PPRuNe Security...
Thread Starter
Join Date: Jun 2004
Location: ME
Posts: 148
Likes: 0
Received 0 Likes
on
0 Posts
PPRuNe Security...
Several posts have been removed by their originators for fear of their identities being found out by their company.
My particular area of operation for the short term is the ME where unfortunately freedom of speech can still be problematic. PPRuNe is used to voice mainly genuine concerns about issues within our companies and is used as an uncensored form of comms to the companies themselves.
My question to an open forum is whether a company can trace identities through this site, if they have done so before, and if so where would we stand if confonted by an allegation from a company in a less democratic country for posting our opinions here.
This form of censorship through intimidation & threats from such companies could effectively silence our voices from areas which need a voice the most.
My particular area of operation for the short term is the ME where unfortunately freedom of speech can still be problematic. PPRuNe is used to voice mainly genuine concerns about issues within our companies and is used as an uncensored form of comms to the companies themselves.
My question to an open forum is whether a company can trace identities through this site, if they have done so before, and if so where would we stand if confonted by an allegation from a company in a less democratic country for posting our opinions here.
This form of censorship through intimidation & threats from such companies could effectively silence our voices from areas which need a voice the most.
Join Date: Jan 2002
Location: Wherever my current employers wish to send me !!
Posts: 718
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
Well, as my id within my department is known to the boss,
I've once found myself in front of personnel due to an
online ding-dong with one of our pilots.
I'm bloody careful what I post, these days.
My fault, I guess. Anonymity for me next user name.
I've once found myself in front of personnel due to an
online ding-dong with one of our pilots.
I'm bloody careful what I post, these days.
My fault, I guess. Anonymity for me next user name.
the lunatic fringe
Join Date: May 2001
Location: Everywhere
Age: 67
Posts: 618
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
Pprune logs the IP addresse of posters. From that your ID can be deduced.
Could a foreign organisation force Pprune to give out an ID? I have no idea. But would seriously doubt it.
In general there is no such thing as anonimity on the internet. With determination we can all be traced.
L337
Could a foreign organisation force Pprune to give out an ID? I have no idea. But would seriously doubt it.
In general there is no such thing as anonimity on the internet. With determination we can all be traced.
L337
aka Capt PPRuNe
Join Date: May 1995
Location: UK
Posts: 4,541
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
This year is PPRuNe's 10th anniversary and for the last decade we have been a sounding board for aircrew worldwide. Our reputation stands on allowing our members to post without fear of exposure.
It is true that anyone can be traced from an IP address but it is not quite so simple. Firstly they would need to convince a judge that he needs to issue a court order for me to give up an IP address in the first place. Once someone has that IP address they then need to convince a judge to issue a court order to get the ISP to go through their logs and match the IP address to a known user or in the case of someone with a dynamic IP address, the user who logged on at precisely that time. Only then could you use an IP address to identify someone.
So, the fact that IP addresses are logged, we still need a court order to provide the IP address in the first place and unless you are working for HMG and one of the security services, I doubt you're going to convince a judge that you deserve the court order in the first place.
Of course, if you are careless and use a username that gives your identity away or you post something that gives you away then PPRuNe can't be held responsible. There are a few sad people who spend their time trying to work out the identity of posters because of their own insecurities, even going to the extent of trying to match roster patters to posting patterns. If you work for a company that employs those methods and you are very insecure about it then perhaps you should consider moving to somewhere where your right to criticise is protected.
What some people fail to understand is that 'free speech' is not 'free'. You are free to criticise but not to abuse or slander. it is up to the individual to take that on board, digest it and apply common sense. However, we here at PPRuNe reserve the right to edit and delete where necessary to protect ourselves from eejits who fail to understand the concept of 'free speech'.
It is true that anyone can be traced from an IP address but it is not quite so simple. Firstly they would need to convince a judge that he needs to issue a court order for me to give up an IP address in the first place. Once someone has that IP address they then need to convince a judge to issue a court order to get the ISP to go through their logs and match the IP address to a known user or in the case of someone with a dynamic IP address, the user who logged on at precisely that time. Only then could you use an IP address to identify someone.
So, the fact that IP addresses are logged, we still need a court order to provide the IP address in the first place and unless you are working for HMG and one of the security services, I doubt you're going to convince a judge that you deserve the court order in the first place.
Of course, if you are careless and use a username that gives your identity away or you post something that gives you away then PPRuNe can't be held responsible. There are a few sad people who spend their time trying to work out the identity of posters because of their own insecurities, even going to the extent of trying to match roster patters to posting patterns. If you work for a company that employs those methods and you are very insecure about it then perhaps you should consider moving to somewhere where your right to criticise is protected.
What some people fail to understand is that 'free speech' is not 'free'. You are free to criticise but not to abuse or slander. it is up to the individual to take that on board, digest it and apply common sense. However, we here at PPRuNe reserve the right to edit and delete where necessary to protect ourselves from eejits who fail to understand the concept of 'free speech'.
