Slashdot Mirror
Deep Packet Inspection Set To Return
siliconbits passes along this quote from a Wall Street Journal report:
"'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."
More like the identity theft market....
Deep Packet Inspection Set To Return
I didn't know Deep Packet Inspection ever went away. Did I miss something?
I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
Thanks for giving me your word, and only reading other parts of my surfing habits!
Beware: In C++, your friends can see your privates!
And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.
Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.
I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.
I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.
Err, didn't they try this before and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...
As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.
At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ typically aren't kicked over to https://foo.whatever./
However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.
Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.
Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.
...a good reason to encrypt everything by default.
Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.
If Slashdot were chemistry it would look like this:Cadaverine
The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.
Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".
Global warming and other natural disasters are a direct effect of the shrinking number of pirates - Gospel of the FSM
I read the headline and assumed this would be another story about the TSA's screening procedures...
This sig is umop apisdn.
Beleaguered Internet advertising phirm Phorm is hitting back at critics with StopPhoulPlay.com, in an attempt to lure Internet activists into herniating from laughter.
"It is clear that the campaign against Phorm originates in the sinister manipulations of Alex Hanff and Marcus Williamson," said Kent Ertegun, CEO of Phorm, "who have used mind control lasers and the killer robot armies of the Open Rights Group and FIPR to deceive millions of Britons into a Communistic fervor of hatred against the engines of the free market and customer demand, the salesmen and marketers, the true creators and enablers of objective value."
The website, designed in Microsoft Word, uses the infallible public relations format so successfully put into play by the ReligiousFreedomWatch.org site of the Church of Scientology, an upstanding community institution of similarly flawless repute. StopPhoulPlay.com reveals how:
"Given the persistence with which they propagate incorrect information, we cannot rule out the possibility that a competitor is involved," he said. "The competitor goes under the name 'reality.' Needless to say, we have no tolerance for an entity of such limited possibilities.
"These people are privacy pirates — people who steal privacy online, off the coast of Somalia. With Internet guns! And drugs! And child pornography!"
Mr Hanff and Mr Williamson said they were unsure whether to sue Phorm into atomic dust for gross defamation or just to let them continue with their infallible public relations work. Phorm shares have dropped from 405p to being rated a "serious infection risk" by the World Health Organization.
Picture: Targeted just for you.
http://rocknerd.co.uk
Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.
I couldn't imagine a cell phone or land-line phone company getting away with that.
Does "obtaining consent" and allowing "opt-out" mean that customers will be free to terminate their Internet connection if they don't opt-in? Or will there be an option to retain Internet service while opting-out of the snooping?
The real "Libtards" are the Libertarians!
An ISP which controls DNS and access to certificates can transparently position itself in the middle of an encrypted link. Unless keys are exchanged off line, or through other networks, end to end encryption will not help.
http://michaelsmith.id.au
It's not about 'not advertising to me' it's about 'not collecting my data in the first place.'
Using SSL may not be a solution, because websites that think that these techniques will increase their revenue, because the ads they display will be better targeted, have an incentive to not provide an SSL service.
Everyone needs to get off their asses and enable https.
I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.
Let's see if we can boil down what a truthful ad for their spyware would look like.
"Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.
In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?
In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!
Say you have an account with an ISP. The wider internet is accessed through the ISP network. Nothing stops the ISP from building a model of the internet within their network, so that when you think you are connecting to your bank, you actually connect to a proxy run by the ISP which forwards connections on to the bank.
This is how it works at my workplace. All SSL connections are proxied.
http://michaelsmith.id.au
You can intercept and proxy an SSL connection easily enough, but you can't do so without detection - the certificate won't match, and browers would start warning of something suspicious.
You could, in theory... except that the browser already has a secure certificate installed with which to verify your identity. They come on the Windows CD (For IE, the most popular browser still) and are thus beyond your power to control. The math is very well-tested. Without access to the corresponding secret numbers for those certificates, no interception without detection. A government agency could pull it off, by demanding those certificates, but an ISP couldn't without their help.