Knowledge base Real internet connection
We provide a real internet connection with our internet/broadband services. A real internet connection that IP packets from you get to where they should do, and IP packets to you get to you. There is no messing about.
No NAT
Nat is evil ;-)
It is an important part of the design principles of internet protocol (IP) that every endpoint has a unique globally routeable address. That does not mean there are no firewalls, but it does mean that subject to firewalls and filters a packet can be addressed to any end point on the internet using its unique IP address. Systems like NAT (network address translation) break that. They work by tracking sessions to route reply traffic and having redirection rules. They work well for a small subset of possible uses of internet protocol. The widespread use of NAT limits the development of internet protocols and stifles innovation. We support IP address allocation rules and will allocate IP addresses to your connection that you need. This means all of your computers and other IP connected equipment can have a globally unique IP address. There are some cases where a single IP and NAT is suitable, and that is supported if that is what you really want. There is no difference in cost for having a proper internet connection with real IP addresses. If you are worried about the world running out of IP addresses - we do have IPv6 address space available too.
Limits
It is worth bearing in mind that even a real internet connection has limits. There are limits on the rate of your line because of the ADSL sync speed. IP never guarantees that all packets arrive, in order, and not duplicated. However, we are not imposing any artificial limits on your internet connection. We don't traffic shape any protocols to slow down your link in any way (unless you ask us to, e.g. giving VoIP priority). We do have clear 1500 byte IP to our core network where we have 1500 byte peering and transit. If you use PPPoE there is a lower MTU (1492) which is part of the protocol. If you have tunnelled IPv6 there is also a lower MTU (1480) which is part of the protocol. You can use native IPv6 with clear 1500 byte packets though.
Data logging
We do not log which websites you visit (though the website administrator may). We don't run any sort of transparent proxies or other systems to covertly log what you do on the internet, and do not sell data to anyone. We specifically monitor traffic levels and make this available to you. If we are helping you debug a problem we can monitor traffic for you in real time, but we don't record that. We also take occasional random traffic snapshots periodically which we hold for 24 hours - this is only to help identify causes of network load problems after the event. All of our servers which you use (e.g. email, web servers, etc.) have logs which are kept for a few months, but you do not have to use our servers if you do not want to. We have not yet been required to retain communications data for 12 months under the new legislation. We do not run anything like Phorm and never will.
Censoring
It is not our role to try and censor what you do with the internet. We do not try and log or limit what you are accessing. It is your responsibility to stick to the laws that apply to you. We have no intention of putting in place any censorship systems or using censored transit feeds.
Censorship systems are usually introduced under the guise of some emotive topic such as stopping child abuse which nobody could argue with. Such systems are very very unlikely to have any actual impact at all on the actual problem they claim to solve. Such systems often break or hinder the normal working of the internet, as seen by wikipedia recently. They are usually easy to circumvent. If they work at all then they just drive the offensive use underground and using encryption so making it harder to find and deal with. They are also the thin end of the wedge as once a system is in place then adding more is easy. Bear in mind most ISPs using such systems then have no control over what is censored or why. If we accept censorship for child abuse, then we have to accept it for terrorism, and then maybe political extremist views, and then maybe not so extreme views, and maybe wrong thinking or pictures of policeman (oh wait, that was just made illegal too!)... "then they came for me and there was no-one left to speak out".
Black boxes
We have no so called black boxes to covertly monitor traffic and/or pass traffic monitoring to the authorities or anyone else. Obviously the law is such that we may have to add such black boxes, but we would resist as far as possible. We may even find we are not allowed to change this web page if ever that happens. However, I, as director, am happy to answer direct questions on this matter on irc (user RevK) or on usenet and you can get paranoid if I refuse to.
Not wishing to be logged
Some people are concerned that they could have traffic monitored within the BT links perhaps. We are not aware of any such monitoring but would not necessarily be told. So, practical steps that we should all take to make covert monitoring harder and to make encryption normal and not an indication of something to hide.
- Wherever possible access web sites using https. This Provides end to end encryption. The site does not actually have to be with a well known CA to be secure from passive snooping and if you really want to be careful you need to check the certificate manually by some other means. In fact, a site not using a CA that is in your browser means setting a manual exception and as such you will be told if the site certificate changes which gives you more information than sites that do use a standard CA.
- Make use of end to end email encryption such as pgp. This allows you to ensure the email is encrypted right up to the actual recipient, though the email addresses and subject and other headers are not encrypted.
- Use secure POP3, IMAP and SMTP. We offer all of these for email sending and receipt. This means the link from you to us is encrypted and BT could not snoop on the email even just to see your email addresses used. Where available we will use secure encryption to the next mail server but this only protects against passive snooping on intermediate links.
- If you are worried about us logging your email, send email directly using MX records and receive directly to your own mail server. The current legislations means we would not log anything in that case even if asked to. If you really want, use secure SMTP in such cases where possible to make it impossible for us or BT to log anything. Our support desk can provide help and advice on setting up your own mail server.
- Use encryption as much as possible for all normal traffic. This is important. Encryption should be as normal as using opaque envelopes when sending things via the Royal Mail. The more people using encryption for normal traffic the more the argument of having something to hide falls down.
