Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[TF] Canada Wants VPNs to Log and Warn Pirating Customers

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1281
Joined: Wed Feb 05, 2014 3:47 am

[TF] Canada Wants VPNs to Log and Warn Pirating Customers

Postby parityboy » Mon Feb 17, 2014 5:14 am

This is a few months old but I didn't see it posted, so I thought I'd do so. I know you CS peeps have an exit node in Montreal, which jigged my memory.

Under the new law Internet providers and VPN services are required to forward copyright notices they receive from rightsholders to their customers. To be able to do so, the companies have to retain access logs for a minimum of six months so the pirating customers can be identified. Providers who do not comply face damages up to $10,000.

Specifically, the law requires providers to “[...] retain records that will allow the identity of the person to whom the electronic location belongs to be determined, and do so for six months [...].” Failing to forward a notice may result in “[...] statutory damages in an amount that the court considers just, but not less than $5,000 and not more than $10,000 [...].”

The new logging requirements in combination with a notice policy and fines are a disaster for VPN providers, and that’s not an overstatement.


Source

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: [TF] Canada Wants VPNs to Log and Warn Pirating Customer

Postby Pattern_Juggled » Mon Feb 17, 2014 4:33 pm

Somewhere around here is a comment we posted in reply to that article - it likely isn't found in the actual comments section of the article in question, as the TF boys have lately developed something of a habit of censoring comments they don't like, and/or which criticize them or their "promoted sponsors" (advertising revenue sources).

tl'dr is that TF is apparently hallucinating the entire "VPN" angle to this "story" they created. Dr. Geist, who Ernesto (or whoever wrote this one) quotes as his underlying source, makes no mention of it and has not referenced "VPN" in any of his public comments on this issue. It's a Harper proposal for ISPs - physical network connectivity providers - not upstream transit services, proxies, wholesale backhaul providers, packet routing specialists, or any of the above. The language of the proposal is easy enough to read, and easy enough to parse.

To be fair, it's still a shite proposal - thanks, Stevie - but it's nothing to do with network security services. Not presented as such, not interpreted as such, not intended as such, and not predicted to be applied as such if it gets rammed through per the CPC's usual tactics. The only commenter who seems to have imagined a "VPN" angle to this is... TorrentFreak.

The fact that all of their advertising sugar-daddies are based in the USA? Wow. Such coincidence.

Besides, in the end, cryptostorm isn't really "based" anywhere. Speaking with blunt candor, these data retention procedures are utterly unenforceable as-written, in every extant jurisdiction, for a structurally decentralised project team. Again ironically, it's the EU that's been most intense about putting these into statute - there is no such law in the USA, although there's been multiple attempts to make one.

We do have a cluster in Montreal, and soon will have hardware in the USA, as well - our framework isolates clusters as essentially overgrown routers: there's no sensitive data on the machines, and they're all essentially disposable when no longer serving a realtime need of routing packets. The network is designed to ensure clusters aren't rigid, and can't be used as a concomitant technique to leverage the project team into meeting unreasonable local demands. if we don't like local conditions, we --rm the disk and walk away. Done.

Anyway, yeah... if you can get the TF boys to explain exactly how much PIA paid them to run that disinfo... oh, I meant to say how they made an honest error of imagining a 'story' where no existed, and then ducked all efforts to correct their 'honest error' thereafter - I'd love to hear it. They never replied to our questions on the subject - no surprise there - and on a personal level I'm not going to waste Dr. Geist's valuable time asking to clarify something that's already crystal clear.

If someone bumps into that comment we made initially on that fake "story," it'd be great to have it linked into this thread. Thanks.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

Re: [TF] Canada Wants VPNs to Log and Warn Pirating Customer

Postby Graze » Mon Feb 17, 2014 4:35 pm

parityboy wrote:n combination with a notice policy and fines are a disaster for VPN providers, and that’s not an overstatement.


I generally notice that when people explicitly claim something is "not an overstatement"... it usually is. Sort of like when people say "...trust me, I'm being totally honest with you here - they're not.

