Plans For Massive Web Tracking Via ISPs

Lauren Weinstein, the moderator of the PRIVACY Forum, writes: "My latest issue of the PRIVACY Forum Digest, going out now, reveals Predictive Networks' plans for widespread Web Tracking via direct links to ISPs! Details are here. Thanks much." Pay ISPs for the ability to snoop on their customers, what a great idea. Dave Farber has a comment on Predictive Networks as well.

Foveon does the same thing

Check out Foveon at http://www.foveon.com/.

Crowds

Crowds is a project which allows people to use other people who use a crowds server as a proxy. When a crowds server receives a request, it randomly choses between forwarding it to the destination or to another crowds proxy.

Unfortunately, the crowds code seems to be restricted to people in the US only

Re:Crowds

[Zagadka]

I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.

Tip: use a search engine. I recommend Google. Try searching for "crowds proxy". You should find The Crowds Home Page.

A suggestion...or 3 or 4

#1 let your ISP know NOW that if they deal with this company you will walk...
#2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
#3 Lets ALL drop by and express our opinions of their policies and goals, in a professional manner of course :)
#4 BONUS...surf from Solaris where you can change your MAC address on the FLY...Track this !!!!

I don't ask for much but I insist on ME!!!!

Well I'm gonna

set up a script that browses nothing but Power Puff girl web sites. Go Buttercup, Bubbles, and Blossom!

Image what 2000 hits a day to those sights will do to my "digital sihloutte"

Sure, refuse if you know about it

[bluGill]

Yeah, I'd change ISPs in an instant if I knew they were monitoring me like this.

How would I know though? My ISP sends me a bill every month, and I pay it. My scripts dial a number and I get connected to the internet. I have no further communication with them. How would I know if they decide to sell data on where I was surfing? Who would tell me?

Remember, a number of folks will find a new ISP if they start selling data, so it is to their advantage to make sure I never find out.

Re:Thoughts

[sjames]

There is a trend toward 10.* addresses in cable modem situations. IPSEC cannot always tunnel through this situation.

If you can telnet, you can set up a VPN (using ssh and pppd).

Blown out of proportion again

[Fastolfe]

Stereotypically YRO, it seems as though none of you have taken any business classes and have no idea how things like "supply and demand" work.

If a company does not have the trust of its customers, the company will die. (For those that will undoubtedly mention Microsoft, remember that people like us make up a tiny fraction of Microsoft's customer base.)

If all ISP's were to suddenly decide that it would be really neat if all of their customers could be tracked, there would suddenly be a HUGE market for ISP's that did no such tracking. There would be no shortage of alternatives for customers leaving these ISP's in droves.

It was mentioned that ISP's could possibly offer two account classes, one that was tracked and would be possibly cheaper than one that wasn't. There was further speculation that the un-monitored version could possibly be more expensive than average accounts are today, in an effort to force people to subscribe to the tracked accounts.

Am I the only one that just doesn't understand why ISP's would collectively do this? Why hike rates for no apparent reason, especially when competitors aren't doing the same? If you really think all of the ISP's in the country would get together and agree to raise rates in an effort to force everyone to subscribe to accounts that track their browsing habits, you're talking conspiracy theories again. (Also stereotypical YRO.)

Try to think about this logically, folks.

Re:Blown out of proportion again

[Fastolfe]

Regardless, this will never happen.

Companies just don't turn "evil" and start tracking all of their customers and deliberately and openly invade their privacy like this. Shady companies have appeared and tried to gradually do this, and there are other companies that make it their business to give you something for free in exchange for this type of concession, but you don't have Internet providers just going rogue like this.

It doesn't make any sense.

If your cable modem provider is doing evil things like this, and you have no other alternatives (DSL?), then write them a letter. Write your city or state a letter. Make change.

I just wish all of this wild speculation about how all of the companies in the world are just going to rise up and start invading everyone's privacy would stop. There is zero reason to think these companies will step up and start doing all of these evil things.

All I'm trying to say is THINK ABOUT IT. Everyone seems too eager to equate "technologically possible" with "going to happen".

Re:Stereotypically Fastolfe

[Fastolfe]

YRO does suck. It's filled with paranoid conspiracy theorists. Count up all of the theories and speculations that have appeared in YRO and follow up on them. How many of these things have actually come to pass?

