Data Retention- New Laws

[DavidG12]

I've been trying to follow the new laws on Data Retention through ISP's! It's a bit of a pickle

Does anyone know what Virgin will be doing to follow the new regulations?

Am I correct in thinking that they will not keep URL's or file names downloaded for more than a few days. It is the connection logs that are being recorded for up to 2 years.

So if I download a file named FM2010_v10.3.0_PC_Patch (Latest Football Manager update ) from other P2P users through Limewire. Virgin will only log the IP Addresses of the other P2P users I connect to and how long the connections lasted. The file name will not be logged for more than a few days.

Is this an accurate view of the new rules?

[Lord Nikon]

if VM are to start inspecting p2p traffic then I would suggest as many VM users as possible start trading linux distributions on p2p in encrypted rar files with filenames such as avatar, wolfman and the names of as many new films as possible. After all, the filename does not reflect the content, and the files are 100% legal to trade. Consider it a peaceful protest which does not break any laws.

[Ignitionnet]

P2P isn't part of the data retention laws so you could alternatively just not waste your time trying to stick it to the man.

CView-a-like technologies on the other hand will potentially quite happily hoover up your dodgy content regardless of how you name it

[Lord Nikon]

that's what file encryption is for though.

[Ignitionnet]

Quote:

Originally Posted by Lord Nikon

that's what file encryption is for though.

Not entirely effective, CView only ignores it for efficiency reasons.

Anyway if you want movies / games that's what Amazon is for

[Kabaal]

Most 'linux distros' come in .rar's renamed to something inconspicuous anyway when they first appear, at least in the places i visit. But i can't stand P2P.

[Lord Nikon]

Quote:

Originally Posted by Kabaal

Most 'linux distros' come in .rar's renamed to something inconspicuous anyway when they first appear, at least in the places i visit. But i can't stand P2P.

Actually, I was specifically referring to actual linux distros with the purpose of distributing them over a p2p network only to people who know that they are linux distros, but using filenames which would draw attention from the suspicious out there. Thereby doing nothing illegal whatsoever but driving the monitoring system nuts.

[Ignitionnet]

http://www.dslreports.com/shownews/107309

File names aren't how files are identified, they're identified through things like MD5 hashes on the component parts. Monitoring systems don't assume just because a file is named something provocative it's that file they only care if the blocks of the file match those it knows are dubious or there are other ways to forensically track.

Thinks have progressed a bit since assuming some totally random length and content file calle avatar.avi would be an Avatar rip-off. Basic DPI would show it lacks the right structure to be a video file and encrypting it would put it into the 'unknown' basket unless other forensic analysis confirms it is what it says it is

[yaztromo]

Quote:

Originally Posted by Ignitionnet

Not entirely effective, CView only ignores it for efficiency reasons.

Yet I would doubt Cview can decrypt an encrypted packet. Only myself and the remote know the decryption key. Cview can't perform magic can it?

This is just guessing but I would have thought the best Cview can do if you're encrypting is determine what your communications with the tracker are and even connect to your torrent client and request some part of the file.

Anyway. Bumping because I would like to know exactly what data Virgin does retain, how long they do it for, and who it is passed to. It's all shrouded in FUD at the moment.

[Stuart]

Quote:

Originally Posted by yaztromo

Yet I would doubt Cview can decrypt an encrypted packet. Only myself and the remote know the decryption key. Cview can't perform magic can it?

This is just guessing but I would have thought the best Cview can do if you're encrypting is determine what your communications with the tracker are and even connect to your torrent client and request some part of the file.

Anyway. Bumping because I would like to know exactly what data Virgin does retain, how long they do it for, and who it is passed to. It's all shrouded in FUD at the moment.

It's not magic to decrypt something without a key. There is something called brute force decryption where you take a subset of the data, and just try as many keys as you can on it until you find one that works. Given enough processing power and a fast enough HDD (or even an SSD), you can try billions of keys in a short time. Combine a fast CPU (or even a fast Graphics Processor or two as these are designed to process large amounts of data very quickly) and a large enough dictionary of common keys, and you can brute force decrypt some things very quickly.

OK, it won't be fast enough to do it in real time on anyone's connection, but it *could* be used to monitor someone more closely if the authorities have reasonable grounds to keep an eye on that person more closely.

[Ignitionnet]

Quote:

Originally Posted by yaztromo

Yet I would doubt Cview can decrypt an encrypted packet. Only myself and the remote know the decryption key. Cview can't perform magic can it?

It uses the stream cipher RC4 which has a few attacks against it. Even without attacking the obfuscated packet directly there are other ways to know what content is, such as intercepting and analysing client-tracker communications.

It is of course a lot better than nothing but not invincible.

[yaztromo]

Quote:

Originally Posted by Stuart C

There is something called brute force decryption.

It's possible, yet computationally infeasible; even if it's not done in real time. Despite Bit Torrent's relatively small key size P2P keys are still incredibly hard to break by brute force. The time taken would normally be long enough for the retrieved data to be of no value. Many many years. I would hope that in the future bit-torrent moves on 128bit symmetric encryption, then any chance of breaking a key in someones life time is basically zero.

It is possible to crack WPA with fast GPU's. But the key must be weak in the first place for it to work, and a lot of people use weak guessable keys out there.

---------- Post added at 14:29 ---------- Previous post was at 14:21 ----------

Quote:

Originally Posted by Ignitionnet

It uses the stream cipher RC4 which has a few attacks against it. Even without attacking the obfuscated packet directly there are other ways to know what content is, such as intercepting and analysing client-tracker communications.

It is of course a lot better than nothing but not invincible.

I more or less agree with what you said.

The future is in projects like I2P and their ilk. DPI does not worry me particularly, there are always ways around it.

Back on topic though

[Ignitionnet]

Quote:

Originally Posted by yaztromo

I more or less agree with what you said.

The future is in projects like I2P and their ilk. DPI does not worry me particularly, there are always ways around it.

Back on topic though

Quite - DPI will always, by its' very nature, be playing catch up.

Topic indeed, good plan.