
Everyone who can now see your entire internet history, including the taxman - vvvv
http://www.independent.co.uk/life-style/gadgets-and-tech/news/investigatory-powers-bill-act-snoopers-charter-browsing-history-what-does-it-mean-a7436251.html
======
rubberstamp
I am not from UK, but listen to me if any folks from UK are reading this.

This is one of the things that is harmful to your privacy. Should the list of
websites that you visit be available for government unless you are under
active investigation? Its not just the list of websites but every packet data
that your devices send out, which means government could see your messages,
data sent to dropbox, online spreadsheet like google docs etc. This is mass
surveillance. You should be proud that your government have a website were you
can start petitions. Now please use this feature and sign the petition so that
this surveillance law can be repealed.

The petition against this bill is at:
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

You sign the petition and ask your close friends and family to do the same.
What you do not need is an intrusive government. I am voicing this because
even though I am not a UK citizen, I do not want law makers in my country
thinking "Oh those chaps has a fine surveillance law and their citizens are
okay with it. Lets adopt that law".

Now get to action. Sign the petition at
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

~~~
Ntrails
I'm from the UK, and I'm not signing that petition.

Maybe we do need an intrusive government? Maybe we, as a populace, believe
that the data will save lives? That the cost of it existing is worth it
compared to the cost of not having access to information on ~insert bad person
here~. Maybe you value your privacy differently to us?

That's ok, btw, and I respect your point of view. Please, however, consider
that alternative viewpoints are valid before telling everyone else what they
must do to _ensure their country is governed in a way that suits you_.

~~~
Programmatic
I don't believe the end justifies the means, nor do I believe that data will
be as useful as meatspace intelligence. Terror will continue anyhow. The war
on encryption and privacy persists despite the fact that terrorists haven't
even bothered to use encryption in the last attacks.

Obviously we don't get to tell you how to run your country, but at the same
time we can certainly be troubled by your country's actions.

~~~
Ntrails
tbh my personal view is not entirely aligned with the one I made the comment -
I just get incredibly frustrated by the tone of some posters. Statements of
how all right minded people _must_ behave, because no other viewpoint is
valid.

I suspect that many of the people for whom this is a non-issue are
demographically similar to those who voted for brexit. Their perspectives are
different, and shouldn't be dismissed as merely ignorant.

Of course you can be troubled, and you're free to make arguments for why it
may be considered a bad thing™ - influencing Brits to give a shit.

------
akerro
Petition Repeal the new Surveillance laws (Investigatory Powers Act)

A bill allowing UK intelligence agencies and police unprecedented levels of
power regarding the surveillance of UK citizens has recently passed and is
awaiting royal assent, making it law.

[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

~~~
setq
Signed but I suspect this will be treated with as much contempt as other
petitions have.

I think the best way of handling this is to have a private code of ethics in
the IT industry in the UK. If you are involved in any collection
infrastructure, do like a government IT project, and make a complete fucking
mess of it I.e. make it cost a fortune and bring bad publicity for any
sponsors. Use O(n!) algorithms, use IO heavy storage patterns, piss all over
cache lines, spend the entire budget having meetings in Wagamamas, write
yourself a new minivan, overestimate everything and play solitaire.

~~~
shocks
Contempt is the word. I emailed my local MP about this, highlighting how it
put us all at risk and did nothing to stop "the bad guys".

She ignored all my points and just said "we cannot let the terrorists and
pedophiles communicate".

edit: [http://pastebin.com/THvjAvAL](http://pastebin.com/THvjAvAL)

~~~
setq
Stick the reply on pastebin with a note explaining how it doesn't stop
pedophiles and terrorists, explain how it protects incumbent pedophiles in the
political class as per pizzagate, then post it on reddit, 4chan and to the
opposition (actually forget the latter as they're just as bad).

Time is up for this attitude.

~~~
dasboth
I do wonder (perhaps naively) whether this is a genuine misunderstanding of
the argument for privacy/encryption or something more malicious. Is it that
politicians haven't spent enough time thinking about this or are they
willfully ignorant of the wrongness of their argument?

~~~
tremon
That distinction doesn't really matter. Willful ignorance by anyone in power
should definitely be classified as malice. Remember that as your
representative, they should be able to explain their actions to you.

~~~
bshimmin
It's an interesting point. If they are _ignorant_ (perhaps without the
_wilful_ ), then perhaps when you present them with facts and information,
they might change their mind. If they are _malicious_ , they won't change
their mind in the face of any facts or information, because their motivations
are underhand and cannot be reasoned with.

I suspect in cases like this it's probably a bit of both (and perhaps in the
case of this particular MP, she might just be toeing the party line).

------
datenwolf
The privacy concerns nonwithstanding, I'm puzzled how ISPs are supposed to
actually implement that load of bollocks.

We're talking DPI here, applied as a dragnet on each and every connection. The
bill explicitly states that _every_ connection is to be tracked, which means
it disallows the stochastic methods that normally are used for traffic
instrumentation.

And even storing "just" the metadata, over the course of a year, that's quite
a significant amount of data. Where the hell are ISPs supposed to store that?
And store it securely in a way, that only "lawfull" access is possible.

That bill is stupid and ludicrous and the people who came up with it should be
institutionalized, IMHO. Not just because of the privacy concerns.

