Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: SSL question

  1. #1

    Question Mark

    I currently have numerous usenet providers I use (monthly and block account options). Each offer SSL and I have been using it almost 100% of the time with my Newsleecher software. Is this REALLY that good of protection from my ISP snooping in on me & see what I download? Or can the ISP still really get what they want if needed? Just curious.

  2. Newsgroups   -   #2
    Hellish Blasphemer
    Join Date
    Sep 2005
    Posts
    35
    Paranoid? Why would they want to know exactly what YOU donwload?
    I understand your reaction only if you download child porn.

  3. Newsgroups   -   #3
    No, not porn, but rather other content. videos, music, etc.

  4. Newsgroups   -   #4
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    19,213
    Well technically, SSL support provides connection to you and your newsprovider, your ISP knows data is going out, but they don't know, I mean if they really wanted to know they could use some kind of software to "break" the connection or "tunnel" but unlikely.

    yeah, so it's always a good idea to use SSL, if you live in the US or UK it's probably a really really good idea, but if your in countries that have non strict laws, it's probably not a big deal.

    http://en.wikipedia.org/wiki/Transport_Layer_Security

    I read an article, I seriously think that their are people watching, not that much, but there is some risk..
    There is a lot going on in the usenet industry these days. A lot of providers worked hard to increase their retention and are closing up on Giganews 365 Days. But Giganews wasn't sleeping at all, they were just working on other things - SSL access to their servers! Since other providers are joining the trend of usenet ssl access, we think it's time to clear up some questions.

    History And Facts

    It started where there were numerous requests by users to get this service.Giganews was certainly willing to encrypt the login sequence to protect their user from password sniffing - But such a limited feature is simply not in the NNTP standard. The only thing possible is encrypting all the traffic which creates a lot of additional CPU load on the servers - According to the giganews engineers that?s a staggering 200% -300%more load. Some of you might not know that CPU load is already a big issue for usenet providers, as their servers have to do quite a lot of work to retrieve thousands of articles from a database; the size of a few hundred Terebytes, this is often the main reason why ?cheap? providers offer slower speeds. The big providers use hundreds of frontend servers to spread the load which is a large addition to their bandwidth costs and also a reason why some enforce their ?Acceptable Usage Policy?.

    Giganews therefore charges an extra 5$ a month for the SSL service (Astraweb doesn't), which seems fair considering the additional costs. Astraweb and Usenetserver offers it for all users in addition to their massively increased retention - Let?s hope that doesn?t affect their overall quality.

    Does It Protect You From Legal Consequences?
    No. The traffic still gets decrypted at giganews end and they are still forced to keep their logs, just with a regular account. Authorities were able to get the necessary information from the NSPs in the past and they will be able to do the same even if you posted your files with SSL encryption. But you have to be aware that there are different levels of illegal activities:

    Copyright infringement by downloading
    If you are downloading content that is protected by copyright law, this is illegal. However in most countries this is not enough to start an investigation and get the necessary court order to get your NSPs logs!

    Posting copyright protected content
    This is usually a bigger violation of the law and can get you in troubles depending on the country you live in - Whether the traffic was encrypted or not.

    Real crimes
    there are other illegal things you could do, such as posting child pornography.This is a real crime, and you can be sure to go to jail for such things. NSPs are also much more willing to cooperate in such matters, and you better start training not to drop your soap instead of trying to hide behind SSL- It won't protect you.


    Where You Should Worry About Privacy?

    It gets complicated when it comes to the laws about privacy in your country.If your ISP is bound not to look at your traffic anyway, why encrypt it.However there are countries were such laws either don?t exist, or the providers simply don?t care - Like the USA. We know of one case were a large cable internet provider threatened one of their subscribers with a letter containing a list of what he downloaded from a usenet provider - And you certainly don?t what them to know that when you already have problems with them using the unlimited amount of traffic as stated in your contract.

    Even if you are lucky to have laws that prevents your provider from inspecting your packets, there are still locations where privacy should be a concern to you:

    Access Usenet On Wireless Networks?

    Most of them aren?t secure and packet sniffing is a piece of cake. If you don?t want your neighbours to see what groups you are accessing, you might want to encrypt your traffic.

    Accessing Usenet on large networks, especially at work?

    Every piece of network equipment that connects you to your NSP can be used for packet sniffing. There are a lot of companies that scan the internet traffic to spot employees that spend their time doing things that clearly has nothing to do with their job - Such as alt.binaries.erotica. Since there is a lot more at stake than just a NSP contract, you really should encrypt your private data - But be aware that a lot of traffic might also indicate a possible reason to fire you

    Pleasant Side-Effect Of SSL?

