My main question is- can my ISP intercept my emails and view my web
activity?

Why do I have this question? Basically, I live in an area in the
Balkans where the main religion is not one to which I adhere. The
service provider for the village in wich I live is very small and is
owned by a person who is a "leader" in this area for this religion. He
knows that I do not believe what he does. He is the only service
provider for my village and I don't trust him. His operation isn't
very big and I will not put it past him to snoop into my business.

This is why I would like to know if it possible for him to read my
emails, follow my comings and goings on the internet, etc. Also, if I
do go with his service, is there a way for me to know for sure if he is
spying on me?

Thank you for your help.

KH

"KH" <youthminman@yahoo.com> wrote in news:1130881280.647255.90690
@g43g2000cwa.googlegroups.com:


Yes, he can read your emails (unless they are encrypted) and, yes, he can
see what you do on the internet (unless you tunnel out encrypted to a proxy
server). However, there is no way of truly knowing whether he does actually
spy, log your activities, etc.

To avoid him knowing everything you do the two main ingredients are
encryption and a remote proxy server. Some commercial servers (like cotse
or findnot) will provide support for most protocols (email, surfing, etc.)
or you can use free services like mixmaster and Tor.

Even if you take these precautions he will still be able to track some
things (such as when you are online) but he will have no ability to know
the *contents* of your internet activities.

Regards,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.computer.security, KH dared to utter,
Without a doubt: yes. Unless you're doing something extra, your e-mail
is 100% plain text. Anyone that intercepts it along the way can read
it, and by definition your ISP is going to intercept it. As for web
pages, anything that isn't SSL encrypted is just as clear to them.

No, not really. Depending on what you do, it's possible that you might
be able to detect it, but if you have to ask this question you're
obviously not skilled enough to extract information on his activities.
Even then, nothing is 100% garaunteed to work.

Of course, there are ways to encrypt your traffic so he can't make
sense of any of it, but really no way to prevent hiim from intercepting
any of it.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFDZ+WuzLTO1iU1uO4RAhn2AKCfE2m7mtsyCv7yH/92KwWS2oUWIACfU8Fi
WlqYK7m0onOsYtof4pJTi30=
=HERp
-----END PGP SIGNATURE-----

KH wrote:


Use a web based email service that uses SSL (https) not only for the login
but also ALL data (ie viewing emails, etc). If you do not know what I mean
reply back and I will explain more.

As far as the web sites, the ISP can trace them (and rather easily). You
will need to use a proxy some where out in the Internet and bounce you web
viewing off of (through) the proxy. Just make sure whatever proxy you use
also uses SSL encryption from start to finish.

Imhotep

"KH" <youthminman@yahoo.com> wrote in message
news:1130881280.647255.90690@g43g2000cwa.googlegro ups.com...
This one comes up a lot (although not necessarily on this particular group).

Basically, an email is the equivalent of a postcard - everyone between you
and the recipient can take a look, if they so wish.

To secure it, send a letter (i.e. wrap it in an envelope that makes it hard
to see in. Some envelopes [encryption levels] are harder to get through than
others.

Because this sort of thing is entirely non-intrusive, the only way for you
to know that your stuff it being read is for the other party to make a
stupid mistake.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

"traveler" <noreply@nym.alias.net> wrote in message
news:81cdn1d99f8l2bunha58923e5k4eg7mpg3@4ax.com...
<snip>

Erm, nope - not quite.

Your ISP can monitor all of you traffic, as can any other ISP between you
and your destination. They can also monitor their own servers, as can anyone
else (e.g. a privacy service)

All you can ultimately do is form an encrypted tunnel from where you are to
somewhere you believe you can trust. That trusted third party then works
entirely openly on your behalf. If you don't use your ISP for email, and
encrypt access to the server that you /do/ use, then all they see is an
encrypted datastream.

Nothing magic about it.

H1K

traveler wrote:

Findnot lies about where its servers are located, and privacy.li is a
gang of pathological liars and stone cold crooks. Here's a good place
for anyone who wants the dope on this scam service to begin.

http://www.schneier.com/blog/archive...ghouse_pr.html

Go away you sapmming little troll. You're no more welcome here than you
are anywhere else.


~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.

Tom Jennings <1@le.com> wrote in news:Xns97DD87EBBE2A2jdhfgjkdshfgjkdhf@
216.196.97.131:


There are several ways:

The simplest is to find a commewrcial newsserver that supports port 563
(the encrypted one) rather than the conventional port 119. A while back
these included Easynews, Newscene, Meganetnews, and Octanews. You would
access them using xnews and stunnel (a free SSL encryption/communication
program).

I haven't checked which of these can be purchased anonymously (although
that shouldn't matter if all you want to do is make sure your ISP doesn't
know what you're doing).

There are other ways of getting access to other free or commercial
newsservers if you prefer a different one (e.g., giganews).

