Slashdot Mirror

← Back to Stories (view on slashdot.org)

Which ISPs Are Spying On You?

Posted by kdawson on from the what-do-they-keep-and-how-long-do-they-keep-it dept.

firesquirt sends us an article from Wired about a survey they conducted to determine major ISPs' data retention and other privacy practices. Over a period of two months, four national ISPs would not give Wired the time of day; and another four answered some of their questions in a fashion not altogether reassuring.

35 of 160 comments (clear)

  1. All of them by Anonymous Coward · · Score: 2, Informative

    All of them (in the US) are spying on you, thanks to government data-retention requirements. Y'know, in case a turrist or pedophile happens to use the intarwebs.

    1. Re:All of them by froggero1 · · Score: 5, Insightful

      All of them (in the world) have the potential to spy on you. But in the US, thanks to government privacy lobbyists, we get the privilidge of full disclosure and an open forum to debate what privacy we'd like to see from a government.

      --
      ~/.sig: No such file or directory
    2. Re:All of them by crazy+al's · · Score: 5, Informative

      All of the United States' ISPs are MANDATED to have the ability to spy on you, at a moment's notice, and send the full stream they request off to FBI or whoever's data warehouse. and they (the ISP) must comply and must not tell you if they are doing so, courtesy of CALEA. Penalties start at $10,000 per day. Obligatory bow of the head: I, for one, welcome our new overlords.

      --
      Crazy Al's House of Intertubes - where we make up in volume what we lose per bit...
    3. Re:All of them by logiclust · · Score: 2, Informative

      HA

      that was funny.

  2. in EU this is mandated by the government... by Anonymous Coward · · Score: 4, Informative

    Actually, in the European Union, such spying practices are _mandatory_.

  3. Noisy clickstream by mstrcat · · Score: 5, Insightful

    Here's an idea: Develop a web browser extention that does a random web crawl. I don't mind letting my ISP sell marketeers, give to the government, keep on file, ect a clickstream that is 99% chaff and 1% my actuall surfing. Yes, I realize that if someone puts in enough effort and analysis, they could probably sift out the false signal, but it's that very effort that makes it cost prohibitive to do it across a broad scale. And of course there is always the defense: I didn't visit that web site, my computer constantly does a random walk of the internet. And to help keep the ISPs in line, it ups the volume of records they have to keep by 500 fold.
            As for the other things such as IM's, emails, torrents, ect I can encrypt those should I feel the need. Yes, I could start using TOR, but it's slow and watching a web crawler do a random walk can be entertainment all by itself.

    1. Re:Noisy clickstream by mh1997 · · Score: 5, Funny

      Here's an idea: Develop a web browser extention that does a random web crawl
      It would be my luck that my browser would hit every child porn site on the web.
    2. Re:Noisy clickstream by Anonymous Coward · · Score: 5, Informative

      Already done (see here)

      Also see Bruce Schneier's opinion on the matter.

      In short, it isn't a good idea.

    3. Re:Noisy clickstream by chrono13 · · Score: 2, Informative

      TrackMeNot isn't designed to hide your searches from your ISP. It is designed to muddy the profiling Yahoo, MSN and Google are performing. Recent versions of it seem to perform that job fantastically and address most of Bruce's concerns (word list, timing, etc). So while it would hinder, to a degree, it is the fact that it really does not erase or otherwise really hide my legitimate searches from my ISP or work proxy, that I do not use it. But most of Bruce's concerns are no longer valid.

      --
      You have been eaten by a Hurd of GNU.
    4. Re:Noisy clickstream by Lehk228 · · Score: 5, Funny

      then don't have the bot start from your bookmarks folder.

      --
      Snowden and Manning are heroes.
  4. ISP's fearful of RIAA/MPAA? by planckscale · · Score: 4, Insightful
    So ultimately the ISP's are afraid they'll be fined or shut down due to the negligence of the users and/or refusing to submit evidence? I just don't understand how a user's nefarious actions could be blamed on the ISP...

    I would think all they need to do is show they warned their users they are 1. being watched 2. downloading illegal data. Actually providing the authorities with a history of the data is not their job and should only be the acquired by the authorities with their own equipment and only under a court order.

    At the least the ISP's should give their users the ability to opt-out of their "data retention" programs.

    --
    Namaste
  5. Rogers Slogan is "Don't be not evil." by CheeseburgerBrown · · Score: 3, Informative

    My Canadian ISP, Rogers, is not on the list but if I were to hazard a guess I'd reckon they'd sell my tracks six ways from Sunday as soon as sneeze.

    These are, after all, the goons who think just about any kind of encrypted traffic coming out of your box is a terrorist threat to the movie industry -- even if it's just a VPN connection.

    Does anyone know what Rogers retention policies actually are?

    --
    These stories are free but worth money.
  6. Re:That's easy by ObsessiveMathsFreak · · Score: 2, Insightful

    ....the US, Great Britain, Australia, Ireland, etc, etc...

    The net is being reined in by those who don't like it. There's little anyone who cares can do to stop it.

    --
    May the Maths Be with you!
  7. Re:That's easy by SeaFox · · Score: 4, Insightful

    Even easier if you live in the US...it's your own government.

