Please create an account to participate in the Slashdot moderation system

typodupeerror
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

## UK ISPs Consider VPN To Avoid Piracy Crackdown133

Mark.JUK writes "Broadband internet providers in the UK are considering whether or not to follow the example of a Swedish ISP, Bahnhof, which recently put all of its customers behind a secure Virtual Private Network (VPN) in order to circumvent new European Data Retention and Internet Copyright Infringement laws. By doing this, it makes their logs less useful to outside forces (e.g. rights holders) and allows customers to use the internet anonymously. However, several UK ISPs, including business provider AAISP (Andrews and Arnold), have suggested that there may be better solutions than sticking everybody behind a costly VPN. AAISP's boss, Adrian Kennard, claims, 'something ISPs will be doing anyway, carrier grade NAT, will create a similar anonymity as there is no requirement to log NAT sessions.' Meanwhile, Timico's CTO, Trefor Davies, warns, 'It would be a pretty costly project for all ISPs to implement such a system. It would also bring with it risks – suddenly it becomes a lot easier for governments to start monitoring all your traffic because it all goes through a single point (or at least a few points) on the network.'"
This discussion has been archived. No new comments can be posted.

## UK ISPs Consider VPN To Avoid Piracy Crackdown

• #### Interesting (Score:5, Insightful)

on Saturday January 29, 2011 @05:03AM (#35041720)

So the public don't like the law because they can get ratted out.
The ISPs don't like the law either

Why is there this law again?

• #### Re: (Score:2, Insightful)

by Anonymous Coward

Y'see, it is a very simple one, the reason why pretty much any other law hated by everyone is around: money from media companies.

• #### Re: (Score:2)

Y'see, it is a very simple one, the reason why pretty much any other law hated by everyone is around: money from media companies.

Ah yes, how could we possibly forget: entertainment is the best, nay, only reason to give up civil liberties. Why if it weren't for those billions of relatively small payments we give to media companies, each representing that we only care a little about their content but we're happy to have SOMETHING, where would the economy be?

Money.
• #### Re:Interesting (Score:5, Insightful)

on Saturday January 29, 2011 @07:44AM (#35042008)

There's a law because intellectual property is the only major export most Western nations still have. However unpopular this sort of thing is they're all far too afraid to risk losing that economic base, so they don't want to change the equation too much. Hence laws to preserve the status quo.

• #### Re: (Score:2)

"intellectual property is the only major export most Western nations still have" - That statement is in dire need of a citation.
• #### Re: (Score:1)

by Anonymous Coward

"intellectual property is the only major export most Western nations still have" - That statement is in dire need of a citation.

No, that's not how this works when you're not editing an encyclopedia. If a comment about a topic has piqued your interests, it is now up to you to research that topic. If you find information that contradicts someone else's position, let them know.

• #### Re: (Score:1)

"No, that's not how this works when you're not editing an encyclopedia."

Actually it is, it's up to the person making the claim to back it up, otherwise it's just a bald assertion. For example, if he claimed unicorns exist it's not up to me to disprove the claim since it is logically impossible for me to do so.

So let me be blunt, I call bullshit on the OP. I did some cursory research before my first post and found global revenues in the ten's of billions for movies, music and video games, clearly this
• #### Re: (Score:1)

Actually it is, it's up to the person making the claim to back it up, otherwise it's just a bald assertion. For example, if he claimed unicorns exist it's not up to me to disprove the claim since it is logically impossible for me to do so. .

You mean unicorns don't exist? I've been grossly misinformed.

• #### Re: (Score:2)

"intellectual property is the only major export most Western nations still have" - That statement is in dire need of a citation.

No, that's not how this works when you're not editing an encyclopedia. If a comment about a topic has piqued your interests, it is now up to you to research that topic. If you find information that contradicts someone else's position, let them know.

Are you familiar with the concept of the burden of proof?

• #### Re: (Score:2)

s/Most Western nations/The USA?/
• #### Re: (Score:2)

USA's top exports are civilan aircraft and military equipment.
• #### Re: (Score:2)

Do you know where "IP" products list after those two? But I guess could be a matter of lobbying rather than actual export value?
• #### Re: (Score:3)

"IP" isn't on the list, as it isn't a physical product that goes through Customs.

Take Apple for example. They go down on the list as an importer of goods from China. However, the design of their products and the software that runs on them is carried out in the USA, and their products go from China to all over the world. That is a major IP export from the USA.

• #### Re: (Score:2)

Note that when I say intellectual property, I mean ideas.

The US exports no significant amount of raw materials, or manufactured goods aside from those which are heavily subsidized or banned from being produced overseas like grain and military equipment. Neither of these things produces much of a net bonus to the US economy because the amount of money that must be paid to keep those industries viable is so high. The same is true of most western nations. We don't make iPhones, nor do we produce the materials

• #### Re: (Score:1)

by Anonymous Coward

There used to be a reasonable period over which the rights of the creator lapsed and the content became public domain. Corporate interests recently succeeded in a significant increase of this period. Th e compromise between providing a reasonable incentive for creating anything original through protection of exclusive rights and the public interest has gone out of whack completely. Secret negotiations on ACTA are the ultimate proof in eliminating a due democratic process

• #### Re:Interesting (Score:5, Insightful)

on Saturday January 29, 2011 @08:20AM (#35042102)

The funny this to me is:

Sean Hannity (can't stand him, but listen sometimes on my way home from work just to get mad lol) had Joe Lieberman on and had they talked about this and that. Two days later Hannity has two foreign people on talking about what's going on in Egypt, with each person having different views. He then asked the one if the current President of Egypt (or whatever that position is called) is a Dictator, and kept hounding the point. After the lady wouldn't agree or say, Sean said something along the lines of "well look, he had the internet shut off, which makes him a dictator".

Well if that's true, then Lieberman is a dictator for having come up with the internet kill switch for the US, as well as anyone else who agreed on the bill.

It's funny how one action someone else is evil and "makes someone a dictator", yet the same or similar actions else where are just fine.

It really makes me sick

• #### Re: (Score:3)

Exactly - and you see Obama crowing about the rights of the Egyptian people, but then you wonder - what would happen if the same events were occurring here? I'm willing to bet that Obama would be singing an entirely different tune. Further, the initial intent of the "kill switch" was to mitigate damage in the wake of cyber warfare. However, just like everything else the federal government has done in the name of "national security" since 9/11, it *will* be re-purposed for other non-defense uses.

• #### Re: (Score:1)

It won't be Obama that pulls the 'Internet Kill Switch'
That ship has not sailed yet... and I doubt very seriously it will sail on his watch, even if the man gets re-elected.
It will be some future tool that gets voted into the hot seat, and decides thing are bad-assed enough to make that call.
some future, elected asshat, that get the distinction of triggering a long over due civil war.

I'd bet money it won't come to that for another generation... eventually it will... as it must...
We've been too long without

• #### Re: (Score:2)

The funny thing to me is you think Lieberman is a dictator even though he has no power on his own. He can't force anyone to do anything.

• #### Re: (Score:2)

So the public don't like the law because they can get ratted out.
The ISPs don't like the law either

Why is there this law again?

The usual: too long time since the last total overhaul of the ruling class.

• #### Re: (Score:2)

As an independent software developer, I work like crazy trying to create stuff that will sell. I don't really care for the excessively long copyrights, but the conclusion of your argument seems to be that copyright shouldn't exist at all and piracy should be legal. This would devastate us, which would in the long term harm you as well. I think every society with an enlightened self-interest would support copyright. Of course, there seem to be a lot of people looking out for their own short-term self-int
• #### Re: (Score:1)

Software and entertainment need different licensing models, and with minimal (note: (!=0)) government interference. China style (I don't think even they go that far) tracking is not minimal in any way. The ISPs are doing the right thing in every sense of the word. People have a right to privacy. If the media cartels want to get rid of file sharing, then out-compete them. Flood the torrents with fakes, and low quality rips, burned in the video hungarian subtitles, you name it. The average user is not going t
• #### Re: (Score:2)

So the public don't like the law because they can get ratted out.
The ISPs don't like the law either

Why is there this law again?

