Slashdot Mirror
Deep Packet Inspection Set To Return
siliconbits passes along this quote from a Wall Street Journal report:
"'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."
More like the identity theft market....
Deep Packet Inspection Set To Return
I didn't know Deep Packet Inspection ever went away. Did I miss something?
I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
Thanks for giving me your word, and only reading other parts of my surfing habits!
Beware: In C++, your friends can see your privates!
And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.
Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.
I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.
I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.
Err, didn't they try this before and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...
Just like the "national do not call list" we need a "National do not advertise list" .
As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.
At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ typically aren't kicked over to https://foo.whatever./
However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.
Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.
Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.
...a good reason to encrypt everything by default.
Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.
If Slashdot were chemistry it would look like this:Cadaverine
Everyone needs to get off their asses and enable https.