[LINK] https/metadata

Kim Holburn kim at holburn.net
Wed Dec 7 08:34:20 AEDT 2016 

The trouble is that what they mean by metadata is not defined.  If you mean metadata as regards IP traffic then what you said might be true, except that technically data is part of the metadata, it's one of the categories.  

But in some places they are talking about headers of emails.  This is definitely not part of the IP metadata, it's part of the data.  DNS requests are small enough and meta enough to be requested, they being metadata about other connections.  It's not clear.  It's certainly possible that the police for instance might request DNS request data and almost none of it is encrypted.

Has anyone seen what the "regulations" have required of ISPs?

Kim

> On 2016/Dec/06, at 6:00 PM, Jim Birch <planetjim at gmail.com> wrote:
> 
> The actual DNS query and response content would not be visible at the
> metadata level level, it's inside the message.  The metadata says you
> contacted a dns server but not what you looked up.  The term "metadata"
> itself is a bit ambiguous, at any layer the stuff outside the layer wrapper
> is metadata and the stuff inside is content.
> 
> As I see it, given that everything not just nefarious stuff gets encrypted,
> the best method for our protector overlords to find the bad guys would be
> analysing patterns in connection data.  You could develop some known
> bad-guy signatures and use the activity of identified targets to train the
> system.  Plus throw in any other profiling data you could scrounge.  I
> imagine this would work pretty well, given a humungous amount of storage
> and processing power.
> 
> Jim
> 
> On 6 December 2016 at 16:17, Bernard Robertson-Dunn <brd at iimetro.com.au>
> wrote:
> 
>> Thanks for the info so far. I'd forgotten the mobile device use case,
>> thanks Roger.
>> 
>> Unpacking the question a bit & differentiating between privacy and
>> security.
>> 
>> If I go to www.nastysite.com and use https my interactions would be
>> secure but not necessarily private - the metadata (along with the DNS
>> query) would show that I'd visited www.nastysite.com. The authorities
>> would need to ask the website owner what I'd been doing.
>> 
>> If I went to google.com.au, it redirects to https. The authorities would
>> need to ask google what I'd been searching for. Google is quite good at
>> tracking specific computers through technology footprints and working
>> with the authorities and correlating query times they could quite easily
>> find out what queries had come from a specific machine, even if the user
>> hadn't logged on to google.
>> 
>> A VPN would help in this case because the authorities would not know
>> what sites I'd visited, at least not from looking at the user computer
>> to VPN node channel.
>> 
>> This is all very similar to the data de/re-identification problem in
>> that they are both more difficult than would appear, especially from
>> simplistic explanations.. I'm trying to work my way through
>> understanding both a bit better.
>> 
>> Thanks for the help.
>> 
>> --
>> 
>> Regards
>> brd
>> 
>> Bernard Robertson-Dunn
>> Sydney Australia
>> email: brd at iimetro.com.au
>> web:   www.drbrd.com
>> web:   www.problemsfirst.com
>> Blog:  www.problemsfirst.com/blog
>> 
>> _______________________________________________
>> Link mailing list
>> Link at mailman.anu.edu.au
>> http://mailman.anu.edu.au/mailman/listinfo/link
>> 
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list