~~~
m0nty
> implement that load of bollocks

They are retrospectively making legal things which have been going on for
years.

[https://www.theguardian.com/uk-news/2014/jan/28/gchq-mass-
su...](https://www.theguardian.com/uk-news/2014/jan/28/gchq-mass-surveillance-
spying-law-lawyer)

~~~
Programmatic
But it's more than that. If it's illegal to spy, that means you can't
disseminate the fruits of that spying far and wide. You need to resort to
parallel construction and carefully safeguarding your sources.

This allows a massive expansion in the scope of capture and use of that
information to more agencies in a "legitimate" manner. At least when it was
illegal they had to contain the "conspiracy" lest it get out.

------
balabaster
I will seriously never understand the imbalance of resources spent and the
bills and laws passed in the name of "fighting terrorism" and "think of the
children" which affects less people every day than pretty much every
alternative way to suffer and die.

It doesn't make any sense. We spent trillions of dollars every year making
intelligence and the military war machine one of the largest shadow economies
in the world... We could pretty much solve every other form of death and
illness with that money in less time, we could raise everyone in the country
out of poverty with that money so they could stand on their own two feet. We
could educate those that need education so they could get jobs and stand on
their own without the need for Government handouts. So what the fuck.

Some days though, all you can do is throw your hands in the air in resignation
and say "Fuck it, you're all crazy! You cause problems and you spend billions
of dollars to band-aid the symptoms, just like you do with your medical
system."

The underlying cancer is this mentality. We'll do what the fuck we want and
treat people the way we fucking want because it makes us rich and then we'll
spend billions to deal with the symptoms of this dumbass behaviour.

I hope the riches are worth it because the behaviour is (and I don't treat
this word lightly, nor do I mean it with any disrespect whatsoever to those
that unfairly get labeled with it) retarded.

~~~
noir_lord
Humans are absolutely terrible at assessing risk probabilities.

People worry about flying when stastically they are far more likely to die on
the drive to the airport.

They worry about terroism when they are 50lbs overweight.

...and on and on, You'd rather hope the government would be better at
assessing these risks in terms of a policy framework but they aren't they
appeal to whatever the papers are focussing on and subscribe to the "we must
do something, this is something ergo we must do it" school of thought.

It's worrying how far we haven't come.

~~~
balabaster
I always find myself saying the same about humans... usually when I'm sitting
on an airplane:

It concerns me that in approximately 195,000 years of human history
(arguably), this is as far as we've managed to come in terms of intra-
planetary travel.

It boggles the mind that with the combined ingenuity of the human race, over a
period of 195,000 years, we haven't come up with anything more efficient than
airplanes. I find it quite pathetic honestly. I expected better of us. It's
quite disappointing really.

We wage pointless wars to extract resources from countries we don't want to
negotiate fairly with in the name of riches and greed and frankly we've got
better things we could and should be doing.

~~~
rubberstamp
Its very possible humans may have been advanced enough within last 30000 years
and could've nearly killed itself off the face of earth. We may be descendants
of some tribe living in very primitive conditions who started with old
generation tech artifacts. Could we have built pyramid with tech we(the
current humans) had a thousands of years ago? I think those tech and knowledge
has been looted/confiscated by people(us) who invented looting and overtime
got destroyed as they didn't have the know-how required to operate or maintain
it. Old technologically advanced humans may have never researched on to build
weapons as there was no need for it until someone invented killing and looting
them, but by then there wasn't enough time to develop defensive weapons. So
theyall died and got there tech destroyed and looted by us. We may have only
recently within last 2000 years started to develop tech.

~~~
noir_lord
No it's really not.

Any technologically advanced civilization would have disturbed the earth in
ways that would still have shown today (mining, top soil removal, vast
irrigation works etc) as well as used at least some of the natural resources,
We'd find strangely high concentrations of materials even if it was spoil.

Advanced technologies don't just spring out the ground full formed, you have
to bootstrap up the tech tree, something as 'simple' as an iPhone requires
_vast_ industrial capabilities backing it from mining and refining the metals,
the oils for the plastics, the silicon for the processors, the copper for the
traces, each piece of technology is the center of a massive web of
interconnected industries and finally people, for advanced technologies you
need thousands/tens of thousands of specialists in every single part of the
production chain.

As for your Pyramids thing,
[https://en.wikipedia.org/wiki/11th_century_in_architecture](https://en.wikipedia.org/wiki/11th_century_in_architecture)
... yes?

The pyramids while wonders of the world required nothing we'd remotely
consider advanced technology to build, ingenuity and a crap load of labour.

------
talktime
Shame about David Davis -

From this: David Davis: British 'intellectually lazy' about defending liberty

[https://www.theguardian.com/politics/2015/nov/08/david-
davis...](https://www.theguardian.com/politics/2015/nov/08/david-davis-
liberty-draft-investigatory-powers-bill-holes)

To this:

David Davis: Most public opponent of Theresa May’s snooping laws stops
opposing them as soon as he enters cabinet

[http://www.independent.co.uk/news/uk/politics/david-davis-
mo...](http://www.independent.co.uk/news/uk/politics/david-davis-most-public-
opponent-of-theresa-may-s-snooping-laws-stops-opposing-them-as-soon-as-
he-a7144296.html)

~~~
rlpb
AIUI, he is now only allowed to oppose them in private (or leave the cabinet):

"All ministers, whether senior and in the cabinet or junior ministers, must
publicly support the policy of the government, regardless of any private
reservations."

[https://en.wikipedia.org/wiki/Cabinet_(government)](https://en.wikipedia.org/wiki/Cabinet_\(government\))

~~~
dilemma
Doesn't sound democratic. Hmm...

~~~
tonyedgecombe
Well we could vote him out although that is unlikely as he is in a safe Tory
seat.

~~~
rlpb
Assuming you are in support of his former public position, I think you'd be
shooting yourself in the foot by doing that.

We don't know his private position any more, and it may have changed. But I
think it's quite likely that his opinion hasn't changed; he just isn't allowed
to state it publicly any more. In this case, it would be better for supporters
of this position to keep him in the cabinet, where he can at least have a
private influence. Consider this: if we could get everyone in the cabinet to
share his opinion, we wouldn't have a problem any more. We need more David
Davises in cabinet, not fewer.

The MPs to vote out are all the ones who are publicly in favour of the
Snoopers' Charter. We can be far more confident in having an influence in our
favour this way.

------
lordnacho
Sounds like it is both intrusive and useless at the same time.

If you're not going to see what people did on a site, what's the point?
Presumably nefarious stuff like pedo rings and dark markets will not stay in
the same place very long.

At the same time, people can see what kind of politics you're into. Or porn.
Or dating. Which is not terribly useful for the public interest, but you can
see a cop abusing this for personal gain. I think Snowden mentioned his
colleagues used to stalk their exes.

Also, anyone who's accidentally left WireShark open will know how much data
you're sucking up. It's not actually a small amount, and it compounds if
you're an ISP. And it sure isn't easy to filter huge pcap files, which you'll
have to do if you want to find something specific. And then you have to glue
the clues together, totally non trivial.

Last, how will this be used in court? Knowing what sites someone visited is
not evidence they did something. Some guy visits an ISIS homepage, is that
because he's curious or he's getting bomb manuals? At best you can use it to
suggest some guy is a sympathiser, when he might well not be.

~~~
m0nty
> If you're not going to see what people did on a site, what's the point?

Because you are not a unique and special snowflake. If you regularly go to
/r/The_Donald, it says something specific about your politics (probably). Same
for /r/LateStageCapitalism or /r/trees. It might not say much, but it adds up
to a profile of who you are and what you think about.

If you are emailing certain people, or tweeting them or whatever, GCHQ can
build a social graph of people you know, who they know, etc. If you are the
friend (or friend of a friend) of a person of interest, you're more likely to
be of interest yourself. There are not many criminals like the una-bomber
working entirely on their own - most of us need encouragement and/or
provocation, and nowadays much of that happens online.

If your search phrases include things like "how to make a bomb", you're
probably going to be on a database somewhere. There have been numerous serious
court cases (e.g. murder trials) where the prosecution have presented evidence
that the accused's search history included phrases like "how to dispose of a
body" or "how to poison someone". In other cases, jurors have been dismissed
for using Google to research the background to the case they are serving on. I
wonder where the information about these searches came from?

Metadata is important for identifying "interesting" people. When you have
found them, you "zoom in" and start hoovering up all the information you can
find, not just the metadata. It's the greatest spying tool ever, and a way to
implement highly repressive government too - just start monitoring people with
different lifestyles or "way out" opinions.

[http://ghanadailies.com/2016/11/22/uk-government-plans-
porn-...](http://ghanadailies.com/2016/11/22/uk-government-plans-porn-user-
database/)

[https://www.theguardian.com/commentisfree/2016/nov/23/niche-...](https://www.theguardian.com/commentisfree/2016/nov/23/niche-
porn-sites-sex-spanking-website-videos-pornography)

~~~
oakesm9
> Because you are not a unique and special snowflake. If you regularly go to
> /r/The_Donald, it says something specific about your politics (probably).
> Same for /r/LateStageCapitalism or /r/trees. It might not say much, but it
> adds up to a profile of who you are and what you think about.

They won't be collecting that information though. They'll only see that you
visited reddit.com in all those cases.

