Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Which ISPs Are Spying On You?

kdawson posted more than 7 years ago | from the what-do-they-keep-and-how-long-do-they-keep-it dept.

Privacy 160

firesquirt sends us an article from Wired about a survey they conducted to determine major ISPs' data retention and other privacy practices. Over a period of two months, four national ISPs would not give Wired the time of day; and another four answered some of their questions in a fashion not altogether reassuring.

cancel ×

160 comments

Sorry! There are no comments related to the filter you selected.

firesquirt? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19472147)

also known as the clap?

tell me (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19472207)

do you sit here at slashdot all day and night, with no life, no girlfriend, no job, jerking off, clicking that refresh button every second just to see if you can get a first post to show goatse? you must really get some extreme personal gratitude for yourself with every first post..

Re:tell me (0)

buswolley (591500) | more than 7 years ago | (#19472745)

I've seen you post this response before. Do you sit also here at slashdot all day and night, with no life, no girlfriend etc?

Re:tell me (1)

stonedcat (80201) | more than 7 years ago | (#19472925)

I love watching reruns.

This show was on yesterday evening too.

All of them (2, Informative)

Anonymous Coward | more than 7 years ago | (#19472159)

All of them (in the US) are spying on you, thanks to government data-retention requirements. Y'know, in case a turrist or pedophile happens to use the intarwebs.

Re:All of them (5, Insightful)

froggero1 (848930) | more than 7 years ago | (#19472193)

All of them (in the world) have the potential to spy on you. But in the US, thanks to government privacy lobbyists, we get the privilidge of full disclosure and an open forum to debate what privacy we'd like to see from a government.

That's true... (4, Insightful)

Atario (673917) | more than 7 years ago | (#19472571)

As far as you know.

Re:That's true... (4, Interesting)

turnip torrent (1037524) | more than 7 years ago | (#19473125)

Should we be more worried of ISPs spying on what we do... Or should the ISPs be worried about us spying on what they do?

Re:That's true... (2, Insightful)

OriginalArlen (726444) | more than 7 years ago | (#19474359)

None of the ISPs (or NSPs) are spying on you; they merely provide the lawful intercept functionality are required by CALEA, PATRIOT, and other legislation. It's the CIA/ TIA / NSA that do the actual spying.

Re:All of them (5, Informative)

crazy al's (603933) | more than 7 years ago | (#19472631)

All of the United States' ISPs are MANDATED to have the ability to spy on you, at a moment's notice, and send the full stream they request off to FBI or whoever's data warehouse. and they (the ISP) must comply and must not tell you if they are doing so, courtesy of CALEA. Penalties start at $10,000 per day. Obligatory bow of the head: I, for one, welcome our new overlords.

Re:All of them (2, Informative)

logiclust (1010341) | more than 7 years ago | (#19472785)

HA

that was funny.

A riddle... (0, Offtopic)

s16le (963839) | more than 7 years ago | (#19472187)

Q: What happened when the Slashdot user was diagnosed with cancer?


A: I didn't get upset.

:)

That's easy (0, Troll)

Anonymous Coward | more than 7 years ago | (#19472203)

If you live in a muslim country ... all ISPs. See Iran, Saudi Arabia, Pakistan ...

Re:That's easy (1)

oogoliegoogolie (635356) | more than 7 years ago | (#19472333)

Even easier if you live in the US...it's your own government.

Re:That's easy (4, Insightful)

SeaFox (739806) | more than 7 years ago | (#19472421)

Even easier if you live in the US...it's your own government.

Somewhere, there are lobbyists laughing at this comment.

Too Easy (1)

mpapet (761907) | more than 7 years ago | (#19473749)

Oh yeah, let's ignore the Average American Citizen's role in bringing this all about.

-Stare at the TV 4 hours a day

-Stop participating in your Government.

-Allow Civics/government programs to be gutted.

-Turn away from reason to embrace The Lord.

It's _soo_ easy to whip off comments like yours. But it's more patriotic to be labled a Democratic (as in democracy) nut job.

Re:That's easy (2, Insightful)

ObsessiveMathsFreak (773371) | more than 7 years ago | (#19472361)

....the US, Great Britain, Australia, Ireland, etc, etc...

The net is being reined in by those who don't like it. There's little anyone who cares can do to stop it.

Re:That's easy (1)

Tribbin (565963) | more than 7 years ago | (#19472609)

You have a twisted world perspective anonymous boy.

