In contrast, Weycrest had weekly periods of downtime and ignored support requests.

I can’t recommend kNET enough. Usually it’s a case of “cheap, fast, reliable – pick any two” but thus far they are managing to deliver on all three.

First, there is the down-time. For months my site would randomly go offline for a few hours and then come back. Messages to tech support via the ticketing system or direct email were always ignored. Things got really bad when I tried to set up automatic backups in WordPress, which would take the site down at the time of the backup for about an hour. Even with backups disabled, a few hours of downtime a week was not uncommon, and it was often during peek times.

Even when the site was up, speeds were pretty poor, especially PHP stuff like the blog.

I have already mentioned that the support staff just tend to ignore you. Eventually I did get a reply, when a misconfiguration caused my mailbox to grow to over 900MB. I don’t actually use the Weycrest mailbox, I just have a re-direct, but it turns out that if you don’t specifically disable the inbox then copies of all re-directed messages end up in it. Eventually they finally responded to an email about this and I was able to fix it. Their response was by no means quick though.

On the subject of configuration, the Plesk control panel they picked is crap. It’s slow, it takes ages to navigate and the layout is far from helpful or logical.

The final straw came when my email was down for a day, as near as I can tell. I send repeated messages to Weycrest, but got no response, so decided to move to kNET Hosting. More on them in a moment. While I was moving all my stuff over, Weycrest finally responded. The email was a bit surprising:

Paul

We will no longer provide support for email forwarding. If it works, fine, it doesn’t well its hard luck I’m afraid.

From now its  case of “your mileage will vary” and “use at your own risk” as we cannot guarantee mail delivery to every provider in the world.

This madness has gone on long enough, and its getting kind of ridiculous what we are expected support for £14.99 per year and provide the web hosting as well! We spend more time resolving mail issues than anything else.

It also highly likely that by the time your account comes up for renewal, email will require an additional support package costing at least £15.00 per annum.

Sorry, but as it stands, its just not commercially viable.

Easiest solution for the time being is for you to switch all your email hosting over to Gmail (ie Google apps for your domain) rather than forwarding to it and use your domain with Google. This can be done by adjusting the the DNS settings in Plesk.

Failing that we are happy to cancel on a pro-rata basis, however you have only another month or so left to run.

Best Regards
Paul Lee
Weycrest.Com Limited

So, they basically gave up. What worries me is that the usual way this works is you provide an expensive but reliable service for businesses. You then sell off some excess capacity as cheaper hosting plans, with limits to prevent them ever interfering with your business customer’s service. The cheaper accounts benefit from using the same high reliability services are the business guys, and you get the benefit of extra income and maybe even some early warning of any potential problems (since you have a more diverse set of users, more people looking at things etc). We do something similar with tech support systems where I work, and it’s a good system.

Needless to say I have cancelled my account and am waiting for a refund.

Now, on to kNET. I paid by PayPal (should have used card, PayPal fees are ridiculous, sorry guys, next time) and a human being verified and set up my account within half an hour. I moved everything over, changed the DNS settings and waiting. Small panic when the MX records changed but I was still not getting test emails. kNET responded within 5 minutes, at around 21:30 in the evening. That’s what I call tech support.

The move has gone smoothly. kNET use cPanel, which is a lot better than Plesk. Their server seems fast and reliable. It’s early days, but fingers crossed I have found a good hosting company.

This might suggest that the logging is done by DNS servers. If that is the case, the simply changing to use alternative DNS server (e.g. OpenDNS) would avoid this monitoring. Of course, OpenDNS is itself an unknown quantity. I am looking for better alternatives.

It seems likely that this is how the monitoring works. The Cleanfeed censorship system works by matching IP addresses at edge routers and sending hits to a proxy server for testing of specific URLs. The overhead of trying to log actual HTTP accesses and then do a reverse DNS lookup would appear to be too high to make it realistic.

A quick overview of what we are up against. In the UK the following is recorded:

• Every IP address assigned to an internet connection
• Every web site visited
• Every email address sent from and sent to and time of sending
• Every instant messenger screen name
• Time and destination of every instant message
• IP address at the time of every website/email/IM access
• Every phone number dialled from and to, time of call and duration
• Location to within a few feet of any mobile phones at time of call
• All mobile cell information related to a mobile phone (e.g. times and locations, so they know where your phone is whenever it’s turned on)
• Postal data, basically what is written on the outside of any letter/package
• Vehicle location, recorded by CCTV cameras with automatic numberplate recognition

Other information is probably kept too. The police also have the capability to record phone conversations (and probably email/IM as well), and turn any phone that is turned on into a listening device (bug). Presumably if they did this with your mobile phone you would notice the battery draining pretty fast though. (Source: http://en.wikipedia.org/wiki/Telecommunications_data_retention

Basically, it’s a modern high-tech surveillance society, and now the police are looking at trying to hack people’s PCs/wifi and trying to install viruses on target computers.

The first line of defence is your home network. It needs to have a secure firewall. Due to the possibility of there being flaws or backdoors in commercial routers, it’s probably best to use a well tested open source router such a m0n0wall or pfSense. If you have wifi, it needs to be secured with WPA2 and a very strong password (i.e. at least 60 characters, and a mix of upper/lowercase letters, numbers and punctuation.)

Physical security of your PC is important. Make sure you can see the back of it, so that if someone installed a hardware keylogger you would spot it.

You need to harden your OS from attack. Obviously using a strong password is a start, but really you need to use TrueCrypt to encrypt your entire HDD. Since you can be forced to reveal your password or face two years in prison, you should use TrueCrypt’s hidden OS feature and set up a dummy OS you can reveal the password for. Since there is no way to prove that there is a hidden OS, you are protected. Be sure to make the dummy OS look realistic – it needs to have files saved on it, applications installed, the web browser used. You should use it at least once a week to keep file access dates current. If possible, it should be used for non-sensitive use regularly.

There is are vulnerabilities in TrueCrypt if the attacker has physical access to your PC. Firewire and PCMCIA ports can be used to dump the computer’s memory and recover the encryption key, as well as read files off the HDD. It is therefore necessary to disable Firewire and PCMCIA ports. I have seen devices that exploit this vulnerability in use. You should also disable the Windows “autorun” feature on all drives to prevent similar attacks via CDs or USB flash memory. The workstation should remain locked when not in use, and require a password to unlock. The system should be powered down as often as possible.

In theory if an attacker has access to the machine while an encrypted OS is loaded, they could recover the key from the computer’s RAM, either by rebooting it into a special Linux OS or by removing the RAM and placing it in another PC. The best defence against this is to prevent the attacker gaining access to the key in RAM by performing an emergency shut-down (i.e. press the power button). TrueCrypt will clear the key on shut-down. Setting the BIOS to do a full memory test and setting a BIOS password do it cannot be disabled will erase the key during the POST cycle. None of this is foolproof.

An alternative method would be to use an OS that leaves no traces on the PC for sensitive things, such as a Linux Live CD. TrueCrypt could be used for data storage, with the above issues in mind.

Securing the OS against police viruses and keyloggers is vitally important. Up to date anti-virus software from a non-UK company (e.g. Avira) is essential. Never open email attachments. Use a secure browser such as Firefox, with Java/Javascript/Flash/etc disabled. Make sure your PC has it’s own firewall as your network may be penetrated, either via WiFi or another virus infected PC.

For accessing the internet, at a minimum you should use a VPN service terminating in a less draconian country. Relakks seems to be a possibility. Using Tor is also a good idea. Any internet related software needs to be carefully checked for security. Using open source software is a good idea. Remember to validate any checksums available on downloads.

At all times remember that all communications and movements of your mobile phone and car are being monitored. CCTV is everywhere, and virtually unavoidable. Plausible deniability is the key. Try to avoid anything that can create a paper trail for police fishing expeditions. If you think you details may have been compromised (e.g. bank details, identity theft) report it immediately – the police usually don’t bother to check but it will be of vital importance in court.

Even if you do all this, all it takes is to be in the wrong place at the wrong time to have your life destroyed:

‘I was falsely branded a paedophile’ (BBC News)
Police witness on perjury charge (Men’s Aid)
Student researching al-Qaida tactics held for six days (Guardian Online)
A hard look at file-sharing evidence (BBC News)
Judge rules out child porn charge (BBC News)
Four suicides in child porn case (BBC News – most of the accused were later cleared)

A TV show (350MB) takes about 3 minutes to download on the current 20 meg service. Say about 8-9 for HD. You would have to be pretty impatient to need 50 meg.

What about if you download a hell of a lot of stuff? Well, 50 meg will have throttling anyway so after 15 minutes you drop down to 7.5 meg, unless you do all your downloading overnight in which case you need to be pulling over 75GB/night for 20 meg to be insufficient. That is, assuming you can’t just wait an extra day.

The upload speed is even worse, limited to a pathetic 1.5mb which means it will be virtually impossible to max out your download speed anyway. On any P2P system, with an upload speed like that it isn’t going to happen.

What about the family who all want to share a connection? This is VM’s favourite example, but it’s not going to work. With only 1.5 meg upload and cheap routers without any traffic shaping, if someone sends a large email your VOIP phone call is going to stutter or drop. Don’t expect to play games while someone uploads their photos to Facebook either. If it’s a family connection they were aiming for, then a 10 meg upload and 20 meg down would have been a lot more realistic.

On top of that, it will apparently cost £52/month. What a joke.

VM effectively reduced the capacity of the connection from 20Mb to around 16Mb, although in practice it’s much lower than even that since if you do get throttled the connection becomes unusably poor so you have to avoid it by reducing speeds even further.

