Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Jon Ribbens jon+ukcrypto at
Thu Aug 5 11:51:18 BST 2010

On Thu, Aug 05, 2010 at 11:17:03AM +0100, James Firth wrote:
> If server owners don't secure their servers how is the law to establish
> whether some oddball actually wants to serve a file /etc/passwd ?

Because it's blatantly obvious that any reasonable person must assume
that the server operator does *not* want to serve /etc/passwd,
unless they have specific information to the contrary.

> The protocol is clear - the requestor is able to establish whether
> any arbitrary URL is valid by sending a request.  The response code
> indicates whether access is authorised.

You are assuming all security is perfect, and it obviously isn't.
"Yes your honour, I did kick his door in, but if he had a proper door
it wouldn't have broken when I kicked it" is not a defence.

> I'm also reminded of crazy attempted prosecutions for those using unsecured
> WiFi.  How else is one to differentiate between me offering free WiFi to my
> neighbours (no security) or me not offering free WiFi (security).

That's completely different, because people very commonly do offer
unencrypted WiFi that the public are expected to connect to.

> And if these vulnerable users suffer material loss or damage as a
> result, then why not leave redress to the civil courts?

You might as well say why not make burglary legal and the victims
must sue in civil court for trespass and conversion.

More information about the ukcrypto mailing list