Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Impending UK Law - "Snooper's Charter".

Post a reply

This question is a means of preventing automated form submissions by spambots.
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek: :angel: :clap: :crazy: :eh: :lolno: :problem: :shh: :shifty: :sick: :silent: :think: :thumbdown: :thumbup: :wave: :wtf: :yawn:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review

If you wish to attach one or more files enter the details below.

Expand view Topic review: Impending UK Law - "Snooper's Charter".

Re: Impending UK Law - "Snooper's Charter".

by nymnom » Thu Nov 12, 2015 1:00 am

...and I suppose,if they sit on the Turing exit node, and I habitually use it cos it's fastest, CS is actually drawing more attention to me than riding bareback would when I log into my bank or whatever. Oh wondrous joy :D


PS.The forum 'hide being online' check box is a broken, isn't it? This,in my current state, prompts a lazy, ironic smile....and the need for a chocolate biscuit. But correlation is not causation, as they say.... :crazy:

Re: Impending UK Law - "Snooper's Charter".

by nymnom » Thu Nov 12, 2015 12:56 am

I hear you on the pointlessness of the law in terms of it's effectiveness in suppressing the true wrong 'uns, to stick to my instinctive demotic language usage. Also, completely with on your analysis of the prole mindset..although we massively generalise, of course (is there any other way to grasp a semblance of understanding of human chaos?).

Where we do differ slightly- also there is true commonality I see through the haze - is in our thoughts on motivations of State, and true targets. As you say, those with a vested interest in hiding their shit do already. During the act of his heroic defiance Ed did, too; they found out when he wanted them to, it seems (Citizen 4 is a scary film!). Shame about BradChelsea( ;) ), mind...damn shame. But I think what I'm wary of is introducing any kind of 'hierarchy of validity'. Yes, heros/traitors - whatever the perspective - need the protection that strong encryption provides, and our support and respect, but at the same time I believe we all do. To be be honest, though, I'd much rather live under a regime that didn't seemingly intend to chill dissent, creativity, discussion and low-level crime (freedom to me is truly the ability to do just that, is it not?) by monitoring us all. It's not so much the act of monitoring, as the feeling it imposes. Imagine the next potential Ed/Chelsea, born the day legislation that watches - just watches - all the fucking time is enacted. How different that adult would be. The potential to question, blow that whistle hard if need be, would stay just that - an invisible 'what if' never said for fear of it being heard, or read, cos they've grown up in that never knowing other :silent: . So, I suppose, yeah, it's them pleb, average babies I think we have to worry about, and in some senses prioritise, along with their dull, everyday parents...not so much the heros that are burned already.

Fucked if I know how, mind you. Like I said, my perception is most people are fucking pricks over this issue.

Bah, I waffle...> /dev/null :D

Re: Impending UK Law - "Snooper's Charter".

by parityboy » Wed Nov 11, 2015 9:07 pm


No worries, happy to help. I think the one thing to remember here is that government isn't worried about encryption per se, what they are worried about is easy to use encryption, because then it will be adopted by the general public without a second thought, or even a first one.

The kinds of people who are used to demonise the likes of I2P, Tor and encryption in general (terrorists, child molesters etc) are a) in the minority and b) already using it. The days of those classes of people not being tech-savvy are fading rapidly, if not already gone. Bare minimum, they are certainly aware of the need for data security and will know at least one person capable of implementing it.

The real target of all of this are those who are deemed a threat to the political power structure - not child molesters, not terrorists, in fact not any group who is a genuine threat to the public at large - i.e., the whistleblowers and political activists. The Bradley Mannings and Edward Snowdens of this world. These are the people who need the encryption and anonymity tools to protect themselves from jail or physical assassination.

The main issue with your compatriots in the local drinking establishment is that despite all of the lies and shenanigans, they still have an unwavering trust in government, and cannot imagine an existence without it, therefore they will always lean in the direction of being "looked after by our superiors/betters".

As for the Turing node, it will probably stay. I have no doubt that the node is being closely monitored anyway. :P

Re: Impending UK Law - "Snooper's Charter".

by nymnom » Wed Nov 11, 2015 8:02 pm

Thank you, @parityboy.