Because little children sometimes (surprise!) don't like to eat their vegetables.

I know it's "PC" to believe everything government does these days is aimed, solely, at "taking your toys away" but, believe it or not, there IS a reason why we are a society of laws and choose not to degenerate into a "Mad Max" like existence.

If you think the laws are wrong (or just stupid), then by all means, try and change the laws. But don't just sit on your ass and blame imaginary monsters ("guberment", conspiracies betwe

• #### Any side effects of NAT? (Score:4, Funny)

on Saturday January 29, 2011 @05:15AM (#35041738) Journal

I'm not all that familiar with the nitty gritty details of NAT.
Would a site like /. rate limit posts coming from multiple users behind a NAT?

IIRC, one spammer behind a NAT can get everyone else blacklisted.
Talk about havoc for that ISP's customers.

A VPN sounds like the smarter of the two ideas.

• #### Re: (Score:2)

NAT is already done by certain ISPs who don't have enough addresses for all their customers. If you (say) map 2 people onto the same IP address you can pay for less addresses.

If you map a bunch of people to the same address every session, and you don't store the routing table, I think you can safely call it 'anonymous' - because you're introducing uncertainty.

• #### Re: (Score:3)

They might also be considering NAT to delay moving to IPv6.
• #### Re: (Score:2)

NAT 64 is one possible transition mechanism to ipv6 when combined with DNS 64. Of course, they probably are doing what you say.

• #### Re:Any side effects of NAT? (Score:5, Informative)

<arancaytar.ilyaran@gmail.com> on Saturday January 29, 2011 @06:45AM (#35041894) Homepage

The side effects of a NAT (not all NATs, but the IP masqerading one which has become synonymous with it) are that you lose the ability to accept incoming traffic. Pretty much all Peer-to-peer protocols depend on that in some measure.

Some can cope (I believe Skype has some server-based way of negotiating a direct connection between two firewalled computers, though I don't know the details), while others like BitTorrent keep some limited functionality (you're limited to connections you initiate), and still others (tor, probably - as a node, not a client) will stop working entirely.

• #### Re: (Score:2)

With Skype, the two endpoints both negociate with the server to agree on a UDP port - then send to each other via UDP. They are basically tricking the NAT routers at each into thinking the other end accepted a UDP connection. It works surprisingly well.
• #### DO NOT WANT (Score:1)

by Anonymous Coward

It doesn't work with a NAT like Linux NAT. Why? Because outgoing connections are mapped on port *and* destination. If both sides are behind same type of NAT, it is impossible to connect the two together.

Most NAT is symmetric, at least by default. Remember when Skype stopped working and all hell broke lose? The cause was NAT. Without NAT, supernodes (skype servers) would not be necessary and Skype would have continued to function.

Anyway, of

• #### Re: (Score:1)

A well set up symmetric NAT, with UPnP, and SRV record support on the application layer would create no such issues. Now go and implemented it for fucks sake. A NAT router is another name for high performance anonymizing proxy.
• #### Re: (Score:1)

I might have dreamed this, but I thought ipv6 doesn't use NAT so it would be a short-term solution at best.
• #### Re: (Score:3)

IPv4 wasn't designed to use NAT at all. NAT is an improvised technique that allowed IPv4 to continue to grow far beyond it's original design specifications. Networking professionals do not like it, because it breaks a lot of protocols, but it's the only way the internet can continue to function right now. The alternative is IPv6, but that is a very expensive thing to deploy and would bring many troubles of it's own during the transition period. So the options are to either continue deploying NAT, which is c
• #### Re: (Score:2)

It occurs to me that the first time an Internet kill switch is used would be a most-suitable flag day for the transition to IPv6.
• #### Doesn't matter... (Score:2)

Next year there'll be a new law requiring logging of NAT sessions.

The RIAA already knows who to bribe so the next round of laws will go through quickly.

