[Closed] Web Surveillance - put it down son, put it down...

[img] [/img]

[img] [/img]

Don't see the problem. If you're not doing anything you shouldn't, why worry? If it'll help catch the bad guys, paedophiles and terrorists (and would be's) then it doesn't worry me whatsoever.

It is intrusive and unnecessary.

loddrik - Member
Don't see the problem. If you're not doing anything you shouldn't, why worry? If it'll help catch the bad guys, paedophiles and terrorists (and would be's) then it doesn't worry me whatsoever.

yup you're right but what about if in the future the government isn't the nice 'democratic' one we have today? what if they want to snoop on you for other reasons other than illegal activity, things which you might consider fine? and you've already given away all your internet privacy back in 2015/16. What then?

Don't see the problem. If you're not doing anything you shouldn't, why worry?

I'd have nothing to worry about legally if they installed a camera in my bathroom but I'd still object to them doing so.

[i] If you're not doing anything you shouldn't, why worry?[/i]

Because the people who are doing the watching are not all saints. Some of them turn out to be baddies too.

Sometimes the baddies are clever enough to get the information from the good guys.

Sometimes...

... oh can't be bothered.

Ask why there has to be a police complaints process?

The police will not bother you unless you are doing something wrong and when they do deal with you it will always be perfectly legal, totally scrupulous and regardless of your ethnicity, religion or social attitudes...

Can anyone think of any examples where the police 'may' have misbehaved and abused or misused their powers?

I think this largely sums it up for me.

[img] [/img]

It's not what they might do with this type of information now, it's who they might hand/sell/lose it to in the future and what may also be collected using this law in the future and what might be done with it once they have it.

There's no need for the state to have access to this information about every citizen via an API into each ISP with no judicial involvement, not independent oversight.

It's a government IT project, I don't think i'll be getting worried quite yet

Don't see the problem. If you're not doing anything you shouldn't, why worry? If it'll help catch the bad guys, paedophiles and terrorists (and would be's) then it doesn't worry me whatsoever.

IMO That is just a rubbish argument, do you have curtains in your house or do you let everyone see what you are doing?

It's a government IT project, I don't think i'll be getting worried quite yet

Not really, it's forces your ISP to keep the records. Those ISPs with unblemished data security records will now be sitting on one of the greatest collections of personal data ever assembled.

Best bit on the radio this morning was the government spokesman flying off on a huge tangent about IS coordinating attacks via What's App. Which this wouldn't help with in the slightest. Even as an example it's pretty flawed.

I'm pretty unclear on the Wilson doctrine now too - I'm assuming it's to prevent governments of the day gathering intel on opposition MPs, but I'm uncomfortable that the House gets special treatment outside the House itself.

Those ISPs with unblemished data security records will now be sitting on one of the greatest collections of personal data ever assembled.

Well, apart from Facebook Public posts 😀

I can't think of an ISP I trust to be secure enough to hold this. There will be a leak sooner or later.

It is completely stupid legislation, any criminal with any basic IT will use Tor or a VPN to another country and route out from there (and be completely untraceable), so really this legislation is about watching everyone else (ie not terrorists and not organised crime).

I seem to rem,ember people getting pretty irate when a few newspapers did secret surveillance and they only ever publish what is 'in the public interest'.

Does this mean that people trust politicians* more than journalists?

*Or more accurately, secret people who may work for governments and the same secret people remain even when the government changes.

I think it's a great idea. Only last week, I was watching this ace video where 4 dwarfs tied a bald woman to a Mies van der Rohe day bed and then a fat man 'tarmacked' her chest while she laughed like a hysterical hyena. While this was going on, a chimp dressed as a Policeman fapped one off whilst chained to a fiberglass Venus de Milo.

I was interrupted by Mrs G halfway through and had to delete my browser history and I can't for the life of me find it again.

It would be great if someone somewhere had a record of it, dying to know what happened!

Don't see the problem. If you're not doing anything you shouldn't, why worry? If it'll help catch the bad guys, paedophiles and terrorists (and would be's) then it doesn't worry me whatsoever.