If people would just think about things logically and rationally and stop the wild speculation and jumping on respective bandwagons, YRO threads could be SO much more productive. Everyone is too eager to assume that just because something is possible, or one company said something and had their words twisted so that it hinted that something was possible, that automatically they and all of the companies you do business with are going to rise up and start invading your privacy and selling your dirty secrets. This is just stupid.

And I never ever recall saying anything that indicated 'privacy is for criminals.' Perhaps you're confusing me with somebody else? "Go back to watching TV?" I assume by that you're trying to say that my intention is to placate people? That I want people to just quietly go along with what's happening in the world? If that's the case, then perhaps you've never read any of my comments. All I'm trying to do is inject some rationality into this discussion. All we keep seeing are conspiracy theories and wild speculation that NEVER COME TO PASS. People are too busy saying, "Look out! The evil companies are banding together again to steal our dirty secrets and invade our privacy!" that they don't realize that every time they've said this in the past it's never come to pass. I don't know if they think that they're actually making a difference with these speculations or what.

All I want people to do is think about things rationally. Look at this from the company's point of view. What do they stand to gain? Will they lose customers? Will they break any laws? Does this new company image help them?

Generally, answers are "not a lot", "yes -- they'll lose quite a lot" and "arguably."

Rarely do these offset the gains, so it makes ZERO sense for companies to indulge in the behavior people are speculating about. THINK ABOUT IT.

Thoughts

[jd]

First off, this scheme will only affect the clueless. Anyone in the know can (and probably does) use proxy servers, making it impossible for ISPs to track you.

Secondly, the sheer volume of information they'll need to process will be overwhelming, which means they'll only be able to process the "highlights". It should be easy enough to inject enough decoy communications to render the system effectively useless.

Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

Lastly, each time I see a duplicated topic, it always reminds me of Kryten, off Red Dwarf, for some strange reason. :)

Re:Thoughts

[jd]

You've clearly never been to Europe. There are proxy FTP, Gopher and Web servers covering most of the continent and some of the outlying islands such as the United Kingdom.

I'd say being able to randomly connect with any one of a couple of hundred proxies, in each request, for free, using an SSL connection to hide the real destination, would make it impossible for ISPs, =HOWEVER= advanced their technology, to monitor where you are going.

Secondly, yes, a tunnel needs two end-points. Take your pick - the 6bone has several hundred participants, including at least one tunnel on request service. For free, might I add. With 3DES encrypted IPSec, for those wanting encryption.

If people want to know if you have been to a specific place, ngrep won't help. You can only parse a live transaction log at the speed the software will run, which is likely to be slower than the maximum throughput of N broadband lines.

By using one of the national or international caching systems, such as the one JANet has, the transactions are going to be much harder to identify. You can't simply operate on a given field in the packet, and trust that that will have the right data.

By using the 6-bone, things get worse. AAAA-type records are not known to be nice to software expecting nice, simple A-type ones.

It doesn't help, though, knowing that you're connected to the 6-bone. There are plenty of proxies which allow traffic to cross between IPv4 and IPv6 - SOCKS does this. This means that you can be connected to a local 6bone proxy, and then to a 4/6bone cache the other side of the continent. The ISP will have no means of knowing where you're going.

Privacy is never going to be for the "clueless". Nor, IMHO, should it be. That's not because of any "deserving", or "merit", but because if it's not a priority for someone, nobody made me God to tell them it should be. Nor is it within my right to foist what =I= perceive to be a good thing on such a person.

My rights start and end with me. I have no rights beyond me - anything else, gifted by law or society is just that. A gift, given voluntarily, which can be accepted or refused. But NOWHERE is it given that I have any rights or power over any other person. They, too, have rights that start and end with them.

If those people CHOOSE to put security as a low priority, that is THEIR choice to make, not mine, and woe betide any who decides they know better. That way lies dictatorship and detruction. I am not the world's greatest Baseball player. Nor is there any law which dictates I should be. That does not give you, or anyone else, any right to impose Baseball on me, in any way, shape or form. I've made my choice, and it's your tough luck if you don't like it.

