Super-Privacy-Protecting ISP In the Planning

h00manist writes "Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests.' He is now planning an ISP which would be built from the ground up for privacy. Everything encrypted, maximum technical and legal resistance to information requests. Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project. Kickstarter-like IndieGoGo has a project page."

License to print money

[Tommy+Bologna]

If he pulls this off, he will be very well off. I suspect it will take the dinosaur telcos eons before they understand how to adjust, and by then it just may be too late.

Re:License to print money

Probably more like an invitation for an FBI raid.

Re:License to print money

[CodeHxr]

If they* don't just pass a law declaring that this type of operation is illegal.

(* they == anyone with the power [directly or otherwise] to enact/enable such a law)

Re:License to print money

[StikyPad]

If he pulls this off, expect tougher laws on data collection requirements for ISPs.

Re:License to print money

[Jeremiah+Cornelius]

Is America Really Free?

11.04.2012 11:43

By Vasily Georgevich

The recent outcry by the American Media complaining of mass riots over the Russian election has gotten me thinking. Do the youth in Russia protesting understand exactly how free they are compared with the American's slandering them? Consider the facts.

1. America's Free Press

Six Corporations control the American press (Walt Disney, General Electric, New Corporation, Viacom, CBS, and Time Warner), whether in print, or on the television. They even used the frequently derogatory term bloggers to refer to free publications that do not follow their talking points. In covering the protest in Russia the supposedly freest press in the world even saw many programs using falls footage, such as those from riots taking place in the European Union, and mimicking those of the Occupy and Tea Party movements happening coast to coast in America.

2. America's Free Speech

If you think you can say anything you want if you're an American consider the American president recently authorized the assassination of an American citizen who was known for recording tapes and CDs denouncing America's policies as immoral, and oppressive.

3. America's Freedom of Religion

Frequently in the last several decades children have had to rely on parents taking schools to court to avail themselves of the right to pray; Churches and Mosques are frequently having to show up in court to preserve their rights to call people to prayer, ring bells, or even maintain a cross that happens to be visible from a public highway.

4. America's Freedom from Taxation without Representation

American's Pay Almost 50% of their income in Taxes, and work the longest hours of any country in the world.

While Americans insist their tax burden is low, once one tallies the taxes on products, housing, transportation, and hidden taxes employers must pay on behalf of employees Americans work 6 months of the year before they see any profit for their labor.

The average American has 2 weeks of paid vacation, and 3 personal or sick days for unexpected absence at work. Many are so afraid of becoming unemployed they do not avail themselves even of these. Expecting mothers in most American jobs are expected to work to within a month of their expected due date and return to work in 6 to 8 weeks. With the effect of so many families where both parents work the prices of American products are such that only if one member of a married couple is independently wealthy it is impossible for them to survive on an income of a single worker. Women are not free to stay home and help raise children, and increasingly many children are raised by daycare workers, and school teachers.

5. America's Open and Transparent Courts, and Corruption Free Police

While other nations are changing the terminology of Militia to Police, America is enacting laws to the opposite. More and more anti terrorism legislation is targeting 'special instances' where American Citizens can be denied indefinitely rights to an attorney, and be held without being charged with a crime. Further these special situaions call for moving ruling on whether these Americans have committed any crime into Military courts which are not subject to the constitutional protections of traditional American courts.

6. Free Elections

International observers are not allowed at American elections, in fact foreigners present at American elections thought to be spying can be charged, and deported and not allowed to return to the United States. Increasingly exit polls conducted on those exiting voting sites in America show disparity with officially reported results; and Americans have little means to investigate why.

The electoral college system in America is legally able to elect whomever they choose for president regardless of whom Americans vote f

Re:License to print money

[Marxist+Hacker+42]

Wouldn't a cron job deleting all server and firewall logs every 30 seconds do the trick? They can't subpoena what doesn't exist.

Re:License to print money

[demonbug]

I'm trying to figure this post out - did you put it up ironically, like, "Hey, look how completely uninformed this Russian guy is about the U.S., isn't this funny?" Or were you actually serious? The cluelessness meter is off the charts, but I can't tell if it is a joke or not...

Re:License to print money

Too bad you didn't manage to back your stance up point by point..."he who stays silent, gives the chance" or so we say around here.

Re:License to print money

> Frequently in the last several decades children have had to rely on parents taking schools to court to avail themselves of the right to pray

Typical Alex Jones bullshit. Go to a private school if you want my tax dollars paying for your superstition. And don't make me fund any fucking vouchers for it either.

Re:License to print money

[bistromath007]

Almost all of that was true. The worst that could be said about most of it is [citation needed.] The main problems I saw were that he didn't clarify who he was talking about in number two, and he's wrong about military weapons being unavailable for purchase by civilians unless you're in one of the states where getting ANY gun is an asspain. (And he was exactly right about the games they play with that.)

Re:License to print money

[koan]

ISP's are required by law to maintain logs.

Re:License to print money

[bistromath007]

Then he gets arrested for obstruction of justice.

I'd be leery of anyone saying they can offer privacy on the internet. The companies that own the internet, dure to being legally designated as those who would build it, don't want you to have it. Therefore, it doesn't exist.

Anybody who knows enough about the infrastructure to be able to plausibly offer an alternative service knows this, and is therefore in it for the money in a much worse way than usual. They WILL collect data, because they have to, or they will be harrassed outbof business by the government. Somebody promising secrecy in that context is really just inviting the customer to do things the government doesn't like. They're collecting blackmail material.

Re:License to print money

[Eponymous+Hero]

regarding point #1: it's been said that the freedom of press only applies to those who own one. the poster's flawed example of Six Corporations fails to take into account the other forms of press that have been created in the internet. slashdot is a type of press. so is just about any blog out there. some use their social network account as a press. we have the power to voice our opinions, like any other traditional press, even more so today with the low cost, low barrier to entry, and ubiquity of blogs. no matter how we try to make the playing field even by handing out bullhorns, some will just have a louder voice than others. the big 6 are able to use maximum volume, while grandpa tinhat can't figure out the dial, aka market himself well. the big 6 are not inclined to help him out either. however, some do figure it out on their own, and find a way to increase their relevance to the greater population. if they weren't greedy, the big 6 might not eat them up so easily.

Re:License to print money

[Eponymous+Hero]

every 30 seconds? that's stupid. might as well not even keep logs and save the cpu cycles. you don't do this kind of thing for a living, do you?

Re:License to print money

Maintain logs, encrypt them, 'lose' the key. Make them break AES to recover the logs.

Re:License to print money

Posting AC for obvious reasons.

I own a small to mid sized (big enough to have a /21 from arin almost 100% utilized) colo / dedicated server company. If this comes about I will definitely see if I can get a xconnect from him and and advertise the hell out of it. The hard part will be keeping the spammers, malware, and all around bad actors at bay. It only takes 1 of those to completely ruin a companies image even if they have a good track record of curbing abuses.

Re:License to print money

I dont think he fails to account for other news medias.
I think he means that the big corporations disparage and disregard the other outlets publicly, calling them bloggers and such, to the point that they slandered out of legitimacy.

-HasHie

Re:License to print money

[pixelpusher220]

Are they actually? I know there were some bills that wanted something like 18 months of your activity stored (PIPA/SOPA maybe?) but pretty sure those died.

Where is the *legal* requirement that an ISP maintain logs?

Re:License to print money

[Jafafa+Hots]

When they say "the right to pray" what the mean is "the right to make others pray, or at least feel marginalized by forcing them to stand out as not part of the group if they choose not to participate."

Anyone can pray anytime, anywhere. A kid can pray in school. What CAN'T happen is the school can;t LEAD A PRAYER and therefore use authority to enforce that religion.

That's what they are really saying, but they LIE CONSTANTLY about it, those moral religious folks.

Re:License to print money

Most likely a shill for the NSA to easily push over
and implement more draconian legislation.

Nobody's fooled anymore, and we've got
as much data on you as you do on US.

jr

Re:License to print money

Which then gives way to darknets popping up all over the place.

In fact, couple a Raspberry Pi, a frisbee, some solar cells, a battery pack, and a simple recharge circuit, and you have a mesh network node tossable to any roof. Now throw 100 of these around your neighborhood, or 1000 of them around your city.

I fully expect this type of scenario to come to fruition, not only as the laws get tougher, but as electronics continuously gets cheaper.

Re:License to print money

[koan]

http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.01738:

NOTE: In the fall of 2008, Congress passed Sen. Biden's PROTECT Our Children Act which has a data retention requirement!

