Knowledge base Real internet connection
We provide a real internet connection with our internet/broadband/mobile services. A real internet connection, such that IP packets from you get to where they should do, and IP packets to you get to you. There is no messing about.
Why are we against censorship?
There are three main reasons for not filtering:-
- We feel strongly that how you communicate should be kept separate from what you communicate, allowing the free technical development that has created the communications networks we enjoy. This is a view supported by EU rules on mere conduit which clearly separate the technical issues from moral and legal implications of what happens to be communicated. Without such a framework we would not have the Internet at all.
- We feel strongly that free speech is an essential tool to help ensure a fair and open government. Censorship of any sort is the thin end of the wedge and not to be taken lightly. Once started, censorship is very easy to extend one step at a time until wrong thinking is banned.
- Filtering rarely, if ever, achieves the stated goals - blocking web sites does not stop people communicating, and rarely even stops the actual web sites themselves. Most filtering creates a false sense of security, adds technical complexity, and causes problems with over blocking. In many cases it is not true that "something is better than nothing".
When you signed up for our service you specifically ask for an uncensored and unfiltered internet access. We have no plans to add adult content filters or other stupidity. You are, of course, welcome to run your own filtering on your network and have parental controls configured on PCs on your network. If you have children for which you allow unsupervised Internet access (is that wise) then we would encourage you look in to such parental control systems.
Press: For comments from our director, or interviews, please email our press office
Many of us at A&A have children and we understand that parents have concerns over what their children may find on the Internet. It is important to consider the best way to tackle this at home, just like any of the other risks that face children as they grow up. Just as you do not expect the highways agency to stop any cars coming down your road so you can let your children play on the tarmac unsupervised, please don't expect us to try and block unsavory content on the Internet - we could not do that even if we wanted to - just look at how ineffective blocks on the pirate bay have become, and that is just trying to block one web site!
Recent OFCOM reports show that kids know how to bypass blocks and that most parents feel that their children know more than they do about the Internet.
Simply use a search engine to look for parental controls - there are many packages, free, and paid for, and even built in to many computers to help manage access to the Internet on a per user, and age appropriate, basis. If you are not sure, please do call our support staff who can point you in the right direction, or consider simply supervising younger children instead.
We do have some tools to help if you are trying to avoid some accidental access to unsavory material for younger children. Ensuring safe search is set on search pages is a start. But there are tools you control if you want. We can pre-configure the router we supply with alternative DNS servers such as openDNS if you wish - just ask support. But do not be lulled in to any false sense of security - this is good to help with younger children and accidental exposure to some web sites, that is all.
Nat is evil ;-)
It is an important part of the design principles of internet protocol (IP) that every endpoint has a unique globally routeable address. That does not mean there are no firewalls, but it does mean that subject to firewalls and filters a packet can be addressed to any end point on the internet using its unique IP address. Systems like NAT (network address translation) break that. They work by tracking sessions to route reply traffic and having redirection rules. They work well for a small subset of possible uses of internet protocol. The widespread use of NAT limits the development of internet protocols and stifles innovation.
Now that legacy IPv4 has finally run out in Europe, this means that many new connections will only get one external public non-NAT IPv4 address. This often means customers end up using NAT for IPv4. However, we have no Carrier Grade NAT in our network. You can route and use that one fixed legacy IPv4 address as you wish in your network. Any NAT you have is on your router and under your control.
For the current version of IP, IPv6, we provide a large allocation (/48) and allow you to route one or more /64 or larger block as you need to each line or site that you have. This allows your own network to operate without any NAT.
For those wishing to experiment with IPv6 only networks accessing legacy IPv4 addresses, as a temporary measure (until the world catches up), we do have a public NAT64 gateway you can use if you wish.
Limits and MTU
It is worth bearing in mind that even a real internet connection has limits. There are limits on the rate of your line because of the DSL sync speed. IP never guarantees that all packets arrive, in order, and not duplicated. However, we are not imposing any artificial limits on your internet connection. We don't traffic shape any protocols to slow down your link in any way (unless you ask us to, e.g. giving VoIP priority). We do have clear 1500 byte IP to our core network where we have 1500 byte peering and transit. If you use PPPoE there is a lower MTU (1492) which is part of the protocol, but we support 1500 byte PPPoE on lines or where your equipment can handle it. We provide native IPv6 with clear 1500 byte packets throughout our network and peering and transit links.
