UseNet with SSL

What's the best way to setup a home network? Why should I care about BGP?

UseNet with SSL

Post by Lacrimo on Wed Aug 19, 2009 10:36 pm
([msg=28179]see UseNet with SSL[/msg])

Is it impossible - or far more likely obscenely difficult - to track down someone posting to UseNet with SSL encryption? Anyone around here that's poked around the newsgroups is probably aware of the blatant illegality of some of the posts. I've seen plenty of headers listing, without euphemism, child porn and alt.suicide.methods is interesting to say the least.

Could the police force theoretically get some IPs if they devoted enough resources, or is it just impossible?
May the source be with you.
User avatar
Lacrimo
New User
New User
 
Posts: 9
Joined: Wed Aug 19, 2009 10:05 pm
Blog: View Blog (0)


Re: UseNet with SSL

Post by thedotmaster on Thu Aug 20, 2009 7:37 am
([msg=28186]see Re: UseNet with SSL[/msg])

IP addresses are logged, so yes, very easily.
SSL just means that browsing cannot be eavesdropped on (well, it can be, but it's near impossible to decrypt).
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: UseNet with SSL

Post by myhexhax on Thu Aug 20, 2009 7:51 am
([msg=28187]see Re: UseNet with SSL[/msg])

It depends what sort of logs your usenet provider keeps (maybe contact giganews/etc regarding their log retention?) With the sheer number of people that use certain ones (and for 'privacy reasons'), they may not keep any. Or they may have all logs since the beginning of the service. Ask what their policy on the disclosure of those logs is (whether they require a court order/warrant/etc and if they have notification procedures upon disclosure or if they divulge it to arbitrary 3rd parties without informing you like Google)

Can they eavesdrop on the SSL encrypted tunnels? I don't think so (at least without cooperation of your usenet provider)
Can they tell that you are connected to a usenet provider over SSL? Most definitely.

They shouldn't be able to tell what headers you are downloading though.
gniripsni ewa si rehte eht morf cisum siht
myhexhax
Poster
Poster
 
Posts: 217
Joined: Tue Sep 16, 2008 2:19 pm
Location: Between the ether and the information superhighway
Blog: View Blog (0)


Re: UseNet with SSL

Post by thedotmaster on Thu Aug 20, 2009 8:40 am
([msg=28189]see Re: UseNet with SSL[/msg])

You can eavesdrop on SSL but you cannot read the contents. Get a copy of WireShark and see for yourself.
Most UseNet providers will keep logs. They will have to give those logs to the feds if they get a court order. Else they themselves get in trouble.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: UseNet with SSL

Post by Lacrimo on Thu Aug 20, 2009 9:47 am
([msg=28191]see Re: UseNet with SSL[/msg])

So yes, this more or less falls into the category of "to much bureaucracy" for most any policing agency. Thanks; just trying to get better - if cursory - understanding of the system.
May the source be with you.
User avatar
Lacrimo
New User
New User
 
Posts: 9
Joined: Wed Aug 19, 2009 10:05 pm
Blog: View Blog (0)


Re: UseNet with SSL

Post by djmounce553 on Fri Aug 21, 2009 9:32 am
([msg=28237]see Re: UseNet with SSL[/msg])

I would also guess that some of the people posting that type of stuff may be routing their traffic through an ephemeral proxy server so their IP wouldn't really mean much in the long run.
djmounce553
New User
New User
 
Posts: 4
Joined: Wed Aug 19, 2009 10:15 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

cron