Slashdot Mirror
ISPs May Be Selling Your Web Clicks
Mozzarella writes "Could our ISPs be selling our click data without us even knowing it? It seems like the practice is happening a lot more than we realize, and can be tracked for each user. Complete Incorporated's CTO David Cancel told Ars Technica that his company (an internet research firm) licenses click information from ISPs for 'millions of dollars' to figure out how we use the web. From the article: 'He did not give a specific figure about what this broke down to in terms of dollars per ISP user, although someone in the audience estimated that it was in the range of 40 per user per month — this estimate was erroneously attributed to Cancel himself in some reports on the event. Cancel said that this clickstream data is 'much more comprehensive' than data that is normally gleaned through analyzing search queries.'"
There is little new here. Companies such as http://www.hitwise.com/ have been purchasing raw traffic data for years. They place a box at switch level and monitor everything about everyone and the sell on the reports for profits. The last time I had a quote from them it was in the region of $28k to monitor footfall to a single site for a year. Access to the full data set can run into the hundreds of thousands.
If this is being done without users' consent, then it strikes me as being dangerously close to wiretapping, which is illegal.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
"Good lord, it's full of... porn"
technical writing / development
just stop using the mouse?
No more clicks.
Take your mod and shove it!
It is WITH user consent via the 99.9%-unread EULA. Compete could license data from say, NetZero, also funded by Charles River. Or maybe from Alexa toolbar-collected data, since the Alexa Research team all went to Compete around the year 2000. Read the EULA.
And to think all this time I thought cancel meant something else.
Some drink at the fountain of knowledge. Others just gargle.
Insert joke about a click business represented by a guy named Cancel here.
For curiosity's sake, who is buying this info from ISP's? Spammers?
write a randomizer (using wget?) to pollute their data?
"National Security is the chief cause of national insecurity." - Celine's First Law
I believe that I own the copyright on all data generated by my mouse clicking, who should I be sending the lawsuit to?
You all act so fuckin high and mighty - Privacy is a moot point to argue when you live in your parents basement.
You know I'm right
Son, your mother and I have said it before and we'll say it again: if you didn't have such a fixation on ostrich porn, we wouldn't have to monitor your net connection. When you're 18 and you have a place of your own then you can look at all the flightless bird porn you like, but not a moment sooner. Do you have any idea what it did to your little sister to come home and find you naked and covered in egg yolks with your head in a box of sand and feathers stuck up your ass?
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
While a counterattack is possible there are two mitigating factors:
First, philosophically, it is always the course of greater wisdom to explore extinguishing the problem using passive resistance (eg. avoiding offending services). Sadly, this is rarely effective against a determined aggressor but it does prevent unnecessary conflict by establishing a baseline of just how determined the aggressor is.
Second, in terms of time, the information gathering industry is way ahead of us and the internet laws are written to be easily used against people who would interfere with their exploits.
All in all, though, data pool pollution would be an effective approach if the aggressor has been determined to be resolute and the legal aspect weren't so grim.
the NPG electrode was replaced with carbon blac
If you don't know what Cmd-Shift-1 and Cmd-Shift-2 are for, GTFO.
If you think Firefox is a decent Mac application, GTFO.
If you're still looking for the "maximize" button, GTFO.
If you don't know Clarus from Carl Sagan, GTFO.
Bandwagon jumpers are not welcome among real Mac users. Keep your filthy PC fingers to yourself.
For his part, David Cancel told Ars that he "strongly supports an increase in the methods and degree to which disclosure is communicated," not only for clickstream data but for any kind of data collected on users' personal surfing habits.
Nicely put. I'd even go so far as to suggest it's even nicer than what we typically hear during White House press conferences.
He stated that "all users should be informed explicitly when their data can be sold to a third party."
The tricky part. A nice sounding pronouncement, but it sidesteps the issue of whether they are, and if so, to what extent, etc. And it overlooks what we should expect, which is typically a progression starting with a scandal, followed by a Mistakes Were Made apology, followed by calls to action and the scattered efforts of those affected but who otherwise have little say in the matter, and if we're lucky, a legislator giving a There Oughta Be a Law speech before some subcomittee.
I've often wondered what the cable companies are doing with respect to TV watching. On the one hand, it seems perfectly reasonable that they could devise a system whereby they could collect statistics on my viewing habits and sell them to Nielsen's. On the other, I'm not aware of whether they can, have plans to, or already do. Maybe someone more knowledgable can clue me in.
Probably was shortened from Cancelorallow when they passed through Ellis Island.
"The practical upshot of this is, I've never seen a contract. I called them up to activate service over the phone. No EULAs, no clicking, no "I agree," nothing."
Dammit! For a bunch of geeks you all can be dumber than the common-man you make fun of. Just how many times do you have to be told about implicit contracts? Sheesh!
Cancel or Allow Cancel to view your clicks?
huh?
What are they going to do with all my clicks at clownporn-bdsm.com? Try to sell me a second subscription?
I bet that it is relatively easy to match the anonymous identities in this data set with other data sets from websites that collect ip/cookie data. A few common urls in a certain order... heck they prob don't even need to be in the correct order or time stamped. The cookie data may even be right in the url.
Boy if HotSpotVPN is not going to make hay off of this, I don't know what will.
It is WITH user consent via the 99.9%-unread EULA.
If the EULA enforces things that a reasonable person wouldn't expect to find in a contract of this type, the unreasonable elements of the EULA may be found unenforceable by the courts.
Whether the right to sell data relating to your Internet use to third parties something a reasonable person would expect is debatable. Someone could challenge those portions of the EULA covering click info, on the basis that they are not to be reasonably expected in an end user license covering a contract for Internet access.
The challenge wouldn't necessarily prevail in court, but it could be made. The legal theory behind this is that when one party holds a substantial bargaining advantage over the other, and has employed contractual language that is dense and lengthy, it is unreasonable to expect that the disadvantaged party will be able to spot every element of the contractual language. After all, the company can employ a lawyer to put all sorts of bizarre language into a contract, and most consumers are not schooled in such language, nor do they necessarily have the time to go through the language of each and every EULA. Thus, if the party with an advantage employs tricky language in the EULA, that language can be considered unenforceable.
Read the EFF's Fair Use FAQ
That's $0.40 dollars per user, not $40. The cents sign is missing from the summary.
flightless bird porn
March of the Penguins was so damned sexy, I get hot just thinking about it. Can't believe the rating it had. Oh and Emus! Don't get me started on Emus! Oh God! Anyway, at least now we know what the dodos died from...
Too funny. Do chickens count?
Seven puppies were harmed during the making of this post.
Mwahaha, my plan to distort tracking information by clicking on millions of porn links has not been in vain !
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
aw come on mods, that had to be at least a -3 off topic.
it's not fair. I've had loads of +2 to +5 moderations, but never a -3, surely you can give me this one thing....
I'm tryin, but someone rigged it so I have to have points to take them away.
It's like applying for a loan at the bank all over again.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
What's wrong (after reading TFA):
The data is not sold with accompanying user name or information, but merely as a numerical user value. However, it is still theoretically possible to tie this information to a specific ISP account
only if the ISP leaks something, like a specific identifier (MAC?) or a cookie.
Cancel said that this clickstream data is "much more comprehensive" than data that is normally gleaned through analyzing search queries
However, it can't be tied to the user, so no target-advertising etc. can be done. (It's probably just useful for market research)
And now this one is one from the "No" department:
Of course, it's an established fact that if you surf the web, your surfing habits can be tracked by any site you happen to visit
So my bottom line: big difference between a target-marketer and a market research firm.
And the bottom line of the bottom line: is either Ars or "Cancel" on Goog's/Yahoo's/MSN's payroll?
it's not fair, is it...
I thought I had the perfect method to get a -3 (or who knows, a -5), but still I failed. I don't know what else to do, since I refuse to resort to vulgarity (that being just silly, andd probably cheating..).
One can get tired of 'excellent' karma after the first six months...
Where have you been the last 5 or 6 years? This sort of thing is well established in EULAs, and "reasonable" persons who are suppose to read their EULAs, can be "reasonably" expected to know that this sort of thing takes place. I don't think your argument will float.
If you want news from today, you have to come back tomorrow.
"You're both so clueless. Who do you think helped insert those feathers?"
It isn't just about your personal privacy. The way that society protects other people's privacy can affect your personal well-being.
The simplest example is when a group attains political dominance and is able to breach the privacy of anyone who challenges the status quo. If they can cause sufficient embarrassment or publicly humiliate anyone enough to make them unelectable, they can still appear to run open and fully democratic elections without risk of losing their grip on power.
Society as whole will stagnate and suffer under such conditions, and even if you personally have nothing to hide, chances are that you'll end up suffering too. Although you may not realize it since most people tend to accept that life is the way it is, never wondering if a better life could ever have been an option.