Join Date: Oct 2005
Location: Londinium, UK
Age: 51
Posts: 158
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
If you are worried do a google search for an Anonymous proxy - there are 100's out there in Cyberland. Means your IP address is "masked" and therefore adds a layer of protection. Beware though - they are mostly used by people doing "suspect" things over the Internet and their use alone may arouse suspicion.
Thread Starter
Join Date: Jun 2004
Location: ME
Posts: 148
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
Danny,
Thank you for the reply.
I understand what you are saying but would also like some more clarification.
I understand that even a foriegn company, with full control of their courts and authorites, cannot access IP addresses without a court order requested in the UK?
I realise that we all have to be very careful with our identiites in order to safeguard ourselves, especially when operating in certain parts of the world. PPruNe offers us an open voice, one I would hate to see muted. This appears to be happening on the ME forum and has happened in the past. My post is an attempt to try and clarify the situation before the 'rumour' get out of control silences us unnecessarily.
Thank you for the reply.
I understand what you are saying but would also like some more clarification.
I understand that even a foriegn company, with full control of their courts and authorites, cannot access IP addresses without a court order requested in the UK?
I realise that we all have to be very careful with our identiites in order to safeguard ourselves, especially when operating in certain parts of the world. PPruNe offers us an open voice, one I would hate to see muted. This appears to be happening on the ME forum and has happened in the past. My post is an attempt to try and clarify the situation before the 'rumour' get out of control silences us unnecessarily.
Join Date: Mar 2004
Location: Duncraig, Oz
Age: 57
Posts: 65
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
As an IT professional, I should point out that the biggest risk [if you are keen to keep your identity private] is using a PC at work.
Many companies channel all internet traffic through a pooled connection and many record ALL web access i.e. what sites, pages etc etc. and also WHAT pc etc the access came from.
Whilst that may not be enough to nail down who exactly is the guilty party, in parts of the worlds and/or organisations that will be enough for someone to have their collar felt.
So if you are going to post to PPrune and are at all worried about your employer ascertaining your identity, then I would strongly suggest that you DO NOT use a work pc, but use your own at home or in a internet cafe etc.
[I realise this advice may be self-evident but many people don't realise that corporate web access is often tracked in detail].
Many companies channel all internet traffic through a pooled connection and many record ALL web access i.e. what sites, pages etc etc. and also WHAT pc etc the access came from.
Whilst that may not be enough to nail down who exactly is the guilty party, in parts of the worlds and/or organisations that will be enough for someone to have their collar felt.
So if you are going to post to PPrune and are at all worried about your employer ascertaining your identity, then I would strongly suggest that you DO NOT use a work pc, but use your own at home or in a internet cafe etc.
[I realise this advice may be self-evident but many people don't realise that corporate web access is often tracked in detail].
Join Date: Dec 2005
Location: Netherlands
Posts: 113
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
Shake,
I know what you mean, people almost leaning oiver your shoulder. Much as I dislike telling lies, in these cases I fall back to the old military adage 'Even when caught with hands in the till - DENY, DENY, DENY' As the experts have said it is difficult to be traced if you just follow their easy guide. Now I must get off the company machine
I know what you mean, people almost leaning oiver your shoulder. Much as I dislike telling lies, in these cases I fall back to the old military adage 'Even when caught with hands in the till - DENY, DENY, DENY' As the experts have said it is difficult to be traced if you just follow their easy guide. Now I must get off the company machine
Gatvol
Join Date: Jun 2000
Location: KLAS/TIST/FAJS/KFAI
Posts: 4,195
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
It is true that anyone can be traced from an IP address but it is not quite so simple. Firstly they would need to convince a judge that he needs to issue a court order for me to give up an IP address in the first place. Once someone has that IP address they then need to convince a judge to issue a court order to get the ISP to go through their logs and match the IP address to a known user or in the case of someone with a dynamic IP address, the user who logged on at precisely that time. Only then could you use an IP address to identify someone.
Although this is a Rumor Mill, I dont think I would worry about losing my job over any posting.
I have had my hands slapped by Dannys Boys a couple times for not being "courteous" to some Morons, so I think they keep a good handle on what is allowed.....
Join Date: Feb 2000
Location: asia
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
It might be easier then most people think in certain parts of the world to gather your ip address.
Firstly, gathering the ip address in real time is possible. It is an extension of the corporate issue that hoofie raised.
In some countries ISPs are bound by law or governement directive to monitor all internet traffic. This enables them to either block or report on access to certain sites - eg pornography or subversive - depending on where in the world you are. For instance China blocks a lot "free speech" sites, certain other Asian countries try to block pornography. The technical means to do this vary from going through unseen proxies to hardware router filters, but rest assured logs can be made and kept. Somebody at an isp could knock up a simple script to log all accesses to Pprune and where they came from, match the time with a poster and you're home dry. Of course, Pprune is probably a very small fish in the big internet ocean unleass you have really p*ssed off someone with a lot of clout.