And that's no overstatement - honestly! :mrgreen:
------------------------
My avatar is pretty much what I look like. ;) <-- ...actually true, says pj
WebMonkey, Foilhat, cstorm evangelnomitron.
Twitter: @grazestorm.
For any time sensitive help requests, best to email the fine bots in support@cryptostorm.is or via Bitmessage at BM-NBjJaLNBwWiwZeQF5BMLYqarawbgycwJ ;)

User avatar

Topic Author
parityboy
Site Admin
Posts: 1281
Joined: Wed Feb 05, 2014 3:47 am

Re: [TF] Canada Wants VPNs to Log and Warn Pirating Customer

Postby parityboy » Tue Feb 18, 2014 5:31 am

@PJ

It's a Harper proposal for ISPs - physical network connectivity providers - not upstream transit services, proxies, wholesale backhaul providers, packet routing specialists, or any of the above. The language of the proposal is easy enough to read, and easy enough to parse.


You bring up an interesting point. I classify CS as a packet routing service, and I classify Tor the same way. It is possible to run a Tor exit node with little hassle, if the right legal steps are taken and the exit node operator has a good relationship with their hoster; as an exit node operator you are essentially providing a packet routing service, and as long as you don't perform any snooping or interference upon the traffic, you can claim neutrality and I assume will then qualify for "safe harbour" provisions.

With that said, the most obvious difference between Tor and any VPN service (to my eyes anyway) is that VPNs use a paid-for something to grant right of access, anonymous or not. Could it be possible then, that VPN providers could be deliberately classified as "virtual ISPs", just so that they would be afflicted by this proposal? Obviously CS would still be unaffected, but I would be interested to hear your opinion. :)

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: [TF] Canada Wants VPNs to Log and Warn Pirating Customer

Postby Pattern_Juggled » Tue Feb 18, 2014 5:40 pm

parityboy wrote:With that said, the most obvious difference between Tor and any VPN service (to my eyes anyway) is that VPNs use a paid-for something to grant right of access, anonymous or not. Could it be possible then, that VPN providers could be deliberately classified as "virtual ISPs", just so that they would be afflicted by this proposal? Obviously CS would still be unaffected, but I would be interested to hear your opinion. :)


Good questions - but, of course, paid/unpaid can't be the categorical boundary since we could just give away cryptostorm access (which we already do for many activists, worldwide) and thus subvert that distinction - or Tor could be accused of "charging" for the service by asking for donations.

As you say, the distinction in telecomms law generally relates to either "hosting" of content, or hands-on management of the content. Those who simply transit packets largely exempt from active pressures to monitor specific traffic. This has to be the case, as we often remind our colo providers; otherwise, Level 3 would have to filter every packet on their wholesale routes to be sure someone's not sharing Asses of Distinction XXXCCVII or whatever. Which is entirely infeasible, obviously.

The thing is, it's possible to write statutory language specifically targeting a service such as cryptostorm - we expect that to happen, over time. It's been done by Iran, for example: using a "VPN service" is formally illegal there. That happened after the Green Revolution of 2009, during which we (working as Cryptocloud at the time) donated many hundreds of subscriptions to frontline activists - including several very prominent on the political side of things - and engaged in a running cat-and-mouse game of evading governmental efforts to block connections to our network throughout. So when the dust settled, they made "VPN service" illegal. That's how governments work.

But, laws like that must traverse a sclerotic process to become real - and we can move faster. It's asymmetric conflict, obviously... and in such a context, adaptability and creativity are the key tools of the outgunned underdog. That's us :-)

The mice survived, and the dinosaurs went down...
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
parityboy
Site Admin
Posts: 1281
Joined: Wed Feb 05, 2014 3:47 am

Re: [TF] Canada Wants VPNs to Log and Warn Pirating Customer

Postby parityboy » Tue Feb 18, 2014 8:10 pm

@PJ

You make a good point about Level 3 and also about hosting, so consider this:

As you say, the distinction in telecomms law generally relates to either "hosting" of content, or hands-on management of the content.


So...define "content". Is data-in-transit considered to be usable content, considering the fact that it's chopped into packets? What about obfuscated data-at-rest (specifically Usenet, where the data is indeed "hosted" but is encoded and chopped into pieces, and if just one of those pieces is missing...)?

I've not really following all of the legal battles surrounding this kind of thing, so I don't know if there's precedent set for a legal definition of content. :)

.. and in such a context, adaptability and creativity are the key tools of the outgunned underdog.


This. :D


Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 8 guests

cron

Login