Real Internet Connection

From AAISP Support Site

A&A mentioned in The House of Lords

There are repeated proposals to legislate to filter Internet content. We only offer services to customers 18 and over, or companies. We already ask all customers to confirm they want unfiltered Internet access, and have done so for many years. We also offer some advice to parents wanting to stop accidental access to unsavoury content. This is fully in line with the proposed legislation, yet Baroness Howe sees fit to mention us in The House of Lords in 2014, and again in 2015, and omit these points.

Real Internet connection

We offer a real Internet connection - allowing IP packets to flow to and from your connection without filtering or interference.

We do not have, in our network, any equipment installed to filter access to any part of the public Internet for our customers as a whole. We aim to give 12 months notice if we ever add any such filtering.

Why are we against censorship?

There are three main reasons for not filtering:-

  • We feel strongly that how you communicate should be kept separate from what you communicate, allowing the free technical development that has created the communications networks we enjoy. This is a view supported by EU rules on mere conduit which clearly separate the technical issues from moral and legal implications of what happens to be communicated. Without such a framework we would not have the Internet at all.
  • We feel strongly that free speech is an essential tool to help ensure a fair and open government. Censorship of any sort is the thin end of the wedge and not to be taken lightly. Once started, censorship is very easy to extend one step at a time until wrong thinking is banned.
  • Filtering rarely, if ever, achieves the stated goals - blocking web sites does not stop people communicating, and rarely even stops the actual web sites themselves. Most filtering creates a false sense of security, adds technical complexity, and causes problems with over blocking. In many cases it is not true that "something is better than nothing".

As a company we have strong views on doing the right thing - we support Open Rights Group. See our director's blog at www.me.uk for more views on this topic.

When you signed up for our service you specifically ask for an uncensored and unfiltered internet access. We have no plans to add adult content filters or other stupidity. You are, of course, welcome to run your own filtering on your network and have parental controls configured on PCs on your network. If you have children for which you allow unsupervised Internet access (is that wise) then we would encourage you look in to such parental control systems.

Press: For comments from our director, or interviews, please email our press office

Parents

Many of us at A&A have children and we understand that parents have concerns over what their children may find on the Internet. It is important to consider the best way to tackle this at home, just like any of the other risks that face children as they grow up. Just as you do not expect the highways agency to stop any cars coming down your road so you can let your children play on the tarmac unsupervised, please don't expect us to try and block unsavory content on the Internet - we could not do that even if we wanted to - just look at how ineffective blocks on the pirate bay have become, and that is just trying to block one web site!

Recent OFCOM reports show that kids know how to bypass blocks and that most parents feel that their children know more than they do about the Internet.

Simply use a search engine to look for parental controls - there are many packages, free, and paid for, and even built in to many computers to help manage access to the Internet on a per user, and age appropriate, basis. If you are not sure, please do call our support staff who can point you in the right direction, or consider simply supervising younger children instead.

We do have some tools to help if you are trying to avoid some accidental access to unsavory material for younger children. Ensuring safe search is set on search pages is a start. But there are tools you control if you want. We can pre-configure the router we supply with alternative DNS servers such as openDNS if you wish - just ask support. But do not be lulled in to any false sense of security - this is good to help with younger children and accidental exposure to some web sites, that is all.

Limits and MTU

It is worth bearing in mind that even a real internet connection has limits. There are limits on the rate of your line because of the DSL sync speed. IP never guarantees that all packets arrive, in order, and not duplicated. However, we are not imposing any artificial limits on your internet connection. We don't traffic shape any protocols to slow down your link in any way (unless you ask us to, e.g. giving VoIP priority). We do have clear 1500 byte IP to our core network where we have 1500 byte peering and transit. If you use PPPoE there is a lower MTU (1492) which is part of the protocol, but we support 1500 byte PPPoE on lines or where your equipment can handle it. We provide native IPv6 with clear 1500 byte packets throughout our network and peering and transit links.

You can opt for tariffs, such as Home::1, which have specific usage limits that stop or slow your service unless you top up or wait for a new month to start.

Data logging

We do not log which websites you visit (though the website administrator may). We don't run any sort of transparent proxies or other systems to covertly log what you do on the internet, and do not sell data to anyone. We specifically monitor traffic levels and make this available to you. If we are helping you debug a problem we can monitor traffic for you in real time, but we don't keep that data. All of our servers which you use (e.g. email, web servers, VoIP, etc.) have logs which are kept for a few months, but you do not have to use our servers if you do not want to. Some services can log things if we are diagnosing an issue (e.g. DNS resolvers) but do not normally do so and any debugging logs are deleted as part of normal log rotation. We don't log the content of VoIP calls, though you can ask us to make call recordings (which we email to you), as can the person you are talking to (using our services or someone else's), so best to assume calls might be recorded. We keep PPP negotiation logs for a few months too, for debugging line and router issues. Some servers have diagnostic logs that hold some data for a few days (e.g. SIP control traffic) for debugging, but only relevant if you use our servers. We do not run anything like Phorm, and never will.

Black boxes

We oppose the idea of general surveillance or black boxes more.

Not wishing to be logged

Some people are concerned that they could have traffic monitored within the BT links perhaps. We are not aware of any such monitoring but would not necessarily be told. So, practical steps that we should all take to make covert monitoring harder and to make encryption normal and not an indication of something to hide.

  • Wherever possible access web sites using https. This provides end to end encryption. Be suspicious of errors reported. The site does not actually have to be with a well known CA to be secure from passive snooping and if you really want to be careful you need to check the certificate manually by some other means. In fact, a site not using a CA that is in your browser means setting a manual exception and as such you will be told if the site certificate changes which gives you more information than sites that do use a standard CA. If you want to know more - read up on TLS and HTTPS and how it works.
  • Make use of end to end email encryption such as pgp. This allows you to ensure the email is encrypted right up to the actual recipient, though the email addresses and subject and other headers are not encrypted.
  • Use secure POP3, IMAP and SMTP. We offer all of these for email sending and receipt. This means the link from you to us is encrypted and BT could not snoop on the email even just to see your email addresses used. Where available we will use secure encryption to the next mail server but this only protects against passive snooping on intermediate links.
  • If you are worried about us logging your email, send email directly using MX records and receive directly to your own mail server. The current legislations means we would not log anything in that case even if asked to. If you really want, use secure SMTP in such cases where possible to make it impossible for us or BT to log anything. Our support desk can provide help and advice on setting up your own mail server.
  • Use encryption as much as possible for all normal traffic. This is important. Encryption should be as normal as using opaque envelopes when sending things via the Royal Mail. The more people using encryption for normal traffic the more the argument of having something to hide falls down. Use https for twitter and facebook and any other normal communications.