back to article GCHQ pushes for 'virtual crocodile clips' on chat apps – the ability to silently slip into private encrypted comms

Britain's surveillance nerve-center GCHQ is trying a different tack in its effort to introduce backdoors into encrypted apps: reasonableness. In an essay by the technical director of the spy agency's National Cyber Security Centre, Ian Levy, and technical director for cryptanalysis at GCHQ, Crispin Robinson, the authors go out …

  1. Herby

    Trading "liberty" for "security".

    One once said that if you do that, you deserve neither.

    I've got the Yo-Yo...

    I've got the string...

  2. Tom 64


    Just F--- off with this nonsense, and don't slam the door on the way out.

    The UK authorities already have far too many draconian powers, they don't need this.

  3. FuzzyWuzzys

    Give 'em an inch....

    You know the rest.

    1. JimboSmith Silver badge

      Re: Give 'em an inch....

      The blokes will call it six and the women will just laugh.

  4. cantankerous swineherd

    "The service provider usually controls the identity system" - this is a problem, yes.

  5. cantankerous swineherd

    next up, gchq issue tender notice for 60000000 pairs of virtual crocodile clips.

  6. Potemkine! Silver badge

    The crocodile promising to become vegan.... ROTFL.

    Lies and deception are the basement of any intel operation.

  7. SNAFUology

    Give everybody free....


    Secure Mail,


    Games channel,


    Well er maybe not that but, you get the idea...

    and you can then insert yourself wherever you like; ooooh.

    Um your listening device, er...

    Try again; You can bug whoever you want, given you play nicely.

  8. Anonymous Coward
    Big Brother

    Room 101--but now with a view!!

    Thanks for your kind offer, spooks. However, if my career may be riding on protecting the information in my business communications, I will stick with the existing ability to ID and remove call attendees and email recipients.

  9. Voland's right hand Silver badge

    Somebody is not reading carefully

    service provider to silently add a law enforcement participant to a group chat or call,"

    The emphasis here is on GROUP

    This is DIFFERENT from normal legal intercept of encrypted communications and it is an organized version of the Turkish scenario. That is how Turkey successfully managed to deal with the coup 2 years ago. The plotters thought GROUP chat secure. It ain't - all it takes is for one compromised participant and all messages are visible.

    This is also PRESENTLY IMPLEMENTABLE. Most usual suspects like Telegram for example implement GROUP chat by holding the private keys for the channel. So in fact they technically can provide the "crocodile clips" at present so there is no backdoors, no violation of laws of nature and no "this is impossible" here. In other words, the crocodile under the party hat is smiling all the way to the bank.

    That does not need to be the case technically. The providers can be just the mediator leaving the private keys with the channel participants. Granted, this has a number of scalability problems, but none of them is in the realm of "impossible to overcome". At that point we are back to square one.

    1. Velv
      Big Brother

      Re: Somebody is not reading carefully

      A group can be as few as two.

      By that rationalisation the service provider can add the third person to any conversation.

      1. david 136

        Re: Somebody is not reading carefully

        In the logical sense, that's true, but in a practical sense things designed with N=2, always, are quire different from those that are built for N >= 2. You either have a connection to a multiplexer of some kind, or you don't.

      2. Voland's right hand Silver badge

        Re: Somebody is not reading carefully

        A group can be as few as two.

        By that rationalisation the service provider can add the third person to any conversation.

        If it is set-up as a group call or group chat as understood and implemented by the like of Telegram - yes. They make a technical difference between a group call and a person to person call.

        As you correctly noted, that does not need to be the case and it is a knife which cuts both ways. It can cut the way you described or it can cut in a way where group calls are set-up so that there is no way to add legal intercept to them (the latter is harder).

    2. amanfromMars 1 Silver badge

      Re: Somebody is not reading carefully

      Read carefully, please ..... of an embarrassment of riches for universal sharing

      The providers can be just the mediator leaving the private keys with the channel participants. Granted, this has a number of scalability problems, .... Voland's right hand

      When Mentor, there be No Scalability Problem for Future AIdDriver Access to Raw Hard CoredD Source. ..... Immaculate BasICQ Current Input/Output.