If Fred Bloggs, down the road, chooses to allow their ISP to monitor all their web usage, that too is their choice. My beliefs concerning privacy and security are irrelevent. Their choice is THEIRS. If Fred Bloggs =wanted= to be a Guru on network security, you know what? They would be. If they aren't, and don't wish to be, I have no right to impose that upon them.

Re:Thoughts

[Xenu]

Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.

Re:Thoughts

[Non-Newtonian+Fluid]

> this scheme will only affect the clueless

That's not the point. _No one_ should have to jump through hoops to maintain their right to privacy on the Internet. One shouldn't have to be a "geek" and know how to beat the system, because the system shouldn't be that way in the first place.

> the sheer volume of information they'll need to process will be overwhelming

So maybe it'll be difficult in the beginning, but remember Moore's Law can be applied to more things than your Quake III fps score or your Linux compile time. While processing power, bandwidth and storage capacity continue to increase, the last time I checked, the length of URLs was pretty much constant. If they can't handle all the data now, with the right funding, they will be able to soon. It's only a matter of time....

Re:We need to fight back!

[dominion]

Here's the deal:

If man is inherently good, then anarchy is possible because people can regulate their own day-to-day activities without authority.

If man is inherently evil, then anarchy is necessary, because then nobody can be trusted to be in a position of power.

State socialism didn't work, but what about council communism, which was very anarchistic until the Bolsheviks took over the councils? What about primitive cultures, which basically existed on very anarchistic principles?

Don't put so little faith in your fellow people. It's power that corrupts, so eliminate positions of power and authority, and then we can see where we can go from there.

Michael Chisari
mchisari@usa.net

Re:No.

[finkployd]

I don't think it's the smart people they are targeting.
:)

Finkployd

Noise

[Rupert]

Faced with the choice between a PN ISP and a non-PN ISP, I know which most of use here would choose. However, it may not be easy to find out whether your ISP is in the Predictive Network or not, or the non-PN ISPs may be much more expensive.

The solution is noise. Code up a browser-bot (GPLed, of course) that randomly surfs the web while you're not (you don't want to interfere with your real browsing). Be careful you don't cross the arbitrary line of "excessive use"! Feed it some biases, or search terms from time to time, and watch as you get bombarded with spam from www.armadillofancier.com.

Re:This seems like a dumb idea for ISPs

[hope1ess]

Problem is most people only talk privacy, but will still sign up for a free internet account, willingly subjecting themselves to this level of oversight, and more. The free-ISP I used to work for is working very hard to log as much as possible, of traffic sent, including url's and search keywords. Your account setup process may be "anonymous", but sooner or later, if you use a free-isp, and you fill in a web-form, they are going to have identifiable personal data, stored in their DB, and available to almost anyone within the company. How long before some curious hackers start paying attention to db-security flaws and start sharing this wonderful data?

Lunatic marketroids

[Trickster+Coyote]

From Predictive Networks product information page:

[The Internet is] big, it's unorganized, and its users are simply unable to wade through it all to find interesting information that satisfies their needs.

I don't know what warped dimension these guys are living in, but I find ads to be the least interesting thing on the Internet. And my information needs rarely have anything to do with purchasing products or services.

Until now, the only way reach end-users through all that clutter has been to bombard them with banner ads. And, as today's declining click-through rates show, this approach got old fast.

Again they assume advertising messages are more important to people than the actual content of web pages. All that stuff is just "clutter". And banner ads are "old" because people find them annoying. Targeting them won't make them any less so. A telemarketer who interupts my dinner trying to sell me something I might be interested in is no less irksome than one with a product I don't care about.

We have developed a revolutionary infrastructure-based content delivery platform that enhances users' online Internet experience by delivering highly personalized, custom-tailored information right to their desktops.

What information? And how will it appear on my screen? Are random web pages going to pop up in my browser that they think I might be interested in?

More likely "information" is their euphemism for ads. So how are these going to appear on my computer? When I read Slashdot, will they be substituting their ads for the ones Andover puts on the pages? Or will there be boxes popping up on my screen flashing ads and disrupting what I am trying to read? Will my ISP insist that I must use their specially customized version of Netscape 6.5 with a special window to dispay the content they think I ought to be reading?

It all sounds like a marketers wet dream to track all the interests of individuals in order to target the ads, but I am unable to see how they are going to deliver them. Substituting ads on a page would upset site owners who would probably sue. Pop ups will annoy subscribers and probably lose business for the ISPs. Special browsers with ad windows are already in use by "free" ISPs; why would anyone want to pay even a "discounted" rate for same thing they can get for free?

"Content providers, such as advertising organizations, can harness the power of the Internet to send highly-targeted, rich media messages directly to the audiences they desire."

The language of this statement makes want to puke (advertising = "rich media messages" ??!!) These people are so out of touch with real life and real people it is quite scary. There is no way I would want people like this to be tracking my private online activities.

Security initiative

[Hard_Code]

Couldn't this be circumvented by a simple wire encryption protocol like SSL or something? Or are they actually sniffing packet destinations, etc? I can see web sites with logos proclaiming "Secure Anonymity Site". I would certainly avoid sites which would allow snooping of traffic and move to the more "secure" sites. But then again it is business itself that is doing this. Also, not everybody has an SSL capable browser or server.

Re:HMmm

[Spyky]

It doesn't matter if you encrypt your data. The point is they know where you are going. It doesn't mean just porn either, though I'm sure you'd prefer to not be in some company's database as a daily visitor to reallyillegalvirginteens.com. It also allows them to track what political sites you go to, if you've been researching homeade explosives, if you like to purchase chinese torture implements on ebay, what stocks you look up at cnnfn.com. Who knows, whatever you are into from weird to normal, private or not, if you go to a website about it, it will appear in some companies database.

The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit. And tracking you online is just one quick partnership with your ISP away. Then they have an address, a phone number, a credit card number, and a comprehensive database of everything you view online.

Scary ain't it?

Spyky

Re:Good Anti-marketing for ISPs? it's been done

[radja]

That campaign shook up quite a stink in the netherlands. competing ISPs tried suing. They lost. The truth hurts. Although this campaign was mostly targeted against the 'free' ISPs

//rdj

Re:We need to fight back!

[fougasse]

If man is inherently good...
If man is inherently evil...

Hmm... how about none of the above? There is no such thing as "man", a creature which always has the same characteristics. Some people are good. Some people are greedy. Some people are evil. Some people are good, but for some unfathomable reason like mayonnaise.

Humans are not identical. Not everyone can regulate their own activities. Some can be trusted in positions of power. Anarchy might work with robots; it doesn't work with humans.

I can't sit back and watch this!

[net-fu]

Come on people.. This is hoax type material. I work for an ISP. Our mail log looks like one of those screens from the Matrix. Nobody is spying on you. Really.

There are a lot of moral, legal, and technical reasons why this is not the case. I don't know about this Predictive Network stuff, but it sounds like a hoax being brought on by l33t h4x0rs.

Re:I can't sit back and watch this!

[Mendax+Veritas]

I doubt this is a hoax. I work for a network management software company, and we've had requests from major-name American ISPs to gather information of this type. We've refused. So there definitely is a "market need" out there waiting to be satisfied, and apparently Predictive Networks wants to satisfy it.

solution

[niekze]

Couldn't you just do all your web browsing through someting like that anonymizer service? not convienient. but a viable solution?

as a conservative...

[Travoltus]

I'm especially scared of this kind of censorship.

The TV media censors conservative viewpoints off the airwaves, especially if it is the viewpoint of someone who isn't a raving racist nut and making us look bad.

They shut the conservative viewpoint completely out in colleges, too.

IMO it isn't suddenly cool when AOL just flat out filters out the Democratic National Committee website, and escalates the destruction of productive political dialogue to a new level.

I hope when I turn on the Larry Elder or Rush Limbaugh show, they've got something negative to say about this...

========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,

Re:Predictive's watching me

[348]

Very funny, and on-topic.

Keep it up!

Thanks, Mafiaboy, for giving them an excuse.

[jjsaul]

Though the article concerns itself with commercial interests motivating this kind of tracking, and I acknowledge that Uncle Moneybags is more likely to strip away our last illusions of privacy than Big Brother, I think it important to point out that this is the logical result of massive DoS attacks as well as targeted cracks.

The Infospace is fundamentally vulnerable, and the more we come to depend on it for vital activities the more that vulnerability becomes a threat to which the citizenry demands a response. The day that Yahoo, Ebay and friends went down, everyone heard the "shot heard round the world" that was the hope of privacy and anonymity on the Internet summoning upon itself the attacks of every government.