• #### Re: (Score:2)

I'm sure any log retentions rules would apply. The problem for anti-piracy investigators is that about all you can tell by sniffing the packets is that pirating is being done behind the NAT router. If that ISP has, say, 500,000 users, the investigators can't tell which ones are pirating, and the logs would become considerably less useful. There might be key indicators, like number of bytes downloaded in a given period, if the logs have that kind of detail, that might point to specific users, but I'll wag

• #### Why do people worry (Score:3, Insightful)

on Saturday January 29, 2011 @05:27AM (#35041758)
Why do people worry about wire trapping?

I've got nothing to hide. \end{cynical}

• #### Re: (Score:3, Informative)

by Anonymous Coward

"Why do people worry about wire trapping?

I've got nothing to hide."

Because, unlike you, they're aware of history and basic civil rights principles.

• #### Why workarounds ? (Score:4, Insightful)

on Saturday January 29, 2011 @05:38AM (#35041778)

Instead of searching for technical workarounds, we should try to block such laws. Workarounds are just that, and sooner or later the law will workaround workarounds.

What will happen if encryption will become illegal for the general public ? Today this might seem far-fetched, but we are slowly giving in, and it might be a tad too late when we'll realize what we lost (and I'm not talking about the regular /. guy, but about the general public).

• #### Re:Why workarounds ? (Score:5, Interesting)

on Saturday January 29, 2011 @05:43AM (#35041782)

The people who want these laws are the kind of people who have enough money and influence to ensure that these laws stay the same way.

I mean, you saw the whole Net Neutrality debate in the US. It had misdirection on one side which triggered the American Native "I DON'T WANT NO GUBBERMENT" reaction.

When we're talking about media - you can expect to see commercials detailing how 'favourite artist' supports this law because it protects their music, how the world would be horrible without them. Then you have government lobbying (also known as bribes) and stuff like that.

If we had an infinite pool of politicians, enough floating voters and a way of determining who supports these crap laws, you'd see the world change pretty quickly. Not the case either.

At least you can rest on the fact that laws usually take ages to fix. So this 'workaround' is great until they patch the law up in a few years' time.

• #### Re: (Score:3)

I mean, you saw the whole Net Neutrality debate in the US. It had misdirection on one side which triggered the American Native "I DON'T WANT NO GUBBERMENT" reaction.

The problem was the other side of it, that was salivating over all the possibilities to insert more government control into the legislation for net neutrality. You weren't ever going to get real net neutrality, you were going to get something like it, plus a whole lot of political meddling.

• #### Re: (Score:2)

So this 'workaround' is great until they patch the law up in a few years' time.

At which point, we're stuck with NAT and all its disadvantages, rather than a far superior IPv6 option, because the technically inferior version happened to be more convenient legally until the law was fixed.

• #### Re: (Score:1)

by Anonymous Coward

Instead of searching for technical workarounds, we should try to block such laws.

Which is what many people have tried to do with lobbying and public rally calls, etc. As far as I remember a couple of ISPs have even gone to the lengths of getting a Judicial review of portions of the Digital Economy Act. Unfortunately, half the reason that act got through in the first place was because it wasn't scrutinised enough in parliament and if that's a problem in the first place then trying to block laws will probably go the same way: for whatever reason, due to excessive lobbying on one side,

• #### Safe for how long? (Score:2)

""suspected" unlawful file sharing p2p activity from publicly available IP details; a feat that is already extremely unreliable."
"as there is no requirement to log NAT sessions"?
2. Get legal advice in the UK.
2.5. Another private dinner with members of the Rothschild banking dynasty at the family's holiday villa on ....
http://www.guardian.co.uk/technology/2009/aug/25/file-sharing-internet
3. A UK court asks "happy joy isp will not log NAT sessions.co.uk" ab
• #### Internet is not a curiosity anymore (Score:1, Troll)

Entire corporations are now being run purely on the Internet. It is not ok to break the law and not be held responsible for it.
• #### Re: (Score:3, Insightful)

I don't understand how you got from point A to point B in your post. Are you saying that because the Internet is quite important nowadays, we need to screw it up with overzealous copyright enforcement?

• #### Re: (Score:2)

Oooh, entire corporations. Well, I better give up all my rights then!
• #### Re: (Score:2)

Tell that to the entire corporations.

