We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Data retention

Police have arrested a UK teen following the leak of ISP-U-Like’s browsing history database. The news follows revelations of a hack of the internal systems of the nation’s most popular ISP that left 60% of the country’s browsing history accessible from a public web site based in Sweden. British ISPs are required to retain records of the last 12 months of users’ browsing history under the so-called “snooper’s charter” introduced in 2016. Previously only police could access the information. Now visitors to ismyneighbourapervert.com can simply type in an email address and view anyone’s browsing history. Since then, there have been calls for a senior officer at Gloucestershire Police to resign after it emerged that he once visited a pro-GamerGate website. And the Daily Mail has defended criticisms of its “20 Celebrity Health Searches That Will Shock You” article, stating that the boil on the home secretary’s groin is “in the public interest”.

Meanwhile, the CEO of ISP-U-Like issued the following statement: “In the unlikely event that your mother-in-law finds out about your membership of gaymidgetsgonewild.com, then as a gesture of goodwill, on a case by case basis, we will waive termination fees.”

The investigation is ongoing.

Tweet about this on TwitterShare on FacebookShare on TumblrShare on RedditShare on Google+Share on VKEmail this to someone

16 comments to Data retention

  • John Coles

    “”Daily Mail has defended criticisms of its “20 Celebrity Health Searches That Will Shock You” article, stating that the boil on the home secretary’s groin is “in the public interest”.

    I have to agree.
    Should this token the onset of Tertiary Syphilis and the inevitable concomitant insanity, then this is highly relevant to his (painful) stance in the coming Referendum and his evident Europhilia.
    We should be told.

  • Mr Ed

    John,

    The Home Secretary is a woman. But a Heydrich of sorts in her dreams of controlling the populace, just without the angle on certain minorities of that thug, and wholly in thrall to the authoritarian tendencies of the Left who infest her department.

    Syphilis would at least be mitigation for her views.

  • John Coles

    Apologies. I became over-excited at the thought that it was the Chancellor. But the concept holds.

  • Mr Ed

    Ah, you mean the inconsequential little man who couldn’t cut himself shaving, never mind public spending. The horrifying thought is that those two seem to see each other as their main rival for the top job.

  • Mr Ed

    BTW there is an element of spoof in this post for those not in the UK.

  • Rob Fisher (Surrey)

    Yeah, thanks Mr Ed. I thought it was obvious but re-reading I can see how it might be missed. Reality too often looks like satire.

  • Laird

    “British ISPs are required to retain records of the last 12 months of users’ browsing history”

    I have no idea whether that is also the law in the US (frankly, I’d be surprised if it weren’t, but I can’t be bothered to research it), but I don’t particularly want Google or whoever having that data, either. So for years I’ve used web search anonymizers such as Startpage (my current favorite), Ixquick or DuckDuckGo. I don’t know if they really work as well as advertised (perhaps the government could pierce through them if it really put its mind to it), but it makes me happy and at least keeps Google at bay.

  • Tedd

    Laird:

    You should try the Tor browser. It’s probably the most secure thing that’s available without jumping through a lot of hoops. I’m not sure if it protects against ISP link collecting as described above, but I think it probably does.

  • Laird

    Tedd, I’ve thought about that but never actually tried it. Perhaps I will. Thanks for the link.

  • Patrick Crozier

    Heh.

  • Laird,
    It probably isn’t the law in the US but that doesn’t mean it doesn’t happen.

    The NSA etc are above the law. Didn’t you know that? It is a kindness.

  • CaptDMO

    “British ISPs are required to retain records of the last 12 months of users’ browsing history …”
    So EVERY British (and US)ISP has a pernicious virus/Trojan horse, built right in.
    I can’t understand why “hackers” are simply accessing them, rather than going all “Iranian centrifuge controller-air traffic control-power grid-overwhelm the system” on them?

  • Sam Duncan

    “BTW there is an element of spoof in this post for those not in the UK.”

    Well, yes, and it appears that last week’s TalkTalk attack, for which the kids were arrested, wasn’t actually as bad as was initally feared. But it shows that the scenario you set out is entirely plausible. If the bad guys can get into ISPs’ systems, and the ISPs have to keep 12 month’s browsing history records* for the – ahem – good guys, then the bad guys can get your browsing history.

    “So EVERY British (and US)ISP has a pernicious virus/Trojan horse, built right in.”

