Poll: Investigatory Powers Bill or "Snoopers' Charter" has been approved

[datalol-jack]

I shall write a script that visits facebook,twitter,google plus, daily mail and writes nonsensical comments in the background so it appears I am a good little citizen whilst I continue on my VPN SSL tunnel .

Make sure to drop a few lines on Mumsnet, along the likes of:
'Just had kids. Wow! A real stake in the future of this country.'
'Experts, ha, Jenny from the Co-Op knows better!'
'To Lululemon or not to Lululemon.'
'I for one respect and support the firm authoritarian grip of our glorious PM!'
'How do I hide all pornography on the internet?'
'My son really likes My Little Pony; what have I done wrong?'

 

[Narj]

It sounds like you think VPN traffic is encrypted even beyond the endpoint!!!

That is astonishing. Encryption ENDS at the endpoint. lmao. If someone is accessing criminal material over a VPN it's still openly visible beyond the endpoint unless there is service level encryption involved.

When you sign up to a Public VPN provider, you get given a list of possible endpoints you can use.

You connect to this endpoint, and then your external IP changes to the IP address of the endpoint.

There could be upwards of 30+ people using this same endpoint. Therefore you are now sharing the same IP address as 30+ other completely random people.

Mate I work in network engineering and you're talking rubbish.

It's about the jurisdiction you terminate your endpoint in. There will always be some form of accountability unless the termination point deliberately doesn't log.

You have to temrinate somewhere that will stick two fingers up to the authorities.

 

[Mynight]

Make sure to drop a few lines on Mumsnet, along the likes of:
'Just had kids. Wow! A real stake in the future of this country.'
'Experts, ha, Jenny from the Co-Op knows better!'
'To Lululemon or not to Lululemon.'
'I for one respect and support the firm authoritarian grip of our glorious PM!'
'How do I hide all pornography on the internet?'
'My son really likes My Little Pony; what have I done wrong?'

Good idea I'll randomise those strings then see if Microsoft has an API for Tay for Daily Mail comments .

 

[asim18]

Mate I work in network engineering and you're talking rubbish.

It's about the jurisdiction you terminate your endpoint in.

What is about the jurisdiction you terminate your endpoint in? Your phrases are absolutely non-sequitur.

Are you telling me if an endpoint is in Austrailia and has a public IP address of 10.10.10.10, and there are two people connecting from UK and SPAIN, that they will somehow show different public IP addresses???

You sound like you have no clue what I'm talking about nor how a VPN works, It's saddening in all honesty. Maybe ask in Networking someone else might help you understand.

It doesn't matter what jurisdiction you're in lmao, don't even know what that word has to do with anything. If you're connected to a public VPN providers endpoint, that public IP is shared with up to 30+ random strangers. It's as simple as that.

I don't know of a single public VPN provider that provides dedicated IP addresses. None. In fact the whole point of public VPNs is that your sharing an endpoint with lots of random people. I don't even know what you're disputing.

 

[datalol-jack]

Mate I work in network engineering and you're talking rubbish.

It's about the jurisdiction you terminate your endpoint in.

Careful, Narj, he can get a MAC-10 in under five minutes.

 

[Narj]

What is about the jurisdiction you terminate your endpoint in? Your phrases are absolutely non-sequitur.

Are you telling me if an endpoint is in Austrailia and has a public IP address of 10.10.10.10, and there are two people connecting from UK and SPAIN, that they will somehow show different public IP addresses???

You sound like you have no clue lmao.

I'm struggling to understand if you're arguing for or against me in all honesty.

Thu Nov 24 23:47:04 2016 client1/XX.XXX.XXX.XX:60966 MULTI: primary virtual IP for client1/XX.XXX.XXX.XX:60966: 10.8.0.6
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX:60966 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX:60966 send_push_reply(): safe_cap=940
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX1:60966 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 4.2.2.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

This is the kind of tie-up that's kept by a lot of VPN providers. If that's wilfully deleted or is on a server outside of UK jurisdiction (or one under international agreements) then you're fine on a multi-user service.

NordVPN deliberately run everything on a RAM disk so nothing gets stored physically.

 

[Dj_Jestar]

It sounds like you think VPN traffic is encrypted even beyond the endpoint!!!

That is astonishing. Encryption ENDS at the endpoint. lmao. If someone is accessing criminal material over a VPN it's still openly visible beyond the endpoint. (Unless there is service level encryption involved but that would be a bit advanced for GD).

When you sign up to a Public VPN provider, you get given a list of possible endpoints you can use.

You connect to this endpoint, and then your external IP changes to the IP address of the endpoint.

There could be upwards of 30+ people using this same endpoint. Therefore you are now sharing the same public IP address as 30+ other completely random people.

If you access a https website over VPN, that does not mean encryption ends at the VPN exit.

 

[asim18]

I'm struggling to understand if you're arguing for or against me in all honesty.

