Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

uk gov plans

Comments

  • /care

    Opinions/Posts are to be assumed my own/personal and not company related unless obvious
    Currently unemployed | Available for consulting | http://as198412.net | https://william.si

  • DanielMDanielM Disabled

    they might try decrypting that too..... This was a plan under labour...

  • Let's start out with a few interesting bits about this article:

    Internet and mobile phone companies are preparing to install "black boxes" to monitor all internet and phone traffic to and from the UK, and decode encrypted messages including bank transactions.

    Uhm, yeah, no. Something can only be decoded if it's encoded (not encrypted!), and decrypted when it's encrypted. For the latter you need whatever key was used to encrypt the data with. That means that the above scenario is technically infeasible. I'll get to this in a bit.

    When an individual uses a webmail service such as Gmail, for example, the entire webpage is encrypted before it is sent. This makes it impossible for ISPs to distinguish the content of the message. Under the Home Office proposals, once the Gmail is sent, the ISPs would have to route the data via a government-approved "black box" which will decrypt the message, separate the content from the "header data", and pass the latter back to the ISP for storage.

    This basically means "we are going to MITM [man-in-the-middle attack] every connection". Instead of decrypting the encrypted data, they would simply ensure that they pretend to be the destination server, so that all traffic is encrypted with their key instead of that of the destination server, thus being able to decrypt it and then send a request to the destination server themselves. This allows them to intercept messages. The nasty thing here is that, unlike most targeted MITM attacks, you can't work around this one, as your internet connection would come with that 'functionality' built-in. You will probably be able to determine that you are not connecting to the legitimate server (assuming that the SSL certification authorities do not go corrupt and assist in these MITM attacks, of course), but even if you are aware, there is nothing you can do about it.

    A representative of the ISPs Association said: "We understand that government wants to move with the times, and we want to work with them on that. But this is a massive project. We'd rather they told us what they want to achieve, then sit down with us to work out how."

    "Our other main concern with this is speed. If you're having to route all traffic through one box, it's going to cut down on connection speeds. The hardware can only look at a certain amount of traffic per second - if lots of streams from the BBC iPlayer are going through it, for example, how is it going to handle the traffic?"

    Note how the only points the ISPs Association attempts to make, are the following:

    1. It's a lot of work for ISPs, and takes a lot of money.
    2. It will slow down the internet.

    You'll notice how the point about invasion of privacy beyond any reasonable point, is entirely absent here. This point is only brought up by one specific politician, but the ISPs apparently do not care.

    Now for my personal opinion: This is absolutely fucking ridiculous. This is literally the same setup as used in China, Syria, and many other countries where governments watch all traffic. Remember how Tunisian activists were arrested because all SSL traffic was blocked, and they logged into their blogs through plaintext HTTP connections?

    Sadly, as usual, the majority of people will probably throw the "I have nothing to hide" argument, conveniently ignoring the possibilities this opens up for a government that wants to do evil. Realize that even if the current government means no harm, will that still go for the government that you have in 10 years, when the infrastructure is already in place and socially accepted?

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • @joepie91 said: Sadly, as usual, the majority of people will probably throw the "I have nothing to hide" argument, conveniently ignoring the possibilities this opens up for a government that wants to do evil. Realize that even if the current government means no harm, will that still go for the government that you have in 10 years, when the infrastructure is already in place and socially accepted?

    This, I completely agree with.

    Thanked by 1Infinity
  • DanielMDanielM Disabled

    @joepie91 said: used in China, Syria, and many other countries where governments watch all traffic.

    Dont forget Saudi arabia and UAE.

    Thanked by 1jhadley
  • JacobJacob Member

    They already do.

    @DanielM said: to spy on us all....

    Thanked by 1Infinity
  • JarJar Member

    Government vs people, that's a scenario that works out really well over time. Sarcasm aside, I'm tired of the major governments working together to end privacy. Never under estimate the people that put you in power...

  • @jarland said: I'm tired of the major governments working together to end privacy.

    I read 'piracy' instead of 'privacy' there for a second, and wasn't really sure how to parse it... :P

    Appreciate my posts/software/guides? Donate (PayPal/Flattr/Bitcoin): http://cryto.net/~joepie91/donate.html | irc.freenode.net #lowendbox

  • TaylorTaylor Member

    How would they cope with such large amounts of traffic? Thats entire data centres and residential connections they have to manage, they surely cant match the entire bandwidth of the UK can they?

    I know, I'm Dale Maily.

  • miTgiBmiTgiB Member

    @Taylor said: they surely cant match the entire bandwidth of the UK can they?

    Why not? The NSA does

    Hostigation High Resource Hosting - SolusVM OpenVZ/KVM VPS
    Thanked by 1TheHackBox
  • @miTgiB said: The NSA does

    You're talking about the AT&T wiretaps aren't you...

    This signature is brought to you by the NSA. Spying on the entire world since 1952!

  • TazTaz Disabled

    Waste of resource, time, money and shits.

    Time is good and also bad. Life is short and that is sad. Dont worry be happy thats my style. No matter what happens i won't lose my smile!

  • vedranvedran Moderator

    Just what we need: everyone's internet traffic passed through the government's server before being sent to destination. And apparently severs will be operated by people not knowing the difference between encryption and encoding.

    I feel much safer already ...

    Thanked by 1Jack
  • interesting article, definitely is something to think about.

    miniVPS - Value and Premium VPS Servers!

Sign In or Register to comment.