Your Ad Here Your Ad Here
Results 1 to 4 of 4

Thread: Benefits of SSL?

  1. #1
    I'm trying to decide whether I should use the ssl connection my provider offers, or if I should still use a normal connection.

    Will I lose speed if I use an ssl connection? If there is no performance issues I see no reason why I shouldn't switch.

  2. Newsgroups   -   #2
    SonsOfLiberty's Avatar The Lonely Wanderer
    Join Date
    Dec 2008
    Capital Wasteland
    Well technically, SSL support provides connection to you and your newsprovider, your ISP knows data is going out, but they don't know, I mean if they really wanted to know they could use some kind of software to "break" the connection or "tunnel" but unlikely.

    yeah, so it's always a good idea to use SSL, if you live in the US or UK it's probably a really really good idea, but if your in countries that have non strict laws, it's probably not a big deal.

    I read an article, I seriously think that their are people watching, not that much, but there is some risk..
    There is a lot going on in the usenet industry these days. A lot of providers worked hard to increase their retention and are closing up on Giganews 365 Days. But Giganews wasn't sleeping at all, they were just working on other things - SSL access to their servers! Since other providers are joining the trend of usenet ssl access, we think it's time to clear up some questions.

    History And Facts

    It started where there were numerous requests by users to get this service.Giganews was certainly willing to encrypt the login sequence to protect their user from password sniffing - But such a limited feature is simply not in the NNTP standard. The only thing possible is encrypting all the traffic which creates a lot of additional CPU load on the servers - According to the giganews engineers that?s a staggering 200% -300%more load. Some of you might not know that CPU load is already a big issue for usenet providers, as their servers have to do quite a lot of work to retrieve thousands of articles from a database; the size of a few hundred Terebytes, this is often the main reason why ?cheap? providers offer slower speeds. The big providers use hundreds of frontend servers to spread the load which is a large addition to their bandwidth costs and also a reason why some enforce their ?Acceptable Usage Policy?.

    Giganews therefore charges an extra 5$ a month for the SSL service (Astraweb doesn't), which seems fair considering the additional costs. Astraweb and Usenetserver offers it for all users in addition to their massively increased retention - Let?s hope that doesn?t affect their overall quality.

    Does It Protect You From Legal Consequences?
    No. The traffic still gets decrypted at giganews end and they are still forced to keep their logs, just with a regular account. Authorities were able to get the necessary information from the NSPs in the past and they will be able to do the same even if you posted your files with SSL encryption. But you have to be aware that there are different levels of illegal activities:

    Copyright infringement by downloading
    If you are downloading content that is protected by copyright law, this is illegal. However in most countries this is not enough to start an investigation and get the necessary court order to get your NSPs logs!

    Posting copyright protected content
    This is usually a bigger violation of the law and can get you in troubles depending on the country you live in - Whether the traffic was encrypted or not.

    Real crimes
    there are other illegal things you could do, such as posting child pornography.This is a real crime, and you can be sure to go to jail for such things. NSPs are also much more willing to cooperate in such matters, and you better start training not to drop your soap instead of trying to hide behind SSL- It won't protect you.

    Where You Should Worry About Privacy?

    It gets complicated when it comes to the laws about privacy in your country.If your ISP is bound not to look at your traffic anyway, why encrypt it.However there are countries were such laws either don?t exist, or the providers simply don?t care - Like the USA. We know of one case were a large cable internet provider threatened one of their subscribers with a letter containing a list of what he downloaded from a usenet provider - And you certainly don?t what them to know that when you already have problems with them using the unlimited amount of traffic as stated in your contract.

    Even if you are lucky to have laws that prevents your provider from inspecting your packets, there are still locations where privacy should be a concern to you:

    Access Usenet On Wireless Networks?

    Most of them aren?t secure and packet sniffing is a piece of cake. If you don?t want your neighbours to see what groups you are accessing, you might want to encrypt your traffic.

    Accessing Usenet on large networks, especially at work?

    Every piece of network equipment that connects you to your NSP can be used for packet sniffing. There are a lot of companies that scan the internet traffic to spot employees that spend their time doing things that clearly has nothing to do with their job - Such as alt.binaries.erotica. Since there is a lot more at stake than just a NSP contract, you really should encrypt your private data - But be aware that a lot of traffic might also indicate a possible reason to fire you

    Pleasant Side-Effect Of SSL?

    While in many cases SSL doesn't really improve your privacy that much, there is an interesting side-effect when using SSL. It can circumvent your providers traffic shaping! Traffic shaping (limiting your bandwidth depending on theusedservice) was traditionally done based on the port you connect to. Port 119 is the standard for usenet-access, if a provider wants to limit your bandwidth for usenet but still let you browse the web at full speed, they can simply throttle all connections to that port. For some time most providers started to offer access on alternative ports - Even ports which are the standard for other services your provider certainly doesn't want to limit - Such as port 80(Web /HTTP).

    Some providers now use new technology that determines the used service based the contents of the packets. Even if you send your packages through the port normally used for web browsing, the commands inside this package are clearly used for NNTP. When you are using SSL, all this information gets encrypted and there is no way for your provider to know what these packages are for, and a lot of users have already reported increased speeds! But be aware that you still have to worry about port based traffic shaping if you are using port 563 (the standard for NNTPS, encrypted usenet). Giganews has therefore recently added support on port 443, the standard for HTTPs - A protocol no provider wants to limit.

    This effectively defeats all known traffic shaping systems - But be aware that the more users do this, the more this will once again become a concern to those providers, and they still have some weapons left - Like limiting all traffic originating from the NSPs networks.

    If you are a victim of such traffic shaping or have reason to ensure your privacy, you should definitively get the SSL service! If you are not, and you are in full control over your own network and you know your provider is not allowed to inspect your packets anyway, you should probably save the money and spare the additional CPU load for your NSP.

  3. Newsgroups   -   #3
    Thanks, would it have a significant effect on my download speed? Or would it be minimal.

    *EDIT* ignore that, I read the thread you linked.
    I couldn't search for a three letter word on the forums, so I posted. Sorry.
    Last edited by Rafinator; 04-14-2009 at 10:28 PM.

  4. Newsgroups   -   #4
    Join Date
    Mar 2007
    Do you download headers?

    Another benefit of using SSL is that it allows for zlib compresssion (when both the newsserver and the client support that function) and this means that under SSL w/zlib, headers can be downloaded in a small fraction of the time as uncompressed headers.

    Although sources speculate that it's likely that to conserve resources, news providers may in the near future discontinue support for "classic" zlib (Stunnel) compression of the SSL stream, in favor of newer methods (such as XZVER and XZHRD NNTP extensions) that only compress the headers but not the bodies.

    There's at least four different standards for compressed headers currently in use by the various news providers -- some work on top of SSL and some don't. Just one more thing to think about.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts