[UK] Encrypting traffic totally so that ISP cannot see?

Networking/Security Forums -> Anonymity // Privacy // Spam

Author: fRo*ni#wI$n+3D PostPosted: Mon Apr 06, 2009 7:53 pm    Post subject: [UK] Encrypting traffic totally so that ISP cannot see?
    ----
"Details of every email sent and website visited by people in Britain are to be stored for use by the state from tomorrow as part of what campaigners claim is a massive assault on privacy.", The Daily Telegraph (posted yesterday)

So, proxies hide stuff to a limited extent, but do not encrypt the data, meaning that your ISP still has a log of everything you look at:

https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers

What can be used to encrypt it in a way that your ISP is left with nothing including stuff they could see like DNS server lookups etc?

Thanks for any help anyone

Author: NonapeptideLocation: Scottsdale, Arizona PostPosted: Mon Apr 06, 2009 9:10 pm    Post subject: Re: [UK] Encrypting traffic totally so that ISP cannot see?
    ----
Off the top of my head, the easiest thing that I could think of is if you had a VPN connection to an offshore VPN endpoint. If you really wanted to go crazy, buy an ISP connection in some less restrictive country, set up a gateway to gateway VPN connection to that offshore VPN endpoint and voila! All network traffic is encrypted. Depending on your paranoia (I don't mean that in a mocking way... there is good reason to be paranoid of stuff like this even if you're absolutely innocent), you need to choose a sufficiently strong encryption algorithm and bit strength. 512 or 1024 bit TLS would make me feel secure. Furthermore, make sure that the offshore government doesn't have equally draconian privacy invasion practices (extremely unlikely).

However, once again depending on your level of paranoia and belief of various conspiracy theories, there are allegations of various government organizations having sufficient CPU power and decryption methods to crack live streams of astonishingly highly encrypted data. Rumor at various hacker cons is that the US can decrypt 128 bit TLS at OC-3 speeds... and I think that was several years ago (or was it OC-192 speed? Doubtful...). Furthermore, you can be absolutely sure that your ISP will see that all data from your network is encrypted and pointed at a single node offshore somewhere. They could conceivably flag that account for further surveillance. Any government inquiry could cause your account to be on the top of a short list of "suspicious" accounts and your government might even contact that foreign government to see if they would cooperate to eavesdrop on your traffic as it leaves that network in unencrypted form. Your only hope is to go off the grid, dig a bunker and grow your own food.

If you'll excuse me, I have to go. I need to buy a shovel and some seeds.

Author: Fire AntLocation: London PostPosted: Tue Apr 07, 2009 12:15 am    Post subject:
    ----
Encrypting data is not the answer to privacy. You could use something like PGP or GPG to encrypt your mail but your ISP will still be able to see who you send emails to. Even this has its issues as your friends would have to use it to encrypt emails to you. For your web traffic, if it is encrypted then your ISP will still be able to see the addresses you go.

The previous post about VPN is a reasonable approach but absolutely impractical. At the moment no one offers these services and I doubt they ever will as they would need more than double the bandwidth to operate.

Matt_s



Networking/Security Forums -> Anonymity // Privacy // Spam


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group