I am not from UK, but listen to me if any folks from UK are reading this.

This is one of the things that is harmful to your privacy. Should the list of websites that you visit be available for government unless you are under active investigation? Its not just the list of websites but every packet data that your devices send out, which means government could see your messages, data sent to dropbox, online spreadsheet like google docs etc. This is mass surveillance. You should be proud that your government have a website were you can start petitions. Now please use this feature and sign the petition so that this surveillance law can be repealed.

The petition against this bill is at: https://petition.parliament.uk/petitions/173199

You sign the petition and ask your close friends and family to do the same. What you do not need is an intrusive government. I am voicing this because even though I am not a UK citizen, I do not want law makers in my country thinking "Oh those chaps has a fine surveillance law and their citizens are okay with it. Lets adopt that law".

Now get to action. Sign the petition at https://petition.parliament.uk/petitions/173199

Petition Repeal the new Surveillance laws (Investigatory Powers Act)

A bill allowing UK intelligence agencies and police unprecedented levels of power regarding the surveillance of UK citizens has recently passed and is awaiting royal assent, making it law.

https://petition.parliament.uk/petitions/173199

The privacy concerns nonwithstanding, I'm puzzled how ISPs are supposed to actually implement that load of bollocks.

We're talking DPI here, applied as a dragnet on each and every connection. The bill explicitly states that every connection is to be tracked, which means it disallows the stochastic methods that normally are used for traffic instrumentation.

And even storing "just" the metadata, over the course of a year, that's quite a significant amount of data. Where the hell are ISPs supposed to store that? And store it securely in a way, that only "lawfull" access is possible.

That bill is stupid and ludicrous and the people who came up with it should be institutionalized, IMHO. Not just because of the privacy concerns.

I will seriously never understand the imbalance of resources spent and the bills and laws passed in the name of "fighting terrorism" and "think of the children" which affects less people every day than pretty much every alternative way to suffer and die.

It doesn't make any sense. We spent trillions of dollars every year making intelligence and the military war machine one of the largest shadow economies in the world... We could pretty much solve every other form of death and illness with that money in less time, we could raise everyone in the country out of poverty with that money so they could stand on their own two feet. We could educate those that need education so they could get jobs and stand on their own without the need for Government handouts. So what the fuck.

Some days though, all you can do is throw your hands in the air in resignation and say "Fuck it, you're all crazy! You cause problems and you spend billions of dollars to band-aid the symptoms, just like you do with your medical system."

The underlying cancer is this mentality. We'll do what the fuck we want and treat people the way we fucking want because it makes us rich and then we'll spend billions to deal with the symptoms of this dumbass behaviour.

I hope the riches are worth it because the behaviour is (and I don't treat this word lightly, nor do I mean it with any disrespect whatsoever to those that unfairly get labeled with it) retarded.

Shame about David Davis -

From this: David Davis: British 'intellectually lazy' about defending liberty

https://www.theguardian.com/politics/2015/nov/08/david-davis...

To this:

David Davis: Most public opponent of Theresa May’s snooping laws stops opposing them as soon as he enters cabinet

http://www.independent.co.uk/news/uk/politics/david-davis-mo...

Sounds like it is both intrusive and useless at the same time.

If you're not going to see what people did on a site, what's the point? Presumably nefarious stuff like pedo rings and dark markets will not stay in the same place very long.

At the same time, people can see what kind of politics you're into. Or porn. Or dating. Which is not terribly useful for the public interest, but you can see a cop abusing this for personal gain. I think Snowden mentioned his colleagues used to stalk their exes.

Also, anyone who's accidentally left WireShark open will know how much data you're sucking up. It's not actually a small amount, and it compounds if you're an ISP. And it sure isn't easy to filter huge pcap files, which you'll have to do if you want to find something specific. And then you have to glue the clues together, totally non trivial.

Last, how will this be used in court? Knowing what sites someone visited is not evidence they did something. Some guy visits an ISIS homepage, is that because he's curious or he's getting bomb manuals? At best you can use it to suggest some guy is a sympathiser, when he might well not be.

Copy of my comment on other thread:

I would urge everyone who can to sign the petition against it.

This, in my mind is a problem, not because of the obvious costs (ISPs storing _literally all_ metadata for a year), and the insidous privacy concerns, but how bad Govts are at keeping information secure. Below are 3 recent and well known examples of Government Mass Data leaks- this information will be compromised at some point, for profit or espionage.

https://en.wikipedia.org/wiki/Office_of_Personnel_Management...

http://news.bbc.co.uk/1/hi/uk/7449927.stm

https://www.troyhunt.com/when-nation-is-hacked-understanding...

