Knowledge base Real internet connection
We provide a real internet connection with our internet/broadband services. A real internet connection, such that IP packets from you get to where they should do, and IP packets to you get to you. There is no messing about.
Press: For comments from our director, or interviews, please email our press office
Many of us at A&A have children and we understand that parents have concerns over what their children may find on the Internet. It is important to consider the best way to tackle this at home, just like any of the other risks that face children as they grow up. Just as you do not expect the highways agency to stop any cars coming down your road so you can let your children play on the tarmac unsupervised, please don't expect us to try and block unsavory content on the Internet - we could not do that even if we wanted to - just look at how ineffective blocks on the pirate bay have become, and that is just trying to block one web site!
Simply use a search engine to look for parental controls - there are many packages, free, and paid for, and even built in to many computers to help manage access to the Internet on a per user, and age appropriate, basis. If you are not sure, please do call our support staff who can point you in the right direction, or consider simply supervising younger children instead.
It is not our role to try and censor what you do with the internet. We do not try and log or limit what you are accessing. It is your responsibility to stick to the laws that apply to you. We have no intention of putting in place any censorship systems or using censored transit feeds.
Censorship systems are usually introduced under the guise of some emotive topic such as stopping child abuse which nobody could argue with. Such systems are very very unlikely to have any actual impact at all on the actual problem they claim to solve. Such systems often break or hinder the normal working of the internet, as seen by wikipedia recently. They are usually easy to circumvent. If they work at all then they just drive the offensive use underground and using encryption so making it harder to find and deal with. They are also the thin end of the wedge as once a system is in place then adding more is easy. Bear in mind most ISPs using such systems then have no control over what is censored or why. If we accept censorship for child abuse, then we have to accept it for terrorism, and then maybe political extremist views, and then maybe not so extreme views, and maybe wrong thinking or pictures of policeman (oh wait, they just tried to make that illegal too!)... "then they came for me and there was no-one left to speak out".
When you signed up for our service you specifically ask for an uncensored and unfiltered internet access. We have no plans to add adult content filters or other stupidity. You are, of course, welcome to run your own filtering on your network and have parental controls configured on PCs on your network. If you have children for which you allow unsupervised Internet access (is that wise) then we would encourage you look in to such parental control systems.
Nat is evil ;-)
It is an important part of the design principles of internet protocol (IP) that every endpoint has a unique globally routeable address. That does not mean there are no firewalls, but it does mean that subject to firewalls and filters a packet can be addressed to any end point on the internet using its unique IP address. Systems like NAT (network address translation) break that. They work by tracking sessions to route reply traffic and having redirection rules. They work well for a small subset of possible uses of internet protocol. The widespread use of NAT limits the development of internet protocols and stifles innovation.
Now that legacy IPv4 has finally run out in Europe, this means that many new connections will only get one external public non-NAT IPv4 address. This often means customers end up using NAT for IPv4. However, we have no Carrier Grade NAT in our network. You can route and use that one fixed legacy IPv4 address as you wish in your network.
For the current version of IP, IPv6, we provide a large allocation (/48) and allow you to route one or more /64 or larger block as you need to each line or site that you have. This allows your own network to operate without any NAT.
For those wishing to experiment with IPv6 only networks accessing legacy IPv4 addresses, as a temporary measure (until the world catches up), we do have a public NAT64 gateway you can use if you wish.
Limits and MTU
It is worth bearing in mind that even a real internet connection has limits. There are limits on the rate of your line because of the ADSL sync speed. IP never guarantees that all packets arrive, in order, and not duplicated. However, we are not imposing any artificial limits on your internet connection. We don't traffic shape any protocols to slow down your link in any way (unless you ask us to, e.g. giving VoIP priority). We do have clear 1500 byte IP to our core network where we have 1500 byte peering and transit. If you use PPPoE there is a lower MTU (1492) which is part of the protocol, but we support 1500 byte PPPoE on lines or where your equipment can handle it. We provide native IPv6 with clear 1500 byte packets throughout our network and peering and transit links.
You can opt for tariffs, such as Home::1, which have specific usage limits that stop your service unless you top up or wait for a new month to start.
We do not log which websites you visit (though the website administrator may). We don't run any sort of transparent proxies or other systems to covertly log what you do on the internet, and do not sell data to anyone. We have no, so called, black boxes which monitor traffic for the government, or anyone else. We specifically monitor traffic levels and make this available to you. If we are helping you debug a problem we can monitor traffic for you in real time, but we don't keep that data. All of our servers which you use (e.g. email, web servers, VoIP, etc.) have logs which are kept for a few months, but you do not have to use our servers if you do not want to. We don't log the content of VoIP calls, though you can ask us to make call recordings (which we email to you), as can the person you are talking to (using our services or someone else's), so best to assume calls might be recorded. We keep PPP negotiation logs for a few months too, for debugging line and router issues. Some servers have diagnostic logs that hold some data for a few days (e.g. SIP control traffic) for debugging, but only relevant if you use our servers. We have not yet been required to retain communications data for 12 months under the Data Retention Directive, so we don't. We do not run anything like Phorm, and never will.
We have no so called black boxes to covertly monitor traffic and/or pass traffic monitoring to the authorities or anyone else. Obviously the law is such that we may have to add such black boxes, but we would resist as far as possible. We may even find we are not allowed to change this web page if ever that happens. However, I, as director, am happy to answer direct questions on this matter on irc (user RevK) or on twitter (@TheRealRevK) and you can get paranoid if I refuse to. If black boxes become mandatory we aim to find ways and services to maintain the basic human right to privacy.
Not wishing to be logged
Some people are concerned that they could have traffic monitored within the BT links perhaps. We are not aware of any such monitoring but would not necessarily be told. So, practical steps that we should all take to make covert monitoring harder and to make encryption normal and not an indication of something to hide.
- Wherever possible access web sites using https. This provides end to end encryption. Be suspicious of errors reported. The site does not actually have to be with a well known CA to be secure from passive snooping and if you really want to be careful you need to check the certificate manually by some other means. In fact, a site not using a CA that is in your browser means setting a manual exception and as such you will be told if the site certificate changes which gives you more information than sites that do use a standard CA. If you want to know more - read up on TLS and HTTPS and how it works.
- Make use of end to end email encryption such as pgp. This allows you to ensure the email is encrypted right up to the actual recipient, though the email addresses and subject and other headers are not encrypted.
- Use secure POP3, IMAP and SMTP. We offer all of these for email sending and receipt. This means the link from you to us is encrypted and BT could not snoop on the email even just to see your email addresses used. Where available we will use secure encryption to the next mail server but this only protects against passive snooping on intermediate links.
- If you are worried about us logging your email, send email directly using MX records and receive directly to your own mail server. The current legislations means we would not log anything in that case even if asked to. If you really want, use secure SMTP in such cases where possible to make it impossible for us or BT to log anything. Our support desk can provide help and advice on setting up your own mail server.
- Use encryption as much as possible for all normal traffic. This is important. Encryption should be as normal as using opaque envelopes when sending things via the Royal Mail. The more people using encryption for normal traffic the more the argument of having something to hide falls down. Use https for twitter and facebook and any other normal communications.