      The Question then is with Whom and/or What to Share Everything and to What Crashing End and New Clearer Beginning. :-) .... Just to make Perfectly Sure the Ends Always Justify the Means and AIMemes with ESPecial IntelAIgents Engaged in ... well, any Advance on Heavenly COSMIC Play Leading Ways Eternally Thankful to Simply Follow the Immaculate Construction of Other Worldly Instruction/Celestial Extra Terrestrial Guidance.

      Are there any Exceptionally Outstanding Global Operating Devices Offering the Facility and Utility their Services for Future Proprietary Intellectual Property Deployment and Parallel AIdDevelopment of Exceptionally Outstanding for Global Operating Device System Default.

      For Another Start in an Altogether Fundamentally Different Beginning is where IT is now at, whenever Never Beta Tested Before/TS/SCI. And that Future has Options Plenty and Derivatives Galore in Store for Wheelers and Dealers/Market Makers and Breakers.

  10. Milton

    Self-serving loss of perspective

    If avoiding the arrival of a Maverick missile depends on your crypto, you're most likely not relying upon any of the standard P2P encrypted apps, because you know (a) every effort will have been made, using nation-state resources, to compromise them, and (b) you die if you trust third parties.

    So my question to seemingly backward-looking spooks—who are so full of their self-righteousness and -importance that they apparently cannot even understand why a free democracy must have strong civil liberties if it is even to deserve to exist: and are, therefore, perhaps nowhere near as clever as they think they are—are fairly simple ones.

    1. Have you, comfortable suited eavesdroppers, acquired an algorithm which can with more than 50% reliability identify large, dirty, noisy images which have very low-order, low-density steganography within them? How many of the 2,000,000,000 images shared every day are you managing to identify as having secret content? To the nearest ten?

    2. Have you access to any reliable method of breaking a modern encryption standard such as AES256, or Blowfish or similar? What would be your success rate against messages, even allowing a crib phrase, of say 2kB in size? (Quite enough for decent Atrocity-Time-and-Date instructions.)

    3. Alternatively, have you managed to compromise the world's open-source codebase of crypto algos so that no one, not even the designers, will notice? So that none of the world's several million competent coders could write a homebuild, effective crypto app?

    4. Have you found a method of ensuring that Black Hats cannot access two computing devices with encrypted drives (whether tiny phone or workstation), one of which is never, ever connected to the net?

    5. Have you found a way of ensuring that the BHs can't run whatever software they like on these devices?

    Given that the answers are most certainly No, No (<1:1x10^6), Not a Chance, No and No, isn't it true that actually, sigint is pretty much uesless against a well-disciplined, intelligent, well-equipped enemy (i.e. the very kind you should be most worried about)?

    Isn't it true, in fact, that against your most serious adversaries, you need to infiltrate, blackmail, cajole, observe, corrupt, befriend, compromise—what we, back in the day, used to call humint: a version of tired old plodding shoe leather and nasty, grubby risks? Have you considered how many Arabic speakers you could recruit for the cost of Latest Billion Dollar SuperSexy MegaHarvesting Computer? (You know, the one that pointlessly stores petabytes of innocent civilians' data obsessively logging shopping habits, personal interests, porn preferences and extramarital dalliances)?

    Isn't it true that your gasping appetite for code-breaking is actually peripheral grandstanding, with a big dose of laziness? That the appeal of sitting cosily in your pyjamas, sipping cocoa and reading Ahmed's email, is rather selfishly idle? That while you are begging for ever more budget, power and self-importance to spend on ever bigger aerials and computers, your neglect of the difficult, gritty, risky business of humint is most likely killing people?

    You can sip cocoa at the keyboard, and yes, we need a few of those; but if you weren't so deep into deluded self-serving groupthink about crypto, you'd understand that if you were doing your jobs properly, you'd be risking your lives drinking gritty tea in a dusty back street somewhere far away. Not quite so appealing, eh?

    One wonders whether GCHQ and NSA and their Five Eyes ilk have really been so dim and unself-aware as to fall into one of the oldest of psychological traps: for them, owning a hammer, every problem becomes a nail. It certainly sounds that way.

    1. Robert D Bank

      Re: Self-serving loss of perspective

      Back of the net Milton

    2. Wellyboot Silver badge

      Re: Self-serving loss of perspective


      Your opening sentence suggests that field agents are very much in use. (Finding reliable humans is a completely different matter) and I'll agree with the bulk of your comment.

