All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Current state of online privacy in the UK
Privacy is something I care about and take steps to protect. We all know it's very bad in the UK and getting worse. I try keep on top of changes in legislation and adjust my behaviour accordingly.
I must have missed something though. I don't normally pay attention to access logs but having recently put our site behind Incapsula, there is a nice list of all of the bots that access it. My ISP has a bot that is crawling pages on the site that are not indexed by search engines and could only have been known by monitoring my web traffic.
The whole site is also HTTPS-only, so my understanding of HTTPS would lead me to believe that they're proxying all of my HTTPS traffic to get the URIs (and maybe other stuff). I couldn't find much information about this online other than one purpose seems to be checking which sites David Cameron thinks are offensive and adding them to a blacklist.
Comments
It's called spying. Or your ISP just so happened to find your website.
Whichever comes first.
Either way, they're ignoring the robots.txt since well, it's your ISP. Just block the ranges after you've gathered enough IPs doing it.
Your ISP can't just transparently proxy your HTTPS traffic unless you install some trusted root cert in your CA.
talktalk did (and possibly still does) collect all url's and follows you
Affectionately known as "StalkStalk". Their system comes in two main parts:
Deep packet inspection,
DNS hijacking
Neither should be able to inspect HTTPS traffic as @rds100 says
Is that TalkTalk? They're doing it for security, checking the site for viruses etc. You should be able to disable that in your TalkTalk account if you wish.
Iirc you can disable the actual blocking of malicious pages, but not opt out from the stalking.
StalkTalks by default addon does this, I had it disabled when I signed up.
Yes it's TalkTalk. I've still not gone through the list completely but Orange seems to be doing the same thing.
Regarding the CA comment - as I understand it, you trust your browser to pick CAs and the browser trusts CAs not to issue random certificates, so it can happen - it just requires some cooperation. Correct me if I'm wrong.
Switch to SSE cheaper an no spying/blocking of tpb etc
I've been considering them, what's their traffic management like?
for me. non existing, for friends and others it would seem restrictive. you can also request a free STATIC ip as a bonus .
Sure, but the more likely explanation is that it found those URLs from links (maybe internal, maybe external). If governments start pressuring CA's to forge certificates, then those CA's get removed from browsers; Mozilla/Google/Microsoft don't take that lightly.
So long as things like Netflix and Amazon Prime would run during peak hours, my household would be happy
yes
both copper dsl services are okay (the 24Mb and 80Mb)
The UK effort against world privacy goes much deeper than David Cameron.
Your ISPs probably have deep packet inspection.
eh, thats mainly a problem of the ISPs that say they are too large for peering.... UPC notably in central EU, Virgin in UK.
I'm not convinced by this.
Censorship and snooping are present throughout our culture. This worries me though as I somehow had no idea it was happening.
I live in a serviced apartment so I don't get to choose the ISP unfortunately. They have a deal with someone who have a deal with someone else who have a deal with TalkTalk. I found a decent VPN service though - lots of nice privacy/security features, reasonable prices and good speeds. It's just annoying that I have to use it at home for almost everything now
Setup your own. Much more secure.
Get your own vpn and set your router to access it automatically.
@jhadley I once was in your situation with not choosing ISP, I simply went and paid for a VPN at CyberGhost ( https://cyberghostvpn.com/ (note: no affiliate link was included)), and it did the charm.
OTOH, since residential ISP speeds are crap anyway in UK, a KS for 100 Mbps best effort should do to setup a fully encrypted tunnel.
If you feel ultra paranoid, get another and setup yourself a Tor bridge to route everything through it.
I've tried two different servers already, one of which has quality routing and a gigabit connection, and both slowed the connection down significantly. It may be a configuration issue or that TalkTalk throttle encrypted traffic. I get the feeling spending hours will only reinforce the fact that TalkTalk is at the bottom of it.
I know someone who did some interesting investigation into VPN services and also know that most make completely false claims about security, logging, handing over data etc. I finally found one that seems to be trustworthy, fast, secure, doesn't ask for my name, paid with BTC, open sources most of their stuff etc.
What configuration were you setting up? PPTP?
OpenVPN
Well that's your issue, configure PPTP and drop it into the router, you'll get better speeds.
Yeah except then it won't just be my ISP snooping.
Is it possible your ISP found the page(s) by someone visiting http://mysite.com/secret/secure/page.html and getting a HTTPS redirect? That's the most likely way they'd see the page URL.
I doubt that they are doing man-in-the-middle on people's HTTPS traffic routinely - people would spot it. Since you are accessing your own servers, you should be able to verify that the certificate your browser is presented with is the same one you installed on your server.
PPTP is a bit on the wank side, to be fair.
try softether, it is resource intensive, but an atom might manage it.
Some slowing down will occur, it is unavoidable, but if your link is already bad, wont be much of a difference, only if you have more than 30 mbps which is the threshold in UK for "broadband", you will feel the difference seriously.
PPTP is very, very insecure and can be cracked extremely easily. OpenVPN isn't, and can't.
I'm unsure if the ISP in question here is residential or business, but for a home ISP I would strongly recommend tunnelling via a VPN, then statically routing all of your traffic over the tunnel and out the other side.
If encrypted traffic throttling is a pain, you could always try obfuscating the traffic by running the VPN on a high/non-standard port - just make sure you don't pick a port associated with P2P traffic.