back to article Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands

The UK government's bid to massively ramp up surveillance of Brits' online activity is due to land imminently in the form of the draft Investigatory Powers Bill. It's not the first time, though: successive UK governments have gone through a series of aborted attempts to push to legislate for the bulk collection of Brit …

  1. Your alien overlord - fear me

    Is this why Microshit is limitting their cloud space? All ISP's will be required to store visited websites and store the URL (and identifying IP,name,D.o.B.,email etc) with MicroShit so the NSA can also look without legal oversight.

    1. Afernie

      Uh no, probably not. It's because they were offering unlimited storage and then were surprised when loads of people took them at their word and stored tens of terabytes on Onedrive.

      Hanlon's Razor, etc etc.

    2. tom dial Silver badge

      In addition to Afernie's apt observation, it may be worth noting that this is not at all about the NSA, but about what is thought to be in a proposed act of the UK parliament. The NSA appears to be quite able to take care of its own interests, which do not include nearly all citizens of the UK, any other Five Eyes country (including the US), or other western European countries.

  2. Anonymous Coward
    Anonymous Coward

    storage vendors will be rubbing their hands! What a total waste of time and effort this thing is going to be. You might pick up the odd bit of intel from a total feckwit but anyone involved organised crime, pedo's or terrorists are just going to use a PAYG phone and chuck the sim away after they've finished. Once again technical issues being discussed by PPE graduates who's grasp of who these things work is an embarrassment.

    1. Anonymous Coward
      Anonymous Coward


      Chuck the phone. IMEI traces were used to track US agents in Italy doing naughty things. You would have thought they new better.....

    2. Daggerchild Silver badge

      Oh I could do much worse with it. This is just the start.

      I'd embed javascript into ads or transient stuff that made your browser silently get URLs from 3v1L places without you knowing, then a few months later I'd bring you to their attention by mentioning you in 3v1L places they monitor. After that you'd have to prove your innocence with your no-evidence vs their indisputable computer-recorded proof that you are an evil terrorist Corbynite.

      At the very least all your computers, phones and pets are confiscated. With a good roll of the dice it may destroy your career and maybe your life.

  3. Tony S

    Follow the money

    Someone, somewhere is determined to make this happen.

    I'm going to go out on a limb and say it's nothing to do with trying to prevent what ever BS they talk about; it is entirely to do with getting access to large amounts of data regarding people's habits that they can then market and sell for stupidly large amounts of money.

    And being cynical, I'd say that someone, somewhere is pocketing some serious dosh to try and persuade the idiots that sit in the HoC that it is actually for the benefit of everyone.

    1. Afernie

      Re: Follow the money

      That may play a part, but I reckon the endgame is much, much worse - something a bit like this

  4. Blank-Reg

    Here we go again. One would hope that some MP's see this for what it is, and put Country before career. However, I fear not.

    If it does pass, how long before some clever social engineering exposes MP's full browsing history. The squirming and fallout will be delightful to watch

    1. Anonymous Coward
      Big Brother

      put Country before career

      Not a chance. This is the depth of slime we're currently wading through.

      And someone has been DDoSing the fuck out of ProtonMail for the last 12 hours. Just a coincidence, I'm sure.

  5. Gordon 11

    If the website uses https then surely all they can store is the IP address you called?

    As for the LibDem comment - it was dead and buried whilst they were sharing power.

    1. Ben Tasker Silver badge

      > If the website uses https then surely all they can store is the IP address you called?

      No, they can store the FQDN as well.

      That is, assuming the client used SNI when establishing the SSL/TLS session - take a quick PCAP and look at the initial handshake, you'll see the domain name of the site you're visiting in the early packets.

      Obviously they still can't see whether you visited or but they can see the names of the sites you visited.

      1. phuzz Silver badge

        A sufficiently motivated attacker could guess what you're looking at from the size of the transactions and other metadata.

        For example if cuddly_kitten.jpg is 500k and is 2MB, it's possible for someone with access to your connection to make an educated guess as to what you're looking at.

        1. Ben Tasker Silver badge

          >A sufficiently motivated attacker could guess what you're looking at from the size of the transactions and other metadata.

          > For example if cuddly_kitten.jpg is 500k and is 2MB, it's possible for someone with access to your connection to make an educated guess as to what you're looking at.

          True. Though if we're staying on one broad domain (for example working from Google's cache) it's not quite so easy to make that educated guess. Yes it probably isn't an image due to size and time between requests, but what else could it be, there's a large variety of options?

          That all falls apart as soon as you change between domains though (as you would with a Google search). Even if the FQDN wasn't in the SNI exchange, you've still got to place a DNS query. If you're looking at a lot of different sites during the same browsing session, is there any commonality?

          Browsers block it by default now, but one traditional route of leakage was HTTP resources on a HTTPS site, snarf the referrer header from the plaintext requests and you know exactly what your mark was looking at. Something similar can still be done if the HTTPS site is silly enough to carry flash based adverts too.

          Basically, yeah, if the person watching is sufficiently motivated, there's not an awful lot you can do to keep that information secret, but there's plenty you can do as a "casual victim" to make it harder for someone to peruse

  6. Sir Alien

    All that will happen now...

    Is that people who want to keep some data private (or criminals too) will simply use VPNs to countries with more strict privacy rules (or countries that don't give a crap what the UK government says)

    Outlaw VPN I hear you say? Well prove it is in use as you can simply do SSL VPN over port 443 which is normally used for encrypted web traffic. Oh wait, lets ban encryption all together so now you must let us see what you do in plain text.

    You can no longer speak in code words either, obviously only terrorists do that.

    Please stop this planet so I can get off.

    - S.A

    1. Ben Tasker Silver badge

      Re: All that will happen now...

      > Well prove it is in use as you can simply do SSL VPN over port 443 which is normally used for encrypted web traffic

      Traffic rate analysis will soon tell you whether it's an "ordinary" HTTPS connection, someone streaming HAS video or a VPN link. So it's not bullet proof, it just increases the cost of the monitoring kit we, as customers, have to pay for

      1. Anonymous Coward
        Anonymous Coward

        Re: All that will happen now...

        Yeah until we over come that by doing traffic mimicking. Good luck with your analysis.

        If there's a will, there's a way.

        1. Ben Tasker Silver badge

          Re: All that will happen now...

          Have you ever tried running and analysing cover traffic? It's not nearly as straight forward to get right as you make it sound.

