Re: Standing Up Against German Laws - Project HayNeedle
On Nov 13, 2007, at 12:39 PM, Paul Wouters wrote: Instead of creating noise, one should fix the problem of sending out plaintext email, and encourage people to use email encryption such as Enigma for Thunderbird. Encrypt IM conversations with OTR, and via other ways pro-actively protect ones own privacy. That is a real structural solution. Don't blame others for not using an envelope around your own communication. Actually, that's not really part of the issue. The logs don't contain context, just who/where/when. While encryption will prevent (one hopes) the capability of recovering context, who you talked to is not kept private or otherwise secret.
Re: [Full-disclosure] Standing Up Against German Laws - Project HayNeedle
On Nov 11, 2007, at 1:26 PM, Duncan Simpson wrote: The signal-to-noise logic probably does work, but I am not sure the legal angle does. If you were *deliberately* ran the software that acidently downloaded that kiddie porn the suggested angle might not work. That's been an ongoing question for me with regards to things like TOR gateways. As has been recently posted on Risky Business[1] and The Age[2], TOR doesn't prevent sniffing of the traffic leaving its gateway. If a running gateway connects to a server with "information of interest" - child porn, bomb making information, a known criminal forum - that brings authorities investigating to your house, it isn't a very good way to cover ones own tracks with noise. On a similar note, randomly connecting and pushing network data may create noise that obscures important data, but it may be easily filtered out from the logs during analysis. A law requiring log data to be retained for 6 momths should be a major problem to enforce. Last time I think the UK mooted this it did not happen (disclaimer: this might have been a trial balloon designed to generate flak). My reaction at the ISP end was "OK, will you buy us the extra hardware required?" with the intention the answer would be "no" and the plan quietly killed. (Thinking that plain daft things will not be enacted is not always reliable, unfortunately). That's been my first question as well. Storage, at least for compliance purposes, has gotten cheaper. 6 months of log data for most ISPs will still be under the 500GB range of disk. The harder part of the stored logs is making it easily analyzed and relevant. There are, of course, several companies in the data retention compliance arena already, most have offerings for PCI, SOx and HIPAA. It's not a stretch to think there are smaller offerings to handle this German laws lighter retention requirement for logs. [1] http://www.itradio.com.au/security/?p=48 [2] http://www.theage.com.au/news/security/the-hack-of-the-year/ 2007/11/12/1194766589522.html
Re: Standing Up Against German Laws - Project HayNeedle
On Nov 12, 2007, at 11:27 AM, Matt D. Harris wrote: However some of these issues can be mitigated without too much trouble. For example, one could have a dynamically growing dictionary of words to search for based on random words in random results pages that it grabs. At the very least, this would kill any attempts to filter it out of the data mining system. That'd be a significantly different approach. Even grabbing data from the previously browsed cache would also work, as far as seeding dictionary goes. If the point of the system is primarily to create plausible deniability for the end-user, that is, to allow them to say "hayneedle hit the site, not me, so I am innocent", then I'd say it could be effective in that regard barring some proviso in the law that allow them to persecute someone who did not actually even visit a site of their own volition. Beyond that, it's also effective in terms of turning up the noise to signal ratio and making this law that much less effective, while placing a greater burden of ISPs who are then more likely to lobby against it ever more vigorously all while remaining entirely 'white area' in terms of functionality. If I read the law correctly, it requires retention of "what IP connected to another IP" and "which phone number called where." It doesn't bother retaining the URL called (my German is rusty, so I may be a little off in my interpretation). Connecting to a random IP on a random open port (80 and 443, for example) would be a good start to accomplish the goal creating chatter. The issue is that the search terms to find those ports could lead to connecting to a site that increases your profile against general background chatter, even as it is raised with random connection traffic. In that light, I'd regard use of something akin to TOR a slightly better solution for protecting privacy and filling up logs. I understand your post, but I don't think Mr. Ziegler was over- selling his product's effectiveness beyond what it is really capable of. I wasn't saying there was overselling the effectiveness. I do think the approach is innately flawed from a privacy standpoint.
Re: Standing Up Against German Laws - Project HayNeedle
On Nov 10, 2007, at 9:28 AM, Paul Sebastian Ziegler wrote: The mechanism is quite easy: It searches Google for random words and picks random pages among the results, then spiders from there (well it is spidering except that it only follows one URL at a time within a session thus simulating a user). There's a few things wrong with this approach. Most of them were outlined by Bruce Schneier when he reviewed "TrackMeNot"[1] last year. The same issues with TrackMeNot apply to Hayneedle, including potential false positives, and list of word combinations that can be filtered out easily, and well, the list goes on. [1] http://www.schneier.com/blog/archives/2006/08/trackmenot_1.html
