Privacy and your ISP

My view on this is that if you're willing, at least you can minimize exposure. Of course there's always many things out of our control. Specially concerning law enforcement, government, etc. Mostly you even want it that way, other things bother you alot. As for surfing habits, shoping, messages, etc, if you can minimize, and want to, you can control for many things.
Bottom line: There's always somebody who can access your info, but you can lock most out.

 

Personally, I don't take any steps to ensure that my ISP does not log what I do, instead relying upon the fact
that my ISP doesn't know me and has no reason to look at what I am doing.

However, lets assume I don't trust my ISP and I don't have a reasonable alternative.

I have a different ISP at my office, so it's quite easy to go and remotely connect to a computer there and conduct my business from *that* connection. All my home ISP will know is that I established a connection to my office. They won't know what I did over that remote pipe.

We also have servers located in the US. Again, it's possible that I could remote out again from my office and use those servers. This means that if it's Australian ISPs in general that I don't trust that:

a) My home ISP knows that *I* have made a connection to my office at a certain time.
b) My office ISP knows that *someone* from Tall Emu has made a connection to a US Server at a certain time
c) I rent the servers at the data centre in the US - so they're my logs , but
d) I dont know (but doubt) if the data center has the capacity to log traffic out of all its servers. BUT it does know that certain IP ranges are rented to me, so on request from law enforcement (or on receipt of a complaint that breached TOS) it would have words with Tall Emu.

I suppose that using this scenario, one could put together a service (say, based on SSH port forwards of certain ports on your PC to go through a cluster of servers) which would securely bypass your ISP (all they would see is an SSL connection, so that theoretically passes your test) - but you still have some servers at the other end. And, since bandwidth is not free they're likely to be paid for. Which means the company offering this service needs to somehow convince you that *they* aren't logging what you do.


Mike

 

I fully agree that you do have to intentionally try to block some of this info from leaking or being taken from you personal computer My ISP leaking my info is not a problem to me. But the problem is that where we have the most chance of getting our info accessed or stolen is not on the home computer, it is going to be on the corporate computers of the world and on the credit card readers that transmit information over the phone lines everytime your card is swiped throught the reader or through postal mail we have no control of once it leaves our hands. It is truly amazing we aren't in more trouble with the privacy losss we have been going through for many years. Good luck to us all,we are going to need it because it is going to get much worse.

bigc

 

Privacy vs. Efficiency. Nowadays it seems that they are opposite. At least for services. Sorry for the off topic (a bit).

 

I have no time to read the whole thread, I'm not sure if it is mentioned before. Sorry if it did.

Yes, an ISP is probably the "ultimate spy". Imagine that ISP is someone who is behind your back. It can watch you nearly everything you do online. It can even watch your login username and password in this forum. Whether it will actually do it or not is another issue, but the potentiality is there.

Regarding the prevention, there are actually things which can (near to) completely protect your privacy against this threat. Encrypt all your traffic before it goes to your ISP. Now it doesn't know any content of your traffic. However it still know the destination of your traffic. Then use anonymous proxy like Tor to submit your data. So it only knows that you have submitted the data to one Tor server, but it doesn't know your real destination. Due to the design of Tor, it makes your ISP very very difficult to trace your traffic. It might be next to impossible unless the Tor has left backdoors behind or have serious bugs.

However this method has its own limitation. Your destination has to know how to decrypt your data too, or it can't read your data either. Since there is very few websites which will support this, this wonderful method can't be implemented. However you could still use Tor to avoid your ISP to spy on you. However you open another privacy threat. The last node of the Tor server can read your data unless your destination supports (so the data will kept encrypted). However the traffic is randomly assigned, the last node will frequently change, so no one can spy you all the time.

Using Tor or any similar anonymous proxy like this is the best you can do. However Tor itself may pose some potential security risks since everyone can be a Tor server. If you wish to know the details, ask me via PM or here.

 

Are there proxy servers that accept a strong encrypted connection from your PC to the proxy server? The proxy server then decrypts the traffic and sends it to its final destination.

When the destination responds, its sent back to the proxy server (which encrypts the response) and sends it back to your PC.

Does this kind of proxy service exist ?

 

Tor Servers.

 

The quote below gave me the impression that was one of the limitations of Tor

 

Here's a quick primer on TOR - http://tor.eff.org/overview.html.en

Mike

 

You see, he only pointed out that using Tor servers only transfers the privacy issue from your ISP to the Tor servers themselves. Something has to be able to read the info. If the website can't, it's up to the Tor servers to decypher and connect to the website.
But then these servers are the ones that can read the info. Using several servers diminishes that "jeopardy", since only the last one has the info (assuming alot, i don't know that much myself), and the others know the source of the requested page (you).

I'm not an expert, i need to say, i get concepts. But i think you should get the picture now. For technical questions i sign out

 

I am a licensed attorney and, so, since I have my professional reputation on the line when talking about matters of law, I must be particularly careful in what it is that I assert. I do not wish here to engage in a polemic. I simply wish merely to make a couple of points which, I hope, helps to clear the air and define the matter a little.

First, the issue of "privacy and the internet" is slowly evolving. Advances in the two areas of computer technology and information access and dissemination are moving much faster than either Congress can legislate or the Courts can adjudicate. Thus, the respective rights of various actors in the domain of the internet are currently in a state of -- to coin a phrase (if you will permit me, albeit a bit of an oxymoron) -- "agitated stasis." Second, the only "privacy" right that is clear and incontrovertible, in the context of the U.S. Constitution, is the right of the people to be free from unreasonable searches and seizures, as spelled out in the Fourth Amendment.

Where matters get a bit wooly is in the attempt to discern the parameters of privacy beyond the scope of that expressed in the Fourth Amendment. There are U.S. Constitutional scholars who would argue that privacy qua general privacy is one of the hallmark rights of all free men and therefore need not be spelled out with exactitude in the Constitution. These scholars often find a "general right of privacy" in the Ninth Amendment. The problem is that in the vast body of U.S. Constitutional (precedential) law to date, apart from scholarly law review articles (that are not precedential law), one would be hard-pressed to find any support for such a general right of privacy. In that respect, the oft mentioned case Roe vs. Wade is seen not as a firm base for such a finding but, rather, as an anomaly, i.e., an example of bad law. The Court's retractors view the Majority of the Court in that case as having attempted, improperly, to create a general right of privacy where none existed because a general right of privacy is not explicitly set forth in the U.S. Constitution. The Ninth Amendment is seen by these individuals as essentially redundant -- not creating any new or expansive rights. I, for my part, am not taking a stand here one way or the other. I merely wish to clarify the issue -- from the legal perspective.

In the context of the issue presented in this thread, precedential law today tends to suggest that one does not have a privacy right to the material he presents on the internet. And, I am not here talking about intellectual property rights, which are something else again -- created by Statute -- not existent in the Constitution.

Hope this helps.

 

A simple way to visualise TOR would be:

You're at one side of a crowded room and you want to pass a message over to someone at the other side.

Hand someone the piece of paper (in an addressed envelope - with no return address specified) - they pass it on. It winds it's way over the room. The last person opens it, reads it to your target, notes down a response, seals it, and passes it back again to the person that originally passed it to them.

The end server doesn't know it's you because the request came from someone else, and any response is passed back down this chain. Nobody (aside from you, the server, and the last person in the chain) knows your message or the response that you received.

The only person who knows who the request came from is the person you passed it to (and the server, if you provide personal or identifying information). The number of hops in the chain (or people in the room) determine how obfuscated the path from you to the server is.

Note that when you use Tor, you consume this service - but you also provide it to others - so it's possible that you are either a node in the middle passing encrypted data, or a node at the end - passing someone elses data in the clear (or all of the above).

 

ESQ_ERRANT: Thanks for the needed law input. Do elaborate more. But i have to say this about these days:

When needed the constitution is torn appart; or followed blindly, in the exact letter of the law, without regard for the intention of writing the law in the 1st place. That's not exactly a state of law, it's a game for polititians and power thirsty people. It's not about law and order. It's whatever they see fit.

 

You raise a good point. Nothing in social law is immutable, unlike the laws of physics -- and, even there, it appears that the laws of physics are more malleable than previously thought. Lay people find what they want to find in the Constitution to support their particular bias. Unfortunately, the judiciary is often no different. The judiciary's pronouncements are often no more than heavy and "heady" pontification -- personal conceits rather than assertions supported by sound legal precedent. And precedent is, after all, the only thing we have to keep us properly grounded and directed in the area of social compacts.

 

A good analogy.

In summary, the recipient, the first and last postperson can only know some, but not all, info about you during the transfer.

Only if you have selected this option, which is good since it further obfuscates your traffic.

 

That means the last node is able to read your info in plaintext unless the website supports SSL or its similar too. (so does the destination, but it is desired, or why do you wish to send it in the first place).

You may wish to try Tor. Although it doesn't solve all problems, it is better than doing nothing (and remember to select to be one of the Tor servers too, so your traffic can be further obfuscated [more protection]).

 

Couldn't find to much information on the encryption level being used on the hop
from a computer to the first node. Shouldn't the browser show that you are using an encrypted connection when using Tor ? (ie like Firefox does)

Another point I realized is that some ISPs customize the modem software. Would this be a point where traffic analysis could occur and defeat the use of Tor and the proxy ?

 

AES, see Paranoid2000's post here.

No. When you see the padlock in Firefox, that is an SSL connection between Firefox and the web server.
With TOR, there will be a local (within your computer) unencrypted connection between Firefox and the TOR proxy client. The TOR client then creates the encrypted channel between it and the first TOR node.

Yes possibly. Best advice is don't use the ISP's lousy software.
If your ISP doesn't allow you to connect directly and help you to set it up, get another ISP.

 

problem is

TOR is too ****en slow

 

Ladies and Gentlemen, The internet is a Public Network not a Private Network. If you need security then run a VPN and/or use some encryption. Say AES with IPSec.

It's not all or nothing. The reality is that for centuries cities have employed "watchmen" (now called Policemen) for the purpose of observing and preventing or obstructing crime. This now extends to communications. Sure they shouldn't interfere unnecessarily in the privacy of the law abiding citizen but they should monitor terrorists, criminals, and other miscreants. Where the line is drawn is a valid subject for debate.

Even Adam was scrutinized by God's CCTV system when he went to the orchard

Phasechange

 

TOR is like covering your data in treacle then posting it 2nd class with a deliver by Christmas sticker on it but no year specified.