          Not to say it's impossible to do right, just that most attempts at cover traffic are quite easy to spot if you sit and watch behaviour for a while first. What it does do though, is raise the effort and expense of doing traffic pattern analysis, which is never a bad thing

  7. Uffish
    Big Brother

    What's next?

    A total ban on whispering? "It's not fair" say spooks "we can't listen in".

  8. Anonymous Coward
    Anonymous Coward

    The Tories are now, officially, Bond Villains.

    Seriously, watch Spectre. A massive expansion of government powers- disliked /by a bit of the security services that exists to shoot people the government doesn't like/ features heavily.

    It should be a piece of piss to get this bill knocked back. But will they?

    1. Sir Alien

      Re: The Tories are now, officially, Bond Villains.

      The party in power is irrelevant as they all seem to be doing the same. Tories, Labour or <insert party of choice>. If they did not do it, the next party in power would have, like it or not.

      - S.A

    2. Warm Braw Silver badge

      Re: The Tories are now, officially, Bond Villains.

      Well, my analogy is that it is the "Section 28" of the 21st Century: an opportunist attempt to exploit (and indeed encourage) fear and paranoia for the purposes of throwing the increasingly fractious right wing of the Tory party something to chew on. It may even help Theresa May in her leadership ambitions - it certainly didn't hurt David Cameron that he'd campaigned against the repeal of Section 28. On the other hand, once he became leader Cameron had to apologize and perhaps the same fate awaits Ms May.

      Where the analogy breaks down is that the early indications from the newly old Labour party are that they're going to back it too, presumably because they feel that their lack of clarity on defence policy needs to be protected from further scrutiny. Unlike their constituents browsing habits.

    3. Mike Richards

      Re: The Tories are now, officially, Bond Villains.

      'It should be a piece of piss to get this bill knocked back. But will they?'

      Of course not, the Tories who don't want the state interfering in things that matter are gagging to impose this law. Labour's shadow Home Secretary is Andy bloody Burnham who tried to drive ID cards on to the statute book.

      Anyone who stands up against this bill will be portrayed as a Friend of Saville (by the people who protected Jimmy Saville for so many years) or a wannabe jihadi.

      1. Anonymous Coward
        Anonymous Coward

        Re: The Tories are now, officially, Bond Villains.

        The BBC R4 Today programme had two interesting interviews. An IT industry person explained coherently why the proposals are bad. The Police spokesperson making the case for their "Operational" reasons just kept rolling out examples of child abuse and missing teenagers on the run from homes. In other words the only card they are playing is the emotional "think of the children". She apparently agreed that the really big criminals would have the resources to evade the surveillance.

        It seems to me that the Police's stated needs are all suspect.

        1) terrorists and organised crime aren't going to use the obvious communication channels.

        2) most child abuse occurs in the home.

        3) the "war on drugs" has never worked. Use should be made legal like alcohol - and the manufacture and sale regulated for safety as a health issue.

  9. lurker


    So would PGP become outlawed in the UK as a result?

    I thought we'd already been through all this in the USA decades ago. Maybe it's time to dust of the RSA algorithm t-shirts. You can't outlaw maths, clueless government is clueless.

    1. This post has been deleted by its author

      1. David Roberts

        Re: PGP

        Since when? I've dealt with Nominet without using PGP.

  10. Tachikoma

    Hmmm... anyone else notice CCDP is only one letter iteration away from CCCP?

    Confirmation May is a (wannabe) Communist dictator!

    1. CCCP

      Now you've made my user name feel dirty! Euurgh.

    2. Jellied Eel Silver badge

      CCDP? Certfied Cisco Design Professional?

      It's strange people are up in arms about our security services wanting to do this, yet many are happy for Win10 or Google to hoover up far more personal information.

  11. Anonymous Coward
    Anonymous Coward

    Sounds foolproof to me....

    C:\> backdoor.exe file.dat

    UK Gov Backdoor Decrypt version 1.0

    Are you REALLY authorised to decrypt this file? (Y/N)


  12. Teiwaz Silver badge

    UK=Airstrip One

    This is another step toward a Secret Police State...

    I do hope Theresa May doesn't end up as the image for BB, I don't think I could put up with the 'Sea Devil' glaring at me from every screen 24/7.

  13. Neil Barnes Silver badge

    For the first time ever

    I have been moved to write to my MP.

    Usually I restrict myself to haranguing him on the doorstep once every five years.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: For the first time ever

      Just type it into Google. He'll see it.

    3. Anonymous Coward
      Anonymous Coward

      Re: For the first time ever

      Think yourself lucky that you get to meet your MP.

      My constituency is gerrymandered with a vast area of rural England, thus guaranteeing an easy Tory majority regardless of the urban plebs like me. My honorable representative doesn't feel any need to bother with people that don't drink in the same gentleman's club.

      Needless to say, any letters to him receive a patronising template reply.

      1. Ben Tasker Silver badge

        Re: For the first time ever

        > Needless to say, any letters to him receive a patronising template reply

        My MP sends those for any issue she officially disagrees on. More than happy to send something slightly less patronising when she agrees with what you're saying though -they're on our side and all that.

    4. My Alter Ego

      Re: For the first time ever

      You've met your MP? Mine was parachuted into a nice safe constituency, so has never seen the need to show his face.

      I've written to my MP - in a different constituency - before, it was regarding BT's Phorm fiasco. He sent a very nice reply that pretty much quoted Phorm's PR rubbish, with the "opinion" that I needn't worry because they say so.

      Interestingly enough, there are some parallels between the two. The difference being that was one to make money and the other is to save us from 8ft tall terrorists with laser beams under their moustaches.

      1. Grahame 2

        Re: For the first time ever

        Although sad to say the vast majority of people don't really understand the issues, many people do care or did care. I say did care, they probably still do, but are suffering from fatigue, the powers that be will keep resurrecting these proposals until the pass, ether in whole or as many parts to be assembled later by statutory instrument or generous legal interpretation.

        Many that have had the 'pleasure' of seeing the physical inner workings of a UK ISP will know the technical capability has been well established for over a decade.

        I repeatedly explain to the 'nothing to hide, nothing to fear' brigade, that I am not that bothered about my Internet activity being examined by the security services, it would be a rather boring waste of their time and our money. I do however want it to be possible for those with power, state authorities and corporations to be held to account when they break the law or act against the public's interest.

        At present you have to be pretty dedicated / insane to be a whistle-blower, when it involves any part of government or secret sweetheart deals between big business and government, usually backed by the old revolving door. As HMRC has shown they are happy to use the apparatus of the state, sold to the public on the basis of protecting them from terrorism, to track down those telling the public of private tax deals.

        The surveillance is here, it is not going away, it is going to get more pervasive and capable. All we can do is press our so called elected representatives for accountability. I have written to my MP three times over the years, always reasoned polite about the need for oversight.

        I only ever received one response which was clearly a stock letter saying that 'there are threats the public are not aware of, and just accept that these powers, although vaguely defined are for my own good'

        I must admit fatigue has begun to set in, my MPs clearly don't see it in their interest to fight the tide, and as we more ever closer towards more Corporatist government the best policy might be just to be mindful of what I say and don't draw attention to myself. I don't want to be secretly classified as a 'non-violent extremist' whatever one of those is.

    5. Anonymous Coward
      Anonymous Coward

      Re: For the first time ever

      What? You actually get to see your MP in person? Ours is just a name on a ballot paper.

    6. Bronek Kozicki Silver badge

      Re: For the first time ever

      Yeah, I will write to mine too. But first I need to read this bill, or at least its analysis.

  14. Grahame 2

    ubiquitous vs targeted

    It seems to be that for just about every terrorist atrocity committed in the west, the perpetrators were known to the security services for some considerable time, warranted monitoring of targeted individuals and websites can be done within the existing laws and with considerably less legal/moral issues, monetary expenditure and technical problems than implementing ubiquitous surveillance of the entire population.

    This is about something else, money, power and control.

    You don't need a tin foil hat to see the money angle, the amounts of taxpayer money being funnelled into this will be huge, hopefully (in the eyes of the beneficiaries) replacing that of traditional military spending, which is proving increasing difficult to justify without actually fighting wars. Wars are proving to be more complex and problematic than they once were. Often it is the same security cleared defence contractors that will be supplying the surveillance infrastructure instead of weapons.

    The power and control angle may seem a little more towards the metallic lined head-ware brigade, but it is not hard to see that the world economy is going to be seeing some rather significant 'rebalancing' as globalisation advances. Increased unrest is a likely outcome, so it will become increasing important to control the public narrative. To this end it will be necessary to monitor the public mood and to disrupt and eliminate elements that threaten the official narrative; campaigners, labour unions, activists, journalists, whistle-blowers etc.

    That is why surveillance has to be ubiquitous and unaccountable, not targeted or accountable.

    </devil's advocate>

  15. alain williams Silver badge

    How times change ....

    30 years ago: British politicians were loudly telling us that life in East Germany was bad and that the Stasi watched your every move, spies everywhere!

    Today: British politicians are trying to out spy the Stasi - we are now more snooped on than East Germans ever were and they want to make it worse.

    1. Anonymous Coward
      Anonymous Coward

      Re: How times change ....

      Trying? The Stasi only had enough to fill the one building in paper form.

      1. Mark 85 Silver badge

        Re: How times change ....

        They (the Stasi) were better informed since their info was targeted. Then again, if they were around today, they would be doing massive surveillance. Oh wait... nevermind... the 5-Eyes and every other country seems to have left the Stasi in the dust.

  16. Zimmer

    All the better to control you with....

    ..and those who could access this wonderful store could find/plant anything they desire and use it for leverage on anyone; MPs (government and opposition), Ministers controlling budgets, you, me...anyone...

    Large Tinfoil hats all round, chaps... and my coat's the one with just cash in the pocket...

    1. Grahame 2

      Re: All the better to control you with....

      Indeed, one of the big issues raided by the 'licence to hack' is that once a computer is compromised, it is just as easy to upload as it is to download.

      As I think has been mentioned in Snowden documents the possibility to upload 'multimedia content' that will result in the target's reputation, social standing and even liberty been taken / destroyed.

      I don't have to spell out that that means. Any state hacking needs the be subject to total monitoring and oversight be totally independent authorities, preferably working under double-blind conditions.

  17. Anonymous Coward
    Anonymous Coward

    is currently putting a 0 iframe on all of his sites pointing to massively unsavoury places on the web

    safety in numbers eh

  18. xj650t

    And what happens

    When your ISP gets hacked (Talk Talk?) by some script kiddies in (insert random country) and all your browsing history ends up on PasteBin.

    I'm sure the prospect of a 2 year stretch for "knowingly or recklessly obtaining communications data from a telecommunications operator without lawful authority" will put the wiilies up them.

  19. Anonymous Coward
    Anonymous Coward

    Not news

    The Government already has access to this information, after having installed "black boxes" at all ISP about a decade ago. All this does is put it on a legal footing. James Bamford in his book "Shadow Factor" explains this has been going on for some time (and pre-dates Snowden). See for example:

    Government plans for 'black box' web surveillance take shape

    Fri Nov 07 2008

    1. Smooth Newt

      Re: Not news

      All this does is put it on a legal footing.

      Whilst the security services and police had a free hand by operating below the radar, no-one could question what they were doing because no-one knew.

      Once it is brought out into the open in Parliament and the courts, they can't just hide behind the traditional "we never comment on security matters", which completely changes the game.

      1. Uffish

        Re: Not news

        Sure, they were spying their socks off before and now all that the spooks want is to continue as before and with the minimum of additional paperwork and oversight (i.e. none). Can't blame them for that, but Parliament has now to address the problem of a regulatory framework for spying on the inhabitants of the UK.

        One small crumb of comfort is that we will at least get to see the intelligence, democratic instincts and innate morality of MPs and, maybe, Peers. Should be interesting.

  20. batfastad
    Big Brother

    As voted for by YOU!

    As voted for by YOU!

    And people say democracy in the UK is not broken?

    Either the blues or the reds get voted in, despite more people actually not voting for them. Some vague waffle on their manifesto and in press conferences about how everything will be wonderful. Then do whatever they absolutely fscking want when they get in because they feel they have a mandate, advised by the usual crew of blazer-wearing eunuchs and history of art degrees.

    I despair. I really do. The Great British public had a chance to modernise with the referendum on AV (though not perfect, still better than FPTP IMO) but they p1ssed it away.

    Constant coalition politics, so loonies on both sides are kept in check, preventing the vague lurch of Tories<->Labour, encourages long-term strategy instead of getting through until the next election, might even encourage constructive debate in Parliament instead of the school playground bickering you normally see between Gov and opposition. A legislative cycle of 2-3 years, parties submit the exact diffs of the legislation they wish to change/add. It is then voted on by the people who will be governed by that legislation, then changes merged or rejected.

    ... Or something like that, I've not figured out the details. Just vote batfastad in as your great leader overlord and it will all be wonderful. I promise.

    On a less-ranty note, who the heck is paying for all this? Oh, me, you etc as usual. Cheers May, you witch.

    1. Smooth Newt

      Re: As voted for by YOU!

      The Great British public had a chance to modernise with the referendum on AV

      It's not their fault. The median IQ is 100, so half the population are of above average stupidity and easily swayed by a few sqillion quid spent on fear, uncertainty and doubt.

      1. batfastad

        Re: As voted for by YOU!

        It's sadly true. Keeping people stupid and scared is essential.

        A thing I didn't mention in my rant but everyone should immediately dig up a documentary called "The Power of Nightmares" from the early 2000s. Required viewing.

        1. Anonymous Coward
          Anonymous Coward

          Re: As voted for by YOU!

          This one?

          1. Anonymous Coward
            Anonymous Coward

            Re: As voted for by YOU!

            Better link where you can download the whole file:


            Bitter Lake is also well, well worth the watch if you have access to iplayer*:


            * iplayer closed off many foreign VPNs recently. I guess irony can be pretty ironic sometimes.

          2. Pedigree-Pete

            Re: As voted for by YOU!

            Brilliant link. I'll watch the follow ups too. Mindless idiots our politicians.

    2. Graham Marsden

      @batfastard - Re: As voted for by YOU!

      > The Great British public had a chance to modernise with the referendum on AV

      A referendum that was designed to fail, because we weren't given a choice as to what we would like to replace FPTP, because those who supported various forms of PR voted against AV as that wasn't what they wanted, because the Tories had rich supporters who could put up posters like "Vote NO to AV or the baby dies"...

      The end result was simply that the Tories could spin this to claim that we didn't want a change.

      1. Anonymous Coward
        Anonymous Coward

        Re: @batfastard - As voted for by YOU!

        The method of AV that was offered would only make a difference in a few marginal constituencies. The results overall would not be much different from FPTP. It would not have given Parliamentary representation to all those who voted for parties whose support was evenly spread across the whole country.

    3. et tu, brute?

      Re: As voted for by YOU!

      > As voted for by YOU!

      Sorry, not by me... Not because I don't want to vote, but as an expat I'm not allowed to, even though they get to spend my tax money! Bloody bastards! Revoking my right to vote for the candidate that I feel will do the best with the money I give them (willingly, as I could easily start dodging tax like most of the rich and famous!)

      > And people say democracy in the UK is not broken?

      Who says that? Obviously it's broken! Biggest problem with this second world island is that the citizens want the rights of a democracy (i.e, freedom of whatever they stand for, etc) but forget that democracy actually has plights as well: for it to work, everybody HAS to vote! Not voting is telling the government that you agree with their viewpoint, whatever it may be, as you don't seem to have an opinion, and are thus happy to have all decisions made for you!

      The only problem with the plight to vote is that the current ballot system rejects spoiled ballots as being not counted/cast votes. If these were properly counted, and happened to win the majority, it could be a big message to all candidates that the people in the constituency reject all of them, and thus the election should immediately be voided, and redone, until an actual candidate wins more votes than the spoiled ballots.

      And then, as a counter balance, the system needs the possibility to recall this elected individual when it (as I don't want to say he or she, as IMNSHO politicians are barely human) reneges on the promises that got it elected in the first place. This recall would need a quarter of the constituents to agree that promises have been broken, and that would be enough to cause a new election in said constituency.

      Hmmm... need more wine to solve the rest of the democratic process...

      If you think this is all bullshit, mine is the coat with the non-British passport in the pocket...

  21. Anonymous Coward
    Anonymous Coward

    This is a typical english forum

    We whine, we do nothing, we let shit like this pass, we get on with our lives.

    Correct me if I'm wrong. This is just the next step on that slippery slope that many of us warned about years ago. Yet some people claimed it was fine, it was safe.

    1. Graham Marsden

      Re: This is a typical english forum


      Go to and find out who your MP is and WRITE TO THEM! Tell them why this is a bad idea, tell them why it won't work, tell them how short-sighted this is.

      Sure, maybe they won't listen, maybe they'll just send back a form reply trotting out the Party Line, but maybe, just maybe there are *some* of them who will listen. They're not all self-serving greedy bastards, some of them do actually have a brain and a conscience and with prompting can be persuaded to think about what they're voting for instead of just doing what the Whips tell them.

      1. Anonymous Coward
        Anonymous Coward

        Re: This is a typical english forum

        The only way my Tory MP would vote against the party line is if the Vatican told him to. Still - I'll try sending him an email to see if a few years in Parliament has made him more courageous than he was last time.

    2. Danny 2 Silver badge

      Re: This is a typical english forum

      Um, typically British forum. I've been trying and failing to persuade my SNP MSP to use Protonmail for months. I even suggested they bung Protonmail a large amount of cash to issue every Scot a protonmail account. Plus my doctor, who innocently mistook my request for a single date of treatment and sent out my entire medical records via gmail. Not that I wanted to work for google anyway.

  22. Velv Silver badge
    Big Brother

    Sounds like a good week to be a non-EU based provider of VPN services to start selling your services in the UK

  23. Eponymous Cowherd


    So they are going to store the web addresses you visit?

    They DO know how trivially easy it is to ensure that the only web address they ever see you visiting is "https//", don't they?

    1. Afernie

      Re: Morons

      "They DO know how trivially easy it is to ensure that the only web address they ever see you visiting is "https//", don't they?"

      They do, but they also know the masses don't, or don't care.

      1. Chloe Cresswell

        Re: Morons

        Weirdly the masses do "know" about it.. it's how they try to get on facebook when it's been banned at work..

  24. This post has been deleted by its author

    1. Sir Alien

      Although there is some slagging (this is normal in any community) people are doing something about it. Just like government implementations take time people can't just flip a switch.

      But yes, you will find VPNs become more common and PGP signed emails too.

      All in good time.

      - S.A

    2. Anonymous Coward
      Anonymous Coward

      Very sad to see this comments thread descend into spammy handwaving, and random slagging off of government proposals, without any objective comments.

      I agree, but it's a little difficult to make objective comments before the proposed legislation has actually been published. Which is why this is my only comment for the moment.

      No doubt I'll get all handwavy when I've read it through, but for now ...

    3. Tony S

      "And yes, writing to your MP does make a difference, however small."

      Written many times over the last 4 decades to each of the various MPS (and sometimes candidates as well); I have yet to see any examples that they have even remotely taken the slightest notice. But I live in hope.

