“If you download potentially copyrighted software, videos or music, your Internet service provider has been watching, and they’re coming for you. Specifically, they’re coming for you on Thursday, July 12. That’s the date when the nation’s largest ISPs will all voluntarily implement a new anti-piracy plan that will engage network operators in the largest digital spying scheme in history, and see some users’ bandwidth completely cut off until they sign an agreement saying they will not download copyrighted materials.” One day, years from now, historians are going to debate whether this was the point of no return.
I’ve downloaded really copyrighted software. And I plan to keep doing it :-). I’ve even published copyrighted software of my own and I like that people copy it. That’s why licenses like GPL exist. 🙂
I think the warnings are a good idea in theory; it’s just the ISP letting you know that “Hey, somebody is downloading copyrighted content from your IP address.” At least then if you really are innocent/didn’t know what you were doing, it’s better than your first warning being a lawsuit from the content industry. On the other hand, I would hope that they’d give you at least one warning before throttling your bandwidth.
As for ISPs spying on you, unless you’re using some sort of encryption, everything you do online is public anyway. It’s like going to a shopping mall and bitching that there’s security cameras watching you.
Actually, I do bitch about the security cameras, not so much on private property, but mostly in public, like in the streets.
For me it is a reason not to go to London for example.
It is a matter of principle.
It’s not illegal to download copyrighted material, it all depends on the license of that material.
The logistics for figuring out if what you’re downloading is illegal and violating someone’s copyright is rather involving, at the ISP level.
* They’ll have to capture enough packets to find out exactly what it is.
* They’ll have to find out what license this material is under.
* They’ll have to find out if you’re allowed to download this or not. For example, maybe you purchased a legal copy that is distributed via BitTorrent.
Of course, they’ll probably just wing it and do something like considering all torrent downloads illegal.
I’m not sure what level of invasiveness they’ll be allowed to use. It may be “only” monitoring traffic passively. (I say “only” here with great hesitation, can’t believe we’re living through an age when corporate spying on private communications is legal and acceptable). If it is passive, then encryption will be 100% safe against it.
On the other hand, if they’re going to add participating nodes and tamper with packets to perform man in the middle attacks, then unauthenticated P2P encryption is useless since a client cannot know whether it’s communicating to a real peer or the ISP’s spy proxy. To resolve this, peers would need to authenticate using out of band (non-p2p) mechanisms. Conceivably centralized services could provide that authentication, but then there’d be little stopping the spies themselves from being authenticated.
On the other hand, tor proxies and the like do provide plausible deniability. I do wonder if tor users will have their internet service shut down on account of third party activities? If so, people using tor for perfectly legal private communications might be effectively prohibited keeping their traffic private in the future.
Hmm…you are right. I thought the torrent p2p encryption was better than it apparently is. It’s just a fancy way to obfuscate the traffic.
I’m just waiting for the MPAA/RIAA mafia to lobby for making encryption illegal. Well, illegal for private citizens, that is.
Or can they…
If they do make use of any encryption illegal for private citizens then you can say gooby bye to
– All your online shopping
– No more On-line banking
So the likes of Amazon, Ebay and all the rest will go to the wall.
Have you ever considered how many times you use HTTPS in your normal daily activities on the internet?
It is scary.
In short they would (if they took this up) want to han all the use of HTTPS.
Nah, they can’t be that stupid…
Or can they
Indeed, it can be pretty tricky to operate on individual packets. But every torrent and individual files in it have a hash advertised together by client, which is guaranteed to be rather unique. And probably, together with a couple of chunks of copyrighted data downloaded from users computer, can be enough to prove something beyond reasonable doubt or at least grant a search warrant, for example.
They probably will focus on top torrents and newly released material.
Not, if it is a CAM or TS downloaded well before actual release to the public.
This was to be expected. And this is coming to Yourope as well. Countdown has started. Time to download all you want before this summer!
ahh what fun, no more wild west, eh?
bnolsen posted…
What are you kidding me? All this is going to do is bring more people to encrypted networks and lead towards more people making use of darknets. Evolutionary pressure will force things more underground and make for smarter and more dangerous things because the wild west will be even more wild (wilder?) than ever before.
