Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Impending UK Law - "Snooper's Charter".

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
nymnom
Posts: 17
Joined: Fri Apr 17, 2015 2:21 pm

Impending UK Law - "Snooper's Charter".

Postby nymnom » Tue Nov 10, 2015 4:44 am

Hey,

So it seems the government we are suffering under is attempting to adapt our laws to be a better fit around what our 'security services' are already doing. A fucked-up state of affairs I really don't have adequate words to express my feelings over. But it gets worse; it seems they are attempting to also weaken (effectively ban, that reads to me) 'end to end encryption'. As 'end to end encryption' is how I prefer my families deeply average internet usage to be channelled through this worries me slightly, and that's ignoring the wider associated problems it will cause.

Fuck 'em, of course. I will not give it up. But, I must admit, my hardcore rebellious/agro' days are kinda behind me. I'd rather not fight if I help it. And doing time is shit even before you've got kids to miss, eh?

Will I be able to hide and lie without getting caught, in a technical sense? In other words, will it be possible for me to continue my usage of your service in this dystopian reality and not be potentially proved guilty of just that?

'Cos, although it's not gone through parliament yet, I worry they've already won.


Topic Author
nymnom
Posts: 17
Joined: Fri Apr 17, 2015 2:21 pm

Re: Impending UK Law - "Snooper's Charter".

Postby nymnom » Tue Nov 10, 2015 4:57 am

I'm assuming worst case here, by the way.

User avatar

parityboy
Site Admin
Posts: 1092
Joined: Wed Feb 05, 2014 3:47 am

Re: Impending UK Law - "Snooper's Charter".

Postby parityboy » Tue Nov 10, 2015 5:27 pm

@OP

EDIT: see this link for a simplified version of my post. :P

Well according to everything I've read, they will still allow SSL/TLS, otherwise the faith in online banking would become non-existent overnight; they appear to be targeting metadata (i.e. message headers) as opposed to content - at least publicly. Additionally, they seem to be targeting corporations rather than individuals, thereby pulling genuine "end to end" encryption out of the hands of the masses, rather than trying to implementing a blanket ban.

The obvious question is: what counts as "end to end" encryption, considering that with SSL/TLS the IP packet payload is encrypted, but the IP packet headers are not?

SSL (e.g. HTTPS)
With SSL transmissions such as HTTPS, the Internet routers very obviously have to read the IP packets in order to route the data, but they can't read anything else.

With secure mail transports such as SMTPS, IMAP4S and POP3S, the same thing applies: the transmission is encrypted, but the actual data is plain text once it pops out the other end, i.e. the memory space of the running mail server software.

Additionally, with HTTPS the transmission is between your computer and the target website only (generally); with email - which relays messages from one email server to another until it reaches its destination - you cannot guarantee that each hop between mail relays is encrypted, or even authenticated.

Not only that, but any mail server can siphon the messages which pass through it, both headers and content. Technologies such as PGP and S/MIME ensure that the content of an email message sent by you to someone else is encrypted, authenticated and therefore secure, however the email headers are still plain text because the mail relay has to read them in order to route mail messages between relays.

VPNs
VPNs such as OpenVPN also use SSL to create a tunnel between your computer and the VPN exit node, thereby giving an additional layer of protection. Once the data reaches the exit node, it is restored to its original form, whatever that might be. Again, banning VPNs is out of the question since the business community make extensive use of them.

Data At Rest
This is data sitting on storage on a computer of some kind (laptop, smartphone, tablet or workstation). On that device, the storage may be generally encrypted independently of all other security mechanisms. Additionally, individual applications such as email and SMS programs (which store messages locally on the device) may implement their own encryption mechanism (such as a password-protected database) to secure those messages.

Conclusion
So in reality, is true end-to-end encryption on the public Internet really even available, if the headers of every email you send are still readable? If every SMS you send can be siphoned off of the cell towers anyway?

At this time I would say no, however it is vitally important that an individual must a) recognise that data and network security is built up in layers using tools built for this job or that, and b) build for themselves a very clear picture of what exactly it is they are trying to achieve (or avoid).


Topic Author
nymnom
Posts: 17
Joined: Fri Apr 17, 2015 2:21 pm

Re: Impending UK Law - "Snooper's Charter".

Postby nymnom » Wed Nov 11, 2015 8:02 pm

Thank you, @parityboy.

