• A Practical Demonstration of what IPB will allow

    There have been numerous write-ups of the threat that the Draft Investigatory Powers Billposes to our privacy and security.

    The intention of this post is not simply to repeat those, but to provide a practical demonstration of exactly the kind of information that the proposed powers would compel your Internet Service Provider (ISP) to record.

    As well as demonstrating what an ISP would soon be collecting (and how simple it is to extract), we'll look at the issues the IPB presents in the context of the information we've extracted.

    As the IPB isn't exactly explicit about exactly what it allows, especially in terms of techniques, I've made some assumptions (though I believe their fair and reasonable).

    Most of the results were exactly what I expected, but I think describing them explicitly is probably more helpful than not - to that end, I've tried to keep the language as accessible as possible, as those who understand how tech works at the network level are unlikely to find much of surprise here.

  • Amazon Blocks FLoC across most sites

    Google's Federated Learning of Cohorts (FLoC) isn't exactly noted for it's popularity.

    The company claims that FLoC will improve privacy, though various researchers disagree (and there are issues that have remained unaddressed for years).

    For those who're not up to date: the stated aim of FLoC is to replace tracking via 3rd party cookies with an engine within the browser that profiles your browsing habits and adds you into a cohort of users with similar behaviour - advertisers then advertise to you based on your cohort ID (I wonder why the idea of a browser tracking your habits for advertising purposes hasn't won hearts and minds in the way they wanted...).

    News has broken (via Digiday) that Amazon have blocked FLoC from operating on (most of) their domains - the exception seems to be Abebooks.

    Because it's driven by a HTTP response header, we can trivially confirm for individual domains:

    curl -v -o/dev/null https://www.amazon.co.uk 2>&1 | grep permis
    < permissions-policy: interest-cohort=()

  • An argument in favour of application level name resolution

    Recently I published some documentation detailing how to build and run your own DNS-over-HTTPS (DoH) server.

    As I mentioned at the beginning of that documentation, there's been a certain amount of controversy about DoH vs DNS over TLS (DoT).

    One thread of that argument is along the lines that name resolution should be handled at the OS level (so that all applications get the same result for a given name - improving troubleshooting - as well as giving some caching benefit, versus applications resolving names themselves).

    Generally I've found that argument fairly persuasive, but also taken the view that DoH being implemented at the application level is the result of a general lack of availability/uptake of DoT at the OS level.

    In other words, whilst it's not ideal for applications to be resolving names themselves, it makes an (arguable flawed) privacy-enhancing solution available now, rather than continuing to wait for an (arguably) better solution to actually get adopted (and ignoring whatever reasons led to that lack of adoption).

    But, I've begun to change my mind on whether applications doing resolution themselves really is a problem, or whether it's actually more beneficial when considered alongside some of the aims of DoH

  • Android: Protecting your network data from local snooping

    There's been a lot of news of late about the likes of NSA and GCHQ passively listening to Internet traffic. The steps in this post won't protect you from such a well resourced attacker, but will prevent others on open wifi networks and your mobile data provider from looking at the content of your phone's network traffic.

    A good example of the data that can easily be collected can be seen in this recent Ars Technica post.

    In this post, we'll be configuring an Android phone to conditionally connect to an OpenVPN server, dependant on whether it's associated with a specific WLAN

  • Breaking the Google Addiction one step at a time

    Google isn't your friend. Google isn't my friend. Google is, and always has been, a data-whore.

    But, still we use them and allow them to slurp up more and more data about us.

    They're a bit like Amazon in that respect - you know they're an increasingly terrible company, but they're just so convenient and you keep on using them whilst ignoring the power they're amassing over the market.

    But, it is something that's been concerning me more and more over the years.

    We install adblockers, no-script and other extensions to add a fig-leaf to our privacy, or to try and avoid Google's user-hostile changes, yet we keep on using the same services. Even when they completely change the UI around on us, for no good reason, we still keep using their services.

    I decided, quite a while ago, it was time I made a change, but then did very little, at least until recently.

    As great as a "clean-break" might sound, going cold turkey off Google's services is never going to work - no model of user behaviour supports making massive jarring changes.

    So I decided to start with the most obvious interaction with Google - their search engine. I don't have Google Home or similar, so my most frequent interaction with Google is search.

  • Cookies: Taking Transparency a Step Further

    Contrary to the belief of some, the EU E-Privacy Directive was never about stopping cookies. It was always about raising awareness of what they are, which ones are set and how they can be misused. It was, and still is, a cause of annoyance for many - especially as only four member states have currently adopted the provisions.