Worse, whereas before and currently it is easier to keep an eye on dangerous individuals as they act out in public more or less, by adding to the volume of encrypted traffic those people will be able to hide in the mass of bits generated by people looking to download the latest Bieber album. The MAFIAA has just made it that much harder for LEA and INTERPOL to track dangerous people by adding so noise to the system…
Not that this matters to them:
You can read the rest of this disgusting admission over at techdirt.com:
http://www.techdirt.com/articles/20100427/1437179198.shtml
So yeah, the wild west is not gone; it’s just been moved from Kansas towards Colorado and Nebraska…
–bornagainpenguin
So basically they don’t need any SOPA and etc. to start spying on users. Is it even legal?
It is legal if you agree to their terms as a condition of using the service, but that can’t apply to users who opened accounts already under a different set of terms.
If that’s the case they usually have some tricks like “you agree that we can change the policy any time and etc.”. But how far it can go isn’t clear.
I’m not sure how far this idea can get in the US. Countries like Germany have laws that state what can legally be in a contract and what cannot. Remember: The thing between a user and his ISP is a contract. The content of this contract has to obey higher laws (e. g. federal law). For example, there is no way a contract that removes my human rights in exchange for ISP service can be legal. Such a clause would immediately disappear from the contract. So even if it was stated in the contract and signed by me, it would be fully meaningless, and there would be no way for the ISP to force me to give up my human rights by that contract.
Nothing that is against the law may be considered legal when agreed to in a contract. So even if you sign a contract to “allow” your ISP to decrypt your network traffic and to cancel your connection when they “think” you’re “downloading potentially copyrighted software” and it’s against the law, they are not allowed to do it.
Of course, that’s my very individual interpretation of how a fair and educated legal system should deal with it; I’m not sure if it fits reality.
The US has the same laws, you cannot surrender a right without complete and full disclosure in a way that someone with a common education can understand, otherwise they are hosed. Contracts cannot absolve anyone from a crime, wiretapping is a crime under federal and state laws without a warrant. Yes ISP’s monitoring your data is wiretapping.
So how can they do it then, if it’s point blank illegal?
what makes you think the fact that it is illegal would stop them from trying to do it?
Fear of lawsuits? Who knows.
Just use a VPN, while it might slow down bandwidth a bit, it will at least keep someone from spying on you. I work in China, home of the biggest firewall and spying in the world and I can get out and do as I please online, VPN’s do work like a champ, but you will need one you pay for.
I live in Canada, so we’re facing a different threat, but this kind of thing is why I’m already running Firefox with HTTPS Everywhere, running Pidgin with OffTheRecord, using Tor for torrent tracker communications, forcing encryption on non-tracker torrent data, etc.
If someone wants to inspect my packets, I’m going to make them work for it.
(And the main thing I use BitTorrent for these days is Humble Bundle games and Linux LiveCD ISOs. I’ve bought more games off GOG.com than I know what to do with and I’d have a backlog of used novels even if I weren’t enjoying the Baen Free Library… etc. etc. etc.)
Edited 2012-03-16 01:09 UTC
One thing I’m curious about. I suppose that your ISP can know that you’re downloading/uploading torrents, but can they know just what you are downloading or from whom? In Ktorrent, I do see in the Configuration section a dialog box for “Use Protocol Encryption” which I have not clicked (default is to allow unencrypted connections). I thought that clicking this might eliminate most connections, but maybe it would just slow them down. If so, how much additional overhead would it entail?
There is another dialog box to “Send the tracker a custom IP address or hostname” and then you have to specify one, but I haven’t enabled that feature either, and just wondering if I should (and if so, what “custom IP address” would I use).
I have thought of enabling my browser’s feature to encrypt all connections for HTML, but I think that would also cause more overhead though I’m not sure how much. And I also wonder if it would really make a difference as far as my ISP’s ability to spy on me. Any thoughts on this will be appreciated.
Finally, someone mentioned using a VPN, even if you have to pay for it. I might be willing to do so, but can anyone recommend any such services? And how do I enable that feature in my browser or torrents once I’ve paid?
