• A Practical Demonstration of what IPB will allow

    There have been numerous write-ups of the threat that the Draft Investigatory Powers Billposes to our privacy and security.

    The intention of this post is not simply to repeat those, but to provide a practical demonstration of exactly the kind of information that the proposed powers would compel your Internet Service Provider (ISP) to record.

    As well as demonstrating what an ISP would soon be collecting (and how simple it is to extract), we'll look at the issues the IPB presents in the context of the information we've extracted.

    As the IPB isn't exactly explicit about exactly what it allows, especially in terms of techniques, I've made some assumptions (though I believe their fair and reasonable).

    Most of the results were exactly what I expected, but I think describing them explicitly is probably more helpful than not - to that end, I've tried to keep the language as accessible as possible, as those who understand how tech works at the network level are unlikely to find much of surprise here.

  • Android: Protecting your network data from local snooping

    There's been a lot of news of late about the likes of NSA and GCHQ passively listening to Internet traffic. The steps in this post won't protect you from such a well resourced attacker, but will prevent others on open wifi networks and your mobile data provider from looking at the content of your phone's network traffic.

    A good example of the data that can easily be collected can be seen in this recent Ars Technica post.

    In this post, we'll be configuring an Android phone to conditionally connect to an OpenVPN server, dependant on whether it's associated with a specific WLAN

  • Cookies: Taking Transparency a Step Further

    Contrary to the belief of some, the EU E-Privacy Directive was never about stopping cookies. It was always about raising awareness of what they are, which ones are set and how they can be misused. It was, and still is, a cause of annoyance for many - especially as only four member states have currently adopted the provisions.

    Whilst I don't think the implementation was correct, the underlying principle is sound - we should be ensuring users are aware of what data we're storing in their browser and how it's used. Most sites, in my opinion, don't go nearly far enough to achieve this, instead just scraping the minimum standard.

    In this post, we'll be exploring what I think we're doing wrong, and what we should be aiming for.

  • David Cameron: Idiot, Dangerous or just a lover of soundbites?

    We've heard Theresa May parroting the same lines for months, but in the wake of the Charlie Hebdo massacre, David Cameron has joined the choir of people calling for new surveillance powers.

    Mr Cameron has stated that if the Conservatives are re-elected, he will ensure that there is no form of communication that cannot be intercepted by the government.

    So, one of the question we'll be examining in this post, is - Is David Cameron

    1. An idiot who doesn't understand the technology he's talking about
    2. Demonstrating that pre-election promises are inevitably broken
    3. Planning on introducing a draconian surveillance state
    4. Being mis-informed by other parties
    5. Simply creating sound-bites to raise the chances of re-election

    Most of the coverage thus far has focused on option 3 - which seems fair given that it's the inevitable result of actually attempting to do what he is claiming.

    We'll also be taking a look at why Option 3 could, and should not happen

  • Don't Use Web2Tor/Tor2Web (especially Onion.cab)

    Web2Tor and Tor2Web are reverse proxies which allows clearnet users to access Tor Onion Sites (AKA Hidden Services), and there are a variety of services available online (such as onion.to, onion.cab, onion.city and onion direct) running this service.

    This post details why using these is such a bad idea, as well as detailing some of the changes I'm making to the site to help discourage use of these services.

  • Google, Cloudflare and GDPR - my quandry

    Just like most of the internet, I've been working hard making sure my site and services are GDPR compliant. For the most part, on the technical front I already was, and it's mostly been a case of making sure the documentation is up to scratch.

    However, in one area, I've had to revisit a  decision that I've gone over and over after the past few years - having ads on (some) of the sites, compared to the alternatives.

    I decided I'd create this post for a couple of reasons - partially because I suspect others may be in a similar situation, and also to try and help lay it out so I can spot alternatives to those I've already considered.

     

  • It's funny how times change

    Over the past few days, I've been going over the old Benscomputer.no-ip.org archives and have republished some of the content.

    What's struck me as funny though, is how times change, but a lot of the issues remain exactly the same.

