Slashdot Mirror
Will ISPs Be Driven To Spy On Their Customers?
bs0d3 writes "In regards to the new 'voluntary' graduated response deal (where no one really knows how ISPs will track and accuse customers of copyright infringement), according to CNN, it may be the ISP directly spying on their customers. 'But now that they're free from individual blame, there's also the strong possibility that the ISPs will be doing the data monitoring directly. That's a much bigger deal. So instead of reaching out to the Internet to track down illegally flowing bits of their movies, the studios will sit back while ISP's "sniff" the packets of data coming to and from their customers' computers.' This could be a problem for people who use U.S.-based internet services. If the U.S. wants to be an internet savvy country, they still need the competition in the marketplace that's always been missing, and a digital bill of rights that isn't a sneaky anti-piracy measure."
yes
You can't handle the truth.
Computers are fast enough... there's barely any CPU overhead anymore.
"a digital bill of rights that isn't a sneaky anti-piracy measure."
Dream on.
I regularly dream of leaving this industry because of nonsense like this.
I had a sucky sig.
Freenet will get more users!
Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?
On port 82, too! Hopefully you'll get some comments over there...
Do you have ESP?
Anybody who understands the issues and has any kind of forum has a responsibility to use that forum. Expose ISPs that behave unacceptably. Let informed customers leave the ones that deserve to be left and go to the ones that want money and are willing to act accordingly.
more like anti-privacy
This is the most blatantly sensationalist piece of shit article I've seen in recent memory. The time article they source pretty much explains it all:
An Internet user downloading media illegally gets flagged by the copyright holder
Implying that nothing is changing, the media companies will continue outsourcing the scraping of public bittorrent swarms and notify ISP's that one of their IP's was sharing x content at y time and ISP's will send a letter based on who was addressed that IP at the time informing you why it's wrong.
The only thing that might change is that they'll probably give your information to the MAFIAA after you've "shared" their content more than six times, or something else. More likely however, is that this won't happen at all because of sensationalist articles posted by incompetent journalists that can't even get the facts straight. So maybe it's worth thanking Douglas, but he still sucks at his job.
ISPs don't need to be driven anywhere !! ISPs are alreay there, doing it NOW !! TWC ?? YES !! ALl Your Bases Are Belong To TWC !!
I can understand why the RIAA and MPAA would be interested in this happening, by why would an ISP want to do this? The act of monitoring the activity of their customers requires a lot of dedication to packet capturing and inspection which would cost a lot of money. From a business standpoint, embarking on this conquest to monitor every single customer is a bad idea because no revenue will be generated by doing this. The only reason I can think of for ISP's to do this is that they are being paid to do so by the RIAA and MPAA, that is the only way they would spend money on this program when it does not generate more revenue from their customers. So what is happening here is two big industries are paying members of another industry to violate the privacy of their customers for financial gain. I wonder where we will see this next if this succeeds. Perhaps the porn industry will pay ISP's to track their customers porn habits so that they can effectively market to those individuals. There is a wide variety of possibilities so long as they isn't illegal. You could argue that pirating is illegal and that is why this differs from other situations, but who the hell made the RIAA and MPAA into legal institutions? They aren't getting court orders to have ISP's snoop on customers, there is no court system here.
Fact:
First, there is no law requiring any action on the part of any ISP.
Disclosure: I participate in running an ISP, but not one of the ones involved in this.
Fact:
Some large national carriers have agreed to do some things. "Agreed" and "partnership" have no legal meaning. "An agreement is yet to be signed." is in the OP's link and that gives us an idea that in the future there MAY be an agreement. For now, should it happen, it's voluntary.
Fact:
No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA.
Opinion:
It would be counter to the AOL decision (Zeran v AOL) that an ISP is responsible for either monitoring content, taking action based on content, or being liable for content or failing to take action based on content. That's a fourth-circuit decision that makes it likely that any ISP that doesn't want to join the "partnership" with the MPAA/RIAA can easily not opt-in to their program. Note that I didn't say "opt-out" because that would beg the question of whether there's a requirement to join.
Looking forward, I can guess that our "friends" in the MPAA/RIAA will continue their program to CHANGE THE LAW through spending lots of money, lobbying, using the influence of former senator Dodd, etc. If they can get the law to require ISPs to do so, and thereby trump the 4th circuit's AOL decision, then there will be a concern.
