Can my ISP see my NNTP traffic?

Discussion in 'Computer Security' started by Regal, Apr 7, 2004.

  1. Regal

    LeDiver Guest

    On Thu, 08 Apr 2004 21:23:51 +0100, Jeremy Paxman wrote:

    : :On Thu, 8 Apr 2004 12:52:13 +0100, "James" <>
    : :wrote:
    : :
    : :>:: :
    : :<snipped>

    : :This message was sent via an encrypted tunnel. I live in the UK. I
    : :would love to see the logs of my ISP. It will just be apparent
    : :randomn garbage, of course. They will only know that it is encrypted
    : :data and it is going to an SSH2 enabled host server in Hong Kong. I
    : :use this server for all my web browsing, usenet postings/downloading
    : :and Email.
    : :
    : :It must be very frustrating for some busybody.
    : :
    : :
    Does not look frustrating at all.

    1. What is usenet?
    Here are some links with a LOT of good information:
    http://www.usenet.org/
    http://www.faqs.org/usenet/
    http://www.hypernews.org/HyperNews/get/ usenet.html

    Civil Investigations
    Newshosting will not release a customer's personal information or usage information to investigators, attorneys, or agencies unless we are
    directed to do so by a court of competent jurisdiction in the matter. If there is a hearing in court, the customer will be notified so they
    will have an opportunity to contest the surrender of personal information.

    Criminal Investigations
    Newshosting cooperates fully with law enforcement agencies, yet there must still be a court order before Newshosting surrenders customer
    information. The Fourth Amendment to the US Constitution requires a court order to conduct a search and seizure. Newshosting will, when
    requested by law enforcement entities, acknowledge the existence of personal customer information, and when requested, provide the technical
    language to include in the court order, "particularly describing ... the property to be seized." In a criminal investigation Newshosting is
    under a duty not to divulge the fact of the investigation to the customer


    Pricing

    10G/month
    $10

    25G/month
    $20

    50G/month
    $30

    60G/semi-annual
    $50

    150G/semi-annual
    $100

    300G/semi-annual
    $150



    Retention

    binary
    99%+
    ~18 days

    text
    99%+
    ~180 days

    Questions & Answers

    2. What newsgroups do you carry?
    A complete list can be found at http:// www.newshosting.com/support/util/groups/.
     
    LeDiver, Apr 10, 2004
    #21
    1. Advertisements

  2. Regal

    Anonymous Guest

    I would like to agree with you, but I have actually examined some of the

    I think this is upside down. I though it was Europe who are desperately trying
    to establish data retention laws..or was that more Tony Bliar spin ?

    Generally, I obviously have to agree with many of these posts that a vast amount
    of data can be and is logged at multiple locations. But I also feel that there
    has not been really any cases of this logged data getting into the public domain
    which I find highly surprising.

    We've seen in the UK high profile celebrity sting operations (like with Pete
    Townsend) who was accused (apparently the FBI tipped off UK authorites) that
    he had accessed material from a child porn website.

    We've seen cases like Gary Glitter where he stupidly walked into PC world with
    a load of child porn filth on his machine

    It would be nothing for a lowly/or pissed off ISP employee to be approached
    by a journalist looking for dirt on a celebrity/politican to dig around the
    logs and get some juicy info. And even if this were illegal and intrusive it
    would *still* get into the public domain and slip out gradually about what
    sort of porn celebrities and politicans were viewing, and compromising emails
    that were exchanged etc. Even the Police in the UK are very very fond on leaking
    celebrity dirt stories to the press (Towsend, Leslie) etc.

    The fact that this hasn't really happened yet is very surprising. Maybe they
    use Cotse or a similar service but to be honest I doubt that.

    In any event, UK or EU laws, people really never understood the threat that
    Tony Bliar and his corrupt rotten government posed to the fabric of the UK

    privacy fan
     
    Anonymous, Apr 10, 2004
    #22
    1. Advertisements

  3. Regal

    Nomen Nescio Guest

    I would like to agree with you, but I have actually examined some of the

    I think this is upside down. I though it was Europe who are desperately trying
    to establish data retention laws..or was that more Tony Bliar spin ?