    Whilst I don't think the implementation was correct, the underlying principle is sound - we should be ensuring users are aware of what data we're storing in their browser and how it's used. Most sites, in my opinion, don't go nearly far enough to achieve this, instead just scraping the minimum standard.

    In this post, we'll be exploring what I think we're doing wrong, and what we should be aiming for.

  • David Cameron: Idiot, Dangerous or just a lover of soundbites?

    We've heard Theresa May parroting the same lines for months, but in the wake of the Charlie Hebdo massacre, David Cameron has joined the choir of people calling for new surveillance powers.

    Mr Cameron has stated that if the Conservatives are re-elected, he will ensure that there is no form of communication that cannot be intercepted by the government.

    So, one of the question we'll be examining in this post, is - Is David Cameron

    1. An idiot who doesn't understand the technology he's talking about
    2. Demonstrating that pre-election promises are inevitably broken
    3. Planning on introducing a draconian surveillance state
    4. Being mis-informed by other parties
    5. Simply creating sound-bites to raise the chances of re-election

    Most of the coverage thus far has focused on option 3 - which seems fair given that it's the inevitable result of actually attempting to do what he is claiming.

    We'll also be taking a look at why Option 3 could, and should not happen

  • Don't Use Web2Tor/Tor2Web (especially Onion.cab)

    Web2Tor and Tor2Web are reverse proxies which allows clearnet users to access Tor Onion Sites (AKA Hidden Services), and there are a variety of services available online (such as onion.to, onion.cab, onion.city and onion direct) running this service.

    This post details why using these is such a bad idea, as well as detailing some of the changes I'm making to the site to help discourage use of these services.

  • FLoC disabled on my sites

    Cookies have been viewed as the enemy for quite some time, with the result that 3rd party cookies are (quite rightly) being treated with high levels of suspicion.

    Unfortunately, the focus being on cookies rather than the tracking/profiling that they enable has left an opening for the unscrupulous to offer a cookie-less alternative.

    Enter Google, who a while back announced they were building something called Federated Learning of Cohorts (FLoC) into Chrome. The basic underlying idea of FLoC is that it assigns the browser a cohort ID - grouping it in with other browsers who have a similar browsing history.

    The browser's history never leaves the browser, with the cohort ID being calculated locally (updating once per week, based on the previous week's browsing), websites can then query the browser for it's cohort ID (by calling document.interestCohort()) and serve appropriate ads based on the ID returned.

    However, deeper inspection has shown that rather than solving privacy issues, FLoC simply presents new ones - in fact there's an obvious vector in the paragraph above - your cohort ID is the same across all sites you visit...

    Plus, although I say new, some of these issues were highlighted in 2019 and remain unaddressed.

  • Google, Cloudflare and GDPR - my quandry

    Just like most of the internet, I've been working hard making sure my site and services are GDPR compliant. For the most part, on the technical front I already was, and it's mostly been a case of making sure the documentation is up to scratch.

    However, in one area, I've had to revisit a  decision that I've gone over and over after the past few years - having ads on (some) of the sites, compared to the alternatives.

    I decided I'd create this post for a couple of reasons - partially because I suspect others may be in a similar situation, and also to try and help lay it out so I can spot alternatives to those I've already considered.


  • It's funny how times change

    Over the past few days, I've been going over the old Benscomputer.no-ip.org archives and have republished some of the content.

    What's struck me as funny though, is how times change, but a lot of the issues remain exactly the same.

  • Judge Rules: Privacy Controls on Facebook Insufficient

    This post was originally published to Freedom4All. A copy of the original can be found here in the archive

    As US court has ruled that a woman who posted content to a restricted part of Facebook had “No reasonable expectation that it would remain private”. 

    Facebook is often criticised for making too much information public, however on this occasion the woman – Kathleen Romano – had set her profile to be private. Despite this, a Judge has ruled that content previously posted to Ms Romano’s profile is admissible as evidence, even though it had never been publicly accessible and Ms Romano had deleted it from her account! 

  • LocalChat V0.0.2

    Version: 0.0.2
    Code: View 0.0.2 on Github / Public Repos

    Project Info

    Localchat is a simple and lightweight chat application. It's primary purpose (as defined in SC-2) is to provide a means for an Off-The-Record transient chat

    It is not designed to be stood up and exposed to the internet at large. Instead, the primary intended means of use is to deploy in on a new system, have user's SSH tunnel in to use it and then discard the system once that chat has completed.