      My 2p worth.

      (a) it took 30 years before any of the tens of thousands of Bletchly workers spilled the beans on being able to crack the most technologically advanced countries code system faster than the intended receiving station. and that the sig-int alone was tracking individuals of interest.

      (b) we know there are many acres of computer racks doing the same job now.

      (c) the black budget for all this is immense, as is the willingness to try anything that sounds workable.

      So I'd suggest the answers for 1 & 2 are much nearer 'Yes' especially for the sig-int tagged ones.

      1. Anonymous Coward
        Anonymous Coward

        Re: Self-serving loss of perspective


        1. The "nearer Yes" answers may be correct for published crypto (PGP and so on). But what about the possibility that someone is using a private cipher BEFORE the text enters some public system or another? A book cipher comes to mind (see for an gives you an idea about what's going on, even if the Beale papers are a hoax).

        2. Even if GCHQ is actually listening to real time conversations (whether point-to-point or group), what if the conversations are conducted using pre-agreed code words? A recent NFL program showed quarterbacks instructing the team with actor's names -- Halle Berry was one of the calls!

        *'s a real book cipher example....readers feel free to publish the plain text.
















        1. Anonymous Coward
          Anonymous Coward

          Re: Self-serving loss of perspective

          The "nearer Yes" answers may be correct for published crypto (PGP and so on). But what about the possibility that someone is using a private cipher BEFORE the text enters some public system or another? A book cipher comes to mind


          Book ciphers are inherently insecure. They were cracking them before computers existed. Today, with computer support, they probably wouldn't last 20 minutes.

          The only secure crypto is published, open source, based on critical parameters, protocols, and algorithms; not influenced by those who want weak crypto. (Unless you are a nation state with thousands of cryptographic experts doing all the development and reviews in house).

          Without the review processes of code, protocols, algorithms, and key parameters there is a very large probability of producing flawed or weak systems or implementations. Creating good crypto is hard, even for smart professionals. Consider the hash Apple made when it tried to create its own cryptographic library, even using known protocols and algorithms. Even with constant review and oversight, changes in mathematical techniques or further analysis can turn up flaws that need to be addressed. Seemingly innocuous changes in any aspect of a cryptographic system can create an unsuspected flaw.

          The Beale cipher does not actually follow the most common model for book ciphers, which involve picking a page, then often a line, then a word or other element, or by picking a page, and then a word or other element. In particular, this makes different editions or printings different ciphers unless the exact page layout and page numbering is preserved... an advantage, particularly if you can use an obscure printing or reprint of a work. That still doesn't make a book cipher fit for serious use.

      2. A.P. Veening Silver badge

        Re: Self-serving loss of perspective

        "So I'd suggest the answers for 1 & 2 are much nearer 'Yes' especially for the sig-int tagged ones."

        I am afraid you overlooked the advances in cryptography made over the intervening years. And with all due respect to the Bletchly workers, even at the time Bletchly Park was operating, a large part of its success was due to failures in the correct implementation of cryptography.

    3. Anonymous Coward
      Anonymous Coward

      Re: Self-serving loss of perspective

      More to the point, the dangerous terrorists etc whom the security services claim to be trying to catch are unlikely to be using the same generally available chat apps as Joe public, unless they are pretty dumb terrorists. This is just a smokescreen so they (the security services) can continue to spy on ordinary citizens.

  11. Anonymous Coward
    Anonymous Coward

    "They also promise to get back to a time where the authorities only use their exceptional powers in limited cases, where a degree of accountability is written into spying programs, and they promise a more open discussion about what spy agencies are allowed to do and how they do it."

    lol just lol to all this.

    Was there ever a time when they used "their exceptional powers in limited cases".

    If anyone truly believes this get in touch, because boy do I have a deal on a bridge that you don't want to miss out on.

  12. Roland6 Silver badge

    But they already have "virtual crocodile clips"

    Going on the Snowden disclosures, the agencies can already attach "crocodile clips" to the Internet and capture the raw packet streams/conversations, just as they could with the analogue telephone. If the call was encrypted they either had to crack the code or place eavesdroppers in handsets so they could pick up the unencrypted call.