    Generally, I obviously have to agree with many of these posts that a vast amount
    of data can be and is logged at multiple locations. But I also feel that there
    has not been really any cases of this logged data getting into the public domain
    which I find highly surprising.

    We've seen in the UK high profile celebrity sting operations (like with Pete
    Townsend) who was accused (apparently the FBI tipped off UK authorites) that
    he had accessed material from a child porn website.

    We've seen cases like Gary Glitter where he stupidly walked into PC world with
    a load of child porn filth on his machine

    It would be nothing for a lowly/or pissed off ISP employee to be approached
    by a journalist looking for dirt on a celebrity/politican to dig around the
    logs and get some juicy info. And even if this were illegal and intrusive it
    would *still* get into the public domain and slip out gradually about what
    sort of porn celebrities and politicans were viewing, and compromising emails
    that were exchanged etc. Even the Police in the UK are very very fond on leaking
    celebrity dirt stories to the press (Towsend, Leslie) etc.

    The fact that this hasn't really happened yet is very surprising. Maybe they
    use Cotse or a similar service but to be honest I doubt that.

    In any event, UK or EU laws, people really never understood the threat that
    Tony Bliar and his corrupt rotten government posed to the fabric of the UK

    privacy fan
     
    Nomen Nescio, Apr 10, 2004
    #23
  4. Regal

    Don Guest

    It is Tony Bliar spin. The whole thrust of relevant EU directives is to
    protect personal privacy. But this really sticks in the throat of our Fuhrer
    and his cronies who want complete information and complete control.

    regards
    Don
     
    Don, Apr 11, 2004
    #24
  5. Regal

    Rowdy Yates Guest

    pro. cisco guys tend to kick serious butt at comp. networking. i am pretty
    sure they have more than a few tricks up their sleve they can use if they
    were asked to implement a solution by a law enforcement agency.

    Rowdy Yates
    "the man who tried and failed miserably"
     
    Rowdy Yates, Apr 11, 2004
    #25
  6. Can they not use Secure nntp over port 563? I have not done this, so
    I am unsure, but just a thought?
     
    Michael Sherman, May 5, 2004
    #26
  7. Regal

    nemo Guest

    Do a Google search on the words "Astra newsserver " with quotes.

    You'll see that it's not only your ISP that can see your Usenet traffic!

    I posted a message complaining about a crap boss I had and it turned up the
    head of the list in Google if you did a search on his name.

    Being a vain man, I'd dare say he did such a search fairly often and saw my
    nasty post! Oh dear - how sad - never mind!

    Nemo the newbie.
     
    nemo, May 30, 2004
    #27
  8. Regal

    Chester Guest

    Your ISP can see everything you do if they want. Although it's not likely
    they will zero in on you unless they get a complaint. Everything means
    mail, surfing, news, and everything else.

    Most ISP's are routinely logging all customers accounts as I've read. You
    need to use a good privacy service:
    www.privacy.li
    www.cotse.net
    www.anonymizer.com
    Only thing is if you want this protection you will have to pay for it. Hope
    this helps.
     
    Chester, May 30, 2004
    #28
  9. Regal

    nemo Guest

    The last I heard was they keep a record of what everyone has posted for a
    couple of months, but because of storage restrictions only keep a record of
    what they've looked at for a week or two if that.

    The security services scan all communications using key words to select what
    to store and follow up, like Bin Laden, names of explosives, weapons, names
    of extremist groups etc. but these days I don't think anyone would object to
    that.

    Anyway, last night, Channel 4 proudly announced that since a judgement under
    the Human Rights Act some months ago, which the media and the pro-censorship
    lobby have pointedly ignored up to now, hard-core adult porn is now
    perfectly legal in the UK. So unless you're a really sick puppy like Jacko,
    they can't nick you now anyway!

    Mary Whitehouse must be turning in her grave!

    http://news.bbc.co.uk/1/hi/uk/1673170.stm

    I met her once. She was the sort of person where you only had to say hello
    and you'd realise she was barmy! My cousin met Margaret Thatcher once too.
    Same diagnosis! Anyone on here met Dubya???? :eek:)

    Nemo

    PS: Ganja is more-or-less legal over here now too, so we're not doing too
    bad, even with a git like Tony B'Liar for PM.
     
    nemo, Jun 1, 2004
    #29
  10. Regal

    Qintin Guest

    I don't understand. ISPs do not keep copies of e-mails surely? So why
    would they keep NNTP traffic?

