Australia's Attorney General Says Metadata Collection Won't Track Your Web Surfing, Just The Web Addresses You Visit (Huh?)

from the say-what-now? dept

Australian Attorney General George Brandis seems to be working extra hard to demonstrate just how completely clueless he really is. On both copyright and surveillance, it's pretty clear that he doesn't even remotely understand the details, but is willing to go all in to support some misleading claims that someone told him. On the surveillance front, he recently claimed (incorrectly) that data retention rules are a must (and that whistleblowers should be thrown in prison). The data retention rules are getting some attention because it's pretty clear that Brandis is advocating for a massive expansion in data retention and collection for many different purposes (i.e., expanding it to cover "crime-fighting in general" as opposed to just terrorism/national security).

However, it's pretty clear that he has no idea what this all means. He gave an absolute train-wreck of a TV interview on SkyNews, trying to defend the policy, in which he claims that the metadata rules won't track your web surfing habits, but just what websites you visit -- as if that's a different thing. You can see the video here. It's quite incredible. First he claims that the telcos "already collect this data" for billing purposes, but they want to change the law because now flat rate plans mean telcos might not track this data. But then he jumps to internet metadata (which, uh, has never required tracking for billing purposes) and things get ridiculous quickly.
SkyNews host: Well, the Prime Minister today said "it's not what you're doing on the internet, it's the sites you're visiting." So will it be the sites you're visiting?

George Brandis: Well, well, it... it wouldn't extend, for example, to web surfing. So, what people are viewing on the internet is not going to be caught.

Host: So it's not the sites you're visiting.

Brandis: Well... um... what people are viewing on the internet when they web surf is not going to be caught. What will be caught is the... is the... is the, um... the web address they communicate to.

Host: Okay, so it's only the... I'm sorry... the web address? If I go to an internet site, that will be recorded and available?

Brandis: The web address... um... is... is part of the metadata.

Host: The website.

Brandis: Well, the web address. The electronic address of the website.

Host: Okay. If I go to the SkyNews website, the Australian website, a more questionable website, that will be... is that what we're talking about here?

Brandis: Well, I... b... m... m.... m... the... what you're viewing on the internet is not what we're interested in. And that's not what we're...

Host: You'll be able to see whether I've been to that website or that website or that website.

Brandis: Well, what we'll be able... what the security agencies want to know... to be retained... is the... is the electronic address of the website that the web user is visiting.

Host: So it does tell you the website.

Brandis: Well... well... it tells you the address of the website.

Host: That's the website, isn't it? It tells you what website you've been to.

Brandis: Well, when... when you visit a website you... you know, people browse from one thing to the next and... and... that browsing history won't be retained or... or... or... there won't be any capacity to access that.

Host: Excuse my confusion here, but if you are retaining the web address, you are retaining the website, aren't you?

Brandis: Well... the... every website has an electronic address, right?

Host: And that's recorded.

Brandis: And... um... whether there's a connection... when a connection is made between one computer terminal and a web address, that fact and the time of the connection, and the duration of the connection, is what we mean by metadata, in that context.

Host: But... that is... telling you... where... I've been on the web.

Brandis: Well, it... it... it... it... it... it... it records what web... what at... what electronic web address has been accessed.

Host: I don't see the difference between that and what website I've visited.

Brandis: Well, when you go to a website, commonly, you will go from one web page to another, from one link to another to another, within that website. That's not what we're interested in.

Host: Okay. So the overarching... if I go to... SkyNews website, it'll tell that, but not necessarily the links within that that I go to?

Brandis: Yes.
I wouldn't normally include stuttering and false starts in a transcript, but in this case it seems somewhat necessary to show the level at which Brandis was clearly uncomfortable with the subject matter. The conversation then goes on to metadata for social media, and Brandis takes the easy out here saying that the rules are still being discussed. However, he does admit that metadata will be used for criminal investigations.