All of them, DUH (1)

Junior J. Junior III (192702) | more than 7 years ago | (#19472219)

NO CARRIER

Re:All of them, DUH - NO. Some do the right thing (5, Interesting)

enselsharon (968932) | more than 7 years ago | (#19473299)

Although not an ISP per se, my offsite backup provider publishes a warrant canary:

http://www.rsync.net/resources/notices/canary.txt [rsync.net]

In addition to a stated policy of "No data or meta-data concerning the behavior of our customers or filesystem contents will ever be divulged to any law enforcement agency without order served directly by a US court having jurisdiction. All such orders will be reported to our entire customer base."

You should read their philosophy page [rsync.net] .

Re:All of them, DUH - NO. Some do the right thing (4, Informative)

RDaneel2 (533639) | more than 7 years ago | (#19473521)

"... All such orders will be reported to our entire customer base."

Ummm... dream on about this part (at least), as "Patriot Act"-backed demands (with or without a warrant) can forbid the disclosure of said demand.

And while an especially conscientious service provider might insist on dotting i's and crossing t's, it is doubtful any of their personnel (or bosses) will be willing to be jailed as a "terrorist". :(

Re:you should read more closely ... the canary ... (1)

enselsharon (968932) | more than 7 years ago | (#19473619)

That is what the canary is for (!)

Read this again:

rsync.net warrant canary [rsync.net]

If they are served with a secret warrant, they simply stop updating the warrant canary...

Re:you should read more closely ... the canary ... (1)

general_re (8883) | more than 7 years ago | (#19473855)

That is what the canary is for (!)

Read this again:

rsync.net warrant canary [rsync.net]

If they are served with a secret warrant, they simply stop updating the warrant canary...

Which, since everyone knows what it means, effectively functions as a way of disclosing that they've been served with a warrant demanding nondisclosure. I hope they're not relying on whatever lawyer told them that this was a good idea to bail them out after the fact, or they may be in for a rather rude surprise.

Re:All of them, DUH - NO. Some do the right thing (1)

Junior J. Junior III (192702) | more than 7 years ago | (#19473679)

TOS aside, you still can't trust your ISP. They may be gagged, or commandeered by the law (or illegally for that matter). Think Echelon, Carnivore, etc. Trustno1 is not just a password, my friend!

Re:All of them, DUH (1)

Reaperducer (871695) | more than 7 years ago | (#19473543)

Over a period of two months, four national ISPs would not give Wired the time of day
So? BFD. I wouldn't give Wired the time of day, either. Wired had promise in the last century, but is nothing more than a hybrid of Ars Technica and People Magazine.

In spite of what the people at Wired think of themselves, they're not the New York Times, or any other news organization with a 100+ year track record of journalism (recent gaffes notwithstanding). They're just a garish tech fanboi rag, and not even a good one of those.

in EU this is mandated by the government... (4, Informative)

Anonymous Coward | more than 7 years ago | (#19472227)

Actually, in the European Union, such spying practices are _mandatory_.

Re:in EU this is mandated by the government... (0)

Anonymous Coward | more than 7 years ago | (#19473499)

Well - depends where you live! In an independent free country as Finland at least
my (and basically all) ISPs has put Slash and a big Dot to all 'spying'!
Additionally they keep on giving our geological position apx 150-200 miles wrong,
so we ain't get too targeted by 'spying', adult-ads etc malcontent!

They really do have lots of other things to do - as keeping all up and
running while developing new technology for the future.

We all know that Spys, Terrorists, Conspiracies (spell 'the truth' ;)) and
Fundamentalist Cults exist only in few dictator-driven police-states as in USA.
R.I.A.A. and all other 'super-materialists' and their .Gov are giving more fines
to those 'crimes' than f.e. killing a man (one basics of Capitalism) ...

So, you all should know, where this world's 'elite' is going right now!
See things and matters globally, then small things like this are much more
self-clear and easier to understand.

Coward W. (just lazy in making accounts everywhere)

Noisy clickstream (5, Insightful)

mstrcat (517519) | more than 7 years ago | (#19472265)

Here's an idea: Develop a web browser extention that does a random web crawl. I don't mind letting my ISP sell marketeers, give to the government, keep on file, ect a clickstream that is 99% chaff and 1% my actuall surfing. Yes, I realize that if someone puts in enough effort and analysis, they could probably sift out the false signal, but it's that very effort that makes it cost prohibitive to do it across a broad scale. And of course there is always the defense: I didn't visit that web site, my computer constantly does a random walk of the internet. And to help keep the ISPs in line, it ups the volume of records they have to keep by 500 fold.
        As for the other things such as IM's, emails, torrents, ect I can encrypt those should I feel the need. Yes, I could start using TOR, but it's slow and watching a web crawler do a random walk can be entertainment all by itself.

