Website access logging
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- Website access logging
Website access logging
21-11-2016 12:29 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just a question the PN guys could maybe shed some light on: With the Investigatory Powers Bill no passed, ISPs will have to compile a log of 'Websites visited' by accountholders. Thing is, do you think it is actually even feasible to do that?
Every major website that I know of uses Javascript to pull data from other sites (Facebook, Doubleclick etc) without the visitor's permission or knowledge.These offsite downloads are carried out at the instruction of the originating site's webmaster. Although they are obtained using your browser, you are not in control of the process.
Since the HTTP GET requests are nearly identical for human-initiated and javascript-initiated data fetches, I find it hard to believe that it would be possible to identify where the visitor had actually typed a URL or clicked a link, as opposed to being hit with stuff they never asked for.
Even if Javascript were disabled in the browser, a frameset or redirect could also land the user on a site they had not asked to visit. Thus I don't see how what the government requires is even feasible.
-Any thoughts on this? I'm preparing a writeup on the subject for my MP and it would be useful to know if ISPs think the requirements -of identifying sites visited by the user- are technically feasible.
Re: Website access logging
21-11-2016 3:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I always use a mouse with my laptop so that I don't accidentally put my finger on the touchpad and click on something I don't want to click on. However, using a mouse on a slightly shiny/reflective surface can cause the cursor to fly to another part of the screen resulting in a 'misclick'.
You could try emailing pressroom@plus.net with your enquiry.
Re: Website access logging
21-11-2016 4:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I thought it would be fairly obvious that they're going to log everything, they're not going to be bothered if you intended to visit it or not. I'm sure someone can always claim that their cat jumped on the keyboard and that's how they ended up on a particular website.
Re: Website access logging
21-11-2016 4:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I Think you have the right to request all the data a company holds about you for a fee of £10.
If you requested that data and decided the information was incorrect would you not have the right to ask for it to be removed, so if the list showed I visited website x on such a date and time and I claimed I did not, would it not be up to the ISP to prove I did ?
If a number of users requested and queried data held the ISP would end up with a lot of non productive work on their hands.
My concern about this bill is that it could be open to abuse in several ways and we will see examples of this as time goes on.
Re: Website access logging
21-11-2016 5:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@ejs wrote:
I thought it would be fairly obvious that they're going to log everything
Which is what I imagine they'd have to do as there is no way to distinguish original requests from robots.
If so, that opens the way to all kinds of malicious activity. Even without using Javascript, it would just be a matter of hacking a well-known website (If it uses SQL, how hard is that?) and putting a frameset on it with the legit site taking up 99% of the page and a few choice illegal pr3n images in the other 1px-high frames. To target a specific individual, just put in a bit of php to check the host and only echo the frameset if it's the intended victim.
Wait a while, make a phone call, victim framed. If you'll excuse the pun.
NO. If this to be implemented, it has to be only the sites visited. If it includes robot downloads it's worse than useless. Dangerous, in fact, because it's so easily exploited for criminal frame-up purposes.
Re: Website access logging
21-11-2016 6:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If it's so easy, perhaps you should do a bit of white-hat hacking, and arrange for some well-known websites to warn people of the problem you describe? Oh wait, that would probably be illegal.
Also, how exactly are you going to check the host to find the intended victim? How will you know their IP address?
Re: Website access logging
21-11-2016 6:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@iwrconsultancy wrote:
With the Investigatory Powers Bill no passed, ISPs will have to compile a log of 'Websites visited' by accountholders.
Are you sure that's correct?
Looking at https://www.gov.uk/government/publications/investigatory-powers-bill-fact-sheets - Factsheet: communications data
The Bill will also require communications service providers to retain internet connection records. ICRs do not provide a full internet browsing history. The ICRs do not reveal every web page that a person visited or any action carried out on that web page.
Re: Website access logging
21-11-2016 10:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yes, that's correct. The Bill requires domains visited to be logged. It does not require lists of pages read.
The situation is that when you visit most large websites, a 'robot' on the page also fetches data from other domains. Thus, it will appear that you visited a great many more domains that the one you actually visited. To give an idea how bad the problem is, even loading a fairly reputable site might cause 20 other-domain data fetches. With some sites like tabloid newspapers festooned with ads, that might be anything up to 100.
So, the log will contain anything from 20 to 100 entries for every site you visit Of those, you visited one. The rest you didn't visit, but AFAICS there is no way for the ISP to determine which is the needle in that haystack.
There is an obvious legal issue here, in that any surveillance or reporting on the public must be accurate. Otherwise it would be in breach of all kinds of regulations, including human rights Law. Over-reporting of sites you didn't visit is obviously worse from a legal standpoint than under-reporting of sites you did, since that might lead to a false prosecution.
I could see situations where NOT logging the pages visited could actually be worse then doing so. Supposing a robot on a page you visit accesses a known child abuse site, but all it does is to get the robots.txt file from that site. With only the domain logged, it would appear that you had been downloading child abuse material. If the file download history were available, then it would be clear that nothing of the sort was involved.
There is a reason why courts ask for the truth and the WHOLE truth. Half-truths are dangerous.
Re: Website access logging
22-11-2016 3:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Which part of The Bill says domains are going to be logged?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- Website access logging