Slashdot Mirror
Deep Packet Inspection Set To Return
siliconbits passes along this quote from a Wall Street Journal report:
"'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."
More like the identity theft market....
How would I get those news stories that I'm so interested in? I'm not going to their website.
Maybe they'd like to clog up my inbox! Sure, what the hell. I always felt that having midget tranny anal fisting and nasty naked cilice-wrapped nuns were too hard to find. I'd love having that delivered right to me.
This is why everything should be end-to-end encrypted... either at the application layer or at the transport layer (or both!)
Deep Packet Inspection Set To Return
I didn't know Deep Packet Inspection ever went away. Did I miss something?
I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
Thanks for giving me your word, and only reading other parts of my surfing habits!
Beware: In C++, your friends can see your privates!
And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.
Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.
I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.
I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.
Err, didn't they try this before and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...
Just like the "national do not call list" we need a "National do not advertise list" .
As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.
At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ typically aren't kicked over to https://foo.whatever./
However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.
Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.
Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.
...a good reason to encrypt everything by default.
Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.
If Slashdot were chemistry it would look like this:Cadaverine
The real problem with this kind of technology is that it works often enough to make it worth for them. I for one blame, first and foremost, the people who buy from this kind of advertisement (including spam).
morcego
Just let it come, and let it come fast so that encryption becomes mainstream and make them shoot themselves in their foot.
As soon as encryption becomes mainstream it will be much harder for anyone to try to track emails, torrents, IMs, etc.
Say goodbye to many privacy concerns.
The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.
Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".
Global warming and other natural disasters are a direct effect of the shrinking number of pirates - Gospel of the FSM
"protect people's privacy with steps that include obtaining their consent" That sounds more like protecting the ISP then anyones privacy...
Eating the brains of your enemies does not make you smarter. But it's still fun.
I read the headline and assumed this would be another story about the TSA's screening procedures...
This sig is umop apisdn.
Beleaguered Internet advertising phirm Phorm is hitting back at critics with StopPhoulPlay.com, in an attempt to lure Internet activists into herniating from laughter.
"It is clear that the campaign against Phorm originates in the sinister manipulations of Alex Hanff and Marcus Williamson," said Kent Ertegun, CEO of Phorm, "who have used mind control lasers and the killer robot armies of the Open Rights Group and FIPR to deceive millions of Britons into a Communistic fervor of hatred against the engines of the free market and customer demand, the salesmen and marketers, the true creators and enablers of objective value."
The website, designed in Microsoft Word, uses the infallible public relations format so successfully put into play by the ReligiousFreedomWatch.org site of the Church of Scientology, an upstanding community institution of similarly flawless repute. StopPhoulPlay.com reveals how:
"Given the persistence with which they propagate incorrect information, we cannot rule out the possibility that a competitor is involved," he said. "The competitor goes under the name 'reality.' Needless to say, we have no tolerance for an entity of such limited possibilities.
"These people are privacy pirates — people who steal privacy online, off the coast of Somalia. With Internet guns! And drugs! And child pornography!"
Mr Hanff and Mr Williamson said they were unsure whether to sue Phorm into atomic dust for gross defamation or just to let them continue with their infallible public relations work. Phorm shares have dropped from 405p to being rated a "serious infection risk" by the World Health Organization.
Picture: Targeted just for you.
http://rocknerd.co.uk
Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.
I couldn't imagine a cell phone or land-line phone company getting away with that.
The only way i will ever sign up for this is if:
1) i have full control over the service down to the lowest levels of my "profile".
2) can turn it on and off at will
3) will at least get a cheaper connection for it.
1 and 2 are possible maybes, but i highly doubt 3 will ever happen.
I, personally, do not mind in the slightest targeted advertising. But if the companies aren't going to be honest with me, or allow me control of my profile to make it better for me AND them*, then i don't want anything to do with them.
People will wonder if i am serious. And to answer that pretty simply, yes, i am very serious.
I don't want to see ads for useless crap, or stuff i hate, this is why most people hate advertising as it is, they are unrelated to anything they like.
I like games, computing, architecture, horror, sci-fi. I don't care about football, i don't care about some awful "pop princess" shaving her head clean, and i certainly don't care about cars.
I love when websites let you choose what things you get to see. This is usually a much more acceptable method of targeted advertising for most people.
If you hate targeted advertising, why do you hate it so much? Do you really think you have any privacy browsing the net? You don't know 100% for sure that ISPs aren't collecting data on you unless you personally work there for one. (or government at that)
Your government almost certainly has more information on you than all of those internet entities out there combined, regardless, so i don't see why you care so much about some websites gathering some information on you...
