Yes, your ISP/IT Department is watching you
This post was published 3 years 6 months 27 days ago and its content may not be valid anymore.ISP’s, College Campuses, IT departments, are increasingly capturing
data. Mix in the risk of open wireless networks (Or even any wireless
network for that matter considering how easy WEP is to crack and WPA is
not that much harder) you have quite a few ways for your data transmissions to be captured.
What does data transmission mean? Simply all your email (and email server passwords), AIM conversations, web traffic that does not have a lock on it just to name a few could be easily logged and captured by ANYONE on your network, from your teenage son to the NOC master at your ISP.
How are they so easily captured?
Most data is transmitted in clear text, (Easily decipherable not scrambled data) allowing very basic readily available programs to “sniff” and copy your transmissions without you knowing. It also shocks me how complacent people are with this.
Paranoid? You should be.
You are doing yourself a disservice, by not encrypting your transmissions. Enter HotSpotVPN. HotSpotVPN is a Virtual Private Network available by subscription. It protects you by encrypting all of your network traffic and cloaking your Internet destinations. HotSpotVPN TunnelGuardian provides real time protection from malware, spy ware, Trojans, phishing and other malicious code. It protects you by statefully inspecting everything headed back to your browser before it gets into the tunnel. At the user’s discretion TunnnelGuardian will also block advertisements. This is especially useful to users on low speed connections since up to 60% of page weight can be flashing GIF or Flash ads.
I am a proud HotSpotVPN subscriber, and I know that my data transmissions over my lines are safe and secure. I have also contacted Glenn of HotSpotVPN, and the VPN servers record NO LOGS that can invade your privacy.
For the geeks, how secure is secure? How does Blowfish encryption at 128 bits or AES-192 or AES-256. Yea, that is secure.
If you are concerned about what you transmit from your computer HotSpotVPN may be for you! Yes I do recommend Tor, but it is not as FAST as HotSpotVPN.
Welcome to 2006. This is nothing new. Wether such actions are more common nowadays and by who (ISP only or ISP for authorities) matters. There are no statistics provided by the writer of this article though. The writer does not even specify about which jurisdiction he’s talking about.
I am a EU civilian hence my post is mostly from that point of view however it contains also some general aspects which either apply worldwide or are aspects to consider for every person using the Internet no matter where that person resides.
A Good ISP does not log all your data though. First, for the simple reason that capturing data for every customer is not legal (privacy invasion), nor required, while it costs a lot of money to log. Second, EU law will soon demand header data is logged; this counts for every EU civilian. The latter is a privacy issue, but only contains headers. It is about who you have contact with, not what you discuss with them. In the case where e.g. you have contact with a dubious person, it may lead to a tap though since this means you are in their 1st tier of contacts. Wether such tap was justified or not will be seen afterwards. Authorities do not know such yet which is why -in this case- they decide to tap you in the first place.
Besides that, authorities may decide to tap your data. In such case either they or your ISP in collaboration with the police may tap all your data. If you use encryption on all your data while you have nothing to hide from them (except standard privacy which i don’t argue against) you make yourself more a suspect. Such potantially leads to additional actions. Hence it is the question wether such move is wise.
Paranoid for what exactly? Using SSH to log in on your server is normal since such is private data and since such contains an important password. However by using Tor or Freenet you MAY support someone who uses the service to look for terrorism, child pr0n or performs spam runs. Its the question wether you want to support such causes.
Its also the question how anonymous and secure a network such as an anonymizer really is. Often these cost money, and when authorities really are after you then they very well contact the pay-service to tap you or to get your private data. And yes, such services can also easily be tapped using backdoors on the end service where the data is decrypted. I remember two cases on this: one where the BKA (German secret service) trojaned the anonymizer service JAP a Java frontend to an anonymizing proxy. The other one involved a well known US-based anonymizer service who cooperated with the FBI.
I’m aware some ISPs for example throttle/filter P2P networks such as BitTorrent. This does not mean they log or cache your data. It merely means they detect and throttle/filter the protocol which is simple using a Layer-7 bandwidth throttler or firewall. In such case, it may be wise to use encryption to circumvent the throttling/firewalling.
If you are a political activist, lawyer or otherwise public person in the lights it may be wise to use services like this. The same counts for when you are after dubious things such as terrorism, child pr0n or spam. Wether it works is a different question. Most people who read this message are not into anything like this. My point is this: if you are a normal person just worried about your privacy then just protecting all your data by encryption and anonymizing is not necessarily useful or helpful for your cause. Especially not when the service you use is used by dubious personae and/or when you facilitate such personae by running such service which is the case with Tor and Freenet. Both are also pretty slow and eat bandwidth for breakfast.
I myself have been political semi active and to show authorities i am not anymore i do not use encryption except SSH for remote servers. This proofs to them i have nothing to hide while they can read that i am not a danger to the state. Using excessive cryptography would damage my cause since it’d make them feel less secure about my activities.
So all i am saying is don’t just think you have to use something like this because someone writes about it such as here in this case. It is a hard decision to make and it involves many factors to consider. Do not blindly just run software like this.
Greets
– J.
[...] With ISP’s blocking port 25, it is getting harder and harder to send email on a guest network. While we always suggest using a VPN service (We recommend using HotSpotVPN), not only for bypassing the port 25 blocks, but for security. But, if you don’t have the flow to subscribe to a VPN service, you will need to KNOW the mail servers of the guest ISP that you are using to send email from you email client. [...]
[...] This means you will be redirected to a Verizon controlled page when you mistype a URL that will most likely work with a partnered search engine. This clear money grab has been proven to be annoying, confusing and misleading to consumers and further illustrates the need for third party DNS products or VPN solutions. [...]
[...] at least eliminate the packet sniffing angle I highly recommend people use some sort of VPN when connecting to an untrusted network. Also, utilize any websites secure server (https) to [...]