And no, I’m not engaged in piracy here. But I really don’t like being tracked on the Internet by anyone. To think that there is someone out there compiling my entire browsing history, not to mention other family members (we all share a single wireless router, with encryption turned on of course) is worrisome.
Edited 2012-03-16 01:57 UTC
None that you would notice nowadays. A few years ago, encrypted connections would have been few and far between. But most torrent clients default to allowing both (encrypted and plain-text). With only 2 torrents running, I’m getting over 300 KBps (~2.4 Mbps) with just encrypted connections.
Unless you have an ancient P2 system, you won’t notice. CPUs now are mostly idle. Adding 1-5% extra CPU processing is nothing.
They’ll be able to see your DNS requests, so they’ll know which sites you’re going to, but they won’t know what you are doing on those sites.
You don’t “enable it in the browser or torrents”. You change your default route (default gateway) to be the VPN IP instead of your ISP. Then all traffic (browser, torrent, *everything*) goes through the encrypted link. They won’t even be able to see your DNS requests.
I have used HideMyAss, works very good and very noob friendly
Lorin baited…
Ummm yeah…somehow you missed this piece of news?
http://arstechnica.com/tech-policy/news/2011/09/fbi-arrests-lulzsec…
I’m afraid you’re operating under a false sense of security here, or worse encouraging others to get themselves trapped…
–bornagainpenguin
Uh…wait. The awesome hackers in lulzsec used hidemyass? Wow, they’re even less competent than I thought.
Soulbender exclaimed…
Well that’s what the FBI said at the time, now that we’re discovering that Sabu was working for them, it’s hard to separate the misinformation and the lies from the truth.Of course since the company itself stepped forward and admitted to having handed over logs to the FBI, it’s hard to consider them trustworthy again, even if it turned out it was all Sabu and no logs from hidemyass.com were actually used…
Here’s their blog post on the subject:
http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/
Personally I’ve always thought the whole SONY hacking event said more about the state of SONY’s security than it ever did about the skills of the hackers involved. SONY was riding high on a false sense of security prowess simply because by allowing Linux to be installed on the Playstation 3 at all it kept anyone from probing too hard at the security of the company or its products. Once they removed the ability to run OtherOS or customers would be unable to continue using their systems to the fullest, they waved a red flag in the face of the bull and removed any reasons for restraint on the part of the hackers. The speed at which the PlayStation 3 was then hacked should have been a lesson.
Instead SONY now continues to play whack-a-mole…
–bornagainpenguin
You can’t run a business anywhere and not comply with the law. Maybe you could argue that they should have fought this but on the other hand, it’s the moron scriptkiddies in lulzsec we’re talking about and they need to be taught a lesson.
Soulbender declared…
Well no, not fought it per say…the logs should have been automatically trashed at the end of each business day or at some random interval. Anything else defeats the purpose of having a VPN tunnel in the first place. Certainly they shouldn’t be allowed to advertise their services as secure or private…
Soulbender declared…
What does the fact hidemyass.com was used by lulzsec have to do with anything? Are you seriously making the argument that only those with whom you agree with should have the right to protest on the internet? Or that only those whom you personally find agreeable should have the right to be secure and have privacy?
–bornagainpenguin
What you’re downloading? For unencrypted connections it is possible. For encrypted connections it’s theoretically possible but practically impossible. No, the snake-oil products that that say they can do this does not count.
As for whom your downloading from; yes they can see what IP addresses you’re communicating with unless you’re using something like Tor or a VPN.
On any reasonably modern computer the overhead is negligible.
This is not a feature that you can enable, you have to use https:// rather then http:// and even then there will be connections and sites that are not encrypted.
All you have to do is connect to the VPN, you don’t need to changer anything in your browser or torrent app.
VyprVPN looks pretty good.
https://www.goldenfrog.com/vyprvpn/
To big media: either pay our internet bills and have your way, or go suck an egg.
