Hi SwiNOGers ;-)
I thought I'd say some words for all small and medium sized ISPs while I had the SDA/ATS journalist on the phone.
in German: http://www.tagesanzeiger.ch/digital/internet/berwachungswahn-der-Beamten-in-...
in French: http://www.romandie.com/infos/news2/201008181800060AWPCH.asp
in Italian: http://new.ticinonews.ch/articolo.aspx?id=200533&rubrica=14
See you, Pascal
Am 19.08.2010 22:27, schrieb Pascal Gloor:
I thought I'd say some words for all small and medium sized ISPs while I had the SDA/ATS journalist on the phone.
in German: http://www.tagesanzeiger.ch/digital/internet/berwachungswahn-der-Beamten-in-...
in French: http://www.romandie.com/infos/news2/201008181800060AWPCH.asp
in Italian: http://new.ticinonews.ch/articolo.aspx?id=200533&rubrica=14
Pascal, much appreciated. I already blogged about: http://www.blogg.ch/index.php?/archives/833-Tages-Anzeiger-SDA-UEberwachungs... All: Spread the word! We are going to face a referendum about this...
F.
We probably all followed the discussion in Germany about the "Bundestrojaner" and how it failed.
And of course, a trojan spying on citizens is a major impact in privacy, which is not acceptable.
However I don't think, that it's possible to create such a trojan and use it, because of the following facts:
- It's not very easy to put a trojan in a system of a prudent user, who updates regularly and doesn't open every mail or document received. - Virusscanners will soon know the trojan - The swiss government doesn't have enough power to force antivirus software creators to ignore the trojan. - Not all criminals use Windows ;-)
Still I'm happy, that we SwiNOGers are not the only ones worrying and/or fighting this project. Even if this project doesn't work, it will burn lots of money while trying to do so.
Kind regards, Viktor
On 19.08.2010 22:27, Pascal Gloor wrote:
Hi SwiNOGers ;-)
I thought I'd say some words for all small and medium sized ISPs while I had the SDA/ATS journalist on the phone.
in German: http://www.tagesanzeiger.ch/digital/internet/berwachungswahn-der-Beamten-in-...
in French: http://www.romandie.com/infos/news2/201008181800060AWPCH.asp
in Italian: http://new.ticinonews.ch/articolo.aspx?id=200533&rubrica=14
See you, Pascal
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
stony,
We probably all followed the discussion in Germany about the "Bundestrojaner" and how it failed.
And of course, a trojan spying on citizens is a major impact in privacy, which is not acceptable.
yes, sounds again like a aprils joke.
However I don't think, that it's possible to create such a trojan and use it, because of the following facts:
- It's not very easy to put a trojan in a system of a prudent user,
who updates regularly and doesn't open every mail or document received.
hmm.. there are MANY customers, which are virus infected. I see in our network (including ex-Bluewin) a large number of potential customers which will gladly accept to install this trojan (even if they don't notice).
- Virusscanners will soon know the trojan
- The swiss government doesn't have enough power to force antivirus
software creators to ignore the trojan.
hmm... if you can force them to ignore the trojan, will a real trojan/malware writer be able to use this signature/architecture to circumvent any protection?
- Not all criminals use Windows ;-)
fortunately. but windows rate is still high.
Still I'm happy, that we SwiNOGers are not the only ones worrying and/or fighting this project. Even if this project doesn't work, it will burn lots of money while trying to do so.
yes, our money... ,-( that leads me to the questions: now the trojan is installed, WHO the hell analyzes everything? this is going to be a huge amount of data which needs to be stored (where? will it be secure and protected?), analyzed (who will do this?) and brought into court (which judge will understand??).
i assume: this project will fail. too risky, to bad for the politicians reputation, causes too much troubled waters. it will cost too much money, and resources are not available.
in my opition this is just kind of marketing blurp from the politicians. dont forget: elections are close...
-steven
On Fri, Aug 20, 2010 at 10:48:10AM +0200, Steven Glogger wrote:
stony,
We probably all followed the discussion in Germany about the "Bundestrojaner" and how it failed.
And of course, a trojan spying on citizens is a major impact in privacy, which is not acceptable.
yes, sounds again like a aprils joke.
... but but in CSI they do that all the time. OK in CSI even the google street view is live and people belive it.
