The Modern ISP Is A Privacy NightmareAt least according to one researcher... 09:15AM Friday Sep 05 2008 by Karl Bodetags: legal · business · privacyForget dopes who leave your social security numbers on a company laptop at a bar, or phishing scams: University of Colorado law professor Paul Ohm believes the modern ISP, thanks to new technological developments like deep packet inspection, poses the greatest privacy threat to American consumers. Sure, NabuAD may have been beaten back this week, but Ohm believes the desire to make a revenue stream out of tracking absolutely everything you do online will be too great for ISPs to resist. From Ohm's Paper, The Rise and Fall of Invasive ISP Surveillance: ISPs, faced with changes in technology, extraordinary pressures to innovate, and murky ethical rules, will continue aggressively to expand network monitoring. The AT&T, Comcast, Charter, NebuAd and Phorm examples will prove to be not outliers but the first steps in a steady expansion of industry practices. Unless some force—regulatory or non-regulatory—intervenes, the inevitable result will be ISPs conducting full-packet capture of everything their users do, supposedly with their users’ consent. Ohm believes that absolutely everything you do online will eventually be tracked, stored and monetized -- unless someone steps up to broaden privacy and wiretap laws, with a more impartial government agency like National Institute Of Standards And Technology playing a central role. As Wired notes, government at the moment is primarily interested in weakening wiretap laws, though Congress has recently shown they're at least marginally interested in protecting privacy in the ISP/user relationship.
Related:- Thursday Morning Links
- Thursday Evening Links
- Friday Evening Links
- Monday Evening Links
- Wednesday Evening Links
- Big Brother Is Watching (And Using Deep Packet Inspection)
- Friday Evening Links
- NebuAD, Several ISPs Sued Over Behavioral Ads
|
 
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | Encrypt everything We need to move to an all-encrypted internet. | |
|  | | | | 
Noah Vail
Serial Thread Killer
Premium
join:2004-12-10
Lorton, VA
 ·Verizon BroadbandA..
 ·VoicePulse
| ISP's as Pirates? Everything that comes about as a direct result of my efforts is my creation; whether I copyright it or not. That includes my purchase and credit histories, things that indicate my personal interests, and anything I have openly or privately communicated.
Any company who profits on my creation
without paying me the royalties I am due
is pirating my created material.
As such, they are every bit as subject to RIAA style fines, as the folks I see accused of piracy here.
NV
--
Abortion: A Republican Plot to Thin the Liberal Herd. | |
| | | | EPS
join:2008-02-13
Hingham, MA
| Re: ISP's as Pirates? You agreed to it, though. The ISP will send you the little slip attached to your bill informing you of the change to the terms of service, and by continuing to use the internet you agree to the change. After all, the company reserves the right to change these terms at any time. Best you can hope for is that if you're on contract the change will be enough to let you out. (And then you can go back to dialup, since all other broadband ISPs are also doing it!) | |
| | | | | 
SillyRabbit
@tds.net
| Re: ISP's as Pirates? said by EPS  :You agreed to it, though. The ISP will send you the little slip attached to your bill informing you of the change to the terms of service, and by continuing to use the internet you agree to the change. After all, the company reserves the right to change these terms at any time. Best you can hope for is that if you're on contract the change will be enough to let you out. (And then you can go back to dialup, since all other broadband ISPs are also doing it!) Many states do NOT allow you to agree to something like this just because they post it. It's kind of like an insurance comapny writing you a check and on the back it says " By cashing this check, you agree that this matter is settled.". It doesn't fly. You should have to actively agree to something like this. Nope, nope, nope. It's obvious you are on the dark side!!! | |
| | | | | | EPS
join:2008-02-13
Hingham, MA | Re: ISP's as Pirates? But that's how they propagate changes to the TOS already, isn't it?
I'm not sure what you mean by the "dark side", though... | |
| | | | kontos
xyzzy
join:2001-10-04
West Henrietta, NY
| said by Noah Vail :Everything that comes about as a direct result of my efforts is my creation; whether I copyright it or not. That includes my purchase and credit histories, things that indicate my personal interests, and anything I have openly or privately communicated. That's a pretty warped view of Copyright. By your logic, you would argue that you own the copyright to my reply to your post. I mean this post is a direct result of your effort of writing that crazy rant. | |
| | | | | | | | | | | | | | | | | | | | | | | | | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: Encrypt everything Probable Cause is required for anyone to tap your communications. You cannot turn on a tap, and filter the data for info and sell it. The ISP does not have probable cause, and thusly is tapping your data illegally.