The vague hysteria I seem to be displaying is a result of a suspicion that this is just the beginning (and the smoke before writing, as ever), and the fact I'm fucked off with all of it in general... It seems the 'if you've got nothing to hide brigade' has got balls-deep into the general consciousness of the population. In pubs and on message boards etc, time and time again, the mention of encrypted communications prompts huge suspicion - the presumption being that only nonces, terrorists and those engaged in other dangerous nefarious acts use it. I'm sure they do, it's just dull, awkward bastards like me are swept up in the guilt-by-association frame... and Tor is a dirty word amongst many. I don't even mention that in the pub (mainly cos it's too slow for normal use), it's just not worth the trouble. There's something very wrong with that, I think. Does not bode well.

Anyway, you're right. It is aimed at the commercial outfits - although I'd say the intention to enforce weakening/backdoors effects us all. They can't keep our data safe now!

How would the enactment of this law effect the Turing node? Would we lose it given hardcore privacy attitudes of CS? I suspect that's probably more a question for a commercial law expert or something.

Anyway, thank you again for your time. Appreciated.

Re: Impending UK Law - "Snooper's Charter".

by parityboy » Tue Nov 10, 2015 5:27 pm


EDIT: see this link for a simplified version of my post. :P

Well according to everything I've read, they will still allow SSL/TLS, otherwise the faith in online banking would become non-existent overnight; they appear to be targeting metadata (i.e. message headers) as opposed to content - at least publicly. Additionally, they seem to be targeting corporations rather than individuals, thereby pulling genuine "end to end" encryption out of the hands of the masses, rather than trying to implementing a blanket ban.

The obvious question is: what counts as "end to end" encryption, considering that with SSL/TLS the IP packet payload is encrypted, but the IP packet headers are not?

SSL (e.g. HTTPS)
With SSL transmissions such as HTTPS, the Internet routers very obviously have to read the IP packets in order to route the data, but they can't read anything else.

With secure mail transports such as SMTPS, IMAP4S and POP3S, the same thing applies: the transmission is encrypted, but the actual data is plain text once it pops out the other end, i.e. the memory space of the running mail server software.

Additionally, with HTTPS the transmission is between your computer and the target website only (generally); with email - which relays messages from one email server to another until it reaches its destination - you cannot guarantee that each hop between mail relays is encrypted, or even authenticated.

Not only that, but any mail server can siphon the messages which pass through it, both headers and content. Technologies such as PGP and S/MIME ensure that the content of an email message sent by you to someone else is encrypted, authenticated and therefore secure, however the email headers are still plain text because the mail relay has to read them in order to route mail messages between relays.

VPNs such as OpenVPN also use SSL to create a tunnel between your computer and the VPN exit node, thereby giving an additional layer of protection. Once the data reaches the exit node, it is restored to its original form, whatever that might be. Again, banning VPNs is out of the question since the business community make extensive use of them.

Data At Rest
This is data sitting on storage on a computer of some kind (laptop, smartphone, tablet or workstation). On that device, the storage may be generally encrypted independently of all other security mechanisms. Additionally, individual applications such as email and SMS programs (which store messages locally on the device) may implement their own encryption mechanism (such as a password-protected database) to secure those messages.

So in reality, is true end-to-end encryption on the public Internet really even available, if the headers of every email you send are still readable? If every SMS you send can be siphoned off of the cell towers anyway?

At this time I would say no, however it is vitally important that an individual must a) recognise that data and network security is built up in layers using tools built for this job or that, and b) build for themselves a very clear picture of what exactly it is they are trying to achieve (or avoid).

Re: Impending UK Law - "Snooper's Charter".

by nymnom » Tue Nov 10, 2015 4:57 am

I'm assuming worst case here, by the way.

Impending UK Law - "Snooper's Charter".

by nymnom » Tue Nov 10, 2015 4:44 am


So it seems the government we are suffering under is attempting to adapt our laws to be a better fit around what our 'security services' are already doing. A fucked-up state of affairs I really don't have adequate words to express my feelings over. But it gets worse; it seems they are attempting to also weaken (effectively ban, that reads to me) 'end to end encryption'. As 'end to end encryption' is how I prefer my families deeply average internet usage to be channelled through this worries me slightly, and that's ignoring the wider associated problems it will cause.

Fuck 'em, of course. I will not give it up. But, I must admit, my hardcore rebellious/agro' days are kinda behind me. I'd rather not fight if I help it. And doing time is shit even before you've got kids to miss, eh?

Will I be able to hide and lie without getting caught, in a technical sense? In other words, will it be possible for me to continue my usage of your service in this dystopian reality and not be potentially proved guilty of just that?

'Cos, although it's not gone through parliament yet, I worry they've already won.