The UK is almost as bad an enemy of the Internet as Australia and the nanny-state filters are beyond obnoxious. Back when I was with “Vodafone Full Fibre broadband” (in reality shitty VDSL because the truth-in-advertising authority gave ISPs license to lie), they had accidentally blocked StackOverflow for 3 days because it was actually the test site for implementation of the filters and they had been turned on by accident.
> A VPN is essential to defend yourself from the jackbooted UK government.
I tend to agree. Unfortunately even VPN doesn't entirely solve it though.
On the one hand wiregaurd makes this feel far more transparent and comfortable technically compared to how it used to with old fashioned crappy TCP over TCP style VPN... instead we now get low overhead, low latency, native, simple configuration etc.
The only problem is the end point: Running your own makes you very uniquely identifiable; using shared gets you on tons of blocklists or excessive captcha-walls of various popular and common services and underlying services like cloudflare or auth services such as google.
Even when running your own server you tend to get blocked due to having an IP from a VPS provider rather than a consumer ISP. It's basically impossible to get normal neutral internet these days... I find myself jumping between different servers, and turning it on and off, there is no single all access method... it's like wtf leave it alone guys, we are not in north Korea.
>it's like wtf leave it alone guys, we are not in north Korea
we will eventually get everything they have in NK/China/Russia/Iran, under a thin veneer of being done for our own good and accompanied by a mass media campaign that will convince a sizeable population of useful idiots to accept it all.
the venerable western democracies hate and fear dissent as much as those loathsome dictators do
I don't buy that as a general principal. You get the odd fascist leader of democracies that wants to do that in say Hungary, Turkey, even the US got a whiff of it. But most people and most politicians actually like democracy and support the ideas around it, they want to be left along and live in peace and prosperity. Pols want power and to crush the other political side in parliment, but ending public dissent is not the plan of most political parties or politicians.
What downsides did you experience from being uniquely identifiable? I suspect browser fingerprinting still goes pretty far in most cases even if you are behind a typical ISP NAT.
OTOH for an extreme case, and non-web-browsing purposes, I can imagine automatically spinning a VM every N hours, setting up a VPN exit node by a script, and switching DNS to point to it, then spinning down your old node. It won't even need any shenanigans with WG keys if you use two (or more) keypairs in a round-robin fashion.
> The only problem is the end point: Running your own makes you very uniquely identifiable
I think it depends on where you are. In France, my fiber connections have had a fixed IPv4 since I first got one, 10 years ago. Some ISPs have recently switched to CG-NAT, though. But they also started offering fixed ipv6.
My point is that trying to hide behind a non-fixed IP is a losing game. Plus, you can probably be indentified quite reliably but the pattern of websites you visit.
Yes. I use source routing to run my DNS through the VPN, but end devices go direct because too many streaming services or sites like Wikipedia ban VPN IPs.
Slightly off topic, but I was with Three UK for a while. Reception was universally terrible, and trying to use mobile data was a joke.
This was in a small urban centre... called London. Would never, ever touch them again.
Back on topic, it seems that they are not using Bluecoat/Symantec Site review (which I suspect other providers do), which has the domain categorised correctly:
> trying to use mobile data was a joke. [...] This was in a small urban centre... called London
In any significantly built up area 4G is mostly a dice roll among the 3 major UK providers. There will be little consistency when moving between locations and even the same location will change over time.
This is because the radio bands used in 4G are now so saturated that you are aiming for the _least_ popular provider in your current location (different providers are allocated different bands). It doesn't matter how many towers they have or how good your reception is when all the users are limited to such small (radio) bandwidths in the same area, when there are too many users, you effectively have to wait your turn to "speak". This is the main selling point of 5G IMO: not the higher theoretical maximum throughput; but the real world better average throughput even in busy areas due to less user contention because there is so much radio bandwidth available that the major factor in getting reasonable throughput should be equipment, reception and backhaul rather than unpopularity.
This is actually how EE maintain higher than average throughput on their 4G networks AFAICT, because they are priced far higher than their competitors, keeping their user numbers lower... a strategy that may not continue to compete well within the 5G spectrum. Speaking of which, stay away from EE if you care about your sanity.
> This is actually how EE maintain higher than average throughput on their 4G networks AFAICT, because they are priced far higher than their competitors, keeping their user numbers lower...
EE actually maintains a higher-than-average throughput because despite telecoms regulation in place they are "somehow" allowed to own a ridiulous amount of spectrum in critical frequency bands. This raw spectrum is required to provide the bandwidth and thus throughput:
For throughput on 4G mobile, the most important LTE frequencies in Europe are Band 1 and 3 (and arguably to a lesser degree Band 7).
On those frequencies combined EE owns almost HALF of the total spectrum (45 of 70MHz on Band3, 20 of 60MHz on Band1, 50 of 120MHz on Band7), with the three (!) other competitors splitting up the other half.