Re:Noisy clickstream (5, Funny)

mh1997 (1065630) | more than 7 years ago | (#19472563)

Here's an idea: Develop a web browser extention that does a random web crawl
It would be my luck that my browser would hit every child porn site on the web.

Re:Noisy clickstream (0)

Anonymous Coward | more than 7 years ago | (#19472639)

It would be my luck that my browser would hit every child porn site on the web.

You mean all 3 or 4 that the FBI hosts?

Re:Noisy clickstream (5, Funny)

Lehk228 (705449) | more than 7 years ago | (#19473637)

then don't have the bot start from your bookmarks folder.

Re:Noisy clickstream (5, Informative)

Anonymous Coward | more than 7 years ago | (#19472567)

Already done (see here [nyu.edu] )

Also see Bruce Schneier's opinion on the matter [schneier.com] .

In short, it isn't a good idea.

Re:Noisy clickstream (2, Informative)

chrono13 (879557) | more than 7 years ago | (#19473277)

TrackMeNot isn't designed to hide your searches from your ISP. It is designed to muddy the profiling Yahoo, MSN and Google are performing. Recent versions of it seem to perform that job fantastically and address most of Bruce's concerns (word list, timing, etc). So while it would hinder, to a degree, it is the fact that it really does not erase or otherwise really hide my legitimate searches from my ISP or work proxy, that I do not use it. But most of Bruce's concerns are no longer valid.

Re:Noisy clickstream (1)

4D6963 (933028) | more than 7 years ago | (#19475075)

While I agree that using such a dictionary as TrackMeNot uses is dumb, if you rather used the leaked AOL searches instead, it would be much more efficient. Well, I still think the whole thing is pointless and tinfol-hat-esque anyways.

Re:Noisy clickstream (0, Redundant)

westlake (615356) | more than 7 years ago | (#19472665)

Here's an idea: Develop a web browser extention that does a random web crawl...

The random noise generated by the geek with the Big Idea is not going to change anything. Except that he just might see his shared connection to the net throttled down to the speed of a 300 baud modem.

Re:Noisy clickstream (1)

noidentity (188756) | more than 7 years ago | (#19472885)

Yes, I realize that if someone puts in enough effort and analysis, they could probably sift out the false signal, but it's that very effort that makes it cost prohibitive to do it across a broad scale.

Except that you only have to do it once, since the same algorithm would be used on each person's web browser.

And of course there is always the defense: I didn't visit that web site, my computer constantly does a random walk of the internet.

I thought the point was to keep them from casually snooping on your legal activities, not to hide illegal activities. Kind of like the people still complaining about Apple for removing DRM but still putting your name into the file in case you try to infringe on the copyright.

And to help keep the ISPs in line, it ups the volume of records they have to keep by 500 fold.

Install filter before logs are made. Problem solved.

Re:Noisy clickstream (1)

1u3hr (530656) | more than 7 years ago | (#19473513)

And to help keep the ISPs in line, it ups the volume of records they have to keep by 500 fold.
Install filter before logs are made. Problem solved.

Filtering a log pretty much makes it useless as evidence. Though the Feds can just disappear you regardless of legal procedure these days.

Secure proxy? (1)

HangingChad (677530) | more than 7 years ago | (#19473425)

but it's that very effort that makes it cost prohibitive to do it across a broad scale

That's a good idea. Poisoning the data well.

I'm wondering if a secure proxy would defeat your ISP's snooping? For some reason I was thinking it's possible to snoop https traffic. Difficult, but possible. It would certainly be a pain the rear and an ISP would need a good reason to go to all the trouble. Especially with so many, many people who wouldn't bother. All the search engine would have is the proxy IP, all your ISP would have is one IP address. It would be possible to match up those records, but who has the resources for that effort?

You think it's worth what it takes to set up?

Re:Noisy clickstream (1)

Ken_g6 (775014) | more than 7 years ago | (#19474239)

Actually, there are several available programs to do this kind of search. Here's a list. [distribute...uting.info] Ignore the first three that do performance statistics; there are better ones below them.

If you want a single specific, easy-to-use app, I'd suggest DepSpid [depspid.net] . (I haven't used it specifically, but all projects on the BOINC [berkeley.edu] platform are very similar.)

ISP's fearful of RIAA/MPAA? (4, Insightful)

planckscale (579258) | more than 7 years ago | (#19472277)

So ultimately the ISP's are afraid they'll be fined or shut down due to the negligence of the users and/or refusing to submit evidence? I just don't understand how a user's nefarious actions could be blamed on the ISP...

I would think all they need to do is show they warned their users they are 1. being watched 2. downloading illegal data. Actually providing the authorities with a history of the data is not their job and should only be the acquired by the authorities with their own equipment and only under a court order.

At the least the ISP's should give their users the ability to opt-out of their "data retention" programs.

Re:ISP's fearful of RIAA/MPAA? (1)

feedmetrolls (1108119) | more than 7 years ago | (#19472331)

So much for saying "In Soviet Russia, ISP watches you"

Short Answer: Not just them (0)

Anonymous Coward | more than 7 years ago | (#19472757)

It's not just MAFIAA. Botnets, dymanic-IP network-ban evasion, and other such mockeries go across a network. Would you like to stop this kiddie who keeps spamming your IRC channel with goatzee links and evading your bans by merely unplugging his modem to keep doing it every single day for the existance of the channel? That's why abuse@ exists, and that's why they keep IP logs.

Re:ISP's fearful of RIAA/MPAA? (1)

sgt_doom (655561) | more than 7 years ago | (#19472819)

But...does it really matter? With the government (i.e., the Busheviks) having dropped SilentRunner apps at each IXP location in North America, what does it really matter what those ISPs do.....

Re:ISP's fearful of RIAA/MPAA? (2, Interesting)

element-o.p. (939033) | more than 7 years ago | (#19472891)

There's a little more to it than that.

Most ISPs assign dynamic IP addresses to the majority of their customers. Where I used to work, we used RADIUS to provide dynamic IP addressing to our customers, and we would keep logs that would let us determine which customer had any given IP address on any given day and time. This data was used to help troubleshoot customer login problems, resolve billing disputes with customers, suspend and/or warn customers who had violated our terms and conditions of use, and yes, to fulfill subpoena requests.

However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did.

Re:ISP's fearful of RIAA/MPAA? (3, Insightful)

number11 (129686) | more than 7 years ago | (#19473593)

However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did

I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.

Re:ISP's fearful of RIAA/MPAA? (1)

Proofof. Chaos (1067060) | more than 7 years ago | (#19473197)

Actually providing the authorities with a history of the data is not their job and should only be the acquired by the authorities with their own equipment and only under a court order.
Actually, that is the new trend in law enforcement -forcing businesses to enforce the laws so the police don't have to. This frees up the police for more important things, like going after the businesses for not adequately enforcing the laws.

Brick and mortar businesses are required to make sure that their customers don't smoke or drink in the wrong places, that they aren't buying for someone who is underage, that they are not selling drugs, or even whether their driver's license is expired. If you own a business, you can be fined or worse for not enforcing these laws. Why shouldn't the ISPs also be turned into unwilling, unpaid police officers.

Rogers Slogan is "Don't be not evil." (3, Informative)

CheeseburgerBrown (553703) | more than 7 years ago | (#19472311)

My Canadian ISP, Rogers, is not on the list but if I were to hazard a guess I'd reckon they'd sell my tracks six ways from Sunday as soon as sneeze.

These are, after all, the goons who think just about any kind of encrypted traffic coming out of your box is a terrorist threat to the movie industry -- even if it's just a VPN connection.

Does anyone know what Rogers retention policies actually are?

Re:Rogers Slogan is "Don't be not evil." (1)

froggero1 (848930) | more than 7 years ago | (#19472359)

"Rogers does not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Rogers retains personal information only as long as necessary for the fulfillment of those purposes."

http://www.shoprogers.com/privacy1.asp [shoprogers.com]

Re:Rogers Slogan is "Don't be not evil." (1, Funny)

Anonymous Coward | more than 7 years ago | (#19472579)

In other words, they'll shop you, and you'll be truly rogered.

SHAW.CA does, but @ times with GOOD reason! (0)

Anonymous Coward | more than 7 years ago | (#19472575)

Shaw.ca does!

See here about an "article writer" (arstechnica derivative drivel fits the bill far better), Jeremy Reimer:

http://www.windowsitpro.com/articles/index.cfm?art icleid=41095&cpage=199#feedbackAnchor [windowsitpro.com]

Jeremy Reimer was caught:

1.) Email harassing others

2.) Impersonating others on his website

3.) Libelling others numerous times in edited photos and songs ripped off from SouthPark (no originality, the trademark of the arstechnica bunch)

4.) Then had his website removed from his hosting provider Shaw.ca along with his crony in Jay Little from CrystalTech.com

5.) They tried to lie about it no less, but the evidence is there posted for anyone to see.

6.) Then, they got their behinds handed to them on 15 different technical points (and, arstechnica is supposed to have this 'great computer guru user base' on its forums? NOT!) they could not disprove for over 3 years now.

Shaw.ca did the 'great article writer' Jeremy Reimer (plagiaristic buffoon) right on that one. The fool is still keeping it up no less. He has no respect for law, and not even for making his fellow arstechnica people look like fools as well.

A slashdot user named Starkruzr joined them there as well:

http://slashdot.org/~StarKruzr [slashdot.org]

And, like his idol Jeremy Reimer? Had his butt handed to he as well and is probably heading for trouble along with his fellow arstechnica friends, because it is cyberstalking they are doing (following a person around, off topic and looking stupid on their parts, online to many forums listed there for years on end).

You people @ slashdot are supposed to be good - but you post derivative drivel articles from this fool Jeremy Reimer?

Jeremy Reimer has no degree or certification in computer sciences, no professional hands on experience in them (much less years or decades thereof), & obviously, no skills whatsoever, except making his arstechnica bunch look terrible!

Re:Rogers Slogan is "Don't be not evil." (1)

Frostalicious (657235) | more than 7 years ago | (#19472635)

Last I checked, both Rogers and Shaw were refusing to turn over account information to the CRIAA. Has this changed?

That's pure troll (0)

Anonymous Coward | more than 7 years ago | (#19472939)

but if I were to hazard a guess I'd reckon they'd sell my tracks
You mean you don't know, and are just foaming.

the goons who think just about any kind of encrypted traffic coming out of your box is a terrorist threat to the movie industry -- even if it's just a VPN connection.
What goons? At Rogers? Somewhere else? Be specific. Oh, you don't know again?

Does anyone know what Rogers retention policies actually are?
Why yes, ANYONE WHO LOOKS IT UP ON THE ROGERS WEBSITE.

What idiot moderated that post as Score:4, Informative? There is nothing in it whatsoever.

Re:Rogers Slogan is "Don't be not evil." (1, Informative)

Anonymous Coward | more than 7 years ago | (#19474539)

I have a coworker who used to work for Shaw. He tells me that they log every single connection made to/from their customers, including at least source/destination IP and the amount of data transferred. He says they don't log the data itself. He says they have a huge SAN, and migrate to optical media for off-site storage with Iron Mountain. Supposedly they keep 7 years of records. I'm curious what they'd say if asked about this, he's a new guy and may be BSing.

fi8st p0st? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19472383)

Re:fi8st p0st? (0)

Anonymous Coward | more than 7 years ago | (#19472517)

YUO FA1L TEH INTERNEZT

Sure... We spy..... (3, Funny)

bagboy (630125) | more than 7 years ago | (#19472479)

because as a Sr. Network Eng for an ISP with thousands of users I have oh so much time to devote to tracking down every website you visit. Please, even if packet sniffing and tcpdumps are used, most ISPs can't afford manpower for intensive tracking... Maybe the big ones, but medium to small...

Time to encrypt (1)

nurb432 (527695) | more than 7 years ago | (#19472481)

Its time to encrypt EVERYTHING. ( at least until the government bans it )

Sure they know where you went, but not what you viewed or 'said' while there.

Re:Time to encrypt (warning: *sarcasm*) (0)

Anonymous Coward | more than 7 years ago | (#19472641)

Sure they know where you went, but not what you viewed or 'said' while there.
Well most people would just have encrypted connections to their public MySpace pages (after OK-ing that annoying invalid certificate prompt). Everyone knows that you can post whatever you like on your MySpace page, as long as you don't use your last name. That way no one will find it except your friends. And if you set a BIOS password (a good example is the brand name of your monitor or mouse), you can make sure that those annoying 3 letter agencies won't get into your computer while you're out of the house.

Think about that... (4, Insightful)

Ungrounded Lightning (62228) | more than 7 years ago | (#19472771)

Its time to encrypt EVERYTHING. ( at least until the government bans it )
Sure they know where you went, but not what you viewed or 'said' while there.


Back when I was operating a mailing list on a controversial topic on my home machine, I had a couple rules:
  - No postings soliciting or admitting to breaking laws.
  - No encrypted traffic (not just on the list: All traffic (except passwords) to-from the machine was in the clear).

The thinking was like this:

  - Police, other government investigative agencies, and various unofficial snoops have a long track record of ignoring laws against various kinds of eavesdropping. So you have to assume that the line might be tapped.

  - If the police became interested they could always get a warrant and tap the line. (Or illegally tap the line without a warrant to see what's going on, then (if it looked interesting) get a warrant to tap it legally.)

  - If the data was encrypted they could STILL get it - by getting a warrant and seizing the computer (and everything else of interest in the house).