    While in many cases SSL doesn't really improve your privacy that much, there is an interesting side-effect when using SSL. It can circumvent your providers traffic shaping! Traffic shaping (limiting your bandwidth depending on theusedservice) was traditionally done based on the port you connect to. Port 119 is the standard for usenet-access, if a provider wants to limit your bandwidth for usenet but still let you browse the web at full speed, they can simply throttle all connections to that port. For some time most providers started to offer access on alternative ports - Even ports which are the standard for other services your provider certainly doesn't want to limit - Such as port 80(Web /HTTP).

    Some providers now use new technology that determines the used service based the contents of the packets. Even if you send your packages through the port normally used for web browsing, the commands inside this package are clearly used for NNTP. When you are using SSL, all this information gets encrypted and there is no way for your provider to know what these packages are for, and a lot of users have already reported increased speeds! But be aware that you still have to worry about port based traffic shaping if you are using port 563 (the standard for NNTPS, encrypted usenet). Giganews has therefore recently added support on port 443, the standard for HTTPs - A protocol no provider wants to limit.

    This effectively defeats all known traffic shaping systems - But be aware that the more users do this, the more this will once again become a concern to those providers, and they still have some weapons left - Like limiting all traffic originating from the NSPs networks.

    Conclusion
    If you are a victim of such traffic shaping or have reason to ensure your privacy, you should definitively get the SSL service! If you are not, and you are in full control over your own network and you know your provider is not allowed to inspect your packets anyway, you should probably save the money and spare the additional CPU load for your NSP.
    Last edited by SonsOfLiberty; 03-25-2009 at 05:37 PM.
    [center]

  5. Newsgroups   -   #5
    Yeah I can vouch for the bonus of getting around traffic shaping by my ISP. My news traffic was down below 1M during the evening. After enabling SSL it jumped back to my max speed of 15M. Suck it Time Warner!

  6. Newsgroups   -   #6
    darkstate01's Avatar Poster
    Join Date
    Oct 2007
    Location
    manc
    Posts
    438
    SSL involves have keys exchanged between 2 connections,So as far as your ISP know what you are downloading theres no way, especially with the high level of bit encryption your news provider is supplying and by the time they did crack the key you would have exchanged multiple keys by then.
    The real deal is your ISP wants your money and the only way they are gonna stick a packet sniffer on your line is if the powers that be say you are up to no good and they have proof.
    Don't get me wrong though,it is possible to crack tls/ssl but its a very hard task.
    PAIN is just WEAKNESS leaving the body

  7. Newsgroups   -   #7
    I have read that using SSL slows both the rise and fall between 2 and 30 per cent.

    I think that is true because when I upload something via SSL will see that most slow.

    Do you think it is worth to use SSL or do not care?

  8. Newsgroups   -   #8
    newsgroupie
    Join Date
    Mar 2007
    Posts
    1,037
    I use SSL whenever I'm on a public wifi network ("hotspot") because otherwise, my login details would be visible and could be easily harvested by a sniffer program.

    Since there is overhead involved when using encryption, then yes, your downloads and uploads will (in theory at least) be somewhat slower (although the bandwidth remains the same) but I can't say how much slower. (Maybe someone would like to run a benchmark test of SSL vs. non-SSL?)

    However, encryption also allows for zlib compression, and this can reduce header bandwidth by 90% over uncompressed headers on clients that support compression. If you download headers, then this is definitely the way to go.

    It's a common misperception that SSL improves anonymity, but it does not. Your IP address is still visible and the news provider can -- if they were to choose to do so -- see everything you download.

  9. Newsgroups   -   #9
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Location
    Capital Wasteland
    Posts
    19,213
    Quote Originally Posted by MrBackup View Post
    I have read that using SSL slows both the rise and fall between 2 and 30 per cent.

    I think that is true because when I upload something via SSL will see that most slow.

    Do you think it is worth to use SSL or do not care?

    I get same speeds regardless, SSL and normal connections stay the same for upload/download.
    [center]

  10. Newsgroups   -   #10
    Member BT Rep: +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30
    Join Date
    Mar 2007
    Posts
    1,529
    I use SSL just in case my ISP does traffic shapping on NNTP port 119. As for security reasons well in Canada things are a little more relaxed so I don't worry too much about that.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •