Deep Packet Inspection Set To Return

siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."

Just sell me internet access please

[rolfwind]

And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.

Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.

I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.

I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.

Re:Just sell me internet access please

[Pharmboy]

You should read your lease. There are a large number of things you can't do in your apartment.

You should read your TOS. There are a large number of things you can't do with your ISP as well. The point is that as long as you are being a good customer, neither should be meddling into your life. There is already protection on the books for renters that vary from state to state, ie: the landlord has to give notice before an inspection, they can't just kick you to the curb for no reason with 1 days notice, etc. The problem is that there is NO consumer protections for customers of internet access. They just keep figuring out new ways to try to make money off of you, typically at your expense. In older consumer markets, they would be subject to fines and/or prosecution for similar actions.

The problem is that since it is the internet, they think that there are no rules that apply to them, and unfortunately, they are almost correct.

Re:Trust

[Monkeedude1212]

Its a stupid thing for them to say that too...

They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

Hmm...

[fuzzyfuzzyfungus]

As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.

At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ typically aren't kicked over to https://foo.whatever./

However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.

Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.

Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.

Re:Trust

[Jah-Wren+Ryel]

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

Exactly the same way all the other trackers like google's doubleclick let people "opt-out" - they still collect all the information about you, they just defer from showing you advertising that would remind you that you are still being tracked. Seriously the industry's idea of "opt out" is never to opt out of data collection, its just to opt out of obviously skeeving you out.

Re:Deja vu

[fuzzyfuzzyfungus]

Unfortunately, so called "outrage fatigue" is both well recognized and quite effective. People with a direct profit motive can just keep trying, again and again, until all but the hardcore tinfoil hatters lose interest)...

Incentive

[Beerdood]

When I started reading this article, I thought to myself "what possible incentive could they possibly provide if I opt in for targeted ads? Maybe a cheaper monthly bill?" Then I found this little gem :

The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.

Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".

Re:Don't touch my packet!

[MightyMartian]

The difference is subtle. The TSA scanners scan your penis, Phorm's scanners scan you scanning other peoples' penises.

What if they did this with phone calls?

[Logic+Worshipper]

Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.

I couldn't imagine a cell phone or land-line phone company getting away with that.

"Security" Service? Really?

[Lanir]

I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.

Let's see if we can boil down what a truthful ad for their spyware would look like.

"Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.

In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?

In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!

Re:Returns? Did it ever go away?

[Savantissimo]

No, as an ex-employee of a southeastern US ILEC I can tell you that they were doing deep packet inspection (and alteration) on all DSL lines from 2003 at latest. The equipment used was the Lucent BSN5000 switches. We weren't supposed to know about the packet alterations, but they made some problems impossible to fix.