One is to subscribe to, say, cotse as your general encrypted gateway
accessing it with xnews (perhaps through putty) and then out to whatever
commercial or free newsserver you want. Convenient but could involve two
fees (one to cotse, and another one to the newsserver if it is
commercial).

BTW if you're not a maniac about big binary downloads, there are lots of
free newsservers out there (some will even let you post). I use
readfreenews (sometimes with cotse, sometimes just naked) for instance.
I haven't checked which may provide port 563 as well as vanilla 119. So
cotse and readfreenews gives total protection from your ISP for one
$6/month fee (but you may want more by way of either security or binaries
than that).

That's a start - come back with specific questions for more.

Regards,

"nemo_outis" <abc@xyz.com> wrote in
news:Xns97DD857695A60abcxyzcom@127.0.0.1:

An aftethought.

I haven't checked if any Tor exit nodes support port 563 (I suspect few or
none but you might get lucky). But if there are any, then socksifying your
newsreader and going through tor to a newsserver (free or commercial) would
be an alternative.

Regards,

Regarding tunneling, please let's not forget our good old friend SSH.
There's nothing like a server in a _safe place running an SSH daemon
and a couple of proxy software, that will allow you to establish a
tunnel from some _weirdo place and forward some traffic through it,
efficiently encrypting your data. Some RSA authentication and wise
operation will be useful to defeat bad old fat MITM eavesdroppers.

Now regarding the interesting question of how one can detect some
monkey monitors his traffic - why not using the technique of the
honey pot? Simply include something deceivingly attractive in your
traffic that would lead an observer to perform an action that you can
trace.

N'est-ce pas merveilleux de se sentir piégé?

Kind regards
Ludovic

"Ludovic Joly" <lgr_joly@yahoo.com> wrote in news:1149885018.265580.303900
@c74g2000cwc.googlegroups.com:


Good points. Many services (such as cotse) provide both ssh (using putty,
etc.) ass well as ssl (stunnel).

Coincé dans un piége à rêves :-)

Regards,

Tom Jennings <y@ie.com> wrote in
news:Xns97DD9E62F6B3Ajdhfgjkdshfgjkdhf@216.196.97. 131:


As far as I know giganews doesn't provide a direct encrypted connection
(port 563) only the ordinary standard one (on port 119). (Phone 'em and
ask before doing anything more complicated!)

That means you're going to have to put something else in the chain after
you (and your isp) but before giganews in order to use encryption (thereby
keeping your isp in the dark about the details of your usenet use).

There are other choices, but let's say you pick cotse as the middleman
(cotse can provide a lot of other services as well as encrypted usenet
access). You would go to www.cotse.net and sign up (very straightforward
if you use credit card, paypal, egold, etc. - a bit clumsier/slower if you
want to send them a money order for maximum anonymity).

You would probably choose to access cotse with xnews through SSH (rather
than ctunnel/stunnel) for convenience. That means you would need an SSH
program on your machine (putty is free and works fine - some commercial
programs are a bit slicker). Cotse has instructions on its site for how to
do this (or I'll paraphrase them if you want).

Bob's your uncle.

My recommendation? Try cotse for one month(6$) or maybe some other service
(findnot?) if you can sign up for a short term. Then either keep exploring
for better/cheaper alternatives or stick with them if they meet your needs.

Regards,

PS If you choose some other intermediate service (findnot, etc.), access
might be based on VPN, in which case there would be a different drill
(usually a very easy one!)

PPS And I still haven't checked if Tor can be your middleman (it certainly
has the inherent power - it's a question of whether there are many/any Tor
exit nodes on port 119). You would then need a program like sockscap
rather than putty on your machine. If it works it'll provide superb
security and be free (but a bit slow - especially for binaries, but they
shouldn't be tunnelled through Tor anyway, which is why it's hard to find
an open exit port 119 in the first place)


PPPS

Stunnel is a bit complicated as is ssh. However, the beauty is you don't
need to exploit all their power and you will only need to do a few things
to get it working fine. Cotse explains how ot its site, and so will many
other providers if you choose them instead. Or come on back here.

What about IPSEC, my friends? Owning a machine in an _exotic place, you
connect to it from a _dangerous position, and require IPSEC encryption.
You connect to the _exotic machine for proxy services. And raise the
middle finger.

Kind regards
Ludovic

"Ludovic Joly" <lgr_joly@yahoo.com> wrote in news:1149891033.643465.206280
@i39g2000cwa.googlegroups.com:


I do something similar when tunnelling out encrypted from clients' offices.
I use OpenVPN (rather than IPSEC) to tunnel to my home machine and then I
access the internet world from there.

But I don't think that would be suitable for the original poster whose
problem was to not be observed by his ISP. He must find some intermediary
(cotse, findnot, etc.) to perform the role of "machine in an exotic place."

Regards,

nemo_outis wrote:
Unless his budget allows him to rent a server say - in Russia? Because
he prefers to be monitored by the FSB than by the NSA?

Kind regards
Ludovic