  • LocalChat V0.0.2

    Version: 0.0.2
    Code: View 0.0.2 on Github


    Project Info

    Localchat is a simple and lightweight chat application. It's primary purpose (as defined in SC-2) is to provide a means for an Off-The-Record transient chat

    It is not designed to be stood up and exposed to the internet at large. Instead, the primary intended means of use is to deploy in on a new system, have user's SSH tunnel in to use it and then discard the system once that chat has completed.

    In other words, it's not designed as a generic chat application, but as one to be used for clandestine chats that are hard to monitor/intercept


    Release Notes

    A full list of issues under this version can be found here

    V0.0.2 is the first formal release of LocalChat, as the previous version v0.0.1a simply implemented the PoC capabilities.

    New Features

    • Room Admins can kick and ban
    • Basic End to End Encryption support in client
    • Server automatically purges old messages from queue
    • Server will automatically close rooms after predefined period of idleness
    • Direct Messaging support within a room
    • Add verb to message payload - LOC-16
    • Test harness created

    Bugs Fixed

    • Users can no longer pretend to be SYSTEM
    • Client will exit with an exception if another user uses the wrong E2E key
    • Users could spoof the sending user's name when sending messages
  • mod_yourData

    mod_yourData is a Joomla! module allowing you to show site visitors exactly what data your site is storing within their browser. It includes support for Cookies, Session Storage Objects and Local Storage Objects. Given ever-increasing awareness of Privacy online, it's important that sites are as transparent as possible.

    The ideal use of this module would be to assign it to a custom position and then include with your site's Privacy statement using Joomla's LoadPosition plugin.

    This page is the user documentation for the module, you can also view the Demo here

  • Multi-homing a Joomla site between the WWW and a Tor Hidden Service

    I did some work recently on making BenTasker.co.uk available via both a Tor Hidden Service (otherwise known as a .onion) and via the WWW.

    The reasons for doing this are published elsewhere, but this documentation summarises the steps I had to take (and why) in order to have the site safely accessible via both routes of access.

    For those who are interested, there's a far higher level of detail over on Projects.bentasker.co.uk.

  • PGP Encrypted Text Chat Via DNS

    In a recent post, I alluded to having given a little bit of thought to ways in which clandestine communications could be achieved.

    Having given a little more thought to the idea, I was unable to resist the temptation to build a small proof of concept - if only to see whether there were any obstacles that I hadn't considered.

    This post is the documentation for DNSChat - a small proof of concept enabling PGP encrypted text chat using DNS Queries as a transport mechanism

  • Privacy Policy - 20180522

    This page serves as the GDPR Privacy Notice for www.bentasker.co.uk.

    The controller of the data collected is Ben Tasker.

    You have the right to object to processing, either by objecting to a specific mechanism as described below, or by Contacting Me. If you feel your objection has not been appropriately handled, or that the processing does not have a lawful basis, you also have the right to complain to a supervisory authority.

    As an overall summary of the policy - I collect some data in order to run and improve the site, but will not share that data with third parties unless I'm legally compelled to do so

    Where I'm performing a service for you (i.e. you're a customer rather than simply visiting the site), our contract will include sections as needed to cover any additional elements I may encounter whilst working for you.


    Compliance with a Legal Obligation

    The following data is processed/retained in order to comply with Legal Obligations - GDPR Section 6(1)(c)

    Tax Records

    If you purchase a product or service for me, then you will have been issued with an invoice containing some or all of the following personal data

    • Your Name
    • Your Address
    • Your Email Address
    • Your Telephone Number

    A copy of your invoice will be filed with my Tax records, which in order to fulfil HMRC's requirements must be retained for up to 7 years.

    Because this data must be available in order to comply with a legal obligation, the GDPR rights of erasure and objection cannot be exercised for this data.

    The data is retained on isolated systems with very strong access controls, and will not routinely be passed to any third party. In the event of an audit by HMRC, however, the data may be provided to them when formally requested.


    Legitimate Interests

    The following data is processed/retained based upon the Lawful Basis of GDPR Section 6(1)(f) - Legitimate Interests. In accordance with GDPR, all have been subjected to a Legitimate Interest Assessment (LIA) in order to balance your rights with the legitimate needs.

    Access Logs

    All requests and connections to my network services are written to access logs for the necessary purposes of Network & Information Systems Security, Billing and Account Management Purposes and Network Systems scaling and management.

