[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: TOR and ISP
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: TOR and ISP
- From: grarpamp <grarpamp@xxxxxxxxx>
- Date: Tue, 29 Dec 2009 02:33:01 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 29 Dec 2009 02:41:04 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=TBBPTe0gnLl0TMwriAgylYQSsrJdwhP2FE+eMi+Y310=; b=w1vNPVJ5n+eDxNQ9AKUB31rcPFUVbCSlSVVz9XaNdSKRO/hkGXhSK/fGFsPSr+1PJK yBeA1hou2eg+vl8jvVMifLetTLyTfUaBeGsplIUeiX8QGlN5HyjZwfBGaNtHLql4E/Q2 RHIOjD2skmyXb6qJLrd6hwgx5ncw+U6uYGv7s=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=RHxEQA5RKInadVUzK6nlX+dlYZsVE0kkOh9C60LqKxsP14oIQfs9ulzw0F3avPstWe xWxxmb/oMXejD0PiIdneO6FeAtJ51OkKF6JCNFqQGcaLNuzck7gvVOoAPlt3qvyfmFtX aOMSIMR72esy3tKoZgqiiMAoitiqtGv9xg9TM=
- In-reply-to: <200912270552.nBR5qrU0010126@xxxxxxxxxxxxx>
- References: <200912270552.nBR5qrU0010126@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
> On the contrary, in the United States, all ISPs are *required* by
> statute to record all URL requests that can be detected passing from their
> customers through their equipment.
False. ISP's in the US don't have to record any information of any
kind about their user or their data whatsoever. None, period. Nor are
they required to give it to anyone except under legal process
[subpoena, court order].
US ISP's routinely lobby against recording anything because the time,
capital and
recurring cost to them to do so is precisely that, pure cost, no profit.
Any information they record is usually related to generating metrics
so that they can make more money.
However, lately, all that has been flipping on it's back, now many are
recording as a feel good or pressure measure, 'Hey, I'm a spiffy
"patriotic" company, I helped law enforcement bust a terrorist 9yo kid
today. Yay :) Please count me in as a good guy and don't put me on
your watch list ok.'
Any data they do happen to have on hand is of course subject to process.
> norms... against the ISPs reminding users that ISPs have this ability. :-)
True. There is also the CALEA system, the result of which is that
pretty much every phone switch in the US is remotely tappable.
Internet gear is the next obviously logical step for that joint,
partly required, partly offered, effort.
> I doubt that they provide this information
> to private individuals, and doing so may well be prohibited by ECPA
True. Including other acts... wiretap, fcra, blah and etc. Such acts
in some cases require those that have data about you to disclose it
back to you on request. Or to others at your explicit direction. But
that's usually only in the finance and medical sectors.
> but they
> can be required to submit their logs of this information to statute
> enforcement agencies.
Only if such 'requirement' means court order. They can give it to whoever they
want, provided they don't care about the possible legal repurcussions
of doing so. ie: AT&T etc obviously have a 69 position with the gov't
going back to the days of Western Union, so they don't care.
> The key here is that the ISPs not only cannot detect encrypted URLs,
The ISP only knows that the user is using Tor.
And as always, it is best to assume your adversary knows far more than
you think... and to plan your strategies accordingly.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/