Thu Nov 24 23:47:04 2016 client1/XX.XXX.XXX.XX:60966 MULTI: primary virtual IP for client1/XX.XXX.XXX.XX:60966: 10.8.0.6
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX:60966 PUSH: Received control message: 'PUSH_REQUEST'
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX:60966 send_push_reply(): safe_cap=940
Thu Nov 24 23:47:06 2016 client1/XX.XXX.XXX.XX1:60966 SENT CONTROL [client1]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 4.2.2.1,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)

This is the kind of tie-up that's kept by a lot of VPN providers. If that's wilfully deleted or is on a server outside of UK jurisdiction (or one under international agreements) then you're fine on a multi-user service.

NordVPN deliberately run everything on a RAM disk so nothing gets stored physically.

Why you're arguing against my point with completely unrelated non-sequitur upon non-sequitur?

What has the VPN's internal logging (or lack thereof) got to do with the fact that the public IP is shared between 30+ random people?

 

[Narj]

If you access a https website over VPN, that does not mean encryption ends at the VPN exit.

That too... Christ, this place makes my head hurt sometimes!

 

[Narj]

Why you're arguing against my point with completely unrelated non-sequitur upon non-sequitur?

What has the VPN's internal logging (or lack thereof) got to do with the fact that the public IP is shared between 30+ random people?

Calm down, I think that what we're getting at is that you need to pick a VPN provider that doesn't leave any trace of connection records that could tie you down when it comes to a subpoena.

It really depends on the setup. Most companies will have firewalls and if they log, this will provide a breadcrumb trail if they are logging - maybe unintentionally. Matching by timestamp may be enough to get you in trouble.

 

[asim18]

If you access a https website over VPN, that does not mean encryption ends at the VPN exit.

lol. I mentioned that in my post. I even said it would be too advanced for GD to understand and you appear as if you don't.

You cannot refer to two seperate encryption mechanisms as one.

Service level encryption should be considered separate. You cant say encryption doesn't end at the endpoint just because there is service level encryption. The vpn's encryption DOES and always ends at the endpoint even if the service is encrypted between from client to server.

Anyway, It still doesn't separate you from 30+ randomers who are sharing the same public IP address.

 

[Narj]

The vpn's encryption DOES and always ends at the endpoint even if the service is encrypted between from client to server.

The VPN's encryption ends, but the connection is still encrypted end-to-end so the content is not visible to a third party. All an encrypted connection over VPN does is add overhead.

 

[markonius]

Using a VPN if you're actually innocent is about the most stupidest thing you can do, and using a VPN for actual illegal purposes is the second most stupidest thing you can do.

All you're doing is associating your traffic with traffic that is potentially used by actual criminals for criminal purposes.

That's a possibility even without a VPN. With most people having a dynamic IP address, every time you go online there's a chance that the last person who was assigned your IP address used it to look at kiddy porn. So you could be doing your legitimate browsing, Facebook, emails, with an IP address the authorities know has visited a child porn site. But you aren't associating your traffic with criminal traffic, you just have an IP that someone else used for criminal stuff. You aren't "tainting" yourself by having the same IP that a criminal has used, the authorities know about dynamic IP's and VPN's.

It doesn't take much association to get all your data from FB/Google/and all. "This user has been using the same IP address as so and so criminals you must hand over all data to us now.".

And this is what it's about. Data. There's a massive war of data going on. Didn't the government even manage to infiltrate Google HQ a couple years ago? Hasn't there already been increasing pressure for Apple and Google and all to make their data available to government agencies?

That's sort of a separate thing but I agree entirely, which is why I don't use Google or Facebook. I'm still on Twitter (for now). They've got a bit of a better record when it comes to challenging government requests for data.

 

[asim18]

Calm down, I think that what we're getting at is that you need to pick a VPN provider that doesn't leave any trace of connection records that could tie you down when it comes to a subpoena.

When you do masquerading (PAT), you may preserve the source port based upon source IP. If there are logs in place then this could be used to identify you. It really depends on the setup. Mid-Larger companies will have firewalls and if they log, this will provide a breadcrumb trail if they are logging - maybe unintentionally. Matching by timestamp may be enough to get you in trouble.

Nope. I'm sorry but that's still got absolutely nothing to do with the point. Another non-sequitur I'm afraid to say

Cant believe I'm having to reiterate for about the 4th time, honestly I've lost count


Johnny lives in England, Roberto lives in Spain. They are both using the same public VPN service and both their public IP addresses are now the same 1.1.1.1 (for example).

When Johnny makes a request to bbc.co.uk, bbc.co.uk sends a response to 1.1.1.1 because the server at bbc.co.uk cannot traverse into the VPN's local network to communicate directly with Johnny.

When Roberto makes a request to a criminal server, it sends a response to 1.1.1.1 because the server cannot traverse into the VPN's local network to communicate directly with Roberto.

