Based on the amount of times my EE provided broadband IP address changes in a week, those doing the tracking are going to have to make sure they don't confuse me, with the other previous owners of that IP address.
-
Don't believe it, until you see it! -
That's the easy part. Big providers already know who had which IP and when. That is already evidence that can be used.Originally posted by darrylmg View PostSee You Next TuesdayComment
-
If folks are worried about content sniffing then the lower bar is just to get sites like the one we're on to support TLS. Letsencrypt will hand out a cert for free so there's little excuse.
Sure, the metadata will still leak as SNI requires you send the base URI and you'll have done an unencrypted DNS request that's all they're gonna get without hitting up the actual websites.
On that note, are we all really logging in over plain text here anyway?
Comment
-
But given how there are a large number of household items accessing the internet, will the defence be "my fridge has been looking at pr0n again"…Maybe we ain’t that young anymoreComment
-
Bit more than that. HMG has effectively allowed for a back door in any new encryption products or services.Originally posted by fool View PostIf folks are worried about content sniffing then the lower bar is just to get sites like the one we're on to support TLS. Letsencrypt will hand out a cert for free so there's little excuse.
Sure, the metadata will still leak as SNI requires you send the base URI and you'll have done an unencrypted DNS request that's all they're gonna get without hitting up the actual websites.
On that note, are we all really logging in over plain text here anyway?
Summary courtesy of El Reg.
Don't be surprised if they start including changes to existing services under the scope of "...new products and services...".This was the proposed wording in the Code of Practice accompanying the legislation:
CSPs subject to a technical capacity notice must notify the Government of new products and services in advance of their launch, in order to allow consideration of whether it is necessary and proportionate to require the CSP to provide a technical capability on the new service.
As per the final wording of the law, comms providers on the receiving end of a "technical capacity notice" will be obliged to do various things on demand for government snoops – such as disclosing details of any system upgrades and removing "electronic protection" on encrypted communications.
"Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.Comment
-
That might need some explaining.Originally posted by fool View PostIf folks are worried about content sniffing then the lower bar is just to get sites like the one we're on to support TLS. Letsencrypt will hand out a cert for free so there's little excuse.
Sure, the metadata will still leak as SNI requires you send the base URI and you'll have done an unencrypted DNS request that's all they're gonna get without hitting up the actual websites.
On that note, are we all really logging in over plain text here anyway?
Are you referring to this - https://forums.contractoruk.com/I'm here via http://forums.contractoruk.com/Secure Connection Failed
An error occurred during a connection to forums.contractoruk.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONGComment
-
Yep, they want a look into all your communication. But TLS and PGP are still considered safe and it'll be pretty difficult for our Government to really break it without making it obvious.Originally posted by DaveB View Post
Yep. It would appear that all communication that we do is on plain text as it's not https://. I've had a browse of the source to see if at least the parts such as the logins were secure, but can't see any evidence for that. So yeah, logging in here seems to suggest you send both your username and password over plain text over the internet. This includes the posts you make and your source IP, which will make you pretty identifiable unless you've already been using a VPN the entire time.Originally posted by Contreras View Post
P.S. Happy to help the mods sort this out. Or you just look at something like https://caddyserver.com/ and it'll just provide certs for free.Last edited by fool; 3 December 2016, 13:24.Comment
-
I'm sure that'll work just as well as all those car owners who claim that it wasn't them driving when their car was clocked at 90mph.Originally posted by WTFH View PostComment
-
Starbucks use BT, so I would assume they will already have it covered.Originally posted by Lance View Post
I would imagine the days of free wifi will continue, but you will have to provide an email address or the like to confirm before be allowed to access any contentOriginally posted by Stevie Wonder BoyComment
-
It's a good job nobody can fake an email address thenOriginally posted by SimonMac View Post
See You Next TuesdayComment
Comment