The Register® — Biting the hand that feeds IT

Feeds

T-Mobile 'fesses up to secure email ban gaffe

T-Mobile was caught blocking the secure transmission of emails earlier this month, and VPNs too, but the operator claims the former was a mistake while the latter is a legacy from a bygone era. The problem turned up around the end of December when some punters found T-Mobile was responding to all encrypted SMTP connections, …

This topic is closed for new posts.
Anonymous Coward
Anonymous Coward

Carrier IQ

Remember it's the networks who seemed to be the main ones behind Carrier IQ's recent antics. They want to see everything you do on their networks, and secure email and VPNs are a problem for them.
Irongut
Reply Icon

Carrier IQ intercepts key presses so no need to prevent secure email or VPNs because if they want the content they already have it. Moron.

Mike Cardwell

No conspiracy theory here

As the author of the post, I'd just like to say something. All I described was what I saw, and how I got around it. I compared its "technical" behaviour to that of Chinas firewall, because both use spoofed RST packets to disrupt connections. I didn't provide any commentary on my opinions of why they were doing the blocking, or whether or not they should. I don't consider it a "news piece", rather a simple technical description of a problem and a solution, for people to learn from. A lot of people have twisted what I wrote to make it sound like I'm describing some sort of conspiracy. If that's what you think, read my article again. To be fair, TheRegister has probably twisted it the least amount. Compare it to the boingboing.net interpretation for a laugh.
Camilla Smythe
Reply Icon

Appreciated

The title is the message.

charlie-charlie-tango-alpha
Reply Icon

I'm with Mike

Like Mike Cardwell, I too run my own mail server. And for some few months now I have seen exactly the symptoms he describes (my logs show "lost connection after STARTTLS from unknown[178.107.44.76]" for example). But the problem was intermittent and I never got around to sniffing the traffic as I had promised myself I would. The problem is compounded by the fact that I use my own X509 certificates for TLS (so the certs are not signed by a separate certificate authority) and the mail client I use on my phone (k9mail) seemed to have problems with that. So, I wasn't /exactly/ sure that t-mobile was at fault. Now I am. have banged off a complaint to T-mobile via the forum (and pointed out that my contract is shortly due for renewal).

I run my own mail server because I like being in control. If my network provider interferes with my traffic, then I am not in control. So I'll get some PAYG SIMs to try others.

P. Lee
Facepalm

old contracts without vpn

Despite what the original contract says, surely its time to remove "features" which inhibit security systems?

Shannon Jacobs
Holmes

Breaking the spammers' business models

Since the so-called responsible parties such as T-Mobile are so continuously incapable of dealing with the spammers, why don't they ask for help? For example, if they provided the tools, would you be willing to donate a bit of your time to help make the spammers' lives even more miserable? T-Mobile and their ilk don't need to give us the guns, they can just ask us to help them recognize the targets.

This approach only depends on a few basic assumptions:

(1) Most people hate spam and the spammers are searching for a tiny fraction of suckers.

(2) The spammers can't obfuscate the parts of the spam that have to be understood by human suckers before the spammers can get the suckers' money.

If they (T-Mobile and friends) make it easy enough, then all it would take is a relatively minor effort by a relatively small fraction of the people who hate spammers to completely block the spammers from their suckers. I'm not suggesting that you can remake the spammers into decent human beings, but if you cut off their revenue streams from spamming, they will crawl under some other rock, almost surely a much less visible one.

This topic is closed for new posts.