  - If the data was UNencrypted they would want to keep a low profile to avoid scaring off any "bad guys", would eventually see that there was nothing to go after, and thus would probably switch to hunting real bad guys elsewhere and go away WITHOUT breaking in and trashing stuff.

"Encrypt everything" seems like a nice solution. But if only a few are doing it, just the fact that their traffic is encrypted makes them targets. It's easy to trump up enough stuff to get a warrant and go after the machine.

Once a LOT of people are all swapping lots of encrypted traffic (as the default way of "sealing" the "envelope" on the datagrams) the fact of encryption will stop making the users targets. (The police can still get a warrant and grab the machines. But with so many potential machines to grab they'll have to find some other way to pick the ones to hit - like by bothering to dig up real "probable cause" from other evidence, like they're supposed to.)

Fortunately we don't need to construct a "shelling point" for this: The internet is gradually moving toward pervasive encryption, as the legitimate need to encrypt for personal and corporate security becomes broadly understood. Once that becomes the norm our electronic "papers" will be about as secure as our physical ones. We're starting to get there. But IMHO we're not there yet.

Unfortunately we WON'T be fully safe using encryption until the typical machine configurations are such that, if the machines are seized, it will be impossible to recover incriminating data from them - even with passwords browbeaten out of their owners. Until that time it will still be useful to bypass encryption by raiding one of the machines at the endpoints.

= = = =

Re the list and "no encrypted traffic": When one of the regulate-the-internet laws was about to make it too much hassle to continue, we closed down the list (after finding volunteers to run its successor and - since the participants hadn't agreed to have their info forwarded - announcing the successor on the original list and giving people time to sign up.

Now I regularly use SSH to telecommute or to access the primary house machine from the vacation house. But that's still low-profile: It's clear from the IP addresses that the SSH connections are going to the company, coming from it, or coming from a single external dialup machine via a particular service provider.

Re:Think about that... (1)

BillS73 (1038062) | more than 7 years ago | (#19474743)

Encryption is treated as a munition and is covered under the Treasury department. If the key to an encrypted message is not given on request, there is an immediate 2 year imprisonment for the crime. I last recall the discussion in the mid 1990s on the development of PGP. It sort of fits with the current Gitmo mind set. Sorry I can not recall more details. At the time I thought that was a good deterrence to encrypting messages. I will try Googling at the library - Treasury munition encryption penalty...

sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (4, Insightful)

digitalderbs (718388) | more than 7 years ago | (#19472873)

fdD87d

64F5F6sAS4Dd46KJfUYd0NsafH54UJ6Y35U135KdYUsU1Jf35W Q544ASdf455saSA1dfF3AS5D5WQsEa5dr413L50fSAdDsA3QW5 DsfDfdALJd99AD09asdfK9J00aUIOsdfOU9I0dIaOU46IOsCVd Xf61S DF325eLJw5LKljLk3kjl18dfaw3F3DSADFsdfYDOewrs313aSS dfADuy5SA135D1H155yipHoiSDAjnkml51151LHHkmfSASd217

JD3hFdJf8o

SD45uio5K2o

Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (1, Funny)

Anonymous Coward | more than 7 years ago | (#19473185)

I'm so bored that I actually took the time to visualize the path your left hand took as you dragged it all over your keyboard while intermittently going for the shift key with your right. I bet it sounded cool. I also bet your roommate heard it and thinks you're insane.

Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (1)

dog_surfer (867813) | more than 7 years ago | (#19473607)

Left handed Dvorak rot is not the path of a Stainless Steel Rat.

Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (1)

IHSW (960644) | more than 7 years ago | (#19473887)

HOW is this insightful? wtf?

Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (0)

Anonymous Coward | more than 7 years ago | (#19473931)

It is supposed to be encrypted. Obviously.

Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (3, Funny)

Frogbert (589961) | more than 7 years ago | (#19474133)

HOW is this insightful? wtf?
kkskdmJJvnjAJnfnUwevPKaslaALmQMmkvkKMDMtnkemMmkSKm EMmskkdlOPIBnNWNu87wjjdGHW

Re:Time to encrypt (2, Insightful)

Eli Gottlieb (917758) | more than 7 years ago | (#19473199)

It would certainly help if many websites (including Slashdot) didn't refuse logins or postings from users running Tor.

Re:Time to encrypt (1)

Ken_g6 (775014) | more than 7 years ago | (#19474297)

I don't know; hypothetically ... if I was running Tor ... and if I did happen to send out my login information ... I wouldn't want the site to confirm that it was me who posted it. Although I would want to be able to post as an Anonymous Coward.