It was inevitable. Given the ease with which any 15-year-old script kiddie can disrupt the resources of others, imagine the damage that could be caused by a determined and professional team of terrorists, extortionists and thieves.

No, I don't believe in security through obscurity, so what I see right now is a race - can we make the web secure through technology, or will it become the stomping ground of manditory constant government surveillance?

Under the plan in the article there is an opt-out potential - pay more to use an ISP that doesn't pimp out its users. Somehow I don't think the NSA has such an opt-out provision in Echelon, much less on the internet.

What about multiple users?

[WhiskeyJack]

The site makes no mention of how multiple users on the same computer might be handled. Wouldn't shared usage spoil their profiles?

And since their tracking relies on an "anonymous" number...what would happen if all of us were to use the same number? (My impression is that the number is somehow incorporated into the client software....shouldn't be too hard to change it. ;)

Behold, the reading habits of one huge entity named Slashdot!

-- WhiskeyJack

Re:OOG NO WANT BE TRACKED!!!

[hardburn]

Yeah! OOG rules!

I say that Slashdot should change their program to give OOG a (5: Funny) by default.

Privacy? What Privacy?

[zarathustra93]

Hello All. How many of you are from London? I'm from the states and visited the city recently. I was amazed at the sheer amount of cctv cameras on street corners, in the tube, shops, even in fscking pubs! It really got me thinking. At the company where I work, we have no less than 16 cctv cameras monitoring our entire workforce, and the area surrounding our building. Almost every other company in this area does the same. Credit card company's monitor how much we spend, what stores we spend it at. They even monitor our movements. The same situation exists with our fun to use debit cards. Companies like DoubleClick already monitor most of the less technically savy. Companies buy & sell our online habits all the time. Someone posted above that it isn't big brother that is going to take our privacy away, but mr. moneybags. That person was correct. Except that they (yes, *them*) have already done it. Our privacy has been slowly and anonymously chipped away since the end of world war two. I hate to say it but I suspect that this battle was lost long ago, without anyone noticing. This time the revolution *was not* televised.

OOG NO WANT BE TRACKED!!!

[OOG_THE_CAVEMAN]

OOG HATE THOUGHT OF BEING TRACKED BY ISP!!! OOG NO WANT ISP SELLING OOGS RECORDS!!! OOG LIKE VISIT PR0N SITES (FOR HOT LESBO CAVE WOMAN PR0N) AND DOWNLOAD CAVEMAN MP3'S!!! OOG NO WANT PEOPLE SPY ON WHAT OOG LOOK AT ALL THE TIME!!! OOG WANT BE ABLE TO DOWNLOAD GIGS OF PR0N AND MP3'S AND CAVE WAREZ IN PEACE!!! OOG FIND JERK WHO CAME UP WITH IDEA AND BREAK HEAD WITH OPEN SOURCE CD!!!

Banner ads

[PollMastah]

So. They are tracking your "HTTP click stream". Apparently they think the Web = the Internet. Then they say, "You can obtain your ID by clicking on ... ". So apparently you have to be using Windows and have their software of some kind installed. Great.

So what if I don't use Windows? I fancy any Linux client can be easily hacked/cracked to not send this "click stream" information... Or does that mean I'm not allowed to use that ISP just because I use Linux and not Windows?!?! Or perhaps they are doing it from the ISP's connection, so that any form of outgoing HTTP requests will be attributed to my client...

All this Web activity tracking makes me sick. I think it's about time we built our own proxies with encrypted HTTP requests so that nobody can track our browsing history. All we need is to have special connection code in Mozilla (or perhaps even a Linux kernel module, anyone?) that encrypts the HTTP stream, perhaps send it via some unknown port (definitely not 80, perhaps some esoteric port like 12529) to a proxy that decrypts the HTTP stream and forwards it to the real Web server.

The proxy itself may be open to the tracking -- it's irrelevent because they would just be tracking the combined traffic of a large number of proxy users and they can't determine the source of the forwarded HTTP requests anyway. Besides, I for one am going to filter out doubleclick and other such domains completely on my firewall. Banner ads suck. If I want something there are places I can look it up. I don't need to be spoonfed garbage like ads. I can't stand this incessant bombardment of "buy me! Buy this! buy that!" trash. As if TV commercials aren't bad enough.