    The data stored which may be considered to contain Personal Data is

    • Connecting IP address
    • Details of the request/connection (i.e. which page and site was requested, or for non HTTP connections, which service was requested)
    • HTTP Referrer string (where available)
    • HTTP User-Agent header (where available)

    The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    Access logs are retained for 90 days from the date of their creation, after which they are automatically removed. However, where log lines are considered potentially relevant to a network incident, they may be retained until the investigation has completed. Those which are assessed to relate directly to the incident will be retained as part of the incident report, but will be anonymised as appropriate to the context in which they are being reported.

    Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation).

    A limited amount of automated processing is used in order to identify "bad actor" IPs and limit their ability to cause harm to my systems. The data is not passed to any third party in order to perform this processing.

    The processing of this data is not only essential to the services I provide, but is necessary to help ensure that any other data I may hold on you remains protected. Logs form an essential component of investigations into any suspected breach, and without them it may not be possible to identify (and fix) the method used to achieve a compromise. Ultimately, this limited processing benefits both you and my entire user-base.

    Site Behavioural Analytics

    I use an analytics program in order to record site and user behaviour on my sites for the purposes of identifying how sites are behaving and where (and how) improvements can be made (for example if a regularly visited URL results in a 404 Not Found). The data is used in order to rectify issues, track site performance and to aid in troubleshooting when issues are reported. It is also utilised in order to help make scaling and deployment decisions within my Content Distribution Network (CDN), as well as identifying cases where a user has been routed to an incorrect server (for example, a US user being sent to an Asian distribution node).

    The following personal data is collected and stored

    • IP address (masked to exclude the final 2 bytes - i.e. 192.168.x.x instead of 192.168.1.1)
    • Rough geographic location (based upon the anonymised form of the IP)
    • HTTP Referer (where available)
    • Screen resolution (used to aid design decisions and optimise media for delivery)
    • HTTP user-agent
    • OS and hardware platform (derived from the above)
    • Browser language (from the Accept-Language header)

    This granularity of data is retained for 31 days. The data is then used to generate an aggregated data-set (so records are grouped by items they have in common - like geographic location) which is retained for 4 month

    The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    If you wish to object to this processing there are three means of doing so

    • Visit https://piwik.bentasker.co.uk/optout and set appropriately
    • Enable "Do Not Track" in your browser
    • Install an adblocker and enable it

    The former will have full effect on all my sites/services. However, it will not protect you from similar processing on other people's sites, so it's strongly recommended that you consider the other options too (particularly the final one)

    The data is protected by a variety of strong mechanisms, and access to the data is very tightly restricted.

    Cookies

    Cookies set by the site are essential in order to operate, or in order to fulfil a request that you have made. They are used only for this purpose and not used in order to track or otherwise profile you.

    For a list of the cookies set, please see https://www.bentasker.co.uk/cookies. You can also self-serve on the Your Stored Data page.

    Backups

    As might be reasonably expected, all my systems generate backups, for the purposes of ensuring Service/Business Continuity. They may also, in extreme cases, be used during investigation of Security Incidents.

    This means that my backups may (and likely will) contain any of the Private Data discussed in this privacy policy at any one time.

    The data collected within backups is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    Backups are generated (at least) daily and retained for 90 days from the date of their creation.

    Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation). However, you should be aware that it's unlikely to be possible to exclude your data from backups.

    Similarly, individuals are unable to exercise their right of erasure against backups. Interfering with a backup may render it entirely unusable, undermining the legitimate purpose of the backups. However, because backups are only retained for a short period before rotating out, your data will cease to exist in a backed up form within 90 days of completion of your erasure request under different sections of this policy.

    Data with backups is not accessed nor processed unless a backup restoration is required - which is (and will hopefully remain) a rare occurrence. The existence of the backups therefore doesn't change the way you're data is handled/processed other than that it means it will be stored in an additional location.

    Backups are very strongly encrypted, and the necessary decryption keys are stored in an 'offline' format with strong physical security. Backups are not moved outside of the European Economic Area. Systems generating backups have the ability to upload data to the storage area, but not the ability to read it back - so even with the decryption key, compromise of a backed up host should not be sufficient to grant access to the backup contents.