    Thus what is being asked for isn't a virtual crocodile clip but for an eavesdropping circuit built into the handset, complete with the apparatus necessary to exploit it without having to actually pay a visit.


    <Ring ring> Hullo, Crispin here at GCHQ. Could you please use this backdoored software...

    ... Me: Hullo Crispin, as I'm a terrist and pedrofile I'll have to say no thank you.

    Crispin: We'll make it the law.

    Me: OK, I'll use it then. Goodbye.

  14. Tigra 07

    Like Whatsapp?

    GCHQ was added to chat

    GCHQ was removed from chat

    GCHQ was added to chat

    GCHQ was removed from chat

    GCHQ was added to chat

    GCHQ was removed from chat

  15. MJI Silver badge

    I thought they could crack most encryption.

    So why are back doors required?

    Or is it a front to hide the fact they can break encryption?

    1. Tigra 07

      Re: I thought they could crack most encryption.

      They asked for front doors - but were refused, magic keys - also refused, backdoors - also refused, holes in the tunnel or weakened encryption - refused, banned encryption - an obviously stupid idea. Now they want magic crocodile clips. They're all the same thing - magical thinking.

    2. phuzz Silver badge

      Re: I thought they could crack most encryption.

      It's unlikely that 'they' can crack most encryption if it's implemented properly. Your PGP encrypted mail will stay entirely private, instead they'll just use some off the shelf malware to get a screen grab after you've decrypted it.

      Maths doesn't lie.

    3. JohnFen

      Re: I thought they could crack most encryption.

      They can't crack high-quality encryption. Well, they can, but doing so takes an enormous amount of time and effort, so they can't do it in an across-the-board way.

      1. phuzz Silver badge

        Re: I thought they could crack most encryption.

        "They can't crack high-quality encryption. Well, they can"

        If anyone has even a theoretical attack on, say, PGP, I'd be interested to hear about it.

        Certainly there are still systems that use out-dated and cracked encryption (eg A5/1 used in GSM phones), but your average SSH session is so close to being unbreakable that hacking into one of the endpoints is the easy/only option.

        1. JohnFen

          Re: I thought they could crack most encryption.

          "If anyone has even a theoretical attack on, say, PGP, I'd be interested to hear about it."

          Here you go. This is both a bit dated and a very brief overview, but talks about people's success in cracking PGP encrypted messages.

          The summary: There are regular competitions to crack PGP messages, and it's rare that someone doesn't win. However, the time and resources required are pretty huge, so the methods aren't actually useful in practice unless there is a single target worth throwing a ton of resources at, and even then you're only going to crack one message at a time. Cracking things like SSH sessions aren't a practical threat, but cracking encrypted data at rest is (if you and/or one or two files are of extreme interest).

          As is noted in that link, cracking is something that is possible -- but if you want to crack PGP, you're really better off going with other methods (subvert the end points, brute force the passphrase, etc.). PGP is not technically uncrackable at all, but for the vast majority of people, it's reasonable to treat it as if it were.

          That's why it's called "pretty good privacy" and not "perfect privacy".

  16. Anonymous Coward
    Anonymous Coward

    And again ....

    I guess they're allowed to wish for such things. However, even in the days of *real* crocodile clips, it was possible to make a telephone conversation unintelligible - isn't that what the "scramblers" that secret services were all using up till the 90s ?

    Personally, I think this is just a way to sneak the phrase "crocodile clips" into the narrative so that it's not too long before REAL crocodile clips are bought back.

    Incidentally, either someone there isn't doing the job they're paid for, or they've missed the chat apps which round-robin messages to build a group header before encrypting or decrypting. You can't add or remove a participant without changing the hash, and alerting the group, as messages start garbling.

    1. RancidOrange

      Re: And again ....

      Right now, if you are party to a group chat you just get notified if a new member joins. There's no mention of the hash being updated - that happens behind the scenes. In the GCHQ scenario, their account would be silently added, any message informing everyone of a new member suppressed and, as now, no mention of the hash being updated. Or am I missing something?

      1. Anonymous Coward
        Anonymous Coward

        Or am I missing something?


        Person A initiates a chat with person B. Session keys are generated which produce a 3rd unique secret key that's the combination of A secret key and Bs public key, plus Bs secret key and As public key.