Another idea that just came to mind is to have the proxy code available to everybody. We can then use each other's machines as proxies and make the data they collect totally useless and not resemble any real information about you at all. I haven't thought this through so it might be a bad idea, but anyway, it's an idea for slashdotters to talk about.

Data Protection Act

[DarkMan]

Ah, but to go along with the draconian laws that the RIP bill is, there is a little diamond in the rough.

The Data protection act. Basically, if any UK organisation (not just a company, any org) wants to store personal data about me on a computer, they have to get my signature on a piece of paper, giving them permision. In other words, such a scheme in the UK must be opt-in.

Additionally, they _have_ to let you view _all_ the data you hold on them, for a nominal fee.

(Oh, IANAL, that's just how I precieve it to work, as someone whose tangled briefly with it)

So, how does this releate? Well, look at the they way they let you see your personal data:

Any subscriber on The Predictive Network has the right to view their Digital Silhouette free of charge twice during the calendar year. Subscribers will be charged $50.00 per request thereafter.

Note the two free views. This is so that they can link the Silhouette with a person (or maybe I'm just a bit cynical). After that, you pay through the nose. In UK, assuming it's sent via email, I believe the maximum they can charge is one pound (Those values are typical from companies that snail mail the data to you. They may not be able to charge even that much). Thier planned method of limiting acess to the data they hold is illegal in the UK.

Other nice touches - it would have to be (technically) opt-in. Admitingly, they can be rather sneaky about it - it's now common to have a small box on any form you send to a company, and if you _don't_ tick the box, they have your permision to sell your data. However, it's trivial to tick the box and stop them.

Data protection act - As far as I have seen, it's good for individuals, and bad for companies.

Oh, and there are a number of prosecutions each year under this act - in other words, this has teeth.


--

Re:Who's paying for this?

[Greg@RageNet]

Battery Ventures

www.battery.com

20 William Street, Suite 200
Wellesley, MA 02481
phone: (781) 577-1000
fax: (781) 577-1001

901 Mariner's Island Boulevard, Suite 475
San Mateo, CA 94404
phone: (650) 372-3939
fax: (650) 372-3930

Write Robert G. Barrett (Managing Partner) and
show your displeasure at the types of company
battery chooses to fund. His address is
bob@battery.com

Write to your ISP

[Cyrano+de+Maniac]

If you are truly concerned about this issue, it is a very good idea to politely inform your ISP that you will refuse to do business with them should they participate in this kind of monitoring.

Just a short note to their sales department or administrators should be enough to let them know
where you stand.

For your convenience I'm including a "form letter" that we can use to make our opinions known. Be
sure to substitute your ISP's name in the appropriate 4 locations in this message, and to substitute your name at the end.
------------------------------------------------ --
Dear (ISP NAME HERE),

I wanted to take just a minute of your time to highlight an issue of some importance to me, a customer for (TIME PERIOD), by which I hope to make known at least one customer's views on some rather disturbing trends in Interenet access. Just a moment of your time to express my thoughts, and hopefully influence (ISP NAME HERE)'s future direction would be appreciated.

There is currently an initiative and offering by a company named Predictive Networks to engage ISPs in a scheme by which the ISP will monitor web traffic patterns from individual subscribers. This data would be given to Predictive Networks to create user profiles which are then used for marketing purposes.

In exchange for this information ISPs would presumably be financially compensated. This of course can only lead to coercion by ISPs upon subscribers to submit to this sort of monitoring lest they face either termination of service or higher service fees.

The discussion which brought this initiative to my attention can be found at the URL http://www.vortex.com/privacy/priv.09.13.

I have no desire to particpate in such data collection, and will vigorously oppose the imposition of any such policy upon me. As a satisfied customer of (ISP NAME HERE) to this date, I want to make known that I will refuse to conduct business with any ISP which chooses to participate in this venture. I sincerely hope that (ISP NAME HERE) will never consider detailed monitoring of their customer's Internet traffic.

Thank you for your time,
(YOUR NAME HERE)
------------------------------------------------ --

What impact on DSL?