• #### The outcome is predictable. (Score:3)

on Saturday January 29, 2011 @06:14AM (#35041836)
If any major ISP does this, then next legislative session some politician will just propose a law to make it illegal, on the grounds that it makes it impossible to track down pedophiles. The bill will pass on a unaminous vote with support from all parties, because no politician wants to be seen defending said pedophiles.

Hmm... carrier-level NAT would also make tracking people online next to impossible. Could we have finally found something that will convince non-technical types of the need to move to IPv6? 'Deploy the new protocol, or the evil pedos will never be caught?'
• #### Re: (Score:3)

Banning NAT and VPN would take down a huge amount of the infrastructure out there. NAT routers, from cheapo consumer-grade hardware right up to some pretty expensive equipment, is installed all over the place, and various forms of VPN are very prevalent in the corporate world.

What they might require is far greater detail in logging; packet types, translation tables, but man oh man, I cannot imagine the amount of storage you would need if you were a large ISP with hundreds of thousands or millions of custom

• #### Re: (Score:2)

I doubt it'd be a ban. It'd just impose extremally extensive logging requirements. Not by refering to technology, but just requireing all ISPs have the ability to uniquely identify any user given a time and IP address. How the ISPs go about doing that is their problem. It could be done for NAT at some expense, but for PAT it'd be completly impractical - it'd just leave the ISPs with no choice but to not use PAT, even if that means finally moving to IPv6.
• #### Re: (Score:2)

All of the cellphone networks in the UK do it. There are 80m cellphone connections for a population of 62m, and there is no way they could get enough IP addresses to go round.

• #### Also, two-tier internet (Score:5, Insightful)

<arancaytar.ilyaran@gmail.com> on Saturday January 29, 2011 @06:35AM (#35041882) Homepage

With a simple DSL access, possibly using a push-based dynamic DNS service, you can become a server right now. You can even serve out of a local NAT by forwarding a few ports in your router. Without renting a server, you can host a small website, provide an FTP share, seed a torrent, and host a tor node. Particularly in the last case, many small users with their own computers are what tor thrives on.

If your computer has to share its global address with hundreds behind a NAT at the ISP level, this becomes basically impossible (just try asking your ISP to forward a port for you!). The internet will be split into two halves made up by the content providers who can afford a globally accessible address, and the content consumers who sit behind a glorified television.

• #### Re: (Score:2)

The problem being that the ISPs realize that even with public addresses, most (an overwhelming majority?) of their customers are just that -- "content consumers who sit behind a glorified television."

• #### Re: (Score:2)

Those customers will still be very annoyed when their IM file transfer services stop working. Though I imagine if it becomes a significent problem, The major IM network operators will revise their protocols in some way - maybe mutual UDP connections like Skype uses.
• #### Re: (Score:2)

Those customers will still be very annoyed when their IM file transfer services stop working.

What's IM? The current generation of youngsters has no idea of such a concept. To them, IM = Facebook and Twitter.

• #### Re: (Score:2)

Facebook has an IM service built in. No file transfer, but IM nonetheless.

• #### Tor (Score:2)

You had the answer in your examples of what can be done on a simple DSL connection; Tor facilitates this exactly. Users can't be traced if users are required to use tor, with any configuration of exit nodes (all customers, some customers, ISP-level, third-party). If all customers are required to use tor as exit nodes, traffic bounces around the network and jumps out anywhere, perhaps not even in the same ISP. There would be no way to know where traffic comes from (with respect to IP addresses, anyway), s

• #### question about summary (Score:3)

on Saturday January 29, 2011 @07:57AM (#35042034) Journal

I notice the summary mentions a VPN being "expensive".

What makes a VPN expensive?

I'm not trying to be a smart-ass, I really don't know the answer.

