IWF – U-Turn

December 10, 2008 — 585

Following the farce of the Internet Watch Foundation banning a page on Wikipedia, and then standing by its decision, it has now changed its mind.

Though the decision not to ban the image only applies to the image being held abroad, and possibly not in the UK. The IWF says “Any further reported instances of this image which are hosted in the UK will be assessed in line with IWF procedures.”

While nobody (sane) wants to allow access to child abuse images, the question of IWF, and by proxy CleanFeed, making blanket decisions about how can access what, from child abuse to racist content, and possibly in the future D-Notices, is somewhat concerning.

What else have they banned that we do not know about? How many sites about political issues are we, in the UK censored from? Perhaps its not many now, but do we want to have a system in place that could, at any point, stop access to information about elections or taxation?

 

 

 

 

 

 

 

 

Posted in UK Law, privacy. No Comments »

UK Firewall – the first real complaints?

December 9, 2008 — 585

The UK has operated a firewall for sometime now, similar in many ways to the Chinese firewall (Golden Shield), though the content that is filtered out is different, for now – though that may change

The UK firewall, controlled largely by the Internet Watch Foundation, and therefore the UK Police and Government is designed to block illegal pornography and other offensive material. However, due to the way it works nobody really knows what’s blocked. There is no published list, there are no published guidelines for what is and what is not blocked, web pages just disappear.

The end user is, in general, unlikely to know if a page has been removed as the error returned when visiting a removed web page is the standard 404 missing page error, implying it could be the hosting company that has the error, not state censorship.

Despite the obvious concerns of this technology being rolled out about across the UK there has been relatively few complaints about the subject in the mainstream media. But now the firewall, CleanFeed, has blocked a page on Wiki, causing widespread interest in the subject.

  • PC Pro: Brits blocked from Wikipedia over child porn photo
  • Brand Republic: Wikipedia page banned in UK over controversial child image
  • The Register: Brit ISPs censor Wikipedia over ‘child porn’ album cover

The pictures are not pleasant (and even on news web sites, which are not blocked), but they have been on the album cover since the 1960s and 70s, and have been sold in record shops and book shops since then. Never, has there been a prosecution in relation to those covers.

So, is it the place of government to start censoring the internet? Well the UK government thinks so.

 

 

 

 

Posted in UK Law, privacy. No Comments »

Extension to the UK Firewall

November 16, 2008 — 585

The UK Government could be about to provide more infrastructure to prevent the population accessing information. This time the infrastructure is a legal frame work.

The Intelligence and Security Committee has recommended that the government create legislation to stop media outlets producing news that government does not want to.

The headline sales pitch of this is that its in the interests of “national security”, i.e aimed at military operations. But the recommendations are also that reporting on police operations can also be prohibited.

There is already the “D-Notice” in place in the UK, and despite scouring the news papers recently I have not seen any evidence of the battle plans for Afghanistan, the MI5 Org Chart, or the internal plans of GCHQ.  The occasions that the news papers have got hold of “priority” police operations is because is been leaked – that means that the police have called the news papers, to make some money or to further a political agenda, and the papers have printed it. Is it right to create new laws as the police have not got their house in order? Also, at least this way we know what’s being leaked, better this way than directly to the suspects!

The question that needs to be asked is: Do we need more laws to give the government greater secrecy?

In a different time there would have been more trust over the government, and the law in itself is not dangerous, if its well used, but with examples of misuse of data and data collection methods by the government, there is a concern that more there is greater control and monitoring of the population.

Death by a thousand cuts? Or totalitarianism through a 1,000 laws and a million CCTV cameras?

 

 

 

 

 

 

 

 

Posted in UK Law, privacy. Tags: , , . No Comments »

Examples of misuse of medical records

September 23, 2008 — 585
  • The medical records of a68-year-old man showed he was homosexual. These were leaked to social services, and as such was refused a place in a care home. Source
  • A sales representative employed by a drugs company was given access to confidential National Health Service patient records to identify those who could be given an expensive new drug to treat cholesterol. Source  – MP Paul Flyn
  • Police gain access to medical records, Source
  • Medical Records, with full details including names and addresses passed to researchers. Which resulted in patients receiving intrusive phone calls from researchers. Source
  • A man who was working on a financial audit for the local health authority found that his niece had had an abortion, when he accessed her medical records. His niece had not told her parents about the abortion, so the uncle told them as they were very religious. Source

  • An MP was sent the medical records of a constituent , without the constituent’s consent (this is directly against the NHS own guidance). Source
  • Farrah Fawcetts medical records leaked to the press. Source
  • Britney Spears Medical Records accessed. Source
  • Patients data shared with council – Source
  • Medical Records to be shared with private companies – source

 

 

Tags: ,
Posted in Data Misuse, privacy. No Comments »

Firewall for the UK

September 23, 2008 — 585

While many people will have heard of the Great Firewall of China, also known as the Golden Shield, not many will know the UK has slowly been growing the capability to have the same thing and, in part, it is already functioning.

In 2004 the Internet Watch Foundation, IWF, a group which tries to stop child pornography worked with BT to put technological systems in place to try and stop child pornography being accessed from the UK, using technology called “CleanFeed”. This technology works by analysing all web traffic, at the ISP level, before getting to the user and then trying to block indecent images of children. The technology by blocking a known list of URLs.

By 2006 BT had fully installed CleanFeed and was claiming to be blocking 35,000 attempts a day to access child pornography. Though this high figure was disputed by some.

So far, so good, blocking access to peadohilic images is a good thing.

Nobody, not even the most liberal, would argue for the right to access child pornography, hence there was no objection to CleanFeed.

What Else is Banned? 

But, what about banning access to other subject matters?

Racial Hatred and violent pornography are now subjects which the IWF, using Cleanfeed, have started to censor on the the internet. While this sounds reasonable, it may not always be.

The laws relating to “racial hatred” are a botched mess and were described by British Comedian Rowan Atkinson as “represent[ing] the relentless pursuit of the interests of a tiny minority of the population with, so far, no consideration or quarter being given to the concerns of the baffled majority”.

The laws relating to violent pornography are not as welcome as some may think.

The EU is already banning terrorist related sites which, again, sounds reasonable. Unfortunately the definition of “terrorism” is pretty felxible. The reality is that terrorism is any political group any given government doesn’t agree with. The PLO, IRA, PKK and even the Taliban, have all been supported, in our generation, by one Western government or another. But now they all are regarded, by the current UK government, as terrorist groups. So access and support to these organisations websites could see you a hero, or a couple of decards later whisked off to prison; it just depends on the timing.

If these concerns were not enough to raise eyebrows the UK Government is also working to ban internet discussions about suicide.

While not all of these subjects are currently blocked at a technical level, the technology and law is in place that could prevent access to all of these subjects at a moments notice.

To make matters worse, this blocking technology is not a fine scalpel, but more of a rusty spoon; in 2007 innocent Lycos users were unable to access sites as they were mistakenly blocked.

Censorship in the UK

The UK has an interesting history of censorship:  From the heavy handed approach of preventing the actual voices of the IRA being broadcast (resulting in nothing more than bad dubbing) to the surreal banning of an episode of Star Trek until 2007.  UK internet users are banned from reading about sucraloses written by Joseph Mercola. The UK Government also uses D Notices to stop certain “national security” articles being published in the UK. The D Notices are supposed to be used for military necessity, but are sometimes used for political expediency or other non-national security reason

With this history of censorship do we want the UK to have its own firewall? Do you trust the government more than they trust you?

The Expansion of CleanFeed

CleanFeed has already spread from just being on BT and stopping child pornography, to getting involved in political issues, such as “race hate” and spreading to all of the UK’s ISPs.

 TJ McIntrye, lecturer in law at University College Dublin, has stated that:

Unlike formal legal mechanisms of censorship that ensure a degree of public accountability (for example: the obscenity trial of D H Lawrence’s Lady Chatterley’s Lover, which lowered the threshold of censorship) filtering systems failed to provide a list of prohibited sites, their criteria for designation, prior notice of prohibition, or an appellate procedure. BT’s Cleanfeed filtering system that tells users attempting to access an unauthorized site that it is unavailable owing to a technical fault; the end-users are deceived by the filter into believing that the temptation does not exist.

Everybody knows about the Great Firewall of China, but few people know about the ever expanding internet censorship in the UK, censorship which is putting in place technical measures that could be used to stop access to virtually anything on the web.

Which is the greater concern, the known threat or the unknown threat?

 

 

 

 

 

 

 

Tags: , ,
Posted in privacy. Tags: , , . No Comments »

Tor and those German Raids

September 21, 2008 — 585

In 2006 there was several raids in Germany, taking in dozens of Tor nodes (the exit node) that were linked to Child Porn.

Was this a crack down on Tor or Child Porn?

Below are some articles from the time, relating to the issue:

German Crack Down

Response To Crack Down

Hackers Build Vulnerability into Tor to track Child Porn Viewers

Vulnerability of Tor over stated

 

 

Tags: ,
Posted in privacy. Tags: . No Comments »

Can Tor be used for Web Browsing?

September 21, 2008 — 585

Tor is known for being slow but secure. But its is usable?

In this article Tor, under its standard settings was used to view the web site news.bbc.co.uk, Google, and YouTube.

 

BBC News

Accessing the site, news.bbc.co.uk, from Computer A (which has a 20 mb internet connection,and using Fire Fox 3) took over 2.5 minutes to load the home page, and took over 2 minutes to load another story.

This time could be reduced by preventing pictures from being shown in the browser options

Google

Google took under a minute to load and produced searches were produced in around 10 seconds.

YouTube

YouTube, bizarrely, loaded fairly quickly – faster than the BBC site, in just over 1 minute – but watching a video was not possible

Summary

Tor can be used for web browsing, though it is like going back to dial up – it is painfully slow

 

 

 

 

 

 

Tags: ,
Posted in privacy. Tags: . No Comments »

What is Tor?

