cancel
Showing results for 
Search instead for 
Did you mean: 

Interesting article found on wikipedia about Plusnet

Moominfish
Grafter
Posts: 213
Registered: 19-03-2010

Interesting article found on wikipedia about Plusnet

Just found this on wikipedia http://en.wikipedia.org/wiki/Plusnet#Deep_Packet_Inspection_and_Bandwidth_Management which says Plusnet use some equipment called Ellacoya to perform 'traffic fingerprinting' using deep packet inspection and Juniper ERX switches to perform protocol shaping, a situation where all protocols, including encrypted P2P traffic are identified and managed on their network.
So basically does that mean if (well not if lol) anyone uses Peer to Peer software and downloads copyrighted material that Plusnet do know exactly what has been downloaded to the filename and which of their users downloaded it? As just reading the part that says even encrypted P2P traffic is identified and managed sort of insinuates Plusnet know exactly what's downloaded right down to the filename, so is that the case?
I'm just interested now after reading that as obviously Deep Packet Inspection is quite a serious thing and has come under scrutiny quite a few times when it comes to peoples privacy.
Also found this article http://en.wikipedia.org/wiki/Deep_packet_inspection that says,Deep Packet Inspection (and filtering) enables advanced security functions as well as internet data mining, eavesdropping, and censorship. Advocates of net neutrality fear that DPI technology will be used to reduce the openness of the Internet.
6 REPLIES
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 62
Registered: 15-06-2007

Re: Interesting article found on wikipedia about Plusnet

It means nothing of the sort.
All Plusnet do is categorise the traffic type by looking at it - there is nothing more intrusive than that.
Have a read of this thread http://community.plus.net/forum/index.php/topic,83778.msg691335.html#msg691335
First page only as it got a bit off topic after that
Moominfish
Grafter
Posts: 213
Registered: 19-03-2010

Re: Interesting article found on wikipedia about Plusnet

I've had a read of that thread you linked to Jim, and it sounds interesting although the user Wildrose52 sounds very paranoid for some strange reason!
Now back to what I read on Wikipedia, does the below sum it up?
Plusnet does use Deep Packet Inspection for the purposes of categorising the traffic type by looking at it? Yay or nay?
If not then I don't understand how the traffic management system knows what the traffic type is if it doesn't look inside the packets to cetegorise it and once the packets are looked in (to see what the traffic actually is) doesn't it tell you the exact content that was downloaded such as filenames etc because from what I've been led to believe and summed up for myself from reading articles online that's what Deep Packet Inspection does.
Here's another article that mentions the Ellacoya system Plusnet uses http://www.zdnet.co.uk/news/it-strategy/2008/07/31/deep-packet-inspection-what-you-should-know-39454...
also
This article http://arstechnica.com/hardware/news/2007/07/Deep-packet-inspection-meets-net-neutrality.ars/2 says,
DPI gear can generally extract information from traffic that varies by application type: IP addresses and URLs from HTTP traffic, SIP numbers from VoIP calls, filenames of P2P files, and chat channels for instant messages. Grabbing this information requires a look at a whole set of initial packets until the necessary information is gained, referred to as examining the "flow."

And it's the part in bold being the reason why I mentioned that by using DPI to categorise traffic means the technology Plusnet uses to categorise if needs be could find out the filenames of P2P files downloaded by it's users if they chose to, is that correct?
I find this a very interesting topic because I honestly don't believe their is such a thing as privacy anymore when online for anyone who uses the Internet due to all this technology that can easily monitor and find out what people do online, whether it be E-Mail, P2P, Gaming and the like.
It's all very confusing and these sort of topics can and often do just go on and on with so many different opinions and no real definitive answers because no one will stand up and say you know what YES we do monitor what you do and we do know what you download etc etc because then it would cause such an uproar it's not worth it to let the cat out of the proverbial bag, so I really don't know what to believe these days apart from I do strongly believe that if any ISP wants to find out what any of it's users download down to the exact filename of any files or E-Mail's sent/received etc they could very easily do so.
scootie
Grafter
Posts: 4,799
Registered: 03-11-2007

Re: Interesting article found on wikipedia about Plusnet

There DPI is very good but not 100% fool proof as encpt torrent p2p is picked up but when spotify was released which is a streaming service which uses encpt p2p that was picked up as torrent p2p and rate limited ( most likely still is) and PN could not build a sig to detect this traffic as streaming and had/ have got a problem open with there traffic mangment suppliers Arbor
http://community.plus.net/forum/index.php/topic,75288.0.html
So yes there is scope for snopping on traffic but there is limits to what PN can do. To be honest i think PN know that its users would leave straight away if we heard they had been upto tricks like BT retail did with the secret trails of phrom. dosent matter how sercetive a company is things all ways end up getting leaked.
the phrom debate which is proof we would pretty much all leave if they used DPI in a bad way http://community.plus.net/forum/index.php/topic,61201.0.html
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 62
Registered: 15-06-2007

Re: Interesting article found on wikipedia about Plusnet

@Moominfish
Whether Plusnet can do what you suggest or indeed whether the system they have employed has that capability I have no idea.
My feeling is that they only do the minimum for the traffic shaping to work but only the Plusnet experts can answer that.
A quick check on the Ellacoya website makes me suspect that they use something like the Arbor e100 system http://www.arbornetworks.com/en/arbor-ellacoya-e100.html which says
Quote
# Deep Packet Inspection (DPI) Technology – Leverages intelligent Deep Packet Inspection (DPI) technology to detect application signatures of any length, anywhere in the packet payload, across packet fragments.
and their pdf data sheet gives more details.
Also from the arsetechnica link you quoted
Quote
But vendors like Ellacoya and Procera aren't so interested in capturing private data, and it's not the focus of their devices. An Ellacoya rep reassures me that most applications can be identified without actually looking through all the data in a packet payload. Still, concern over the technology has been growing as its rollout has accelerated.
The point to make here is that the cost involved in doing the sort of checking you are worried about would be very significant as the equipment would need to do a lot more in depth digging on the fly and would therefore need a lot more very fast units which I don't believe Ellacoya have or indeed Plusnet would even consider paying for.
Community Veteran
Posts: 1,850
Registered: 04-04-2007

Re: Interesting article found on wikipedia about Plusnet

Hi there.
This is a subject which crops up on these boards every once in a while. I totaly understand the concerns, but there is nothing sinister about our E30 deployment. We've been doing this since 2004 and have been very open and upfront about what we do and why we do it.
We use the Ellacoya E30 for traffic management. It only looks at the header of the packet, it doesnt look at the payload. This means that whilst we can identify the type of traffic, we have no idea what it contains, nor do we want to know. Any router routing your traffic will read that header because its reading the destination and source of the traffic. An example of this would be if you are downloading something, every router along the path needs to read that packet to know where to send it to. We make one change to the tcp header which is part of the TCP/IP specification. The differentiated services field, http://en.wikipedia.org/wiki/Differentiated_services is widely used within QoS rules which can be applied to any router at wan or lan level.
The crux of this issue is "the man in the middle" interception of the traffic.
This does not happen. The only data feed we get is the total usage per category, ie what you see in VMBU and even then thats is not fool proof.. We do not see the payload nor do we obtain any information about our customers activities and there is certainly no need, ability or desire to do this. The E30's are on our network, under our control and no-one outside of Plusnet has access to the data feed. From a personal perspective, ISP's are not the internet police. To utilise diff services or DPI in the manner you have discussed, imho, would open up a whole can of worms for any ISP with regards to "knowing" what a customer is doing. Wink DPI to layer 3 or 4 is more than adequate for our needs, pushing that to 5 and above is a whole other story and we can't do that with the E30's.
I hope that alleviates your concerns. QoS rules have been around for a long time, as have differentiated services. Many home routers will use the same facilities where QoS rules or routing is applied. Ours simply do it on a grander scale and more efficiently.
Mark
matt_2k34
Grafter
Posts: 1,300
Registered: 09-07-2007

Re: Interesting article found on wikipedia about Plusnet

Interesting viewing on the subject can be seen here (if you've got 40 mins to kill)
Interview with Dave Tomlinson - part One
Interview with Dave Tomlinson - Part Two
(Sorry Dave  Grin)
Very good viewing, puts things into real laymens terms.
Quote
ISP's are not the internet police

if the current govt. had their way tho, im sure they would be  Wink