We've long argued that metadata is incredibly revealing, and anyone who claims it's "just metadata" has no clue what they're talking about. But here, Brandis takes that cluelessness to a new level. It's pretty clear that he is totally and completely ignorant of what he's discussing. At times it suggests he thinks that the web address doesn't reveal what you've been reading, and I thought maybe he thought that there's a real distinction between the web address and what you see on the page (which would be ridiculous). But at the end, he seems to imply that ISPs will only be asked to record the top level domain of pages you visit... which is... equally unlikely and almost certainly false. Everywhere else he says the "web address" which would be a lot more than the top level domain.

Either way, it seems abundantly clear that he doesn't understand the details, yet is pushing for legislation to make things happen when he is either completely ignorant of what it means, or he knows exactly what it means and knows that people would revolt over it, so he's trying to mislead everyone.

No matter what the truth is, he has no business setting up these rules.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, data retention, george brandis, metadata, surveillance, web surfing


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Jay (profile), 6 Aug 2014 @ 12:23pm

    Dotcom, anyone?

    " However, he does admit that metadata will be used for criminal investigations. "

    So they'll use your Skype, your lifestyle, and your cell phone to convict you while not informing you of the rules they follow.

    So how long until a new Kim comes into the mainstream?

    link to this | view in chronology ]

  • icon
    Dave Cortright (profile), 6 Aug 2014 @ 12:25pm

    There is a distinction between the address an the content

    I hate to stand up for and ignorant government jackboot like him, but he does have a point, he's just not communicating it very eloquently.

    Let's say the record shows I went to mail.google.com. I have several Google accounts, including my primary personal, primary work, admin work, and throwaway. If I understand how this system works, they only know which address I went to, but not which account I used and therefore they don't know specifically what content I viewed.

    The same could be said for any dynamic content site (like a news site or video site), that adjusts content based on users' implicit or explicit preferences. They could know that I went to CNN but not necessarily that I saw the article about a doctor cleaned out and sewed up a festering pus hole on John Brennan's face (née his mouth).

    That said, the fact that someone went to a site like emptyclosets.com speaks volumes.

    link to this | view in chronology ]

    • icon
      cerda (profile), 6 Aug 2014 @ 12:39pm

      Re: There is a distinction between the address an the content

      yes indeed. But... the real meat on metadata is in the HTTP headers.

      For example, if you go to a blogging site, it is not the site itself that is important as much as which URI you got to.

      So, just guessing, I would regard his statements as "grabbing the whole nine yards"; he just did not know enough to say that . Or not say it.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Aug 2014 @ 12:49pm

      Re: There is a distinction between the address an the content

      That depends. Are they recording that you went to www.techdirt.com, or are they recording that you went to www.techdirt.com/articles/20140806/06322428125 ?

      If it's the latter, then they DO know whether you saw that John Brennan article. Perhaps they can't actually read your email this way, but just because the invasion of privacy isn't absolute doesn't mean it's acceptable.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Aug 2014 @ 12:57pm

        Re: Re: There is a distinction between the address an the content

        yes they'll likely get every distinct page you visit.

        link to this | view in chronology ]

      • identicon
        Eyes to the sky, 16 Aug 2014 @ 8:32am

        Re: Re: There is a distinction between the address an the content

        Who *really* thinks this distinction is being made by the watchers? "No, No, No! Stop there, we aren't allowed to view more" Please.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Aug 2014 @ 12:53pm

      Re: There is a distinction between the address an the content

      Some of what he says may be true - that what people do on the site will not be tracked (or cannot be tracked, in the case of HTTPS) - but some of what he said is clearly misleading...

      They will be tracking website addresses, but not the links you click on once you visit a site? That sounds like someone who doesn't understand that a link clicked is generally a new website address, and the browser will request it just as if you're visiting a new site entirely. This sounds like someone who is either intentionally misleading people, or has absolutely no clue how anything works.