      However, I would happily support the notion that if more people did take the time to raise a fuss, then they might start to take the issues more seriously. Certainly, if no can be bothered, then they will just carry on in their own sweet way.

  25. JamieL

    How do they know it's "me"?

    In my household there are at least four people and getting on for a dozen devices that access the internet through one ISP & IP address.

    How the hell will they know which person they are tracking the browsing history for?

    It was hard enough trying to control my sons' access through my router even with fixed internal IPs and firewall rules and OpenDNS... once they knew I was doing it they simply took to leaning out of the window and using the free wifi from the pub across the road!

    Although I'm thinking it's a good reason not to have a go with IPv6 where the traffic can be more easily traced back to individual devices...

    1. allthecoolshortnamesweretaken

      Re: How do they know it's "me"?

      They don't, but there is a fix for that.

    2. Anonymous Coward
      Anonymous Coward

      Re: How do they know it's "me"?

      They don't but that person who gains access to your WiFi will make you all suspects, even if you are completely innocent.

    3. Grikath

      Re: How do they know it's "me"?

      Didn't you get the brief? The UK govt & cronies have gone all "Guilty until proven Innocent" on their own nation. Run while you can.

  26. Gordon 10 Silver badge
    Black Helicopters

    Fluff browser plugin

    if this comes to pass it will be time to layer up the protections.

    Like dna analysis can be foiled using detrius from the back of a bus, what we need is for all the browsers to support a "fluff" plugin that seeds your actual surfing habits with lots of random, but not too dodgy stuff.

    I foresee the Tor Browser bundle getting a bigger lease on life too.

    1. Old Handle

      Re: Fluff browser plugin

      What use is it if the fluff is never "dodgy"? That would mean any any record of you visiting dodgy site is real.

  27. John H Woods

    It was a

    b̶r̶i̶g̶h̶t̶ ̶c̶o̶l̶d̶ ̶d̶a̶y̶ ̶i̶n̶ ̶A̶p̶r̶i̶l̶ grey wet day in November and the clocks were striking thirteen.

  28. janimal
    Big Brother

    Several points

    An ip address doesn't identify an individual

    On radio 4 this morning the policewoman they were getting to tell us to think of the children seemed to equate an IP address with an individual (paedophile, in case you couldn't guess).

    I've lived in houses with 6 or 7 people living there, and there's always guests and their phones.

    So even if they are targetting an individual and requesting data about an IP address, what about the right to privacy for the rest of the individuals behind that IP address?

    Judicial Authorisation

    The police will be able to get basic domain history with permission of a superior officer. A Complete history can only be acquired with judicial authorisation (from the bbc article). Will they publish how many times and under what circumstances such requests were denied?

    I should imagine something along the lines of "We can see they accessed the he's probably a pirate, but he could be a terrorist." or "She visited" or, or could easily prompt a "Dear Reichsführer May letter."

    Do you see the judges turning them down?

    Growing MJ is illegal, warrant granted.

    Tor users are all terrorists, peado's or junkies & dealers - warrant granted.

    We need Anonymous to start snaffling MP's browsing history

    1. Missing Semicolon

      Re: Several points @ janimal

      "An ip address doesn't identify an individual"

      Why do you think everyone is so keen on IPV6?

  29. Alister Silver badge

    So, who's going to pay for the ISPs to store all this data then?

    To the best of my knowledge they don't, at the moment either log or store http(/s) requests for each subscriber, so to implement this will require some serious outlay in equipment and storage.

  30. clanger9

    Websites != "communication"

    Does anyone understand what is being proposed here?

    On Radio 4 they were saying that they need to know which "websites" people visit. In the next breath, they're saying that this is so they can find out "who is communicating with who, like we used to be able to do with telephone records".

    How the hell is a list of FQDNs going to tell them that? Who communicates via a "website" anyway (apart from grandparents on Facebook, I mean)?.

    If they want to know who is talking to whom, they're going to need to compromise every comms platform out there and/or mandate some sort of server-side comms logging. Heck knows how they'll deal with P2P comms. Will P2P just be made illegal? Yeah, that'd "solve" a few other problems along the way, wouldn't it? Hmm.

    There must me more to this legislation than the party line of "It's just a list of websites blah blah blah". Can anybody fine the /really/ relevant clauses?

    1. janimal

      Re: Websites != "communication"

      This is test legislation.

      This web history thing is so trivial to bypass that even many barely technical folks already do so. I have had several people in the last couple of years tell me they have vpn configured at the router, by themselves, a relative or a friend.

      If this gets passed in it's current form then it will be a stepping stone to something else....

      "Oh no! Look! Everyone is using encryption now - and we cannot have a communications method that we can't access with a warrant so...ooh what's this I have here?"

      Well that appears to be the Government Key Escrow scheme you wanted to propose back in 1998!

      As you will no doubt already know, crypto with a back door is not crypto. However they'll 'spin' key escrow as "strong, unbreakable encryption that we have a bone fide key for."

      Let's hope it never comes to that....

    2. Chozo

      Re: Does anyone understand what is being proposed here?

      Well.. best guess is that the government is attempting to sort the sheep from the wolves by psychologically profiling all UK internet users.

  31. Chozo

    So how is this going to work with coffee shop wifi and other providers of free internet access that blanket most town centres?

    1. Graham Marsden
      Big Brother

      Obviously before you use the Free Wi-Fi you're going to have to register and give your name, address, phone number, retinal scan, DNA sample...

  32. Anonymous Coward
    Anonymous Coward

    Why is this needed?

    Am I really supposed to believe child molesters are visiting websites like somehotchildpornographysite.tld?

    Or is this just so the Government's private Gestapo can dawn raid anyone who visits websites like Tor Project, Tails, VeraCrypt?

  33. Pen-y-gors Silver badge

    Proxy setup?

    Does anyone have easy instructions for setting up a proxy server on a nice Icelandic-based cloud provider?

  34. herman Silver badge


    This will provide a huge boost to simple and easy to use crypto development. The UK might end up leading the crypto industry again. I already use TOR almost all the time. If that law passes, it will be even more.

  35. Stevie Silver badge


    It is depressing just how willing the governments of the world are to embrace what used to be a paranoid fantasy in the name of national security, and how willfully to lawmakers embrace yheir own ignorance rather than getting informed.

    No wonder that every time I read the subheading of this article it reads "Daft" rather than "Draft".

