Well, the widespread data retention in Europe is well-documented; most countries have even explicitly refused to comply with ECJ's decisions on the matter. To my understanding, geolocation data in particular is quite useful in investigations. Browsing and search histories and such frequently also appear in media pieces about convictions; he or she is said to have been interested in this or that. These cases certainly raise questions about the qualifications of such data as circumstantial evidence (unless someone is searching for guidance on how to build a bomb, etc.).
I wonder about this...sure there are plenty of people who are older and less knowledgable about government surveillance; but as these programs ramp up, so does VPN usage.
The currently proposed "Online Safety Bill" will potentially put significant limits or ban VPNs. I suspect (if it passes) it will be a case of VPNs that don't collect ICRs will be band, or at least prohibited from payment services, in the UK.
At least it would be difficult to enforce such things, with cryptocurrencies and all. I wonder if governments will try to convince their citizens that all VPN users are criminals and pedophiles as an excuse to make their use illegal, using it as prima facie evidence of wrongdoing in police investigations as a means of increasing the state of terror, surveillance, and control over their populations.
The UK already has a law that allows them to imprison you if you genuinely don't remember an encryption key and they don't believe you.
Just wait till they introduce a law that allows them to imprison people for using a VPN to get around some bs accusation and they don't believe your defense.
You do realize that using VPN makes the company you're paying for that VPN gather way more of your internet browsing history than the UK's surveillance program?
I myself cannot encrypt my internet traffic or scramble it through a variety of IP addresses around the world. You're right, we should all be using TOR if we really want to be extra-secure, but TOR simply is too slow for most general usages.
I doubt if any VPN is truly secure, even ones that truly don't keep logs, because of the activities of Team Cymru and other actors as well. NSA and GCHQ have been known to trace through VPNs, as far back as 2013 in the Snowden leaks.
When did you last try Tor? The DDoS [0] has ended and it's now pretty fast again. I'm watching a 4k youtube video over Tor right now. Also the next version implements traffic splitting [1] which should improve performance even more.
> ICRs can include that you visited Wired.com but not that you read this individual article
So obviously it's just DNS records they look at, unless they look at other metadata? I know that DoH encrypts your DNS queries, but still leaks the site you're visiting via the TLS handshake.
There are further developments in this space which mitigate this weakspot, namely ECH[0] and Oblivious DoH[1]. Combine a VPN that you trust with these and you've essentially gone dark to this sort of surveillance apparatus.
In my opinion, most of the governments must have obtained access to numerous Certificate Authority private keys by now. As a result, they would not only be logging DNS records but also the entire unencrypted data transfer.
I think lesson to be learned here is that centralized systems such as the internet, due to CAs (including Cloudflare) and ISPs, are unsuitable for private communications.
It is so sad that so many people won't experience late 1980s and early 1990s era of the internet, which was devoid of extensive surveillance and censorship.
Hopefully, humanity will somehow figure out a superior, decentralized communications platform to ensure privacy. However, the current internet offers no such guarantees.
My recommendation at this stage is to assume that government and supranational organizations control the entirety of the internet and act accordingly as if internet had no privacy.
If they had compromised root keys, then they still need to MITM the connection in order to provide a fake certificate. This would be detectable, and there has been no evidence of it happening, so I'm sceptical its happened in any significant way. If it was widespread, and not just very targeted, we would know about it.
A government agency using a root key, and getting spotted, would be disastrous for everyone, themselves included. So, if they do have them, and I think you are probably right to assume they do, they would only use them as a last resort in incredibly extreme cases. It would not surprise me if they have have them but have never used them.
> ... they still need to MITM the connection ... and there has been no evidence of it happening
Because the parent you're replying to seems to be talking about any/all governments rather than just the UK, and I'm guessing your statement here was 'scoped' to the UK only - I think it's important to point out that this absolutely HAS happened on multiple occasions outside of the UK.
Only one of those links, the Iranian one, dated 12 years ago, is about a case where there was MITM with a bogus but valid certificate. The Chinese and Syrian cases are just straight MITM, a somewhat knowledgeable teenager could do that, and to the extent it'd work you should focus on things that's solve for the "knowledgeable teenager" case not the "What if state actors with unlimited resources target me?" case.
Twelve years ago is a different era, no Blessed Methods, no Certificate Transparency, pinning was new, which is why they got caught.
> In my opinion, most of the governments must have obtained access to numerous Certificate Authority private keys by now. As a result, they would not only be logging DNS records but also the entire unencrypted data transfer.
Certificate Transparency ensures that having control over a Certificate Authority's private keys doesn't allow for undetectable MITM attacks since both Chrome [1] and Apple (Safari) [2] will not trust certificates that have not been submitted to CT logs and stamped as such. If a government attempts to issue a trusted certificate using a CA they control, it will be logged. You can't passively decrypt TLS connections with just access to a CA's private keys since those aren't the keys involved in communication, or even the server's private key due to forward secrecy (assuming modern TLS configs).
Checking certificates requires that either a) The user have a complete set of CT Logs to check against or b) The user makes a request of a third-party server to verify the certificate. "a" is disk space and download uneconomical, "b" is a privacy concern. Mozilla has decided that it's value is not worth the privacy risk of yet. Time will tell if that's the correct answer; Chrome and Safari are likely enough to keep the CAs honest.
From what I understand, checking that a certificate has been submitted to CT logs should not have privacy implications, only trust in a set of CT logs and their public keys to be able to verify Signed Certificate Timestamps (SCTs). SCTs can be distributed in one of 3 ways:
1. Embedded in the certificate itself - no communication with a third-party
2. Distributed via TLS extension - no communication with a third-party
3. OCSP stapling - the server is the party that initiates a connection with the CA, the client doesn't touch the CA
You only need the complete set of CT logs if you want to verify the logs have not been tampered with.
Lipstick on a pig. OCSP Stapling is a complicated and convoluted override for certificate lifetimes that should never be used and isn't in practice. All three are just different chains to the same CA organizations (in practice), which could just as easily maintain two sets of CT logs.
I should get around to making an "Evil-CA" software that explicitly maintains those two logs.
> As a result, they would not only be logging DNS records but also the entire unencrypted data transfer.
Note that even if you have the private key for a specific certificate, you still cannot perform a passive MitM attack against servers that use modern TLS using perfect forward secrecy, and active MitM attacks can sometimes be detected by the web server itself. There are different techniques that have cropped up; here's an old doc page about Caddy v1, mainly because it's the one that I remembered first:
That said, as others have mentioned, CT logs basically foil direct man-in-the-middle attacks abusing CA certificates. The attack will work, assuming it isn't foiled by HSTS, but it will be detected. For a government surveillance program, this would obviously be a very bad outcome.
The CA system definitely gets some deserved flak for being flawed, however I've personally found myself impressed with how much practical security against attackers the web ecosystem has managed to build up. It also was probably good to get more of it done ahead of time before governments could try to abuse gaps in the system; as it stands now, if we had DoH and ESNI (edit: or, now, ECH, I suppose) deployed widely across the internet, it would probably render this entire government surveillance operation useless.
But you can just issue an identical certificate to an existing website's certificate via the private key, it doesn't even need to enter to CT logs, it will have 100% identical fingerprint to original certificate, no?
You can then intercept everything through the ISP gateway. It would be theoretically possible to fragment the entire internet this way via coordinating with the ISPs.
Nope! That would require the server operator to participate; pwning the CA gives you nothing. CAs that issue private keys for you are banned, to my knowledge, for the type of certificates that browsers trust; if a CA offers this, they'll be kicked out of being trusted by browsers. A CA is only allowed to sign a key via a CSR, and therefore the CA never sees the private key of a certificate.
This has been the standard for a pretty long time, and it of course still works this way with ACME certificate issuance as well. Very neat imo.
Sure, but what I said absolutely stands: compromising the CA doesn't do you any good in practice.
Frankly though, I am going to say it; I think the idea that compromising a ton of web servers to be able to build a better profile of a user's web history is part of this UK government surveillance initiative is simply absurd. Compromising servers is a pretty nasty cat and mouse game, especially if you're up against orgs like Cloudflare, Amazon and Google. In practice, there's just no chance this is their strategy.
