'Snoopers' Charter IS DEAD', Lib Dems claim as party waves through IP address-matching

All these terrible things will happen!!!!!

What a list of all the terrible things that will happen if you don't give them even more power to snoop on everything we do.

Most of these will not be affected in any measurable way by the extra powers.

The one thing that we do know for certain is that they will misuse the powers. Because they always, always do. Every single time any inside information on their operations becomes public, it is found that they have massively misused their powers.

"I'll have an IP address please, Bobby"

It makes me nostalgic for an AOL style system where your IP address was continually changing.

Three words about security

I have been using a VPN for a while - OK, so maybe it's not perfect against government level tech but I'm a lot more concerned about the local busybodies than the GCHQ/NSA bunch.

any recommendations for VPN router?

Hi,

Can anyone recommend a good router that allows VPN configuration? I'd like to get one before that becomes illegal too.

Thanks

anon in case this comment is regarded as aiding terrorism or something

Static addresses

It would be helpful for both law enforcement and customers, if broadband customers were always given a static IPv4 address plus a group of static IPv6 addresses for as long as they were customers, as with PSTN phone lines.

I note that some (perhaps many?) of the ISP-provided routers have firmware that conspicuously lacks support for DDNS services or supports only one professional DDNS service. ISPs really don't want to encourage VoIP services, which could explode if static addresses were widely available to the average residential customer, OFCOM permitting Or maybe despite regulation.

So what we have here is a battle between ISPs and government, who all want to maximise their control and use of the customer, some for commercial purposes, some for political purposes.

won't somebody please think of the children!

"For example, it can be used to identify a child who has threatened over social media to commit suicide."

I'd argue the information on their profile would be a better and quicker way to identify them.

All you need

Is an open wifi network of which you will find plenty and Tor running and you are good to go, use a dumb terminal with no hard drive and an OS on a stick and what will they have?

This is really aimed at the man/woman in the street so that the mission creep we saw with RIPA can be enhanced so they know what episode of strictly you watched when you put the wrong bin out.

And that's before we get people spoofing IP address details or cloning kit to make it look like someone else is up to no good.

It's not nesessary the evil

I disagree from the article writer and all the comentary.

First, even if somebody uses some simple techniques, it's still possible to trace the source. That might be important in some cases.

I undestand that most of the writers are ignorant enough because there was no major terror act happened since 2007 (?) in the UK. So they think nobody actually targeted the UK and it's safe. Actually, I'm sure there was a lot of effort being made to stop that activity.

Another reason for total ignorance is that nobody from those commented had any serious problem yet. If they have they will change their thinking. If you or your relatives are in trouble then you will be extremely happy about any help, even a little, from anywhere. Whether it is theft (which is not that bad) or somebody was raped and the video was put online or something like that.

Oh, that's awful, but I ... don't use any VPN at all. I don't hide. And I don't think I'm in a weak situation. I don't do anything unlawful. And I realise that nobody could have enough time to spy on me all day long. It just does not make sense.

Any commercial or political use of IP matching is not realistic. And it's not something you can get easily, nobody sells that data and will never have right to sell that data. Requests are usually done for a specific case. Major ISPs have that mapping anyway even for CGN (NAT inside the ISPs). Any sensible and smart person understands that there are critical times when you really need to know who that person was. That might be another 9/11 for example. Or it might be some network attack as well. There are many cases.

The whole hysteria created by media is simply a bubble in my view. There is nothing there. It's just to attract attention to the media. I'm confident that IP matching databases exist in all major ISPs. So any legislation will just make that a rule for everyone and set particular retention period.

Yes, you can get some information from different sources. But imagine that somebody killed your relative and you have an IP which might lead to a killer. Will you want your privacy (which is basically something in your mind which tells you that you are not secure for some potential, hypothetical or just simply made-up reason) or do you want police to trace that IP?