        If C wants to join the session key needs to be regenerated to include combinations of Cs secret and public keys.

        Impossible to eavesdrop unless you possess all actors secret keys. Also impossible to spoof a message only trusted actors can generate a meaningful message.

        Very heavy on key management, but nothings for free.

        By all means. clip on those virtual crocodile clips - but all you'll "hear" is static.

        By the way, the first rule of spy shit is to assume your channel is compromised anyway. So even your plaintext shouldn't be intelligible (I think UK government ministers have a head start here). So a successful eavesdrop will only pick up chatter about how cold it is this time of year, and how someone is looking forward to Spring in March .....

    2. Anonymous Coward
      Anonymous Coward

      Re: And again ....

      I once knew someone who was of interest to the authorities.

      When he sent letters he used to tape the envelopes, which often used to arrive still taped but with the hairs that were formerly under the tape now missing.

      He sent one letter with one of those Christmas Sellotape designs, in the summer, with the message on the back "now find some of this." Of course it (a) never arrived and (b) was completely harmless.

      As you say, there will be plenty of IT equivalents.

  17. Boris the Cockroach Silver badge
    Big Brother

    And just how does this

    protect us from terrorists when the event is already pre planned and just needs the 'go' signal with a time

    for example....


    <from: Religious nutgroup leader>

    <to : All>

    The swallow flies north in winter, but the coconut does not migrate.

    1. Killfalcon

      Re: And just how does this

      At least in theory, they want to snoop on the planning stages. You may say "they can just plan offline", but, well, there's a reason the drones keep hitting weddings 'by mistake': HumInt is tracking when suspects meet, and calling in the hellfires if they think there's enough Target in the collateral.

      That sort of thing (which, IMO, is probably some manner of war-crime) strongly discourages personal meetings. So SigInt has to try and fill in the gaps. Your average bomb-maker isn't going to roll their own crypto, but they're happy to use one of the off-the-shelf ones that the Five-Eyes types complain about not being able to crack.

      To be clear: I have some sympathy for the aims! Terrorists are bad. Child abuse rings, also bad.

      But the NSA, GCHQ and pals took a calculated risk by violating the privacy of millions, and the dice didn't work out for them. Nobody held a gun to their heads and said "you must spy on your own citizens, en mass, on dubious legal grounds". This is their screw-up, and it'd be nice if they took the consequences like adults.

      1. Anonymous Coward
        Anonymous Coward

        Re: And just how does this

        You've missed the point, they were spying on their enemies, (ie the public) rather than the really bad guys.

        It appears nothing has changed. Lessons have still not been learnt...

    2. batfink Silver badge

      Re: And just how does this

      Message received, Oh Great Leader Boris. Operations will commence at once.

      And congratulations on using such an innocent channel as El Reg to issue the order...

      1. amanfromMars 1 Silver badge

        Definitely not innocent when dancing to Loony Toons

        And congratulations on using such an innocent channel as El Reg to issue the order... .... batfink

        An innocuous channel is more APT and truthful, batfink, with guilt being attributable via the eye of the beholder with ignorant and arrogant support for exploding shenanigans and fast failing 0day ventures/FCUKd Up Serial Narratives.

        And who's saying the 77th Brigade are not deployed for special instruction/virtual mentoring and remote control monitoring here?

    3. The Central Scrutinizer

      Re: And just how does this

      The elephant rides at midnight.

      1. Boris the Cockroach Silver badge

        Re: And just how does this


        The elephant rides at midnight ???

        You got the wrong group mate, this is the syndo-cryptic revolutionary party(Leninist), you want the Free radicals of Marxist-Hofferists (Trotskyist) , they communicate over on the Daily mail forums.

        Where the ravings of a bunch of loons and splitters would never be noticed....

  18. Dan 55 Silver badge

    Hard pressed to see what's changed

    Apart from re-phrasing "backdoor" to "virtual crocodile clips", it's still exactly the same thing...

  19. Anonymous Coward
    Anonymous Coward


    Not sure how a virtual paperclip can be added quietly on end to end encrypted comms. If they were able to do a man in the middle intercept of traffic between 2 people then it could be used to MITM attack other things (web traffic, payment traffic etc). Most algorithms and approaches stop MITM, so they'd need to hack the source or target instead (or terminate the encrypted traffic at a proxy) but the receiver would then see it in the clear and not encryoted..