Since obviously it's far too late to Delete, Abort, Retry or Ignore.
But seriously, what we need is a widespread, free Tor that obfuscates what we browse from our own ISP. That's who we want real anonymity from!
Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
MY ISP knows that I download lots of porn, read slashdot and fark. well, for starters, my ISP serves me those pages. So, um, I'd hope they are involved.
...
Though in this case, if they tie names or other identifiers to the data I could see the uproar. I mean we do pay the ISP, so they shouldn't go out of our way to spread our info to others [more than it already is].
Of course this opens the door to "unlisted" ISP accounts where the ISP doesn't log your data if you pay a premium
oh shit I gave them an idea...
Someday, I'll have a real sig.
The company is Compete Inc., and the estimate was 40 cents per user per month.
We always knew Comcast was corrupt, here's the proof: http://tech.slashdot.org/comments.pl?sid=1909890&cid=34545432
Do chickens count?
Yes, but only to 4.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Before my ISP started selling my clicks, they were piling up all over my apartment. I welcome their new plan!
You may want to rethink that particular argument.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
Excellent way to obtain political & sensitive targetting data on activists.
And there is reason to complain in both cases. If the trash digger causes a disturbance, or the ISP forces the user to install software, or causes delays by redirected all requests to a proxy, then this is a problem. Just like the problem of websites that loads images from 10 different ad servers before loading any content. In all cases the service is on the border of no longer providing a net service to the end user. For example, in the case where an ISP demands that user load spyware prior to connection, and many of the Bells once did, is self serving and provides little benefit to the user.
The profit side really is not an iaaue. Neither is privacy as nothing is private on the internet. The analogy I like to use for situations like this is the grocery store affinity card. Grocery stores provide these cards to better personally track customers. Credit cards work almost as well, but the affinity card guantees that every purchase is registered to a specific person. To make people use the cards, the stores inflate prices on many products, and then allows a "discount" if the customer has a card. To make customers feel like the affinity card has some value, the grocery stores provides significant discounts on few items, items that would have simply been loss leaders in pre-affinity card times. Like all data tracking, most of the benefit is to the service provider, and only a marginal benifit is provided tot the customer. Yet customers seem to love this stores, and have no problem with the grocery store, it agents, and anyone who is sold the data, to know that he or she buys 8 pints of ben&jerry's, 3 packs of condoms, and 1 box of hemorrhoid creme per month. I, OTOH, don't want to deal with having to present my papers every time I check out, so i go to a store that will give me the best prices just because they have the ability to compete without a gimmick.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Makes you wonder why a company would want to offer free Internet service now doesn't it ? They've got to be making there money somehow.
When you sign up for Comcast and Verizon, you never click on the "I Agree". People tell me it's in the software they ask you to load. But as I never loaded that software, I can't say for sure.
This reminds me of something I've been mulling around in the back of my mind a lot lately - I think the net needs to move towards every connection being encrypted. I mean, why are we sending URLs as plaintext in the first place? The only thing my ISP should see is a target IP address and an encrypted stream. Maybe the internet powers that be should be coming up with new IP standards (eTCP?)
caching proxies? Wouldn't they skew the collected data?
The Hacker's Guide To The Kernel: Don't panic()!
It's typical to all communication providers around the globe. This is what happens when you pay for service rather than for product. Any provider can always (re)invent some bazarre kind of `service', to make you pay more for the same thing. It is just a question of wording.
P.S. Sure, they will always sell your private data to anyone with an open wallet. No matter what they pretend.
P.P.S. Any "honest" ISP may easily become dishonest after the mere change of management.
Anyone else see potential for an Abbot & Costello homage here?
"What should I do, Cancel Allowing, or Allow Cancel?"
"Who wants to read your clicks"
"Cancel"
"I didn't say to cancel the dialog, I asked who was reading these."
"I just told you, Cancel."
The captcha word is Library, which doesn't sell your clicks.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
Assuming you think this is a problem (and I'll wager most of us here do), competition can solve this. Some companies can charge more for having a privacy clause in your contract. Others can compete by offering less service but at the expense of your data. Effectively you'd subsidize your internet connection by selling metrics on yourself.
The only problem, of course, is if fraud is going on: if companies are using the data in a way inconsistent with their agreements.
Secession is the right of all sentient beings.
click..clickclick....click...click..clickclick
Fuck you, asshole.