How long do ISPs store your browsing history and what is stored?
- Thread starter oxf77
- Start date
yes - mandatory backdoor on the phone, before image encrypted, in conjunction with some kind of AI type image inspection and signature calculation.
authorities can still back door into people phones with the likes of Israeli pegasus though - to wit MBS killing Khashoggi.
(doubt that Ios is all open source for users to confirm there are no back doors there, is android all open source?)
extrapolation from cases/offenders they are aware of/prosecuted ? tip of the ice-berg
Yes I'm aware it has to be before encryption. But that defeats a major point of encryption. So I still consider it compromising end to end encryption.
Last edited:
Isn't TOR run by part of the US gov?
ISPs for the most part do two things.
First they keep what we called 'raw flow data'*, this is a record of the source IP, destination IP, port/protocol and the amount of data transferred in that flow, against your subscriber ID. They don't keep any of the payload, just a record of the headers, and I believe they keep it for 12 months, and for 12 months after you terminate your contract with your ISP. Essentially this can be used to prove that you accessed a certain destination, at a certain time - and that's about it.
The second thing is called 'lawful intercept'. If you're suspected of doing something naughty (and I mean very naughty), the police can go to court and ask a judge for permission to do something called a 'flow tap'. A flow tap is where the ISP will tag your session on it's BNG (broadband network gateway), copy all of your live incoming and outgoing data packets in real time. It then gets sent down a tunnel to a receiving device (which the police own) where they can analyse your raw data - so they get everything you're uploading/downloading, and you'd have no idea it was happening.
Essentially - a VPN will defeat both of these, in terms of obfuscating all of the data.
The biggest problems with VPNs come down to the amount of *stuff* that your connection hits, your computer logs into all manner of different background services, stuff like google/gmail, facebook, steam, etc etc - things that all have an account with your name on, often without you knowing.
For example, if you were downloading illegal material from a server and the server was compromised and being monitored by the police. If you were using a VPN - they'd see the source address of your VPN endpoint hitting the server, if you'd logged into your gmail account or facebook at any time whilst on that VPN and the police enquired with the tech companies about that source IP and any accounts linked to it, technically they could link that same VPN endpoint address to your name.
*not all ISPs log flow data or can do flow taps, it's generally only ones which have been told to, and I believe it's 2 or 3 of the biggest ISPs. Smaller ISPs lack the capability to log that sort of data or logging.
Last edited:
There are quite advanced versions of what you are talking about in play now for law enforcement purposes where they can correlate traffic patterns to, for want of a better word, infer a lot of what is crossing a VPN and who and where even when someone isn't leaking information via stuff logging into Google, etc., not perfect but can give a lot of insight into what is going on. It does require resources and leg work though which IMO is one of the reasons behind all the stuff with the "safety" bill and trying to weaken encryption.
Last edited:
Thing with this is, it penalises the innocent, maybe catches some casual criminals who are mostly sloppy enough they can be caught via a bit of leg work without having to compromise encryption and either drives the real problem criminals further underground and/or as is usually the case with client side authentication hacked sooner or later and bypassed.
Soldato
Completely agree.
Not only does it provide a way in for the hackers, but I guarantee you that most arrests will not be for child abuse. They will be for the accidental criminal. You know, the guy who had no idea he was supposed to pay tax for selling grandma's old piano on eBay.
Soldato
Somehow, I don't think that's what the government have done. I think that there is something else behind this, and they are just using the emotive "children are in danger" card to get their way.
It's one thing I really hate about the conservatives over the past decade, they always hide the real reason that they want something. Instead of just being honest, it's lie after lie. And before you say they are never honest, they used to be. They used to be a lot more straight with the people than they are these days.
VPNs shouldn't leak data like that. Most VPN services also force their DNS to stop that leaking too.
A VPN won't save from such situations, not because the VPN is 'leaking' as VPN's don't 'leak' the data is encrypted. However, just because it's encrypted doesn't mean we can't link up the traffic flows and potentially identify the name of somebody accessing content.
