Hacker News new | comments | ask | show | jobs | submit login

The scary thing about web history logging is that it makes you question your web habits, if not become actively paranoid.

For instance, the article quotes the head of MI5 regarding preventing the bombing of the London Stock Exchange in 2010.

I wanted to know more about this, so Googled London Stock Exchange Bomb, and clicked on a few stories, and wanting to find out a bit more about the people involved, I then Googled their names and clicked on a few more links.

All this time, I had the thought at the back of my head: will these searches and clicks put me on a list somewhere?

(for anyone who wants to be saved searching for these terms, here's a quick overview: http://www.telegraph.co.uk/news/uknews/terrorism-in-the-uk/9...)

It's this feeling that I most dislike about it all; something, or someone, somewhere may be watching, and so now I'm questioning myself because some discussion on some site has potentially questionable keywords in its URL.

How many of us have paused during conversation in the past four-and-a-half years, suddenly aware that we might be eavesdropped on? Probably it was a phone conversation, although maybe it was an e-mail or instant-message exchange or a conversation in a public place. Maybe the topic was terrorism, or politics, or Islam. We stop suddenly, momentarily afraid that our words might be taken out of context, then we laugh at our paranoia and go on. But our demeanor has changed, and our words are subtly altered.

This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein’s Iraq. And it’s our future as we allow an ever-intrusive eye into our personal, private lives.

— Bruce Schneier, The Eternal Value of Privacy, Wired, 05.18.06


Whenever anybody trivializes surveillance or says it's "just a small amount of logging", they need to be reminded that mass surveillance has already done significant damage in the form of this chilling effect. Even more worrying are the reporters who have discussed the impact the chilling effect has had on their ability to function as a proper journalist.

> potentially questionable keywords

Keywords aren't even the problem; the inferences - legitimate or not - that can be found with modern data analysis techniques and machine learning practically guarantee we will see people being wrongly accused or otherwise affected. This much data is an endless arena for the human tendency to interpret[1] data until they see whatever they want to see. If search a bunch of web histories looking for problems, you will find something.

Oh and this problem is why some of us have a strong reaction against any kind of tracking, especially ad networks. Facebook/Google/etc are just as worrying, and accessing their data simply requires a national security letter (or UK equivalent).

[1] https://en.wikipedia.org/wiki/Apophenia

Your CSRS just increased. CSRS = Citizen Subversive Risk Score.

A couple more internet searches like that and you'll be hauled into "the Cage" for questioning, held without charge for 72 hours under the "Anti-Terrorism and Subversives Act 2018" and released after a good beating.

Your credit score may or may not be affected. Employers may call upon your CSRS score before employing you. Increases over 5% a year are grounds for dismissal.

> held without charge for 72 hours

Today, if you're arrested in the UK under Terrorism charges you can be held for up to 14 days.


And terrorism is such a broad term these days, especially with regards to "cyber-terrorism".

You mean like Sesame Credit in China? You may jest, but if they aren't already secretly doing this, it would be of little surprise if they decide that what China are doing is a Good Idea, and adopt it.


The stupid thing about web history logging is that it is not web history logging at all. It is internet connection logging. The analogy made by Teresa may that it is an "itemised phone bill for the 21st century" shows a complete lack of understanding of the difference between circuit switched networks (e.g the PSTN phone network) and a packet switched network (e.g the internet).

Far as I understand it, the current draft will require ISPs to log all IP connections made, and some other metadata from the packets.

This will be a potentially huge amount of data that ISPs will have to store for 12 months, and it will largely be useless data; as by the time this is enshrined in law and ISPs have this implemented, we will be a lot further down the path that we are currently headed with regards to increasing use of HTTPS and HTTP/2.

All you will be able to gain from this information is ip addresses & hostnames connected to. URLs and other information are all transmitted inside the encrypted session.

Aside from this, terrorists, nefarious types, and increasingly; any technically competent, law abiding citizen with a reasonable desire for privacy will use VPNs, TOR, etc, making it even more pointless.

But if you read the articles recently published on this in the past week or so, they go on to state that in certain circumstances the content or web page detail would be investigable. So this means it is still "full take" to put it in Snowden terms. They are not just storing meta data, they are storing everything and only allowing the meta data to be "freely" searched.

And Theresa May's analogy with itemised phone bills is completely ridiculous. Web domain logging is not the same.

[edited] added 2nd para.

You might be browsing though TOR or a VPN but if you ever dare log into your account, you will be identified. There could be spying from outside or inside, or keys compromised. So you can read, but you cannot use your accounts on any site, or make perfect isolation of the anonymous account and never log into it from your real IP. This feels more like trying to maintain perfect hygiene than hacking. People will be sloppy and a single mistake can unravel a previously anonymous activity. The whole process will be much more difficult and people would not be disposed to do all that work, thinking that they will be OK without it. Because the level of discipline necessary for real anonymity is huge, I think we need to focus on that problem.

I envision a modified browser that has a registry of all your private information and enforces it's protection from the web browsing activity. You will not be able to send over the net your name, email, nickname, identifying cookies, your IP will be hidden, basically it will be like a nanny protecting you from sending any identifying information over the lines. That would be a place where people will be anonymous, but, again, you can't contact anyone you know or use any account that you have used from your real IP in the past, so it will be a different kind of browsing experience.

Agreed, and this is probably by design. It's all a part of social control, or attempted social control. It's the threat of constant surveillance that will contribute to keeping people under control. Personally, I remain skeptical that Govt agencies can do a fraction of what they are claiming to be able to do - anyone who has worked with the various joys ofindustrial sized databases will know how difficult it is to maintain and query the really big ones - but the possibility of the threat remains. I forget the movie that the line is from but: "you don't actually need a big gun - just tell 'em you have one".

Welcome to the surveillance state in your head: http://www.theamericanconservative.com/articles/the-surveill...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact