Slashdot Mirror

← Back to Stories (view on slashdot.org)

Charter Is Latest ISP To Plan Wiretapping Via DPI

Posted by kdawson on from the bad-phorm dept.

Charter Communications has begun sending letters to its customers informing them that, in the name of an "enhanced user experience," it will begin spying on their traffic and inserting targeted ads. This sounds almost indistinguishable from what Phorm proposed doing in the UK. Lauren Weinstein issues a call to arms.

14 of 309 comments (clear)

  1. Re:Scummy ISPs by coats · · Score: 5, Interesting

    Does that mean that the ISP will be altering the copyrighted material sent by the websites?
    Damned right it does. There are no ads on my web pages, for example http://www.baronams.com/products/ioapi/

    Can someone tell me whether Charter is inserting any ads? If they are, I want to complain to the Attorney General and to my CongressCritters about felony copyright infringement.

    --
    "My opinions are my own, and I've got *lots* of them!"
  2. Re:Scummy ISPs by BSAtHome · · Score: 4, Interesting

    This might actually fly. If some content owner starts a case, they could very well make a case for an "unauthorized derivative" under the copyright rules. Then ISPs or transits must take a license for all material they modify. I for one would not allow third parties to modify my HTML.

  3. Now or Never by hyades1 · · Score: 5, Interesting

    Some things call for the proverbial nuclear response: boycotts, lawsuits, all-out opposition. This is one of them. Once one of these corporations gets away with this, it's game over for those of us who want a corner of our lives that doesn't have some lying prick forcing his way into it to sell us something, spin the information we get and otherwise screw with our reality in a way that works to somebody else's advantage at our expense.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  4. Re:Scummy ISPs by gstoddart · · Score: 4, Interesting

    Does that mean that the ISP will be altering the copyrighted material sent by the websites? Surely this would create an unauthorised derivative work?

    I should hope at some point, that very theory will get tested in court.

    Agree completely that for an ISP to change to contents of a page I request from a 3rd party is just plain wrong. What next, redirecting you from URLs critical of them onto URLs which sing their praises? Preventing you from reading about the services of competitors?

    Modifying the requested data is way too invasive, but it seems to be consistent with the whole strategy of "monetizing what your customers do". What you want is irrelevant, you're just a revenue stream.

    As has been said so often, I hope things like this cause the networks to lose anything resembling common carrier status -- right now, they're just a network, so whatever you send it up to you.

    Cheers
    --
    Lost at C:>. Found at C.
  5. Two things... by stewbacca · · Score: 3, Interesting
    First, much like ANY transaction in any medium, the article claims your name and address is required. Why are we willing to give our name and address out for nearly any transaction, yet as soon as an online transaction calls for it, we freak out? I'm pretty sure when you signed up for Charter service, you probably gave them your name, address, phone number, checking account number, debit card, etc. etc. You probably gave them a deposit and they probably looked up your credit using, gasp, your social security number.

    Second, how is this any different than Google? They track my online activity then target me with ads that I might find interesting. Am I even given the option to opt out of Google ads? (serious questions, not flame-baiting)

  6. Re:Call to arms? by gstoddart · · Score: 5, Interesting

    So if I blog something, and title it a 'call to arms', am I suddenly relevant too?
    No, you first have to include incendiary slashdot summaries like Company X to SPY on YOU!

    OK, let's cut out the middle man here, and go straight to what Charter is saying:

    How does this service actually work?
    It uses completely anonymous information and, based on your surfing and search activity on the Internet, it infers your interests in certain product or service categories, such as automobiles/sports cars, fashion/handbags, or travel/Europe, and so forth.

    Translated ... we're going to inspect the contents of your packets, and infer what you are looking at. Then we will use that information to increase our revenue by supposedly giving you more relevant ads.

    So, tell me, how exactly is reading my packets that much different from "spying" on me? I expect my phone carrier to not listen to my calls to decide what inserts they should put into my next bill, because telcos are supposed to have an arms length relationship with your data.

    This is not nearly as inflammatory and knee-jerk as you make it out to be. They actually are reading what you do.

    And, for the record, it can't be "completely anonymous" if they know to put it into my web-page. They may claim that they can't tie it to you, but, if they know to give you an ad for Depends Undergarments, at some point, they decided that you needed to receive that targeted ad.

    Cheers
    --
    Lost at C:>. Found at C.
  7. Re:Scummy ISPs by mikael · · Score: 4, Interesting

    The following web site contains some scripts which do self-analysis/ checksum calculations to determinwe whether they have been interfered unlawfully with:

    Corruption detection scripts

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  8. Three answers... by argent · · Score: 3, Interesting

    (1) I don't enter that kind of data over an unencrypted link.
    (2a) Google tracks my online activity when I'm not using Google's servers?
    (2b) Charter pays the site that's getting their "deep inspection" ads inserted?

  9. SSL and HTTPS by BlueParrot · · Score: 3, Interesting

    Time to start using it... Even if you just sign your own certificates, thus making the whole thing completely vulnerable to man in the middle attacks, these ISPs would be guilty of rather serious violations of cybercrime laws if they started sending your clients fake SSL certificates. I.e, if you just want to prevent the ISP from doing this you don't even need a secure session, you just need one they can't interfere with without incriminating themselves.

  10. Re:Scummy ISPs by dgatwood · · Score: 4, Interesting

    Actually, no it doesn't. Not without permission. From what I recall reading about this a couple of weeks ago in a very similar discussion (subtle way of saying "I think this story is a dupe"), if I understand what is being done correctly, there are two parts to this:

    • Deep packet inspection---stores keywords based on sites you visit.
    • Ad replacement---replaces existing advertisements on a page.

    There's a specific ad provider that is involved with this, and that ad provider agrees to allow the local ISP to replace its ads with more targeted ads in exchange for a portion of the resulting ad revenue. The ad replacement, therefore, is authorized by the ad provider, who in turn is authorized by prior agreement with the website publisher.

    The dirty part is the deep packet inspection, not the modification of the data stream. Attacking the latter to try to stop the former is likely to get you nowhere.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  11. Re:You can opt out... by Knara · · Score: 4, Interesting

    One wonders how easy it would be to make an FF plugin to just replicate the cookie content.

  12. Re:Scummy ISPs by marnues · · Score: 5, Interesting

    I currently work for a cable company that is setting up this same kind of system. The only people that know what ads are being replaced are the people controlling the ad server, which is not the ISP. We (the ISP) are being paid to set up a black box that we will route ALL port 80 traffic through. Unless you opt out, which I'm not even sure will work properly. So the ad people can be doing all kinds of things with that data. Granted, they can't link the IP Address to a customer since they have no access to our provisioning server (and I'm pretty certain every last one of us Systems Engineers would quit before allowing that to happen). But they can be doing whatever they want with that traffic and we are none the wiser. Its such a black box, the ad company does all the monitoring on the black box. We are apparently the only company that even requested that we be allowed to monitor up/down and traffic status. The real problem is that we are setting up this extra router (it is another layer 3 hop) that also acts as a server and will delay any port 80 traffic. And we're pretty much allowing them full access to do as they will with the hostage packets. We're not checking. And if someone isn't happy with what their site looks like, we'll probably just route that one around the server, still pushing everything else through. I hope Google employees are checking their AdSense images to make sure that ads are actually from Google and that they are paying Google. As shady as this whole thing is, I expect that we will have legit ads removed, but leave the 'src' of the 'img' tag.

  13. Re:Scummy ISPs by arminw · · Score: 3, Interesting

    ....Can someone tell me whether Charter is inserting any ads?....

    If an ISP or a phone company monitors the content of a transmission, don't they become responsible for the content? Does that mean they are no longer enjoy protection from lawsuits as carriers of information have had all these years? If someone plans a crime using the phone, the phone company is not held responsible, since they don't monitor the conversation. They only provide the channel.

    If an ISP DOES monitor the information, they are doing more than providing merely a channel and could theoretically be held responsible for all content that traverses their lines. If that actually happened, ISPs would quickly back off from such hare-brained content inspection and modification schemes. Maybe some rich person can hire an army of lawyers to sue an ISP for allowing forbidden porn traverse their network. Maybe, even a state attorney can try to make a name for himself.

    --
    All theory is gray
  14. Opt-out? by SanityInAnarchy · · Score: 3, Interesting

    JUST SAY NO to isp's that do this shit to you and don't give you at least an opt-out from it. "Just saying no" may not be enough. This is a bit like the pharmaceutical industry -- nothing is stopping you from selling whatever herbal remedies you like, but at the very least, you have to include an FDA warning that it's not really medicine.

    Oh, and they do offer an "opt-out" -- in the form of a website that you have to visit in the clear (no https), and fill in your information, resulting in... a cookie.

    Which means that you now have to make sure to opt-out in every browser you ever use, including wget and lynx. Anything which doesn't support cookies is fucked. In particular, not everyone uses XML for AJAX -- some people use XHTML for their web services. And not all web service clients are browsers that you can stick cookies in.

    And, for that matter, how are they checking the cookie? Only way I can think of would be to insert some sort of hidden iframe on every page, linking to their domain, which can then check the cookie. Therefore, even if the cookie is present in every appropriate HTTP request, they're still having to fuck with most of the internet to even be able to check that cookie.

    So, to summarize: They offer "opt-out", but not really. And support net neutrality legislation.
    --
    Don't thank God, thank a doctor!