[AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

Aqius aqius at lavabit.com
Wed Jun 27 15:42:00 EST 2012


I agree that it is likely just forwarding get requests to ensure legal
segregation of user data from host/user specific information, and know for a
fact that ISP's are selling significant amounts of data to marketing
companies that identifies demographics and the 'anonymous' user to the
street level. 

 

This HARDLY starts to make any of it OK by me

 

From: ausnog-bounces at lists.ausnog.net
[mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Scott Howard
Sent: Wednesday, 27 June 2012 3:29 PM
To: Paul Wilkins
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Telstra's Texan Teaser - Tin Foil Stetsun anyone?

 

On Tue, Jun 26, 2012 at 10:19 PM, Paul Wilkins <paulwilkins369 at gmail.com>
wrote:

What has surprised me is that they need to hit the destination web server
from the US. If this data had been replicated from the Telstra proxy servers
and then transferred to the US by some back channel, there'd be zero
visibility.


And if Telstra had written this system for themselves, that might be what it
would do.  However, forwarding the actual content back to another company
has far more serious implications than just sending a URL without any
included cookies/arguments/etc. Using the specifically returned content
means that it's based on the contents of those cookies/login sessions/etc,
and thus can and will contact personal information that will (normally) not
be included if only the bare URL is used.

The simple fact is that what they are doing is common amongst multiple web
security products.  Cisco Ironport, Blue Coat, Websense, Zscaler, and most
likely several others all have similar functionality.  I'm sure countless
ISPs in Australia are already passing similar feedback for email messages,
and I'd be amazed if Telstra were the only ones doing it for web URLs...

  Scott.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120627/d7546c0e/attachment.html>


More information about the AusNOG mailing list