  20. Norman Nescio Silver badge


    While everyone is arguing over encryption backdoors, the Signals Intelligence Agencies are successfully misdirecting people, as you would expect.

    Snowden made it quite clear in the Q&A session hosted by The Guardian in 2013 that:

    Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.

    My emphasis on 'properly implemented'. While the algorithms used by various applications may well be theoretically secure, many implementations are flawed. Good luck in finding a cpu that doesn't have a built in back door ( Intel ME, AMD Secure Technology, VIA C3 "God Mode", ARM TrustZone*) , and, if on a mobile phone, doesn't have a baseband modem with proprietary 'binary blob' firmware which can be updated over the air by service providers that also has access to main memory (and therefore decryption keys). In addition, there are poor random number implementations, and overly bloated libraries with an indefinite number of flaws (OpenSSL) that have multifarious leaky side-channels. It is very strongly suspected the SigInt agencies actively try and influence standards setting committees to subvert and/or make implementations complex and prone to bugs so that groups like the NSA's Tailored Access Operations (TAO) have a range of implementation flaws to work with (See also BULLRUN. Easily obtainable secure end-points for communications do not exist. While everybody argues about the security of data in transit, little attention is paid to the security of end-points, which is a situation I expect the SigInt agencies are very happy with.

    It should not be necessary for me to point out I am against terrorism and/or child abuse. That said, as a society we appear to have a hard choice to make: gain the ability for select groups of people in authority to intercept communications between terrorist and/or child abuse conspirators (that ability also subject to abuse and subversion) ; or retain the ability for innocent people to have private conversations. It appears we cannot have both. I suspect that in the long run we will lose privacy. If you look at the use of social media, the cultural norms around privacy have changed hugely in a short period of time, and I would not be surprised for people in the future to make the explicit choice of living in a panopticon, partly justified on the basis of security and for the sake of the children, but mainly simply because it becomes normal to do so, and anyone desiring privacy would be regarded as a misfit.

    *Note that a lot of this technology is justified by its use in DRM for media use. Secure channels for playing digital media, etc; and also its use in easing management of large organisations' IT estate. Trusted Computing is about third parties being able to place what they regard as their content on 'your' computer and control it such that you can't do with it what you like - that is they trust 'your' computer to do what they want. Great for Hollywoood and corporate IT departments; and coincidentally great for SigInt agencies.

  21. Anonymous Coward
    Anonymous Coward

    Virtual crocodile clip?

    This is Britain we're talking about. Shouldn't it be a virtual bulldog clip?

    1. Killfalcon

      Re: Virtual crocodile clip?

      I thought bulldog clips were the big wide things you use for paper: crocodile clips being the narrow pointy ones?

      Unless this is one of those quirky etymology things where nothing makes and sense, which wouldn't be that surprising *gestures vaguely at the English Language*

      1. david 136

        Re: Virtual crocodile clip?

        Bulldog clips have short jaws, used to avoid short circuits on nearby things. Typically sed in large size for jump start/car charging cables.

        Alligators have long jaws, for fine things with some risk of shorting nearby. Good for punch down terminal blocks or relay racks.

  22. phuzz Silver badge

    "because the tapping would be at the vendor level, it would be hard for hackers and other malicious actors to exploit the same approach."

    Ok, sure. Even if we believe the above, there's still two parties that have just been granted access to our communications:

    There's the vendor itself, and if you think (eg) Facebook wouldn't try to use it's access in order to make money then you're pretty naive.

    Then there's all the low level workers, both at the vendor and at GCHQ, who now have access to everyone's chats. So now they can check up on their possibly cheating spouse/their ex/that hotty from down the road/some random celebrity/our Kevin's gran's aunt's cousin Sherryl etc.

    I'm not sure how keen the security services would be on (eg) some contractor at Snapchat selling details of the Queen's messages to the tabloids, or a blogger getting hold of the texts the PM sends to her husband either.

    1. the Jim bloke Silver badge

      re: our Kevin's gran's aunt's cousin Sherryl

      Does our Kevin have a different gran to the rest of us?

      And what would be the correct name for a Grans aunts cousin ? (besides "Sherryl")

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022