However I don't think, that it's possible to create such a trojan and use it, because of the following facts:
- It's not very easy to put a trojan in a system of a prudent
user, who updates regularly and doesn't open every mail or document received.
hmm.. there are MANY customers, which are virus infected. I see in our network (including ex-Bluewin) a large number of potential customers which will gladly accept to install this trojan (even if they don't notice).
Yep, see below.
- Virusscanners will soon know the trojan
- The swiss government doesn't have enough power to force
antivirus software creators to ignore the trojan.
hmm... if you can force them to ignore the trojan, will a real trojan/malware writer be able to use this signature/architecture to circumvent any protection?
Most probably yes, since the bundestrojaner should be considered malware as well.
- Not all criminals use Windows ;-)
fortunately. but windows rate is still high.
I guess organized crime will figure this out quickly and switch to secure alternatives. So in the end only the dumb will get monitored. So all this effort will be worthless in short time. It is similar to the live capture of traffic. Smart people will use encryption and so the captured data well end up being mostly unusable noise.
Still I'm happy, that we SwiNOGers are not the only ones worrying and/or fighting this project. Even if this project doesn't work, it will burn lots of money while trying to do so.
yes, our money... ,-( that leads me to the questions: now the trojan is installed, WHO the hell analyzes everything? this is going to be a huge amount of data which needs to be stored (where? will it be secure and protected?), analyzed (who will do this?) and brought into court (which judge will understand??).
CSI? DBA? Analyzing data, doesn't that happen automatically when you push a button?
i assume: this project will fail. too risky, to bad for the politicians reputation, causes too much troubled waters. it will cost too much money, and resources are not available.
I'm not so sure. It seems that privacy is no longer en vogue and that many people think we need more security because the world is so evil. The only way to stop this is to make a big fuss about it so that no politican wants to touch this toppic anymore.
in my opition this is just kind of marketing blurp from the politicians. dont forget: elections are close...
Yeah and thanks to SP and SVP we're now in constant election fights. So expect more stupid ideas to bubble up.
We probably all followed the discussion in Germany about the "Bundestrojaner" and how it failed.
And of course, a trojan spying on citizens is a major impact in privacy, which is not acceptable.
Try to argue about that with people who have a facebook-account. Last count: 500 000 000+. Privacy is something, only old people seem to care about.
However I don't think, that it's possible to create such a trojan and use it, because of the following facts:
- It's not very easy to put a trojan in a system of a prudent user, who
updates regularly and doesn't open every mail or document received.
- Virusscanners will soon know the trojan
- The swiss government doesn't have enough power to force antivirus
software creators to ignore the trojan.
Maybe not the Swiss government. But I'd like to point out that we already have an infrastructure for lawful inspection ("LI") of telephone calls (it's actually a thriving industry...). As such, there are even standardization-bodies for it. Do you think that it's impossible an industry-standard for LI of individual PCs might emerge? AV-vendors are global companies, mostly. Just like telcos, they'd have to implement what governments order them to do.
Even for "normal" malware, the detection-rate of AV-software is mediocre to the point that it's barely above placebo-level. How would you know that a certain AV-software does not detect a trojan? With the exception of clamav, no AV-engine is open-source, neither are the signatures. And even clamav is now owned by a commercial company (Sourcefire, incidentially the company behind the only open source Intrusion Detection System).
- Not all criminals use Windows ;-)
Indeed, but most do. And rootkits exist for Linux + BSD, too.
What politicians don't seem (or simply don't want) to understand is that the problem of these LI-technology lie in the huge potential for abuse and misuse. Politicians sometimes seem to live in an ideal world, where there is no corruption and no abuse of power (or they are simply not negatively affected by it...).
Rainer
Le 20.08.2010 18:14, rainer@ultra-secure.de a écrit :
We probably all followed the discussion in Germany about the "Bundestrojaner" and how it failed.
And of course, a trojan spying on citizens is a major impact in privacy, which is not acceptable.
Try to argue about that with people who have a facebook-account. Last count: 500 000 000+. Privacy is something, only old people seem to care about.
nah, young people care about privacy, they only agree on privacy sharing if this leads to mass spam, advertising and useless crap (also in some cases "legal" personnal work stealing ;) the government is dangerous, he dont make money with those dqatas, he dont send spam, and alos he tries to keep a bit of education in education .. quite dangerous no ? so yes young people is also concerned about privacy...
do not forget also about comtouch, blackberry, email and data saas, android and iphones, do i forgot some ? i assume yes ;)
However I don't think, that it's possible to create such a trojan and use it, because of the following facts:
- It's not very easy to put a trojan in a system of a prudent user, who
updates regularly and doesn't open every mail or document received.
- Virusscanners will soon know the trojan
- The swiss government doesn't have enough power to force antivirus
software creators to ignore the trojan.
Maybe not the Swiss government.
tell me .. what about an account at an UBS concurrent eh ?
But I'd like to point out that we already have an infrastructure for lawful inspection ("LI") of telephone calls (it's actually a thriving industry...). As such, there are even standardization-bodies for it. Do you think that it's impossible an industry-standard for LI of individual PCs might emerge? AV-vendors are global companies, mostly. Just like telcos, they'd have to implement what governments order them to do.
Even for "normal" malware, the detection-rate of AV-software is mediocre to the point that it's barely above placebo-level. How would you know that a certain AV-software does not detect a trojan? With the exception of clamav, no AV-engine is open-source, neither are the signatures. And even clamav is now owned by a commercial company (Sourcefire, incidentially the company behind the only open source Intrusion Detection System).
- Not all criminals use Windows ;-)
Indeed, but most do. And rootkits exist for Linux + BSD, too.
What politicians don't seem (or simply don't want) to understand is that the problem of these LI-technology lie in the huge potential for abuse and misuse. Politicians sometimes seem to live in an ideal world, where there is no corruption and no abuse of power (or they are simply not negatively affected by it...).
i have to disagree, politicians used to give people what people want .. an illusion of peace and happyness.. act on a real problem, and your politician life is over ...
Rainer
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
naz (apologies for my poor english and for some kind of daark vision of the actual society .. )
It's a poor world some of the SwiNOG members live in.
- Facebook bashing is hip among the IT community. However on Facebook you only share what you want to share and you can even lie about all of your personal details, even create a fake personality. If you have privacy concerns, don't put it on the Internet - be it Facebook or any other site. In any case it's in no way comparable with someone spying on your private computer, where you keep your "real" private data, not the crap you put on Facebook. - We live in a direct democracy and therefore are responsible for our own world and society. If you're unhappy with that - try to find a better place, or try to change it by joining the policital class. Just muttering is not going to help. - Last but not least some people have the constant feeling, that the government is trying to rip them off or f**k with them every second of their life. That's just paranoid. The government is trying to run a country. The people working for the government sometimes have ideas on how to improve processes - just like in any company. The good thing is, that we can judge their ideas and have the power to stop them if we're not happy with them (something you most probably don't have in your company).
It's good to be alert and question decisions, but don't overdo it. You might end as an unhappy person.
Kind regards, Viktor
Hi there!
I totally agree. - I virtually click on the "iLike" button for this statement. :)
Cheers, Alex
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Viktor Steinmann Sent: Saturday, August 21, 2010 8:25 AM To: swinog@lists.swinog.ch Subject: Re: [swinog] BÜPF...again ; )
It's a poor world some of the SwiNOG members live in.
- Facebook bashing is hip among the IT community. However on Facebook you only share what you want to share and you can even lie about all of your personal details, even create a fake personality. If you have privacy concerns, don't put it on the Internet - be it Facebook or any other site. In any case it's in no way comparable with someone spying on your private computer, where you keep your "real" private data, not the crap you put on Facebook. - We live in a direct democracy and therefore are responsible for our own world and society. If you're unhappy with that - try to find a better place, or try to change it by joining the policital class. Just muttering is not going to help. - Last but not least some people have the constant feeling, that the government is trying to rip them off or f**k with them every second of their life. That's just paranoid. The government is trying to run a country. The people working for the government sometimes have ideas on how to improve processes - just like in any company. The good thing is, that we can judge their ideas and have the power to stop them if we're not happy with them (something you most probably don't have in your company).
It's good to be alert and question decisions, but don't overdo it. You might end as an unhappy person.
Kind regards, Viktor
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Totally agree. Facebook (among other web applications) is as discrete and secure as the information you feed in. Some use it as an electronic diary and then wonder that you can find out all sort of information about them...
