UK police & spies will have warrantless access to your browsing history


[Read the post]


Oh well, I guess I might as well get it out there now since it’s inevitable - Theresa, Dave, MI5, I’m into Japanese vomit porn and adult diaper fetish sites. Come at me.


Well, now you’ve done it. I don’t think those were on Dave the Pig Fucker’s naughty list before. But now…


So all the bad people will have a VPN and the regular citizens will be the only ones spied on, mission accomplished!


or it will be a walled garden - China’s great firewall is rather successful in killing encrypted connections not approved by the government


I should really get back into tulpic demonology and in particular, yantric, visually-infective memetic spells that implant themselves in the mind of anyone who catches sight of them.

Don’t know why I should suddenly have such a notion but what the hey, it’s a good time down in the sub-dimensions.

Now, where did I put that Pazuzu idol?


Funny, I have a tunnel that routes traffic through England that only goes to I rate limit it to 400 requests a second.


Why not 666 requests/sec?


All of this data will leak, of course, and destroy the lives of millions of Britons.

Such exaggeration! I’m sure it will only destroy thousands of lives, and hey, gotta make those omelets.


ISPs are being bought off with the promise of being
compensated for their role in the mass surveillance.

Gosh, that sounds awfully familiar, where have I heard that before? Oh right, CISA. You give the gov the datas, the gov gives you the immunities.


Well, we all know that VPNs don’t kill people, children do.

… Wait. I mean, when only children are allowed to use VPNs, the criminals will have children.

… Wait. I mean a VPN in the bush is worth an early bird… hmmm…this is hard!


So how long before the police demand the Secretary’s browsing history? Surely she won’t mind – if she’s done nothing wrong she should have nothing to hide, correct?


CISA authorised disclosure of incidentally collected information, whereas browser histories require ISPs to actively collect more data; this is closer to Australia’s new metadata surveillance.


Yeah, that’s true, there are differences, and it’s good to point those out. The similarity is that both CISA and this UK move are instances of a government granting privileges to corporations in exchange for the corporations doing what the government in question wants.


Doesn’t the widespread use of HTTPS and cloud-based hosting make ISP-side record keeping pointless?

There would have a record of the IP address you visited, possibly the domain name if it can be correlated, but IP would likely point to some anonymous AWS node or similar and the actual URL would not be in available.


This will give police a lot of bargaining power…


Time to include the HTTP header field “X-lolwut: '); drop table ispCustomer; --” in every request.


That was the first thought that struck me.

“Awright lad. We know you dunnit. If you don’t feel like singin’, … well, your missus won’t like the look of this much will she, eh? And imagine the kids - seeing this! - don’t bear finkin’ 'bout, duzzit eh?! ‘Ere, Dave! Look at this boingboing fing - fuckin’ radicals, innit! We got you now son! 'Fess up!”


That’s fine, as long as you include in those threats things like venal politicians making cheap (And incorrect) anti-immigration rhetoric for the sake of an unofficial party leadership campaign.


Semi-successful. Around major Chinese holidays, the Great Firewall becomes stronger and is harder to get past. It’s easy to suspect that beefing up the firewall takes enough resources that the Chinese government is not willing to do it all the time, but maybe there are other reasons for its varying strength.