    In other words, it's not designed as a generic chat application, but as one to be used for clandestine chats that are hard to monitor/intercept

    Release Notes

    A full list of issues under this version can be found here

    V0.0.2 is the first formal release of LocalChat, as the previous version v0.0.1a simply implemented the PoC capabilities.

    New Features

    • Room Admins can kick and ban
    • Basic End to End Encryption support in client
    • Server automatically purges old messages from queue
    • Server will automatically close rooms after predefined period of idleness
    • Direct Messaging support within a room
    • Add verb to message payload - LOC-16
    • Test harness created

    Bugs Fixed

    • Users can no longer pretend to be SYSTEM
    • Client will exit with an exception if another user uses the wrong E2E key
    • Users could spoof the sending user's name when sending messages
  • mod_yourData

    mod_yourData is a Joomla! module allowing you to show site visitors exactly what data your site is storing within their browser. It includes support for Cookies, Session Storage Objects and Local Storage Objects. Given ever-increasing awareness of Privacy online, it's important that sites are as transparent as possible.

    The ideal use of this module would be to assign it to a custom position and then include with your site's Privacy statement using Joomla's LoadPosition plugin.

    This page is the user documentation for the module, you can also view the Demo here

  • Multi-homing a Joomla site between the WWW and a Tor Hidden Service

    I did some work recently on making BenTasker.co.uk available via both a Tor Hidden Service (otherwise known as a .onion) and via the WWW.

    The reasons for doing this are published elsewhere, but this documentation summarises the steps I had to take (and why) in order to have the site safely accessible via both routes of access.

    For those who are interested, there's a far higher level of detail over on Projects.bentasker.co.uk.

  • Onion Location Added to Site

    Bentasker.co.uk has been multihomed on Tor and the WWW for over 5 years now.

    Over that time, things have changed slightly - at first, although the site was multi-homed, the means of discovery really was limited to noticing the "Browse via Tor" link in the privacy bar on the right hand side of your screen (unless you're on a mobile device...).

    When Tor Browser pulled in Firefox's changes to implement support for RFC 7838 Alt-Svc headers, I added support for that too. Since that change, quite a number of Tor Browser Bundle users have connected to me via Onion Services without even knowing they had that additional protection (and were no longer using exit bandwidth).

    The real benefit of the Alt-Svc method, other than it being transparent, is that your browser will receive and validate the SSL cert for my site - the user will know they're hitting the correct endpoint, rather than some imposter wrapper site.

    Which brings us to today.

    Tor have released a new version - 9.5 - of Tor Browser bundle which implements new functionality: Onion Location

  • Optimised Routing and Opportunistic Tor Enabled

    In the past few days, I've enabled some new functionality on my delivery network, affecting (almost) every domain being served by it.

    Those using a browser which supports these changes should see improved delivery performance, and enhanced privacy.

    This post details the changes that have been made, and what they mean to you

  • PGP Encrypted Text Chat Via DNS

    In a recent post, I alluded to having given a little bit of thought to ways in which clandestine communications could be achieved.

    Having given a little more thought to the idea, I was unable to resist the temptation to build a small proof of concept - if only to see whether there were any obstacles that I hadn't considered.

    This post is the documentation for DNSChat - a small proof of concept enabling PGP encrypted text chat using DNS Queries as a transport mechanism

  • Privacy Policy - 20180522

    This page serves as the GDPR Privacy Notice for www.bentasker.co.uk.

    The controller of the data collected is Ben Tasker.

    You have the right to object to processing, either by objecting to a specific mechanism as described below, or by Contacting Me. If you feel your objection has not been appropriately handled, or that the processing does not have a lawful basis, you also have the right to complain to a supervisory authority.

    As an overall summary of the policy - I collect some data in order to run and improve the site, but will not share that data with third parties unless I'm legally compelled to do so

    Where I'm performing a service for you (i.e. you're a customer rather than simply visiting the site), our contract will include sections as needed to cover any additional elements I may encounter whilst working for you.

    Compliance with a Legal Obligation

    The following data is processed/retained in order to comply with Legal Obligations - GDPR Section 6(1)(c)

    Tax Records

    If you purchase a product or service for me, then you will have been issued with an invoice containing some or all of the following personal data

    • Your Name
    • Your Address
    • Your Email Address
    • Your Telephone Number

    A copy of your invoice will be filed with my Tax records, which in order to fulfil HMRC's requirements must be retained for up to 7 years.

    Because this data must be available in order to comply with a legal obligation, the GDPR rights of erasure and objection cannot be exercised for this data.