      The reason this legally "works" by their definition of metadata vs content, is that the website address doesn't necessarily indicate what content was viewed - it is conceivable (although somewhat unlikely, and even frowned upon) that the same URL/web address might take you to different content the next time it is visited. So they can stand back and claim that they're not tracking what you actually viewed on the internet, while at the same time, tracking everywhere that you went.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Aug 2014 @ 2:09pm

        Re: Re: There is a distinction between the address an the content

        Car Analogy:

        So they can see that I parked my car at the local brothel parking lot.
        But they cannot see if I went into said brothel.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Aug 2014 @ 2:46pm

          Re: Re: Re: There is a distinction between the address an the content

          Actually, more like they saw you go into said brothel, but they don't know what you saw or did while you were there. If they walk into the same brothel, they're likely to see what you saw at the very least - although they can't guarantee that what they see is exactly what you saw when you walked in - they can only assume such.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 6 Aug 2014 @ 3:36pm

            Re: Re: Re: Re: There is a distinction between the address an the content

            "they can only assume such."

            ...and will

            link to this | view in chronology ]

        • identicon
          Anonymous Coward, 6 Aug 2014 @ 2:52pm

          Re: Re: Re: There is a distinction between the address an the content

          Hey a brothel that services the customer in the car!!!

          On a more serious note, tracking of this data is why web proxies will become more popular. If it looks like we all parked at a brothel then they won't know if we all went in or just walked to another business.

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Aug 2014 @ 5:45am

          Re: Re: Re: There is a distinction between the address an the content

          You equate the web to a whore house?
          Interesting.

          link to this | view in chronology ]

          • icon
            John Fenderson (profile), 7 Aug 2014 @ 8:08am

            Re: Re: Re: Re: There is a distinction between the address an the content

            He's equating the web to a city. Some addresses in a city are whorehouses.

            link to this | view in chronology ]

        • identicon
          Ed Allen, 17 Mar 2015 @ 12:11pm

          Re: Re: Re: There is a distinction between the address an the content

          Even top level domains would not get him the tracking they are after. If you limit to IP address for trackin/block then what about ?

          Web Sites Sharing IP Addresses: IPs Hosting 225 to 249 Domains http://cyber.law.harvard.edu/archived_content/people/edelman/ip-sharing/list-24.html

          So if they block by IP address then one baddie on a particular IP gets up to 248 innocents punished for no action of their own.

          Plus that puts the "metadata" at the level of the pages you looked at and the time till your next click.

          If the data collected and archived (for how long ?) is harmless then he should be willing to release a week's
          worth of his own "metadata" for everybody to see just how unintrusive it really is.

          If they really intend to limit to IP address then lots of innocents will be guilty by being in the same neighborhood.

          link to this | view in chronology ]

    • icon
      pixelpusher220 (profile), 6 Aug 2014 @ 1:01pm

      Re: There is a distinction between the address an the content

      I agree. Either the host is actively playing into his lack technical details, or the host is equally as stupid.

      It's the difference between the address on a letter and the contents of the letter itself. (with the obvious exception that in a URL's case you can then go get the content if you wish)

      Without the specific details of the program, it would likely be collecting the textual URL so they'd know which articles you visited on a site like TechDirt. For more dynamic/scripted sites it might be a bit harder to reconstruct the content that the subject actually saw from the URL and any other header data you might collect.

      link to this | view in chronology ]

    • icon
      MadAsASnake (profile), 6 Aug 2014 @ 2:04pm

      Re: There is a distinction between the address an the content

      Quite frankly, if they only collect the address, its going to be pretty useless to them. There is no point at all in limiting collection to that. This IS a five eyes country, They'll be "collecting it all" and justifying it with secret laws.

      link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 6 Aug 2014 @ 2:09pm

      Re: There is a distinction between the address an the content

      Let's say the record shows I went to mail.google.com. I have several Google accounts, including my primary personal, primary work, admin work, and throwaway. If I understand how this system works, they only know which address I went to, but not which account I used and therefore they don't know specifically what content I viewed.

      Yes, that's what I thought he was (badly) trying to saying at first too, but later on he contradicts that, by saying they're just collecting the TLD...

      I think the honest answer is he has no clue.

      link to this | view in chronology ]

      • icon
        ysth (profile), 6 Aug 2014 @ 2:30pm

        Re: Re: There is a distinction between the address an the content

        I think he has a clue and knew exactly what he meant, but just didn't know the correct terminology. He either meant IP address or domain name by "website address" and meant the actual returned content by "website".

        Though not knowing correct terminology makes it not unlikely that he is mistaken...

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Aug 2014 @ 5:39am

          Re: Re: Re: There is a distinction between the address an the content

          He reminds me of Ted Stevens.

          link to this | view in chronology ]

      • identicon
        Anonymous Coward, 6 Aug 2014 @ 6:05pm

        Re: Re: There is a distinction between the address an the content

        He sounds like Stevens arguing against net neutrality though.

        link to this | view in chronology ]

    • identicon
      Edward Tivrusky, 10 Aug 2014 @ 2:52pm

      Re: There is a distinction between the address an the content

      While I don't think you understand completely how this will work.
      Even if you were correct. You think they would bat an eye to just get your info from gmail if they wanted it?

      link to this | view in chronology ]

  • icon
    AricTheRed (profile), 6 Aug 2014 @ 12:25pm

    Yabba Dabba Doo!

    I always wondered what Fred Flintstone would sound like with an Australian accent.

    Now I know!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 12:33pm

    "this bullet will not kill you, just minimize your vital signs..."

    link to this | view in chronology ]

  • identicon
    Trevor, 6 Aug 2014 @ 12:36pm

    This is what happens when you put national security in the hands of Porky Pig.

    link to this | view in chronology ]

    • icon
      Sheogorath (profile), 6 Aug 2014 @ 1:28pm

      Re:

      Hey, that's unfair! Porky Pig is more intelligent.

      link to this | view in chronology ]

      • icon
        OldGeezer (profile), 6 Aug 2014 @ 1:50pm

        Re: Re:

        uh buba dee, uh buba dee, uh buba dee, uh buba dee, that's right folks!

        link to this | view in chronology ]

      • icon
        Eldakka (profile), 7 Aug 2014 @ 12:46am

        Re: Re:

        TO be fair, he isn't actually dumb.

        They don't make numpty's Queens Counsels, and he has a Bachelor of Civil Law from Oxford, and according to wikipedia:
        The Oxford BCL and MJur are widely considered to be among the most academically demanding postgraduate taught law courses in the Common Law world.
        He is pretty bright.

        So he's not dumb, he's merely dealing in an area (Internet, networking in general) outside his expertise.

        No, it makes him a luddite...

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 7 Aug 2014 @ 2:42am

          Re: Re: Re:

          So it is corruprion, malice and lies rather than stupidity and incompetence?

          Brandis is as corrupt as they come, he is nothing more than a Hollywood puppet. Why else would be listen to Hollywood rather than the Australian Law Reform Commission?

          link to this | view in chronology ]

  • identicon
    Trevor, 6 Aug 2014 @ 12:40pm

    Thought

    What if he was trying to say that the surveillance does not collect the content of the pages, but merely the address that content is located at?

    For example: It says I went to https://www.techdirt.com/articles/20140806/06322428125/australias-attorney-general-says-metadata-col lection-wont-track-your-web-surfing-just-web-addresses-you-visit-huh.shtml, but not that the page contained the following sentence:

    "No matter what the truth is, he has no business setting up these rules."

    As is always, TECHNICALLY he is right.

    HOWEVER. He is glossing over the fact that a separate program or a time consuming "copy/paste" will provide completely legal access to that content. He's trying to argue that they don't have access to the content through that program while helpfully omitting that they have access to the content via other means.

    link to this | view in chronology ]

  • identicon
    Whoever, 6 Aug 2014 @ 12:49pm

    What he might be saying

    I think that he is either trying to say that only the URL is stored (and not the data coming back from the website), OR he is trying to say that only the IP address is stored.

    With name-based hosting, IP addresses can be misleading, so I think that if he means this, he has been mislead by his handlers/advisers.