    Somewhere, there are lobbyists laughing at this comment.
  8. Sure... We spy..... by bagboy · · Score: 3, Funny

    because as a Sr. Network Eng for an ISP with thousands of users I have oh so much time to devote to tracking down every website you visit. Please, even if packet sniffing and tcpdumps are used, most ISPs can't afford manpower for intensive tracking... Maybe the big ones, but medium to small...

  9. That's true... by Atario · · Score: 4, Insightful

    As far as you know.

    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
    1. Re:That's true... by turnip+torrent · · Score: 4, Interesting

      Should we be more worried of ISPs spying on what we do... Or should the ISPs be worried about us spying on what they do?

    2. Re:That's true... by OriginalArlen · · Score: 2, Insightful

      None of the ISPs (or NSPs) are spying on you; they merely provide the lawful intercept functionality are required by CALEA, PATRIOT, and other legislation. It's the CIA/ TIA / NSA that do the actual spying.

      --

      Everything I needed to know about life, I learnt from Blake's Seven
  10. IRC logs by Tribbin · · Score: 2, Interesting

    Slightly offtopic, but ...

    I seldom spend time on IRC.

    Two weeks ago I was on #debian.

    I asked the people if the conversations get logged.

    Nobody present could tell me.

    Is there a place when you can look up such things?

    --
    If you mod this up, your slashdot background will turn into a beautiful sunset!
    1. Re:IRC logs by SpaceLifeForm · · Score: 2, Funny
      You might check here.

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
    2. Re:IRC logs by ShaunC · · Score: 2, Informative

      Anyone in any channel could be logging (and publishing) the conversation, even if not "officially." Much like Slashdot, don't say anything in IRC that you'd hate to have someone find via Google.

      --
      Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  11. AOL by Shadow+Wrought · · Score: 4, Funny

    Even though I never had an account with them, for the longest time they always seemed to know where I lived because they kept sending me CDs. Spooky.

    --
    If brevity is the soul of wit, then how does one explain Twitter?
  12. Think about that... by Ungrounded+Lightning · · Score: 4, Insightful

    Its time to encrypt EVERYTHING. ( at least until the government bans it )
    Sure they know where you went, but not what you viewed or 'said' while there.

    Back when I was operating a mailing list on a controversial topic on my home machine, I had a couple rules:
      - No postings soliciting or admitting to breaking laws.
      - No encrypted traffic (not just on the list: All traffic (except passwords) to-from the machine was in the clear).

    The thinking was like this:

      - Police, other government investigative agencies, and various unofficial snoops have a long track record of ignoring laws against various kinds of eavesdropping. So you have to assume that the line might be tapped.

      - If the police became interested they could always get a warrant and tap the line. (Or illegally tap the line without a warrant to see what's going on, then (if it looked interesting) get a warrant to tap it legally.)

      - If the data was encrypted they could STILL get it - by getting a warrant and seizing the computer (and everything else of interest in the house).

      - If the data was UNencrypted they would want to keep a low profile to avoid scaring off any "bad guys", would eventually see that there was nothing to go after, and thus would probably switch to hunting real bad guys elsewhere and go away WITHOUT breaking in and trashing stuff.

    "Encrypt everything" seems like a nice solution. But if only a few are doing it, just the fact that their traffic is encrypted makes them targets. It's easy to trump up enough stuff to get a warrant and go after the machine.

    Once a LOT of people are all swapping lots of encrypted traffic (as the default way of "sealing" the "envelope" on the datagrams) the fact of encryption will stop making the users targets. (The police can still get a warrant and grab the machines. But with so many potential machines to grab they'll have to find some other way to pick the ones to hit - like by bothering to dig up real "probable cause" from other evidence, like they're supposed to.)

    Fortunately we don't need to construct a "shelling point" for this: The internet is gradually moving toward pervasive encryption, as the legitimate need to encrypt for personal and corporate security becomes broadly understood. Once that becomes the norm our electronic "papers" will be about as secure as our physical ones. We're starting to get there. But IMHO we're not there yet.

    Unfortunately we WON'T be fully safe using encryption until the typical machine configurations are such that, if the machines are seized, it will be impossible to recover incriminating data from them - even with passwords browbeaten out of their owners. Until that time it will still be useful to bypass encryption by raiding one of the machines at the endpoints.

    = = = =

    Re the list and "no encrypted traffic": When one of the regulate-the-internet laws was about to make it too much hassle to continue, we closed down the list (after finding volunteers to run its successor and - since the participants hadn't agreed to have their info forwarded - announcing the successor on the original list and giving people time to sign up.