This has been done to death, but the problem with this argument is 'they' define the 'shouldn't' bit. Which is why it is a problem.

That said, I think the ship has sailed, there's a whole generation now who have no idea the value of the personal data they are literally giving away, every single day, for free 🙂
So it's about the right time for the authorities to start asking for a piece of the action.

I pay for the internet connection to my house. But anybody visting my house can access the internet through my connection.

The ISP can only keep records of what is accessed through that connection, not who is accessing it.

To be used as evidence in a criminal case the prosecution would have to link website accessed to the individual. I can't see how they could do that easily.

Or can some of you IT people enlighten me?

It would be great if someone somewhere had a record of it, dying to know what happened!

Was that not a summary of one of the Monday Night Pub Rides?

IMO That is just a rubbish argument, do you have curtains in your house or do you let everyone see what you are doing?

Its not even that. As a risk of being risque, do you really know the age of that <enter gender here> "actor" you are watching one handed?

I'm serious, as much as you try to be above board and legal, you could easily be caught out, as many of us have by accidentally receiving NSFW images on our work laptops when googling something proper.

Now imagine the Internet police found a pedo who'd visited the same site, then widened the search to see who else has done the same...

I use a VPN to watch UK TV as I live abroad.

I've got to say that I also now leave it always switched on, and when/if I moved back to the UK I'd keep the £6 a month subscription...

Funnily enough without this new law I probably wouldn't do that!

To be used as evidence in a criminal case the prosecution would have to link website accessed to the individual. I can't see how they could do that easily.

That's what you think, but when you're in the dock at the Old Bailey and they're showing the jury a list of all the terrorist sites you've supposedly accessed you might not feel so secure......

E.g. DNA evidence (in particular statistics) has been abused in loads of serious cases and people who had a 1 in 15 chance (or higher) of a random match have been convicted with the Jury told there was less than 1 in 60 million chance they were innocent just because they didn't understand conditional probability.

I use a VPN to watch UK TV as I live abroad.

I use Tor to access Torrent sites as all the UK ISPs have to block them by law. I could teach a 5 year old how to avoid this new legislation in about 30 seconds, it's so easy to circumvent....

For any 5 year olds on here, have a look at https://www.torproject.org/

I think I might sink a few quid into shares in VPN companies. Any publicly for sale?

Can someone explain how a VPN helps??
Surely you are accessing the VPN through your ISP so they'll be seeing that data too?
Or is it all encrypted?
But doesn't the snoopers charter mention something about the government being able to access encrypted data?

[i]That's what you think, but when you're in the dock at the Old Bailey and they're showing the jury a list of all the terrorist sites you've supposedly accessed you might not feel so secure......[/i]

You're quite right, I wouldn't feel very secure. But that doesn't mean the prosecution would have a leg to stand on nor does it mean this government have actually thought this legislation through.

Or alternatively

[i]I use Tor to access Torrent sites as all the UK ISPs have to block them by law.[/i]

"So Mr FootFlaps, we have all this other circumstantial evidence that you are plotting a terrorist atrocity. Funnily enough, we can’t access your web history because you are using Tor. Add that to all the other “evidence” we have and it begins to look pretty damming."

I use Tor to access Torrent sites

Same out here, also a use for a VPN.

I could teach a 5 year old how to avoid this new legislation in about 30 seconds

This is why it's so stupid and clearly aimed at trawling for information in order to target/profile people.

And the 12 month limit? Give me a break. If the info is freely available then GCHQ are keeping it for ever even if the ISPs aren't.

A VPN is normally an encrypted link through an insecure public network to a known secure 3rd party where you either access local data or get routed back out into the internet. Used to avoid government surveillance eg if you're a western business person in China, the Chinese Government will be reading all your email / documents so its pretty standard to VPN back to the home HQ office etc.

