21 Nov
2016
21 Nov
'16
7:16 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 21/11/16 12:49, Chris Dennis wrote:
Is BitFolk an 'ISP' for the purposes of the
bill? -- does it collect
metadata about traffic in and out of my VPS?
Whether Bitfolk currently collects metadata or "Internet Connection
Records" is irrelevant if it can be compelled to do so under the Act.
Whether the Act permits Bitfolk to be so compelled, and whether Bitfolk
is likely to be so compelled, are better questions.
If Bitfolk were required to do something under the Act, revealing that
fact might be a criminal offense. The IP Act grants immortality to
warrant canaries...
Andy: have you taken advice as to Bitfolk's exposure to the various
provisions of the Act? I think the list would be interested to hear
your thoughts, assuming you're in a position to share them.
If not, would it make sense to use my BitFolk VPS as a
VPN, so that
it proxies my home internet connection? I've been toying with the
idea of using software such as OpenVPN for this, and the bill (very
nearly an Act now) gives me another reason for getting on with it.
What is your threat model?
https://ssd.eff.org/en/module/introduction-threat-modeling
If it includes the chilling effect on your freedom of expression and
association, and the loss of liberty caused by *mass* surveillance, I
think you would be best served by a VPN the endpoint of which is located
outside the UK - although a UK endpoint might be better than nothing. A
Bitfolk VPS account is just as personally identifying as a residential
ISP account - and traffic exiting a UK VPN-endpoint and then leaving the
country stands a high chance of being captured by TEMPORA. But you would
still avoid sensitive personal data ending up in one more vulnerable
database (your ISP's ICR system).
A non-UK VPN endpoint would come in handy for evading censorship
such as that proposed in the new Digital Economy Bill:
https://www.openrightsgroup.org/campaigns/digital-economy-bill-hub/stop-
uk-censorship-of-legal-content?refsid=8640
Don't rely on a VPN for strong anonymity! At best a VPN moves the trust
problem from your ISP to the VPN provider (which might be compelled to
betray that trust). At worst your VPN provider might log your activity
in a way that can be traced back to you.
http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/
Use Tor if your threat model includes being associated personally with
your surfing habits.
IANAL.
Regards
Richard.
- --
https://richardskingdom.net/
Twitter: @graphiclunarkid
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYM0gQAAoJEICULVeEGyOQ0osP/ROboU+CmAc4VKw8XonU9ehz
snRm0cAHHvkTqgKVLQ3Eq88ZRSGbQYOR91zwhzO1XivrRqv2+a2BSYg9Auv4Iwa/
nCSOdv5RBoH60V9HfuSArDsO0eNRKI/lCOtKiF/OSsv2wO2Nbh221XIZZn9SOIIS
RAwJk5frsIvaNzXIBD3eHtMrV4TYG0jSmgJrhPu7GOKowdwhhiMwNUNPpt+IwzcM
oBxhqwf6cbesNlcFeyyOfsc4ovV5NGT6AETmcIis5nWF3HMURGmEqoX5qDkah8q+
uoOuUVdl/mm2RZkBVy8utDylIVnqjhRjTGPQf6yZ1sbIPjGeRWooZ/5xanq67UOs
7+xqn5kxgsp013w9M4ubiSi4t2R1TpQ2KvA89rDitBF6fJaRitcAUCQm4WlmsSaD
usALK82zluz7iKof60hrAfF2jgo7Os4Uen/zs1iKg8CM8va9tGjwQ4HPJbIHA8Df
MLA1Raos1nKxwHuaC/JtgZ36LeqDWyIjyzLFXJqBaidLhuXvyqmWvrGgLfG7FaQC
u+MOjS6bnht366yofnmiaoujinOEGpkx65vCsrcHtDO8aR0B+H+YnT2HwOpGWbjz
6FgsG7iRj8MYObFgOzQCCkdoYLc65an9pev9W0Sz0uS+QNuz10oG/rBELaU1Vz5I
x3q0huxByFxN8ZZEpgzM
=YWvN
-----END PGP SIGNATURE-----