However, as Sonic.net's CEO Dane Jasper said ISPs should keep as little logs as possible, preferably under two weeks. That would make it difficult unless they are doing real-time DPI, analysis, investigation, and sending out C&D letters for any of this to have meaning.
While the resources necessary for ISPs to provide access under CALEA are minimal ("Here's your Ethernet port, have a nice day, Feds") the requirement to do DPI for hundreds of gigabits-per-second of data is beyond onerous -- if even achievable. Consider -- it's not just that an ISP has to monitor their "upstream" pipes, but also customer-to-customer. The amount of bandwidth inside each ISP's core is immense.
Sorry to be long-winded, but having read the other responses, I see a lot of D&G and nay-saying. I agree that the landscape is pretty harsh, and the earth is getting scorched. I see hope because I see that we have defeated SOPA, PIPA, ACTA, (and yes I know the TPP is still alive) and we can likely continue to teach our congressional non-representatives that when the majority of the country doesn't want something ... it's likely not something they should support in our name.
Ehud
That is all well, but the US is not a free market when it comes to ISPs because the government gave out massive amounts of moneys to large corporations to "modernize" the US which means that in many areas there are only 1 or 2 ISPs, both megacorporations and no other ISP can compete with them either by law or because they already had such a large competitive advantage by having all the infrastructure basically paid for by theft (taxes). We need to not make this mistake again and cut off all taxpayer support to ISPs and other private companies in order to allow the free market to work, otherwise you have a mess like we have today.
Taxation is legalized theft, no more, no less.
The UK is leading the charge once again in destroying freedom and democracy http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data , with their plan to install "black boxes" in all internet providers.. it's for your protection you see, so many nasty terrorists out there http://www.dailymail.co.uk/news/article-2134333/Why-allowed-spy-Facebook-Twitter-Whitehall-intelligence-chief.html If you don't allow your internet connection to be spied up, you'll be killed....do you want that? http://www.dailymail.co.uk/news/article-2159041/Snoopers-Charter-matter-life-death-says-Met-Police-chief-Home-Secretary-unveils-plans-monitor-website-use.html
The UK already said they will allow access to the information to the USA and to Brussles (EU). Think of all the other crooks, I mean corporations that could do with this information. See, now YOU have to PAY the corporations to prove you're innocent...... http://www.bbc.co.uk/news/technology-18594105
Take Nobody's Word For It.
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them. If they decide to increase the price of stamps to $15 a piece, they can do that and there's not much that anyone can do about it since it is illegal to deliver mail except by the USPS.
In fact, a guy named Lysander Spooner made a competitor to the US post office called the American Letter Mail Company, it did everything better than the USPS, faster delivery, cheaper rates, less waste, etc. but it was shut down because of the monopoly that the USPS has.
ISPs are not the same. While arguably many have monopoly status due to the fact that the government gave them massive amounts of money to "modernize" the US, there is nothing preventing me from starting a better, more privacy friendly ISP aside from the startup costs.
Taxation is legalized theft, no more, no less.
What is this future tense bullshit? They already do. If they didn't spy on you, how would they know what you were browsing/downloading to issue the 'strikes' now available to them?
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
Big startup costs. Unlike in Europe where our regulators can to some extent compel it, no existing ISP is going to let you use their cables - so you'd have to get roads dug up and cable laid. After which you are left competing with an incumbant, so you're already at a disadvantage: Switching ISPs is a hastle, and people already on the established provider will need a very compelling reason. You are free to start up your own ISP - but only a fool would invest in it.
The CNN link is an opinion piece where the author dreams up a scenario of ISP content inspection not supported by any external evidence.
I can sit on my lazy ass all day and dream shit up too. This does not mean I should be expected to be taken seriously.
Where is the actual evidence this is being implemented or even seriously contemplated by any stakeholder?
In the interim I'm just going to sit back and wait for the lawsuits to start flying against ISPs for cutting off their paying customers without due process.
The other is the back-doors on every incoming hub http://www.cablemap.info/
Has everybody somehow forgotten the ruling of several years ago? Comcast was forced by the government to stop its deep packet inspection that it used for throttling traffic.
If it goes that route again, it's just going to get slapped down again.
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them.
Are you forgetting about UPS, FedEx, DHL, and within large cities, numerous small courier services?
If you build it, nerds will come. Soylentnews.org
That just gets passed along to the consumer.
---- Booth was a patriot ----
Here's some research from the USPS Wikipedia Article:
"The USPS has exclusive access to letter boxes marked "U.S. Mail" and personal letterboxes in the United States, but still competes against private package delivery services, such as UPS and FedEx."
"Due to the postal monopoly, they are not allowed to deliver non-urgent letters and may not directly ship to U.S. Mail boxes at residential and commercial destinations. However both companies have transit agreements with the USPS in which an item can be dropped off with either FedEx or UPS who will then provide shipment up to the destination post office serving the intended recipient where it will be transferred for delivery to the U.S. Mail destination, including Post Office Box destinations."
"Many of the thousands of courier companies focus on same-day delivery, for example, by bicycle messenger."
However, there is an issue here:
"... there is nothing preventing me from starting a better, more privacy friendly ISP aside from the startup costs."
Yes, there is. In my town, the City Council is required every year to evaluate and vote on service providers. And every year, so far, they have voted to NOT allow competition in the cable business, because (so they say) of problems with overhead cabling (telephone poles, etc.).
Clearly their reasoning is bullshit, and they are just engaging in Crony Capitalism (which is not real capitalism at all). Nevertheless, so far they have managed to get away with it, and the only alternatives to the one cable company are DSL, which is inferior, and satellite, which has high latency.
As a result, in this community we CAN get good cable service, but it probably costs about 3 times what it should. Bandwidth has been getting ever cheaper for the ISPs, but they have been steadily increasing their prices. There is no correlation between their cost, and their prices.
CALEA applies to Internet communication.
Pen/Trace - asking for email headers and IP headers but not content.
Full detail - asking for actual dump of bidirectional communication from a specific IP address or address-range.
See ISPs can be requested to forward all traffic...
or a company that helps ISPs comply...
or this has been a law since 2007...
To find these things check out this link.
Fact: I appreciate your copying my style. However, when doing so, please ensure that after the word "Fact:" comes a fact.
Ehud
The RIAA & MPAA use offshore accounts to avoid paying taxes in time of war.
The RIAA & MPAA use some of the same banks that drug dealers, terrorists and Mitt Romney uses.
They have been found guilty of bribing police in the US and Sweden. They have also been exposed for improper payments to congressmen and judges (unrealistic advances on meritless songs, books and scripts).
The people that run them should be proscribed as threats to national security.
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them.
The U.S. mail box is protected.
It was one way our town was able to fight back against the distribution of poison pen letters and cobbled together tabloid news sheets by a corrupt and vicious faction that taken control of our local school board ---
a faction too clever to be caught paying postage, but not quite clever enough to avoid being spotted on the road.
For a courier service, cherry-picking the big metro markets has always been easy and profitable. Universal postal service --- affordable flat rate delivery anywhere in the fifty states and territories --- is a very different beast.
So I got modded down - whoosh!
This so off-topic as to be absurd.
Jane Q Public: You wrote "Fact: CALEA applies only to telephony; to date, it does not apply to the internet at all. "
Note: You didn't say "content" but later you clarified you meant it in context to imply content.
That's fine. Now go back and read my response where I pointed out that Federal agencies HAVE and DO request
[with court orders] pen/trace on email headers and IP packets.
I also appreciate that you labeled the three links I gave and a google search result (which has many more)
as "liberal University[sic] professors and journalists" but your ad-hominem attack only detracts from any claim you might have.
I know the EFF is wonderful, and I support them financially and use their 4th am. packing tape to seal my packages.
Unfortunately your lack of knowledge and insisitence that the EFF is the only source of knowledge despite "liberal
University[sic] professors and jounralists] is of no positive value in this discussion.
Finally, having personally been presented these court orders (and no, these were not National Security Letters;
these were plain old "Tap this, send us this" orders) by US three-letter agencies, I know it to be fact.
Stick to the facts, maam*.
E
* The real facts, not opinion, not ad-hominem attacks, not straw-man arguments, not anything.
My goal was to prevent disinformation -- THE EXACT THING YOU ARE NOW DOING. Stop it please and go time out.
Comment removed based on user account deletion
To those who think that it's not all that bad and it's just voluntary, etc. etc.: this is a sliding scale. This is how it starts. Just sending a few notices to naughty customers. It will end in full-blown surveillance: deep packet inspection and anything that smells like encryption to other-than-whitelisted-approved-sites will be dropped.
When the copyright term is "forever minus a day", live every day like it's the last.
The ISPers are already creating databases on each user in order to cash-in when the US Federal Government wants detailed information.
Thank the line of Presidents of the USA (starting with Nixon and ending with Obama, mostly Obama by the way) for that bit of naughty-naughty.
Strange that Nixon and Obama are ... Book Ends!
LoL
So as long as they're not tampering with US Government property (mailboxes) you are allowed to run a competing mail services. The government went through the trouble of setting up and paying for all those mailboxes with taxes, so the government mail system gets exclusive use of them. Seems fair to me.
If you build it, nerds will come. Soylentnews.org
posting AC for obvious reasons...
The privacy/security environment is getting more complex every day. What's a person who is not at the cutting edge of computer privacy.security technology supposed to do if he/she wants to (while located in the USA):
search the Web anonymously;
send/receive email anonymously;
post a comment to a discussion anonymously?
I get the feeling that it's no longer possible to do these things unless you have pretty much full time to devote to the effort. I can't be the only one in the world who wants a measure of privacy that governments and corporations are increasingly unwilling to tolerate. It isn't that I'm not smart - I solve very complex engineering and scientific problems for a living, I follow infosec discussions and sites to the extent that my life and duties permit, but I no longer feel I understand, nor as a practical matter, *can* understand the details and complexities of staying in the dark while continuing to seek information.
And it has made a difference in what I look for on the Web - I no longer search on topics that have extreme political valence here in the US, because I don't trust my ISP or search engine not to dump my search history to HSA or NSA or other such agencies that have the power to put me on a no-fly list, imprison me without a warrant, etc. This makes me less informed, and a poorer citizen and asset to my nation.
So what's available to those of us who want a modicum of privacy because we want to learn about the world without gratuitous retribution? Tor? Truecrypt? Anon proxies? Or is it just hopeless, Citizen?
At that point they'd have to start doing inspection to make sure all 80 traffic looks like http. That would even get somewhat more complicated if the SSL port were used. Its game over once people implement local stub DNS resolvers that actually call a web service somewhere over https to do queries.cong ty dich vu bao ve hanh tinh cung cap dich vu bao ve chuyen nghiep, Cong ty bao ve dia diem ngan hang, cong trinh, co quan, van phong, biet thu, nha rieng, van chuyen tien, tai san, tu diem ca nhac, giai tri
We need an official Tor discussion forum.
I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion
** Onion Forum 2.0
http://www.tinyurl.com/onionforum2
Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/
Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/
The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.
* https://www.eff.org/pages/switzerland-network-testing-tool
* https://www.eff.org/testyourisp
Switzerland Network Testing Tool
"Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.
Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.
You can download the latest release of Switzerland here. Before you run Switzerland, be sure to check out the notes about privacy, security, and firewalls. Switzerland is currently in alpha release as a command line tool. In other words, right now it is aimed at relatively sophisticated users. However, because it's an open source effort, we anticipate making it easier to use over time (please please please let us know by email, by IRC, or by filing bugsif you're running the client but it isn't working for you â" we've seen some clients reconnecting in cycles that makes us think there's a bug we should fix!).
Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.
The software uses a semi-P2P, server-and-many-clients architecture. Whenever the clients send packets to each other, the server will attempt to determine if any of them were dropped, forged, or modified (if you're interested in how it does that, you can read the design document here â" we'll try to continually revise that document so that it accurately describes the code, though inevitably it may lag a little behind). Switzerland is a much more sophisticated successor to the pcapdiff software that we released last year. It automates many of the things that had to be done by hand with the earlier code.
One advantage this architecture has over other network testing toolsis that it can spot arbitrary kinds of packet modifications in any protocol â" it doesn't assume that the interference comes in the form of TCP reset packets or web page modifications, and it isn't limited to BitTorrent or any other specific application. In the future we expect it to offer a good platform for collecting statistics on bandwidth, bidirectional latency, jitter and other traffic performance characteristics that might be signs of prioritization of some applications over others.
How do I run tests with Switzerland?
There are a few different ways to run tests with Switzerland. Any packets exchanged between Switzerland clients connected to the same server will be tested automatically. The question is, how do you find other clients and talk to them using the protocols you want to test? For now, the easiest way to set up tests is to co-ordinate them through this wiki page.