    I thought the storage directive in the UK was voluntary and the ISPs were
    refusing to sign-up to it?
     
    Qintin, Jun 2, 2004
    #30
  11. Regal

    Leythos Guest

    The point is that an ISP or anyone along the path to you/them, can track
    what you are doing if they want to. Just live with it, it won't change.
     
    Leythos, Jun 2, 2004
    #31
  12. Regal

    Bill Unruh Guest

    ]> > >
    ]> > > You'll see that it's not only your ISP that can see your Usenet
    ]traffic!
    ]> > >
    ]> > > I posted a message complaining about a crap boss I had and it turned
    ]up
    ]> > the
    ]> > > head of the list in Google if you did a search on his name.

    A usenet post is SUPPOSED to be readable by everyone in the world. That is
    what usenet is all about. And Yes, google does also search over usenet.
     
    Bill Unruh, Jun 2, 2004
    #32
  13. Yup. Google groups is great. I love seeing my name all over it.

    Sean Weintz
    T. Sean Weintz
    Sean Weintz
    T. Sean Weintz

    Yeah.
    all the way back to '96. 8 years of garbage it's collected on me.
    Flame wars and all.

    --
    Copyright 2004 T. Sean Weintz
    This post may be copied freely without
    the express permission of T. Sean Weintz.
    T. Sean Weintz could care less.
    T. Sean Weintz is in no way responsible for
    the accuracy of any information contained in
    any usenet postings claiming to be from
    T. Sean Weintz. Users reading postings from
    T. Sean Weintz do so at their own risk.
    T. Sean Weintz will in no way be liable for
    premature hair loss, divorce, insanity,
    world hunger, or any other adverse relults
    that may arise from reading any usenet
    posting attributed to T. Sean Weintz

    ALSO - FWIW, The following WHOIS Record is years out of date:
    Weintz, Sean (SW2893)
    Sean Weintz
    462 Sixth Street , #A
    Brooklyn, NY 11215
     
    T. Sean Weintz, Jun 2, 2004
    #33
  14. When you set up an NNTP server, you set up an archive. How else could
    the people read the newsgroups?

    -- Lassi
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, Jun 3, 2004
    #34
  15. Used to be called Dejanews, before Google acquired it.
    It is quite regular to check the newsgroups before recruiting people. A
    good way of finding out what kind of candidates you have.

    -- Lassi
     
    Lassi =?iso-8859-1?Q?Hippel=E4inen?=, Jun 3, 2004
    #35
  16. Regal

    Dystopia Guest

    ["Followup-To:" header set to alt.computer.security.]
    Yeah a good reason to use pseudonyms and X-No-Archive. What I do in my
    spare time is no ones business.
     
    Dystopia, Jun 3, 2004
    #36
  17. Regal

    Leythos Guest

    Keep in mind that honoring of XNA is strictly up to the archive entity.
    It might also interest you to know that a reply where your post is
    quoted is archived even though your part of the post had XNA. This means
    that any reply to your post will be archived by google.
     
    Leythos, Jun 3, 2004
    #37
  18. Regal

    Dystopia Guest

    Oh yeah I know :) I used to make my own archices when I had my own
    newsserver years ago. I certainly didn't honour anything :)

    People that dont use X-No-Archive can also remove their posts from
    google but a minor flaw in this system is that the only way of verifying
    removal is an email sent back to the "From:" address of the original
    post which as we all know .. is not always a valid address.
     
    Dystopia, Jun 3, 2004
    #38
  19. But not if you use encrypted tunnelling using SSH via a remote server, such as Privacy.Li
     
    Concerned citizen, Jun 3, 2004
    #39
  20. If you want security, never connect directly with the NNTP server (or any other server for
    that matter). Use Secure Shell (SSH) with its encrypted connection from your desktop to
    the remote server, then your ISP (and the snoops) cannot know what your doing.
     
    Concerned citizen, Jun 3, 2004
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.