Re:License to print money

[koan]

Huh when I click on that link above it's broken.

http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.01738:

try it from here if it fails for you.
http://www.cybertelecom.org/cda/protect.htm

Re:License to print money

Ah, you mean the dinosaur telcocablopoly that just scarfed up most of the unlicensed interstitial spectrum without so much as a by-your-leave from /. moderators?

Sure, ok, whatever.

Re:License to print money

[Dripdry]

So are you saying that Americans are being fed the lie of "unfree countries" so that they won't leave? So that Americans think they are somehow free?

More propaganda.... it's what I think now when I see American flags at businesses around the area.....

Re:License to print money

Here is what you want to read.
http://www.govtrack.us/congress/bills/110/s1738

Sec. 501. Reporting requirements of electronic communication service providers and remote computing service providers.
To
save you time - Nowhere does it claim they HAVE to maintain certain records or monitor etc... in fact they explicitly state that, however once asked for information they do have to provide information they do have and such requests are to handled as a request to preserve records (that do exist at the time of receipt).

Re:License to print money

What nonsense is this? Here are foreign election observer reports about the US: http://www.osce.org/odihr/elections/usa/

Re:License to print money

create massively parallel encrypted infrastructure that protects privacy and integrity through a p2p architecture, log it all, but not the contents because by it's nature you can't. Win win.

Re:License to print money

[sixtyeight]

...And that very long Comment was voted up. Why are things like this not submitted and accepted on Slashdot as news stories or at least discussion topics?

Being a geek doesn't preclude me from wanting to have a meaningful, well-cited Slashdot-esque political debate. Indeed, Slashdot may be one of the few places it's possible to have that.

Re:License to print money

[sixtyeight]

The Freedom of Information Act is required to release information on public request. Doesn't mean they can't redact it.

And "by law" should read "by legislation". Huge difference, the lack of comprehension about which enables them to call any old thing law. "Legislation" and "legal" come from the root word legis, and are bureaucratic terms - not law. They concern the legitimacy of the paperwork process involved: Everything dated correctly? Signed by the right parties? Turned in on time? Great! It's legislation.

But to also be a law, that article of legislation must have proper authority behind it. It can't just be any old thing that drips out of a politicians' pen. In the U.S., our "political representatives" get a very specific and limited set of authorities delegated to them from the People. What hasn't been delegated to the federal government remains with the People - or, if they've so delegated it, to the various States respectively.

In other words, what we didn't give them, they don't have. Consider: A politician signs a piece of paper that purports to give him (or other politicians) authorities he didn't already have. This is self-evidently absurd. Typically, if I want to give something I must first have it to give. I suppose I could steal it from someone else, but then I'd just be a thief. In politics, it's called usurpation. When politicians write bogus paperwork purporting to give themselves that which truly belongs to the People, they usurp their own constituency and self-evidently become enemies of the state they purport to be serving. It's just that neither the politicians nor the news media use that term in reference to themselves, for some reason.

Re:License to print money

Sorry to be off-topic, but this struck a (good) nerve.

I'm glad you don't like vouchers. I don't either, as I think it's a way to send public tax money to private, religious, and charter schools.

Charter schools, by the way, are a calculated mechanism to pay teachers less, break the NEA, and force school districts into bankruptcy by taking district funding without being forced to take any student.

The representatives of charter schools can go door to door for only the kids they want (read: the top-scoring students), and keep doing that until their enrollment is full. This steadily lowers the district average test score and increases their own, and breaks the federal fair-housing act.

For each above-average-test-scores-and-unlikely-to-have-behavioral-issues kid they school they take the average per-pupil cost (in money) from the school district, but that average cost is calculated from a total cost that includes special needs students. So the school districts are forced to educate special needs kids with less money than they would otherwise have, and increases the density of behaviorally-challenged kids who disrupt classrooms and other students in public schools. Additionally, the test scores of the special needs and behaviorally-challenged kids is used to calculate the average test score for a district. If you remove the high-scoring students and increase the number of distractions in each classroom then the average student test score in a school district will go down. This gives the charter school proponents the ability to say that charter schools result in higher test scores than public schools but completely ignores the additional constraints placed on public schools

Charter schools cannot openly discriminate by race or religion by law, but minority and religious (Christian) charter schools are very popular in my area. Charter schools also can selectively advertise to parents of minority students, which can be interpreted (the courts will have to decide) as breaking the federal fair-housing act. Once nearly 100% of students are a minority race in a charter school, other-race students may not feel as welcome, and choose other schools. This is less true (though still true to a certain extent) in public schools, but as public schools cannot turn anybody away due to race and cannot selectively advertise, public schools are much less likely to have a largely homogeneous-race students. This has the effect of reversing integration laws under the banner of parent choice; integration laws that were absolutely necessary, and will likely remain necessary, for integration to be achieved in any meaningful manner.

It is routinely said that school districts control which charter schools can be in their district, but at least in my state (CO), if any district votes to shut down a charter school, the charter school can appeal to the state charter board. A board which is staffed almost entirely with current and former charter school presidents and principles. The board, at least in my state, has rarely allowed any charter school to close, and as such the school districts in my state are hemorrhaging cash left and right. This system gives charter school proponents the right to say that school districts have complete control over the charter schools in their area, but in any historical or practical scenario, a charter school must basically be openly committing fraud to be shut down.

In addition, charter schools can ask states to construct their buildings for them with public tax money, and after a certain number of years (usually ten) the building becomes the property of the company that owns the charter school. This has the effect of giving charter schools and the companies that run them free real estate paid for by taxpayers.

Charter schools do not have to deal with the NEA (teachers union), can hire and fire teachers at will, pay them whatever they want to (which is roughly half what a ~30 year veteran public school teacher makes, which itself is _pitiful_), and does not

Re:License to print money

[koan]

OK I'm wrong, should have just gone to Wikipedia in the first place.
https://en.wikipedia.org/wiki/Telecommunications_data_retention#United_States

he United States does not have any Internet Service Provider (ISP) data retention laws similar to the European Data Retention Directive.[19] All attempts have failed:

        In 1999 two models of mandatory data retention were suggested for the US: What IP address was assigned to a customer at a specific time. In the second model, "which is closer to what Europe adopted", telephone numbers dialed, contents of Web pages visited, and recipients of e-mail messages must be retained by the ISP for an unspecified amount of time.[20][21][22]

        The Internet Stopping Adults Facilitating the Exploitation of Today's Youth (SAFETY) Act of 2009 also known as H.R. 1076 and S.436 would require providers of "electronic communication or remote computing services" to "retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."[23] This bill never became a law. [24]

Re:License to print money

[Manfre]

Works great until your frisbee mesh acquires holes from neighborhood kids and dogs.

Re:License to print money

Biden? Sounds like a dick. I sure am glad he's not in congress anymore. What ever happened to that guy anyway?

Re:License to print money

He will have to host it all in Montenegro. There's no way a guy like this will be tolerated in contemporary USA.

Re:License to print money

[thoughtlover]

The United States hasn't used rubber bullets against protesters as Georgian president Sakashvili did multiple times in recent years

I have to completely disagree with this, as my roommate showed me pictures where he and his girlfriend got hit with rubber bullets while protesting the FTAA in 2003.

He and his gf were hit on their legs and arms, but one woman was hit on her temple and he said she was completely knocked out and they had to help carry her off into the 'ghetto' where the police were forcing protesters to move into --he was also a camera operator at that protest and was told by locals in that 'sub par' neighborhood that 'non-locals' attempting to wear gang colors were trying to incite the locals to beat up and harass the protestors and "steal their cameras". Those that were being told to take their camera equipment were the very same people that actually took them into their houses and gave them shelter and helped treat their wounds.

https://en.wikipedia.org/wiki/Miami_model

Re:License to print money

[tinfoiler]

In the past couple of years, when have laws been relevant? Verisign anyone?

Re:License to print money

[allo]

Make logs useless.
Like "okay, i need to log ips? The Customer gets a private one, which is mapped 1:1 to a public one. No logs of the mapping"
Like a anonymous-VPN built into the ISP itself. The anonymous VPN is legal, the ISP is legal, why not the combination?

Re:License to print money

Where am I supposed to get a Raspberry Pi? :P

Re:License to print money

There's a TV station in the UK could Russia Today. There is a programme on it called the Keiser Report.

I suggest you watch it because it has precisely this kind of amusing ranting in it, but there's a moral to the story - it's absolutely no more sensationalist than Fox News, it's only difference is the direction of it's bias. Despite this, and despite the fact I see the Keiser Report as more of a comedy spoof of Fox News than the serious show it's intended to be, many millions of Americans still routinely watch and believe Fox News.

Or in other words, it might not be exactly fair, unbiased, or informative, but please realise it's got no less merit in what it says than Fox News does which many are in fact quick to believe. For those of us capable of being a bit more objective in our understanding of the news we consume, watching both sides of the high stakes FUD battle is pretty fucking amusing.

Re:License to print money

[elucido]

If he pulls this off, expect tougher laws on data collection requirements for ISPs.

Whether he pulls it off or not it wont stop the FBI from spying on someone. It just makes it more expensive.

The FBI keeps making the mistake of thinking changing the laws is the solution to everything. Technological solutions already solve this problem. These solutions I don't feel like I have to mention but they certainly cost more and they aren't blanket surveillance solutions.

And that's probably what the FBI wanted. The FBI probably wanted blanket surveillance on the cheap and this makes it too costly.

Re:License to print money

[mcgrew]

Do the youth in Russia protesting understand exactly how free they are compared with the American's slandering them? Consider the facts.

Sorry, but the opinion of the uneducated is of no interest whatever to me. Your "journalist" should learn when, and more importantly when NOT, to use simple punctuation and I'll read his tripe. But what an aliterate says is of no value to me. I'm surprised you'd quote such a rag.

If it was meant as a possessive it should have read "compared with the Americans' slandering of them."

Six Corporations control the American press

Wrong. They do have undue influence, but I just linked to a newspaper (yes, they print paper editions as well) that is not connected to any of them.

Freedom of the press has always been for those with the money to buy a press -- which today, is almost anyone, since the 21st century printing press is a laser printer and the internet.

the American president recently authorized the assassination of an American citizen who was known for recording tapes and CDs denouncing America's policies as immoral, and oppressive.

Link? Oh, there are none. Funny, that.

Frequently in the last several decades children have had to rely on parents taking schools to court to avail themselves of the right to pray; Churches and Mosques are frequently having to show up in court to preserve their rights to call people to prayer, ring bells, or even maintain a cross that happens to be visible from a public highway.

And again, no link. Your Russian newspaper is full of shit. We have Christian churches, Jewish Synagogues, Islamic Mosques, and even a Bhuddist temple in this small city of 110k. Oh yeah, lots of atheists and agnostics as well.

American's Pay Almost 50% of their income in Taxes

There's that misused apostrophe again. Tell that stupid illiterate blogger to go back to the 6th grade. Hell, you'd have done better to link to this. At least I'm literate. Your Ruskie blog reads like it was written by a fourth grader.

Re:License to print money

[jefurii]

There will be prayer in schools as long as there are tests.

Re:License to print money

[hlavac]

Why would FBI raid their own honeypot?

Re:License to print money

[ckaminski]

Let's not forget the girl killed when she was shot in the eye with a rubber bullet in Boston in 2004 during the "riot" after the Red Sox won the World Series.

Re:License to print money

[Gr8Apes]

This really deserves to be modded down some, but I'll reply:

1) the press is free. Who owns most of it is a different topic.

2) If it's who we suspect, he did more than merely state his opinions. His "recording tapes and CDs denouncing America's policies as immoral, and oppressive" was not why the action was authorized, or many more "assassinations" and arrests would be ongoing.

3) You have the right to pray. You do not have the right to influence or force others to pray. There is a not so subtle difference, Ringing bells can violate noise laws, and none of these are federal issues.

4) Americans do work the longest hours of just about anyone in the industrialized world. (key difference) Federal taxes are not as high as you'd think, mine were roughly 25%, including social security. However, if you want to get to an equal standing with European countries, we do wind up having to "lose"over 50%, to have retirement benefits, health benefits, etc, equivalent to a W European country (albeit that was in the 90s when doing a comparison, it's probably different now, and might be less, in my case at least.)

7) protests following the laws set out for them will occasionally have police breaking the law. Several incidents were recorded and officers were prosecuted as a result dring the Occupy protests. When protesters violate the law, or are no longer "peacefully assembled", then there no longer is a "right" to assemble.

8) Don't know about Americans having a false belief about the gun rights in other nations. However, with the proper paperwork, you essentially can walk into a store and buy automatic weapons. There are also many places they can be used. Note that restrictions of their use is not federally but locally legislated. The Constitution only applies to the feds. If you'll notice, technically the BoR specifically limits the freedoms on a federal level only. It was later amendments and SoC rulings that forced most of them to be also applied at state and local levels.

Re:License to print money

"the American president recently authorized the assassination of an American citizen who was known for recording tapes and CDs denouncing America's policies as immoral, and oppressive.

Link? Oh, there are none. Funny, that."

His name was Anwar Al-Awlaki. You're ignorance to the evil perpetrated by our government does not reduce it, and you're snide "no link no sale" only exemplifies that you are clueless in this debate. I knew EXACTLY what he was talking about.

Re:License to print money

[Jeremiah+Cornelius]

And Awlaki's 15-year-old boy. Killed separately by drone.

Evil.

Re:License to print money

No he isn't. NFA guns are hard to get and run multiple $1000s. Unless you consider all semi-auto rifles "military weapons" you are quite wrong. Last I checked, those are full auto and/or blow things up. Look alikes != real thing.

The "military" weapons we can get are the equivalent of a plastic Ferrari with a 2.2L 4 cylinder being a race car.

Re:License to print money

[Marxist+Hacker+42]

Actually, I do- the 30 seconds thing came from a *specific* request from management I had once (the idea being to make it configurable,and leave the log intact so that if they did start having errors, it'd be simple enough to change the period of the cron job.

Re:License to print money

[Marxist+Hacker+42]

"Then he gets arrested for obstruction of justice."

Only if they notified him of the investigation before hand and requested he keep his logs.

Re:License to print money

[Eponymous+Hero]

wow, do your benefits cover therapy? remember, getting help is not a sign of weakness.... seriously, condolences.

Re:License to print money

[Seven_Six_Two]

But what an aliterate says is of no value to me.

That's awesome. I wish I knew how to mark your comment as "funny". Do you think that the OP knows how to read, but refuses to? I'm not sure where you got that from. I'm giving you the benefit of doubt by not assuming that you spent all that time attacking the writer's literacy, while being unable to spell illiterate. By the way, mcgrew, I may be mistaken but English probably isn't the OP's first language. In how many languages is your grammar perfect?

Re:License to print money

[gmanterry]

When they say "the right to pray" what the mean is "the right to make others pray, or at least feel marginalized by forcing them to stand out as not part of the group if they choose not to participate."

Anyone can pray anytime, anywhere. A kid can pray in school. What CAN'T happen is the school can;t LEAD A PRAYER and therefore use authority to enforce that religion.

That's what they are really saying, but they LIE CONSTANTLY about it, those moral religious folks.

You, sir, possess true wisdom. Ever think of running for public office?

Re:License to print money

[mcgrew]

It wasn't a misspelling. An aliterate (and you defined it yourself in your answer) is someone who knows how to read, but doesn't. To misquore Twain (or perhaps paraphrase), an aliterate has no advantage over an illiterate. If you read enough edited material you'll know (as I think you do) when and when not to use an apostrophe. When I see someone write "she ate all her carrot's" that indicates to me that the writer doesn't read much more than twitter tweets, facebook pages, and the like.

My grammer's far from perfect in English, my native tongue, and I only know a smattering of Thai (I could speak well eneough to get by there, but barely). I think my Spanish was pretty damned good, but that's only because Spanish grammar and spelling are easy. Far easier than English. But one should not expect to see grammatical or spelling errors in a newspaper article.

TFS is confusing.

[idontgno]

Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests'....maximum technical and legal resistance to information requests.

He's tired of fighting The Man, so he's going to set up a new ISP which will let him fight The Man even more? That doesn't even begin to approach making sense. Is this like Fight Club or something?

Re:TFS is confusing.

[Tommy+Bologna]

Shhh, we don't talk about Fight Club.

Re:TFS is confusing.

[Karl+Cocknozzle]

Nicholas Merrill ran a New York based ISP and got tired of federal 'information requests'....maximum technical and legal resistance to information requests.

He's tired of fighting The Man, so he's going to set up a new ISP which will let him fight The Man even more? That doesn't even begin to approach making sense. Is this like Fight Club or something?

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

Another possibility, however, is if he gets anywhere close to a working model where this is possible that he suddenly has an "accident," or his data-center suffers a "mysterious fire." Or maybe the CIA kills his network engineers the way Israel kills mechanical engineers they think can build high-speed centrifuges in Iran.

Re:TFS is confusing.

[Surt]

He's tired of being unable to beat the man, so he's going to construct his own company in which it will be impossible for him to lose.

Re:TFS is confusing.

[cdrguru]

Far closer to the idea that he has 100 customers but needs 10,000 to fund the operations. Can something like this ever get enough customers to operate? Not if they charge a penny more than a non-privacy protecting ISP - it simply isn't a priority for most people. A few, yes, and that is all the customers something like this would ever have.

Far too few to make a go of it. No reason for anyone to attack it - it will die of lack of interest.

Re:TFS is confusing.

[CodeHxr]

You should be careful - you're getting awfully close to the way things work.

Re:TFS is confusing.

If his ISP, by design, does not store any data of value to the spies, they must snoop elsewhere. That's the theory at least.

Re:TFS is confusing.

but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department

Wrong. The biggest gorilla is the U.S. D.O.D.

Re:TFS is confusing.

You are missing the obvious business model where he signs up a bunch of pedos/terrorists/ron paul supporters and then sells the info to the feds.

Re:TFS is confusing.

[Jah-Wren+Ryel]

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

Re:TFS is confusing.

[Eponymous+Hero]

no, the way he's fighting The Man (i.e. handling information requests) is making him tired. so like any good engineer he attacked the root of the problem with automation. now he can fight The Man without getting so tired.

Re:TFS is confusing.

[Actually,+I+do+RTFA]

They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

Who he already fought. This guy is the same guy who fought (successfully), the national security letter he recieved in 2007.

Re:TFS is confusing.

[Jah-Wren+Ryel]

He's tired of fighting The Man, so he's going to set up a new ISP which will let him fight The Man even more? That doesn't even begin to approach making sense.

Complying with these sorts of requests is costly, particularly for a little guy.
So by not collecting the data in the first place they save themselves a lot of work.
It is far easier to say flat out, "sorry we don't have that information" than it is to go dig through months or even years of logs.

If more companies would see it as a way to save money, we might actually start to get corporate interests aligned with personal privacy again.

Re:TFS is confusing.

[Mordok-DestroyerOfWo]

Shhh, we don't talk about Fight Club.

I thought that was Usenet...

Re:TFS is confusing.

[lamebrane]

Who's to say this isn't just a CIA/NSA/FBI/etc honeypot?

Re:TFS is confusing.

[DerekLyons]

After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned.

Not buying it - as circulation records are a libraries lifeblood come budget time.

[[Citation Needed]]

Re:TFS is confusing.

[Jah-Wren+Ryel]

Google it yourself.
But I will point out that your objection is specious. Budgeting doesn't depend on who borrowed a book, only that it was borrowed.

Re:TFS is confusing.

They know how many books circulated and when. They just drop the part that identifies who had that book.

Re:TFS is confusing.

He can still comply. But the data will be unrecognizable/unreadable/uberencrypted. That is a little different than saying he is not collecting. I think that is the key.

Re:TFS is confusing.

As a sysadmin in a public library consortium I can confirm that this is true (at least at many library systems in my state). Circulation history is not kept past the current borrower, and circulation statistics in regards to budgeting are of the anonymous, raw-circulation-count variety and have nothing to do with individual, identifiable patrons.

Re:TFS is confusing.

Lawyers, Judges and Librarians seem to care about personal freedoms regardless of who is being persecuted. Their are surely enough ethical these to support his ISP.
 
  The police for the internet are apathetic, also clueless, but mainly apathetic. If citizens could report crimes taking place on the internet it would be fine. Attacking from the clueless angle by removing the need for warrants is stupid. Hiring thousands of developers to comb through data is stupid, put those thousands to work in the FBI solving CRIMES not investigating the innocent, reticent or introverted.
 
  Computers have brought massive amounts of productivity, making thousands of jobs obsolete... the government is largely subsidizing those people now when they could be used in law enforcement... and by law enforcement I do not mean the CIA/NSA (create more problems than they solve, shoot them all) I mean people who make a path from Victim->Crime->Criminal.

Re:TFS is confusing.

[bjwest]

After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned.

Not buying it - as circulation records are a libraries lifeblood come budget time.

They only need to know numbers, not who those numbers correspond to.

Re:TFS is confusing.

All the more reason for this to work. It would seem like if he managed to make a working business model, and one of which that was easy to duplicate, the idea could potentially get off the ground. Last I checked, one doesn't need to JUST be an ISP to store data. If this method was one of which that even remotely shared, I could see it getting widespread use very easily.

Re:TFS is confusing.

[DerekLyons]

Google it yourself.

Translation: I don't have a citation.
 

But I will point out that your objection is specious. Budgeting doesn't depend on who borrowed a book, only that it was borrowed.

You specified that *all* records were deleted - which means there's no record of it being borrowed. But getting details wrong is typical when you make stuff up.

Re:TFS is confusing.

Or maybe the CIA kills his network engineers the way Israel kills mechanical engineers...

The CIA isn't allowed to operate within the confines of the US. Put down your DVDs of Burn Notice. More likely, it would be someone from Blackwater or whatever their name is.

Re:TFS is confusing.

[thoughtlover]

It is far easier to say flat out, "sorry we don't have that information" than it is to go dig through months or even years of logs.

If more companies would see it as a way to save money, we might actually start to get corporate interests aligned with personal privacy again.

Actually, most companies have a pricing policy for retrieving such information. What, you think that retrieving information is free??

Re:TFS is confusing.

[tinfoiler]

Absolutely, I would love to see how much AT&T has made in the last ten years of selling customer records.

Re:TFS is confusing.

[killmenow]

I thought that was [REDACTED]...

This is why we can't have nice things.

Re:TFS is confusing.

Hey, why are you disparaging pedos and terrorists by lumping them in with Ron Paul supporters

Re:TFS is confusing.

[SomePoorSchmuck]

Google it yourself.

Translation: I don't have a citation.

 

But I will point out that your objection is specious. Budgeting doesn't depend on who borrowed a book, only that it was borrowed.

You specified that *all* records were deleted - which means there's no record of it being borrowed. But getting details wrong is typical when you make stuff up.

Now you're just being an ass.
 
  I spent many years working as an IT manager for academic libraries. Jah-Wren is correct. Subsequent to the PATRIOT Act, almost every library which previously had kept borrower history (and even this was not universal since many libraries already took an aggressive approach to the ALA privacy philosophy) began deleting identifiable borrower information, preserving only statistical data like number of times circulated/browsed/renewed, length of loan, etc. And for academic libraries in particular, the ones who didn't take the PATRIOT Act seriously have taken the same approach due to FERPA concerns.

This isn't rocket surgery, it's a pretty straightforward database tweak to discard certain data and preserve other data. Now, at many libraries the instant a book is scanned (discharged) after return, the system wipes the last user data. This adds an additional hassle in that if you find an item, say, in your curbside drop box, which is overdue/lost, then depending on how your ILS interface works (e.g. does it provide on-screen prompts or errors for such items) you may have to train your staff to immediately stop and record the information on the screen before scanning the next item, or else you'll have an "orphaned" fine/fee on a patron record, because the item was returned and some portion of the patron's fine/fee should be forgiven, but you don't have any way of knowing which patron had the item.

Re:TFS is confusing.

[DerekLyons]

Translation: "I don't have a citation either, but trust me".

Re:TFS is confusing.

[jarden_from_cerberus]

LMGTFY:
http://www.google.com/search?q=automatically+erasing+a+reader%E2%80%99s+borrowing+record+once+a+book+is+returned
~2 Million Hits

First 5 Results:
Tiffin-Seneca Public Library Privacy Policy
Paulding County Carnegie Library Privacy Policy
Johnson City Public Library Privacy Policy
Mount Wachusett Community College LaChance Library Privacy Policy
Springfield, MA City Library Privacy Policy

Happy?

Re:TFS is confusing.

[Karl+Cocknozzle]

Does your computer just not have "Google" or something? Get off your ass, Mr. Skeptic. My local library is doing this too: I asked.

Re:TFS is confusing.

[SomePoorSchmuck]

Translation: "I don't have a citation either, but trust me".

Translation: not only are you being an ass, you're also being a great fool.

You keep using the word "citation". I do not believe it means what you think it does. Asking for a citation in this kind of conversation (in which you are clearly over your head) doesn't address your problem, it simply inserts another layer of abstraction between you and someone else just like me making the same well-informed statements.

See, the thing is, I already know - from almost two decades of working in the field - that I know what I'm talking about. Therefore, I know that if you had sufficient knowledge of the subject to be in any position to judge the accuracy of my statements, you would already have recognized the truth told to you by me and several others in this sub-thread. Therefore, I can clearly infer that you can't handle this truth due to some internal problem of your own.
 
That is, if you can't recognize a well-informed statement when you read it, then you either have no knowledge whatsoever about how an ILS works (and therefore insufficient background to understand the conversation whooshing over your head), or you have very poor critical thinking tools (and therefore insufficient intellect to understand the conversation whooshing over your head).
So, either way --- WHOOSH!

Re:TFS is confusing.

[Jah-Wren+Ryel]

You specified that *all* records were deleted - which means there's no record of it being borrowed. But getting details wrong is typical when you make stuff up.

Lol. Pedantry, the first refuge of the internet idiot.

Good for Snow

I like Brian Snow because he'll pretty much assure that everyone involved will think they are invulnerable, when in fact the complete opposite is true. This ISP will be as transparent as the wind screen in your car.

Re:Good for Snow

[ichthus]

That is, unless it's filled with... bugs. ?? I don't get it.

Re:Good for Snow

[Jafafa+Hots]

I don't have a car.

persistence of protection

I recently had an idea for a nifty web service, but privacy would be a huge issue. I could do like these people and take a stand on it, but the question that arises then is: how do I convince the customers that the protections will remain in effect if I sell the site someday?

Most potential users probably wouldn't think of that, but if you're approaching it out of principle *you* should think about it.

Is there any legal way to enforce continuation of policies on buyers? Something like the "covenant running with the land" for home sales?

Re:persistence of protection

[cdrguru]

You could have an agreement with who you sold it to, but they would be under no obligation to have a similar agreement with whomever they in turn sold it to. I am not a lawyer, but I highly doubt there is any way to enforce something like that on down the line of future sales.

A clause in a sales contract that said all future sales had to include the following terms ... would be unlikely to be enforceable. So sure, you could put it in, but then what? If it isn't enforcible and auditable leave it out and make the agreement simpler. That rule goes for just about everything.

Re:persistence of protection

[lamebrane]

How could you convince your customers that you weren't a tool for the _agencies_?

Re:persistence of protection

[Jafafa+Hots]

Simple. Tell them that you CAN'T guarantee that the service will stay the same if you sell the site. Because you CAN'T.

So, if you choose to sell the site, tell them you've sold it and that though their data was not stored and therefore not transferred to the new owner, you have no control over what the new owner does.

You'll lower the sale price by doing this, but if a high sale price is your goal then you wouldn't be doing this in the first place. You'd spend your time designing some stupid iPhone apps instead.

NSA Director?

[stevegee58]

Former or not, still sounds like a 5th column in the making.

Re:NSA Director?

[gstoddart]

Former or not, still sounds like a 5th column in the making.

Yeah, I have a hard time believing the former director of the NSA is going to be willing to help create an ISP which would allow you to not be spied on by the NSA.

And, as people have pointed out, there's simply no way you could build this to circumvent the Patriot Act and other things without being illegal under those very things.

Governments want more access, not less.

Re:NSA Director?

[lister+king+of+smeg]

i believe it said technical director, not the director. he was they guy in charge of trying to explain computers and what is and is not possible with said computers to the director.

Re:NSA Director?

[gstoddart]

i believe it said technical director, not the director. he was they guy in charge of trying to explain computers and what is and is not possible with said computers to the director.

Well, he may need someone to explain to him how laws work, and what is and is not possible with said laws.

I don't see them having any legal leg to stand on if they build this in such a way as to say "Oh, sorry, we can't comply with your Patriot Act request".

And that is as far as it will ever get

[cdrguru]

Will people pay for supposed "privacy"? Sure, a few would but absolutely not everyone. Or even a majority of people.

The fact that the local police or FBI can subpoena records held by your ISP to find out what you have been doing online and that Google will disclose that you have been researching poisons if your spouse suddenly dies of some rare and obscure poison is irrelevent to most people. Most people more or less figure that if you have been researching poisons and your spouse dies from one that you probably did it and deserve what is coming.

The fact that it is possible - maybe a 0.001% chance - that an innocent person might be caught up in something like this is remote enough to most people to completely discount it happening. Not. Important. For. Them.

If you are downloading movies, music, software, ebooks and whatever else you can grab off BitTorrent today and after a huge legal effort you get caught, well, most people's attitude is (a) I wish I knew how to do that... and (b) sucks to be you. Again, the offender is 99% of the time the person getting nailed and while there is a possiblity of the wrong person getting stuck with the bill we have seen through history that it is rare enough that most people discount it ever possibly happening to them. So it isn't important.

So this can be planned and might attract a few geeky investors. But it is extremely unlikely to survive even one year and probably won't ever be launched. The reality is that almost nobody cares will sink in and doom the project.

Nice idea. Too bad nobody cares. I do not see it affecting mainstream cable companies in the slightest little bit.

Re:And that is as far as it will ever get

[demonbug]

The fact that the local police or FBI can subpoena records held by your ISP to find out what you have been doing online and that Google will disclose that you have been researching poisons if your spouse suddenly dies of some rare and obscure poison is irrelevent to most people. Most people more or less figure that if you have been researching poisons and your spouse dies from one that you probably did it and deserve what is coming.

That, or most people will realize the fact that it is circumstantial evidence and it won't get you convicted unless there is abundant additional evidence that ties you to the crime (or you base your defense on ignorance of poisons and your search history proves you are lying).

But I agree with the larger point, that people mostly don't care if the authorities can get access to their search histories and that it is unlikely this company would find more than a niche market.

Re:And that is as far as it will ever get

0.001%

99%

Why are you making up percentages on the spot, here? Or were you trying to say, "This is how the average person thinks."?

Re:And that is as far as it will ever get

[Beardo+the+Bearded]

I would pay double for my ISP if I got everything encrypted, no server logs, and a great big "fuck you, you warrantless fuck" attitude.

And I live in Canada, where our ISP rates are, "you got a purty wallet..."*
.

.

.

.
*Does not include $5.95 government assraping fee which is not a government fee.**

**This is an actual disclaimer on Roger's agreements.

Re:And that is as far as it will ever get

[jdogalt]

"The fact that it is possible - maybe a 0.001% chance - that an innocent person might be caught up in something like this is remote enough to most people to completely discount it happening. Not. Important. For. Them."

This is the thing. It'll happen. It took royalty getting caught up in the Murdoch phone hacking thing, but now that cat is starting to come out of the bag. I think it's safe to say that the U.K. has a more evolved, through experience, and more enlightened view of the dangers of digital network communications security these days than they did in the ugly post-9/11 big brother (cities blanketed with 24/7 video surveillance, etc...) phase. Before the Murdoch thing, the govt could hammer away the company line (that you quote above, i.e. the threats will never hit those you know or care about, any more than lightning and car crashes do). But now after seeing the top eschelon of the paragons of terrorist-fighting elite professional police, succumb to simple bribery for tabloid exploitation purposes to further enrich the owner of FOX news??

Things evolve, technology, perceptions. People learn. They aren't as stupid, both now and in the future, as the above sentiment suggests you believe.

Re:And that is as far as it will ever get

[stephanruby]

Will people pay for supposed "privacy"? Sure, a few would but absolutely not everyone.

Some businesses may be willing to pay for this kind of privacy.

After all, if the system is better at protecting the privacy of a customer from the US government, it may also be better at protecting such information from hackers, disgruntled employees, and/or corporate espionage.

Now, I'm not saying this kind of service will have many customers, but I could certainly envision a number of businesses be willing to pay a very high premium for this kind of added security layer (assuming this new ISP does a good job of it of course, which still remains to be seen).

Re:And that is as far as it will ever get

"""*Does not include $5.95 government assraping fee which is not a government fee.**

**This is an actual disclaimer on Roger's agreements."""

No, no, no, you can't just come up in here and say that.
Now I need you to show that to me if it actually exists.

Because the way shit's been going lately, I honestly would not be surprised.
Depressed maybe, but not surprised.

Re:And that is as far as it will ever get

The "Fact" is that they subpoena a link into the ISP logs and take EVERYTHING then sort it for "possible" troublemakers.
 
