Slashdot Mirror
Is Comcast Intercepting Packets?
nihilist_1137 writes: "According this page, comcast is intercepting your packets to gain knowledge of your whereabouts and then reselling it to marketers." According to the linked message, "This allows them to not only log all http requests, but to also log the response. Maybe they want to profile their customer browsing history for
subsidiaries or resale to marketers. Maybe they want to do their part in
The War on Freedom. Maybe they just want passwords to porn sites. Apparently they aren't using it to maximize bandwidth, because it's not configured to serve cached data."
Isn't tapping internet connections the same, legally, as a phone tap?
Probably, but this probably isn't "tapping internet connections." I'll bet you dollars to donuts that when Comcast gets called on this, they'll explain how they're only "capturing and keeping limited information" with "aggregate identification only" so that they can "optimize their network configuration" or something like that. The phone company doesn't tap converstations, but they sure as hell have a database of which line called which number, when, and for how long.
They might even be telling the truth. Not that we care - who wants to be the first to write an app that makes random requests to random domains constantly so as to screw up their database?
Now wait a second. Before we all flip out and start bashing ComCast, lets realize a couple things.
Number one, this guy just got transitioned. A lot of people all over the country have been going through the same thing, and not everyone is seeing the same thing as him. As 'hostman' from the MESH (Michigan Engineering Software and Hardware http://misc.eecs.umich.edu/) discussion email list wrote:
"This whole thread got me a bit peeved, so I went home and ran a few tests. I was unable to find any evidence of the packet modification described. It is possible the described issue is not an issue here in A^2, as we 'transitioned' from MediaOne's service, not @Home..."
Secondly, your ISP has the right to monitor traffic to ensure quality of service. Just because the caching part of the server is not currently running, it does not mean that they aren't phasing it into the system. At this point it's just speculation. They might even have more rights to monitor what you're doing, depending on your service agreement. Read it.
Lets get some REAL evidence of what's going on other than this hear-say. Someone show us some modified packet headers, and someone else reproduce those results, and MAYBE I'll believe it then.
Depends. The only reason tapping phones is illegal [at least in most countries] is because of the explicit right and expectation of privacy.
If you shouted in public something you can hardly feel violated when others learn about it.
The internet is inherently non-private. If you want a private connection use crypto. Otherwise, work under the assumption that everyone else knows everything you do on the net.
Tom
Someday, I'll have a real sig.
This is absurd. Internet traffic is no more "non-private" than a telephone call. The fact that means exist for people along the traffic path to intercept communications doesn't mean that they're allowed to. If that were the case, all laws governing phone tapping would be moot since the tapping would not be technically possible.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
Folks.. it shouldn't even have to be repeated, but it does.
When you send plaintext over the net, like HTTP reuqests..
YOU ARE SENDING PLAIN READABLE TEXT OVER A PUBLIC NETWORK.
Where is your expectation of privacy? That's right.. you don't really have one.
Passwords? HTTPS.. that's what the 'secure'part means you know.
I've worked at a national ISP that did a trail of this hardware. The goal is to take the heat off upsteam link. It's fairly useful in a small market were your upstream has to cross a LATA incurring long distance charges.
The logs generated for this device is not anonymous. It's pretty much reads like an Apache log. Source and destination IPs for every request. I remeber wanting to get some sample data to see if we needed to take the Cache log into account for looking at out admin server traffic reports. Small town USA pretty much surfs over 50% porn.
At any rate. It's doubtful they use the cache box to collect internet traffic stats. Why? Well, basically, it's a money issue. Once you have the data great...except it's a freak'n huge sh*tload of data. If you want useful reporting you need to keep data for a year. Your're looking putting almost 500K into disk, CPU, and software. It's not worth it because you'd never recoup the money.
This does NOT mean your ISP doesn't sell your data. An ISP can make some serious cash by selling your data. ISP's can and DO enter into agreements with companies that collect data. However, the ISP wash their hands of the actual process. They let a 3rd party drop a Switch or a Bridge into a POP that directs traffic to a machine that will totally transparently collect data and start collecting checks.
Point is, the Cache is exactly what it appears. A Cache. It does collect data, but I've never heard of a National ISP use that data. They let a 3rd party company do all the work and collect the checks.
Hollywood knows fuckall about facts
Or, more to the point, facts don't make for exciting cinema.
deus does not exist but if he does
I don't doubt that this could happen, but I would hardly worry about a post on a message board or mailing list. Yes, we need to be vigilant, but let us get some independant verification from a trusted source. Better yet, why doesn't one of you who has Comcast as a service provider write them a letter and ask? CC the FCC and the Better Business Bureau if you feel it necessary.
Something about this just smells like FUD to me.