The survey should have included... (0)

Anonymous Coward | more than 7 years ago | (#19472487)

What info do advertising and spyware companies get from their adverts on websites and pass on to the authorities, record companies etc.,
Yes we all know that you can block adverts/spyware delete cookies etc., but how many users block 100%

Re:The survey should have included... (0)

Anonymous Coward | more than 7 years ago | (#19473041)

It's easy to bypass all the ads/spyware if you primarily use lynx and have a ~/.lynx_cookies.sav file for the few sites you actually want cookies for.
(btw I trully enjoy lynx and can't stand all the ads and page load times in graphical browsers)

Am I missing the point? (1, Interesting)

Novotny (718987) | more than 7 years ago | (#19472495)

If by spying, you mean conducting your communications via the interweb and invariably having copies of said communications either in deliberately or not deliberatley maintained logs... Its a bit like asking someone to tell your mate down the street 'it rains on Tuesdays' and then complaining when the intermediate seems to know your secret weather-forceasting tip.

IRC logs (2, Interesting)

Tribbin (565963) | more than 7 years ago | (#19472595)

Slightly offtopic, but ...

I seldom spend time on IRC.

Two weeks ago I was on #debian.

I asked the people if the conversations get logged.

Nobody present could tell me.

Is there a place when you can look up such things?

Re:IRC logs (2, Funny)

SpaceLifeForm (228190) | more than 7 years ago | (#19472731)

You might check here [nsa.gov] .

Re:IRC logs (1)

Thng (457255) | more than 7 years ago | (#19473237)

Yes there is a place [bash.org] to check if #debian is logged.

Re:IRC logs (0)

Anonymous Coward | more than 7 years ago | (#19473281)

I seem to recall back when some scene busts were going down that it was reported that a certain big university EFNet server was reported to be logging traffic, as well as (I believe) demon.co.uk and one other. I'm not certain how IRC traffic works, but at the least all it takes is one user in the channel connecting via a compromised IRC server to have the entire channel logged.

There is of course linknet where all traffic is encrypted. If you are concerned about such matters I would look into that.

Linknet: http://www.link-net.org/ [link-net.org]

Re:IRC logs (2, Informative)

ShaunC (203807) | more than 7 years ago | (#19473293)

Anyone in any channel could be logging (and publishing) the conversation, even if not "officially." Much like Slashdot, don't say anything in IRC that you'd hate to have someone find via Google.

Re:IRC logs (1)

complete loony (663508) | more than 7 years ago | (#19473911)

... or bash.org

Re:IRC logs (1)

paulmer2003 (922657) | more than 7 years ago | (#19474991)

Um, it would be impossible to find out if anyone in the channel were logging the conversations...There are no IRC server distributions out there that come with features to log users conversations...Awhile ago there was a module for Unrealircd to log users messages but its gone now..so, anyway, to answer your question, its impossible to find out if anybody else is logging. It would also be impossible to see if the server administrators changed the code so they could snoop on users messages.

AOL (4, Funny)

Shadow Wrought (586631) | more than 7 years ago | (#19472611)

Even though I never had an account with them, for the longest time they always seemed to know where I lived because they kept sending me CDs. Spooky.

VPN ISPs? (1)

Joe U (443617) | more than 7 years ago | (#19472715)

Aren't there VPN ISPs that terminate in neutral countries that can circumvent spying?

Re:VPN ISPs? (3, Informative)

cswiger (63672) | more than 7 years ago | (#19472905)

Um, the point of a VPN is to set up a secure tunnel to get to your destination network with the traffic encrypted en route, so it doesn't matter whether your ISP is snooping on your traffic or not. Now, if you wanted to host your destination server or network somewhere like Canada or someplace with less intrusive government monitoring, that might well be a good thought.

The problem is that the US via CALEA is requiring things like Cisco routers used to terminate many VPN connections be wiretap-friendly, so using a VPN tunnel might not be as safe as it was before that law came about. Cisco has a page about this, but it doesn't actually give you much specific info:

http://www.cisco.com/wwl/regaffairs/lawful_interce pt/ [cisco.com]

Re:VPN ISPs? (1)

Joe U (443617) | more than 7 years ago | (#19473135)

Actually, I was describing a VPN system where you terminated in some country that doesn't have rules like CALEA.

So, I would tunnel to a friendly country like Sealand (example) and send all my packets out from there.

Re:VPN ISPs? (1, Informative)

Anonymous Coward | more than 7 years ago | (#19473143)

1) The router would be in the safe country anyway, therefore wouldn't be subject to physical wiretaps at the endpoint.