  Privacy is important. Most people are stupid and simply follow the law, not ethics, not morals, the law. They will not stand up until it's too late...
 
  Ethical consumers already support OSS, legal services, charities, etc. While people on the right believe you get what you deserve and fight the government's ability to put money into truly worthy causes if they don't conform to their sensibilities.
 
  It sucks that the kind of people who understand that knowing what's going on and being able to comment and discuss it is important are already spending money on "free" as in libre software and supporting artists though they pirate and that this is another area where they'll have to spend a bit more for the good of everybody. That's just the way it is, good people support everyone, assholes support themselves. Consider that being strong means having strength to offer others, if you make a million dollars but need a Ferrari to be happy, are you strong? The right is a bunch of children who can't help being reactionary and ignorant. It's up to smarter people on the left to preserve the future, the public good, and ethics...
 
If someone says "but it's not illegal" or "I don't need that," cut them off, find another friend... you'll be glad you did.

Trust us!

If you're the government wanting to spy on all the tin foil hat crazies, wouldn't the best way be to run the privacy/security/encryption/anonymizer yourself. How do you know this ISP is trustworthy?

Re:Trust us!

[Surt]

Given the rate at which prosecutions are happening, it would become obvious pretty immediately if this ISP were not doing what it promised.

Re:Trust us!

[viperidaenz]

Not if they don't identify who they're prosecuting and redact any information that may link the case to the ISP

Re:Trust us!

[Stiletto]

Not if prosecution came with a gag order.

Re:Trust us!

[Surt]

And issue a gag order on the victim and his lawyers, friends, and family?

Re:Trust us!

[Surt]

And the people who would use such an ISP are all going to be compliant, I take it?

Re:Trust us!

[viperidaenz]

Now you're getting it!

Re:Trust us!

[viperidaenz]

BTW, Its called a Fry-Hole, not Hawking-Hole

Re:Trust us!

[Stiletto]

If they don't want to be dragged off to Guantanamo Bay, they will.

Re:Trust us!

[elucido]

If you're the government wanting to spy on all the tin foil hat crazies, wouldn't the best way be to run the privacy/security/encryption/anonymizer yourself. How do you know this ISP is trustworthy?

Even if the ISP is trustworthy, if just one or two undercover government agents work there it's enough to make the ISP compromised.

Re:Trust us!

[Surt]

Somehow I don't think that's going to work out. Because people who choose such an ISP are obviously the compliant types.

Attaboy!!

[DontForgetYourPants]

Nothing particular poignant/pertinent to add... however I just want to stand up, clap and be joined in a resounding "ATTABOY"!! This sounds absolutely fantastic!

massive flood of bogus DMCA takedowns in 3.. 2...

[wierd_w]

Seriously, while I love the idea, and really do wish them well, they are effectively just stinging a squad of ogres armed with flamethrowers.

The RSA, CIA, FBI, and DHS all have strongly vested interests in destroying private correspondence for anyone but themselves.

The MPAA, RIAA, and associated gaggle of goons act like they used a hornet's nest suppository at the mere mention that they are anything but "helpless victims" of intellectual property theft, and that the bad, bad, ISPs just wont beweeve dem! (While simultaneously arming a thermonuclear court case)

I don't see this startup ending well, for all the good it would bring to the world if they were.

I see them either being legally raped and blackballed by every major nation and media group, or becoming the victim of something akin to regulatory capture via last minute legislation if they somehow survive.

privacy is not for the last mile to provide

If you want complete privacy, you need a Twitter-like service where everyone must subscribe and regularly download the WHOLE feed and everyone must one post some number of encrypted communications to the feed each day. Then nothing can be inferred from routing.

Re:privacy is not for the last mile to provide

[Marxist+Hacker+42]

Either that, or erase the router logs every few seconds.

DOJ will file suit, Feds will seize it

[Virtucon]

and it will wind up in the basement of the new NSA data center in Utah.

A chain is only as strong as...

Sorry, but even if this somehow gets past all the TLA organizations, you're going to have to visit a website eventually. And they aren't going to encrypt their logs or refuse subpoenas for your information. So unless you're going to start some sort of Internet2 clique on this guy's wires, I don't see how this is going to accomplish anything.

Re:A chain is only as strong as...

[ZeroSumHappiness]

Right, because I'm sure subversiveantigovernmenttypes.com is going to just hand over their records to the FBI and CIA.

Re:A chain is only as strong as...

[jonwil]

Is this guy retaining logs matching IP addresses to customers? Its hard to tell from TFA if he is but if he is not it becomes very very difficult to link a visit to a web page or a download from a Torrent back to the human being that carried out the action.

hello idiots

Stop being so USA centric- there is a whole world to put your server- and not just in a dictatorship like america.

It will not work unfortunately for these reasons:

1. he is an american, everywhere you go now the US can get you
2. it is located in America
3. The us government owns the root name servers, hence the internet.

Not sure HOW he'll pull this off...

...how can he rebuff perfectly legal - even if you don't AGREE with them, but legal nonetheless - subpoenas?

I don't see how this business will work. Even if you charge a premium - let's say $2000/mo, which would be pocket change for the drug dealers and criminals who would be the target market for this service - eventually the government will be able to stop you at some point. Even if you run the entire thing in a data center and pay for your own cross-connects to the major tier-1 backbone ISPs, they would all eventually pull the plug on you under court order. Doesn't matter whether you peer or pay for Internet transit, eventually they'll just stop routing your packets.

To scale this even to regional size - say New England or the Atlantic coast or the Southwest or whatever - and provide "premium" broadband (assume DSL) will be cost-prohibitive and again put you under the thumb of the telcos who can decide to pull the plug at any time. I could see a potential for this working as a kind of rogue wireless broadband network, run from the data center. But even with as little dependence on a third-party as possible; e.g., your OWN building for the data center, with your OWN wireless infrastructure with your OWN towers with your own fiber run to data centers where you can cross-connect and stand less risk of some ISP or telco simply turning off an OC12 you run into your little bitty data center - this is hugely risky, hugely litigious, and hugely susceptible to all sorts of government intervention.

With all the government regulations and tarriffs associated with the telecom industry it seems like this guy is jumping out of the frying pan and right into the fire.

Honey Pot

[walkerp1]

This sounds like the makings of a target-rich nailing list for the Feds. Sure, let them build it. We want to see who comes! Now we can concentrate our not inconsiderable assets on cracking this who's who list of the criminal underworld. Why, it's almost as if they had something to hide...

Re:Honey Pot

[isaac]

The only way this makes sense is as a honeypot, intentional or not.

First, government surveillance of the internet is a solved problem - it's already comprehensive and embedded in the infrastructure of every major carrier and exchange. What good is a theoretically surveillance-free ISP if you can only talk to other customers of the same ISP? The ISP would not be surveillance-free much longer if it ever build any kind of user base.

Second, essentially everyone on the internet leaves - even if they take pains to avoid doing so - a rich data trail with private companies. Facebook, Google, Omniture, CDNs, etc. etc. Data aggregated by these entities render wiretapping at your ISP unnecessary in a lot of cases, and as a bonus may be used against you by private entities for non-criminal matters.

(It's also reasonable to assume that small, mostly-disconnected graphs - i.e. users that successfully manage to communicate only with each other - are inherently of interest from an intelligence or law enforcement perspective. Think of a set of pre-paid phones that only ever call other pre-paid phones, or IPs that only ever communicate peer-to-peer or only visit a single third-party site. Who would ever use the network that way?)

I mean, it's a neat idea and all, but the horse is already out of the barn as far as gov't surveillance goes, and does nothing to address the private data aggregators that are the more real threat to people's lives and livelihoods.

-Isaac

Re:Honey Pot

[Dan667]

my bet is that they would just end up with a bunch of cat pictures from regular people sick of government snooping.

I only have one ISP to choose from!

[GoodNewsJimDotCom]

I have Comcast for high speed internet, or nothing! I don't care if you encrypt my information or send it to the cloud in China, having some competition is better than living in a monopolistic world where the monopolies even corrupt the government

Stored encrypted email...how exactly?

FTFA:
"The next products on the roadmap include hosted email and cloud storage/sync systems that utilize public key cryptography so that only the user possesses the key required to decrypt their email or files."

