad and dangerous.
The first time that the right hon. Gentleman and I saw that in this House was in the run-up to the Iraq war in 2003 when the Conservatives, then in opposition, said that they would take the Government position on trust. Later on, they said, “Of course, if we had known what we know now, we would not have supported them at the time.” They could not have known then what they knew later, because they never asked the questions. It is not the job of the Opposition to take the Government’s views on trust, but that is what they are doing. I do not question their principle, but I am afraid I cannot share their judgment.
Plenty of jovial backslapping when this was discussed, but a few MPs have spoken loudly about the dangers involved.The first time that the right hon. Gentleman and I saw that in this House was in the run-up to the Iraq war in 2003 when the Conservatives, then in opposition, said that they would take the Government position on trust. Later on, they said, “Of course, if we had known what we know now, we would not have supported them at the time.” They could not have known then what they knew later, because they never asked the questions. It is not the job of the Opposition to take the Government’s views on trust, but that is what they are doing. I do not question their principle, but I am afraid I cannot share their judgment.
Reading back of Teresa May's comments from the time; when asked about protecting that data from third-parties, she seem fixated on the fact that the bill is protect by the fact that they've made it illegal to access this data without authorisation. As if that is going to stop anyone!
No doubt there is some sweaty 16 year old sitting his bedroom somewhere in America scared off by the prospect of UK legal action
The stupid thing is that the Government don't seem to realise that making it illegal to hack the database is punishment for successfully committing the act, not a form of security that stops it happening. If Sony/Microsoft?IBM/The US Government/Apple etc are all vunerable to hacking, what the hell makes the UK so special, especially when the prize is so great?!
These databases will be like a digital library for everybody's online habits; data that will be worth a fortune to the right people. Hackers will see this like a challenge, the holy grail of data theft with a massive payoff.
Frightening times....
I can only hope the eventual court case increases public interest but don't hold out too much hope.
tankplanker said:
believe truecrypt was eventually compromised.
You shouldn't be storing anything, even temporary data if you want to remain invisible. Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are. Google, Yahoo, even Reddit now (as they recently removed their privacy canary from their terms of service) regularly handover what you've been up to on their websites/services.
A PAYG SIM bought for cash is a good idea if you rotate them often enough, but I'd be concerned about snooping via stingray in that situation. Wardriving with a VPN would be my preferred approach.
Hardly anything you can pick up on wi-fi these days is without a password, wardriving has about died a death.You shouldn't be storing anything, even temporary data if you want to remain invisible. Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are. Google, Yahoo, even Reddit now (as they recently removed their privacy canary from their terms of service) regularly handover what you've been up to on their websites/services.
A PAYG SIM bought for cash is a good idea if you rotate them often enough, but I'd be concerned about snooping via stingray in that situation. Wardriving with a VPN would be my preferred approach.
768 said:
All that jazz said:
tankplanker said:
Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are.
How?techguyone said:
Hardly anything you can pick up on wi-fi these days is without a password, wardriving has about died a death.
Plenty of large offices, shops and coffee shops still do open wifi. I am always surprised by the number of large offices that I visit that have an open guest wifi with just a terms and conditions page. A small number of offices issue a temp account per guest, but this is a minority. Tonsko said:
Look if you're really serious you need to install Qubes as a base OS, and run Whonix on that. For our purposes, for this thread, a VPN should be sufficient, at least until VPNs are made illegal.
Really like Qubes, its the build of choice on my personal laptop. I'd strongly recommend getting a non tracking browser as well as getting a VPN: https://panopticlick.eff.org/about
techguyone said:
tankplanker said:
believe truecrypt was eventually compromised.
You shouldn't be storing anything, even temporary data if you want to remain invisible. Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are. Google, Yahoo, even Reddit now (as they recently removed their privacy canary from their terms of service) regularly handover what you've been up to on their websites/services.
A PAYG SIM bought for cash is a good idea if you rotate them often enough, but I'd be concerned about snooping via stingray in that situation. Wardriving with a VPN would be my preferred approach.
Hardly anything you can pick up on wi-fi these days is without a password, wardriving has about died a death.You shouldn't be storing anything, even temporary data if you want to remain invisible. Browsers are the worst as most will uniquely identify you making a VPN or HTTPS pointless as the end point website knows exactly who you are. Google, Yahoo, even Reddit now (as they recently removed their privacy canary from their terms of service) regularly handover what you've been up to on their websites/services.
A PAYG SIM bought for cash is a good idea if you rotate them often enough, but I'd be concerned about snooping via stingray in that situation. Wardriving with a VPN would be my preferred approach.
With AWS AZURE et al and their epic cuda monsters, a cracked password is less than an hr away. Each.
Grab handshakes and crack em on the go.
And leave behind a battery powered esp8266 de-auth bomb for fun
Any news on how they are going to exclude MPs from this (and presumably an unpublished list of other important figures)?
Technically it seems like an absolute mine-field for the ISPs tasked with storing this stuff. The average person probably accesses the internet through many, many means in a given week (so no different for an MP), all through different ISPs.
Technically it seems like an absolute mine-field for the ISPs tasked with storing this stuff. The average person probably accesses the internet through many, many means in a given week (so no different for an MP), all through different ISPs.
Pwig said:
Question on VPN's.
What's the best way to pay?
Is it worth paying in bitcoin?
Or just using paypal/card etc?
If you genuinely have stuff to hide then bitcoin all day long (use localbitcoins.com - you can find a vendor near to you and buy it in cash so no trace, although the rate will be a bit worse than others but that's the price you pay). If you're just using the VPN to protect your personal sWhat's the best way to pay?
Is it worth paying in bitcoin?
Or just using paypal/card etc?
t when a hacker inevitably hacks the storage database and sells the data to the highest bidder then paying by card or Paypal would be fine.Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff