Slashdot Mirror
ISPs Using "Deep Packet Inspection" On 100,000 Users
dstates writes "The Washington Post is reporting that some Internet Service Providers (ISP) have been using deep-packet inspection to spy on the communications of more than 100,000 US customers. Deep packet inspection allows the ISP to read the content of communications including every Web page visited, every e-mail sent and every search entered, in short every click and keystroke that comes down the line. The companies involved assert that customers' privacy is protected because no personally identifying details are released, but they make money from advertisers who use the information to target their online pitches. Deep packet inspection is a significant expansion over tools like cookies in the ability to track a user. Critics liken it to a phone company listening in on conversations."
DNSSec and opportunistic IPSec should put an end to the snooping and throttling once and for all.
Thats it, I say webservers move to SSL only transactions. All other plaintext transmissions should get encrypted at the endpoints transparently. Then when the government whines about not being able to find the terrorists they can blame datamining companies that paid for their election campaign. Then they can make a law that forces a back-door, which would create a need for some nifty-ass steganography which would lead to massively excessive processor and network overhead (encryption and steganography respectively) for the most basic of transactions which would lead to NSA funded algorythms to find these hidden messages which would. . .holy shit it's almost 10AM, I need to hit the sack.
If you are about to mod me down, keep in mind that this post was most likely sarcastic.
Let's start turning over rocks in the private lives of telcom CEO's and see what scurries out. I'm sure they won't mind, it's in the interests of an open society and free debate, don'cha know.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
Never mind that it's evil, or that it's a great step to losing their common-carrier status.
Never mind that it's a true violation of privacy.
Never mind that I block cookies pretty well and I run with NoScript most of the time and I don't see very many ads, and besides, half of the time I'm inside my employer's VPN.
But even more than that, I have seven other users in my household, half of them teenagers. If they want to sniff all of my NAT-ed packets coming out, they're going to discover that I'm a geek who has four Facebook sites, likes art and hates it, plays Runescape incessantly (the 10-year-old), likes the Wiggles, and works as a beauty consultant. So go ahead and hand me the ad for the latest XBox game (I hate games). Offer my kids server hardware, and see if you can get my wife to click on fun games to play with the Backyardigans. Oh, wait, you already do. It's called "not targeting advertising", and it's free.
So what we have is a thoroughly broken high-cost borderline-illegal absolutely-unethical service offered to advertisers in a difficult economic period. By people who we all hate a lot, and who will rapidly become targets for everything from blocking to legislative action to you name it.
I knew there would be some kind of career move for spam kings in the future. I just thought it would pay better.
I predict a less than stellar outcome for these idiots, and they deserve every painful moment.
The difference is that in the first case, the data passes through a dumb machine that compresses, caches, etc. The result is cached like it is expected (RFC 2616 is pretty clear about that), even though it is done transparently. No need to keep logs about who downloaded what.
In this case, the data is explicitly mined, by a company interested in building a profile of each user. It doesn't say it is limited to web traffic only, only that "Nor does NebuAd record a user's visits to pornography or gaming sites or a user's interests in sensitive subjects -- such as bankruptcy or a medical condition such as AIDS.", which I doubt both on technical grounds and because it is a market and someone will want to take advantage and "The company said it processes but does not look into packets of information that include e-mail or pictures." which I think is in contradiction with other parts of the article and even if they didn't, it's a matter of time before they do.
Basically, it's the intent that counts. The ISP can intercept everything they want because they're in the middle. When they start doing so for reasons that are not part of maintaining the communications as specified (like forwarding, maybe firewalling and proxying depending on the conditions), alarms should go off.
GPG 0x1B479C78
If you do this in the EU. Packet pauyloads are off-limits without court order. You may not even store them.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
7. Go directly to Federal-pound-me-in-the-ass-prison for postal fraud. Do not pass go, do not collect $200.
Seriously, if the USPS, UPS or Fedex started doing this can you imagine the outrage? Yet somehow it's ok to do it with electronic communications? WTF?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
its called tor.
Fedex and UPS open your packages to look at what you are shipping so they can sell that data to advertisers?
rather they're searching through it looking for things that look suspiciousDid you even bother to RTFA? Wait, dumb question around here. This has nothing to do with looking for 'suspicious activity'. The ISPs in question are allowing third-party companies to build profiles of their users by spying on their traffic in order to do targeted advertising.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.