Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
pwt at iosis.co.uk
Wed Aug 4 07:13:12 BST 2010
Tom Thomson wrote:
>>> Yes, but if Cuthbert just moved up the tree to look at directory
>>> roots as in my example than that isn't obviously non-authorised.
>>> Some website owners want you to do that and provide a helpful menu
>>> or index for you. Some website owners don't want you to do that. The
>>> way to tell which is which is by trying.
>> Peter Sommer said that rather than say what he'd done, he instead
>> presented some story about proxy activity. That does rather
>> complicate the story.
> I wonder if the dialogue went like this:
> Plod: But you attempted an unauthorised directory transfer.
> C: No - if anything like that happened it must have been something done by a proxy server, I didn't do it.
> Plod: But we can clearly see from the log on your PC that you were at http://someserver.org/things/this.html and the typed http://someserver.org/.
> C: Yes, of course I did that. That's the natural thing to do.
> Or something pretty close to that, adapted by Plod to look a little more incriminating (that sort of adaptation is what used to be known as a "verbal" - and for it to have a commonly used name it probably had to be a commonly occurring thing; and far worse things happen even today).
I take the same line with this "unauthorised access" argument as I do
with the problem of restrictions on the validity of off peak tickets on
UK trains: if the restriction is not declared to me at the time of
purchase of the ticket (and done so in writing in a form that I can
conveniently carry with me), then the restriction is not valid.
(No, I have not been caught out on a train, but was recently on a train
at 0945 when the Train Manager accepted my valid after 0900 ticket but
told a lady sitting two seats ahead of me that her ticket was not valid
until after 1000 - and he made her pay a surcharge.)
More information about the ukcrypto