I can see why, in theory, the police would like to do a reverse lookup on an IP address to get the name of a person but this just won't work for a multitude of technical reasons. Any half competent defence lawyer should be able to mount a very robust defence against this sort of evidence along the lines of "prove it was my client using that IP address and not one of the dozen other people running through that NAT". At best it gives the police minor time saving to narrow it down to an address / subscriber. The chilling possibility is that this could pave the way towards the sort of legislation we have with cars e.g. the owner is forced to tell the police who was driving when an offence was committed.

Anyway, putting that to one side for a moment I can't see why we need this bill in order to stop terrorist attacks. Since the IRA stopped blowing us up I can think of only one major terrorist incident: the July 2005 bombings. Sure, there's been a couple of other incidents that were nasty but it's hardly like things are blowing up left right and centre. Since they keep telling us there's a terrorist around every corner I can only assume that the police have been doing an excellent job with the powers they have and therefore they don't need any more.

Just

tell ms May and the clueless nitwits that the terrorists are using a hidden internet to communicate their evil plans and that to access it, you need to connect at the IP address 127.0.0.1

Methinks we're going to see a lot of attacks from 192.88.99.1 (the standardised IP 6to4 address).

When this website can't even be bothered to put in an AAAA, what chances do the ISP's have of possessing forensic tools able to trace it back?

What's new about tracing an IP address to an individual?

.. I thought they had been able to do this for many years.

Doesn't every ISP keep a log which contains IP addr, time-date, telephone number? Or, if not telephone number, then some data that uniquely identifies "the other end of the telephone wire".

If not, will some knowledgeable person here please explain how it all works. Thanks!

She and the people wanting these powers are unlawful incompetent mobsters

Yes, what the legal system would call criminals, if the people running it were honest!

Anyone competent doing anything where security is critical is probably using at least one layer of VPN and proxies already, so tracking IPs will only catch newbies, lower income people, the less intelligent, or small fish; basically tracking IPs will be a useless waste of time and resources.

The private snoops and state 'security' already have so much traffic volume to scan and increasing broadband speeds are reducing exposure time, so I'd be surprised if they can find many a "needle in a haystack" at all, which is why I'm not concerned yet.

I'll move to unlogged VPN(s) when I see enough tracking competence to make it necessary; I don't yet!

This is Round 2

They lost round 1 when Directive 2006/24/EC (Their directive. Let us not forget Britain was its main and most enthusiastic sponsor) was found to be in contravention of fundamental rights earlier this year in Strasbourg.

What they are attempting to do now is come back with the same thing, but at a national level, and therefore hope that it will fly under the radar. It would be interesting to challenge this new law in court on the basis that the same principles are being violated as in the aforementioned Directive, if anyone still in Britain has any self-respect left and is willing to do that.

Fantastic bit of double talk there, wasn't it?

The LibDems: "And we congratulate ourselves on this new law which violates your privacy and presumption of innocence. We could have passed another one which would be even worse."

Anyone thinking this is any use for actual crime fighting...

I used to live in Spain and wanted my address updated on my residence document once, but had no means to prove that I actually lived where I lived, since everything was on someone else's name. So I called the police and asked them what to do.

Their advice: "Oh, don't bother. If we ever want to find you, we will find you."

That day I learned in Spain you can live as a free man, until the day you actually do something wrong. Suited everyone fine. :-)

Ho hum

Tor, VPN. SMB*.

*Suck My Balls

"communications data capability gap", "gaps in our armoury of powers",

but what about the gap between her ears? Shouldn't we worry about that one too?

Assuming this works

Assuming this works [which it won't] this would track all the MPs and their Lovers and all the political party backers - hedge funds and the like; financial institutions and all the rest.

There was a recent thing called phone hacking - will this be open to IP hacking?

The main politicos want the majority kept silent and only focused on which celebrity is bonking another celebrity's wife; what's going on in the big brother house or the jungle; who went off Strictly; the football news or name your own...

You do realize that for "newspapers" like the Sun, that each paragraph is one sentence. Their front page headlines tell you what they think is important. Keep the masses quiet! [and ignorant!]

The broadsheets generally have more analysis and I imagine that they'll be all over this.