    The data is retained on isolated systems with very strong access controls, and will not routinely be passed to any third party. In the event of an audit by HMRC, however, the data may be provided to them when formally requested.

    Legitimate Interests

    The following data is processed/retained based upon the Lawful Basis of GDPR Section 6(1)(f) - Legitimate Interests. In accordance with GDPR, all have been subjected to a Legitimate Interest Assessment (LIA) in order to balance your rights with the legitimate needs.

    Access Logs

    All requests and connections to my network services are written to access logs for the necessary purposes of Network & Information Systems Security, Billing and Account Management Purposes and Network Systems scaling and management.

    The data stored which may be considered to contain Personal Data is

    • Connecting IP address
    • Details of the request/connection (i.e. which page and site was requested, or for non HTTP connections, which service was requested)
    • HTTP Referrer string (where available)
    • HTTP User-Agent header (where available)

    The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    Access logs are retained for 90 days from the date of their creation, after which they are automatically removed. However, where log lines are considered potentially relevant to a network incident, they may be retained until the investigation has completed. Those which are assessed to relate directly to the incident will be retained as part of the incident report, but will be anonymised as appropriate to the context in which they are being reported.

    Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation).

    A limited amount of automated processing is used in order to identify "bad actor" IPs and limit their ability to cause harm to my systems. The data is not passed to any third party in order to perform this processing.

    The processing of this data is not only essential to the services I provide, but is necessary to help ensure that any other data I may hold on you remains protected. Logs form an essential component of investigations into any suspected breach, and without them it may not be possible to identify (and fix) the method used to achieve a compromise. Ultimately, this limited processing benefits both you and my entire user-base.

    Site Behavioural Analytics

    I use an analytics program in order to record site and user behaviour on my sites for the purposes of identifying how sites are behaving and where (and how) improvements can be made (for example if a regularly visited URL results in a 404 Not Found). The data is used in order to rectify issues, track site performance and to aid in troubleshooting when issues are reported. It is also utilised in order to help make scaling and deployment decisions within my Content Distribution Network (CDN), as well as identifying cases where a user has been routed to an incorrect server (for example, a US user being sent to an Asian distribution node).

    The following personal data is collected and stored

    • IP address (masked to exclude the final 2 bytes - i.e. 192.168.x.x instead of
    • Rough geographic location (based upon the anonymised form of the IP)
    • HTTP Referer (where available)
    • Screen resolution (used to aid design decisions and optimise media for delivery)
    • HTTP user-agent
    • OS and hardware platform (derived from the above)
    • Browser language (from the Accept-Language header)

    This granularity of data is retained for 31 days. The data is then used to generate an aggregated data-set (so records are grouped by items they have in common - like geographic location) which is retained for 4 month

    The data collected in access logs is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    If you wish to object to this processing there are three means of doing so

    • Visit https://piwik.bentasker.co.uk/optout and set appropriately
    • Enable "Do Not Track" in your browser
    • Install an adblocker and enable it

    The former will have full effect on all my sites/services. However, it will not protect you from similar processing on other people's sites, so it's strongly recommended that you consider the other options too (particularly the final one)

    The data is protected by a variety of strong mechanisms, and access to the data is very tightly restricted.


    Cookies set by the site are essential in order to operate, or in order to fulfil a request that you have made. They are used only for this purpose and not used in order to track or otherwise profile you.

    For a list of the cookies set, please see https://www.bentasker.co.uk/cookies. You can also self-serve on the Your Stored Data page.


    As might be reasonably expected, all my systems generate backups, for the purposes of ensuring Service/Business Continuity. They may also, in extreme cases, be used during investigation of Security Incidents.

    This means that my backups may (and likely will) contain any of the Private Data discussed in this privacy policy at any one time.

    The data collected within backups is not passed to any third party, and will not be unless required by a lawful warrant issued by a court whose jurisdiction includes the United Kingdom (and any such warrant, even then, may be contested if it's felt to be overly broad or inappropriate - I have no more interest in allowing the Government to trample over your rights than you do).

    Backups are generated (at least) daily and retained for 90 days from the date of their creation.

    Any individual wishing to object to this processing should use the contact method provided within this policy. All requests will be considered upon their own merits (and the feasibility of implementation). However, you should be aware that it's unlikely to be possible to exclude your data from backups.

    Similarly, individuals are unable to exercise their right of erasure against backups. Interfering with a backup may render it entirely unusable, undermining the legitimate purpose of the backups. However, because backups are only retained for a short period before rotating out, your data will cease to exist in a backed up form within 90 days of completion of your erasure request under different sections of this policy.

