Swedish ISP will anonymize all its users' traffic

TorrentFreak has some nice technical details on Bahnhof, the Swedish ISP that hosts (among other things), Wikileaks. The firm responded to IPRED, Sweden's batshit copyright spying law, by switching off its logs, so that putative copyright holders would not get anything if they tried to use IPRED's easy-peasy sneak-and-peek warrants. Now that Sweden is about to adopt the EU's rules that require all ISPs to begin logging, Bahnhof will insist that all its customers use an anonymizing proxy, so it can no longer tell what its customers are doing. Customers who want to make it easy to be spied upon can opt out for about $8/month.

Since the service will encrypt user traffic, not even Bahnhof will know what their customers are doing online. If the ISP doesn't know about their activities, then there's not much to log. Nothing to log means there's nothing useful to hand over to authorities and anti-piracy companies.
"Technically, this is a stealth section, we will store all data up to this point of invisibility," adds Karlung, referring to the first-hop connection the customer makes with the company's servers when going online.
"What happens after that is not our responsibility and is outside Bahnhof. So the only thing we are going to store is very little information, which in practice will be irrelevant."

Wikileaks ISP Anonymizes All Customer Traffic To Beat Spying

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: Action • Business • ipred • isp • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

fc

So basically they’re cranking up their prices by 8â‚¬ and need some nice reason for it?

How is that supposed to work exactly? Where should the massive VPN endpoints come from suddenly? The only thing Bahnhof could actually do is route their internal traffic encrypted. But they see both unencrypted ends of it, so they still know everythingâ€¦ even if they force their users to connect to them using a VPN tunnel, there will be an encrypted connection from the user’s computer to their endpoint from where it will reach other carriers, unencrypted, because they don’t have VPN endpoints. And even if they did, somebody has to decrypt something eventuallyâ€¦

The only thing that works is proper end-to-end encryption. They could of course force their users to only use SSL-HTTP connections and block all unencrypted HTTP traffic (and same for all the other protocols that support encryption: block all non-OTR’d XMPP traffic!) but that would actually require massive deep packet inspection, just the thing they want to avoid.

So this seems totally pointless. Only the standing up to the government and not logging is a sane thingâ€¦
- Blue
  
  >So basically they’re cranking up their prices by 8â‚¬ and need some nice reason for it?
  
  No. They’re only asking for money for NOT doing this.
  
  Customers who want to make it easy to be spied upon can opt out for about $8/month.
  
  [emphasis mine]
  - fc
    
    Well, who wouldn’t opt out? They sell 100 MBit/s connections. It’s utterly impossible they could ever get large enough VPN endpoints to push all this data through for what is basically just a political stunt. So you could pay for a fast connection and have it horribly slowed down for idiotic reasons. Or you could pay 8â‚¬ more and have just a fast connection with insignificantly less privacyâ€¦
Anonymous

If this ISP were to move to the United States, or if a US ISP were to adopt its policies I would immediately switch my services to that ISP and encourage everyone I possibly can to do the same.
Anonymous

The financial interests of ISPs have always been at odds with the spies, so the spies who *might* have been able to get data with a minor inconvenience can never get it when it carries a financial burden, and anyone who thought otherwise was delusional.
Anonymous

How do you find and choose a good, honest, safe, secure anonymizing proxy?
uildaan

Great idea, but there will be a law passed preventing this in 3… 2…
JayConverse

How do they figure out how much to bill their customers?
- Anonymous
  
  Read again, it says it will be logged at the ‘first hop’ and nothing after that…their customers’ usage can be monitored as far as how often and how long they log on, but not where they go after that…if they’re pulling too much bandwidth that’s easy to monitor and deal with, too.
- Anonymous
  
  What usually happens is:
  
  The cops tell the ISP “IP address 1.2.3.4 did something bad at 1 PM”, and then the ISP looks up which customer had that IP address at the time.
  
  And this is what will happen when the ISP doesn’t know anything about their user’s activities:
  
  The cops tell the ISP “IP address 1.2.3.4 did something bad at 1 PM”, and then the ISP will report back, “Sorry, but our log files are useless for this person. We know it’s one of our 500,000 customers, but we don’t know which one, and it would be illegal for us to give you the entire list since only one of them broke a law”.
- rimstalker
  
  Most European countries have proper flat rates. So you really do pay just a flat rate, and don’t get throttled, and usually you also get the full line speed. What might see you getting a little bit less bandwidth is living far from the next hub (simply speaking).
  
  So no need to measure volume.
- Chrs
  
  Regardless of how encrypted the information is, the ISP can still tell how much of it you’re sending.
  
  Unless, of course, you’re making a point about net neutrality, which would be entirely sensible.
IronEdithKidd

This is how it should be. Respectful golf clap for Bahnof for having the courage to stand up to stupid, intrusive, anti-democratic, US-demanded laws.

Now, any US ISP care to stand up for their customers? *crickets* I didn’t think so.
The Raven

&, of course, that ISP also has no way to control spam or DDOS attacks routed via their servers.

I don’t think this is a viable business model.
- Anonymous
  
  I reckon this might be a case of addressing the biggest problem.
- Anonymous
  
  I’m not seeing anyone else point this out but you- and I thank you. Yes, being able to pirate songs is awesome.
  
  However, many more nefarious, illegal and potentially dangerous things can be done with an internet connection.
  
  When there’s no trail of breadcrumbs, you’re able to burn the whole forest down without fear of getting caught. I’m all for anonymity, but there needs to be accountability for malfeasance.
  - Beelzebuddy
    
    If you really want what you claim, then you’ll need to outlaw encryption completely, because otherwise you can already do all of that. There are foreign proxy services everywhere in the world which will happily anonymize your traffic for low, low prices. The only difference is with your ISP making the deal, you have much better odds of avoiding scummy man-in-the-middle phishing schemes.
    
    Also, I really hope you’re a plant from some agency, because your post displays a tremendous amount of historical ignorance, party line-toeing, and lack of critical thinking skills.
Anonymous

Also, they have the world’s coolest server rooms (converted nuclear bunker 30 m below ground). That should be reason enough to switch provider.
Anonymous

I don’t get it how it works.
The incoming traffic is unencrypted. So they’ve all http headers, they know, who and what is sending. Next it goes throught vpn? What for? Before some packets will go to by ex. google they must be decryped. I don’t see the point. Please, someone explain this.