Two immediate thoughts...

1. "The inability to link IP addresses to individuals poses serious challenges for law enforcement agencies." - well THAT is code for internet passports or ID cards. It's one thing relating an IP address to a name on a bill - hell, copyright infringement lawyers have been doing that for years, going after the account holder (very dubiously). But that's obviously useless for intelligence purposes and NOT what .gov are talking about; they're demanding the ability to identify *individuals* - even on shared internet connections, public WiFi hot spots, internet cafes etc etc. That means some kind of passport or digital fingerprint...

2. There's one obvious hole in this; prepaid (and overseas roaming) cellphones, bought and paid for with cash. There's no paper trail there, no way to identify that with a specific named individual - at least not with present technology...

Very very worrying stuff.

Wouldn't it be easier to just check the GDS or Airlines for a PAX?

"These measures are among a package of tough new powers that will address specific gaps in our armoury of powers to disrupt travel to Syria or Iraq and manage the risk posed by returnees."

As to everything else "follow the money" normally works better than anything else.

A confused SysOp writes:

I really really would love to be able to relate a specific IP address to a specific user, to find the wa**er who has been gaming my employer's online customer loyalty rewards scheme.

Yes, browser session records do contain the IP address of the connecting device. Problem solved?

No, more problems raised. As previously pointed out, an IP address is of limited use because there are so many routers and gateways funnelling NAT connections. A mobile user's IP addresses will be changing, and only likely to form a pattern if (e.g.) they travel the same way to & from work day in and day out.

It's even worse in this case because the naughty so-and-so I'm trying to trace is using multiple browers over a TOR connection.

99.9%+ of people that you can ID from a specific address are dumb or innocent or both.

The less-than-0.1% of real concern are going to be masking their real IP address.

Professionally, I'd be more interested if we had a way of finding the MAC address. Then we would be much closer to identifying a truly specific device-user. Now, how do we do that?

This is Insane

The service providers could say how many individual IP addresses are re-connected every day. Each IP address might have 5 devices connected through it - PC; laptop tablets; etc.

Some people log on and off 27 times a day [and 27 different IP addresses.] Then there are the mobile devices, wait until we have intelligent fridges and ovens; the Nest thermostat is half way there.

They will be buried under data, and the ISPs will be fighting to not to collect this anyway. If you have internet passports or ID cards, then that has to be authenticated - the ISPs will have to sign up to that with the authentication happening before you can connect to anything.

Another case of Government of Insanity.

Sigh, incompitance is the downfall of US all...

Listen Carefully Kiddies:

Cupcake (1.5)

Donut (1.6)

Eclair (2.0–2.1)

Froyo (2.2–2.2.3)

Gingerbread (2.3–2.3.7)

Honeycomb (3.0–3.2.6)

Ice Cream Sandwich (4.0–4.0.4)

Jelly Bean (4.1–4.3.1)

KitKat (4.4–4.4.4)

Lollipop (5.0)

Why would anyone take "Candy" from Strangers?

Read the Quotes from senior programmers around the world carefully...

"All SoC (system on chip developers should die!) - Linus Torvald...

The irony, those SoC chips which he publicly has a go at nVidia about, are actually OpenSource, it's a Linux SoC Chip made in TEXA's you know, that place with a UTAH datacenter?!?

It's the hive mind brain child of Microsoft & Redhat Linux & More Googliness!

Which is why everybody should just swap to a system that respects, security and privacy, it's called Berkley Secure Demon! Complete with LibreJS & LibreSSL... Gen. Alexander "Hackers need to do better!" Sadly no, your education must be lacking, hackers can break password hashes in 0.11 nano seconds with John the ripper.. Because one agency got into bed with IBM in 1976 and promoted a secure password hashing algorithm called the Data Encryption Standard (DES aka: Lucifer!) which was withdrawn publicly from circulation in 1999 by the National Information Standards & Technology (NIST) at the time in 1997 a replacement was offered called the - Information Concealment Engine or I.C.E for short, which was not adopted because it has no weak "keys" as a consequence 17 years later everybody is now a hacking victim, because your Agency, couldnt do what is was tasked with doing back in 1997!

in your WAR against cryptography you fail to understand that Cryptograhic Standards are open standards and the reason your security is suffering is because you guy's held it back, you stupid old goat!

Clearly all they need to do

Is make a GUI in Visual Basic to trace the killer's IP in real time.

I saw it on the telly.

https://www.youtube.com/watch?v=hkDD03yeLnU

Don't many mobile networks use the same Internet IP for many customers?

Will be fun to see how they get around that.

Old Teflon Drawers and her obsession with control power

Well if old Teflon drawers (nothing ever sticks to her , its always someone else,s fault) really thinks this rubbish will work, then let her and her followers put it in place, its all about making them think they are clever.and trying to impress others . Do they honestly believe that terrorist and others, cant overcome this?, how does this square up with "Whats App" and their decision to encypt ALL messages or others by using secure encypted VPN .

She is obsessed with wanting power to control everyone ,she is the next best thing to a dictatorship, trying to controll the population, and ensuring they cant read or access forbidden works.

Russel Brand sounds more normal by the day, none of these idiots are worth voting for, when they knock on your doors in the next few months , be sure to tell them so.

ECJ / European Court of Justice

In April the ECJ declared the ISP data retention stuff invalid as it went against the “fundamental right to respect for private life and the fundamental right to the protection of personal data” which lead to some ISP's in Sweden deleting all the logged data of their customers. I would assume that UK isp's should be abiding by this ruling too while we are still in the EU. Theresa May is attempting to trump this ruling among the many other atrocities she is attempting to rush through without oversight.

Some poor soul...

...took the trouble to go down the thread downvoting every comment that did not agree with The Official Stance.

Bless them. :-)

So basically

- Pendrive Linux

- Old laptop

- Pay cash at a Starbucks and use different Starbucks for free wi-fi

And you've bypassed everything.

The bill won't solve anything, but then that is probably the idea. It doesn't need to solve anything, it just needs to get her airtime and build up her reputation on making tough decisions. If it fails to pass it may make her position better; it could easily be spun as the present politicians lack ability to make tough decisions, so she needs to get an office with more power. And she is probably begging that the bill if passed then gets blocked by Brussels. Not only does she then get a reputation of a protector of the people, tough on (insert latest buzzword), but she also can get the euro-sceptic vote as well.

Win Win as far as she's concerned.

Would Sir Humphrey love it? You might think that, I couldn't possibly comment.

Meh

Can you not feel the democracy. Words fail me, it fills me with an awe inspiring sense of pride to know our leaders have the necesary courage, and the resolve required to make difficult decisions in these difficult times. Without people like Theresa May, terrorist bombers, and paedophiles would be littering every street corner... :P

Collective Responsibility?

Surely this should mean the members of the Cabinet are personally responsible for the inevitable fines DRIP and this new piece of illegal legislation will garner from the ECHR?

Maybe that would start to concentrate minds.

Only personal consequences work when dealing with such people.

The internet is inside a box.

The problem is they think the IT Crowd is a factual documentary.

The IT Crowd - Series 3 - Episode 4: The Internet

https://www.youtube.com/watch?v=iDbyYGrswtg

It's all in the box! It must be easy!

You have to decide which bit is the comedy, Theresa May and the Govt or the IT crowd!

So easy to overcome

Whenever they come out with these ideas it always shows they know sweet FA about technolofy.

So what happens is that the whole population is monitored and has their privacy invaded while the actual villains use a VPN like this https://bitly.com/vpn01 which has 44,000 IP addresses to choose from and allows you to state your locations.

Even if they did not spring $60 for that they might just grab one of the less secure 20,000+ proxies advertised every day.

Maybe that is the idea, get people to use these VPN services and then have MI5 hack the VPN provider.

I have used these to watch BBC TV while abroad and in my work or just when I do not like the idea of being snooped on.