An we're not talking about people doing bad things. They are tapping everyone, all of the time.
cw | |
| | | | 
CarterStClai
X-Out The W
join:2002-04-17
Sugar Land, TX | Re: Encrypt everything There is a difference between the Gov't and a private business' rights. | |
| | | | SilverSurfer
join:2007-08-19
| said by wentlanc :Probable Cause is required for anyone to tap your communications. You cannot turn on a tap, and filter the data for info and sell it. The ISP does not have probable cause, and thusly is tapping your data illegally. Probable cause is a very weak standard. It is vague and nebulous and essentially allows pretty much any excuse that sounds even remotely reasonable for wiretapping. BTW - Judicial review is not necessary for "probable cause." Probable cause is nothing but an excuse to snoop by law enforcment for no other good reason than because they want to. | |
| | | 
maartena
Obama 2008
join:2002-05-10
Orange, CA
edit:
September 5th, @10:02AM
| said by keyboard5684 :Well, maybe, but think of it this way. Can the government come to your house and put some clips on your line and listen to your phone calls or better yet at the co? Not without a warrant however they do (not officially) do that once it hits the data/voice transport after your CO. A warrant? You never heard of the Patriot Act, did you? 
Local police needs a warrant. The government however, they don't need no stinking warrant. 
Can the NSA break your encryption, probably. Yes, I know the whole theoretical amount of time it takes someone to crack 128 bit encryption but if the government knows how are they going to tell you? We have long moved past 128 bit encryption. My company uses 1024 bit encryption, which requires a few million computers to run for a year or two to crack the code.
Terrorists use encryption to send their important messages, and they probably change RSA key just about every month or so, or right before any important communications.
Really you cannot stop the government from listening in. You can stop them from prosecuting you for doing something wrong unless they had a warrant from the beginning. Excactly. With the current Patriot Act, the NSA doesn't even need a warrant. If they think there is a slight possibility that you could have something to do with something slightly related to terrorism, even if you don't know it yourself (like donating to an orphanage in Syria, which in turn has given money to terrorists in the past - and now you are "connected"), and the NSA can just listen into your phone, cell phone, and internet connections, "just in case".
Also, I think the technology already has you beat. Maybe you can get around it and I can but most people cannot. This means the major part of the internet traffic will be tracked, then the info (surfing habits, etc) will be sold. Being a sysadmin, I can tell you that it is SO easy to put an e-mail tap on someone without the person knowing it and without even anyone else knowing about it but you. Your colleague sysadmin may be able to find it if they know where they are looking, but if you removed the tap before they look, no one will ever know.
I have the dignity and the respect for my employment to not do so, unless specifically asked by management (which I have been in the past), but there are sysadmins out there that do not have ethical standards. Word of the wise: Do not piss off your sysadmin. | |
| | | | 
cho0b
join:2006-09-26
united state
| Re: Encrypt everything said by maartena :Terrorists use encryption to send their important messages, and they probably change RSA key just about every month or so, or right before any important communications. LOL, What terrorists? Is it the Al-Qaedas?! Or are you talking about the American government? I get the two confused so much.. | |
| | | iansltx
join:2007-02-19
Fredericksburg, TX | If you're ot satisfied with 128-bit, try 256-bit encryption. It squares the amount of time needed to break the code, so you're probably safe... | |
| |
anony 101
@comcast.net | We need to move to an all-encrypted internet.
We're getting there. | |
|
maartena
Obama 2008
join:2002-05-10
Orange, CA | It's quite simple... If you are worried about privacy, you have two options.
1) Use encryption with everything you do. (Which includes the need for decryption everywhere)
2) Unhook from the internet. | |
| footballdude
join:2002-08-13
Imperial, MO
| easy The solution is easy. Don't buy anything from an internet ad, ever. Don't even click on an internet ad to see where the link takes you. If you know someone that buys something from an internet ad, punch them directly in the face.
--
It's a trick. Get an axe. - Ash | |
| | EPS
join:2008-02-13
Hingham, MA
| Re: easy I've always wondered why internet advertising is such a giant market, when I myself have never purchased anything from an internet advertisement and have clicked on ads less than ten times in the whole time I've been on the internet (over ten years at least), and now I block most ads with Adblock Plus... but SOMEONE must be clicking on them. | |
| | | wentlanc
You Can't Fix Dumb..
join:2003-07-30
Maineville, OH
| Re: easy Yes, SOMEONE is clicking on them. Those are called morons!
I don't get it either, but there are people with obsessive shopping habits. I'm reminded of the scene from Full Metal Jacket where the DI saks Private Pyle "If it wasn't for dickheads like you, there wouldn't be any thievery in this world, would there?"
cw | |
| | | |
maartena
Obama 2008
join:2002-05-10
Orange, CA
| Re: easy said by wentlanc :Yes, SOMEONE is clicking on them. Those are called morons! I would not go that far. Many of those ads, especially on respectable sites such as major news sites, point to companies you are wanting to do business with anyways.