The vague hysteria I seem to be displaying is a result of a suspicion that this is just the beginning (and the smoke before writing, as ever), and the fact I'm fucked off with all of it in general... It seems the 'if you've got nothing to hide brigade' has got balls-deep into the general consciousness of the population. In pubs and on message boards etc, time and time again, the mention of encrypted communications prompts huge suspicion - the presumption being that only nonces, terrorists and those engaged in other dangerous nefarious acts use it. I'm sure they do, it's just dull, awkward bastards like me are swept up in the guilt-by-association frame... and Tor is a dirty word amongst many. I don't even mention that in the pub (mainly cos it's too slow for normal use), it's just not worth the trouble. There's something very wrong with that, I think. Does not bode well.

Anyway, you're right. It is aimed at the commercial outfits - although I'd say the intention to enforce weakening/backdoors effects us all. They can't keep our data safe now!

How would the enactment of this law effect the Turing node? Would we lose it given hardcore privacy attitudes of CS? I suspect that's probably more a question for a commercial law expert or something.

Anyway, thank you again for your time. Appreciated.

User avatar

parityboy
Site Admin
Posts: 1092
Joined: Wed Feb 05, 2014 3:47 am

Re: Impending UK Law - "Snooper's Charter".

Postby parityboy » Wed Nov 11, 2015 9:07 pm

@OP

No worries, happy to help. I think the one thing to remember here is that government isn't worried about encryption per se, what they are worried about is easy to use encryption, because then it will be adopted by the general public without a second thought, or even a first one.

The kinds of people who are used to demonise the likes of I2P, Tor and encryption in general (terrorists, child molesters etc) are a) in the minority and b) already using it. The days of those classes of people not being tech-savvy are fading rapidly, if not already gone. Bare minimum, they are certainly aware of the need for data security and will know at least one person capable of implementing it.

The real target of all of this are those who are deemed a threat to the political power structure - not child molesters, not terrorists, in fact not any group who is a genuine threat to the public at large - i.e., the whistleblowers and political activists. The Bradley Mannings and Edward Snowdens of this world. These are the people who need the encryption and anonymity tools to protect themselves from jail or physical assassination.

The main issue with your compatriots in the local drinking establishment is that despite all of the lies and shenanigans, they still have an unwavering trust in government, and cannot imagine an existence without it, therefore they will always lean in the direction of being "looked after by our superiors/betters".

As for the Turing node, it will probably stay. I have no doubt that the node is being closely monitored anyway. :P


Topic Author
nymnom
Posts: 17
Joined: Fri Apr 17, 2015 2:21 pm

Re: Impending UK Law - "Snooper's Charter".

Postby nymnom » Thu Nov 12, 2015 12:56 am

I hear you on the pointlessness of the law in terms of it's effectiveness in suppressing the true wrong 'uns, to stick to my instinctive demotic language usage. Also, completely with on your analysis of the prole mindset..although we massively generalise, of course (is there any other way to grasp a semblance of understanding of human chaos?).

Where we do differ slightly- also there is true commonality I see through the haze - is in our thoughts on motivations of State, and true targets. As you say, those with a vested interest in hiding their shit do already. During the act of his heroic defiance Ed did, too; they found out when he wanted them to, it seems (Citizen 4 is a scary film!). Shame about BradChelsea( ;) ), mind...damn shame. But I think what I'm wary of is introducing any kind of 'hierarchy of validity'. Yes, heros/traitors - whatever the perspective - need the protection that strong encryption provides, and our support and respect, but at the same time I believe we all do. To be be honest, though, I'd much rather live under a regime that didn't seemingly intend to chill dissent, creativity, discussion and low-level crime (freedom to me is truly the ability to do just that, is it not?) by monitoring us all. It's not so much the act of monitoring, as the feeling it imposes. Imagine the next potential Ed/Chelsea, born the day legislation that watches - just watches - all the fucking time is enacted. How different that adult would be. The potential to question, blow that whistle hard if need be, would stay just that - an invisible 'what if' never said for fear of it being heard, or read, cos they've grown up in that never knowing other :silent: . So, I suppose, yeah, it's them pleb, average babies I think we have to worry about, and in some senses prioritise, along with their dull, everyday parents...not so much the heros that are burned already.

Fucked if I know how, mind you. Like I said, my perception is most people are fucking pricks over this issue.

Bah, I waffle...> /dev/null :D


Topic Author
nymnom
Posts: 17
Joined: Fri Apr 17, 2015 2:21 pm

Re: Impending UK Law - "Snooper's Charter".

Postby nymnom » Thu Nov 12, 2015 1:00 am

...and I suppose,if they sit on the Turing exit node, and I habitually use it cos it's fastest, CS is actually drawing more attention to me than riding bareback would when I log into my bank or whatever. Oh wondrous joy :D

Whatever.

PS.The forum 'hide being online' check box is a broken, isn't it? This,in my current state, prompts a lazy, ironic smile....and the need for a chocolate biscuit. But correlation is not causation, as they say.... :crazy:


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 16 guests

Login