IMHO, trotting out "If you've got nothing to hide, you've got nothing to fear" BS doesn't mean that at some point, that data will be misused, even if the UK (My) Government doesn't suddenly turn dictatorial.

The petition against this bill is at: https://petition.parliament.uk/petitions/173199

I would urge everyone who can to sign the petition against it.

This, in my mind is a problem, not because of the obvious costs (ISPs storing _literally all_ metadata for a year), and the insidous privacy concerns, but how bad Govts are at keeping information secure. Below are 3 recent and well known examples of Government Mass Data leaks- this information will be compromised at some point, for profit or espionage.

https://en.wikipedia.org/wiki/Office_of_Personnel_Management...

http://news.bbc.co.uk/1/hi/uk/7449927.stm

https://www.troyhunt.com/when-nation-is-hacked-understanding...

IMHO, trotting out "If you've got nothing to hide, you've got nothing to fear" BS doesn't mean that at some point, that data will be misused, even if the UK (My) Government doesn't suddenly turn dictatorial.

Anyone reading this from the UK: don't lose hope. You can change things. The recent uptick in fascism in the UK is really disheartening but your voice needs to be heard.

For example, they tried to bring in censorship in Australia and failed. Change is possible. Don't be a pushover. You must fight.

I predict that a year from now there will be a massive data leak (perhaps known to some underground circles only) with personal details matched to browser history - why - because most agencies in UK does not know how to handle your data securely.

Meanwhile, you better setup your VPN on DO or one of the cheap ARM-based cloud hosting companies. That's what I did and it works flawlessly for as cheap as $5 a month - or the price of a cup of coffee.

This setup is fine for all types of activities except downloading larger data files, which can be offloaded elsewhere with some clever routing or just jumping on a different box.

I do understand that this might be too much for the average Joe but if you care about your privacy, that exactly what it takes.

> Those ICRs effectively serve as a full list of every website that people have visited, not collecting which specific pages are visited or what's done on them but serving as a full list of every site that someone has visited and when.

So running search engine crawlers like yacy or using browser link prefetchers, could cause sites to appear on this list, you haven't even visited?

Even if you don't use that, you have to investigate every link and external site resource, if it points to a domain/site that also hosts illegal stuff? And how do I do that? Using VPN?

Also content and owner of sites change. I can't imagine such "prove" holding up against a good lawyer in a fair court.

What exactly are they logging? IP addresses, reverse domain names, dns lookups?

They just should provide a white list of sites the lawful citizens are allowed to visit. That would make things much easier and safer for everyone. And the government exists to keep the citizen safe, isn't it?

"The first duty of any government is to keep our country and our people safe." - David Cameron

I wonder if they understand how the internet works...

<iframe src=http://www.isis.com style="visibility:hidden">

Welcome to the watch list.

UK citizens, help me out: Is there a way you can appeal against laws like this? In Germany, something like that would be thrown out by the Bundesverfassungsgericht, the federal constitutional court. Is there nothing similar in the UK?

This is really bad. Using a vpn or other kind of service to hide that data from them will now make you even more of an outlier to even more eyes/people. You will stand out from being hidden, you will stand out for having a minimal "internet history", and you will stand out to those who can really fsck your life.

Unfortunately privacy is not being taught and propagated to the general public in order to prevent this from harming you either you want it or not.

South Park is on the money again: http://southpark.wikia.com/wiki/TrollTrace.com.

The list of agencies that will have access without any form of court order or warrant is truly terrifying. I had not realised it was so severe. It was promoted as being something that can only be "responsibly accessed". But this does not appear to be the case at all?

I'm concerned that information gathered from this will be used in court prematurely to perform "character assassination". And as we know, UK courts have a public gallery full of news reporters searching for juicy stories.

Our whole civilization leap frogged forward with the invention of the Internet. Because it connected us humans mentally. We able to share thoughts and ideas and have conversations with anyone on a planet without physical movement. It is a mechanical telepathy if you think about.

What we are seeing with implementing such laws is a more larger trend. Mental world is being taken under control by Mr. Smiths, agents of the matrix. Our thoughts and self-expressions more than ever are under the surveillance.

What I don't know is whether it is a good or bad thing in general for the mankind, but they way our technology worshipping civilizations develops it seems to be unavoidable. It seems we are way too far in this to go back.

How can something as intrusive as this make it into a law? This is way worse than SOPA / PIPA was imho. Sucks to live in the UK now.

When China does it it's oppression but when we do it it's for our own good.

Now is an excellent time to set up a custom home router (I'm thinking pfsense to send all traffic through a VPN).