    The generation of backups is essential to providing and maintaining any digital service, and in some cases (such as for Tax records) may also be necessary in order to ensure compliance with a legal obligation (GDPR Section 6(1)(c)). Ensuring the continuity of service can be maintained benefits the both of us.


    Consent

    The following items are processed based upon a lawful basis of Consent - Section 6 (1)(c)

    Social Media Icons

    Various pages within this site display Social Media icons allowing you to quickly and easily share content onto various social networks.

    By default, these are disabled, so no requests are made to social media sites as the result of loading a page.

    If you wish to utilise these buttons, you will need to consent to the activation of these links, and can do so in one of the two following ways

    • Per page: You can simply click the social media icons to enable them (and then click the relevant icon to share the content). On the next page load/refresh, the icons will once again be disabled.
    • Site wide: In the privacy options pane on the left of this site is the option "Unblock Social icons". Clicking this will set a locally stored object in your browser, and the icons will be active on every page. If you wish to withdraw that consent, you may simply click "Block social icons" in the same location and your preference will be reverted.

    When you enable social icons, be aware that your browser will place a request to the social media network in order to generate the share button (and ultimately, to share/like the content if you click again). The privacy policies of each of the social networks applies to those requests, but as a guide, each of the social networks will likely do the following if you allow the icon to load

    • Record your IP address and time of request
    • Set a cookie (and check for existing cookies)
    • Record the address of the page you're on
    • Record your username (if you're currently logged into that social media network)

    They will also likely process the above in order to update an advertising profile.

    The social media icons are provided for convenience purposes only, and out of principle I advise against enabling them globally. You may also want to consider configuring an ad-blocker to block social media icons for networks that you either don't use, or don't commonly share content to (for example, I block Facebook like buttons and LinkedIn Share buttons as I primarily share content on Twitter).


    Other

    The following are provided for informational purposes, as they doesn't fall within the scope of GDPR (usually because they don't include the collection or processing of personal data)

    Advertisements

    Where ads are shown on pages within this site, they're displayed using Google's "non-personalised" ads setting. No data is collected about you and your previous (or future) browsing history is not used in order to 'tailor' the ads for you. The ads displayed are based on the content of the page/site you are viewing.

    As no personal data is processed, the ads do not fall within the scope of GDPR. However, they do help ensure that the site remains available as they contribute towards the (not inconsiderable) running costs. None-the-less, if you'd prefer not to see the ads, it's recommended that you install an Adblocking extension such as Ublock Origin as this will help protect you across the net.

    You can see a breakdown of the rationale of the ads versus other options here - Google, Cloudflare and GDPR - My Quandry

  • Protecting Identity and Copyright Online

    At times, it really feels like the world is completely fucked. We've got a US president who somehow manages to be enough of an arse to fall out with Canadians flying off to meet a nuclear armed mad-man. We seem to be witnessing the increasing rise of a foaming mouthed racist alt-right, and have long since mourned the death of quality journalism in the media. Israeli defence forces are so focused on justifying murder of unarmed civillians that they now tweet about executing people for throwing a stone.

    Yes, at times, it seems like the entire world is off to hell in a hand-cart.

    Underneath it all, though, politics doesn't seem to be that different behind the scenes. Politician are still trying to implement many of the same stupid things that we've seen raised again and again throughout our lives. 

    As fucked as the world may seem, it's important that it not act as a distraction from the issues we can do something about. Trump, for better or worse, is here to stay (at least until his KFC infested diet catches up with him).

    But we can do something about fuckwits in Government once again suggesting that implementing the ability to control and track what everyone does online is in any way a positive. We also can do something about fuckwits from many Government's who think it's beneficial for humanity for them to take a bended knee before Copyright cartels and screw the lot of us in the process (otherwise known as Article 13 of the EU Copyright Directive).

    This post isn't about the things that have become big, but about the things that will become massive infringements on our lives if allowed to pass unchallenged.

  • Republished: A bit of info on the Phorm Debacle

    Originally published on Benscomputer.no-ip.org 5 Mar 2008

    The tech news pages are alive with the news that BT, Virgin Media and Talk Talk are planning to sell its customers browsing information to a company named Phorm.

