New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
uk gov plans
to spy on us all....
http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data
Thoughts///
Comments
/care
they might try decrypting that too..... This was a plan under labour...
Let's start out with a few interesting bits about this article:
Uhm, yeah, no. Something can only be decoded if it's encoded (not encrypted!), and decrypted when it's encrypted. For the latter you need whatever key was used to encrypt the data with. That means that the above scenario is technically infeasible. I'll get to this in a bit.
This basically means "we are going to MITM [man-in-the-middle attack] every connection". Instead of decrypting the encrypted data, they would simply ensure that they pretend to be the destination server, so that all traffic is encrypted with their key instead of that of the destination server, thus being able to decrypt it and then send a request to the destination server themselves. This allows them to intercept messages. The nasty thing here is that, unlike most targeted MITM attacks, you can't work around this one, as your internet connection would come with that 'functionality' built-in. You will probably be able to determine that you are not connecting to the legitimate server (assuming that the SSL certification authorities do not go corrupt and assist in these MITM attacks, of course), but even if you are aware, there is nothing you can do about it.
Note how the only points the ISPs Association attempts to make, are the following:
You'll notice how the point about invasion of privacy beyond any reasonable point, is entirely absent here. This point is only brought up by one specific politician, but the ISPs apparently do not care.
Now for my personal opinion: This is absolutely fucking ridiculous. This is literally the same setup as used in China, Syria, and many other countries where governments watch all traffic. Remember how Tunisian activists were arrested because all SSL traffic was blocked, and they logged into their blogs through plaintext HTTP connections?
Sadly, as usual, the majority of people will probably throw the "I have nothing to hide" argument, conveniently ignoring the possibilities this opens up for a government that wants to do evil. Realize that even if the current government means no harm, will that still go for the government that you have in 10 years, when the infrastructure is already in place and socially accepted?
This, I completely agree with.
Dont forget Saudi arabia and UAE.
They already do.
Government vs people, that's a scenario that works out really well over time. Sarcasm aside, I'm tired of the major governments working together to end privacy. Never under estimate the people that put you in power...
I read 'piracy' instead of 'privacy' there for a second, and wasn't really sure how to parse it... :P
How would they cope with such large amounts of traffic? Thats entire data centres and residential connections they have to manage, they surely cant match the entire bandwidth of the UK can they?
Why not? The NSA does
You're talking about the AT&T wiretaps aren't you...
Waste of resource, time, money and shits.
Just what we need: everyone's internet traffic passed through the government's server before being sent to destination. And apparently severs will be operated by people not knowing the difference between encryption and encoding.
I feel much safer already ...
interesting article, definitely is something to think about.