The other thing is that it might not take a court order to get Danny (or at least Pprune) to divulge all sorts of information. Remember the group of paedophiles that were caught when the server that held their records was hacked? Pprune holds various bits of information about us and if the server holding that is hacked, then again home and dry. (I should point out that I am in no way knocking Danny's security, but he is totally dependant on his hosting company and their secuity.)
There again why go to all that trouble. Just bribe someone (not necessarily a mod) with access to the system - eg someone at the hosting company. Remember all the hoo hah when it emerged that poor Indian call centre operators where making a bit on the side by selling UK customers banking details?
I wouldn't recommend an anonymous proxy. Too many of them are honey traps, desinged to make money one way or another!
Firstly, gathering the ip address in real time is possible. It is an extension of the corporate issue that hoofie raised.
In some countries ISPs are bound by law or governement directive to monitor all internet traffic. This enables them to either block or report on access to certain sites - eg pornography or subversive - depending on where in the world you are. For instance China blocks a lot "free speech" sites, certain other Asian countries try to block pornography. The technical means to do this vary from going through unseen proxies to hardware router filters, but rest assured logs can be made and kept. Somebody at an isp could knock up a simple script to log all accesses to Pprune and where they came from, match the time with a poster and you're home dry. Of course, Pprune is probably a very small fish in the big internet ocean unleass you have really p*ssed off someone with a lot of clout.
The other thing is that it might not take a court order to get Danny (or at least Pprune) to divulge all sorts of information. Remember the group of paedophiles that were caught when the server that held their records was hacked? Pprune holds various bits of information about us and if the server holding that is hacked, then again home and dry. (I should point out that I am in no way knocking Danny's security, but he is totally dependant on his hosting company and their secuity.)
There again why go to all that trouble. Just bribe someone (not necessarily a mod) with access to the system - eg someone at the hosting company. Remember all the hoo hah when it emerged that poor Indian call centre operators where making a bit on the side by selling UK customers banking details?
I wouldn't recommend an anonymous proxy. Too many of them are honey traps, desinged to make money one way or another!
Join Date: Sep 2002
Location: London, UK
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
Re: PPRuNe Security...
Somebody at an isp could knock up a simple script to log all accesses to Pprune
The suggestion that you're "home and dry" if you had the PPRuNe access logs is nonsense too. The PPRuNe log file has hundreds and hundreds of lines per second - marrying those up to a particular post would be a lot of work and doing so conclusively would require some luck (that nobody else posted at the same time). Even then you'd only have an IP address. Empirically, 95% or more of PPRuNe's visitors don't have their own IP address, so you'd then need to find out from the ISP who was logged on and using that address at that moment. They won't tell you without good reason, of which this is not one, so you'd have to hack them too. Seems a bit far fetched.
If someone posted something nasty enough about their employer to warrant all this don't you think that some amount of disquiet would already be apparent in their demeanor?!!! And if not then what difference does it make?
Supercalifragilistic
expialidocious
expialidocious
Join Date: Sep 2001
Location: Essex, UK
Posts: 588
Likes: 0
Received 0 Likes
on
0 Posts
Modern network logging an analysis tools can play back ALL network activity going back days. I have seen a VoIP call reconstructed (NOT from www access log files.) and played back as high quality audio using network logging tools which are standard for many large corporates, including the aviation industry.
The comments above about what your company IT people may be able to do are spot on.
If you need to whistle blow, do it from outside the building, and not on your own machine.
The comments above about what your company IT people may be able to do are spot on.
If you need to whistle blow, do it from outside the building, and not on your own machine.
Join Date: Feb 2000
Location: asia
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Drauk, my apologies for the statement that made you react so strongly.
My bad phrasing about an isp was meant to, in the context of my statements about restrictions on ISPs in certain countries, imply that it could be done at an ISP level or at a country level ( nd sometimes that is the same thing)
I most ceertainly did not mean an isp could monitor anybodys access from another isp.
As for the home and dry comment, I stand by that. If you read the section of my post again you will see I am not talking about access to just the log files, but access to the whole Pprune server, which certainly hols a lot more info about us all.
My bad phrasing about an isp was meant to, in the context of my statements about restrictions on ISPs in certain countries, imply that it could be done at an ISP level or at a country level ( nd sometimes that is the same thing)
I most ceertainly did not mean an isp could monitor anybodys access from another isp.
As for the home and dry comment, I stand by that. If you read the section of my post again you will see I am not talking about access to just the log files, but access to the whole Pprune server, which certainly hols a lot more info about us all.
Join Date: Sep 2002
Location: London, UK
Posts: 778
Likes: 0
Received 0 Likes
on
0 Posts
my apologies
I am not talking about access to just the log files, but access to the whole Pprune server, which certainly hols a lot more info about us all.