If you want to test whether BitTorrent downloads are working correctly, go to that page and find some torrents that others are seeding from test machines. If you want to test if your ISP is interfering with BitTorrent seeding, you can post a link to a torrent file on the wiki, seed that torrent while running a Switzerland client and other people can find it on the wiki and try
"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."
Tor, or:
DNSCrypt
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/
https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/
But seriously, I think you mean "even more than they are currently FORCED to do?" ISPs are currently forced by law in many countries to keep certain records of their clients and to monitor certain content. This is only going to increase, not decrease. And in the US there is the "Patriot Act" which says "All your base is belong to us." So what was the question again?
"Ehhhhhh... (sound of an obnoxious buzzer)"
When you make fun of my name, you drop yourself even lower than ad-hominem attacks.
Please take your spewage elsewhere. This thread doesn't need more of your misinformation,
and your attacks on my name are at best below the belt.
Best regards,
Ehud (sound of someone who has no tolerance for idiots)
Yeah, driven is a nice euphemism for *forced*, *threaten*, *put in a cage* or *killed* if they do not obey.
We all knew it would come to this.
I'm behind 7 proxies...and several VPN's.
Will?
As in the future tense?
Ummmm.....
Deep packet inspection is already happening in the UK. Don't believe me? Try a telnet to port 80 on a webserver you control from a domestic UK internet connection. Then enter 'HTTP \nHOST piratebay.org\n' Your connection gets hijacked at that point and the server sees a faked reset from your IP.
Don't have a webserver? Try any website instead but if you use your own you can tcpdump both sides of the connection to see the hijacking happening.
Between this, email and telephone snooping, stop and search without the suspicion of wrongdoing, and indefinite house arrest without trail the UK has already become a fascist prison.
I would love to see simple fluorescent fliers start to show up in everyone's cable bills:
Your bill has increased by $xx due to purchasing infrastructure required for the government monitoring of all your online activities and communications. Have a nice day.
The government went through the trouble of setting up and paying for all those mailboxes with taxes, so the government mail system gets exclusive use of them.
I bought my mailbox at Home Depot and set it up myself--poorly. Did the government subsidize the price or something?
reasonable expectation of privacy, etc.
CALEA should have been the handwriting on the wall for ISP's. "Oh, that only applies to telcos; yes, we'll register with the Copyright Office in order to call ourselves ISPs and get liability waived.
If they didn't fear getting sued into oblivion for customers' packets, why are they going along with all the lawful access and RIAA/MPAA self-policing crap?
What's going to happen when AT&T or Verizon or Comcast gets sued because John Doe called up Jane Don't, made death threats, etc? You can't have it both ways.
More philsophically, the contradictions here result directly from the service consumption model which seems the only thing the government and Wall Street can or will grok, due to the delusional zero-risk, no-liability, monopoly model of commerce and world domination they favor, wherein they get to have their cake and eat it too, at everyone else's expense, when in reality, everyone who owns a machine with a TCP/IP stack is an ISP and a network operator, whether anyone likes it or not. All so concerned about monetization, but could care less if you don't have a cent. Fuck 'em all, I say.
Excuse me for giving a shit. No, ask me if I give a shit. Talk about your bastard operator from hell.
Anybody else getting anxious calls about DNSchanger today? You know, the crap you dealt with eons ago, and you know your user's machines are clean? But no, the Fibbies are talking it up, so you have to feign concern and make a totally unnecessary effort to look diligent and reassuring. Christ.
I wonder how this would fit in with corporate customers of the participating ISPs and the loss of business hours that could occur, since even if nobody is falsely accused by mistake, a lot of these copyright issues are subjective and are subject to the judicial system.
Could the participating ISPs be held liable if a company's business is disrupted through no fault of their own (or if the company has a case and is willing to take the issue to court)?
Well there is this, story carried by slashdot: https://www.nytimes.com/2012/07/09/us/cell-carriers-see-uptick-in-requests-to-aid-surveillance.html?_r=2&pagewanted=all and this in Australia: http://www.itnews.com.au/News/308218,govt-mulls-cloud-social-intercepts.aspx And recently Telstra was caught channeling all of their traffic via a US organisation for "checking", apparently to provide a service in the future where users can purchase the option to have their internet access filtered for nasties. Via the US.... where everything is legally able to be seized, requested, call it what you want, under the Patriot Act. I'm just saying...