Wednesday, 9 December 2015

Can you justify your Internet Connection Records?

The proposed "Internet Connection Records" in the Draft Investigatory Powers Bill will potentially log every web site you have visited and retain that for a year.

If you are reading this blog post, you would now have an "Internet Connection Record" showing that you visited pornhub.com, or more specifically pornhub's content delivery network cdn1b.static.pornhub.phncdn.com, because there is a 1 pixel image included in this blog post which your browser will have fetched automatically.

Now, that is not illegal, thankfully, but it is probably in the filtering for many large ISPs, so even before this bill comes in it is probably logged.

Don't worry - the image is just a graphic of the word "hub", but this leads to another slight irony. In order to make this slightly less of an invasion of privacy the "Internet Connection Records" are not the whole URL to log which image it was, just the web site. What is worse is if logging by DNS then it does not matter if one innocent image like this or an hour watching the site, it would make one DNS lookup for the web site name.

Could you explain that to the police if it was some illegal site?

It is probably just as well it was not Inspire, a magazine produced by an al-Qaeda-affiliated group, because the police said downloaders of the mag would face prosecution "irrespective of their motive". See this article for more on that (yes, the article is quite safe).

http://blogs.telegraph.co.uk/news/brendanoneill2/100215723/in-a-truly-free-society-i-should-have-the-right-to-read-al-qaedas-magazine/

12 comments:

  1. Damn you RevK I've just been fired for looking at porn during work hours :-)

    ReplyDelete
    Replies
    1. Thank you RevK as I've just used this blog post to get out of being fired for looking at porn during work hours :)

      Delete
  2. Thanks Rev, just explained the visits to pornhub to the wife. Top man.

    ReplyDelete
    Replies
    1. I told mine I was 'looking for her Christmas Preasant'

      Delete
  3. H'mm thats interesting, neither work firewall nor virgin medias filtering (on home broadband) flagged anything but the image doesn't actually load so i assume they blocked the access.

    ReplyDelete
  4. I wondered how can a 1px image contain the word 'Hub'

    Never mind encryption - that is AWESOME compression!

    ReplyDelete
  5. Thank You RevK for reminding me that I haven't been to Porn Hub today which would put me under suspicion of 'what was I doing then,' given that I am never off the site ;-)



    ReplyDelete
    Replies
    1. Ironically that is not a site I visit personally, just one that is well known, though I don't plane to start a discussion on the merits of various sites :-)

      Delete
  6. I'm seeing a dot in a grey outline. Will there be a dispute process to have it removed from my connection record as you instigated the connection rather than me?

    I also noticed a "link href ..." to the picture and a "meta content ..." in the header. Even if you had not put the "img src ..." in the body, would a connection record have been created?

    ReplyDelete
  7. Not to bang on, and I though you came across very well, but still no-one seems to have pointed out to them that using a VPN for a fiver a month bypasses all this effort and discussion and millions spent in new kit. You did mention TOR though, but it needs explaining to the technically clueless that this is a fundamental waste of time and is relatively easy to get round if you do indeed, not want to be tracked.

    ReplyDelete
    Replies
    1. I said there were many ways to bypass it, including Tor. I did not feel trying to itemise a lot of technical term was going to add much to that point.

      Delete
  8. Let's say, without too much loss of generality, that if PornHub were to split its CDN into "UK-legal" and "BBFC-says-no" hostnames, then maybe the situation starts to get a little more interesting. I don't believe DEBill criminalises the watching of "banned" porn — just the distribution — but coupled with IPAct, the government starts to build up a nice cache of ICRs of people who accessed "illegal content"… and your hidden image becomes quite the incriminating HTTP request…

    Your post says, "Now, that is not illegal, thankfully" — what a difference a year makes.

    ReplyDelete