Say you know you are going to need a new mobile phone in the next few days and you want to change from your current provider to a new one. There pops up the Verizon ad with a good deal. I would probably click on it as I know it will lead me to Verizon, and I am currently in the market for a new plan. | |
| | | | |
CarterStClai
X-Out The W
join:2002-04-17
Sugar Land, TX | Re: easy Some will, I will not, even if it is due to pricipal. Adwords however are a different story. | |
| | | | 
telcolackey
The Truth? You can't handle the truth
join:2007-04-06
Death Valley, CA
| said by wentlanc :Yes, SOMEONE is clicking on them. Those are called morons! I think the company that has one of the largest market caps in the US would highly disagree with you.
--
"Believe only half of what you see and nothing that you hear." - Dinah Craik | |
| | |
cho0b
join:2006-09-26
united state
| said by EPS :I've always wondered why internet advertising is such a giant market, when I myself have never purchased anything from an internet advertisement and have clicked on ads less than ten times in the whole time I've been on the internet (over ten years at least), and now I block most ads with Adblock Plus... but SOMEONE must be clicking on them. You don't need to click on an ad to help out the company advertising. Heck, plenty of stuff you do online helps out advertisers and you and most people probably don't even know it!
Search something in google? It gets filed away along with your IP and all your other searches forever and ever and ever. This might seem like a waste of server space, but the data as a whole is immensely helpful to advertising companies and other companies down the line.
A few years from now (or sooner!) you will be driving down the street and your GPS enabled cell phone will receive an advertisement for your favorite coffee shop that you just so happened to be driving by. Heck, they might even toss in a coupon as incentive, hurray!
Sounds like a big conspiracy, right? Well, as with most other things in our privacy free world, things are worse than you or I could ever imagine. | |
| | goahead
join:2008-09-03
| said by footballdude If you know someone that buys something from an internet ad, punch them directly in the face.
[/BQUOTE :best comment ever | |
| | |
telcolackey
The Truth? You can't handle the truth
join:2007-04-06
Death Valley, CA | Re: easy Shh.... don't say that too loud as the forum you are typing in is funded by internet ads.
--
"Believe only half of what you see and nothing that you hear." - Dinah Craik | |
|
telcolackey
The Truth? You can't handle the truth
join:2007-04-06
Death Valley, CA
| Do no evil ? quote:
Ohm believes that absolutely everything you do online will eventually be tracked, stored and monetized
I know a company that does this better than any ISP on the planet... not only that they have world wide capability.
--
"Believe only half of what you see and nothing that you hear." - Dinah Craik | |
| | 
Doctor Four
My other vehicle is a TARDIS
Premium
join:2000-09-05
Dallas, TX | Re: Do no evil ? Google, perhaps? | |
| 
chronoss2008
Premium
join:2008-03-29 | one solution arkea
or along that lines
cross operating system
, into and out of your dbase its encrypted in it , even if the dbase encrypts this allows for nasa level ( and if you know what that means you get a candy bar ) encryption. | |
| 
pnh102
Reptiles Are Cuddly And Pretty
Premium
join:2002-05-02
Mount Airy, MD
| Stop The Presses quote:
University of Colorado law professor Paul Ohm believes the modern ISP, thanks to new technological developments like deep packet inspection, poses the greatest privacy threat to American consumers.
Wow. A global, public network that allows anyone who accesses it to see what others are doing with it not being safe for privacy? Who knew!
--
"At the moment of conception." | |
| SuperWISP
join:2007-04-17
Laramie, WY
| An alarmist attempt to grab attention Ohm's paper is an alarmist attempt to grab attention at the expense of ISPs. As Richard Bennett points out in the comments on Ohm's blog entry, Google/Doubleclick is a far, far greater threat to privacy than ISPs, because its stated purpose is to compile dossiers on Internet users. ISPs cannot even access most of users' private data, because any e-commerce or banking Web site worth its salt uses SSL. But Google, via gmail, can read every bit of your e-mail and will use it for targeted advertising, profiling, and who-knows-what-else. Social networking sites, such as Facebook and MySpace, also target ads, and give themselves license -- in the "fine print" of their agreements -- to do much more invasive things which they may or may not have tried yet.