Ah, looks like some ugly mutant offspring of Hadopi hatched elsewhere…
I still think that internet monitoring at the ISP level, especially using IP addresses, is a huge mistake, be it only from a technical point of view. Nontechnical users can’t and shouldn’t have to make sure that their wi-fi routers are only accessed by them, whereas IP addresses are trivial to spoof.
Around here, most older ISP-provided routers were set up to use WEP encryption (cracked) and MAC filtering (cracked) as a default. Many users never touched those defaults, and do not even know what is WEP and what’s wrong with it. In these circumstances, how could they be annoyed and prosecuted about what goes through their router ?
Edited 2012-03-16 06:55 UTC
In Germany you are accountable for letting other people use your router.
If you are not able to do it technically, you should arrange for a company to do it for you. Then is the company responsible for what might happen.
In Soviet Russia you’re accountable for your neighbour using his router. 🙂
And it is partly true, I remember.
Well, same in France since Hadopi. I was arguing in this post that the law is wrong on this front.
Nothing surprising, though, when you see who backed it (english subs) : http://www.youtube.com/watch?v=r4LofqPCQew
Edited 2012-03-16 17:54 UTC
Are FON users covered like that? FON seems to be mighty popular in DE, judging from their maps…
edit: Or at least that was the case few years ago. Checking it now ( http://maps.fon.com/en ), DE looks relatively unremarkable (its hotspot density was certainly much more impressive than present PL, at least something like Netherlands now), hm.
Edited 2012-03-20 13:58 UTC
I worked on an ISP, and in my experience what they probably do is record the places you visit, and probably will be a kind of black list that will mark you as going to places you should not go, but checking the actual packets of every client computer? I really doubt that. Too much hardware required for that.
Not really, since they only need to identify potential offenders to start logging all their traffic for later analysis. As was stated, when 150K is at stake for a single infrigement, it can justify the storage and CPU time required.
Except 150k isn’t rally at stake because that number was pulled out of someone’s ass. There are serious crimes (you know, real crimes against other human beings) that you would get fined less for.
In a sane world the fine would be approximately the same as it would be for shoplifting the DVD and I’m pretty sure shoplifting doesn’t carry a 150k fine.
WARNING: DO NOT READ THIS POST IF YOU ARE SENSITIVE TO EXTREME AND DIRECTLY SEXUAL LANGUAGE AND HOMOPHOBIC TERMS. YOU HAVE BEEN WARNED.
Fuck you–all of you–MPAA/RIAA dick-sucking corporations who are engaging in this gay ass-fucking privacy degeneration of an “agreement.” Fuck off and go to hell, cocksuckers. I’m sorry, but I can not speak nicely of bullshit like this. I’m not sure if I should take this as a cue to download more shit illegally than ever before to take a stand, or to just use an anonymizer like Tor?
And will this effect all ISP accounts, no matter when they were set up, or just those that became active on or after July 12? Or even sometime before–will any ISPs change their TOS before then to get ready? What happens when such changes are made; do we get to, you know, *agree* on them, or are they forced down our throats lick a cock?
By the way, my choice of ISP around here seems to be either AT&T, Road Runner through Time Warner Cable, or… eh, EarthLink through… Time Warner Cable. Motherfucking monopolies.
Really, I normally download “legal” stuff so I’m normally out of those bastards’ cross-hairs, but this kind of “playing cops” bullshit really pisses me the fuck off. But then, while Linux and BSD distributions are legal, they are also copyrighted. Looks like I’m fucked no matter what.
And by the way, please excuse the moderate alcohol influence on top of my normal thought process, mood and language. Too bad I just normally think that way, and alcohol just “enhances” those thoughts.
I know I’ve been warned, but you equating the proposed ISP “actions” to homosexuality is quite frankly offensive and just plain wrong.
What you are searching for, to describe this fuckery, is rapists. There is nothing in consensual male-male sex that comes close to what our spying US ISP Overlords are planning to do.
I think he was referring to… “back-doors”
Kochise
IANAL but this looks like a slippery slope to me. If the ISPs inspect packets can they claim Safe Harbour protection? Won’t that make them vulnerable to litigation?
