Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Standing Up Against German Laws - Project HayNeedle
From: Paul Sebastian Ziegler <psz () observed de>
Date: Sun, 11 Nov 2007 03:38:50 +0900

How would this help with stored phone calls? How would this 
help with the general problem?

You are right to notice: It doesn't help with the calls at all.

While I think it is nice that you think about doing 
something against this I don't really like your idea since 
you totally miss that traffic does not only mean HTTP so I 
don't really see any point of not just using gpg,tor, etc.

The law passed does not talk about saving the actual traffic but only
the connections made. This is the key difference. If we look at
connections only, it doesn't matter if we create HTTP traffic or [insert
random protocol here] traffic. HTTP is simply the easiest to generate.

Using Tor is of course the perfect solution, as long as it doesn't put
you under a general observation. GPG is not really involved in this law,
since only the connections are saved while the content is not.

You write "This way it is very hard to tell which 
connections are actually made by the user thus generating 
plausible deniability." on your website and I also don't 
think this is valid because noone cares if it was you or an 
application creating this traffic

Well no, actually there have been many recorded cases where people did
care. Say you want to profile someone and cant tell what was
automatically created. Also this is how most TOR-exit nodes get away
free when illegal traffic is tracked back to them. So the theory has in
fact got some backing.

it also does not 
prevent people to store your traffic and I would aspect them  
to have pretty good methods to devide important and 
unimportant traffic ;)

They definitely have. But as I said, this is not what HayNeedle is
about. There are many crazy laws the German government is currently
working on and I am not here to target all of them. In this case all I
target is the storage of the connection data - which is specified within
the new law. If they want to eavesdrop on me or anyone, well yes,
HayNeedle wouldn't help at all. But that was never the intention.

Many Greetings

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]