(And the game certainly isn't going to get any easier. You can, for example, use a TPM to generate your private keys, and have encryption occur on a TPM device, such that extracting them would require much more challenging exploits than just pwning some servers, meaning you'd need to actively have control over the servers to do anything interesting. It's not purely theory, either, though I do not know who is currently using this approach.)
It could be that the Linux kernel random number generator has been backdoored on all the large cloud computing platforms. They could be even snooping the entropy pool in memory, as the system is operating? You don't know what's really going on in a virtualized environment? Also many BMCs have JTAG access to the CPU, what's the chance that they have implants in the BMCs, knowing how insecure they are?
> but it will be detected. For a government surveillance program, this would obviously be a very bad outcome.
For the NSA that's unacceptable, because the Americans specifically don't like people to know who did it, that's even the point of some big known NSA programmes, like that thing where they hack two Cisco routers so that all the stolen data goes from A to B, but via C, and the NSA steal the data again at C, so when A figure out what's happening they blame B...
But for e.g. the Russians it's totally fine. When you send assassins as "tourists" with a patently bogus reason for travel that's not because you're too stupid to do better, it's because that's all you needed for the mission and you don't care who knows it.
Not happy with any overlay network in this day and age, I have a feeling they have all been compromised. One wrong click and the Thought Police will be at your door. Or at least the chilling effect of not knowing whether it's compromised or not is bad enough that it prevents truly free exploration of the network.
We need a one way system such as satellite data broadcasting, which has more than enough bandwidth for a Web 1.0 experience. I had an entire Usenet feed by satellite many many years ago, and it was totally anonymous because it's receive only. We now only have https://blocksat.info/ but hardly anybody uses it.
Random thought: they can't use the intercepted communication against you in court because it would reveal their capability. But they can use it in an indirect way to target you.
> It is so sad that so many people won't experience late 1980s and early 1990s era of the internet, which was devoid of extensive surveillance and censorship.
The redcoats couldn't see the travel of every single person. They couldn't stop every person carrying a letter that had met with a certain person. They couldn't arrest everyone that had read a certain article or newspaper.
The tyranny possible today is far worse than the tyranny of a few hundred years ago
> Haidar of Privacy International says that creating powers to collect more of people’s data doesn’t result in “more security” for people. “Building the data retention capabilities of companies and a vast range of government agencies doesn't mean that intelligence operations will be enhanced,” Haidar says. “In fact, we argue that it makes us less secure as this data becomes vulnerable to being misused or abused.”
What's most important is what they don't say, and that they don't say it: It's a threat to the minority's freedom and safety, their right to hold unpopular views, dissent, and protest. That is the definition of freedom. Saying something 'acceptable' is allowed with or without free speech. As Isaac Asimov (supposedly) said: "Politically popular speech has always been protected: even the Jews were free to say ‘Heil Hitler.’"
But they've given up on that argument, which means they implicitly communicate that they don't believe it, and support the notion that the majority is all that matters.
The only way to defeat these authoritarian, anti-free movements is to stop accommodating them (and thus signaling acceptance of their rule) and to talk assertively and confidently and knowledgeably about universal freedom.
Is it secretive if everyone knows they're doing it? We known what they store and how long for, it's stated in the article. The only thing we don't know is whether much use is made of it or whether the companies are providing it. Safe then to assume you're being monitored already. Which is actually the case in relation to private US multinational companies.
who actually thinks internet communications need to be policed? did phone calls need to be policed in the payphone days?
no actually, explain h0w that works
i dont know a single person these days who thinks that the police need to monitor chat and shit online, yet the police keep adding more and more of this around the world. is it just like in software where one autist is given power over a project and masturbates adding new features to it every day at the cost of anyone who needs to verify the code, because he has nothing else to do? like in governments do legislators just hire some kid with no idea what hes doing out of school and he just creates shit law for the rest of his life and thats the sole way this shit works?
This is why I've been using VPN services for 10 years. In the very list it's a significant extra hoop someone has to jump through to correlate and read my ICRs
For sensitive information you're not normally downloading large amounts of data...obviously there are exceptions and people might need to access big archives and stuff...but generally for just looking up information it's not a lot of data.