This means that the ISP will need a public key from you and encrypt every email they receive and unless you want spam, that encryption has to happen after it is filtered through spam filters, etc. Next, supposing that your email is stored encrypted, how is an IMAP or POP server going to work? How do they index the file and send you headers, etc? Or is it just the body that will be stored encrypted on their server(s)? At the very least there is a requirement here for custom software at both the email server/client and raising $1,000,000 doesn't buy a whole lot of programmer time once you take out management and all of the other overheads.

There are technical details and questions about the broad plans thus far proposed which make me question whether they've had someone truely proficient in these matters analyse and critique the business and technical plan.

Re:Stored encrypted email...how exactly?

[nullchar]

Who cares about encrypted email when it all passes through (gets copied to) Utah as most MTAs don't use TLS by default. So your mail goes in or out in plaintext. Assuming both clients are end-to-end encrypted, emailing another user of the same ISP should be secure.

It's a good point about breaking IMAPS or other protocols that expect the contents to be unencrypted (at least in memory / ramdisk) on the server. They could provide a webmail client where local javascript performs the decryption with your private key. (Sorting and searching would still be a bitch unless like you suggested, they keep headers unencrypted.)

Sign Me Up!

[Githaron]

If it ever makes it to where I live, I will definitely be a customer.

Re:Sign Me Up!

totally agree, show me where to sign now!

Won't work

[pak9rabid]

The service will probably be ridiculously expensive to cover staff and equipment costs, not to mention the federal, state, and local governments are going to give him a rough time at any chance possible.....but I wish him luck regardless. I just hope this doesn't result in more draconian measures taken by Congress if it does happen to be a success.

Re:Won't work

[jampola]

"The service will probably be ridiculously expensive to cover staff and equipment costs" I highly doubt this, especially with so many people who would be inclined to offer their time and services free of charge.

Re:Won't work

[allo]

will it not even be cheaper NOT to log?

Spam

[erice]

So are they going to keep enough logging to track down spammers and other abusers on their network?

IANAL

[OliWarner]

You need legal advice. Talk to a lawyer.

But to try and stop this you could hamper your terms and conditions so that it has certain immutable clauses. Most services' T&Cs have a ambiguous little clause in them that essentially allows the owner to change any clause in the document without notification or permission. If you excluded certain clauses from this the people who bought the service from you would still have to follow those terms for them to be binding. That is to say they'd either not change them or if they did, they'd have to get people to re-agree to the new terms (allowing them to jump ship).

When you're selling the service, you're as much selling the userbase as the service itself. A user in sale terms is essentially this agreement with the user so that's why the terms matter so much. Much, much more than a promise between you and the buyer, pointedly because your users can see it! If they care, they'll be thankful for you taking this step.

Oh and you'll want to take into account how prospective buyers are going to view this hand-tying. It may lower the saleability of your product.

sign me

up, baby! i can now create my hate-speech, racist, white-power Internet system!

Fishy

[Hentes]

former NSA technical director Brian Snow

It's a trap!

Re:Fishy

[koan]

Someone mod this up, because any Admiral Ackbar reference gets at least one mod point.

This may be a bad thing

[koan]

We may wind up getting laws against encryption and obfuscation techniques (TOR, ETC) because of this, congress is nothing if not petulant.
Congress: "Oh that's how you want to play it?" *blam* new laws.

Re:This may be a bad thing

[NeverSuchBefore]

Maybe then people will wake up to how absurd the "nothing to hide, nothing to fear" attitude is when they learn just how important encryption can be.

Oh, who am I kidding?

Re:This may be a bad thing

[cpghost]

Banning encryption will make eavesdropping on your banking transactions so much easier for the common thief; it will make reading out secret data from stolen corporate notebooks so much easier without full hdd-encryption. It will open wireless networks to each and everybody. Congress, please show your incompetence once again, and make this country the laughing stock of the world... again (remember the laws banning exporting encryption software as it was considered ammunition, but allowing publishing of the encryption algorithm on a t-shirt because that was free speech?)

By the way, other countries used to have similar idiotic bans on encryption that made them silly in retrospect: remember France for their laws that made encryption the exclusive domain of the State and the State the sole authorized licensing authority for everything crypto-related? Yeah, let's go back in time and repeat the mistakes of the past.

When the laws change

[nurb432]

He will be obligated to comply with all the frivolous data requests, or he goes to prison.

Presumably even now, if a judge demands it, his choices are either comply or get jailed. The court takes a dim view on refusal of warrants.

Re:When the laws change

He can't give them information if he doesn't keep logs/constantly erases the logs.

Private sector as it should be

It may take years or decades but the private sector can fix itself in time. If this is needed and there's an audience such as the fortune 500-companies then by all means, go for it. Just don't try to push the feds to pass laws or illegally tap into people's privacy to please their "heavy investors". This is further proof that without government intervention, we can take care of ourselves.

Why do you need an ISP to do this?

First, the claim that they will be protected from govt. subpoena is an advertising thing. Don't believe it! If the govt. comes in with a warrant or subpoena, and they'll roll over like a good dog, or get raided and shut down. It's as simple as that. Unless they put their servers somewhere beyond the physical and legal reach of the govt. (good luck with that!) and manage to make it feasible for customers to access it, and do both these feats at the same time, their claim to protecting you is a joke, or a lie.

Also, furthermore, why would anyone need an ISP to do this? If you're trying to protect your privacy, just use DuckDuckGo (SSL) instead of Google, and that's a good start right there. THEN, if you're really paranoid, use HTTPS Everywhere, (make sure when you surf the net that you're always looking at an encrypted site,) and use TOR.

I don't worry about eavesdropping by govt. or others on my electronic communications because I fully expect it. If I ever had something I wanted to say to someone and didn't want ANYONE else to overhear, I simply wouldn't use electronic communications.

If I were REALLY paranoid, I would get to some place where no one else can see what's going on, inside a Faraday cage, with the person I want to communicate with, in a sound-proofed booth, completely naked to ensure neither of us is bugged, etc., and communicate by drawing the messages in a box of sand. No words. No trace of the messages left behind after. Actually, that might still not be enough, since your govt. might have the ability to see through walls, etc.

(Of course, I am at least a little paranoid, which is why I stopped using my slashdot account, (I do have one) but would rather post anonymously instead, even though I know it means most likely no one will read it, since it will be score 0 at best, and most people are surfing at like +2 or +3. Oh well.)

To ensure messages are absolutely private, a method of tactile communication would have to be developed, a form of sign-language, but one in which the people would communicate purely by touch, with their hands wrapped in something that has the same thermal signature as the hands inside...

I guess we've passed into the realm of the über-paranoid... sorry. I do that sometimes.

Re:Why do you need an ISP to do this?

[Ihmhi]

If I were REALLY paranoid, I would get to some place where no one else can see what's going on, inside a Faraday cage, with the person I want to communicate with, in a sound-proofed booth

Ooh, sounds good! Then maybe if the feds come after you, you can detonate pre-installed C4 and blow up the factory that was your hideout because Will Smith made a phone call. Then Will Smith says "AW HELL NAW" and shoots a dude with a shotgun, and you drive away over some train tracks.

Useless

[arobatino]

Nothing to stop the government from coercing them into violating their own promises and then giving them immunity for it.

Re:Useless

[cpghost]

That's quite true. The only real way to oppose coercion, is by ubiquitous technical means. I.e. by evolving a highly desired network layer on top of the existing one that can only be accessed with solid anonymizing protocols.

Imagine e.g. something like Freenet, but instead of the meager and low-quality mostly demo crap it currently contains, it would be filled with invaluable highly popular sites that everyone including all those politicians and their parents and kids, want and NEED to access on a regular basis. Think of Twitter, Facebook and Google going Freenet-only! Without going through Freenet, those sites would simply be invisible, and this, the general population won't tolerate for long. This is the only way to ensure enduring and unwavering political support and commitment for anonymization protocols on the net: make it required prerequisite on the technical level and have popular sites adopt and embrace it.

How do you deal with...

[phorwich]

A) The first web site that decides to block traffic from this site. I can almost see the msg, "You have tried to access this content from an anonymous internet address." Please resubmit your request from a trackable source." Or something. B) The fact that, being the first of its kind, this ISP is a pretty juicy target for those who oppose such activity. I suspect the only way to deal with A & B is that multiple such ISP would have to both form and sign-up subscribers en mass. Without such, both A & B seem like barriers to success.

I think you miss the point of privacy.

[dpqb]

It's something to be preserved for it's own sake. It a way, it enables freedom and preserves the sanctity of the individual.

