Web Browsing Records

[Ian G Batten]

Page 7, ``web browsing information''.  I know we've thrashed this one
over repeatedly, but I still don't understand where the HO think the
information comes from.

If the user isn't accessing a proxy or cache, and the service provider
isn't forcing all access through one (they seem to be falling from
favour), ISPs presumably don't log all SYN packets passing through their
equipment with a destination port of 80 or 443.  However, if they did,
this would yield the desired effect --- it would identify the host
machine.  Well, sort of, as it probably (if we assume ubiquitous HTTP
1.1 and therefore less need to do multiple IP-number virtual hosting)
would identify rather less than the HO think.

However, if the user _is_ accessing a proxy, the requested page will be
clearly within the content of the session, not the signalling.  If the
proxy is within the ISP's jurisdiction, then it may have logs of that as
well, but then the ``remove the stuff to the right of the slash'' aspect
becomes something the ISP has to do.  And if the police get the
information by seizing the ISP's logs, there's little protection.

But if the proxy is outside the ISP's jurisdiction, and potentially
outside the UK Government's, what then?  The user will be making a
repeated sequence of calls to port 3128 or something, and that's the end
of the information available.  I've not actually seen a browser which
supports encrypted proxying, but since I could roll it in five minutes
with ssh forwarding or stunnel I assume the bad guys could as well.
Are the HO assuming that all patterns of web access will leave a trail,
and that all ISPs should record the information?

ian