  36. localzuk

    Ignoring the ethics

    If I ignore the ethics of it (even though that would be my primary objection to this idea), the practicalities of this idea soon render it nonsensical.

    The amount of data our school logs via its proxy servers is huge, for our small number of network users. Expanding that out to the entire population will soon lead to PB of data being generated.

    How on Earth is that much data of any use to security services? The only thing they'd be able to do is go and look at a specific person's web data historically, and ongoing. If they already know to target that person, would they not be able to get more information using existing intelligence gathering methods than using their browsing history?

    Mining the data for any useful data would cost a fortune, and require a far larger intelligence service than we have.

    Add on the fact that it can be bypassed in seconds using a VPN, and you end up with a completely pointless system.

    I just don't get how it will be useful.

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: Ignoring the ethics

      At the risk of invoking Godwin's Law. The Gestapo had one officer for an area of about 10,000 people. What they used was the propaganda to make people think they knew everything - and relied on paranoid/frightened people to report their suspicions about neighbours. That the reports were often maliciously motivated just added to the poisonous atmosphere generated in communities.

      1. Alistair Silver badge

        Re: Ignoring the ethics

        And even over here, they try this shit too:

        Happily we might just loose that piece of sh!t shortly since

        Really, in the long term perspective - government around the world finds itself loosing traction on the people, and the companies that run the governments are getting upset. So we have an ever expanding culture of fear. This culture of fear is being used to take us back a couple of centuries evolution in human rights, in order to reinstall the serfdom prevalent then.

        We do need to stand up and work towards changing that crap.

  37. Anonymous Coward
    Anonymous Coward

    Reading the comments on here it's pretty obvious we all know how to circumnavigate this however we are not the standard and it is those people that the government wants to snoop on. How many people do you know in your personal life that can and will do anything about this? Not many I guess.

    Someone mentioned multiple users on a single I.P. address, this doesn't matter because all they will do is put pressure on the owner till they get to the person they want and I'm not talking pedoterrorist it will probably be someone looking at a website that disagrees with the government and insights peaceful protest (It's coming people)

    Coffee shops, free-wifi, Use your phone they have your mac or IMEI likewise your mac is on every network device, it won't long before free wifi has to use specialist routers though to be fair it wouldn't be difficult to single out devices even with NAT using software as part of an OS (Think windows 10 telemetry, you connect it connects you're now identifiable)

    They'll get to us eventually once they figure out a way, either that or remove the very literature we all used to learn our trade (think great firewall of britain) then eventually those skills may be lost.

    1. Alistair Silver badge


      Mac addresses at least in terms of networking only exist within the logical segment. Pass the gateway, your mac vanishes from the network level conversation. Admittedly one can scrape that value and stuff it in the the communicated data.

      IMEI's aren't relevant to TCP/ip and won't be seen from 'the network' side of the connection - the CDR generated will contain the IMEI, but, depending on the hardware (phone) and stack (software on the phone) the TCP session on free wifi has no idea what IMEI is, and in many cases, all the CDR contains for that is "external network connection" - and none of the TCP information. The combination where that comes together is surfing on your carrier's wireless network, and it depends on the stack on the Cell what data actually shows up in that CDR.

      This concept is a *lot* harder than the Governments want to sell you, and than the paranoid out there think it is. I have reason to know.

      1. Naselus

        Re: Umm.

        "This concept is a *lot* harder than the Governments want to sell you, and than the paranoid out there think it is. I have reason to know."

        Yup, there's a fair bit of technical incompetence on both sides of the debate in the media up to now. I doubt anyone in the Commons has the slightest idea how difficult their proposals would be to implement without leaving it full of holes, and many of the doomsayers quoting 1984 about also seem decidedly unaware of how massive the requirements would be to make it as dangerous as they think.

        Either way, I'd be surprised if it gets past the Lords anyway. They're several tech-savvy ones who will quickly rip it to shreds in the discussion, the upper house has something of a history of blocking these sorts of bills anyway, and as the Tax Credits debacle shows, the present makeup of the Lords is making it very difficult for the government to get any legislation through. Since business will also be generally unhappy with the idea of their encryption being deliberately flawed, I suspect the Bill will bounce between the two houses a couple of times and then be quickly shelved.

  38. terry doyle

    Already uncomfortable with all the cameras ..

    I live outside the UK and I was already uncomfortable with the sheer amount of cameras everywhere when I visit.

    This would take the proverbial biscuit.

  39. james.aka.damingo


    I wonder if May realizes that her online banking would be viewable to all if we disabled end to end encryption?

    Anyone know where I can find Ford? I want a thumb off the planet.

    1. Vittal Aithal

      Re: Humm

      Asking whether the Home Secretary is aware of technical issues is like asking a horse if it's aware of the weather on Mars.

  40. IT Hack


    The Prince was not a realistic proposal.

  41. thondwe

    DNS only?

    From the stuff I've read the ISP only need record the DNS name of the sites visited, NOT the URL. So how does this work if you've changed your DNS to OpenDNS (or others) in order to filter stuff for your kids, but OpenDNS is in the states?

    Then of course the source IP is from the router - so how do you point the figure at a person with the gadget - so cheapo wireless hotspot in Café...?

    1. Anonymous Coward
      Anonymous Coward

      Re: DNS only?

      Doesn't OpenDNS also offer an end to end encrypted DNS client?

  42. hapticz

    Second guessing...

    where the point of trust is broken, and then deciding what is defining that point may exacerbate the core issue that defines the human/animal itself. adamant to retain individual freedoms, yet force others to submit to one's own expression of perceived freedom? absolute obedience, or submission to absolute beliefs that utilize no acceptance of alternate thoughts or actions under threats of death (ie-absolute non-life) is one of any organisms highest fears, highest actionable priorities or call to duty. those responses have become more important to survival than tending the garden of life itself, the organism may have reached the end of its useful existence, unable to dynamically adapt, fail to communicate effectively across it's evolved replicated selves and alter its multidimensional perception of existence. even virii, perhaps the simplest of creations, makes a greater effort to change, than the highest form of life as we claim to be.

  43. Anonymous Coward
    Anonymous Coward

    DNS and SSL - flawed proposal?

    So how exactly do the politicians think this will work? As far as I can see:

    1. HTTP 1.1 requires the host header field inside the request

    2. HTTPS (SSL) connections encrypt the request and response

    Therefore a typical user, starting with Google:

    a. User visits Telco record this.

    b. Google redirects to SSL connection. Now all traffic is encrypted.

    c. User clicks on Google link. If link is non-HTTPS then client does DNS lookup and then connects to site. Telco could record DNS look-up and/or HTTP connection request.

    d. However, if link itself is HTTPS then client PC does DNS lookup as before and then connects to HTTPS site. Telco could still record DNS look-up but can no longer see contents of request.