I really don’t see what’s in for the ISPs for doing this. Under current law, they are not liable for the way their customers use their connection. So why would they care? They are only going to lose customers over this. I doubt anyone will ever say “Gee, let’s change our ISP provider to one that sucks more!”
[quote]I really don’t see what’s in for the ISPs for doing this.[/quote]
A legally acceptable reason for ISPs to stock pile large amounts of customer network traffic which can be accessed by various alphabet agencies in order to identify “terrorists” and collect amateur porn pics, maybe? Mainly collect amateur porn pics.
This seems the biggest flaw (for the ISPs) since it would seem to trash that protection by making them aware of the content of the traffic.
Beyond that, this would appear to be an enormous full-time wire tap. You have to wonder if some additional capabilities are being put in place at the same time.
start monitoring communication like this and people get hurt. the power is too concentrated. banks have 100 years of lawmaking to hold back their sleeze, and they still fuck with us and our information. so in comparison what happens when you give away the keys to the most powerful communication tool in history
this is a bit like putting a police officer at the window of every home. that would be crazy too. only this is invisible and costs nothing, so they can get away with it and people will get used to it. 1984 wasnt so bad for most people.
Constant communication monitoring (or spying…) actually cost lots of money, and the costs scale proportional to the amount of users that you need do control.
You will have:
– the additional overhead of the automated infrastructure to filter the traffic together with all the technical glitches that the additional complexity add to the system.
– the need of technicians to keep everything running.
– the need of human censors to read the logs, and the admin personnel to coordinate them.
– lots lawyers to cope with the ocean of lawsuits and class actions that false positives and gray areas will bring to the company.
… and the list goes on …
Who will pay? The customer! Of course!
I see no trouble in implementing a customized automated bittorrent client that would impersonate a fellow seeder/leecher, requesting chunks of copyrighted content from users of particular IP address ranges, while logging all communication. No need for anything fancier IMO, in fact it may already be in place since it is so trivial.
Using tor is an overkill and could easily put it down. Another workaround is purchasing a private VPN proxy in some remote country where there is still free internets. Like Sweden, maybe, still?
But the best way is to stop buying crappy content made in Hollywood in the first place. C’mon, it’s horrible, and is only getting worse every day.
spying on people electronically costs nothing compared to doing it in the real world. compare your IT costs to hiring 300 million chinese people to follow around every american, listening for keywords
This will be fun. Companies that sell copyrighted material will see their revenues drop. Why? Because piracy actually has increased their income. When I download something, I sample it, and 1% of the time I buy it. Otherwise… I don’t buy a thing. That 1% is a couple of hundreds of dollars per year. Some people buy even more depending on the quality that they have allready seen.
That could very well be the case, but I think you know that if that where to happen, it would be blamed on piracy again. This will open the doors to further internet regulations, and maybe eventually some kind of nation/world-wide piracy tax.
Unfortunately, this kind of changes are inevitable as long as big content reigns supreme. They haven’t learned from their mistakes before, and they will not learn now. They have to die, or we will have to succumb. It is as simple as that.
Edited 2012-03-16 12:42 UTC
First, the article is talking about copyrighted stuff (sw, video, music). I think I can risk stating that a very very large percentage of all content is copyrighted, which doesn’t mean one’s not allowed to use it, download it, and do a lot of other things with it. Copyright has (almost) nothing to do with the associated license, and there’s no way an ISP can reliably monitor the licensing status of all contents you download.
Second, “even share information on repeat offenders with competing ISPs, effectively creating a sort of Internet blacklist” — now, WTF? There are really no privacy and data protection laws in place in the US? I mean come on, ISPs freely sharing among each other? It’s very brotherly, no doubt, but wrong nonetheless.
Well if Google enables https searching by default, this ought to help some. Just use their cached pages where you can maybe?
http://searchengineland.com/google-to-begin-encrypting-searches-out…
More big brother crap.
On the plus side it might be a great time to start an independent ISP – one that specifically does not monitor your traffic and is honest.
I use Sonic.net… they seem to be pro-consumer and still respect people’s civil rights.
My Sonic.net DSL is a wholesale AT&T circuit line, however, and I’m not sure if AT&T has any authority to monitor it or not. If Sonic.net’s Fusion service ever gets offered in my area, I’ll be all over that!
