Re: Standing Up Against German Laws - Project HayNeedle

To: "Matt D. Harris" <mdh@xxxxxxxxxxx>
Subject: Re: Standing Up Against German Laws - Project HayNeedle
From: johan beisser <jb@xxxxxxxxxxx>
Date: Mon, 12 Nov 2007 13:15:53 -0800
Cc: Paul Sebastian Ziegler <psz@xxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <4738A938.1090303@xxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <4735EA56.3010900@xxxxxxxxxxx> <D6FF830B-5829-4A25-8CE5-DBEDC40D08D4@xxxxxxxxxxx> <4738A938.1090303@xxxxxxxxxxx>


On Nov 12, 2007, at 11:27 AM, Matt D. Harris wrote:

However some of these issues can be mitigated without too muchtrouble. For example, one could have a dynamically growingdictionary of words to search for based on random words in randomresults pages that it grabs. At the very least, this would killany attempts to filter it out of the data mining system.

That'd be a significantly different approach. Even grabbing data fromthe previously browsed cache would also work, as far as seedingdictionary goes.

If the point of the system is primarily to create plausibledeniability for the end-user, that is, to allow them to say"hayneedle hit the site, not me, so I am innocent", then I'd say itcould be effective in that regard barring some proviso in the lawthat allow them to persecute someone who did not actually evenvisit a site of their own volition. Beyond that, it's alsoeffective in terms of turning up the noise to signal ratio andmaking this law that much less effective, while placing a greaterburden of ISPs who are then more likely to lobby against it evermore vigorously.... all while remaining entirely 'white area' interms of functionality.

If I read the law correctly, it requires retention of "what IPconnected to another IP" and "which phone number called where." Itdoesn't bother retaining the URL called (my German is rusty, so I maybe a little off in my interpretation). Connecting to a random IP on arandom open port (80 and 443, for example) would be a good start toaccomplish the goal creating chatter. The issue is that the searchterms to find those ports could lead to connecting to a site thatincreases your profile against general background chatter, even as itis raised with random connection traffic.

In that light, I'd regard use of something akin to TOR a slightlybetter solution for protecting privacy and filling up logs.

I understand your post, but I don't think Mr. Ziegler was over-selling his product's effectiveness beyond what it is reallycapable of.

I wasn't saying there was overselling the effectiveness. I do thinkthe approach is innately flawed from a privacy standpoint.

Follow-Ups:
- Re: Standing Up Against German Laws - Project HayNeedle
  - From: Florian Echtler

References:
- Standing Up Against German Laws - Project HayNeedle
  - From: Paul Sebastian Ziegler
- Re: Standing Up Against German Laws - Project HayNeedle
  - From: johan beisser
- Re: Standing Up Against German Laws - Project HayNeedle
  - From: Matt D. Harris

Prev by Date: [ GLSA 200711-14 ] Mozilla Firefox, SeaMonkey, XULRunner: Multiple vulnerabilities
Next by Date: [ GLSA 200711-15 ] FLAC: Buffer overflow
Previous by thread: Re: Standing Up Against German Laws - Project HayNeedle
Next by thread: Re: Standing Up Against German Laws - Project HayNeedle
Index(es):
- Date
- Thread