Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


uk gov plans
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

uk gov plans

Comments

  • /care

  • they might try decrypting that too..... This was a plan under labour...

  • joepie91joepie91 Member, Patron Provider

    Let's start out with a few interesting bits about this article:

    Internet and mobile phone companies are preparing to install "black boxes" to monitor all internet and phone traffic to and from the UK, and decode encrypted messages including bank transactions.

    Uhm, yeah, no. Something can only be decoded if it's encoded (not encrypted!), and decrypted when it's encrypted. For the latter you need whatever key was used to encrypt the data with. That means that the above scenario is technically infeasible. I'll get to this in a bit.

    When an individual uses a webmail service such as Gmail, for example, the entire webpage is encrypted before it is sent. This makes it impossible for ISPs to distinguish the content of the message. Under the Home Office proposals, once the Gmail is sent, the ISPs would have to route the data via a government-approved "black box" which will decrypt the message, separate the content from the "header data", and pass the latter back to the ISP for storage.

    This basically means "we are going to MITM [man-in-the-middle attack] every connection". Instead of decrypting the encrypted data, they would simply ensure that they pretend to be the destination server, so that all traffic is encrypted with their key instead of that of the destination server, thus being able to decrypt it and then send a request to the destination server themselves. This allows them to intercept messages. The nasty thing here is that, unlike most targeted MITM attacks, you can't work around this one, as your internet connection would come with that 'functionality' built-in. You will probably be able to determine that you are not connecting to the legitimate server (assuming that the SSL certification authorities do not go corrupt and assist in these MITM attacks, of course), but even if you are aware, there is nothing you can do about it.

    A representative of the ISPs Association said: "We understand that government wants to move with the times, and we want to work with them on that. But this is a massive project. We'd rather they told us what they want to achieve, then sit down with us to work out how."

    "Our other main concern with this is speed. If you're having to route all traffic through one box, it's going to cut down on connection speeds. The hardware can only look at a certain amount of traffic per second - if lots of streams from the BBC iPlayer are going through it, for example, how is it going to handle the traffic?"

    Note how the only points the ISPs Association attempts to make, are the following:

    1. It's a lot of work for ISPs, and takes a lot of money.
    2. It will slow down the internet.

    You'll notice how the point about invasion of privacy beyond any reasonable point, is entirely absent here. This point is only brought up by one specific politician, but the ISPs apparently do not care.

    Now for my personal opinion: This is absolutely fucking ridiculous. This is literally the same setup as used in China, Syria, and many other countries where governments watch all traffic. Remember how Tunisian activists were arrested because all SSL traffic was blocked, and they logged into their blogs through plaintext HTTP connections?

    Sadly, as usual, the majority of people will probably throw the "I have nothing to hide" argument, conveniently ignoring the possibilities this opens up for a government that wants to do evil. Realize that even if the current government means no harm, will that still go for the government that you have in 10 years, when the infrastructure is already in place and socially accepted?

  • @joepie91 said: Sadly, as usual, the majority of people will probably throw the "I have nothing to hide" argument, conveniently ignoring the possibilities this opens up for a government that wants to do evil. Realize that even if the current government means no harm, will that still go for the government that you have in 10 years, when the infrastructure is already in place and socially accepted?

    This, I completely agree with.

    Thanked by 1Infinity
  • @joepie91 said: used in China, Syria, and many other countries where governments watch all traffic.

    Dont forget Saudi arabia and UAE.

    Thanked by 1jh
  • JacobJacob Member

    They already do.

    @DanielM said: to spy on us all....

    Thanked by 1Infinity
  • jarjar Patron Provider, Top Host, Veteran

    Government vs people, that's a scenario that works out really well over time. Sarcasm aside, I'm tired of the major governments working together to end privacy. Never under estimate the people that put you in power...

  • joepie91joepie91 Member, Patron Provider

    @jarland said: I'm tired of the major governments working together to end privacy.

    I read 'piracy' instead of 'privacy' there for a second, and wasn't really sure how to parse it... :P

  • TaylorTaylor Member

    How would they cope with such large amounts of traffic? Thats entire data centres and residential connections they have to manage, they surely cant match the entire bandwidth of the UK can they?

  • miTgiBmiTgiB Member

    @Taylor said: they surely cant match the entire bandwidth of the UK can they?

    Why not? The NSA does

    Thanked by 1TheHackBox
  • @miTgiB said: The NSA does

    You're talking about the AT&T wiretaps aren't you...

  • TazTaz Member

    Waste of resource, time, money and shits.

  • vedranvedran Veteran

    Just what we need: everyone's internet traffic passed through the government's server before being sent to destination. And apparently severs will be operated by people not knowing the difference between encryption and encoding.

    I feel much safer already ...

    Thanked by 1DeletedUser
  • interesting article, definitely is something to think about.

Sign In or Register to comment.