We do have bittorrent peer-to-peer encryption implemented in most popular clients at the moment; even enabled by default in some. However, while protecting from simple traffic monitoring, it does not (or simply practically cannot) provide any form of peer authentication, hence it is vulnerable to man-in-the-middle attacks.
What I’m really curious about is – whether it is legal for ISPs to execute large scale network attacks on its users when it is clearly NOT in interest of national security?
…when people will get enough of all of this. Big brother, patent wars, etc… Citizens lacks of balls or what ? I miss a good ol’revoluton somedays, just to show all these smart asses who work and bring the money.
Kochise
I think they can wait until Dec 23. After all that is when the world will end.
You can prevent ISPs from spying on your traffic by using an encrypted tunnel such as hushtunnel.com
Gonna give another example since many readers still think on the packet sniffing issue.
How many clients AT&T have with Internet access, like a million?
Now imaging sniffing packets of a million accounts every day. You will need some supercomputers just for that.
So NO, Packet sniffing IS NOT GONNA HAPPEND.
DNS blacklisting, and marking you as visiting non friendly sites, is easier and works just nearly as well… Hey you dont visit piratebay to just look at their pirate ship logo, lol.
And the tunnel trick, who said those sites like the ultrasurf one will not be blocked because they are considered “harmful”.
Also bandwidth monitoring and or limit have been around for a while. TMobile and AT&T have been in the attention because of that recently. My ISP has a limit of 40 GB monthly, in which they charge extra if you exceed the limit, and I’m still to this day never get past that.
Edited 2012-03-17 03:44 UTC
darkcoder,
“How many clients AT&T have with Internet access, like a million? Now imaging sniffing packets of a million accounts every day. You will need some supercomputers just for that. So NO, Packet sniffing IS NOT GONNA HAPPEND.”
I don’t know the real scoop, but technically they could snoop only a subset of users at any given time. Current network equipment can already do deep packet inspection on a per packet basis, depending on what they’re looking for they might simply flag certain packets in real time for additional analysis.
It’s just speculation but I believe the way these things will work is that ISPs will be given a watch list of signatures to look for. Network routers are already designed to do data lookups very quickly anyways, looking for blacklisted hashes might not be that much different. If the device is fed from a splice of the network, it can dedicate all it’s resources to the blacklist.
I don’t know how things will play out, but I wouldn’t rule out the technology to do it.
deep packet inspection is mostly snake-oil and it certainly won’t work in the ISP core networks.
This would require existing equipment to not use the switching ASIC’s and instead process every single packet on their main CPU. Anyone who has ever seen a hardware router process packets on the main CPU would not ever recommend this course of action. In short, it dies.
No they’re not and doing lookups into what would be very large tables is not something they could handle. Especially not the hilariously under powered Cisco devices which for some inexplicable reason are very popular.
What they could do is mirror *all* the packets somewhere else but that destination better be a quantum computer because doing “deep packet inspection” on tbps of data and millions and millions of concurrent streams is not going to be an easy task.
Alternatively you would need to deploy tens of thousands of new devices closer to the customer and even then you need some way to coordinate all this information, distribute new watch lists etc.
Neither of these are going to happen.
Soulbender,
“deep packet inspection is mostly snake-oil and it certainly won’t work in the ISP core networks.”
I am interested in hearing your reason for saying this.
“This would require existing equipment to not use the switching ASIC’s and instead process every single packet on their main CPU. Anyone who has ever seen a hardware router process packets on the main CPU would not ever recommend this course of action. In short, it dies.”
Well I’m not sure what the limits are of *existing* ISP network equipment, but we don’t really know that they won’t be purchasing new equipment specially for this purpose.
A cpu based monitor would be one implementation. If we were to take the idea seriously, I think a highly optimized dual core 3ghz system should be able to handle a gigabit feed with up to 36000*2 cycles per packet, and it’s possible that not all packets will be scanned (http/email/etc). The scheme does not strike me as infeasible.
I also think a specialized ASIC would work too, and they could easily run in parallel.