2) Don't waste your money on a Cisco router. It is MUCH easier and cheaper to just rent a Linux machine in a "safe country" and install OpenVPN [openvpn.net] on it.

3) Most of your traffic is going to be routed back through the US or EU anyway, where most of the world's servers (and backbones) are located.

4) Your "safe" routing node is still identifiable, even if your ISP refuses to give up your name/address. There are other ways of achieving the same goal through analyzing your traffic after it leaves the endpoint of your encrypted node.

Couch Potato Land (1)

sciop101 (583286) | more than 7 years ago | (#19472865)

At http://www.net.tv/ [www.net.tv] you watch the ISP.

Looks like it's time for... (1, Informative)

Anonymous Coward | more than 7 years ago | (#19472935)

A whole lot more TOR servers to sprout up. When everyone switches to encrypted traffic on all the normal ports, your connections might be logged and the data transferred between you and the onion network copied, but how long would it take to sift through the internet's traffic if it were all encrypted?

Now that we know what to expect..... (1)

3seas (184403) | more than 7 years ago | (#19473021)

... consider what your reaction to this is going to be.

Suggested Search terms:
"Well damn, if I look at crack sites, am I going to be busted for attempted piracy" when I was really looking for a download 30 trial of autodesk Inventor 2008. Its also interesting that directly after the last law related passed, all crack sites are asking for some small amount of payment --- so as to verify identity....

I'm absolutely certain that search terms can be made to communicate to the spys well enough to cause a "MAD - Spy vs. Spy" episode in real life internet.....

I also discovered that AT&T (bellsouth) can see even my passwords to email accounts not on their network if I use their network to access it. And note even I don't get to see the password I type in......

There is a whole bunch of shit going down so it should be real easy to cause such a spy vs spy event... perhaps one dealing with the fraud of software patents.

Re:Now that we know what to expect..... (1)

adarklite (1033564) | more than 7 years ago | (#19473271)

Email, even passwords, are in cleartext. It'd be like being asked to pass a one word note in red with the ink faded through and not be able to read it.

Re:Now that we know what to expect..... (1)

DragonTHC (208439) | more than 7 years ago | (#19474663)

your passwords are in cleartext.

mine are not.

all my email goes over SSL or TLS connections.

Obligatory (1)

The Orange Mage (1057436) | more than 7 years ago | (#19473029)

In Soviet Russia, Internet browse YOU.

Re:Obligatory (1)

justinlee37 (993373) | more than 7 years ago | (#19473343)

hahahahaha.

Optimum Online (1)

jtull89 (986572) | more than 7 years ago | (#19473035)

Unfortunately, this doesn't cover my ISP, Optimum Online. :-(

Time of Day (2, Funny)

Anonymous Coward | more than 7 years ago | (#19473225)

four national ISPs would not give Wired the time of day
What, they blocked port 123?

The Article Seems To Be Incomplete (1)

Soloact (805735) | more than 7 years ago | (#19473707)

It seems to me that there are a whole lot more "major" ISPs than those listed in the article as being contacted. IMHO, it isn't a very complete study.

Its the Public Internet, what do you expect? (0)

Anonymous Coward | more than 7 years ago | (#19474369)

Call Detail Records - ISPs tend to hang on to them for at least a years time. This has been going on since the dawn of time and in several areas there are local regulations governing CDR retention for assisting legitimate LEA activities. They are typically also used for billing purposes and are sometimes quite useful for customers to access their own call records to see in their family...etc is using their accounts. IMHO NBD

Selling traffic analysis of customers is not cool and if I knew my ISP was selling my traffic stats I would immediatly cancel my account and go with one who wasn't. Crap like this should not be tolerated.

The surveillance CALEA issue is sad -- nothing like giving yourself more power by reinterpreting the english language in the face of explicit wording from congress in the public record to the contrary.

Why go to congress to mess up your country with a new law when you can do it yourself by rewriting the english language.

Its not like there were not laws already on the books covering assistance with investigations and court orders. ISPs were never in a legal position to say no to a legit court order.

Re:Its the Public Internet, what do you expect? (1)

phantomflanflinger (832614) | more than 7 years ago | (#19474851)

ISPs were never in a legal position to say no to a legit court order.
Seriously, you think they don't do that?

Last post! Finally I got one! Plots Sat! Stop Lats! (This is the kind of thing I'm supposed to say here, isn't it?)

won't work (1)

jtgd (807477) | more than 7 years ago | (#19474849)

It seems trivially easy for the government to simply monitor this application and omit from their logs every search involving any two words from the apps dictionary. A perfectly clean log of your actual searches will remain.

--J

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>