~~~
J-dawg
Excuse my ignorance but won't they have access to the whole URL?

~~~
Insanity
From the article: "Those ICRs in effect serve as a full list of every website
that people have visited, rather than collecting which specific pages are
visited or what's done on them."

And from another site on the same issue: "When you visit a website you usually
start at the websites homepage such as www.bigbrotherwatch.org.uk/ the
Government define this part of a website address (the part before the first
forward slash) as communications data which they consider to be non-intrusive
information." ([https://www.bigbrotherwatch.org.uk/wp-
content/uploads/2016/0...](https://www.bigbrotherwatch.org.uk/wp-
content/uploads/2016/03/Internet-Connection-Records.pdf))

~~~
noir_lord
In fairness the law mandates they record the domain, it doesn't say anything
about capturing more it just sets a standard for the minimum.

Given that the ISP's have now been given cart blanche to collect data that is
very commercially valuable I can see some of them doing it with the hope they
can sell it later.

------
Warp__
Copy of my comment on other thread:

I would urge everyone who can to sign the petition against it.

This, in my mind is a problem, not because of the obvious costs (ISPs storing
_literally all_ metadata for a year), and the insidous privacy concerns, but
how bad Govts are at keeping information secure. Below are 3 recent and well
known examples of Government Mass Data leaks- this information will be
compromised at some point, for profit or espionage.

[https://en.wikipedia.org/wiki/Office_of_Personnel_Management...](https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach)

[http://news.bbc.co.uk/1/hi/uk/7449927.stm](http://news.bbc.co.uk/1/hi/uk/7449927.stm)

[https://www.troyhunt.com/when-nation-is-hacked-
understanding...](https://www.troyhunt.com/when-nation-is-hacked-
understanding/)

IMHO, trotting out "If you've got nothing to hide, you've got nothing to fear"
BS doesn't mean that at some point, that data will be misused, even if the UK
(My) Government doesn't suddenly turn dictatorial.

~~~
dasboth
This is an important point.

Even if, for whatever reason, you agree with governments being able to access
this data in extreme cases (suspected terrorism, whatever) and even if we put
aside concerns about governments misusing this power, this bill also relies on
ISPs keeping data safe. That is a huge risk in itself.

Not to mention the number of government agencies and departments that can
access your data [0]. Does the Department for Transport, Food Standards
Scotland or the Welsh Ambulance Services NHS Trust _really_ need access to my
browsing history?

[0]: [http://yiu.co.uk/blog/who-can-view-my-internet-
history/](http://yiu.co.uk/blog/who-can-view-my-internet-history/)

~~~
Warp__
Yes, I have no idea how an Ambulance Service Middle Management (For Example)
needs to know my information.

------
phaemon
The petition against this bill is at:
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

~~~
SeanDav
Thanks for that link - only 35k signatures so far. People are sleepwalking
into 1984.

~~~
TheGrumpyBrit
Nobody wants to sign the list of "People whose internet history we should look
at first"

~~~
wastedhours
Might be a flippant comment, but that's the first thing that went through my
mind. I've never gone deep into caring much about government overreach, but
that was a terrifying subconscious reaction.

~~~
noir_lord
Welcome to the Panoptican crossed with a somewhat gilded cage.

------
Warp__
I would urge everyone who can to sign the petition against it.

This, in my mind is a problem, not because of the obvious costs (ISPs storing
_literally all_ metadata for a year), and the insidous privacy concerns, but
how bad Govts are at keeping information secure. Below are 3 recent and well
known examples of Government Mass Data leaks- this information will be
compromised at some point, for profit or espionage.

[https://en.wikipedia.org/wiki/Office_of_Personnel_Management...](https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach)

[http://news.bbc.co.uk/1/hi/uk/7449927.stm](http://news.bbc.co.uk/1/hi/uk/7449927.stm)

[https://www.troyhunt.com/when-nation-is-hacked-
understanding...](https://www.troyhunt.com/when-nation-is-hacked-
understanding/)

IMHO, trotting out "If you've got nothing to hide, you've got nothing to fear"
BS doesn't mean that at some point, that data will be misused, even if the UK
(My) Government doesn't suddenly turn dictatorial.

~~~
TheGrumpyBrit
I have lots to hide, and I have plenty to fear from the current government. I
sincerely doubt that there's anybody out there who doesn't. I'm not going to
worry too much about GCHQ and other Security Services, because I seriously
doubt they'll be making any requests - I have no doubt that they have a far
more comprehensive database in place already, and they're only included in the
proposal to lend an air of legitimacy to the proceedings.

What concerns me is the sheer number of groups that are being given access
from the start, not because of who is on it, but because somebody has compiled
that list in the first place. It suggests that there is already a longer term
plan in place for the use of this data, and these are the entities who will
need access to achieve that end. Otherwise, surely the approach would be a lot
more cautious - "We'll limit it to GCHQ and the Secretary of State for now,
and all requestss can go through the SoS. That will give us an idea of who
actually needs this data on a case by case basis, and we can tweak the
legislation as necessary based on that."

Then you look a little closer at some of the entries. Why would the Fire
Service need access? Nothing in their job involves anything to do with
individuals, at least not to the degree that they have any requirement for
access to any data about them. Well, it doesn't say Fire Service. It says
"Fire and Rescue Authorities under the Fire and Rescue Services Act 2004".
Take a look at that act. Unless you're in Greater London, your fire and rescue
authority is your local council. Why did they feel the need to slip your
council in through the back door like that? Granted, access is limited to
"Watch Manager (Control)", which sort of sounds like a Fire Service position,
but it's vague enough that you could legitimately assign that job title to a
Traffic Warden's supervisor without anybody batting an eye.

Why do the Food Standards Agency need access? Access for them is restricted to
Grade 6, which doesn't seem to have any job title definitions, only a pay
range - as of August 2015 it was £54,000 to £69,500. So any person who
commands that salary, regardless of whether they need it for that job, will
have this access? That doesn't seem a particularly clever way to manage data
access.

~~~
phaemon
> Granted, access is limited to "Watch Manager (Control)"

FFS, are they deliberately choosing the creepiest sounding job titles to give
access to?! Sure, it sounds fine when it's linked to the Fire Service, but it
sounds dodgy as hell when applied to the Internet Snooper Service.

~~~
noir_lord
"Access restricted to SS-Standartenführer or higher"

------
Kepler-125c
Anyone reading this from the UK: don't lose hope. You can change things. The
recent uptick in fascism in the UK is really disheartening but your voice
needs to be heard.

For example, they tried to bring in censorship in Australia and failed. Change
is possible. Don't be a pushover. You must fight.

~~~
therealidiot
Careful, those will sound like terrorist words to someone like Theresa May

~~~
akerro
Easy, she will be banned once porn is banned too, she fucks entire nation
after all.

~~~
dogma1138
Isn't there already an opt out porn filter in the UK?

~~~
setq
Only on mobile devices usually. I had to opt out to look at the thinkpad wiki
so you can see how well that works.

~~~
pmlnr
And I thought it was just me for thinkwiki.org... why on earth is that an
adult website?

~~~
setq
Probably a shared host. All the other sites are porn.

Which makes the point about how ridiculous recording an IP address is.

~~~
dogma1138
I some how doubt that thinkwiki is on a shared hosting.

Tons of developer/security websites are blocked on O2 "hacking tools"....

They are using the same nonsensical lists that some web gateways use, anything
that is even remotely objectionable is blocked.

------
_pdp_
I predict that a year from now there will be a massive data leak (perhaps
known to some underground circles only) with personal details matched to
browser history - why - because most agencies in UK does not know how to
handle your data securely.

Meanwhile, you better setup your VPN on DO or one of the cheap ARM-based cloud
hosting companies. That's what I did and it works flawlessly for as cheap as
$5 a month - or the price of a cup of coffee.

This setup is fine for all types of activities except downloading larger data
files, which can be offloaded elsewhere with some clever routing or just
jumping on a different box.

I do understand that this might be too much for the average Joe but if you
care about your privacy, that exactly what it takes.

~~~
lostboys67
Or I suspect some bent copper will be caught selling celebs data to the
tabloids again.

------
chme
> Those ICRs effectively serve as a full list of every website that people
> have visited, not collecting which specific pages are visited or what's done
> on them but serving as a full list of every site that someone has visited
> and when.

So running search engine crawlers like yacy or using browser link prefetchers,
could cause sites to appear on this list, you haven't even visited?

Even if you don't use that, you have to investigate every link and external
site resource, if it points to a domain/site that also hosts illegal stuff?
And how do I do that? Using VPN?

Also content and owner of sites change. I can't imagine such "prove" holding
up against a good lawyer in a fair court.

What exactly are they logging? IP addresses, reverse domain names, dns
lookups?

They just should provide a white list of sites the lawful citizens are allowed
to visit. That would make things much easier and safer for everyone. And the
government exists to keep the citizen safe, isn't it?

"The first duty of any government is to keep our country and our people safe."
\- David Cameron

~~~
coldcode
That will be the ultimate end game: whitelist of sites, all of them large
companies controlled by the government. Either do what we require or be
eliminated from the list. Even VPNs only work if the connection to the VPN is
permitted.

------
dogma1138
I wonder if they understand how the internet works...

<iframe src=[http://www.isis.com](http://www.isis.com)
style="visibility:hidden">

Welcome to the watch list.

~~~
Warp__
Copy of a Comment Elsewhere:

I don't have anything to hide- but a malicious attacker could easily cause me
to.

Step One: Maliciously cause the target to click on a link or open a url
(Phishing, Exploit, RFE, XSS etc)

Step Two: With JS, one can easy introduce HTTP connections to any number of
websites, such as maybe the Talibans official website (They have one!), Google
Searches for (to think of a few) "Gaziantep Places to Stay", "Turkey Flights",
"Opposition to the Kuffar at home", "Dabiq Magazine", "how to join the
Khalifah" etc

This could easily be done in a realisic appearing manner, especially to
ISP/GCHQ filters and alerts.

Step Three: If any of this tallies with any physical activity (Let's say the
target wanted to go Clay Pigeon Shooting, or Visited a Gun Club because he has
in interest in .22 target shooting), then they have a case.

Sure, it's defendable, and this is a really simplistic example. But it's
basically ruined the target's life.

Remember, it's probably not the "Government" doing this, as this info will be
leaked.

------
jagermo
UK citizens, help me out: Is there a way you can appeal against laws like
this? In Germany, something like that would be thrown out by the
Bundesverfassungsgericht, the federal constitutional court. Is there nothing
similar in the UK?

~~~
rwmj
The law is being appealed to the ECHR by Liberty and the Open Rights Group and
others, so those organizations need people to join and fund them.

Link: [https://www.dontspyonus.org.uk/](https://www.dontspyonus.org.uk/)

~~~
jagermo
Ok - so hyptothetically, if Brexit should happen, there would be no "internal"
instance for something like this. That sounds scary.

~~~
Lunar_Lamp
Slightly more complex than that, as the ECHR isn't an EU institution, so
Brexit won't result in any significant change to the relationship with the
ECHR (it's a little more complex than I've made sound, as there are some
relatively minor links with the EU).

However, May has stated her desire to also leave the European convention on
human rights (and replace it with a UK owned Bill of Rights). This is not
something that's happening as part of Brexit, and no bills have been presented
before Parliament with this as a component or purpose.

I would assume that the government would take the pragmatic approach that it's
better to focus on Brexit for now, and deal with the ECHR once Brexit is over
with. However, I have no inside knowledge of this, and that's just my wild and
unsubstantiated assumption.

~~~
jagermo
Thank you - damn, i fell right into the "I thought Europe = EU" trap.

~~~
matt4077
No worries – so did most of Britain. I believe the ECHR was a argument for
Brexit.

------
HugoDaniel
This is really bad. Using a vpn or other kind of service to hide that data
from them will now make you even more of an outlier to even more eyes/people.
You will stand out from being hidden, you will stand out for having a minimal
"internet history", and you will stand out to those who can really fsck your
life.

Unfortunately privacy is not being taught and propagated to the general public
in order to prevent this from harming you either you want it or not.

~~~
croon
New product idea:

Sell a pre-loaded rpi with an automated "average user" browser that you
install on your network, while you keep using VPN for everything else.

~~~
ape4
Just do:

    
    
        wget -r http://wikipedia.org
    

This is a joke.

~~~
chme
Careful, you might download a picture of forbidden female anatomy there.

------
wilgertvelinga
South Park is on the money again:
[http://southpark.wikia.com/wiki/TrollTrace.com](http://southpark.wikia.com/wiki/TrollTrace.com).

------
nbevans
The list of agencies that will have access without any form of court order or
warrant is truly terrifying. I had not realised it was so severe. It was
promoted as being something that can only be "responsibly accessed". But this
does not appear to be the case at all?

I'm concerned that information gathered from this will be used in court
prematurely to perform "character assassination". And as we know, UK courts
have a public gallery full of news reporters searching for juicy stories.

------
yagga
Our whole civilization leap frogged forward with the invention of the
Internet. Because it connected us humans mentally. We able to share thoughts
and ideas and have conversations with anyone on a planet without physical
movement. It is a mechanical telepathy if you think about.

What we are seeing with implementing such laws is a more larger trend. Mental
world is being taken under control by Mr. Smiths, agents of the matrix. Our
thoughts and self-expressions more than ever are under the surveillance.

What I don't know is whether it is a good or bad thing in general for the
mankind, but they way our technology worshipping civilizations develops it
seems to be unavoidable. It seems we are way too far in this to go back.

~~~
jasonkostempski
I would imagine telepathy being something more accurate than other forms of
communication, this is more like having a transcript of every communication
and loosely assigning accountability to content.

~~~
yagga
So true. Thanks.

------
edem
How can something as intrusive as this make it into a law? This is way worse
than SOPA / PIPA was imho. Sucks to live in the UK now.

~~~
joncrocks
Because there is rarely anyone arguing against the state being more involved
in peoples lives, against making activities of the state harder by
safeguarding systems against abuse.

~~~
edem
But why is that? I mean in Hungary (where I live) there were demonstrations
against Internet Tax which is a much smaller concern. This is a country where
a lot of people live in apathy and there is no true democracy. UK is a much
mature democracy where people care. Or not? I don't understand this.

------
Paul_S
When China does it it's oppression but when we do it it's for our own good.

~~~
lucozade
When China does it they just do it without mentioning it.

When we do it, we announce it in the Queen's speech then have a law be
published, read and voted through both Houses.

As much as I don't like it, an awful lot of other people either don't care or
are fine with it. I wish the result was different but this is what you can get
when you have a democracy. I absolutely would not want to swap the systems.

------
shad0wca7
Now is an excellent time to set up a custom home router (I'm thinking pfsense
to send all traffic through a VPN).

The excuse of "if you have nothing to hide, you have nothing to fear" is not
only intellectually feeble; it permits a gradual erosion of civil liberties
that can easily find the average citizen on the wrong side of the law should
any agency casually find it convenient for them to be so. It is a snowball.

