My provider doesn't support SSL encryption. I have PTD as a provider. I'm using NZB's with GrabIt. How safe/secure is it to download without using SSL encryption in terms that no one can find out? If I understand correctly people are telling me to use more Usenet over torrents since I'm paranoid that someone is going to bust me? I'm guessing they are referring to using Usenet with SSL? If so, what alternatives are there since my provider doesn't support SSL?

The question probably is, does anyone care what you're doing? If they care, without SSL they can see what you're downloading. If they don't care then it's just data flowing to your PC. I'd have no problem downloading without SSL because I don't think my ISP or the government cares what I do. If they REALLY wonder what you're doing, SSL won't protect you anyway. To me, SSL is good against casual snooping, my ISP for instance. Worthless against a powerful entity that is already interested in what I'm doing on the net.

It's altogether safer than Torrents because what you download is between you and your servers. When you're in a torrent swarm, other people in the swarm can ID your IP Address.

Thank you!

I'd have no problem downloading without SSL because I don't think my ISP or the government cares what I do.

This. I don't use SSL either.

I'd have no problem downloading without SSL because I don't think my ISP or the government cares what I do.

This. I don't use SSL either.

Say that coming July. Every ISP in the USA just about will start monitoring what you download. Think Usenet is free from that type of attention? You are sadly mistaken. Better to use SSL than not and it it has no impact on your connection.

Say that coming July. Every ISP in the USA just about will start monitoring what you download. Think Usenet is free from that type of attention? You are sadly mistaken.

Thankfully I don't live in the States...


Better to use SSL than not and it it has no impact on your connection.

Decryption demands extra processing power. It's not terribly high, but it's there.

I'm not saying SSL is useless for everyone, as for example NTTP login data is transmitted in plain text. But I personally can do fine without it.

I'm not saying SSL is useless for everyone, as for example NTTP login data is transmitted in plain text. But I personally can do fine without it.

This


Say that coming July. Every ISP in the USA just about will start monitoring what you download. Think Usenet is free from that type of attention? You are sadly mistaken. Better to use SSL than not and it it has no impact on your connection.

I'm skeptical. I think the ISP's are just playing lip service to the 'AA's to shut them up. I have no expectation that they'll pro-actively unYenc, and unrar files on the fly to see what I'm downloading. If they really want to, SSL isn't going to stop them. VPN out of the country or out of your ISP at least would be a better solution. Imagine the kind of horsepower they'd need to monitor terabytes of traffic every day. You'd have to have NSA levels of processing power to keep up AND not slow down the network.

From a practical standpoint, I don't see how the ISP's can do it.

Usenet SSL encryption currently serves two main purposes: protecting logins from packet-sniffers when using public wi-fi, and defeating some ISP bandwidth-throttling mechanisms. For the other 90% of users, it's really not needed ... yet.

But lawmakers around the world are constantly being lobbied about the need for draconian new laws that will require ISPs to monitor their users' internet traffic in order to fight child porn. The apparent rationale perhaps being that if ISPs can catch all the kiddyporn downloaders and send them to prison, it will dry up the demand and therefore the supply, and hence save a lot of children from horrible abuse. Hey, we're all for saving children, right?

But if history is any guide, once these "limited scope, we promise!" laws pass and the file-ID systems are in operation, they will constantly be expanded on - very gradually and quietly - and will in time be used to monitor a lot more than just child porn. How odd it is that Hollywood appears to be a major engine driving this moral crusade!


House Bill 3280, the Internet Service Provider Anti-Child Pornography Law, while certainly well-intentioned, would create a laundry list of problems for civil liberties and the technical function of the Internet. In short, the bill would require ISPs to intercept, reassemble, and compute a hash value for every file Illinois residents transmit or receive over the Internet, compare this hash value to a registry of known child pornography, and block any file that has a matching hash.


https://www.cdt.org/category/blogtags/internet-service-provider-anti-child-pornography-law?issue=79

I did not know that. I thought they wouldn't find out on Usenet? I guess I'm wrong? Will using SSL help coming in July? I am pretty sure my ISP doesn't support SSL. Will someone confirm that for me? I have PTD, and the website is ptd.net






This. I don't use SSL either.

Say that coming July. Every ISP in the USA just about will start monitoring what you download. Think Usenet is free from that type of attention? You are sadly mistaken. Better to use SSL than not and it it has no impact on your connection.

I did not know that. I thought they wouldn't find out on Usenet?

http://news.cnet.com/8301-31001_3-57397452-261/riaa-chief-isps-to-start-policing-copyright-by-july-1/?tag=mncol;topStories

http://www.foxnews.com/scitech/2012/03/17/us-isps-become-copyright-cops-starting-july-12/

http://www.rawstory.com/rs/2012/03/15/american-isps-to-launch-massive-copyright-spying-scheme-on-july-12/

Even if it was true. You get 6 warnings before you get cut off. I think you can turn SSL on in between the first and second warning. Or use a VPN located outside the country and not bother with SSL still. They're implying the ISPs will act like copyright cops but, what I read is they agreed to automate the process of warning offenders so, the 'AA's can trigger the warnings more easily.


The ISPs can waive the mitigation measure if they choose and not one of the service providers has agreed to permanently terminate service.

From the Cnet article.

Would a free VPN do the job? Or does the VPN have to be paid? I read it's July 12th. I am located in the USA. Which VPN would be best, so nothing would happen?

This. I don't use SSL either.

Say that coming July. Every ISP in the USA just about will start monitoring what you download. Think Usenet is free from that type of attention? You are sadly mistaken. Better to use SSL than not and it it has no impact on your connection.


Ugh, not this again. Theres no new monitoring program. There is just a unified way of dealing with DMCA complaints across major ISPs. Most ISPs had 3 strikes rule on DMCAs. Now they're moving to 6 DMCAs. Nothing is really changing.

My biggest complaint is that, as before, there are absolutely no standards that copyright holders need to follow to ensure that these accusations are accurate. They can't file provably fraudulent claims, but that's it. They are allowed to harvest data of any kind, any way they want, and send DMCA requests, even completely automated ones with no human oversight, based on any criteria they dream up.

Fortunately for us, Google publishes most of the takedowns it gets, and within those often-humongous lists have been many innocent sites, as noted by TorrentFreak and Techdirt, upon discovering their own news articles were taken down.

Its about your privacy really, the chance of catching some sort of "heat" over grabbing usenet "articles" without SSL is extremely slim to none...however with SSL enabled only you and your provider know what you've been up to, anyone in the middle can only see that you are transferring data between yourself and your provider. Not what the data is. For all they know you were just downloading an entire collecting of open source linux releases! :P

Not that hard to do a man-in-the-middle attack on SSL. I can't think of any client that asks users to check the ssl cert anyways.

http://www.securityfocus.com/brief/910

Not that hard to do a man-in-the-middle attack on SSL. I can't think of any client that asks users to check the ssl cert anyways.

http://www.securityfocus.com/brief/910

It would illegal in the western world and a very bad business decision on the ISP's part to do MITM attacks on their customers. MITM attacking cybercriminals won't be interested in what you download.

Your ISP could try to brute force the shared SSL key, but it's completely impractical with the strong encryption methods these days.

In countries like Saudi Arabia, Iran, Pakistan and China they can snoop SSL traffic because their country-level root CAs are in every computer (Windows folks can run certmgr.msc to check their CAs). Since the root level CA is universally trusted, it can issue bogus bogus intermediate certificates, forging the legitimate certs to one's browser/client. I do believe we might see something like this in western countries too if the US's fight against privacy and basic human rights terrorism continues, but that's just me speculating.

Not that hard to do a man-in-the-middle attack on SSL. I can't think of any client that asks users to check the ssl cert anyways.

http://www.securityfocus.com/brief/910

This kind of attack is one reason why people would be wise to disable their web browser's re-direct setting. (of course that also means that all the links on Filesharingtalk's forum will be disabled also -- FST renames all posted URLs with [hidden] redirect links, which will then dead-end-- but sadly that's the cost of safety ;)

In case anyone here has ever wondered, that is one reason why I always try to remember to use the "code /code " function whenever posting URL addresses here ... for the benefit of security geeks reading this site.



Your ISP could try to brute force the shared SSL key, but it's completely impractical with the strong encryption methods these days.

In countries like Saudi Arabia, Iran, Pakistan and China they can snoop SSL traffic because their country-level root CAs are in every computer (Windows folks can run certmgr.msc to check their CAs). Since the root level CA is universally trusted, it can issue bogus bogus intermediate certificates, forging the legitimate certs to one's browser/client. I do believe we might see something like this in western countries too if the US's fight against privacy and basic human rights terrorism continues, but that's just me speculating.

Considering that the issuers of SSL certificates are mainly US companies like Verisign, what's to prevent the US government from simply seizing the SSL keys the same way they seized all those dozens of .com .org and .net web domains -- no questions asked-- practically just by snapping their fingers? (and unlike domain seizures, SSL seizures could be implemented without anyone ever noticing, allowing the ISP to easily sniff even the "most secure" encrypted traffic and see everything a person does online.)

To me, it's not a question of IF it will happen, but WHEN.

Or the government could just blackmail USPs with case Megaupload or with some bs cp accusations to log and share everything their customers download. Those just downloading are still relatively safe as mpaa/riaa can't claim 100 billion dollars in damages because there is no evidence of distributing (uploading) copyrighted material.

Or the government could just blackmail USPs with case Megaupload or with some bs cp accusations to log and share everything their customers download. Those just downloading are still relatively safe as mpaa/riaa can't claim 100 billion dollars in damages because there is no evidence of distributing (uploading) copyrighted material.
But for how long are usenet downloaders still relatively safe?

Japan passed a new law in 2010 making the downloading of copyrighted material a crime. (And uploading/sharing copyrighted material has for years been a serious criminal offense in Japan -- as well as writing P2P software that encourages such behavior, as the Winny developer learned from his jail cell) If a similar law were to pass in the USA and Netherlands, it would not be surprising to see all the major usenet servers in the world being monitored, their download traffic logged by the police.

We've not seen anything like this happen so far in the western world, and the idea of police intercepting and logging usenet traffic is still a long way off, but let's not forget that in Japan, the police have gone to great lengths to crack open all the supposedly "anonymous" (encrypted + proxied) P2P networks such as Winny, Share, and Perfect Dark -- reportedly setting up large blankets of police-run nodes across those networks from which to launch MIM attacks and unmask users.

It seems like just about every year or two since the internet has been around, a new law gets passed that further restricts the rights of downloaders, and further penalizes everyone that Hollywood doesn't like. The only reason why SOPA failed was because it was a simple case of "too much too fast." The "boiling frog" method has proven to be much more effective at taking away people's rights without causing a riot. For this reason I don't have much hope for the future: every new internet/copyright law that the **AAs bribe through Congress pushes us in the same direction ... if ever so slightly ... toward North Korea. :sick:

Piracy will never die out just as prostitution and drugs won't. As Usenet is a part of the Internet I doubt that anything will happen to it. Taking out Usenet is like taking down Google. Just look at the Pirate Bay, it still survives and thrives, just like Usenet will. If it does, the world will be a vastly different place to the one we live in now and I suspect it will end up looking like Children of Men.

it must be made clear to those corporation thugs that they are not untouchable. We all live under the same sky and from time to time there are "things" falling down on our heads, oh yes.
That corrupted and crooked FBI backing them, bent judges and millions of criminally obtained dollars don't mean squat.They are not invincible.
Freedom wlll prevail as always. Even if it takes hundreds of years