Hacker News new | ask | show | jobs
by sir-alien 3496 days ago
I do find such a law quite strange though. The intention (at least for public consumption) was to help "prevent" terrorism. Not sure how the NHS or health services seeing your browser history will do that.

France already has a similar law in place so I wonder how that worked out for them by preventing the Bataclan massacre. (it didn't)

This law will probably not help in any shape or form to prevent terrorism but was merely implemented to provide some form of leverage over people.

"Do as we say or this lovely data becomes public, or you are denied healthcare because of a site you visited but never visited because it was a hidden iframe"
2 comments
toyg 3496 days ago
The truth is that authorities the world over have finally caught up with the internet. Look at it this way: they already had pretty extensive powers to monitor telephone calls and correspondence; then the internet came about, and slowly made them blind.

Until a few years ago, they compensated by treating the internet as a free-for-all where they could spy at will; as people fought back and started to demand accountability and limits, they responded with a legislative backlash that is slowly making gains everywhere. The most authoritarian-inclined states (UK, France, Italy) have passed the worst laws, but others are busy following suit.

It's an ideological battle, and they are winning it. One day we will look back at the Chinese firewall as a pioneering effort.

link
Quarrelsome 3495 days ago
> The truth is that authorities the world over have finally caught up with the internet.

This isn't true they misunderstand it. They're trying to force it into their centralised, controllable world-view. They haven't yet figured out that this doesn't work with a decentralised system where its trivial for people to hop on and off the network irrespective of geography and borders.

This is hardly a battle they can win, the outcome is just that the average citizen is watched and those with knowledge of the internet circumvent the snooping. This will slowly chug along until someone leaks or gains a copy of the data, shares it online, ruins a bunch of lives, prompts public outcry and then they inevitably scrap it.

link
napworth 3496 days ago
I've been wondering, do we have any idea on what type of data they'll be recording now?

- Is it domain names, or subdomain names?

- How do they get the domain names? Do they look at IP addresses I'm connected to and do a lookup?

- If I use a VPN, will all my traffic come up as that VPN?

- How will they link an internet connection to a person? Will it be done on the name they used when they signed up, their house address, or their billing details?

link
sir-alien 3496 days ago
When using a VPN (IPsec, OpenVPN, etc - something secure) then all the ISP will see is that you connected to your VPN IP and how much data volume was transferred.

Since the traffic exits at the VPN only the VPN endpoint would be able to read this meta data if they did such a thing which is not impossible but not normal. The worst case scenario is that your encrypted traffic is recorded for a while then they come knocking on the door for the encryption key. Alternatively if the international VPN provider is of the cooperating kind then they can log this data on behalf of your government. So use a foreign VPN provider that stands up for rights or use a dedicated server in a foreign country.

I have always wondered if this could be avoided though by using some form of rotating keys that you throw away or perfect-forward-secrecy if this works.

link
napworth 3495 days ago
Do you have a suggestion for a paid VPN service?
link
christoph 3495 days ago
https://gist.github.com/joepie91/5a9909939e6ce7d09e29

But if you must: https://thatoneprivacysite.net/

link
UniversalBlue 3495 days ago
This article [1] is so stupid I want my seconds back.

The matter in question is: who do you trust more? Your ISP or the VPN provider? The default should be that you don't trust your ISP, especially if you are in the UK. Hence, trusting a VPN provider is the lesser of two evils.

Will that protect your child-pornography-viewing? If you use Qubes OS, where you have a VPN on the host, then you use Whonix in a VM, where you use tor, then you are probably safe.

Are you a terrorist planning to destroy America? You are probably our of luck, but for the truly paranoid it could be achieved.

My advice: it is better to trust VPN providers in other countries than your own, just select decently (aka, not Hide my Ass). NEVER trust your ISP!

[1] https://gist.github.com/joepie91/5a9909939e6ce7d09e29

link
UniversalBlue 3495 days ago
Cryptostorm or VikingVPN.
link
ionised 3495 days ago
Mullvad
link
legatus 3495 days ago
Could you please elaborate why Italy has one of the worst laws? Never read about it.
link
toyg 3495 days ago
The public-wifi law recently amended, the anti-blogging laws, the leeway given to authorities to run riot over a datacentre if even just one account comes under suspicion, the cozy relationship with Hacking Team... all datapoints confirming an overall view of the internet as something to be curtailed and intercepted.
link
dasboth 3495 days ago
I completely agree with your sentiments.

But just to play devil's advocate, it is possible the authorities could have prevented the Bataclan massacre but chose not to "for the greater good". There's a similar conspiracy theory around the Coventry blitz[0].

It might very well be false, I'm just suggesting there may be an alternate explanation (i.e. the French surveillance is actually working very well).

[0] http://www.bbc.co.uk/news/uk-11486219

link