If you login to Gmail via a VPN, the VPN source address (pure unencrypted IP) will now be linked to your name (or the name of the gmail account owner)
If you then login to a server to download illegal content using the same VPN endpoint - if the server has been compromised the police would see the same VPN endpoint address.
By requesting google to check for records of that IP to check against names held against accounts - you could be identified.
OR
The police could request the ISPs to look for that VPN endpoint address in their flow records, and provide a list of people who've been using it - which would directly link up with the people accessing the server.
However, this would only be possible if the endpoint (server with illegal material) was compromised, as that's the only place where you could identify the VPN endpoint address - which is what you'd need to start working backwards.
Yes exactly, it's one piece of the puzzle but it's the first piece.
Once they have that address, they can work backwards and start pulling logs from ISPs, to reveal the original broadband IP registered to a subscriber, which is heading towards that endpoint, potentially identifying them.
The term you're looking for is edging
But on the popular VPN services you will have 1000s of people on the same IP. I sometimes run in to issues where a site says it thinks it's being spammed as it's seeing loads of hits from the same user.
Trying to link the 2 ends together and pin it to one person would be impossible unless they did sometime really obscure. A lot of criminals get caught using TOR etc because they transfer money somewhere and that is the evidence which convicts them, not the internet traffic.
Last edited:
Doesn't really matter,
If 1 person in that 1000 is accessing the illegal server and I'm sampling their packets, when I pull logs from the ISP - I should easily be able to tally up the flows (ISP flow data, complete with timestamps + my sampled packets on the server) to prove which ISP subscriber is using the VPN, then which VPN flow is hitting the server (based on metadata and timestamps)
It's just linking two separate chains of metadata together.
The only weak spot in the chain, is if the ISP doesn't keep the logs - if they don't keep the logs I'm screwed, no way of identifying them as I can't link them to a subscriber.
Another hurdle is CGNAT, I've had problems identifying users in the past where they've done something potentially illegal, and they've been behind a really cheap ISP who uses CGNAT and don't keep any records, in that case it's literally impossible to identify someone.
Last edited:
don't you have browser fingerprinting too which can help distinguish/triangulate users who might be accessing vpn from multiple IP's ?
has to be a challenge for authorities tracking illegal activity to ensure they can access increasingly hardware encrypted devices though - either by installing a backdoor, or catching the person in the act
(remembering the dramatization of the dark net guy selling drugs - caught in the act in the library was it .. silk road googles telling me)
has to be a challenge for authorities tracking illegal activity to ensure they can access increasingly hardware encrypted devices though - either by installing a backdoor, or catching the person in the act
(remembering the dramatization of the dark net guy selling drugs - caught in the act in the library was it .. silk road googles telling me)
I've read the book and from recollection, they got him via an old email address kept on record from a BBS which he'd changed but they still had logs from way back.
Soldato
What if the person uses a device that is not logged into any service like Gmail, FB etc. An essentially sandboxed device that is only ever connected to the VPN (possibly switching VPN servers routinely) and used only for accessing said illegal server?
Wouldn't that be difficult/impossible to then tie it to anyone?
Last edited:
It's going to be much harder, because if Google don't have any record of that IP hitting an account on their systems, I don't have a starting point - in terms of getting a list of names and addresses to check - from which I can start pulling logs and matching data to see who's accessing what.
If I'm sampling packets on the illegal compromised server, the most I'm going to see is packets sourced from the VPN endpoint, there's nothing I can do with that - other than make a law enforcement request to the owner of the address (VPN company) to provide logs. If they're based in a foreign country, or just don't even respond, or for whatever reason I don't get those logs - I'm sunk.
I could try and pull ISP logs from everywhere and hope I get some hits against that IP, but it's going to be a lot harder, and again - in reality it's only a small number of ISPs which are holding the logs, not all of them have to do it, and some of them just don't have the ability to retain flow records.
So yeah - if you want to remain anonymous, use a dumb terminal with no logins, use a proper paid VPN, use a small ISP that doesn't keep logs (even better - tether through a pre-paid sim bought with cash) - download your adult illicit my little pony p0rn in confidence