I live in London and had 3 for years and it went from ok to almost unusable where I was. I think they've sold a lot of unlimited data contracts and don't have the gear to service them.
I switched to O2 a couple of months ago and they've been ok really. Nothing amazing but at least the thing nearly always works.
Three seem to have gone down hill in a number of ways. They were also dropping free roaming (still on O2) and I stopped being able to use my laptop on the tube (works with O2).
That is somewhat true, but seeing people on the train, browsing internet or watching YouTube just fine, when you can't load anything tell a different story.
I even asked a few strangers what network they use and how come they have reception. This is the network I switched to eventually and indeed no more problems.
Yes, sometimes it really is just down to better coverage, but if it's a city, it's almost always covered well by all 3 providers.
> I even asked a few strangers what network they use and how come they have reception
However this is selection bias, you may actually have switched to a less popular network (which is better), or it could be coverage, it's hard to tell. The funny thing is that you can see how over time people will be switching back and forth between providers, even though there may actually be little change of coverage, any improvements could be more to do with movement of subscribers. Unfortunately 5G wont entirely eliminate this phenomenon because higher frequency comes with the disadvantage of being less penetrating to solid structures, so e.g in a train, or building people will sill be contending with each other over 4G quite often.
In the end, all that matters is what works, and you can only really test that empirically or by using other's to gauge performance as you did. Luckily you can now test 2 of the major UK networks without a contract, "Three" and "Vodafone" provide contract-less unlimmited month-to-month sim only through their sub-brands "Smarty" and "Voxi"... and I highly recommend using these over the main brand because you always have the flexibility to change quickly as network conditions change (I've switched between these two multiple times for a home LTE router due to changing user contention - which I've only inferred from the fact that there were no new towers in the area while maintaining the same RSRQ, and connecting to the same cell ids).
www.cellmapper.net is a good resource for roughly gauging coverage... but far better than any of the vague maps given on ISP sites, it actually shows you individual cells for each tower with rough directional areas, I've found it quite useful for debugging weird issues with antenna positioning on permanent LTE router setup due to locking onto bad towers (which unfortunately is not directly controllable on standard user equipment modems).
To add, if you want to try O2, there's GiffGaff/TescoMobile and if you want to try EE there's 1pm Mobile and EE offers PAYG sims as well.
I have 5g internet at home, tested every network and EE was miles faster than anyone else even though I live close to all the towers. I did find that going on a contract was alot cheaper than PAYG, and it's the only way to get unlimited data on EE. Still it's £30/month which is cheaper than what Voxi is offering.
With the wifi on the tube, the EE one works alot better than Three who goes through the Virgin wifi network. EE installs a profile so it auto connects quite reliably when you stop at stations.
I think technically EE probably is the better network, it's just unfortunate that their customer service is hell on earth.
If you get a sim that actually works from the start, i guess you are lucky. Just pray you are not unfortunate enough to ever have to deal with their customer support for any real technical fuckup at their end... they burned so much of my time I can never go back.
I bought a 24 month unlimited contract (which I don't like doing but I know the network is technically better so bit the bullet). The sim didn't activate, 1 months of phone calls and endless promise after broken promise, they still couldn't activate the thing. Finally they sent me a new sim but on the wrong 1GB/month plan, which apparently they intended to switch once activated, which of course they never could manage to actually do. So after another month they agreed to end the contract since they couldn't seem to actually fulfil it.
Oh but there's more.... 6 months later I find out they are still charging me for this stupid 1gb contract for which no sim card even exists. I reluctantly call them again thinking at this point it might be faster to open a law suit, this is ridiculously complicated and takes much convincing since the contract is now supposed to be ended so all the account numbers etc are wrong. They agree to send me a refund me by cheque for £50 rather than set up another DD to avoid more fuck ups........
1 Month later: I receive a cheque for 50p - fucking joke.
They still owe me £50, but it's not worth the time it would cost me to attempt getting it back.
This is partly why I don't like contracts, you can't easily walk away from shit like this.
Tbh, Three was even worse when I rang, I just got a call centre in India, and they can never help you.
Does suck about EE for you. I've had a few issues, but they are okay with giving me credit. They messed up my discount on my latest contract, so they gave me a recurring discount of £5 on my contract and added like 3 months of credit on.
I also had an issue with BT (which I assume is the same call centre as EE). They never gave us the signup bonus (free soundbar). I waited six months, got the ombudsman involved, and someone high up gave me a call. They instantly realised it was pretty messed up. So, in the end, I ended up getting a Soundbar, and like £300 back in credit, so I had free internet for most of the contract, then cancelled as soon as I moved house.
But if it happens to you, always hint you don't want to get the ombudsman involved, and they will suddenly get their crap together.
I used to have this problem at major stations like London Bridge. Full 4G signal bars, but no actual throughput. Seems to have gotten better lately, not sure if that's the effect of 5G or reduced passengers due to WFH.
I was on 3 until my contract ran out a few months ago, but it was still that bad. Oxford Circus you have full bars of 4g but no signal at all. I was going in quite alot last year before most people had returned to the office it made no difference to pre covid.
I think part of the reason is that 3 only use a handful of bands where EE has a bunch more to spread the load.
Was the same when I needed to tether my phone, always had no signal but couldn't load anything. Had to hotspot off colleagues phones. This was all over central London (Shoreditch, London Bridge, Holborn)
It's anecdotal, but during all my visits to London, pre-covid, I've always had good enough cell reception. I didn't watch youtube or similar, but I could always use google maps and city mapper, both of which I've used extensively since I'm not familiar with the city, or check random internet websites.
I didn't pay attention to which provider I was using, since it was probably chosen by whatever deals my home provider stuck with providers over there.
Why is this 4G band saturation never a problem in Seoul? The only place I ever had cell connectivity problems was in a stadium. Does the UK not use LTE? Maybe the Seoul providers installed lots of wifi access points?
First there was a stupid internet filtering proxy supposedly blocking erotic content but actually blocking a lot more, breaking many websites and forums, VPNs, etc. And also making internet access really slow. The only way to come off this was to ID at the store. This was not a legal requirement in Ireland and only three was doing this crap. All the others just give full internet access by default. I think the UK government enforces this stuff but that's no reason to force it on Irish customers. This was in 2006 or so though. I don't think even the UK had such laws back then (I know they do now).
Then I had an issue logging into their website to top up my account. I called their helpdesk (foreign) which were pure script monkeys and kept insisting my handset needed to be serviced at my expense and asking me to rub the SIM on my Tshirt. I kept trying to explain it had nothing to do with my handset but with their website which I accessed from my computer. But they just stonewalled me with their irrelevant scripts.
In the end I unlocked the handset and moved to tesco mobile. I'll never take 3 or anything from Hutchinson again.
I know. They are now but at the time they were not. Tesco mobile was on O2 (also as MVNO). I think I heard Three and O2 have merged since then or something. Or was it Three and Meteor? I don't live in Ireland anymore so I don't really follow it.
Tesco mobile didn't do any of three's skullduggery though. No filtering and their support was excellent. You could even write to them directly on boards.ie (which is itself a great phenomenon I wish more countries had). And three's network itself isn't bad. It's just the people running it.
I meant I don't want to deal with a company managed by Hutchinson again, AFAIK in the case of tesco mobile they just manage the underlying network.
I have a place in Ireland where I spend a minority of my time at the moment. It's LTE-only (a farm in the mountains of North Cork) so I've tasted the rainbow of available options in my muddy corner of paradise in 2021-2022:
-Vodafone was great, and had (or enforced) no fair-use limit, but suddenly started to majorly suck (~25Mbps down to 500Kbps; 60ms latency up to to 2s). 1-2 bars of LTE Band 20; no Band 28. They share a mast location with Three in my area.
-Three has no fair-use limit, but struggles to give me over 5Mbps; normally more like 2Mb. Latency 100-300ms. 1-2 bars of LTE Band 20; no Band 28. Clear signs of oversaturation during peak hours.
-Eir used to perform like Three, but recently upgraded their kit in the area to 5G: 60Mbps down, 35mbps up. 5 bars of 5G, 5 bars of LTE Band 28 and 20. Their mast is on the same ridge, but in a different location. But! 120GB fair use with absolutely soul-crushing throttling once exceeded.
I looked into the MVNO gang, but their offers are no more enticing: Tesco Mobile starts charging exorbitant rates once you exceed your data allowance, Clear Mobile is on Vodafone and throttles to 5Mbps, GoMo passes on the same data caps as Eir, etc.
My solution is a Zyxel NR7101 5G CPE with an Eir SIM in it, and a Mikrotik CPE + roof antenna with a Three SIM in it. General use Internet access on Eir, big downloads on Three; turn down YouTube resolution; go outside more often. Each SIM costs €20/month, pay-as-you-go, so I can choose to have one or both on a whim. It's not great, but it'll do! ¯\_(ツ)_/¯
Oh yes Eir is what Meteor used to be, right? I've been gone a long time.
I live in a big city now but I still use 4G as backup because my fibre provider can be a bit hit and miss. Fibre is usually installed on the outside of buildings here so it can be pretty dependent on weather.
I've been thinking of upgrading to a 5G CPE but there's not much point - 4G is enough for working from home and cost me only 25 bucks for the modem. And most prepaid plans here don't allow 5G yet anyway.
I did use Three for a while as a Mifi device at home and on the train when we moved back to the UK after we had our first baby back in 2011. As new clueless parents (who thought we were prepared but god no) I spent a lot of time researching English and Norwegian sites on breastfeeding and other baby matters.
And so many sites was blocked by Three. So frustrating when these were big mainstream baby and health sites but not necessarily in English.
Reception wise they were no worse than others, they all have big black spots in rural areas.
Worth mentioning Three soap bars and Three phones when tethered use different frequency allocations - so performance will not be comparable between the two. FWIW, I have a three soap bar and it works well in the main, whether in central London or out in the styx.
> Slightly off topic, but I was with Three UK for a while. Reception was universally terrible, and trying to use mobile data was a joke.
I know someone who for a while was manager for a team of on-call engineers for a large-ish UK company.
As part of their precautions, they had contracts with all the big operators which they basically split into three groups Vodafone, Three, O2/EE.
The Vodafone contract was of course always the highest in cost, such is life with Vodafone. But nobody ever had a problem getting in touch with engineers on Vodafone SIMs, and the engineers didn't have much to bitch about either.... they could seemingly get signal and data everywhere, even basements.
O2/EE were sort of the Goldilocks option... not too good, not too bad. Data was generally better than Vodafone (O2/EE were generally quicker off the mark deploying 4G/5G whilst for a few years Vodafone customers suffered 3G in non-urban areas).
Meanwhile with Three, everything sucked. Sure they were the cheapest, but very much "get what you pay for". The Customer Service was terrible. But the main problem for my friend was the coverage. We're talking about prime Central London areas here (W,WC,EC postcodes) and the engineers on Three would regularly have either no signal or one/two bars. Infact in one office in particular, the IT room which overlooked a busy street was a Three blackspot, no signal whatsoever (meanwhile colleagues on Vodafone or O2/EE had no problems at all).
Eventually they got fedup, dropped Three and went for a two-carrier model. Three was not exactly bringing much to the table !
I should state this was around 5–10 years ago. So things might have changed. I suspect they have not changed substantially though.
I had no reception and no data through most of my commute.
What pushed me to switch operator was when I realised my phone was showing it has reception, but nobody could call me still. So when I missed doctor's appointment I really needed - literally sitting by my phone and waiting for a call for a couple of hours. When my window passed I called the surgery and was told that doctor called me several times, but was not getting through.
The reason I didn't switch earlier is that I needed to keep my number and I was worried that when switching operators something will go wrong as my luck would have it.
Fortunately I switched it without problem and I wish I dropped Three the first day there was a problem.
I don't know how they are allowed to operate.
Had a similar experience and everyone I know has nothing but bad things to say about Three UK. It doesn't surprise me that it's the least popular network out of the 4 main mobile operators.
Three UK made me jump through quite a few hoops when I decided to leave them, and then kept billing me after I'd cancelled the contract (at the end of the tie-in period) and had returned all hardware. I ended up having to escalate things to the ombudsman in order to have them resolved. Would never go anywhere near Three ever again.
There was a period about 7 years ago where they were fantastic, their 3G/4G network wasn't too bad unless you were out in the sticks, and they were CHEAP, about 13£ for 200 mins/200 texts _unlimited_ data. And the kicker was pretty much unrestricted high speed roaming.
Have since moved over to EE which is better performing and better coverage but much pricier. 3 sadly will fall over in the next couple years I would bet.
Three are owned by CK Hutchinson Holdings [1], a Hong-Kong and Cayman islands registered multinational conglomerate that owns a number of telephone/ISP companies, ports, and some gas pipelines, as well as the main HV electricity maintainer in the east and south east of England, UK Power Networks.
Rather than privatisation giving democratic power over essential infrastructure to good-old capitalist citizens, I would politely argue that we appear to have sold it to the Chinese government instead.
I actually like Three but it was impossible to use data at the rush hour in central London. I don't know what's the current situation but that was my main frustration with Three. Also, I'm disappointed that they ended Roam like home despite having universal(?) roaming before EU made all the carriers do it.
They renamed it to "Go Roam" and if you've been with them since before October 2021 it's still free in 71 countries (otherwise it's pretty steep): https://www.three.co.uk/go-roam
"If you’re on Pay As You Go, or your Pay Monthly plan started before 1 October 2021, these charges won’t apply."
(I'm a happy Three customer since 2011, can't recall significant signal woes in London while I lived there and have reliable, fast 5G out in the sticks now)
Ugh, I had no idea about that. Thanks for telling me - doesn't seem like I've received any such message from Three themselves. I'll find out for sure in a couple of days time since as luck would have it I went abroad at the start of this month for the first time since early 2020, and used data without worrying while I was there.
Over the last 10 years I've used Three a few times for a short while but their reception where I am (in London) has always been awful. However, most recently I tried their 5G home broadband. It worked pretty well but I found a much better deal with Virgin Media so I tried to cancel under their 30 day "money back guarantee" and I've never had such a headache. Their store staff repeatedly lied to my face that it didn't exist (it's still advertised on their website today) and their call-centre staff would hang up on me. Thankfully their Twitter support staff were fantastic and sorted it for me but they could only do so by raising a complaint for me. The whole thing took three months.
What a useless, broken company, AVOID. Incidentally I hear Virgin Media are similarly awful when it comes to customer service.
The truth is that there isn't any consumer-grade telecoms/ISP provider that doesn't have awful support. You need to go enterprise-grade for any kind of competent support, but the prices will follow as well. Only exception to this would be A&A when it comes to DSL, which offers great & competent service at somewhat affordable prices: https://www.aa.net.uk
Your best course of action is to never sign up to a contract (use the 30-day rolling plans) and be ready to switch at the slightest issue. For home/fixed-line, consider having 2 providers for redundancy so you don't lose connectivity while switching.
I've been a happy customer of A&A for 18 years now - you do pay a little more, but well worth it for the unfiltered service and excellent tech support on the very rare occasion I've had a problem.
No, that is not true. Like the other commenter here, I used Hyperoptic at my previous flat and they were brilliant. If they had coverage at my new place I'd sign up again in an instant
Greatest feature ever. Sadly they are taking it away customer by customer it seems. Out of principle when they take the roaming from me I will be leaving the network.
Three is the cheapest and most oversubscribed network. Most of their users still have 4G devices, so getting a 5G phone is a way to get better speed from them in busy areas.
The support chat transcript is so uncomfortable to read– the person on the other end 'at Three' (aka a contact centre on the other side of the world, contracted out at the lowest possible cost) might as well be a bot, but the chat reads as if the person at Tutanota genuinely thought that they were chatting to a logical coherent human.
Having used Three UK on and off for two decades, this support chat lines up exactly with how I remember– 'robot humans' that say any ol' tosh to finish the contact session.
Avoid Three.
FWIW: all UK consumer telecoms services seem to have horrendous contact experiences (Though Three, of the prominent handful of providers, tops the charts in my opinion), but I've used EE for the last few years, and it has been consistently solid and fast, and thus I thankfully haven't /needed/ to contact anybody there. I cannot say the same for Three.
In consumer-grade telecoms, support is outsourced to idiots - it's not a UK-specific thing. Absent regulation against it, it will happen in any country.
I can access Tutanota on Three UK, even with the filter enabled.
When this blew up last Friday[0], Three's response was, paraphrased, "you contacted the wrong department, here's how to contact the correct department. Their turnaround time is three business days."
Here we are three business days later, and it works for me.
This seems a bit overwrought?
(Content filters are an issue, but they're mandated by the UK government for large ISPs. All major mobile providers in the UK block by default. In an environment like that, false positives are going to happen; I'm not sure how this could have worked better in practice, so long as ISP-level blocking exists at all.)
It is a good case study about abuse of unchecked power - even if accidentally. Tutanota is a false positive and obviously should not be flagged in the first place. Do they have any business or legal remedies? Likely not.
The great British firewall, starts here, ends where?
As I understand, the lists are maintained per carrier but implemented based on UK regulation. I still find it baffling that despite giving extensive personal information (ID/Passport, bill as proof of address, credit score) to get a mobile contract for an adult, this is opt-out with no questions asked (for example "do you wish to enable/disable this feature?" when the contract is signed). This leaves a lot of room for abuse, as it's demonstrated here.
Personal anecdote, I had to phone Three to disable the filter a few years back when I wanted to browse 9GAG on my commute to work...
In my personal experience, I bought a Three SIM card for some testing, and in about a month after not using the SIM for anything besides calling one of my own numbers I started receiving marketing calls. The marketer was upfront about how Three will give out your number to advertisers.
The only redeeming quality they have is their US data plan.
They should reach out to other networks, get a referral deal (20% for three months or whatever) and reply to their users with "your ISP is blocking us, and many more sites, and is horrible in general; here, switch to one of the normal ones".
Giffgaff is rubbish where I am. They throttle down massively during the day, 3Mbit if lucky, even forcing LTE. Found Voxi (Vodafone) to be miles better, at least for my location (which is close to the mast)
The same privacy preserving features of Tutanota enjoyed by privacy conscious individuals, make it ideal for fraudsters.
We experience a large number of fraudulent ecommerce orders using Tutanota email domains. I'm not shocked to think that this could be an example of an algorithm gone awry based on the signals it received.
It shouldn't be the role of the ISP, but in the UK content blocking is legally mandated. E.g., "The Digital Economy Act 2017 placed the requirement for ISP filtering into law and introduced a requirement for ISPs to block pornographic sites with inadequate age verification." https://en.wikipedia.org/wiki/Web_blocking_in_the_United_Kin...
Yeah I'm not sure how much ISPs still bother with that. Up until a year or so ago my ISP was pretty good at blocking torrent sites but now I can visit e.g. 1337x.to with no problems.
I think this is talking about 3's adult content filter which is different and has existed for ages and has always been shit (I assume most people disable it).
How can an ISP be sure an end-to-end encrypted communication channel isn't being used for porn?
It is encrypted. By design they have no idea what it is being used for. It would be very easy to set up a ring of pornography distributors using email (at least in the UK, in civilised countries they'd probably be put out of business by the open internet).
By this interpretation, any TLS channel, even to a supposedly "clean" domain, can be used for porn. Btw, nothing prevents you from emailing porn over Gmail or any of the other "allowed" email providers.
That is not really true, ISPs are relied on by non-technical customers who have neither the personal chops nor a 24/7 technical assistant to help them.
Whether ISPs succeed in any way is an entirely different ballgame, but this is absolutely the job of the ISP, especially in their role of email provider. Its ability to properly discriminate and aggressively block or plonk messages isvery much one of the reasons people like gmail.
> Whether ISPs succeed in any way is an entirely different ballgame, but this is absolutely the job of the ISP, especially in their role of email provider.
They aren't providing email in this example, as far as I can tell. They're providing internet access to an email service. Or they should be.
I have two colleagues who regularly send me emails from that domain.
For the first , I assumed it was her own domain. When I saw messages
from a second person I assumed they might both work for the same
company. Now I figured it's an ISP. I checked it out and it looks like
a good, legit service for people who don't want creeps and advertisers
grubbing through their messages. Three UK have no place blocking
traffic from legitimate users and must identify problematic use on a
per case basis.
Modern legal systems usually limit criminal liability to individuals
[1]. Companies engaging in acts of collective punishment (That goes
for you too Cloudflare) should at least try to raise their ethical
standards to those expected by International Law.
> Modern legal systems usually limit criminal liability to individuals [1]. Companies engaging in acts of collective punishment (That goes for you too Cloudflare) should at least try to raise their ethical standards to those expected by International Law.
There is no "criminal liability", and blocking malfeasants on the internet has always been a heuristic fight. If a service originates an extremely high rate of fraud versus legitimate uses, it's a good heuristic for fraud. It's a shame for legitimate users, but it's also how it's always worked.
And more generally minor (or self-hosted) MTA have always had that issue, it's not news that they get delivered less reliably than big "trusted" mail hosts, and that they can get blacklisted real fast.
Just because it's not "criminal" doesn't mean they're not dicks. And
"if you want to make an omelet you gotta break eggs" is neither a
reason nor an excuse. It's a sob story you tell yourself to feel
better about not being smart enough to figure out a solution that
doesn't harm others.
Cloudflare are just technically not able to deliver what they pretend
to. They profess to offer protection for vulnerable users of the
internet who are service providers. In doing so they harm millions of
other vulnerable users who are clients. They rob Peter to pay Paul,
and then take a moral stand on Free Speech.
Free Speech is a two sided affair. The freedom to write/speak must be
matched by the freedom to read/listen.
Cloudflare trample all over the latter and act like it's
nothing... because "if you wanna make an omelet you gotta break some
eggs". They simply kick the can down the road and so are hypocritical
and grandiose.
Yeah... any e-commerce system with significant volume's likely to end up with a deny-list for basically all these sorts of services. You lose one real order for every 1,000 fraud attempts, at worst. Easily worth it.
Similar reason lots of US servers used to (? still do ?) block entire IP blocks representing large parts of Asia. If 1% of your legit traffic is coming from those blocks, but 95+% of abuse, brute-force, and exploit attempts, it's a no-brainer to just blackhole them, unless you're at such a huge scale that 1% of legit traffic is still a very large number in absolute terms.
then it should be up to your company to say "hey we don't allow emails from X" and not do business with them. Like someone said in a previous thread "ISPs shoudl be dumb pipes", otherwise they get a nanny complex. Credit cards seem to be doing the same thing these days, acting like nannies.
not really, only for illegal and particularly reprehensible/gray areas. Porn is an accepted expression of freedom of speech and is protected speech. Visa/MC/Amex don't need to be the police.
The question is one of ratio, and false positives versus false negatives.
If 90% of tutanota-orginated emails are fraudulent, tutanota is an excellent fraud indicator, even though it will block legitimate emails.
If 10% of gmail-originated emails are fraudulent, gmail is a terrible fraud indicator, even though it will let fraudulent emails pass through, possibly more than the count of fraudulent emails coming from tutanota.
But if you block Tutanota the fraudsters will just switch to Gmail, and all you accomplished is that you inconvenienced legit Tutanota users.
I wonder why so many companies drag their feet when implementing actually useful anti-fraud measures (like supporting Verified-by-Visa) and instead block random email providers.
> drag their feet when implementing actually useful anti-fraud measures (like supporting Verified-by-Visa)
Most ecommerce merchants are non-technical, and utilise 3rd party platforms (Shopify, Bigcommerce etc) that in combination with their Payment Gateway don't support these systems.
I can safely say that every order my business has received with a Tutanota address has turned out to be fraud. It is a really strong indicator for a fraudulent transaction.
There are many other signals, but for some reason this is a really strong one.
We see a similar trend with Aleeas, and Simplelogin.
We still get fraud from Gmail and Outlook addresses, but it is picked up using other indicators, IP, IP owner, Shipping Address, phone number reachability, carrier, Payment Methods, name, useragent, "for lease" or "for sale" status of the delivery address etc etc...
The question is, does blocking Tutanota reduce total fraud, or does it just make fraudsters to move to a different email hoster and you end up with the same total fraud?
Real-world ecommerce systems often end up with quite a long list of email domains that either provide some weight to a "fraud or not?" algo, or are outright banned.
You don't just block tutanota, you block a big, long list of high-abuse email sources, periodically updated.
It surprises me that this would be effective, since setting up an email host that's just capable of receiving emails should be trivial.
Then again, maybe I am overestimating fraudsters, and by blocking email hosts that make it too easy to sign up you can get rid of a significant chunk of them...
Their game is high-volume-low-cost/effort, which I think is the main reason that this approach does significantly cut fraud volume (admittedly at, typically, a tiny cost in lost sales).
A lot of them are just stuffing stolen credit card numbers to try to find which ones still work, anyway, so they don't care about breaking into your system in particular, they just want to find any system that will let them attempt a charge. If they're finding enough of those using cheap or free anonymous accounts from low-credibility email address providers, they have no reason to spend more time or effort on it.
Blocking these providers doesn't mean you won't still see better-targeted fraud attempts, but it cuts down on a ton of the low-effort but high-volume automated crap—and that stuff can kill a merchant payment processing account in a weekend, if you're not pretty good at blocking it.
Consider when you’re tempted to ‘what about’ an issue that there’s an important distinction you’ve missed rather than see it as evidence of some grand injustice - in this case that GMail processes orders of magnitudes more email than Tutanova.
Ecommerce service itself should be using Tutanota if fraudsters want the most privacy benefits.
If not, Tutanota is like any other email provider, possibly with better privacy policy.
You can register an account for free. You don't need to provide anything when registering an account, just choose an E-Mail and a password. Is that what you mean with "privacy preserving"?
Three is quite a bad network in general. I can barely get any signal in my estate. Ironically, when walking around city centre, I have full bars but rarely ever an actual Internet connection. Their links seem to be universally overloaded.
Interestingly, ThreeIE doesn't block them. And I'm fairly happy with them (>1Gbit/s on 5G still blows my mind), except for when I'm travelling to London and have to roam on 3 UK (I agree it sucks)
Good question, I don't remember. I think it wasn't filtered? The only thing I remember for sure is that when I was recently in the Netherlands, the 3IE content blockers weren't in effect. So I think it's the same when visiting the UK, falling open by default.
(Yes, I don't want to send my passport photo to 3IE, that's why I'm dealing with these blockers. And I heard that even if you do verify yourself, they still mess with the DNS records.)
Normally not, as historically traffic from roaming users has been "home routed". That is, it was sent over a tunnel (think IPsec or similar) back to the user's home network, where it left through their usual infrastructure.
Especially in late 4G and 5G, with ideas of low latency services (that would break if you did this), there are options to route traffic into the visiting network instead. Not sure if anyone's using this though.
I’ve seen this on IP lookups I’ve done when roaming - surely this is a bad idea for latency? What’s the motivation? Why would they cripple performance further by proxying to an endpoint that could be half away around the world.
This is especially infuriating as a European visiting the US, where a bunch of services are geo-fenced to American IPs. In several towns, I couldn't pay for parking or buy a bus ticket because the online service is geo-fenced and there's no brick-and-mortar alternative anymore. They also restrict apps in the play store or whatever to US accounts. I had to buy a cheap SIM card to get around all that. It's insane.
It's absolutely horrible - I was in California a few months ago and all my traffic was being sent back to the UK - 300ms ping and about 1mbps each way.
I recall now it was a Twilio Global SIM - I was just using it as an early global sim rather than building on it - all traffic went back to T-Mobile in the US it seemed
3 Home broadband is a good deal if you're close to a 5g mast as their 5g gear is quite new. If you're not close to a mast or its 4g only, you'll have the complete opposite experience.
From what I've read, alot of 3 Towers only have a single 1gbit virgin fibre link so you're at mercy to who else is using the same tower. If it's in a area with alot of traffic, you'll probably have pretty crap speeds.
Question to UK people based on the responses I’m reading here.
If I, a privacy loving person were ever to migrate to the UK is it possible to have a as private and unrestricted anonymous internet as much of the rest of the sane world? Both this and previous thread mentioned some really ridiculous things like lifting restrictions through credit card or drivers license.
Londoner here. On daily basis I don't _feel_ restricted on broadband, besides some thepiratebay and some other good old thorns in copyright industrial complex... But I know GCHQ is watching. So nextdns.io is my trusty friend, VPN is no problemo.
On phone I have EE MVNO and without VPN I get blocked pr0n, but not much else. Yes they wanted proof of ID despite having my Direct Debit details.