57 comments
[ 3.1 ms ] story [ 84.4 ms ] threadhttps://www.openrightsgroup.org/blog/15101/
Just wait till they introduce a law that allows them to imprison people for using a VPN to get around some bs accusation and they don't believe your defense.
IME, younger people have given up on protecting themselves.
It's part of VPN that most users these days don't even understand, as VPN providers are heavily advertised on the claim of improving privacy.
When in reality the VPN only shifts the party you have to trust from one to another, but the problem still remains the same.
https://www.vice.com/en/article/jg84yy/data-brokers-netflow-...
As one of the original posters mentioned, the Internet itself, being so centralized, is the problem. We need a new network.
[0]: https://status.torproject.org/issues/2022-06-09-network-ddos...
[0]: https://gitlab.torproject.org/tpo/core/torspec/-/blob/main/p...
So obviously it's just DNS records they look at, unless they look at other metadata? I know that DoH encrypts your DNS queries, but still leaks the site you're visiting via the TLS handshake.
There are further developments in this space which mitigate this weakspot, namely ECH[0] and Oblivious DoH[1]. Combine a VPN that you trust with these and you've essentially gone dark to this sort of surveillance apparatus.
[0] https://blog.cloudflare.com/encrypted-client-hello/
[1] https://blog.cloudflare.com/oblivious-dns/
[0] https://news.ycombinator.com/item?id=35822465
I think lesson to be learned here is that centralized systems such as the internet, due to CAs (including Cloudflare) and ISPs, are unsuitable for private communications.
It is so sad that so many people won't experience late 1980s and early 1990s era of the internet, which was devoid of extensive surveillance and censorship.
Hopefully, humanity will somehow figure out a superior, decentralized communications platform to ensure privacy. However, the current internet offers no such guarantees.
My recommendation at this stage is to assume that government and supranational organizations control the entirety of the internet and act accordingly as if internet had no privacy.
A government agency using a root key, and getting spotted, would be disastrous for everyone, themselves included. So, if they do have them, and I think you are probably right to assume they do, they would only use them as a last resort in incredibly extreme cases. It would not surprise me if they have have them but have never used them.
Because the parent you're replying to seems to be talking about any/all governments rather than just the UK, and I'm guessing your statement here was 'scoped' to the UK only - I think it's important to point out that this absolutely HAS happened on multiple occasions outside of the UK.
https://en.greatfire.org/blog/2013/jan/china-github-and-man-...
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-agai...
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-att...
Twelve years ago is a different era, no Blessed Methods, no Certificate Transparency, pinning was new, which is why they got caught.
Certificate Transparency ensures that having control over a Certificate Authority's private keys doesn't allow for undetectable MITM attacks since both Chrome [1] and Apple (Safari) [2] will not trust certificates that have not been submitted to CT logs and stamped as such. If a government attempts to issue a trusted certificate using a CA they control, it will be logged. You can't passively decrypt TLS connections with just access to a CA's private keys since those aren't the keys involved in communication, or even the server's private key due to forward secrecy (assuming modern TLS configs).
[1]: https://groups.google.com/a/chromium.org/g/ct-policy/c/wHILi...
[2]: https://support.apple.com/en-gb/HT205280
FTL:
>Firefox does not currently check or require the use of CT logs for sites that users visit.
Uggh... Anyone know why? Seems sensible to check.
[0]: https://developer.mozilla.org/en-US/docs/Web/Security/Certif...
1. Embedded in the certificate itself - no communication with a third-party
2. Distributed via TLS extension - no communication with a third-party
3. OCSP stapling - the server is the party that initiates a connection with the CA, the client doesn't touch the CA
You only need the complete set of CT logs if you want to verify the logs have not been tampered with.
I should get around to making an "Evil-CA" software that explicitly maintains those two logs.
Note that even if you have the private key for a specific certificate, you still cannot perform a passive MitM attack against servers that use modern TLS using perfect forward secrecy, and active MitM attacks can sometimes be detected by the web server itself. There are different techniques that have cropped up; here's an old doc page about Caddy v1, mainly because it's the one that I remembered first:
https://caddy.its-em.ma/v1/docs/mitm-detection
That said, as others have mentioned, CT logs basically foil direct man-in-the-middle attacks abusing CA certificates. The attack will work, assuming it isn't foiled by HSTS, but it will be detected. For a government surveillance program, this would obviously be a very bad outcome.
The CA system definitely gets some deserved flak for being flawed, however I've personally found myself impressed with how much practical security against attackers the web ecosystem has managed to build up. It also was probably good to get more of it done ahead of time before governments could try to abuse gaps in the system; as it stands now, if we had DoH and ESNI (edit: or, now, ECH, I suppose) deployed widely across the internet, it would probably render this entire government surveillance operation useless.
You can then intercept everything through the ISP gateway. It would be theoretically possible to fragment the entire internet this way via coordinating with the ISPs.
This has been the standard for a pretty long time, and it of course still works this way with ACME certificate issuance as well. Very neat imo.
Or it would require compromising the server [0]
[0] https://www.csoonline.com/article/3137065/shadow-brokers-lea...
Frankly though, I am going to say it; I think the idea that compromising a ton of web servers to be able to build a better profile of a user's web history is part of this UK government surveillance initiative is simply absurd. Compromising servers is a pretty nasty cat and mouse game, especially if you're up against orgs like Cloudflare, Amazon and Google. In practice, there's just no chance this is their strategy.
(And the game certainly isn't going to get any easier. You can, for example, use a TPM to generate your private keys, and have encryption occur on a TPM device, such that extracting them would require much more challenging exploits than just pwning some servers, meaning you'd need to actively have control over the servers to do anything interesting. It's not purely theory, either, though I do not know who is currently using this approach.)
https://www.asset-intertech.com/resources/blog/2017/12/micro...
For the NSA that's unacceptable, because the Americans specifically don't like people to know who did it, that's even the point of some big known NSA programmes, like that thing where they hack two Cisco routers so that all the stolen data goes from A to B, but via C, and the NSA steal the data again at C, so when A figure out what's happening they blame B...
But for e.g. the Russians it's totally fine. When you send assassins as "tourists" with a patently bogus reason for travel that's not because you're too stupid to do better, it's because that's all you needed for the mission and you don't care who knows it.
Major ISP's definitely I feel like would do this. And most people are leaving DNS as default to their ISP (especially on mobile)
Its litterally the law, they will comply with the law.
We need a one way system such as satellite data broadcasting, which has more than enough bandwidth for a Web 1.0 experience. I had an entire Usenet feed by satellite many many years ago, and it was totally anonymous because it's receive only. We now only have https://blocksat.info/ but hardly anybody uses it.
Was it though?
The tyranny possible today is far worse than the tyranny of a few hundred years ago
> Haidar of Privacy International says that creating powers to collect more of people’s data doesn’t result in “more security” for people. “Building the data retention capabilities of companies and a vast range of government agencies doesn't mean that intelligence operations will be enhanced,” Haidar says. “In fact, we argue that it makes us less secure as this data becomes vulnerable to being misused or abused.”
What's most important is what they don't say, and that they don't say it: It's a threat to the minority's freedom and safety, their right to hold unpopular views, dissent, and protest. That is the definition of freedom. Saying something 'acceptable' is allowed with or without free speech. As Isaac Asimov (supposedly) said: "Politically popular speech has always been protected: even the Jews were free to say ‘Heil Hitler.’"
But they've given up on that argument, which means they implicitly communicate that they don't believe it, and support the notion that the majority is all that matters.
The only way to defeat these authoritarian, anti-free movements is to stop accommodating them (and thus signaling acceptance of their rule) and to talk assertively and confidently and knowledgeably about universal freedom.
no actually, explain h0w that works
i dont know a single person these days who thinks that the police need to monitor chat and shit online, yet the police keep adding more and more of this around the world. is it just like in software where one autist is given power over a project and masturbates adding new features to it every day at the cost of anyone who needs to verify the code, because he has nothing else to do? like in governments do legislators just hire some kid with no idea what hes doing out of school and he just creates shit law for the rest of his life and thats the sole way this shit works?