The fact that bbc.co.uk news stories and criminal material are being sent to the IP address 1.1.1.1 is open for anyone to see. Any router on the internet or any internet exchange point (which are documented as being almost completely infiltrated!) will be able to tell you where a packet is bound for. In this case the packets are bound for the router at 1.1.1.1. This information is open for anyone to see, it is NOT dependent on the internal policies of the VPN provider or any sort of logging or lack thereof.

The fact that packets are being sent from a known criminal server to 1.1.1.1 is known, open knowledge. The fact that Johnny enjoys connecting to 1.1.1.1 is known, open knowledge. I know I wouldn't want any sort of association with 1.1.1.1 (replace with any ip address of any public VPN service.)

Now, will the VPN provider release any logs to prove Johnny is the one looking at BBC.co.uk, or based on the limited evidence will they assume Johnyy could potentially be the one looking at criminal materials since he always seems to have a connection to the same VPN?

My point is I would not want want to be part of that potentiality. Which is why I'd rather continue to do all my internet browsing unfiltered. In my personal opinion giving the government access to all the sites I visit is better than having the same IP address as a criminal. Fin.

 

[Narj]

Now, will the VPN provider release any logs to prove Johnny is the one looking at BBC.co.uk, or based on the limited evidence will they assume Johnyy could potentially be looking at criminal materials since he always seems to have a connection to the same VPN?

EDIT: nvm, can't be bothered.

 

[markonius]

Nope. I'm sorry but that's still got absolutely nothing to do with the point. Another non-sequitur I'm afraid to say

Cant believe I'm having to reiterate for about the 4th time, honestly I've lost count


Johnny lives in England, Roberto lives in Spain. They are both using the same public VPN service and both their public IP addresses are now the same 1.1.1.1 (for example).

When Johnny makes a request to bbc.co.uk, bbc.co.uk sends a response to 1.1.1.1 because the server at bbc.co.uk cannot traverse into the VPN's local network to communicate directly with Johnny.

When Roberto makes a request to a criminal server, it sends a response to 1.1.1.1 because the server cannot traverse into the VPN's local network to communicate directly with Roberto.

The fact that bbc.co.uk news stories and criminal material are being sent to the IP address 1.1.1.1 is open for anyone to see. Any router on the internet or any internet exchange point (which are documented as being almost completely infiltrated!) will be able to tell you where a packet is bound for.

Now, will the VPN provider release any logs to prove Johnny is the one looking at BBC.co.uk, or based on the limited evidence will they assume Johnyy could potentially be looking at criminal materials since he always seems to have a connection to the same VPN?

People who don't really understand how often IP addresses are shared might assume that Johnyy is the criminal but my first assumption would be that it isn't him, as someone using a VPN for criminal purposes would be careful not to cross-contaminate by looking at other stuff like news sites, where it might be possible to narrow down a search for that person particularly if they look at regional news pages.

Even if you have a suspicion that Johnny might be guilty, it's not his or the VPN's responsibility to prove he innocently looked at bbc pages. You need more than a matching IP address to convict in any trial involving internet offences.

 

[Narj]

People who don't really understand how often IP addresses are shared might assume that Johnyy is the criminal but my first assumption would be that it isn't him, as someone using a VPN for criminal purposes would be careful not to cross-contaminate by looking at other stuff like news sites, where it might be possible to narrow down a search for that person particularly if they look at regional news pages.

Even if you have a suspicion that Johnny might be guilty, it's not his or the VPN's responsibility to prove he innocently looked at bbc pages. You need more than a matching IP address to convict in any trial involving internet offences.

On a properly configured, multi-user VPN server with overloading, it's difficult to tie stuff up beyond reasonable doubt, actually. It's just given me cause to mess around with my own VPN servers and see how much I can correlate.

It's pretty tricky in all honesty but I know that if I were at work, things would be different. It depends on what you log. You can always try to tie up traffic profiles on different segments.

I think asim's idea of "let them see everything I do" is a bit naive in all honesty.

 

[asim18]

I think asim's idea of "let them see everything I do" is a bit naive in all honesty.

You are wrong yet again. That is not my idea nor my argument. My idea is simply that I don't want to be associated with a dirty public IP address, which is pretty much guaranteed to be the case with almost all public VPN services.

It's not my idea that the government wants to see what I'm doing . I'm 100% against that, I've made hundreds of posts speaking against governmental mass spying!

 

[Narj]

You are wrong yet again. That is not my idea nor my argument. My idea is simply that I don't want to be associated with a dirty public IP address, which is pretty much guaranteed to be the case with almost all public VPN services.

It's not my idea that the government wants to see what I'm doing . I'm 100% against that, I've made hundreds of posts speaking against governmental mass spying!

Well to your credit, you've got me determined to do some research on correlation of VPN traffic now.

Easy when you've got a firewall that does AD or similar integration. Not so much in other situations!

 

[Craterloads]

Wtf is this thing a done deal or still a chance it gets stopped? This is insane