I use them everyday to access ISP's core networks (our customers) so I can see what's going in. The encryption is needed so someone sniffing my traffic can't see how to access and potentially shut down (or steal data from) our customers....

somewhatslightlydazed opined: "So Mr FootFlaps, we have all this other circumstantial evidence that you are plotting a terrorist atrocity.

yeah, more like, "No you can't see the evidence and neither can your Lawyer, and we'll lock you up regardless..."

[img] [/img]

So Mr FootFlaps, we have all this other circumstantial evidence that you are plotting a terrorist atrocity

I'd wager 99.9% or Tor traffic is piracy related and the other 0.1% is organised crime.

There will be probably also be about 0.000001% terrorist and 0.00001% 'oppressed' people accessing banned websites like bbc.co.uk from China or N. Korea etc

Anyone who believes that Tor or VPN Traffic can't be surveilled (is that a word) is deluded.

The thing with this new legislation is that if you visit any known masking type sites you'll immediately be on the list of suspicious individuals

Anyone who believes that Tor or VPN Traffic can't be surveilled (is that a word) is deluded.

Tor has known weaknesses, but it takes a lot of resource to crack it and they have to compromise the exit node which is hard to do (as there are 1000s).

VPNs are bullet proof if you use strong enough encryption, however if your end node is compromised they can just see what goes in/out of the tunnel.

The best compromise of Tor was a Trojan Horse attack, a Russian hacker operated an exit node and put a trojan horse wrapper around any exe file downloaded via that Node, which then installed on the victim's PC. Didn't crack the encryption but was a clever way of attacking the users anonymously.

I'm sure there are millions like me who just don't care. Doesn't bother me a jot that people can see what I look at or who I message. I suspect anyone who looked into me would see how boring I am and quickly fall asleep. Furthermore, I don't plan on doing anything that would initiate 'the man' looking into my life. Let them look, I couldn't care less tbh.

We live in one of the most stable democracies in the world and its been that way for a long time, the chances of the UK becoming North Korea are remote in the extreme. A people who say this is the first step down that road are talking utter bollox.

We live in one of the most stable democracies in the world and its been that way for a long time

Which makes the case for draconian mass surveillance very weak!

[i]VPNs are bullet proof if you use strong enough encryption, however if your end node is compromised they can just see what goes in/out of the tunnel. [/i]

e.g.

[i]AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.[/i]

[url= https://theintercept.com/2015/02/19/great-sim-heist/ ]https://theintercept.com/2015/02/19/great-sim-heist/[/url]

[i]07 Jan 2015
VPNs are not as safe as first thought

The US National Security Agency (NSA) attacks on virtual private networks (VPNs) and the encryption protocols used by chat services such as Skype do not spell the end of online privacy, according to security experts.

News that the NSA's specialist Office of Target Pursuit maintains a team of engineers dedicated to cracking the encrypted traffic of VPNs broke in German newspaper Der Spiegel at the end of December.

The report showed a slide from a 2010 NSA presentation proving that the agency has developed exploits for many of the most commonly used VPN encryption techniques.

These include Secure Shell, Internet Protocol Security (IPSec), and Secure Socket Layer.[/i]

[url= http://www.v3.co.uk/v3-uk/analysis/2388913/nsa-efforts-to-crack-vpn-encryption-not-the-end-of-the-world ]http://www.v3.co.uk/v3-uk/analysis/2388913/nsa-efforts-to-crack-vpn-encryption-not-the-end-of-the-world[/url]

I'll stop channeling JHJ now but those are the first couple of articles on this subject I cam across that seemed to be at the less, errm, paranoid end of the spectrum.

The thing with this new legislation is that if you visit any known masking type sites you'll immediately be on the list of suspicious individuals

The way to counter that is for everyone to start using VPNs. You, me, my daughter watching Peppa Pig on Netflix, everyone. All the time.

Peppa Pig

Hey! Keep it clean...

I suspect anyone who looked into me would see how boring I am and quickly fall asleep.

I have a pen and paper handy, fire away....

although the obvious thing about all of this, is that it pretty much confirms that Snowdon was right on the money when he suggested that mass surveillance was not only possible, but happening...