    Of course, with the URLs, if he means this, he is thinking that what is stored is the URL that the user sees in the URL bar, but of course, a browser fetches many, many URLs in order to display a single page and every one of those URLs will be stored.

    Summary: he has been briefed by someone who doesn't not want him to understand the real nature of the tracking.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 12:51pm

    It's pretty clear that he is totally and completely ignorant of what he's discussing.
    I think he knows exactly what he's talking about. That level of obtuseness can only be achieved by a complete and utter liar.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 12:51pm

    "It's just metadata" is the new "because national security".

    link to this | view in chronology ]

  • icon
    OldGeezer (profile), 6 Aug 2014 @ 1:02pm

    I think the monkey that took his own photo in the previous article is smarter than this guy. He's trying to give the "least untruthful answer", he's just not very good at it. I'm assuming Australians know bullshit when they smell it.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 1:07pm

    duration?

    He says metadata includes duration. How are they tracking duration at a website? That's not something that an ISP generally has in their business records.

    link to this | view in chronology ]

    • identicon
      Ed Allen, 17 Mar 2015 @ 12:49pm

      Re: duration?

      Just time when you started viewing this page subtracted from time of next click gives the duration.

      Both will be in the log he wants ISPs to keep.

      Of course the next panic will be when they realise that https only allows tracking to the IP address.

      Then they will insist that the ISP must be able to decrypt everything because "good" sites and "bad" ones can share the same IP address.

      That means that everybody inside a firewall must be branded "guilty until proven innocent" by the firewall logs.

      All your home routers track all URLs and encryption keys don't they ?

      Brings to mind the case where my Wi-Fi connection, totally encrypted, is hacked because of a bug in the manufacturer's
      software. Am I "guilty" because somebody accessed kiddie porn through it ?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 1:11pm

    He just lost hollywood/RIAA backing

    Between 7:04 - 7:10 he says that he's not interested in using metadata for tracking illegal downloads.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 8 Aug 2014 @ 10:07pm

      Re: He just lost hollywood/RIAA backing

      As this Lying Nasty Party has proven that every time they open their mouths that they are lying (currently at least one lie a day since being elected back in September 2013) nobody in their right minds will believe that.
      Whilst the government may not be interested in using metadata for tracking illegal downloads their financial puppet masters such as Rupert Murdoch are most certainly interested.
      It has already been stated that the Victorian Taxi Council & the RSPCA have access to metadata, although for what reasons no one seems any the wiser, especially as it was stated that they do not need a warrant to access the metadata they need.
      http://www.theguardian.com/news/datablog/2014/aug/08/warrantless-metadata-access-is-already-tak ing-place-at-higher-rate-than-ever

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 1:20pm

    We don't track what you do on the internet. We just record every website you visit...

    link to this | view in chronology ]

  • icon
    Sheogorath (profile), 6 Aug 2014 @ 1:25pm

    Australia's Attorney General Says Metadata Collection Won't Track The Web Addresses You Visit, Just Your Web Surfing (Huh?)

    You know, since they're the same thing and all... *shrugs*

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 1:45pm

    the man is obviously a fucking moron and thinks everyone else is as well! i suppose doing whatever he can for the entertainment industries, particularly the ones in 'nearby' USA was a criterion for getting the job? it cant be for doing anything to help the Australians he is supposed to be protecting!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 1:56pm

    This is why uneducated, technically ignorant people should have NOTHING to do with anything technical.

    They just suck at it.

    link to this | view in chronology ]

  • identicon
    John, 6 Aug 2014 @ 3:19pm

    Embarassed to be Australian

    Nothing else needs to be said other than I will try very hard to get this A-G out office.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 4:30pm

    I think what he is trying to say is that if you go to https://www.techdirt.com/articles/20140806/06322428125/australias-attorney-general-says-metadata-col lection-wont-track-your-web-surfing-just-web-addresses-you-visit-huh.shtml, what is being recorded is 162.159.243.199.