    Data with backups is not accessed nor processed unless a backup restoration is required - which is (and will hopefully remain) a rare occurrence. The existence of the backups therefore doesn't change the way you're data is handled/processed other than that it means it will be stored in an additional location.

    Backups are very strongly encrypted, and the necessary decryption keys are stored in an 'offline' format with strong physical security. Backups are not moved outside of the European Economic Area. Systems generating backups have the ability to upload data to the storage area, but not the ability to read it back - so even with the decryption key, compromise of a backed up host should not be sufficient to grant access to the backup contents.

    The generation of backups is essential to providing and maintaining any digital service, and in some cases (such as for Tax records) may also be necessary in order to ensure compliance with a legal obligation (GDPR Section 6(1)(c)). Ensuring the continuity of service can be maintained benefits the both of us.


    The following items are processed based upon a lawful basis of Consent - Section 6 (1)(c)

    Social Media Icons

    Various pages within this site display Social Media icons allowing you to quickly and easily share content onto various social networks.

    By default, these are disabled, so no requests are made to social media sites as the result of loading a page.

    If you wish to utilise these buttons, you will need to consent to the activation of these links, and can do so in one of the two following ways

    • Per page: You can simply click the social media icons to enable them (and then click the relevant icon to share the content). On the next page load/refresh, the icons will once again be disabled.
    • Site wide: In the privacy options pane on the left of this site is the option "Unblock Social icons". Clicking this will set a locally stored object in your browser, and the icons will be active on every page. If you wish to withdraw that consent, you may simply click "Block social icons" in the same location and your preference will be reverted.

    When you enable social icons, be aware that your browser will place a request to the social media network in order to generate the share button (and ultimately, to share/like the content if you click again). The privacy policies of each of the social networks applies to those requests, but as a guide, each of the social networks will likely do the following if you allow the icon to load

    • Record your IP address and time of request
    • Set a cookie (and check for existing cookies)
    • Record the address of the page you're on
    • Record your username (if you're currently logged into that social media network)

    They will also likely process the above in order to update an advertising profile.

    The social media icons are provided for convenience purposes only, and out of principle I advise against enabling them globally. You may also want to consider configuring an ad-blocker to block social media icons for networks that you either don't use, or don't commonly share content to (for example, I block Facebook like buttons and LinkedIn Share buttons as I primarily share content on Twitter).


    The following are provided for informational purposes, as they doesn't fall within the scope of GDPR (usually because they don't include the collection or processing of personal data)


    Where ads are shown on pages within this site, they're displayed using Google's "non-personalised" ads setting. No data is collected about you and your previous (or future) browsing history is not used in order to 'tailor' the ads for you. The ads displayed are based on the content of the page/site you are viewing.

    As no personal data is processed, the ads do not fall within the scope of GDPR. However, they do help ensure that the site remains available as they contribute towards the (not inconsiderable) running costs. None-the-less, if you'd prefer not to see the ads, it's recommended that you install an Adblocking extension such as Ublock Origin as this will help protect you across the net.

    You can see a breakdown of the rationale of the ads versus other options here - Google, Cloudflare and GDPR - My Quandry

  • Protecting Identity and Copyright Online

    At times, it really feels like the world is completely fucked. We've got a US president who somehow manages to be enough of an arse to fall out with Canadians flying off to meet a nuclear armed mad-man. We seem to be witnessing the increasing rise of a foaming mouthed racist alt-right, and have long since mourned the death of quality journalism in the media. Israeli defence forces are so focused on justifying murder of unarmed civillians that they now tweet about executing people for throwing a stone.

    Yes, at times, it seems like the entire world is off to hell in a hand-cart.

    Underneath it all, though, politics doesn't seem to be that different behind the scenes. Politician are still trying to implement many of the same stupid things that we've seen raised again and again throughout our lives. 

    As fucked as the world may seem, it's important that it not act as a distraction from the issues we can do something about. Trump, for better or worse, is here to stay (at least until his KFC infested diet catches up with him).

    But we can do something about fuckwits in Government once again suggesting that implementing the ability to control and track what everyone does online is in any way a positive. We also can do something about fuckwits from many Government's who think it's beneficial for humanity for them to take a bended knee before Copyright cartels and screw the lot of us in the process (otherwise known as Article 13 of the EU Copyright Directive).

    This post isn't about the things that have become big, but about the things that will become massive infringements on our lives if allowed to pass unchallenged.