VPNs are not as safe as first thought

The example you quote though wasn't a failure of the VPN, they exploited other weaknesses and stole keys, which is different. If you implement a VPN and choose a proper long random key for each session, you aren't exposed to this sort of attack.

If VPNs were easily breakable then pretty much all banking traffic and online purchases would be up for grabs and given organised crime has a lot of money and skilled resources dedicated to trying to crack SSL etc, the fact it still seems to work seems pretty good evidence they can't crack strong encryption.

As for Skype, since MS bought it they changed the protocol to route all traffic via MS HQ so they could eavesdrop it - so no one should assume that is secure.

Most of the NSA exploits try and get round having to use brute force horse power to crack encryption. If you correctly implement a VPN and esp if you use two layer encryption with one time use throw away keys, eg perfect forward secrecy, it is impossible with current computing power to crack it.

have a read of this footflaps;

[url= http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ ]http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/[/url]

I'm not an expert but I've read enough recently to believe that there's little encryption that can be used that isn't vulnerable, either due to poor key choice, back doors or hardware compromises at either end of the conversation.

It doesn't bother me *that much* but I'm dead against bulk data collection in the name of security.

Yep, read that when it came out. Again they exploited an implementation weakness that meant they could simplify bulk force cracking enough that the code space was small enough to fully explore using massive resources. A strong random key VPN is still uncrackable (or no known crack is in the public domain).

VPNs are fine for reasonable (even good) security, in the same way you lock your door as you leave the house. You wouldn't board it up too just in case someone happens by with a set of lockpicks.

If you are sufficiently of interest to have your VPN compromised, I suspect 'they' will already be listening in a number of other ways or have attempted to compromise your PC/phone, it's way easier (unless you're using a commercial already exploited client with a known weakness).

You could go to something like Whonix, but to me that raises a big 'watch me closely' flag too, if you start after registering on a watch list.

It pains me to know that I'm going to see my service out under this Tory government. This piece of legislation is another of the many reasons I dislike them and May in particular.

moose - Member
I dislike them and May in particular.

Greg, Brian or James?

Touche. 😆

Edward Snowden on twitter is quite good this afternoon.

http://singletrackmag.com/forum/topic/which-websites-have-you-visited

Sorry Kryton...

Loddrik - your argument is utter rubbish, if you honestly think (as you really do comes across) that we live in a 1950's utopia where the state are looking after our best interests and only the baddies have something to hide you're seriously wrong.

It'd only worry me if I thought that the government or their agencies had the grounds on which to request to view the data (via Court Order).

People seem to have lost the plot a bit - it's not mass real time surveillance, it's the logging of (mostly) metadata that can be requested to be viewed if there's justification.

And yes I'm aware of the GCHQ SIM card / mobile hack(s) but personally have no reason to think they'd have any interest in me..

Good suggestion in the Grauniad

Can I protest-browse to show I’m unhappy with the new law?
One way to prevent an accurate profile of your browsing history from being built could be to visit random sites. Visiting nine random domains for every website you actually want to visit would increase the amount of data that your ISP has to store tenfold. But not everybody has the patience for that.

I suspect someone will create a browser plug in which randomly browses 1000s of sites 24/7 in the background for you. If not, I might write one...

It's a sad day in the MoreCash household when I'm agreeing with Loddrik.

Google and my ISP already know all the weird stuff I look at on the net. Passing it to the the Police and MI5 really doesn't bother me.

Google and my ISP already know all the weird stuff I look at on the net. Passing it to the the Police and MI5 really doesn't bother me.

So if they want to build a toxic waste site on your favourite trail, and you wanted to protest about it, you'd be happy to be on a list of "eco terrorists"?

have they moved on from outlawing proper encryption and only allowing encryption that can be cracked - thus destroying in one fell swoop the entire online shopping and banking industries. or are they still toying with it?

Good suggestion in the Grauniad

"Can I protest-browse to show I’m unhappy with the new law?
One way to prevent an accurate profile of your browsing history from being built could be to visit random sites. Visiting nine random domains for every website you actually want to visit would increase the amount of data that your ISP has to store tenfold. But not everybody has the patience for that."

I suspect someone will create a browser plug in which randomly browses 1000s of sites 24/7 in the background for you. If not, I might write one...

I really don't think politicos have got the hang of 21st C yet

I suspect someone will create a browser plug in which randomly browses 1000s of sites 24/7 in the background for you. If not, I might write one...

Almost there:
https://addons.mozilla.org/en-GB/firefox/addon/trackmenot/
https://addons.mozilla.org/en-US/firefox/addon/white-noise-generator/

[img] [/img]

Somewhere a Tory STWer is probably ruining their keyboard with that image 😉

[img] [/img]

Credit to [url=

Police.

If you think the security services can be trusted not to abuse their powers then you haven't been paying attention recently.

In 2015 the ONS estimated that 39.3m adults in GB accessed the internet either every day or nearly every day. Add in the number of phone calls, texts, etc

Just who is going to read it all?

Your data will be stored, your data will be analysed by computer, but nobody will bother to read it and do anything with it unless you're targetted

To use the curtains analogy ^^, robotic cameras will gaze in, but nobody will have the time to look. It's a pile of video gathered for no good reason that nobody will ever see. It's not a pleasant thought but I can't change that it happens

All that the publicity around these powers achieves is to tell baddies to communicate using other means

All that the publicity around these powers achieves is to tell baddies to communicate using other means

So basically taking that argument to it's logical conclusion

1)...things like this should be done in secret without telling anybody

2)...and the retention of data is pointless as everyone who they are trying to track has taken steps to avoid being tracked.

Not necessarily. If the very serious are aware they will avoid being tracked. The less aware will still get caught through data

If anyone thinks they can't trace you on Tor you're very misguided and a single VPN hop is only as anonymous as the VPN provider makes it - if you trust them you're also misguided.

Your data will be stored, your data will be analysed by computer, but nobody will bother to read it and do anything with it unless you're targetted

Except when an automatic algorithm decides you're a terrorist threat. A while back I bought a book on how to make explosives from eBay. So I'm on a list somewhere. Then I hang around this forum which is supposedly abut bikes, but that seems to be a side interest - congratulations, you're all on the list too.

Ever visited the CND*, Liberty or Amnesty websites? You could be a dangerous anti-government subversive - and so could all your online contacts.

The problem here isn't humans individually trawling through your web history - there's nowhere near enough people for that - it's some badly-written algorithm going through and data mining anyone it thinks should be investigated.

*Glasgow City Council recently held a training course about preventing terrorist threats - anti-nuclear campaigners were one of the threats on the list.

Your data will be stored, your data will be analysed by computer, but nobody will bother to read it and do anything with it unless you're targetted

Snowden: NSA employees routinely pass around intercepted nude photos
"These are seen as the fringe benefits of surveillance positions," Snowden says.

http://arstechnica.com/tech-policy/2014/07/snowden-nsa-employees-routinely-pass-around-intercepted-nude-photos/
http://www.theguardian.com/world/video/2014/jul/17/edward-snowden-video-interview

What's particularly bizarre is the way the government says that this is a response to Snowden. Snowden revealed that security services were intercepting all this stuff and watching us all, and instead of telling the security services to stop it, the government decides to make what they're doing legal.

It's like the philosophy that we should always give the police the powers they ask for. Isn't that a good definition of a police state?

Considering I can buy a sim with no I'd, charge it with cash and browse from any number of anonymous hot spots it's one of the easiest things to get around

That sort of the question I failed to ask properly on the first page. If you're seriously into nefarious activities it would be seem to be fairly easy to remove the link between an online activity and an individual.

So they only people they might catch are the folk Bencooper mentions above. People who aren't really doing anything wrong. Unless the government decides you are.

[i]If you think the security services can be trusted not to abuse their powers[/i]

My browser history has The Greens, CND, Wikileaks, Medialens, Socialist Workers, links to Hamas, and other Palestinian groups, Stephen Lawrence support groups, and anti Fascist groups I've given money to several of them, and been on countless parades and marches. A awful lot of those groups have been infiltrated by the State, and I'm in no doubt my photo exists on any number of databases. This is another way the State can and will monitor a citizen (me) who's done nothing illegal ever.

cheers, Theresa.