• #### Re: (Score:2)

It increases server load, with each connection being encrypted. If you look at say DD-WRT on a linksys router, the thru put drops a lot when using VPN with encryption. To combat this, you can use a dedicated VPN point, say one made by Cisco, but they aren't cheap and IIRC there's a license limit to the # of VPN connections you can provide. (I may be wrong on the license part though). I know Penn State uses it for people who want to connect from home and for access over certain WiFi networks on campus. That

• #### Re:question about summary (Score:5, Informative)

on Saturday January 29, 2011 @08:53AM (#35042230)

It's no problem for you at home, as your small router surely can cope with a few megabits of data. However on the ISP side you will suddenly have multiple gigabits of encrypted data you need to decrypt. You need fast and therefore expensive computers for that.

• #### NA(P)T is no solution (Score:2)

Once NA(P)T is in place, ISPs will surely be forced to log it. Even if they aren't forced to do so, the data visible to them via NA(P)T is just far to valuable for them to be left unused.
Essentially when they implement NA(P)T they will have to keep track of all your current TCP connections. It's only a small step to log those and will give you far more detailed information than just the IP-Address the user used to have at any given time.

Furthermore NA(P)T breaks most services like VoIP, FTP or E-Mail. Witho

• #### Re: (Score:2)

Furthermore NA(P)T breaks most services like VoIP, FTP or E-Mail. Without the possibility for incoming connections those services wouldn't work properly.

Um, the NAT problem for FTP got solved a while ago with passive transfers and SPI firewalls. Even less of an issue for email. And also not a problem for certain types of VoIP. The clearer answer is that NA(P)T messes up stuff that requires an inbound connection. Stuff such as SIP-based VoIP the way it was meant to be (where the SIP endpoints talk to each other directly, not with some phone switch-like thing between them). Trying to run one's own email gateway. Trying to put up a VPN gateway into your

• #### Re: (Score:2)

Well I'm sorry, but passive transfers just kills all the advantages of FTP like load balancing. In real FTP you can have the files on different servers than the indexes making it able to scale into areas HTTP has problems with. Essentially you can have a control server which only has the meta information of the files. When you want to get a file, it can be provided by a different server. That way the control server can choose a server closest to you or you can have large quantities of data split across mult

• #### one huge NAT (Score:2)

a NAT per ISP instead of per user.... well, I suppose something has to be done about the imminent shortage of IPv4 addresses :)

• #### Spam haven (Score:2)

Sending all your users through a single point of transmission, and thereby making all your users look as though they have the same IP address, makes your ISP a haven for spammers.

If you have enough legitimate users behind your single IP, forum/blog/game/whatever admins will be reluctant to block that IP, since they'd be blocking a lot of real potential users as well. Reporting spammers to you becomes more difficult as well, since all their reports will list that single IP, and neither they nor you will hav

• #### IPv6 (Score:3)

on Saturday January 29, 2011 @09:59AM (#35042468)
Or they could implement IPv6 using anonymous address interface identifiers [microsoft.com] as described in RFC 3041 [ietf.org] to provide an increased level of anonymity.

In addition to that, IPSec encryption is a standard part of the protocol, so just by implementing it you get instant security. Older OSs could use a 4to6 interface that wouldn't break older apps that have not yet been updated to support the protocol.

IPv6 is much closer to be a reality now than ever before. It's about time that some ISPs start taking the lead on this instead of going the VPN or NAT route. It will happen any way and they could get some good PR out of it while addressing the issue they are trying to solve.
• #### Re: (Score:2)

The privacy extensions wouldn't provide any more privacy than you typically now get with IPv4. In IPv4, you typically get a /32 which identifies you - in IPv6, you'll get a /64, /56 or whatever. The privacy extensions only affect the last 64 bits - you can still be identified by the prefix that you were given by your ISP.

• #### Re: (Score:1)

Your modem perhaps, but won't each person behind the modem have a random set of trailing bits? Including that guy who's using your open wireless network to do 'bad' things?
• #### No! (Score:3)

on Saturday January 29, 2011 @11:31AM (#35042936) Homepage

Doing this will break so many things... On top of making people unable to be hosts (FTP, SSH, etc.) or to participate in certain P2P activities, it would also make it just about impossible to block offending users from websites. What exactly can you do about an idiot DoS'ing your site when his IP is shared by thousands?

#### Related LinksTop of the: day, week, month.

Pound for pound, the amoeba is the most vicious animal on earth.

Working...