Ohm is trying to encourage folks to extend their ill will toward utilities -- especially gas and electric companies, which unlike ISPs are actually monopolies -- to ISPs. His fearmongering is not only misleading and defamatory, but also dangerous in that it distracts consumers from the true threats to their privacy. | |
| |
cho0b
join:2006-09-26
united state
| Re: An alarmist attempt to grab attention I believe you have missed out on some fairly large invasions of privacy by the largest ISPs in our 'great nation.' These invasions have not stopped and will most likely not stop unless we the people make it so.
p.s. "ISPs cannot even access most of users' private data, because any e-commerce or banking Web site worth its salt uses SSL." I laughed. Sorry, couldn't help it. | |
| | | 
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ
 ·Comcast
| Re: An alarmist attempt to grab attention said by cho0b :p.s. "ISPs cannot even access most of users' private data, because any e-commerce or banking Web site worth its salt uses SSL." I laughed. Sorry, couldn't help it. ISPs can easily monitor SSL unless client certificates are used. No e-commerce or consumer banking site uses client certificates. | |
| | | | patcat88
join:2002-04-05
Jamaica, NY | Re: An alarmist attempt to grab attention ?
You mean a man in the middle? | |
| | | | |
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ | Re: An alarmist attempt to grab attention said by patcat88 :You mean a man in the middle? Yes. | |
| | 
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| said by SuperWISP :Google/Doubleclick is a far, far greater threat to privacy than ISPs, because its stated purpose is to compile dossiers on Internet users.
Nonsense. Everyone can opt out of the Google/Doubleclick tracking merely by deleting cookies or making a few firewall entries. It's true that this is unknown to non-technical people, but they can learn.
Data-mining by ISPs is obviously far more insidious. If the DPI/selling of clickstream becomes legitimized, there will be no escape for anyone using the internet. ISPs won't allow opt-in or opt-out unless forced by law. And there is not enough competition for most people to find an ISP that will voluntarily refrain from such invasion of privacy.
said by SuperWISP : ISPs cannot even access most of users' private data, because any e-commerce or banking Web site worth its salt uses SSL.
Are you really not understanding what the discussion is about, or only pretending in order to mislead readers? No one suggested there is any risk of encrypted sessions being exposed. The problem is the interception of all ordinary internet traffic - the list of sites a user visits, search requests and other non-encrypted data.
said by SuperWISP : Google, via gmail, can read every bit of your e-mail and will use it for targeted advertising, profiling, and who-knows-what-else. Social networking sites, such as Facebook and MySpace, also target ads, and give themselves license -- in the "fine print" of their agreements -- to do much more invasive things which they may or may not have tried yet.
Only if you choose to use those services. There are abundant alternatives which have better respect for privacy.
said by SuperWISP :Ohm is trying to encourage folks to extend their ill will toward utilities -- especially gas and electric companies, which unlike ISPs are actually monopolies -- to ISPs. His fearmongering is not only misleading and defamatory, but also dangerous in that it distracts consumers from the true threats to their privacy.
Data-mining by ISP *is* the single greatest threat to privacy on the internet. Nothing else involves such coercion ("consent" to data-mining in non-negotiable "terms of service", or be without internet); and nothing else in internet use entails such a pervasive loss of privacy (*all* of the person's internet use data, not just sites where one has to submit to profiling to get particular services).
It may be defamatory of ISPs to point out the evil of this data-selling scam, but it's the truth.
And if other utilities sell customer data, that needs to be stopped by legislation too. | |
| 
IM1811
join:2001-08-20
Haverstraw, NY
 ·Verizon FIOS
edit:
September 6th, @06:34AM
| New Yorkers have an Advocate: Assemblyman Brodsky Westchester Assemblyman Richard Brodsky has drafted a bill, now gathering support in Albany, that would make it a crime — punishable by a fine to be determined — for ISP's to use personal information about consumers for advertising without their consent. Already, major corporate dollars are being spent to portray Assemblyman Brodsky’s bill as an election year effort to get votes, but after being in Albany since ‘82, New Yorkers know better.
The story is that new companies are creating really slick methods to follow you around the web, and selling your data to anyone who wants to pay them for it. The problem here is that you won’t even know they are doing it, nor will you benefit from it, with the exception of having ads placed based on your web browsing history. ISP’s will make a real killing on your click history. They can share your account history based on your clicks. As to who would buy the data besides marketers, Brodsky warns that it would be just a matter of time before the data would be sold for a large profit to heavy hitters. Insurance companies or banks could and would buy this click history, either directly or as part of an optimized data mining program. This is the mother of all Privacy issues.
New Yorkers should E-Mail Assemblyman Brodsky and show him your support. Tell him he’s the Privacy Champion and to keep up the good work.
Draft Bill:
»assembly.state.ny.us/leg/?bn=A09275
E-Mail Brodsky
»assembly.state.ny.us/mem/?ad=092&sh=con
--
»www.bartgordon.net | |
| | | |
|
|
·