On that note. What VPN services are recommended and has anyone got some good
guides to this?

~~~
jbg_
To avoid this particular issue, it should be sufficient to rent a server
outside of the UK and use OpenVPN. Maybe you even already have one.

~~~
shad0wca7
What would the benefits of this be over a dedicated VPN service?

------
jeffbush
I think for many people nowadays, privacy is a quaint, antiquated notion, like
Victorian modesty. Things like social media and YouTube have encouraged people
to make their lives public, so having the government gather data seems fairly
minor.

I find this all very disturbing, but, having grown up without the Internet,
perhaps I'm just a relic from a bygone area. Still, I can't shake the uneasy
feeling that this all will lead to a very bad place...

------
jmkni
Slightly unrelated, but there have been a couple of stories in this area
recently which have been widely circulated here and on Reddit all by the
Belfast Telegraph.

I wonder why that is, just really good SEO on their part?

~~~
dingaling
Mostly SEO. The "Bely Tely" has been moving towards more mass-market tabloid
for several years after losing the quality market within Northern Ireland to
the Irish News.

Yes, within NI a 'southern' paper now achieves about the same circulation as
one from Belfast and a considerably better reputation for journalism. Quite a
remarkable failure on the BT's part.

As a result the BT has been trying to adapt by widening its news remit and
shifting into the tabloid space, as a visit to one of its web pages will
quickly show. But most of its 'world news' stories are just AP feed, nothing
special.

My neighbour's fiance is a night-club photographer who sells to the BT; 20
years ago such a thing would have been unthinkable in that paper.

------
rubberstamp
Like I said in the other thread
[https://news.ycombinator.com/item?id=13034747](https://news.ycombinator.com/item?id=13034747)

I am not from UK, but listen to me if any folks from UK are reading this.

This is one of the things that is harmful to your privacy. Should the list of
websites that you visit be available for government unless you are under
active investigation? Its not just the list of websites but every packet data
that your devices send out, which means government could see your messages,
data sent to dropbox, online spreadsheet like google docs etc. This is mass
surveillance. You should be proud that your government have a website were you
can start petitions. Now please use this feature and sign the petition so that
this surveillance law can be repealed.

The petition against this bill is at:
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

You sign the petition and ask your close friends and family to do the same.
What you do not need is an intrusive government. I am voicing this because
even though I am not a UK citizen, I do not want law makers in my country
thinking "Oh those chaps has a fine surveillance law and their citizens are
okay with it. Lets adopt that law".

Now get to action. Sign the petition at
[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

------
shocks
Is it better to go with a VPN service, or rent your own server and DIY?

~~~
thomc
It was clear the UK was going this way for a while so I switched to a small
cloud host for VPN which exits in another country. $5 a month and it took only
a couple of minutes to setup OpenVPN with a simple shell script[0].

Also important is to setup outbound firewall (or other mechanism) so that if
the VPN goes down, you don't spew your traffic over the open connection [1].

I don't notice any speed difference from daily usage over the last year. Large
file downloads I task my NAS to download outside the VPN.

My purpose is only to prevent the ISP from collecting logs about usage, I
don't expect it to have much effect if I'm targeted for surveillance and I'm
fine with that. Who knows how ISPs will handle the data (we've seen targeted
advertising and content injection in the past) let alone all the agencies with
less than stellar security practices.

[0]:
[https://github.com/thomascannon/scripts/tree/master/vpn](https://github.com/thomascannon/scripts/tree/master/vpn)
[1]:
[https://github.com/thomascannon/scripts/tree/master/vpn/vpn-...](https://github.com/thomascannon/scripts/tree/master/vpn/vpn-
firewall)

~~~
shocks
Very interesting, thanks for this.

Large downloads is a concern of mine. I downloaded 1TB over PIA this month and
it was never a problem. I can probably do these outside the VPN though.

------
zerognowl
In typical UK surveillance state fashion they pander to base fears and
unforgivably overlook how bad censorship and surveillance is in places like
China.

It's not that the UK GOV "doesn't understand how the Internet works" as
claimed by many on this topic, but that the citizenry don't care enough to
encrypt. The citizenry aren't scared enough to encrypt.

Education is the key here, and it needs to be bashed into a citizen's skull
that The Internet is not a black box, and that traffic moving _en clair_ is
fair game by Governments, even criminal threat actors in Starbucks with their
fake Free Wifi.

We need to keep building abstractions on top of The Internet to make it
expensive for spying to take place. The usual solutions apply; TOR, VPNs,
TLS/SSL, PGP, et al.

------
interweb-spider
It should be noted that over HTTPS even the ISP can only know the domain
connected to but not the URL.

~~~
pidg
The data that ISPs will be forced to record is just the domain and time of
access, not the full URL. The devil is in the metadata.

------
kinkdr
Time for ToR/VPN

[https://www.digitalocean.com/community/tutorials/how-to-
setu...](https://www.digitalocean.com/community/tutorials/how-to-setup-your-
own-vpn-with-pptp)

~~~
jacobp100
Which droplet would be best for between one to three people?

From what I gather, the ISP has to record the sites you visit—but not the
specific pages. Does VPN stop my ISP from seeing the loaded sites? Or do I
need Tor for that? I’m not too concerned about complete privacy, I just don’t
want every website I just don’t want my browsing history to be leaked.