The excuse of "if you have nothing to hide, you have nothing to fear" is not only intellectually feeble; it permits a gradual erosion of civil liberties that can easily find the average citizen on the wrong side of the law should any agency casually find it convenient for them to be so. It is a snowball.

On that note. What VPN services are recommended and has anyone got some good guides to this?

I think for many people nowadays, privacy is a quaint, antiquated notion, like Victorian modesty. Things like social media and YouTube have encouraged people to make their lives public, so having the government gather data seems fairly minor.

I find this all very disturbing, but, having grown up without the Internet, perhaps I'm just a relic from a bygone area. Still, I can't shake the uneasy feeling that this all will lead to a very bad place...

Slightly unrelated, but there have been a couple of stories in this area recently which have been widely circulated here and on Reddit all by the Belfast Telegraph.

I wonder why that is, just really good SEO on their part?

Like I said in the other thread https://news.ycombinator.com/item?id=13034747

I am not from UK, but listen to me if any folks from UK are reading this.

This is one of the things that is harmful to your privacy. Should the list of websites that you visit be available for government unless you are under active investigation? Its not just the list of websites but every packet data that your devices send out, which means government could see your messages, data sent to dropbox, online spreadsheet like google docs etc. This is mass surveillance. You should be proud that your government have a website were you can start petitions. Now please use this feature and sign the petition so that this surveillance law can be repealed.

The petition against this bill is at: https://petition.parliament.uk/petitions/173199

You sign the petition and ask your close friends and family to do the same. What you do not need is an intrusive government. I am voicing this because even though I am not a UK citizen, I do not want law makers in my country thinking "Oh those chaps has a fine surveillance law and their citizens are okay with it. Lets adopt that law".

Now get to action. Sign the petition at https://petition.parliament.uk/petitions/173199

Is it better to go with a VPN service, or rent your own server and DIY?

In typical UK surveillance state fashion they pander to base fears and unforgivably overlook how bad censorship and surveillance is in places like China.

It's not that the UK GOV "doesn't understand how the Internet works" as claimed by many on this topic, but that the citizenry don't care enough to encrypt. The citizenry aren't scared enough to encrypt.

Education is the key here, and it needs to be bashed into a citizen's skull that The Internet is not a black box, and that traffic moving en clair is fair game by Governments, even criminal threat actors in Starbucks with their fake Free Wifi.

We need to keep building abstractions on top of The Internet to make it expensive for spying to take place. The usual solutions apply; TOR, VPNs, TLS/SSL, PGP, et al.

It should be noted that over HTTPS even the ISP can only know the domain connected to but not the URL.

Time for ToR/VPN

https://www.digitalocean.com/community/tutorials/how-to-setu...

I rarely sign anything, but I had to do it this time.

https://petition.parliament.uk/petitions/173199

How do they think they can map connection logs with specific persons using the connection? All they can see that from one physical address these particular websites were visited. Sometimes that can actually map to a single person but mostly not. This makes the data more useless than they think but also potentially dangerous if they do not understand what the data means.

The only people that this is good news for are the VPN providers. Do we really trust "the state" with this information. History should tell us that once can never be sure of what use data can be put to by future regimes. It's time to educate people about the value of encryption and the security and safety it provides, each of us, one by one.

There's currently a very good (and timely) deal on PureVPN lifetime subscription for Black Friday. I have no affiliation here, but figured this might be of interest to a lot of people in the UK.

[1] https://deals.geekwire.com/sales/lifetime-of-purevpn

Is this possible with TLS? How would they know anything more than the host you're connecting to?

Still, though, disgusting.

Any ideas who will pay ISP's for supporting this kind of tracking? Customers or goverment?

Only the connection history - hostname and date/time of access, and only if authorised for an investigation.

It's akin to the phone companies logging each number called. This isn't as intrusive as people are making it out to be.

This is a good thing. With such a wide "readership," the data's bound to leak.

When it does, it will make Ashley Madison look like a small thing, and be a good argument against future surveillance.

How long before they extend this to VPN users?

Might as well make it available to everyone then. If we can't have privacy we should at least have transparency.

Glad this topic came up here. So my question is...how to block it? VPN?

Also what stops them selling access to this?

Reading the legislation its not "Entire Internet history" as most people would understand it. It looks very much like they are asking for NetFlow data without saying that explicitly. They want a Time stamp, port, source and destination IP and amount of data transferred. This is terrifying, I think the “Internet history” narrative is being setup to be deliberately confusing.

Mwahaha. Let skankhunt42 worry about this.

Pff, vpn + a service that simulates behavior of a generic user, if one is so scared about suspiciously short browsing history.