Slashdot Mirror

← Back to Stories (view on slashdot.org)

ISP Embarq Monitors User Traffic

Posted by Soulskill on from the you-can-trust-us dept.

Deli Korkmaz writes "The Washington Post reports that Sprint-Nextel spin-off Embarq, currently the US's fourth largest DSL provider, monitored Internet activity on some 26,000 customers in Kansas using deep-packet inspection technology NebuAd in order to deliver targeted advertising to users' desktops. CNet provides coverage as well. The House of Representatives Committee on Energy and Commerce is investigating whether any privacy laws were broken. Users were informed of this test and invited to opt out only via Embarq's online Privacy Policy; a mere 15 subscribers did so."

15 of 106 comments (clear)

  1. was it limited to inspection? by v1 · · Score: 4, Insightful

    was this deep packet "inspection", or did they actually alter traffic? Like modifying web pages to insert ads, or change IP addresses of banners?

    Or something more hands-off like monitoring customer browsing and using it to deliver better targeted ads when the customer browsed their own web pages?

    --
    I work for the Department of Redundancy Department.
    1. Re:was it limited to inspection? by Anonymous Coward · · Score: 2, Insightful

      From wikipedia, a quote allegedly from NebuAd's privacy policy:

      The information we collect is stored and processed on NebuAd's servers in the United States. As a result, that information may be subject to access requests by governments, courts or law enforcement

      So, the gov't doesn't need to do wiretapping without permission... NebuAd does it for them, with my ISP's permission. All that's needed is a subpoena.

      NICE!

  2. Only 15 people opted out... by Ron_Fitzgerald · · Score: 5, Insightful

    ...because the opt out was buried in a 5000 word privacy policy. If anything, this story should lead the house to realize that merely posting a privacy policy on your website doesn't mean the customers are bound by it especially in terms of rights, privacy and willingness to be subjected to monitoring merely for advertising sake.

    --
    ~ Ron Fitzgerald
    1. Re:Only 15 people opted out... by DigitAl56K · · Score: 5, Insightful

      Opt-out?

      How is this not wiretapping? You're intercepting and monitoring the exchange of information between two entities, possibly even "bugging" at least one of them if you're also introducing cookies or similar devices.

      Can the phone company introduce something into their privacy policy that all communications may be tapped without the request of law enforcement and have that be legally sound because I didn't "opt-out"?

      Furthermore, even if the subscriber had the opportunity to opt-out, did the second entity? No they didn't. Therefore the privacy of at least one party has been unquestionably violated.

      Opt-out... WTF?

    2. Re:Only 15 people opted out... by YrWrstNtmr · · Score: 4, Insightful

      5,000 words is going to be 9-10 pages.

      Or a really, really, really long scroll in a narrow, non resizeable window.

  3. Sigh - I hate to suggest this... by GuyverDH · · Score: 4, Insightful

    I think that very simply worded new legislation is required...

    "Opt Out" is the new default for any new program, feature, change of any kind for any kind of product or service provider.

    Any new programs or offerings will default the individuals to opt-out status, and require the user to notify the provider (without being hampered by phone calls, e-mails, etc) to opt-in.

    Any company failing to comply with this policy shall have all of their assets liquidated and deposited into the bank account of the person(s) they elected to opt-in by default.

    --
    Who is general failure, and why is he reading my hard drive?
  4. The majority of middle America is unaware by lambosv21 · · Score: 1, Insightful

    thats the brutal and unfortunate truth. Its not to say that everyone is unaware in areas where there is less exposure to different types of people, which you gain in major cities. For the most part, in large numbers, people will remain ingnorant and complacent until there is some form or ability to organize and invoke change.

    1. Re:The majority of middle America is unaware by Shaitan+Apistos · · Score: 2, Insightful

      thats the brutal and unfortunate truth. Its not to say that everyone is unaware in areas where there is less exposure to different types of people, which you gain in major cities. For the most part, in large numbers, people will remain ingnorant and complacent until there is some form or ability to organize and invoke change.

      I'm going to start randomly pasting this into comments on new stories, it's generic enough to work with almost every story and will probably soak up the insightful mod points.

    2. Re:The majority of middle America is unaware by gujo-odori · · Score: 5, Insightful

      I might go along with the Insightful were it not for the gratuitous (and most likely inaccurate) use of "middle America." There are a number of things wrong with this:

      1) I can think of a lot of places in world (having lived there) where people are at least as technologically clueless as the average American. There is nothing special about Americans - either positive or negative - in that regard;

      2) If you meant "middle" as in "middle class" you missed. The most technologically clueful income strata in America is most likely the middle class. One of the things that keeps the poor in poverty is lack of clue combined with means to acquire it; rich people, on the other hand, have middle class people who are paid to do all that stuff for them, and thus don't acquire clue about computers unless they are very interested in them or were once middle class;

      3) If you meant "middle" as in "geographic center" it is still likely that you missed. Even in the Silicon Valley area, where I live, computer cluefulness remains largely the province or those who are in the industry or who are computer enthusiasts on their own. Everyone else is as clueless as they are everywhere else. Those who aren't clueless are, again, mostly in the middle class.

      If you'd written that the majority of people (everywhere) are unaware, I might have spent one of my remaining mod points to mod you up. As it is, I was tempted to use to mod you troll, but decided to take the time to explain why I consider your post a troll instead.

  5. Re:Why aren't we encrypting everything already? by Cathoderoytube · · Score: 2, Insightful

    Not sure if that'll work. Some internet companies apparently block all encrypted traffic. I'm thinking of Rogers Cable as my example (feel free to correct me though). I mean really it's their own business if they want to shaft their customers. Unfortunately most people either don't care that this sort of stuff is going on, or don't know of any other ISPs they can go to as alternatives.

    --
    I have nothing compelling to say
  6. Disclosure laws... by LostCluster · · Score: 4, Insightful

    We had this problem with the credit card industry before. People were signing up and had no clue what they were agreeing to because the most important terms weren't properly exposed. Then we got a law that made the current interest rate and the formula by which it is computer and how it may be changed in regulated-size type.

    Time for a format for privacy policies to match that...

  7. Re:Why aren't we encrypting everything already? by YrWrstNtmr · · Score: 2, Insightful

    If we can get web servers to support TLS (for multi-domain encryption on a single IP vs. SSL), and create a non-identity framework for encryption, we should just start encrypting everything end to end. ISPs are asking for it with these behaviors.

    You just lost 99.9% of the intarweb using population.

  8. Re:Why aren't we encrypting everything already? by maxume · · Score: 4, Insightful

    Just add a privacy light to browsers. "When that thing is on, your communications are between you and whoever you are communicating with, when it isn't on, anybody can see them". Then compare it to a postcard and a letter in an envelope.

    --
    Nerd rage is the funniest rage.
  9. Sell your own private data? Sure, why not! by Alwin+Henseler · · Score: 5, Insightful

    Whenever you have to search long and hard to find new 'features', this can only mean one of several things:

    • It's not really a feature that people want (because if it were, it would be announced loud & clear)
    • It's just ammo for lawyers to shoot with, or
    • They don't want you to see it (eg. what they're doing might be illegal)

    Even more on-topic are these quotes from the Wiki article (provided by spinkham above):

    According to Nebuad's sales pitch less than 1% of users opt-out. One ISP expects to earn at least $2.50 per month for each user (..) Generally, NebuAd provides an additional income stream to network operators, which may maintain or lower consumers' internet access bills.

    As we've all known for a long time, ordinary people's surfing habits are worth money. What when you'd ask people up front: "Do you want your surfing habits to remain private, or give up this privacy in exchange for a discount?"

    I'm afraid the vast majority of people would go for the discount. The anything-connected-to-everything world of today has gotten us so used to data breaches and 'unknown parties' snooping through our private info, that we just don't seem to care anymore. Which seems strange: the less (privacy) you have left, wouldn't you value those last remains more than you used to?

  10. long past time for encryption by default by aachrisg · · Score: 2, Insightful

    So, in this day and age, why the *&^#@!&* isn't all traffic encrypted between my browser and the destination server? We're long past the days where there should be anything but https: in front of urls. Are the big guys not really able to handle the encryption overhead?