Naturally, they didn’t put the price down, although they are doing a deal for new customers of around £22/month at the moment for XL so I demanded to be put on that. I guess being loyal for years doesn’t deserve any kind of reward.

My reaction to the new limits has been to download more during peek times. I used to configure uTorrent to simply stop all downloading in the evening (peek time), which must have been ideal for VM as that is their real crunch time. Speeds in the evening are often quite poor, with YouTube videos not playing back properly etc.

I now set uTorrent to carry on downloading, but at a reduced speed so as not to get throttled. This is obviously worse for VM, but fuck ‘em. If their answer is to just keep reducing the level of service I’m not going to do anything to help them voluntarily.

If only I lived nearer to the exchange, I’d switch to Be. In fact, I’m tempted to try it just to see what speed I get, because if it’s more than about 10Mb then combined with a 2.5Mb upload it should be a lot better than VM for BitTorrent.

The second page of the article has an amazing quote from Phorm claiming that their service “enhances privacy” by not storing any data. Well, Google don’t store data about me either, because I delete their cookies every time I close my browser and my IP is both dynamic and shared. Unlike Google, I can’t simply opt out of Phorm by blocking their cookies or just not using their service.

1. It wasn’t me, my wifi was hacked
2. It wasn’t me, you got the wrong name to go with that IP address
3. It wasn’t me, my MAC has been cloned
4. It wasn’t me, my PC was infected with a trojan
5. It wasn’t me, I run a Tor node
6. It was a legal download
7. I’ll sign up for a cheap VPN service anyway
8. If you disconnect me I’ll sue you in court for falsely accusing me of a crime and libel
9. Copyright infringement is a civil offence, so you had better sue me as well and have the evidence to prove it
10. People will just move to another ISP. If you try to ban them from all ISPs, people will definitely sue you.
11. These are just pathetic scare tactics

It either won’t happen or it will fail massively. I guess we will have to wait and see which one it’s going to be.

Seems that once again an “outcry” from Muslims has got a website taken down because it was offensive. Once again, free speech looses.

The irony is, Geert Wilders’s film makes the point that Islam is the enemy of freedom. I tend to agree with him on this point – while there are many non-violent and less radical Muslims, a lot of the stuff in the Koran and which forms the basis of the religion is highly objectionable. It’s offensive to me, but I don’t seek to have the Koran banned. Parts of the Bible are no better either, but I defend people’s right to read it.

There is an interesting interview on YouTube where Wilder explains some of his views:

[youtube=http://www.youtube.com/watch?v=j0jUuzdfqfc&hl=en]

Even if you don’t agree with his views on Islam, it’s hard to argue against his right to express them.

No religion should get special treatment in any modern, democratic and secular society.

Many thanks to The Other Steve at the regester message board

http://www.theregister.co.uk/2008/03/10/isps_phorm_comment_target_market/comments/

Hey I said they wer lying to us all the time.

OK PHORM PR GET OUT OF THIS you have been spreading lies over the internet, yet your patent says otherwise.

Posted Monday 10th March 2008 13:36 GMT

http://www.politicalpenguin.org.uk/blog/p,295/

Including information from Etregul’s patent, which at least one of us ought to have thought of, oh well.

Juiciest bits from the patent, because I know you’ll all love this, but go have a look, it’s a truly excellent piece. See if any of this sounds familiar…

“Furthermore, though the present disclosure discusses HTTP traffic in many examples, it will be appreciated that other types of protocols and traffic may be employed in connection with the targeted advertising system and method described herein.”

Woops.

“Context reader 40 is not limited to acquiring keyword or other contextual information pertaining to a given web page. Indeed, the browsing information may be collected so as to also include historical data pertaining to the browsing performed ”

Ouch.

“Based on analysis occurring at the proxy server, the proxy server may modify client-requested data it receives so that a targeted advertisement appears on a web page requested by a client”

Oh dear.

“As explained above, the context reader may be configured to more than just keyword and other contextual data pertaining to a given web page. The context reader may also include behavioral data (e.g, browsing behavior), other historical data collected over time, demographic data associated with the user, IP address, URL data, etc.”

Oh Phorm, have you been telling us some MASSIVE porkies or what ?

The patent (linked at the above blog) is pretty dense, as you would expect, and contains plenty more of this kind of stuff. No doubt Phorm’s hapless spinmeisters will be around to tell us that this isn’t the technology they are going to implement NOW, and who knows, they might even be telling the truth*. But Phorm have lodged a patent application for technology that does indeed do all the things they have just assured us that they definitely won’t do, ever, honest, we promise, cross our hearts.

Phail !

Props to Political Penguin for digging this up, looks like a smoking gun to me. Why patent a technology that you aren’t going to use ?

* Really, they might. After all they did have Simon Davies look at it.