Are you scared friends and/or family find out you are in to midgets or something else? Hey, guess what, all those people you know, they all have sexual fetishes as well. And, unless they are extremely tight gits, they will probably not even care about it the day after, maybe tease you about it for a few days, maybe a week, but they really won't give a damn. If they do? Tell them to go to hell, find better friends, ditch the family, problem solved. (joking, of course. OR AM I?!)
* by providing amendments to data, such as erasing stuff i don't actually care about and was linked to by a friend, or just casually came across it when browsing random crap.
They benefit from nothing if they just log and advertise using everything.
Does "obtaining consent" and allowing "opt-out" mean that customers will be free to terminate their Internet connection if they don't opt-in? Or will there be an option to retain Internet service while opting-out of the snooping?
The real "Libtards" are the Libertarians!
http://www.eff.org/https-everywhere
Inspect *this* !
I love PR articles like this one. This is the kind of piece that future researchers can than use as a reference - since it appeared in a reputable newspaper, it's "proof" that such services are "coming back". Ultimately the companies offering this service are made to appear more legitimate to potential investors and partners -- even though readig the article shows no actual evidence of a "comeback" for deep packet inspection beyond the fact that a couple of companies are trying to get it moving. cf "Suits are back!"
Using SSL may not be a solution, because websites that think that these techniques will increase their revenue, because the ads they display will be better targeted, have an incentive to not provide an SSL service.
... like there weren't a plethora of reasons to before.
"People don't want to learn linux" hasn't been a valid excuse since '03.
Polly want a fucking cracker?
I want money! That's what I want!. Peeking at my package.. er packets will cost you a pretty penny.
For justice, we must go to Don Corleone
quite effective at deep packet inspection and other man in middle attacks.
Everyone needs to get off their asses and enable https.
I repulsed by the very idea that they would violate of their common carrier status (we're Ma Bell, we connect everyone from presidents and kings to the scum of the earth - Ernestine the hone operator.)
If your ISP is doing that, thrown them off the 'net.
The day they announce some bone headed scheme like that is the day I use wide key PGP and 256 bit SSL to encrypt EVERYTHING I send.
(And I don't use Google mail for anything non-trivial.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.
Let's see if we can boil down what a truthful ad for their spyware would look like.
"Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.
In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?
In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!
So, Advertisers/ISPs can do this,but police need a search warrant to do the same thing? This is a very wrong picture.
Jack of all trades,master of none
Don't peek my packet man!
if I'm the pipe that feeds you, and I provide your web pages
I can certainly answer with whatever I want to your request
and make it seem to come from the same IP address as you asked it from
every day http://en.wikipedia.org/wiki/Special:Random
The just won't target you with ads. They'll save the data until the day when you can't afford to opt out...
Use a VPN in a country like Switzerland that has stringent data protection laws. Problem solved, everything is encrypted to hell, and you don't have to dick around with SSL.
It can be done.
US not EU. Different and sharper set of teeth in the EU. The UK government is in the process of being taken to court and facing very large daily fines for not dealing with the problem. It is now hurriedly trying to change the law - too little too late as usual.
Scum and Trash or is it Trash and Scum Inc. These companies are turd polishers, the internet does not need them. The people that run these companies will take every last vestige of your private life and sell it if they think they can make a buck, please try to put them out of business as soon as possible.... perhaps we could get them an honest job, flipping' burgers maybe.
I prefer Classic Slashdot.
That's what this shit is. "Oh, we'll respect your privacy, give you opt-in". Bull. Fucking. Shit.
The government is seizing websites en-masse as the tools of the MAFIAA that they are. Big telecoms are purchasing control of the internet. Advertising companies are datamining the living fuck out of us. So-called "social networking" sites suck in clueless people who don't have any clue that their privacy is precious and priceless, and these people willingly post their entire lives for all to see and for corporations to collect their data to use however they see fit. Meanwhile the dumbass masses are pacified by technological bread and circuses, oblivious to all that's going on around them until it's too late. Meanwhile our votes are meaningless, and our politicians don't really give a flying fuck about anything except sucking the cocks of the big corporations that keep them in office with their gigantic contributions. Am I the only one who feels powerless? I just hope I don't live long enough to see them kick MY door in.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
There are obviously a lot of problems with these ad services, but maybe there is some value to the Security-for-Ads business model.
The enterprise has an arsenal of security technology that, for the most part, has not made it to the consumer space. This makes consumer-owned computers very easy targets, and that has given rise to botnets.
Either ISPs can give away this kind of security (e.g. IPS, botnet detection) for free, or consumers can pay for it. But, consumers will not pay for it. Maybe supporting network security for consumers with ads isn't such a strange idea.
That said, Kindsight does not seem to have much of a security focus. The most detail I could find on their website are vague references to "advanced threat detection technologies," and none of the positions in their job listings include security expertise.