    BT claims that the new 'service' Webwise is intended to improve the browsing safety of its users. It includes a list of Phishing sites, and warns users when they attempt to connect to one of the listed sites. Newsflash for you guys: FIREFOX ALREADY HAS THIS FUNCTIONALITY. Its nothing new, and of no real benefit if you already have a browser that does this. It's also not a lot of use if you are wary of emails from institutions that ask for personal details.
    Unfortunately WebWise also sends your browsing history (and a copy of everything you send/download on unsecured connections) to Phorms servers where they will profile it and effectively mangle some of the pages you download to include adverts that they believe may interest you.
    This mangling will only happen on pages that run adverts from Phorm, not every site will be effected.

  • Republished: A look at BT's Trial Documentation

    Originally published on Benscomputer.no-ip.org 14 June 2009

    Now, it can hardly have escaped anyones attention that BT ran some very questionable trials of Phorms system. It's been on BBC News, as well as many other sources, including the Governments refusal to take action. This has led to the EU intervening on our behalf, not that much has happened from that so far.

    But most of the media has focused on the RIPA element of it, that is to say the Illegal Interception of the users traffic. Having read the leaked test documentation (Have a look on WikiLeaks), I'd say that there's another element to it that appears to have gone largely unnoticed.

    The original trial involved injecting Javascript into each and every page the user visited (with some unfortunate results on forums), and based on the test documentation, even users who were opted out (not that they were given the opportunity in the trials) would find JavaScript being run on every page.

  • Republished: A quick look at Webwise Discover

    Originally published on Benscomputer.no-ip.org 06 June 2009

    Well, as I posted in the News links yesterday, Phorm have launched a service called Webwise Discover. It appears that this is largely a front end, allowing the user to further benefit from having Phorm follow you around the internet.

    But lets take a quick look at it;

  • Republished: A suggestion for BT

    Originally published on Benscomputer.no-ip.org on 27 October 2008

    Given that BT claim to be creating a network level opt-out from Phorm, I thought I would give them a bit of a helping hand. They claim that although it will be implemented, it's unlikely to be in place by the time the WebWise system is rolled out.

  • Republished: BT Finally See Sense

    Originally published on Benscomputer.no-ip.org 18 March 2008

    There have been murmers online that BT are planning to do the same as Carphone Wharehouse and make a few changes to the Phorm system, by creating a virtual wall between people who haven't opted in and the profiling hardware. They also intend to do away with the cookie 'opt-out' and create something more in line with the law. I sent BT an email a few days ago asking a variety of questions about the system (I'm on BT and don't like the system one bit) and got the following as a reply

  • Republished: No Phoul Play Involved - Good Phorm by BadPhorm

    Originally published on Benscomputer.no-ip.org 5 May 2009

    A question posed on the StopPhoulPlay blog;

    The more interesting question is this: if the Home Office and the many expert legal advisors we consulted are wrong, how is it that a system such as GMail - which scans emails from non-account holders without their consent to GMail users - is not also an ?interception? and as such not also a prime target of their campaign?

    Unlike Gmail?s webmail service, which is perfectly legal, Phorm?s system is fully anonymous, does not look at email and does not store personal information such as IP addresses. Surely if FIPR/ORG is genuinely interested in a fair debate and the application of law as it sees it, the question merits a response?

  • Republished: Nobody wants Phorm checking their data

    Originally published on Benscomputer.no-ip.org on 12 March 2008

    The ISP's may not believe that no-one wants Phorm intercepting their traffic, but Phorms share price certainly seems to have taken a hit since the plans were made public. Someone out there certainly recognises that most people are not going to want this so-called service

    Perhaps this may help motivate the ISP's to fulfil their customers needs rather than chasing the elusive golden penny.

    On the Plus Side, Carphone Warehouse are looking a tbuilding a 'wall' between customers that opt-out and Phorms hardware, so this is a step in the right direction at least. The others may soon follow suit, though comments on the net suggest that these three ISP's have already lost quite a good portion of customers.
    BT are pushing their luck with me, I've sent them two e-mails about this, had one reply that was completely irrelevant to my original communication, and no reply since. I'm giving them the benefit of the doubt for now, as there are presumably internal talks happening about the Phorm issue, but they only have so long before I decide to change ISP.