On 10/08/13 10:33, Kyle R W Milz wrote:
Now here is where things get interesting, from the data centre to my
home:
[...]
Take a look at the 5th and 6th hops, they are in the US. The data
goes from Calgary to Vancouver down into the US to Seattle and then all
the way back to Calgary.
So long winded answer to your question: Canadian internet traffic will
stay in Canada and won't make these ridiculous loops.
I guess if the NSA has coerced with CSIS or whatever the Canadian
equivalent is then there might be cause for worry there (quite likely as
we parrot almost everything the US does).
I've seen similar paths when tracerouting from my location (NE of
Toronto) to west coast sites. Depending on the site, the packets take a
little detour to NYC, Chicago, Seattle, etc., before coming back into
Canada.
Please forgive my little ramble here:
20 years ago, my girlfriend and I drove from Whitby, Ontario (just east
of Toronto) to Banff, Alberta. We drove through Calgary, BTW. On our
way out there, we decided to take a short cut through some northern
states: Michigan, Wisconsin, Minnesota and finally North Dakota, before
heading north to Winnipeg, and continuing west. It was considerably
shorter than driving through northern Ontario, above Lake Superior.
Stupid me, I completely forgot I had a bag containing something the
border authorities would very seriously frown upon. They gave a cursory
check to the trunk, and I paid a $2 duty on the (obvious) case of beer
that I bought in Canada. The guys in the car ahead of us got the full
shakedown.
We slept in the car until the border opened. It wasn't until we pitched
our tents for the first time, the next night, and broke out the bag,
that I realized my (our) mistake. Needless to say, we didn't cross the
border again and took the long way home.
My point is that staying in Canada and not crossing the border might be
a good idea by car, (and that was pre-9/11), but I don't think in this
day and age that it really matters if your packets cross the border or not.
Remember, Canada is one of the "Five Eyes" (along with the US, UK,
Australia and New Zealand) whose intelligence agencies happily share
information. How much, we don't know, but it gets around legal
loopholes about not being able to spy on your own citizens. (Which the
NSA disregards entirely.)
The Canadian equivalent to the NSA isn't CSIS, it's CSEC.
https://en.wikipedia.org/wiki/Communications_Security_Establishment_Canada
The ECHELON section on that page explains the Five Eyes setup, about
sharing information, and it's been going on since 1948. And don't
forget, since we are "foreign", it is within the NSA's mandate to
monitor us.
So you bet your ass they are watching us, because they can.
While I have no proof of this, it is strictly my unfounded theory, I
would also think that the NSA pays particular interest to OpenBSD. It's
right there on the OpenBSD site's pages that they're located in Canada
to /specifically/ avoid US "interference".
If you were the NSA, wouldn't you find an organization that:
1) blatantly says they're in Canada to avoid US government problems,
2) is arguably the most secure OS on the market,
3) (I think..) was the first to use integrated heavy crypto, including
IPSec,
4) has a subtle (and sometimes not so subtle)
anti-government/anti-establishment tone on the mailing lists,
5) is completely open source with all commits publicly viewable,
6) is probably run by a bunch of "commie hippies" (in their eyes),
wouldn't /you/ (as the NSA) keep an eye on those liberal bastards?
My friend replied to me, from his gmail account, to my email server
located in my own home, using my own Canadian-registered domain, "And if
a government really wanted to track you, well, lets face the facts. You
and I just aren't that important. haha"
I had to point out to him that, let's face facts, you are exactly one
degree of separation from someone, who (albeit tangentially) is involved
with not just any FOSS organization, but OpenBSD, who is /probably/
"watched". I'm in the list archives, and listed on the donations page.
You are one degree of separation from someone who runs their own
servers, has publicly said uses full disk encryption on Internet-related
servers (and knows how to pull a power cord), and runs a members-only
site that requires HTTPS. All of that is considered "suspicious". If
the NSA is looking around, they've probably noticed me, and looked at
me. Too paranoid?
I failed to mention (here), that one of my oldest friends is in the
Canadian Forces. He works in SIGINT. I don't know what he does, and I
don't know his exact clearance, just that at the least it's "secret"
level. I know he can't talk about anything work-related (and doesn't).
Before he got his clearance, how far did they look into my friend's
friends, like me? I have no idea.
So, I said to my other friend: that "You and I just aren't that
important. haha" may be true, but keep in mind you are two degrees away
from someone with (at least) "secret" clearance in SIGINT in the
military, with the connection (me) being someone who /might/ have been
looked into, or is actively watched. Also remember, the NSA /really/
loves to draw pretty pictures showing relationships/associations between
people and organizations.
Food for thought for everyone, but like I said, he doesn't care and
won't think about it.
--
Scott McEachern
https://www.blackstaff.ca
"Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers,
kidnappers, and child pornographers. Seems like you can scare any public into allowing
the government to do anything with those four." -- Bruce Schneier