"Most people more or less figure that if you have been researching poisons and your spouse dies from one that you probably did it and deserve what is coming"

What you're saying that it's ok to have no privacy because someone who is researching *blank* and *blank* happened. probably did *blank* ... it isn't even an argument.

Here the reason why: preemptive strike

Considering the people who are involved - this ISP's intention is to create environment where they can create new laws before other ISPs start doing that as alternative to Comcast/ATT/VZ/etc who agreed to spy on customers to the benefit or RIAA.

ISP that uses NAT?

[crow]

If the ISP uses NAT instead of real IP addresses for each customer, that would cover the vast majority of issues that currently impact customers. If IP addresses are shared, they can't trace back an IP address to a single account holder.

Short of that, you could set up a localized TOR network that only consists of local users on the same broadband connection, so that it has nearly the speed of a native connection while providing a good deal of privacy. If you had a broadband provider that included that by default in a provided router, that would be great.

Re:ISP that uses NAT?

[allo]

you won't need nat or stuff like tor.
just assign the customer one ip(i.e. from a private range), map it 1:1 to another ip(needs to be public) and it won't even break p2p (open ports, etc.), but if you do not log how you mapped the ips, any ip log of only private/only public ips is worthless.

Re:ISP that uses NAT?

[crow]

Yes, but that brings us right back to where we are today: your privacy is based on the ISP not logging something, and laws will probably be interpreted to require logging of exactly that.

Re:ISP that uses NAT?

[allo]

its always based on this. but TFA says, this ISP defines itself by avoiding to log the crucial stuff needed to associate an ip adress with a name. How they can do it, depends on the loopholes in surveilance laws.

Re:ISP that uses NAT?

That is NAT. Just a degenerate case of it.

Re:ISP that uses NAT?

[allo]

ts NAT but not PAT.

Already exists

There are numerous "anonymous" VPN services in existence today, which provide anonymity by scrubbing logs. I'm not sure what this ISP will provide that is substantially better than that.

CAN YOU SAY HONEYPOT?

Yes, come one, come all who hope to hide their activities, we won't divulge we are really an FBI Honeypot

Re:

He seems to be doing two things: 1) asking for too much money, 2) not pursuing a peer-to-peer solution that is ISP agnostic. The combination of these problems shows ignorance, and a lack of proper planning or thought. As other comments have mentioned, gathering people that care about privacy into a single honey pot, just makes it cheaper for anyone to get the honey. Especially, if it is subsidized by the naive.

Here is why it will never happen

[FlyingGuy]

It is a very simple explanation:

Peering

If he intends to seriously run everything encrypted no Tier 1 provider will peer with him, its that simple.

Even if they wanted to peer with him you can be damn sure the NSA,FBI,CIA and every other 3 letter acronym intelligence agency will have a quiet meeting with some CEO's and that will be the end of it because whether you like it or not there are some people and groups we need to keep tabs on and you really want your government to catch before they do something really nasty and NO this is not about torrents or PB or any other crap like that the CIA and the NSA could care less about.

Re:Here is why it will never happen

[cpghost]

... and NO this is not about torrents or PB or any other crap like that the CIA and the NSA could care less about.

This (naively) assumes the Government is working for the benefit of the People, and not for the Corporations. But is this assumption (still?) true in this day and age? And if it was, how long will it remain true in the foreseeable future?

Re:Here is why it will never happen

[GuB-42]

CIA and NSA probably don't care about torrents because catching casual file sharers is very easy. The real work is about what to do with them afterwards, not CIA or NSA's job.
There are many reasons for the NSA and CIA to wiretap communications, evil or not. Torrents are just not one of these.

Great idea but...

[tinfoiler]

everything in me screams honeypot....

Wisdom follows, pay attention!

> former NSA technical director Brian Snow

There is no such thing as a former NSA tech director. Secret agency oaths are valid until death and beyond, or as the russkies used to say, the only way out of GRU is through the chimney of the crematorium. If you served honourably, you will be incinerated after your days have passed, if not, while alive (Google for Oleg Penkovsky). It is too risky to bury a high ranking agent in a coffin, even if long retired.

Anyhow, that ex-NSA guy will be reporting every step of the super-whatnot-ISP to Uncle Sam and if requested, testify in court to have the ISP's investors sent to a long, federally sponsored vacation in Florence.

+1 Insightful.

TSIA...

To buy lunch?

[jaymemaurice]

If they do need such numbers for budget time, I have not checked out enough books to know that :(

CALEA

CALEA says ISPS must provide realtime taps into connections when requested. Once they get a single request that can't snoop everything they'll be paying 10,000 a day for non-compliance.

Good luck with that

Re:CALEA

[Marxist+Hacker+42]

When requested. What I'm saying is for everyday use, that is, joe conspiracy theorist who is looking into an ISP that is relatively private and safe, it turns out that the United States has no such law that prevents the ISP from just dumping logs into the null bin. Logs? We don't need no stinkin' logs.

It wont work and has little to no chance

[elucido]

Even if he builds this ISP it's very unlikely he will be able to build it in such a way that there is no FBI surveillance of the ISP itself or backdoors or moles etc. Basically there is nothing he can do if the FBI is determined to wiretap someone.

What this does is it makes it too expensive for the FBI to wiretap and monitor millions of people at a time. It does not prevent the FBI from wiretapping any specific person. If the FBI puts anyone under physical surveillance then none of that fancy encryption or privacy protecting ISP stuff is going to help.

 

If the ISP wont give, they'll just take it.

[elucido]

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

Its actually quite ingenious... He's going to create an ISP where it is much-more-difficult to compromise a users privacy. They're designing it from the ground up to be PATRIOT-Act proof because it will literally be impossible for them to give the feds the data they want. It is fewer fights, but may amount to one HUGE fight with the biggest gorilla on earth, the U.S. Justice Department.

It is not without precedent. After the PATRIOT Act made it legal to for the feds to confiscate book borrowing records from libraries without even a warrant, most libraries switched over to lending software that deleted all records once a book was returned. So, at worst, the feds could find out what a patron currently had checked out, but no borrowing history was available to anyone.

As far as I know, the DOJ hasn't tried, at least in court, to make a library use a less privacy-preserving system.

What everyone fails to consider is the feds can just take the data they want whether you legally give it to them or not. The feds have all the technological and physical means to take any information from any ISP or entity.

They can do it the legal way and have guys in suits and ties walk in with the Patriot Act or National Security letter or whatever and politely ask for it, or they can send some blackhats in to steal or hack the information. This ISP is simply going to make the feds rely more on extrajudicial means to get what they want.

Re:If the ISP wont give, they'll just take it.

[Karl+Cocknozzle]

What everyone fails to consider is the feds can just take the data they want whether you legally give it to them or not. The feds have all the technological and physical means to take any information from any ISP or entity.

Of course, they can only get that data via an ISP if it is transmitted across the Internet in the first place, and while they probably have the resources to pay somebody to break into just about anything, that's still a fruitless exercise if the lending records are anonymized the moment the books get returned. Likely their network admins have considered the "backup hole" and have already dealt with it, since IT people at libraries have librarians for bosses who understand the issues in play, even if some IT folks don't.

And it can't work without millions of users

[elucido]

This sort of ISP is useless if only thousands of well known geeks use it. Basically the sort of people likely to use it are the sort of people the NSA and FBI already have under surveillance.

What if it's already a CIA/FBI/NSA front co?

[1800maxim]

Of course, it would be far more elegant if the three letter agencies are behind this company in the first place. No need for any accidents, and you get users' trust.

I'm not suggesting that's the case, just a "what if"...

I would expect non-trivial amounts of people

[gwolf]

No, of course, not the majority of people will be interested in this. But I know many non-techy people interested in keeping their data as secure and un-snooped as possible. What mechanisms do they have? Well, to prefer encrypted channels, to avoid storing any meaningful data on well-known big-brand providers as Google, Yahoo and the such. My friends are somewhat naÃve, I know â" But, using Tor for accessing some sensitive information (even with its limitations), handling their mail at a more "trustable" (for some definition of trust) organization such as Riseup, and having an introductory working knowledge of GPG... Shows their concern. Maybe not a concern deep enough to learn how to self-host, and maybe some of their attempts only get halfway there.
If such an ISP were to open in my country, I am sure many people would use it. In the USA, I know many privacy-minded people. Lets see what impact they manage to achieve - But many people will be happy to pay, if only, for the principle that they are doing the Right Thing. Think about it, that's the reason many of us (with our time) to learn and produce Free Software.