    Not yet, no. It was part of the “Snoopers’ Charter”, thought to have been defeated, but which has risen, zombie-like, from the grave recently. (When did the Police start telling us what powers they should have, instead of us telling them what they’re going to get, by the way? It’s hard to imagine a clearer case of the tail wagging the dog.) But it hasn’t been passed.

    *Come to think of it, does anyone know what this means? Would they be taking these records from DNS queries, or their proxy web servers, or… what?

  • Alisa

    The project was originally developed on behalf of the U.S. intelligence community and continues to receive U.S. government funding, and has been criticized as “more resembl[ing] a spook project than a tool designed by a culture that values accountability or transparency”.[22] As of 2012, 80% of The Tor Project’s $2M annual budget came from the United States government, with the U.S. State Department, the Broadcasting Board of Governors, and the National Science Foundation as major contributors,[48] “to aid democracy advocates in authoritarian states”.[14] The Swedish government and other organizations provided the other 20%, including NGOs and thousands of individual sponsors.[29][49] Dingledine said that the United States Department of Defense funds are more similar to a research grant than a procurement contract. Tor executive director Andrew Lewman said that even though it accepts funds from the U.S. federal government, the Tor service did not collaborate with the NSA to reveal identities of users.[50]

    Critics say Tor is not as secure as it claims,[51] pointing to U.S. law enforcement’s investigations and shutdowns of Tor-using sites such as web-hosting company Freedom Hosting and online marketplace Silk Road.[22] In October 2013, after analyzing documents leaked by Edward Snowden, the Guardian reported that the NSA had repeatedly tried to crack Tor and had failed to break its core security, although it had had some success attacking the computers of individual Tor users.[12] The Guardian also published a 2012 NSA classified slide deck, entitled “Tor Stinks”, which said: “We will never be able to de-anonymize all Tor users all the time”, but “with manual analysis we can de-anonymize a very small fraction of Tor users”.[52] When Tor users are arrested, it is typically due to human error, not to the core technology being hacked or cracked.[53] On 7 November 2014, for example, a joint operation by the FBI, ICE Homeland Security investigations and European Law enforcement agencies led to 17 arrests and the seizure of 27 sites containing 400 pages.[54] A late 2014 report by Der Spiegel using a new cache of Edward Snowden leaks revealed, however, that as of 2012 the NSA deemed Tor on its own as a “major threat” to its mission, and when used in conjunction with other privacy tools such as OTR, Cspace, ZRTP, RedPhone, Tails, and TrueCrypt was ranked as “catastrophic,” leading to a “near-total loss/lack of insight to target communications, presence…”[55][56]

    In October 2014 The Tor Project hired the public relations firm Thomson Communications in order to improve its public image (particularly regarding the terms “Dark Net” and “hidden services,” which are widely viewed as being problematic) and to educate journalists about the technical aspects of Tor.[57]

    On June 2015 the special rapporteur from the United Nation’s Office of the High Commissioner for Human Rights specifically mentioned Tor in the context of the debate in the U.S. of allowing so-called backdoors in encryption programs for law enforcement purposes [58] in an interview for The Washington Post.

    On July 2015 the Tor Project announced an alliance with the Library Freedom Project to establish exit nodes in public libraries.[59][60] The pilot program, which established a middle relay running on the excess bandwidth afforded by the Kilton Library in Lebanon, New Hampshire, making it the first library in the U.S. to host a Tor node, was briefly put on hold due to pressure from the Department of Homeland Security, but was re-established on September 15, 2015.[61]

    On August 2015 an IBM security research group, called “X-Team”, put out a quarterly report that advised companies to block Tor on security grounds, citing a “steady increase” in attacks from Tor exit nodes as well as botnet traffic.[62][63]

  • Tedd

    On August 2015 an IBM security research group, called “X-Team”, put out a quarterly report that advised companies to block Tor on security grounds, citing a “steady increase” in attacks from Tor exit nodes as well as botnet traffic.

    I do occasionally get blocked but, up to now, not very often — probably less than one percent of my page requests. The only practical drawback is that it is usually slightly slower than non-Tor browsing. But as the Tor network expands speed becomes less of an issue. I typically click a link while I’m still reading the page it’s on and don’t go to the linked page for a few seconds, anyway, so the slight delay isn’t an inconvenience.

  • Alisa

    Tedd, that part is the least bothersome, in my view – but I understand that opinions on this may vary widely.