lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 13 Nov 2007 21:39:47 +0100 (CET)
From: Paul Wouters <paul@...net.nl>
To: Florian Echtler <echtler@...tum.de>
Cc: johan beisser <jb@...stic.org>,
	"Matt D. Harris" <mdh@...itox.net>,
	Paul Sebastian Ziegler <psz@...erved.de>, bugtraq@...urityfocus.com
Subject: Re: Standing Up Against German Laws - Project HayNeedle

On Tue, 13 Nov 2007, Florian Echtler wrote:

> As a native German speaker, allow me to clarify: with respect to IP
> communication, the law mandates saving the following information for 6
> months:
>
> - which customer was assigned which IP for what timespan
> - sender mail address, receiver mail address and sender IP for each mail
> - in case of VOIP: caller and callee phone number and IP address

It's all in the ETSI version of the Transport of Intercepted IP Traffic
(http://www.opentap.org/documents/TIIT-v1.0.0.pdf) and the "FuncSpec"
document (http://www.opentap.org/documents/101WAI-GT-FuncspecV1.0.1.doc)

They might have updated it by now. It used to treat email different
from other traffic, but with IM now, I am sure that has changed.

See http://www.opentap.org/documents/ for other documents

> So it wouldn't make much sense to create connection noise on a TCP or
> HTTP basis, as this stuff isn't logged. I think one should rather
> concentrate on generating email noise in this regard.

Instead of creating noise, one should fix the problem of sending out
plaintext email, and encourage people to use email encryption such as
Enigma for Thunderbird. Encrypt IM conversations with OTR, and via
other ways pro-actively protect ones own privacy. That is a real
structural solution. Don't blame others for not using an envelope around
your own communication.

For pointers on how to obtain more privacy via userfriendly software,
see: http://chameleon.spaink.net/PTT.pdf

Paul

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