"If you've done nothing wrong , you've nothing to hide"

- Joseph Goebbels ..

Snowden: NSA employees routinely pass around intercepted nude photos
"These are seen as the fringe benefits of surveillance positions," Snowden says.

And back in the day people working in photo labs also used to do this. Its less about surveillance and more about easy access to dirty photos.

But the photo labs would also report paedophiles to the police. They were intercepting private information.Were they wrong to do that?

Been thinking about this.

It's worrying that ISP's are being asked to not only collect but store the information.

It's not all going into some well protected db at GCHQ, it's on the servers of, say, Talk Talk.

So, regardless of what the government do with the info we also have to worry about the whole lot being downloaded by a 12 year old from Milton Keynes and posted on the web.

I don't know what exactly will be stored but one assumes it will be personally identifiable data and whilst it may at the moment have little real value that's not to say it won't in the future - either to allow people to be blackmailed or to gain a list of sites they visit which can be tied to a stolen list of passwords from elsewhere.

Or even used for marketing purposes - say McDonalds want to find everyone who visited the Burger King website in the last year and target them with adverts. It makes the fuss about storing cookies seem insignificant.

More thoughts on this: I've heard a couple of examples given by those in favour of these measures. One was that if child abductors were discussing things by phone the police could tap their phones but not if they're doing it online. the second example was used to counter the idea that smart criminals would find other ways to communicate - the suggestion was that police still collect fingerprints even though criminals could wear gloves.

There's a fundamental difference with those two ideas. They both only work if you assume the person might be a criminal. the police only tap someone's phone if they think they might be up to no good. They only take fingerprints from people arrested, not the whole population.

What these measures do is they put that assumption on all of us. They assume we're all criminals. There's no assumption of innocence here.

and even if they take fingerprints from someone they investigate they have to destroy them if no charges are brought.

This data is held by ISP's for 1 year but if accessed by security services they can keep it for ever.

Interesting comments in this article:

http://www.theguardian.com/uk-news/2015/nov/04/gchq-officer-my-work-surveillance-myths-need-busting

What these measures do is they put that assumption on all of us. They assume we're all criminals. There's no assumption of innocence here.

But its not really so different to what happens already with phone records. The mobile operators keep a record of your calls for billing purposes. If they have reason to do so, the police can access these records.

ISPs don't keep a record of websites you visited as they don't need to. This legislation forces them to keep the same records as a phone operator might. The police still won't have routine access to an individuals web history.

So do the cops assume we are all criminals just becase they CAN access our mobile phone records?

from the BBC front page:
[i]
MI5 'secretly collected phone data' for decade[/i]
[i]
MI5 has secretly been collecting vast amounts of data about UK phone calls to search for terrorist connections, the BBC has learned.

The programme has been running for 10 years under a law described as "vague" by the government's terror watchdog.[/i]

[url= http://www.bbc.co.uk/news/uk-politics-34729139 ]http://www.bbc.co.uk/news/uk-politics-34729139[/url]

So not not only CAN they access the data about us they DO.

somewhatslightlydazed - Member
And back in the day people working in photo labs also used to do this. Its less about surveillance and more about easy access to dirty photos.

It was wrong for them to pass them around too, however, there is a critical difference, and that is you are choosing to pass your film to somebody with the knowledge they will quite possibly see whatever is on it during the normal course of their work.

The situation with the NSA viewing people's private pics is more like them picking the lock on your front door, letting themselves into your house, looking through your bedside cabinet for polaroids you might have taken, then taking a copy and passing them around their mates.

Similar in a way to not objecting to being on CCTV in a shop or walking down the high street, but they can **** off putting one in my lounge. Let me pick my nose in peace 😀

Forget the paedophile thing, it could be used to justify absolutely anything and nobody can argue against it because
[img] [/img]