ISP tracking me

[Sparda]

I don't know about the US and the rest of the world but in the UK they do have this ability. I KNOW, I have tested a number of the tools they use.

It's not strictly leagle even with the T&C's which we all have to sign-up too in order to get their internet service, but if you using their networks to link out to other sites and pass your connections through their infrastructure then, they do have this ability. This is simply because unless you can guarantee that at no-point during transmission, that any of your packets have been intercepted then you never really know who you are talking too/through.

After all you are going over THEIR network

They can't brake SSL as you suggested. Any non encrypted traffic they can look at easily.

[LauBen]

They can't brake SSL as you suggested. Any non encrypted traffic they can look at easily.

Hi Sparda, you are correct most ISP are not able to 'brake' SSL encrypted connections (unless aided by other outside bodies such as GCHQ ;) ) however their are a number of solutions that allow them to intercept this SSL traffic. Now this does poss a number of problems as SSL interception does have high CPU and RAM overheads, but still they do have this ability.

[Sparda]

Hi Sparda, you are correct most ISP are not able to 'brake' SSL encrypted connections (unless aided by other outside bodies such as GCHQ ;) ) however their are a number of solutions that allow them to intercept this SSL traffic. Now this does poss a number of problems as SSL interception does have high CPU and RAM overheads, but still they do have this ability.

The way a ISP could intercept an SSL connection is by convincing you to install there software which would add a certificate authority in to your web browser. Once this has been done they can intercept any thing they want.

If you don't do this there isn't any thing they do without convincing a CA to sign keys on the fly for them which they would never do unless they are the chines government and this would only effect you if you live in China. They could log all the encrypted traffic (super impractical do to the massive amount of traffic) then decrypt it off line. This would take decades to do for even one SSL session, and each session uses a different key. On top of that, if they don't know what content the SSL session contains (which they don't, though most will be html) they potentially won't even know when they have found the correct key.

[DLSS]

ok i cba to read the whole 3 page thread but i can say sparda & dingleberries r right...

now for all the leeching nublets :

if u use bittorrent use encrypted torrents, if you're really paranoid use a service like torrentprivacy (google it)

second option get on some trusted boards (NOT wbb) and use filesharing services (rs,mu,es,vip-file) tho these apart from the last one are only advised for small files

but last and most important especially if u want the newest rlses GET USENET WITH SSL that way u have all the recent stuff ,u dont have to upload (making it legal in holland) , u download at high speeds, and it uses ssl encryption.

note that if u want to be secure or have a decent service in most cases u'll have to shell out a few bucks ...

[Sparda]

if u use bittorrent use encrypted torrents, if you're really paranoid use a service like torrentprivacy (google it)

Encryption isn't necessarily used to hide what you are doing, particularly since bittorrent is an open protocol on servers usually accessible by any one on the Internet.

The point of encryption on bittorrent it to attempt to avoid detection by the ISP's QoS system so it doesn't get throttled as much.

[LauBen]

Ok guys, if thats what you believe then fine,

But at the end of the day if you are pulling Gigs of data down, whether its encrypted or not, then you will trigger your ISP's interest and maybe get your connection throttled. Even more so if the majority of your traffic can not be viewed by your ISP, their not stupid, they know what large amounts of SSL/encrypted traffic could mean (especially if you've not got a business package).

If you don't what the risk of your connection being terminated, leagal action being taken, or your speed being caped then DON'T DL COPYWRITED STUFF.

[DLSS]

Ok guys, if thats what you believe then fine,

But at the end of the day if you are pulling Gigs of data down, whether its encrypted or not, then you will trigger your ISP's interest and maybe get your connection throttled. Even more so if the majority of your traffic can not be viewed by your ISP, their not stupid, they know what large amounts of SSL/encrypted traffic could mean (especially if you've not got a business package).