You can opt for tariffs, such as Home::1, which have specific usage limits that stop or slow your service unless you top up or wait for a new month to start.
We do not log which websites you visit (though the website administrator may). We don't run any sort of transparent proxies or other systems to covertly log what you do on the internet, and do not sell data to anyone. We have no, so called, black boxes which monitor traffic for the government, or anyone else. We specifically monitor traffic levels and make this available to you. If we are helping you debug a problem we can monitor traffic for you in real time, but we don't keep that data. All of our servers which you use (e.g. email, web servers, VoIP, etc.) have logs which are kept for a few months, but you do not have to use our servers if you do not want to. Some services can log things if we are diagnosing an issue (e.g. DNS resolvers) but do not normally do so and any debugging logs are deleted as part of normal log rotation. We don't log the content of VoIP calls, though you can ask us to make call recordings (which we email to you), as can the person you are talking to (using our services or someone else's), so best to assume calls might be recorded. We keep PPP negotiation logs for a few months too, for debugging line and router issues. Some servers have diagnostic logs that hold some data for a few days (e.g. SIP control traffic) for debugging, but only relevant if you use our servers. We do not run anything like Phorm, and never will.
We have no so called black boxes to covertly monitor traffic and/or pass traffic monitoring to the authorities or anyone else. Obviously the law is such that we may have to add such black boxes, but we would resist as far as possible. We may even find we are not allowed to change this web page if ever that happens. However, I, as director, am happy to answer direct questions on this matter on irc (user RevK) or on twitter (@TheRealRevK) and you can get paranoid if I refuse to. If black boxes become mandatory we aim to find ways and services to maintain the basic human right to privacy. You can ask about any of these statements on irc if you wish - but try not to harass me too much.
- We have never had an intercept order to intercept any communications on our network or in our equipment
- We have never had a maintenance of capability order for interception on our network or in our equipment
- We have never had a data retention order, and only retain some data as needed for normal diagnostics and business purposes as detailed above
- We have had RIPA requests, rarely, to identify an account holder (we stress that we cannot identify a user) from an IP or phone number. Many of these are invalid (e.g. spoofed phone number that has never been issued to a customer).
Not wishing to be logged
Some people are concerned that they could have traffic monitored within the BT links perhaps. We are not aware of any such monitoring but would not necessarily be told. So, practical steps that we should all take to make covert monitoring harder and to make encryption normal and not an indication of something to hide.
- Wherever possible access web sites using https. This provides end to end encryption. Be suspicious of errors reported. The site does not actually have to be with a well known CA to be secure from passive snooping and if you really want to be careful you need to check the certificate manually by some other means. In fact, a site not using a CA that is in your browser means setting a manual exception and as such you will be told if the site certificate changes which gives you more information than sites that do use a standard CA. If you want to know more - read up on TLS and HTTPS and how it works.
- Make use of end to end email encryption such as pgp. This allows you to ensure the email is encrypted right up to the actual recipient, though the email addresses and subject and other headers are not encrypted.
- Use secure POP3, IMAP and SMTP. We offer all of these for email sending and receipt. This means the link from you to us is encrypted and BT could not snoop on the email even just to see your email addresses used. Where available we will use secure encryption to the next mail server but this only protects against passive snooping on intermediate links.
- If you are worried about us logging your email, send email directly using MX records and receive directly to your own mail server. The current legislations means we would not log anything in that case even if asked to. If you really want, use secure SMTP in such cases where possible to make it impossible for us or BT to log anything. Our support desk can provide help and advice on setting up your own mail server.
- Use encryption as much as possible for all normal traffic. This is important. Encryption should be as normal as using opaque envelopes when sending things via the Royal Mail. The more people using encryption for normal traffic the more the argument of having something to hide falls down. Use https for twitter and facebook and any other normal communications.