~~~
realusername
Just route everything though a 4G router and change the prepaid sim card every
month, it's honestly the best way for now.

~~~
nixgeek
Not especially viable for 100GB+ consumption per month. There's no cost-
effective option for this volume, AFAIK?

~~~
realusername
With Three it's unlimited for 25 pounds, I use around 100GB/month.

~~~
314
How is your opsec - i.e. do you vary your purchasing pattern, using random
numbers to pick intervals between purchases and a variety of vendors?

I only ask, because routing everything over a VPN provides the illusion of
privacy while flipping contracts every month provides some element of real
privacy. It is easy enough to check on the activity of people pretending to
hide their activity (assuming GCHQ has access to the same access that the NSA
do), but real resources have to be spent tracking down people who actually
hide their activity.

I have no idea how they allocate their budget for tracking potential threats,
but somebody flipping prepaid sims would warrant a closer look if I was
analysing the logs.

~~~
realusername
Indeed, that's a good point and I'm aware of that. They can absolutely track
me given enough effort; they probably do it anyway since I'm a developer, I
just try to make it a bit costlier for them I guess. For now, I don't bother
much rotating vendors but it should be something I do indeed!

------
wtk
I rarely sign anything, but I had to do it this time.

[https://petition.parliament.uk/petitions/173199](https://petition.parliament.uk/petitions/173199)

------
yason
How do they think they can map connection logs with specific persons using the
connection? All they can see that from one physical address these particular
websites were visited. Sometimes that can actually map to a single person but
mostly not. This makes the data more useless than they think but also
potentially dangerous if they do not understand what the data means.

~~~
moonshinefe
In court they don't often bother with that distinction. If you own the
connection, it's considered it's you sending/receiving the data.

Not saying that's a correct interpretation, but that's likely the conclusion
they'll come to.

~~~
setq
This why I do anything nefarious on Tesco free Wi-Fi!

------
johnmiddleton
The only people that this is good news for are the VPN providers. Do we really
trust "the state" with this information. History should tell us that once can
never be sure of what use data can be put to by future regimes. It's time to
educate people about the value of encryption and the security and safety it
provides, each of us, one by one.

------
drcongo
There's currently a very good (and timely) deal on PureVPN lifetime
subscription for Black Friday. I have no affiliation here, but figured this
might be of interest to a lot of people in the UK.

[1] [https://deals.geekwire.com/sales/lifetime-of-
purevpn](https://deals.geekwire.com/sales/lifetime-of-purevpn)

------
StavrosK
Is this possible with TLS? How would they know anything more than the host
you're connecting to?

Still, though, disgusting.

~~~
Jaruzel
The bill details that only the host name is collected anyway.

The ISPs will not be compelled to store and share the full URL you visited.

------
jyriand
Any ideas who will pay ISP's for supporting this kind of tracking? Customers
or goverment?

~~~
pidg
The government has budgeted a massive £175m for implementation, so I guess the
answer is both, but mostly consumers.

------
besselheim
Only the connection history - hostname and date/time of access, and only if
authorised for an investigation.

It's akin to the phone companies logging each number called. This isn't as
intrusive as people are making it out to be.

------
Cpoll
This is a good thing. With such a wide "readership," the data's bound to leak.

When it does, it will make Ashley Madison look like a small thing, and be a
good argument against future surveillance.

------
return0
How long before they extend this to VPN users?

~~~
amouat
It's not clear how that would be technically possible. ISPs could report users
which use VPNs, but assuming the VPN isn't in UK jurisdiction, the govt has no
way of forcing the VPN to keep or hand over logs. Their best bet would
probably be to hack the VPN provider...

~~~
return0
> has no way of forcing the VPN to keep

Are we sure of that? they might require that for UK customers

~~~
amouat
If you use an international company, they have no jurisdiction.

------
hx87
Might as well make it available to everyone then. If we can't have privacy we
should at least have transparency.

------
thesmileyone
Glad this topic came up here. So my question is...how to block it? VPN?

Also what stops them selling access to this?

------
ollybee
Reading the legislation its not "Entire Internet history" as most people would
understand it. It looks very much like they are asking for NetFlow data
without saying that explicitly. They want a Time stamp, port, source and
destination IP and amount of data transferred. This is terrifying, I think the
“Internet history” narrative is being setup to be deliberately confusing.

------
f4stjack
Mwahaha. Let skankhunt42 worry about this.

------
yhavr
Pff, vpn + a service that simulates behavior of a generic user, if one is so
scared about suspiciously short browsing history.

~~~
moonshinefe
yeah ok, tell this to the casual user. The flippant response doesn't help
anything.

~~~
yhavr
casual user doesn't see a reason to care about its privacy anyway. if it
changes its mind, google already has a lot of guides on the first page of like
"protect privacy internet".