If you don't what the risk of your connection being terminated, leagal action being taken, or your speed being caped then DON'T DL COPYWRITED STUFF.

look mate there's big bad ips's out there (mainly in the us : verizon, virgin, ...)

but there's also isp's that dont give a flying fuck and market towards the leechers, in belgium u have dommel and edpnet doing this, while other isp's here are limiting (30gb etc a month) they go and offer 100/200gb a month (+free usenet acces) at a cheap price, counting on the leechers to buy extra gigs, and speed boost packs ...

not all isp's start off with the same mentality, to give an example: the first isp in holland (and now one of the biggest) was xs4all and was founded by hackers, for hackers they (at least claim) never to hand over any iformation on their users.

chedom/dommel was created by leechers for leechers :) basically started cos dl limits were too low & prices were too high, so they thought they could do better, and boy do they :D

[LauBen]

DLSS you are spot on and right and from what you say if you want to leech we need to have a Belgium ISP :D

I cant comment on the rest of Europe, but I have worked in the US and the UK and I know how a number of the ISP are starting to think.

But hay, I think we have done this to death :D and like I said before DON'T LEECH

[Rain]

SO HERE IT IS Jan HAS YOUR isp KNOCKED ON YOUR DOOR YET?

then i think your fine man!

[OIFhax]

hmm cox did this to me and they shutdown my internet for 24 hours but my mom called and got it back up.

I was in lots of trouble :( lol

umm... some ways to prevent this are: PeerGaurdian 2 from Phoenix Labs here (http://phoenixlabs.org/pg2/). Its free and it blocks known bad tracker ips but you can never block every bad ip so I don't use it too often. Another option, that I use my self, is to try to find the file you're looking for on a free filehosting server (rapidshare, megaupload, medaifire, etc.). I haven't been caught since the first time but supposedly after 3 times they take legal action and it IS in the TOS so be CAREFUL!!!

P.S. STAY AWAY FROM ANY NEW RELEASES!!! Thats where they really get you

I dont think that i have to say this, and lord knows that i should'nt, but what are you kids doing? This kid got in trouble and instead of not doing it again, he finds a way around it!!?? Beat your kids, because sometimes its the only way they will learn!

[OIFhax]

The way a ISP could intercept an SSL connection is by convincing you to install there software which would add a certificate authority in to your web browser. Once this has been done they can intercept any thing they want.

If you don't do this there isn't any thing they do without convincing a CA to sign keys on the fly for them which they would never do unless they are the chines government and this would only effect you if you live in China. They could log all the encrypted traffic (super impractical do to the massive amount of traffic) then decrypt it off line. This would take decades to do for even one SSL session, and each session uses a different key. On top of that, if they don't know what content the SSL session contains (which they don't, though most will be html) they potentially won't even know when they have found the correct key.

Two words for you "Blue Coat"... ok actualy its only one word, but whatevs... look it up, it has ssl interception and i know first hand that on the backend, most ISP's use it... just encrypt your traffic with your torrent, set it to use port 80 or 21 or some other well known port that doesnt scream "HEY LOOK AT ME!!! IM DOWNLOADING THE NEW CARE BEARS MOVIE!!!!" or what every you crazy kids are downloading now a days, and you wont get caught. Im not saying its right to do it, but as a freedom of information activist, it kinda goes with the territory...

cheers!

[LauBen]

Two words for you "Blue Coat"... ok actualy its only one word, but whatevs... look it up, it has ssl interception and i know first hand that on the backend, most ISP's use it... just encrypt your traffic with your torrent, set it to use port 80 or 21 or some other well known port that doesnt scream "HEY LOOK AT ME!!! IM DOWNLOADING THE NEW CARE BEARS MOVIE!!!!" or what every you crazy kids are downloading now a days, and you wont get caught. Im not saying its right to do it, but as a freedom of information activist, it kinda goes with the territory...

cheers!

That was my point exactly! We all know that government people and groups have this capability, but unless you trigger your ISP's "What the hell is this guy/gal doing? And why is he downloading 10GB a day?" they will most likly leave you alone, however once you are on the ISP list they will be looking at you for a LONG time.