    Not saying this is good thing either.

    link to this | view in chronology ]

  • identicon
    Kronomex, 6 Aug 2014 @ 4:41pm

    I nearly fell out of my chair laughing at George "Insert Corporate Brand Name Here" Brandis's interview. This clueless, gormless, technology free barbarian, and all round git is our one term Attorney-General. Him and the rest of his cronies running...ruining...this country are goners and the sad part is that we still have another two years of massive damage to come before we can vote them out. Mind you I certainly won't be voting for little Billy Shorten and his gang of incompetents.

    link to this | view in chronology ]

  • identicon
    Whatever, 6 Aug 2014 @ 7:02pm

    Mike Masnick just hates copyright enforcement.

    link to this | view in chronology ]

    • icon
      Sheogorath (profile), 10 Aug 2014 @ 6:47am

      Re:

      Mike Masnick just hates copyright
      being used as a club, but doesn't mind copyright enforcement when the rights holder has a good case.

      FTFY, Whatever. Don't turn into OotB now.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 8:01pm

    He sounds like Ted Stevens arguing against net neutrality.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 10:34pm

    Re: duration?

    'He says metadata includes duration. How are they tracking duration at a website? That's not something that an ISP generally has in their business records. '

    yes right because the contents of the website or the server is likely overseas and does not keep a history of all changes.

    - The contents might have changed since the site was visited the last time.

    - The server does not log visitors IP addresses.

    - The logs are only kept for a short duration.

    Even if the hosting provider logs that IP address xxx.xxx.xxx.xxx visited myforum.com this information is worthless if the forum does not log visitors or purges the logs after one week.

    In most nations, the attempts to force ISPs to retain metadata have only covered IP addresses.

    The definition of provider often depends on whether it provides the connection to the internet.

    If it's not a telecommunications provider, it is often outside the scope of the data retention law.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Aug 2014 @ 10:46pm

    Re: Re: There is a distinction between the address an the content

    'So they can see that I parked my car at the local brothel parking lot.
    But they cannot see if I went into said brothel.'

    Actually they can't even see who parked the car, only that the car registered in your name was used to park at said brothel.

    Of course, someone could have cloned your car with its license plate and committed a crime, but that's very unlikely.

    But ten other persons could use your internet connection without your knowledge or permission.

    And this is the real reason why data retention is waste of money -- unless the next step is forcing everyone to lock down their internet connection.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 7 Aug 2014 @ 4:03am

    domain name

    That's funny, and a great demonstration how the politicians are just puppets to their own intelligence agencies.

    Further to the point in this article, it's worth pointing out that when filling out a form, posting a comment or any other activity in which personal info may be revealed, this is also part of the web address, as GET variables, and as such the metadata is compeletely indistinquishable from sensitive content.

    However, this article contains one mistake: A top level domain name is only the last section of the domain name, for example "com" in www.cnn.com. What is implied, rather than that only the top level domain is logged, is that the hostname is logged. A maybe more accessible and less incorrect (but still incorrect) term would be "domain name". I'd like to suggest that you correct the use of "top level domain" there.

    I concur that it seems ridiculous though, of course they aren't only recording the hostname (except that with https, sometimes, they may be able to get the hostname only by checking the certificate, so in some cases, that is all they /can/ log).

    link to this | view in chronology ]

  • identicon
    ReAn, 7 Aug 2014 @ 11:33am

    There is a larger issue at play here!

    Even if they're just collecting the TLD, browsing to a link does not signify intent.

    Any request can redirect your browser anywhere it wants. You could go to http://www.techdirt.com/fluffy_kittens and if Mike was an evil person he could make that respond ..

    HTTP/1.1 302 Found
    Location: http://www.underwear-terrorists.com/

    .. and just like that your browser would have been directed to a flagged site.

    BAM! You're on a watch-list and scrutinized likely for the rest of your life.

    Additionally an IFrame on a legit page can make you send requests to other domains. This is the biggest problem because the metadata isn't really effective at explaining anything, yet they're making life-changing decisions based on this faulty dataset.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 15 Aug 2014 @ 12:17pm

    idiot

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.