[wrenling]

This is mostly referring to ISP's (I know,
backbones *are* mentioned) -
and where I live, the major DSL provider is
SWBell, which is a semi-regulated provider.
(Semi-regulated by the government). Telephone
companies keep track of all sorts of data
about us - all the calls we receive, all of
the calls that we make. What they can do with that information is extremely limited. They are prohibited
from selling or making that information available,
unless its requested by a law enforcement agency.

Would those regulations also apply information
that they may/could gather through a DSL-style
connection? And if they currently do not, should
they be expanded to do so?

The concept is rather scary - as long as a company can make money by infringing on people's
privacy, those companies will have no issue to
continue to track/monitor and sell information.

As much as I am against governmental regulation,
some federal guidelines may be necessary in order
to keep these companies in line.

Just my 2 cents... on a sleepy Friday morning...

Re:What impact on DSL?

[MacRonin]

Telephone companies keep track of all sorts of data about us - all the calls we receive, all of the calls that we make. What they can do with that information is extremely limited. They are prohibited from selling or making that information available, unless its requested by a law enforcement agency.

Sorry but this assumption is not quite valid anymore. Pleae refer to:
"CNN" - FCC to appeal court ruling vacating privacy regulations - August 25, 1999. A court ruling overturning federal protection of telephone customer records puts the interests of phone companies over the rights of consumers, a top federal regulator says.

The Federal Communications Commission("FCC") plans to appeal the decision by the three-judge panel of the 10th U.S. Circuit Court of Appeals, which could enable phone companies to use information about customers for marketing purposes without obtaining their consent.

"FCC" Chairman Bill Kennard said the court's decision to reject the commission's rules remove important protections to consumer privacy.

Political News from "Wired News" - Phone Records Up for Grabs?. A court ruling ( 98-9518 -- U.S. West Inc. v. Federal Communications Comm. -- 08/18/1999 ) with implications for the use and sale of private telephone records sets a disturbing precedent for how the courts regard privacy, watchdog groups say.

But the Federal Communications Commission("FCC") will appeal last week's 10th Circuit Court of Appeals decision, which pleased those privacy groups.

The ruling effectively canceled a vague "FCC" regulation that had forced phone companies to obtain customer permission before using or selling call records for marketing purposes.

ACLU Press Release: 10-25-99 - Consumer and Privacy Organizations, Legal Scholars Urge Appeals Court to Protect Consumers' Telephone Privacy. In a friend-of-the-court brief filed today, 15 consumer and privacy organizations and 22 legal scholars urged a federal appeals court to reconsider a decision that would allow telephone companies to use private telephone records for marketing purposes. The groups, including the American Civil Liberties Union, said that the case is of great importance to consumers across the United States. The brief, filed in support of a petition from the Federal Communications Commission, asks the 10th Circuit Court of Appeals to uphold a privacy provision that was enacted by Congress in 1996 and implemented by the FCC.

Scary article from marketroids' perspective

[Noel]

Doing a quick Google search, I ran across this article praising the development of "interactive relationship managers" (IRMs) like the one developed by Predictive Networks. The author is all agog about the marketing benefits of using these IRMs to target exactly what the customers want. He says that 'the "best customers"...[will] make sure that the only advertising that gets through is advertising that they really want to hear.' But then he claims that the way to do this is to use IRMs that 'collect user data based on the surfing habits of ISP customers and then make appropriate suggestions as to what else those customers might like or need.

He also mentions the opportunity for companies to act as free ISPs to their customers so that they can easily gather the profiling information.

<RANT>
This "solution" is patently ridiculous (maybe it should be patented!). Am I a "best customer" in his terms, or not? I absolutely do not want my time and bandwidth wasted by any advertisement unless I decide that I want to see it. According to his definition, that makes me a "best customer".

But there's no way that I want any commercial entity, either software or meatware, to profile my actions and try to figure out what I might be interested in. I'm sorry, but this "best customer" wants to choose for himself what he's interested in seeing. I know best what I'm interested in. Any other "solution" is a travesty, and especially one that violates my privacy in order to provide a useless "service" that I do not want at all.

Not only is the IRM a violation of my privacy, but it's also ineffective -- my current interests are not determined by my previous interests. If I am interested in purchasing something, I will find the information I need for myself. And it will be good information -- not just biased marketing drivel.

How can someone be so clueless to think that IRMs are a solution for people who want to control what advertising they see? They are the same marketing solution all over again - "we will tell you what you should be interested in."