Back to the initial topic: Probably someone at BÜPF has realized that intercepting traffic is not always helpful (encryption) so went back to the source. Placing a Trojan is for me comparable with the Secret files practice (fichen affäre) of the cold-war period. It would simply be a way to collect all sort of information about you and me and will forcibly lead to abuse. So finally if you complain about Goggle-Streetview you will have to fight against this (future) abuse anyway.
Daniele
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Viktor Steinmann Sent: Samstag, 21. August 2010 08:25 To: swinog@lists.swinog.ch Subject: Re: [swinog] BÜPF...again ; )
It's a poor world some of the SwiNOG members live in.
- Facebook bashing is hip among the IT community. However on Facebook you only share what you want to share and you can even lie about all of your personal details, even create a fake personality. If you have privacy concerns, don't put it on the Internet - be it Facebook or any other site. In any case it's in no way comparable with someone spying on your private computer, where you keep your "real" private data, not the crap you put on Facebook. - We live in a direct democracy and therefore are responsible for our own world and society. If you're unhappy with that - try to find a better place, or try to change it by joining the policital class. Just muttering is not going to help. - Last but not least some people have the constant feeling, that the government is trying to rip them off or f**k with them every second of their life. That's just paranoid. The government is trying to run a country. The people working for the government sometimes have ideas on how to improve processes - just like in any company. The good thing is, that we can judge their ideas and have the power to stop them if we're not happy with them (something you most probably don't have in your company).
It's good to be alert and question decisions, but don't overdo it. You might end as an unhappy person.
Kind regards, Viktor
_______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
"This e-mail, any associated files and the information contained in them are confidential and is intended for the addressee(s) only. If you have received this message in error please notify the originator and delete the email immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. Any opinions expressed are those of the individual and do not necessarily represent the views of the company. The company does not conclude contracts by email and all negotiations are subject to contract. We make every effort to maintain our network free from computer viruses but accept no responsibility for any viruses which might be transferred by this e-mail."
Salut, Viktor,
On Sat, 21 Aug 2010 08:24:52 +0200, Viktor Steinmann wrote:
- Facebook bashing is hip among the IT community. However on Facebook
you only share what you want to share and you can even lie about all of your personal details, even create a fake personality. If you have privacy concerns, don't put it on the Internet - be it Facebook or any other site. In any case it's in no way comparable with someone spying on your private computer, where you keep your "real" private data, not the crap you put on Facebook.
That's a nice theory you have, and I totally agree when it comes to Facebook. (Not because of my employer though, just my personal opinion.)
However, there are very legitimate reasons why people in our world may want anonymity, and this level of anonymity can only be reached on the Internet, as you cannot hide your body or your voice patterns in the real world. And some people have lived through some awful things in their lives and are in dire need for such anonymity.
You may of course claim that these people have lived before the Internet — yes, they have, and they had it much worse. I'm glad that the Internet is helping to prevent people from committing suicide or hurting and crippling themselves every day. It helps people find other people to listen to them and to confirm to them that they are valuable and that they're right when they think they're treated unacceptably. And it does all of this.
Destroying this anonymity by introducing more and more surveillance measures at large, monitoring any kind of traffic and forcing people to give away their identity with every Internet conversation is NOT helping, it is killing this amazing thing we have for, as we all know, no good reason.
Anonymity is a protecting blanket. Just saying.
Regards, Tonnerre
Privacy is something, only old people seem to care about.
I hear that a lot, but it doesn't seem to hold up to scientific scrutiny:
http://www.readwriteweb.com/archives/study_youth_not_only_care_about_faceboo...
But just continue to claim this; it makes old people feel better.
* on the Fri, Aug 20, 2010 at 06:14:18PM +0200, rainer@ultra-secure.de wrote:
What politicians don't seem (or simply don't want) to understand is that the problem of these LI-technology lie in the huge potential for abuse and misuse. Politicians sometimes seem to live in an ideal world, where there is no corruption and no abuse of power (or they are simply not negatively affected by it...).
It's very simple: Privacy is not opposed to security, but privacy is rather the first step to achieve security. The USA with its lax privacy protection has huge problems with fraud, much more so than Europe or Switzerland..
And _anything_ that undermines privacy, even if it comes from the. state/police side (like data retention -- fucking stupid idea to make ISPs amass data ready to be compromised by criminals) will lead to higher criminal-rates.
You can't fight crime by giving the criminals more opportunities. But that's precisely what all these "lawful interception" laws do.
Cheers Seegras