Personal note: But if you were to migrate to UK, probably not a good time this decade, the cost of living is hitting here hard, post-Brexit shambles are annoying and the compensation is not worth it anymore IMHO. Just the music scene is unbeatable, hence staying.
I moved from the US to the UK. I don't feel like my access is any different, aside from the many North American sites that block all European IPs for fear of the GDPR.
Notably, smaller ISPs tend to be exempted from the surveillance and censorship requirements. And you actually have a choice of ISPs, because infrastructure and service providers are kept separate, unlike the monopolies in the States.
So, for example, Andrews and Arnold ("AA ISP") tends to take a pretty strong stance as outlined at https://www.aa.net.uk/broadband/real-internet/. Very old-school, clueful hacker vibe. Hell, they even GPG sign their invoices.
They're also happy to proactively inform their customers about legislative corner cases, like how the overbroad legal definition of a "communications provider" allows customers to legitimately self-identify in such a way that compels A&A to discard copyright infringement notices (https://www.aa.net.uk/legal/legal-status-customers/).
There are legislative threats in the UK, like the recent Draft Communications Data Bill ("Snooper's Charter"), or government-funded campaigns against encrypted communications (https://news.ycombinator.com/item?id=29955893). Those scare me. But thus far they've generally been beaten back, much the same as SOPA/PIPA were Stateside.
Why is nobody giving slack to the horrible UK laws but instead go on how bad ThreeUK is. This is a prime example why traffic filtering breaks the internet and causes unfair advantage.
Yes - why create laws that mandate you giving your details to access the site? Porn or whatever is just a justification. This is just another attack on privacy.
You can call it it a nanny state if you like - but what this is really about, is the loss of anonymity online. How long will it be that you are forced to id yourself to get online. I see this as a small step to that end.
"Thanks for reporting this to us. Don't worry, we're always here to help our customers with best possible resolution. I understand your clients are facing issue with accessing this website. All you need to do is just ask them to get in touch with us and we will validate your accounts and help them to get the restrictions lifted."
One would almost be tempted to code a button that sends that email, or even ask permission to every user to send it for them automatically.
I moved away from Three. I recently took out a phone contract, initially with Three. Took me two days to realise that they started charging a daily roaming fee while in another country in Europe - £2 a day. I immediately cancelled the contract and took out a new one with O2. Not ideal either, but at least O2 don't have this ridiculous policy.
Do not go with Three. I should've ditched them long ago.
Unrelated to 3, but we had an issue where our brand new site was blocked by Vodafone UK. Turned out they had some automatic firewall service that marked our site as suspicious and blocked it. They seemed a bit better than 3 as there was a process for applying for it to be reviewed and removed.
I'm assuming something similar happened to 3 where it was probably automatically picked up and blocked.
Just advice your users to switch away from Three - of the three and a half mobile operators in UK (O2 and Vodafone share cell towers) Three is the worst anyway.
A VPN may be a solution currently, but recently a Labour Party MP - Sarah Champion proposed the government needs to do something about the VPN providers (obviously the plebs can't have too much freedom).
I realise that Three are shit and this is shitty service. But I cannot bring myself to blame them. They're forced by law to push this non-sense because multiple (re-elected) governments have decided that the internet needs to be child safe but are not prepared to actually do it. So they have dumped it on Three (and other ISPs) who are not qualified, resourced or skilled enough to do what is ultimately a pointless and impossible task.
The problem here is not that Three are useless. It's that they are useless AND required to interfere. Behind that is a very social root cause: we pander to morons who think they should get to decide what other people can read/see/watch. The solution is that we, as a country, grow up and either supervise our own kids or actually pay someone else to.
But no boomer will buy that, they just keep crying until someone promises them a free lunch...
>With its strict data protection laws and the GDPR, Germany has some of the best laws in the world to protect your secure emails.
That's a lie. German law enforcement can get access any time to the emails - the court orders are trivially to get. Which is a known problem in Germany as for a judge to sign off a search warrant all he needs to do is to sign the dotted line. If he wants to deny the search warrant he has to write up a justification for his denial. Judges being completely swamped in work tend to go the easy route here.
Also prosecutors not being independent but having to follow orders from the ministry of the inner (which is a reason why Germany isn't allowed to use the EU arrest warrant system btw) make political overreach very possible and plausible in such a case.
I wish this "Germany is a safe haven for data" meme would die.
I remember reading one poll during the pandemic where a quarter of Britons wanted nightclubs to shut permanently even after the threat of the virus had subsided. For the Vernon Dursley archetype it's not enough for themselves to be allowed to live a very beige and conventional life but everyone else must be made to as well.
They don’t need to. DNS is still mostly in the clear, and SNI is still unencrypted so they may not know exactly what you are reading, but they definitely know what sites you are on.
A VPN is essential to defend yourself from the jackbooted UK government. I run my own, based on my https://GitHub.com/fazalmajid/edgewalker/
As for Three, their 4G is abysmal but they have the best 5G coverage.