    Conclusion: Once inside the SSL "bubble" only the DNS requests record user browser activity. There is nothing to gain from inspecting HTTP request headers if they are encrypted. This leads to some conclusions:

    a. The only way to implement this is to record DNS requests. There are a *LOT* more DNS requests from each client than just generated by the browser. For instance this will record access to every other service.

    b. A user could circumvent this by using an offshore DNS provider (e.g. Google)

    c. This proposal is technically flawed.

    NB: I have excluded that links Google displays are actually back to Google and then they redirect to target site. This detail allows Google to track but doesn't alter the above analysis.

    HTTP Host header by spec.

    1. Ben Tasker Silver badge

      Re: DNS and SSL - flawed proposal?

      See my earlier reply, what you've said is wrong.

      SSL/TLS with Server Name Indication (i.e. any modern browser) sends the FQDN in plaintext as part of the SSL/TLS handshake. So there's no need to go sniffing DNS when the same DPI kit that handles port 80 can just as easily handle 443 for 99% of requests.

      1. clanger9

        Re: DNS and SSL - flawed proposal?

        Yes, but they also keep saying that the purpose of this legislation is to enable them to establish who is talking to whom. If that is indeed true, I don't see how a FQDN gives you that.

        There must be something else being legislated here.

        1. Ben Tasker Silver badge

          Re: DNS and SSL - flawed proposal?

          > There must be something else being legislated here.

          Given the seemingly vast difference between what they're requesting now, compared to previous attempts (though I'm a long way from finished reading over it), my guess is that this is the thin end of a wedge they intend to continue hammering home later.

          The stuff they're being open about recording isn't quite useless, but doesn't do a huge amount in terms of achieving their stated aims.

          Though one bit that's not been trumpeted as much is the metadata they want to keep from messaging in particular (both IM and email), including pulling metadata out of file attachments.

          Which is somewhat at odds with the claim it's like an itemised phone-bill, if I've emailed you an attachment there's a good chance we're talking about it, and if the author of that file is then there's a reasonable guess at the contents. In comparison, if Jihadi John's number appeared on my phone bill, it's still possible I mis-dialed and then spent 15 minutes arguing with him about whether I'd dialled incorrectly (anyone else get people do that?)

          For web browsing, they're specifically limiting that. Anything beyond data which identifies the service (so the FQDN) is content, which "shouldn't" be recorded under normal circumstances.

          Personally, I'm going to be routing out via VPN as a matter of principle. If they've a reason to specifically investigate me, fine, but unless/until then I'm keeping my family's data out of the mass sweep.

      2. testsupport

        Re: DNS and SSL - flawed proposal?

        Would the original post be the case if SNI were disabled?

        1. Ben Tasker Silver badge

          Re: DNS and SSL - flawed proposal?

          > Would the original post be the case if SNI were disabled?

          Yes, if SNI were disabled you'd be reliant on DNS.

          However, the reason SNI was introduced was because you needed a dedicated IPv4 address to bind a HTTPS service to if you wanted to avoid certificate warnings (without SNI, the server doesn't know which service you want until it get's the Host header, which is after the TLS handshake - so will serve it's default, which probably won't match the FQDN you're after).

          If you're thinking of disabling SNI, you'd probably be opening yourself up to other risks. A lot of HTTPS sites would become inaccessible to you, in the sense they'll give certificate warnings. Being in a position where sites are expected to give warnings vastly increases the work you need to do to verify a cert you've received is genuine and valid and not the result of someone MITM'ng you.

          You may also experience some issues with sites that use cert stapling :)

  44. Anonymous Coward
    Anonymous Coward

    Can't work. Won't work.

    So how exactly do the politicians think this will work? As far as I can see:

    1. HTTP 1.1 requires the host header field inside the request

    2. HTTPS (SSL) connections encrypt the request and response

    Therefore a typical user, starting with Google:

    a. User visits Telco record this.

    b. Google redirects to SSL connection. Now all traffic is encrypted.

    c. User clicks on Google link. If link is non-HTTPS then client does DNS lookup and then connects to site. Telco could record DNS look-up and/or HTTP connection request.

    d. However, if link itself is HTTPS then client PC does DNS lookup as before and then connects to HTTPS site. Telco could still record DNS look-up but can no longer see contents of request.

    Conclusion: Once inside the SSL "bubble" only the DNS requests record user browser activity. There is nothing to gain from inspecting HTTP request headers if they are encrypted. This leads to some conclusions:

    a. The only way to implement this is to record DNS requests. There are a *LOT* more DNS requests from each client than just generated by the browser. For instance this will record access to every other service.

    b. A user could circumvent this by using an offshore DNS provider (e.g. Google)

    c. This proposal is technically flawed.

    NB: I have excluded that links Google displays are actually back to Google and then they redirect to target site. This detail allows Google to track but doesn't alter the above analysis.

  45. Vittal Aithal

    It is patriotic to encrypt your data

    Seems to me that if you're a patriotic, law abiding citizen, then it's only beneficial to the security services if you encrypt your traffic to avoid it being logged.

    If you're not doing anything illegal, then all that data that's logged about your traffic is noise. Its just extra stuff that has to be captured, stored, indexed, archived, backed-up, secured and (hopefully) eventually deleted. In a time critical situation, having terabytes of guff to crawl through is a waste. Capturing all that data is the equivalent of phoning the police each time you nip out down the shops, just to keep them in the loop; it would just be boring data that clogged up the system. If they're not interested in our law-abiding traffic, then it's no loss to them if it's not stored. Far better to use the saved £££ on specialist teams (no doubt wielding zero-day exploits) and physical surveillance to go after the bad guys.

    Some may say that you don't have a problem if they know you've gone to However, you're not just connecting to there. A quick look at facebook now shows me connecting to,,,, and - and that's with AdBlock+ active. Are you *sure* that there's no hokey content on any of those sites? Do you really feel happy if you're traffic is tagged because one of those sites is hosting something questionable? Throw in advertising sites and malware, and the number of sites you connect to becomes very big and very uncontrolled.

    The thick (and "presently" unlikely) end of this particular wedge is cameras in your house. After all, your bog is probably a "safe space", and the PM doesn't like giving evil-doers safe spaces. Sure, the film would be encrypted, just stored for a year (by your oh-so-secure ISP) and only available under special circumstances, but ask yourself - would you be happy being filmed taking a dump?

