* Posts by mderouss

2 posts • joined 16 Oct 2015

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors


So where is the problem here ?

So are 3rd party VPN providers going to be classified as telecommunication providers/ISP's ?

That's certainly possible, but I don't see how this has much impact in practice. Many 3rd party VPN providers are not UK based, and it's hard to see how the British government could do much except force them to shut down their UK servers if they did not comply. And of course, they would comply - for those servers. But it's utterly irrelevant, since if you are exitting from a UK server, you lose VPN encryption at that point anyway - VPN's do not provide e2e encryption unless you own both 'e's'.

Of course, if VPN connections to overseas VPN servers are going to be forbidden period, that would be.... interesting :).

If *every* company that operates a VPN for corporate purposes is now classified as a telco/ISP, that would be a pandora's box of grief. I just don' t see that happening here.

Are end users going to be forced to install ISP root certificates ( to allow HTTPS MITM attacks ) before they are allowed to use an ISP's services ? I can't see this. That would require touching every endpoint connected to the ISP, it would be a nightmare for the ISP's, and pinning complicates even this.

If neither of these things is true, then I'm struggling to see what the fuss is about on the encryption front. When we talk about e2e, in what sense does 'e' ever refer to the ISP/Telco ? What capability does this proposal give that they don't already have ? All that it appears to do is to give the Government explicit power to demand that ISP's/telcos do certain things *if they can*.

So what we're left with, really, are overlay services like Skype ( but who trusts that anyway ? ) and WhatsApp. And to be pulled in to this, they would need to be classified as telecommunication providers. That's certainly arguable. But I'm completely confident that nefarious persons with more than one brain cell will still be able to communicate securely if they wish to. So as usual, this is a Government scale hammer that might just crack a few peanuts if they're lucky.

WIN a 6TB Western Digital Black hard drive with El Reg


Everyday IT experiences, #666

No... no, the Oracle EULA still isn't making any sense, but.... I think there's an image forming in it... it's a man with a beard and a grin and... horns...

Biting the hand that feeds IT © 1998–2019