September 21, 2008 — 585

Tor is an application that allows you anonymise your IP address.

I.e you can visit www.google.com on 1st September 2008 and Google will not record your actual IP address, but the one presented by Tor, this means that a review of logs stored by Google will not, in theory, show a record of you visiting the site on that date.

For those campaigning in places like Taiwan, China, Tibet, Iran, or the like, then this anonymity is critical, potentially a matter of life and death.

Tor works by passing the data through numerous different servers or nodes, so that it is all but impossible (in theory) to track the source IP address.

To further prevent traffic analysis Tor jumps IP addresses every 5 or 10 minutes. E.g Your IP address going to Google at 8pm and then at 8:10 pm be different, jumping both range and country.

The emphasis on Tor is that the IP address is hidden and it prevents traffic analysis – however it does not truly encrypt the data – nor does it pretend to.

The data transferred between the nodes is encrypted, but it is transferred from the last node to the destination in clear/un-encrypted text

This does create a vulnerability in that a person at the final node (who could be anyone) can set up a monitoring station, as was done in 2007.  This allows the monitor/hacker to watch and intercept all of the traffic going through this final node.

While this documented feature/flaw in Tor allows a person at the final node to monitor the network traffic is does not allow them know the source IP address (only the content), which is the aim of Tor – to hide the source IP address.

It should also be remembered that this ability to monitor network traffic, during normal use, occurs at every point in the data transmission from your machine to the destination machine, via the ISP. I.e Tor is not adding any more risk to the transmission of information across the internet than already exists.

If the data load to be transmitted needs to be secured, as well as the sender, e.g. email or an attachment, then encryption of the information should be used in conjunction with the obfuscation of the source IP

The encryption of data within emails and the like will be covered in later articles.

Posted in privacy. Tags: , , . No Comments »

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise

September 21, 2008 — 585

A security researcher intercepted thousands of private e-mail messages sent by foreign embassies and human rights groups around the world by turning portions of the Tor internet anonymity service into his own private listening post.

A little over a week ago, Swedish computer security consultant Dan Egerstad posted the user names and passwords for 100 e-mail accounts used by the victims, but didn’t say how he obtained them. He revealed Friday that he intercepted the information by hosting five Tor exit nodes placed in different locations on the internet as a research project.

Tor is a sophisticated privacy tool designed to prevent tracking of where a web user surfs on the internet and with whom a user communicates. It’s endorsed by the Electronic Frontier Foundation and other civil liberties groups as a method for whistleblowers and human-rights workers to communicate with journalists, among other uses.

It’s also used by law enforcement and other government agencies to visit websites anonymously to read content and gather intelligence without exposing their identity to a website owner.
But Egerstad says that many who use Tor mistakenly believe it is an end-to-end encryption tool. As a result, they aren’t taking the precautions they need to take to protect their web activity.
He believes others are likely exploiting this oversight as well.
“I am absolutely positive that I am not the only one to figure this out,” Egerstad says. “I’m pretty sure there are governments doing the exact same thing. There’s probably a reason why people are volunteering to set up a node.”

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise.

Tags:
Posted in privacy. Tags: , , . No Comments »

Anonymous Internet Access – Is it Possible?

September 21, 2008 — 585

Anonymous Internet access hardly exists anymore. Google track your searching habits, the ISPs record your IP address, BT/Phorm track and monitor your Internet browsing, and police can intercept your email, and the government can access all of it legally or illegally, with the likes of Echelon

With that in mind is it possible to have anonymous access to the Internet anymore and should anybody want it?

When the USA PATRIOT Act came into power there was uproar about libraries handing over information about who reads what. But this information pales into insignificance with the amount of information available from accessing Internet logs. Anyone who buys from Amazon will know that you get “suggested reading lists” automatically sent to you. That means that Amazon not only track what your reading, but also “understand” it and target you accordingly (it is, in general, fairly accurate). Amazon has the ability to store all the searches you have made, and books you have looked at, not just bought – surely this is more concerning than the records of taking out a few books from the local library?

Access to Internet records means more than just working out which web sites you have visited, it can show who you talk to, who your friends talk to, how you are linked across the world, what you buy, what you like to eat, what your political interests are, what debates and discussions you have, what your sexual interests are, or are not, you bank details, your personal emails, you work emails.

In fact your entire personal and private life is available from a detailed analysis of your Internet habits.  Companies make a leaving from trading in personal data, from Nectar cards to Double Click, and other targeted ads, they all want to know more about you. Even this site (depending on where you are reading it) has Google Ads, which  are automatically target at the audience; in fact adverts will be different on what you are reading, when you are reading it, and where you are reading it.

YouTube, also owned by Google, will give individuals information about who views their “Channel”, including age and sex.

Over the next few weeks this site will be looking at some of the technology that is supposed to be able to help provide the user with anonymous Internet activity.

Tags:
Posted in privacy. Tags: , , . No Comments »
« Older posts