I’m a HiNet by CAT user, on the Premium 2/2Mbps g.shdsl package. I noticed something wrong when I tried sending out an email on my university account today. The error came back through Outlook while connecting to the outgoing mail server (SMTP) with “The encryption type you selected is not supported by the server”. This surprised me, so being as geeky as I am, I looked into it.
It turned out that at first sight, my university’s outgoing mail server stopped supporting encryption. But looking deeper into it, there seemed to be an SMTP proxy in between the real server and me. This happened to every single server that I looked at, if I made an outgoing connection through port 25, I would connect to this same server with the same welcome message.
To note: it is about 1.30am in Thailand.
Let’s try the Gmail outgoing mail server, smtp.gmail.com:
> telnet smtp.gmail.com 25
220 [209.85.143.109] ESMTP Smtpd; Thu, 25 Sep 2008 01:33:15 +0700
…
Note here that, smtp.gmail.com resolves to 209.85.143.109 which is not a local Thai IP, but somehow it has a Thai timestamp, with a GMT+7 timezone (oh, coincidence I’m sure).
So I’m going to put this in non-technical words for you: what this clearly shows is that CAT is putting a fake system in between me and the real system (the fake system would pretend to be the real system). The fake system does not support encryption (the scrambling of data sent so that no one can intercept the data, except the sender and the receiver systems). I think this was done in the hope that people will make unencrypted attempts to logon and so the government can log your usernames and passwords and log all emails you send in and out.
I have routed my emails through my secondary True ADSL connection for now since that still supports encryption with the right certificate. I will be setting up an encrypted VPN channel between here and my system in the UK soon and route all emails traffic through that.
What the government has clearly shown here is that they’re willing to go every step in invade the privacy and basic human rights of the people of this country. This should be heavily frowned upon and heavily condemed.
This country is heading for a serious downfall, and if this government doesn’t get out now, it may well be too late.
PS Did you know this country also has an ISP and Corporate Level internet data 90-days retention policy. What this means is, they force all internet service providers and companies providing internet to their staff to log all the traffic that flows in and out for at least 90 days (or face 500,000 baht fine). This is ridiculous both in the sense that it clearly invades the privacy of users, and in technical terms because this system will be very costly in practise.
—————————-
Edit 2: SMTP connections through CAT no longer seems to be going through this fake server.