    Added to all this, if the UK demands that Google, Apple and others are required to provide backdoors, then you can bet your bottom dollar that the Russians, Chinese, Indians, Saudis and just about every other nation will demand the same. Very soon, the service providers security will be riddled with nation state holes. So what if GCHQ keeps its access keys under super-duper security - a smallish bribe in Bombay or Moscow may be all you need for access. Security is limited by the weakest link, and once governments of all flavours have access, your security (and that of every UK business) is open to the highest bidder. Our patriotic duty is the ensure the security of the UK economy, and that means not letting other nations sniff through our data. If the UK bans end-to-end encryption, then we will put ourselves at a massive economic disadvantage as less scrupulous actors take advantage.

    If you're in the UK and are suspected of serious crimes, RIPA already gives plod the power to demand your data. If you don't off to the clink for you. If you're not in the UK, well, your traffic data may not be logged in a means accessible by plod/GCHQ. Why would this bill give us any additional security?

    DNSCrypt, Tor, SSL, PGP - these are the tools of patriots!

  46. Marcus Fil

    Humm is right

    ..who wants to do business in a country that routinely reads your post? If this is the slippery slope best the Torys have a think before the world's trade goes elsewhere. A previous comment pointed out what is currently proposed has been done already - at government expense. But the 'experts' at GCHQ do not have their septic cousins budgets to keep pace with an ever expanding problem set. So pass legislation to put the burden onto the commercial sector and call them terrorist sympathisers or closet paedos if they do not comply; is it '1984' or Terry Gilliam's 'Brazil' where we are billed our own interrogation? From the spooks' (narrow) perspective it might make their job a little easier in catching the 'Four Lions'-type "bullets" who use the lit net. However, it also opens up a system to woeful abuse down the line - if the government added a clause of £10M per persion automatic compensation for misuse of data I would start to think they understood the gravity of the situation - they don't. Any future abuse will be burried under the Official Secrets Act - revelations deemed 'not in the public interest' - the official term for damning incompetance. Anybody halfway serious (for good or bad) will get round this until the next round of legislation ups the ante. Meanwhile money is wasted and the UK made to look more like North Korea by the day. Write to your MP, get hold of strong crypto while you still can and stock up on lemon juice and stamps.

  47. Anonymous Coward
    Anonymous Coward

    What will be most telling is the stance taken by all the "opposition" MPs.

    I can see a Tory three line whip, but which of the other parties will issue a whip, either for or against, and which will allow a free vote...

  48. Old Handle

    I have an idea!

    Since the fundamental problem with adding a backfront door is trust, you simply have to make sure the key is held by a trustworthy person. Normally this would be a problem, but since you live in a monarchy, presumably the most trustworthy person is by definition the queen. So the law can specify that manufacturers give her a second key. And any other copies are destroyed. It's gets stored on a special air-gapped computer in the palace where she can use it to execute valid search warrants. As a safeguard, make it a crime for anyone else, spooks included, to use, leak , or even possess these keys other than for the purpose of delivering it to her majesty.

  49. Vernon
    Big Brother

    VPN reviews

    For the benefit of people like myself, could someone direct me to a reliable source of VPN reviews, or failing that recommendations of VPN providers others are using?

    1. liamt

      Re: VPN reviews

      I currently use HMA, which is good enough for my purposes, e.g. to make sure my traffic is encrypted while on the move and using public hot spots. They also have servers located all round the world, where you can pop in at one point and appear again in another part of the world (e.g. to watch the Daily Show online). HMA will still provide the security services and others with your connection activity with the correct paperwork as they keep logs. Their are other providers who keep no logs by design and will refuse to supply any details.

    2. A Ghost
      Thumb Up

      Re: VPN reviews

      I know that Torrent Freak did a review and updated it recently on VPNs, and most importantly, those that do not keep any logs.

      Here is the 2015 update:

  50. Anonymous Coward
    Anonymous Coward

    Commenting on a 'nichey' tech site isn't political action

    Go DO something real

  51. Probie

    Anger over the wrong thing.

    Look at the bill in perspective and then calm down. Yes its your privacy, yes it sucks and yes its open to abuse by the powers that be. But its already been happening for years, the horse bolted, left the stable and has now been rendered into glue.

    Get some big pants on and look for a technical work around if it fucks you off that much. You know, GRE+IPSEC, TOR, VPN.... the experts are right, the villans will find a way around and you will paint a bullseye on your back, but you will still get to sleep with the smug privacy smile on your face. Or an here is a novel thought, DO NOT VOTE FOR THE FUCKERS next time around. Start the PRIVACY PARTY for government or some such movement, but whatever you do do not assume someone else will fix the mess for you, that is how we arrived here. At least in the UK you have the right to protest, unlike China (Tiananmen square for those too young to pick up on the reference).

    For me I know they have done this shit for ages anyway and have had far easier ways of getting incriminating data (like credit card, bank card, telephone usage or 4K 360 degree CCTV and facial recognition). So if making it public shines a light on it, makes things a bit more proportional AND makes the UK a bit safer for my kids for later on in life then that is a price "I" am happy to pay, you might feel differently, if so then say "thank fuck for a democracy".

    Then again this could all degenerate into animal farm.

  52. RichMcc

    Everyone has the right to respect for his private and family life, his home and his correspondence.

    - Article 8 of the Human Rights Act

  53. This post has been deleted by its author

  54. JEF_UK
    Black Helicopters

    DNS Encryption / Won't someone think of the children / My own logs

    Withdrawn and reposted because grammar is the difference between knowing your shit and knowing you're shit!

    If you encrypt DNS (DNSCrypt) but don't VPN "they" can still log IP source and destination running through the {compromised} network.

    As a result you visit a website called '' to look nice pictures of spring; or do something agreeable capitalist; which is hosted on the same server/IP as ''.

    They log the IP and arrest you?

    But OpenDNS/Cisco will cooperate with the authorities and get you off?

    Or you're a nasty young-goat-fiddler and deserve it?


    I'm not sure I care but I'm going to dam make sure I can keep my own logs.

    I'm already blocking lots of junk by sink-holing DNS on my own server.

    I'm already running SSL_Bump interception and proxy; Snort with IDS/IPS Capabilities and ICAP/AV

    I'm already able to log all DNS requests.

    Now I need to ensure I can prove logs are not doctored. ZFS and snap shots? I've 24 TB

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019