    Now I regularly use SSH to telecommute or to access the primary house machine from the vacation house. But that's still low-profile: It's clear from the IP addresses that the SSH connections are going to the company, coming from it, or coming from a single external dialup machine via a particular service provider.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  13. sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf by digitalderbs · · Score: 4, Insightful

    fdD87d

    64F5F6sAS4Dd46KJfUYd0NsafH54UJ6Y35U135KdYUsU1Jf35W Q544ASdf455saSA1dfF3AS5D5WQsEa5dr413L50fSAdDsA3QW5 DsfDfdALJd99AD09asdfK9J00aUIOsdfOU9I0dIaOU46IOsCVd Xf61S DF325eLJw5LKljLk3kjl18dfaw3F3DSADFsdfYDOewrs313aSS dfADuy5SA135D1H155yipHoiSDAjnkml51151LHHkmfSASd217

    JD3hFdJf8o

    SD45uio5K2o

    1. Re:sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf by Frogbert · · Score: 3, Funny

      HOW is this insightful? wtf?
      kkskdmJJvnjAJnfnUwevPKaslaALmQMmkvkKMDMtnkemMmkSKm EMmskkdlOPIBnNWNu87wjjdGHW
  14. Re:ISP's fearful of RIAA/MPAA? by element-o.p. · · Score: 2, Interesting

    There's a little more to it than that.

    Most ISPs assign dynamic IP addresses to the majority of their customers. Where I used to work, we used RADIUS to provide dynamic IP addressing to our customers, and we would keep logs that would let us determine which customer had any given IP address on any given day and time. This data was used to help troubleshoot customer login problems, resolve billing disputes with customers, suspend and/or warn customers who had violated our terms and conditions of use, and yes, to fulfill subpoena requests.

    However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did.

    --
    MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
  15. Re:VPN ISPs? by cswiger · · Score: 3, Informative

    Um, the point of a VPN is to set up a secure tunnel to get to your destination network with the traffic encrypted en route, so it doesn't matter whether your ISP is snooping on your traffic or not. Now, if you wanted to host your destination server or network somewhere like Canada or someplace with less intrusive government monitoring, that might well be a good thought.

    The problem is that the US via CALEA is requiring things like Cisco routers used to terminate many VPN connections be wiretap-friendly, so using a VPN tunnel might not be as safe as it was before that law came about. Cisco has a page about this, but it doesn't actually give you much specific info:

    http://www.cisco.com/wwl/regaffairs/lawful_interce pt/

    --
    "The human race's favorite method for being in control of the facts is to ignore them." -Celia Green
  16. Re:Time to encrypt by Eli+Gottlieb · · Score: 2, Insightful

    It would certainly help if many websites (including Slashdot) didn't refuse logins or postings from users running Tor.

  17. Time of Day by Anonymous Coward · · Score: 2, Funny

    four national ISPs would not give Wired the time of day
    What, they blocked port 123?

  18. Re:All of them, DUH - NO. Some do the right thing by enselsharon · · Score: 5, Interesting
    Although not an ISP per se, my offsite backup provider publishes a warrant canary:

    http://www.rsync.net/resources/notices/canary.txt

    In addition to a stated policy of "No data or meta-data concerning the behavior of our customers or filesystem contents will ever be divulged to any law enforcement agency without order served directly by a US court having jurisdiction. All such orders will be reported to our entire customer base."

    You should read their philosophy page.

  19. Re:All of them, DUH - NO. Some do the right thing by RDaneel2 · · Score: 4, Informative

    "... All such orders will be reported to our entire customer base."

    Ummm... dream on about this part (at least), as "Patriot Act"-backed demands (with or without a warrant) can forbid the disclosure of said demand.

    And while an especially conscientious service provider might insist on dotting i's and crossing t's, it is doubtful any of their personnel (or bosses) will be willing to be jailed as a "terrorist". :(

  20. Re:ISP's fearful of RIAA/MPAA? by number11 · · Score: 3, Insightful

    However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did

    I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.

  21. Take the SPY out of ISP-y by talledega500 · · Score: 2, Informative

    We all saw this coming.
    I prefer to do something about it.

    http://www.mysecureisp.com/

    http://www.blackboxsearch.com/

  22. 010000100110100101101110011000010111001001111001 by Barkmullz · · Score: 3, Funny

    01000011011011110110110101101101011101010110111001 10100101100011011000010111010001100101001000000110 10010110111000100000011000100110100101101110011000 01011100100111100100101110001000000101010001101000 01100101011110010010000001110111011010010110110001 10110000100000011000100110010100100000011101010110 11100110000101100010011011000110010100100000011101 00011011110010000001100100011010010111001101110100 01101001011011100110011101110101011010010111001101 10100000100000011110010110111101110101011100100010 00000110110101100101011100110111001101100001011001 11011001010010000001100110011100100110111101101101 00100000011000010110110001101100001000000111010001 10100001100101001000000110111101110100011010000110 01010111001000100000001100010010011101110011001000 00011000010110111001100100001000000011000000100111 01110011001011100010000000100000010000110110110001 10010101110110011001010111001000101100001000000111 01010110100000111111

    --
    Ronald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
  23. Re:you should read more closely ... the canary ... by Eivind · · Score: 4, Interesting

    Sort of. But it's an interesting idea. The law *does* prevent them from stating that they've been raided, in certain situations anyway.

    But does the same law have the power to force them to continue publishing signed lies ? That's what they'd be doing if they continued to claim that they have never been raided after they where indeed raided.

    I don't know enough US-law to know the answer, but atleast it's not obvious that it wouldn't work.