Sorry, but I'm not listening. I already know what I'm interested in.
</RANT>

Set up tunnel network

[Greyfox]

I've been kicking around the idea of setting up an invitation-only IPv6 tunneling network with encrypted tunnels. This story encourages me to develop the idea.

UK and the Regulation of Investigatory Powers Act

[Lowther]

In the UK, the government will get there first.

The Regulation of Investigatory Powers Act will treat ISPs as telcos. It will require them to put the monitoring apparatus in place, so the government can watch what its taxpayers are doing. More detailed discussion of this hideous legislation can be found at the STAND site.

Once the telcos, sorry, ISPs put this apparatus in place, thy might as well get some return on their 'investment' by gleaning marketing info about their customers in passing.

We need to fight back!

[dominion]

I keep seeing these draconian laws being passed by our government, and these orwellian systems being created and implemented by profit- and power-hungry corporations. It seems every day there's a different post to Slashdot describing some new method for controlling the flow of information and the freedoms that we should be taking for granted...

And what are we doing about it? Why do we keep allowing our rights and freedoms to be taken away?

Why are those in power doing this to us? That's easy to answer: Because they can. Because anybody in power will seek to extend their power and control.

Why are we allowing this to happen? I don't know. Some of us are fighting back as much as we can, but most of us simply post to Slashdot and complain.

Listen up! All this bullshit that we've been fed ("We live in a free country!", "The economy is doing great!"), it's all just that: bullshit! We're losing our rights and freedoms on a daily basis, our economy is fake (the drop on last Friday was equivalent to Black Tuesday in 1929), people all over the world are being forced into sweatshop slavery in the name of "economic progress", and our environment is being raped and destroyed at an alarming rate in the name of profit.

And most importantly? The technology that we all love and support is being turned back on us in order to control and monitor people. They're usurping something that they have no right to usurp. We have to put the power of technology back into the hands of the people!

It's time to fight back! It's time for a revolution!

http://www.indymedia.org - Support independant media!
http://www.soaw.org - Why are our tax dollars being spent on training murderers?
http://www.corpwatch.org - So you think only governments can oppress and censor?

http://www.spunk.org
http://www.infoshop.org - Communism is dead, Capitalism is close to it. There is another alternative, and it's time we started exploring it.

http://www.adbusters.org
http://www.rtmark.com
http://www.subvertise.org - Subvertising (also known as adbusting) at it's best.

http://www.ainfos.ca - Keep informed on what is happening in the world, from an anti-authoritarian, grassroots perspective.

http://www.a16.org - Seattle and D.C. are just the beginning.
Michael Chisari
mchisari@usa.net

Oops... link down

[Hizonner]

Looks like Zero Knowledge picked an inopportune time to update their Web site.

They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.

Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.

A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.

The software runs on Windows; Linux version due RSN, so they say.

50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).

Disclaimer: I want to work for these guys.

It's inevitable: simple economics, plus the gov't.

[IronChef]

I work for a big .com, and in the course of my product management duties I have picked up some knowledge about how ad rates on the net are set up.

(Vocabulary you need to know: CPM. CPM stands for "cost per thousand," and it is how ads are sold. Show an ad to 1000 people, and you earn the ad's CPM, less a fee for ad serving, which is somewhere around $0.30-$0.50, from AdSmart anyway.)

Anyway, here's why all this tracking hoo-hah is inevitable...

Un-targeted banner ads -- the "bottom feeders," I have heard them called -- command a measly $1-3 CPM. Many sites that do not have their users categorized display these "run of site" untargeted banners. They make a few bucks per CPM. Nice, but it's not the big money.

Targeted ads are much more lucrative. If your users are divided into highly "vertical" segments, like car people, pet people, etc. you can make $10-$15 CPMs.

Right there is the motivation for all of this. Targeted ads make the big bucks.

But, look on the bright side... in the coming no-privacy ISP world, there's an opportunity for a number of right-thinking geek-run ISPs to really grow and serve our needs...

... until the government fixes that by banning on-line anonynimity. Which is their ultimate goal -- don't doubt that for a minute. The President stated that very clearly recently. I wish I had the link handy. Right now we should also be thinking of ways to defeat enforced-by-law identity tracking, as it is inevitable.