Slashdot Mirror
Will ISPs Be Driven To Spy On Their Customers?
bs0d3 writes "In regards to the new 'voluntary' graduated response deal (where no one really knows how ISPs will track and accuse customers of copyright infringement), according to CNN, it may be the ISP directly spying on their customers. 'But now that they're free from individual blame, there's also the strong possibility that the ISPs will be doing the data monitoring directly. That's a much bigger deal. So instead of reaching out to the Internet to track down illegally flowing bits of their movies, the studios will sit back while ISP's "sniff" the packets of data coming to and from their customers' computers.' This could be a problem for people who use U.S.-based internet services. If the U.S. wants to be an internet savvy country, they still need the competition in the marketplace that's always been missing, and a digital bill of rights that isn't a sneaky anti-piracy measure."
yes
You can't handle the truth.
Computers are fast enough... there's barely any CPU overhead anymore.
"a digital bill of rights that isn't a sneaky anti-piracy measure."
Dream on.
I regularly dream of leaving this industry because of nonsense like this.
I had a sucky sig.
Freenet will get more users!
Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?
On port 82, too! Hopefully you'll get some comments over there...
Do you have ESP?
more like anti-privacy
This is the most blatantly sensationalist piece of shit article I've seen in recent memory. The time article they source pretty much explains it all:
An Internet user downloading media illegally gets flagged by the copyright holder
Implying that nothing is changing, the media companies will continue outsourcing the scraping of public bittorrent swarms and notify ISP's that one of their IP's was sharing x content at y time and ISP's will send a letter based on who was addressed that IP at the time informing you why it's wrong.
The only thing that might change is that they'll probably give your information to the MAFIAA after you've "shared" their content more than six times, or something else. More likely however, is that this won't happen at all because of sensationalist articles posted by incompetent journalists that can't even get the facts straight. So maybe it's worth thanking Douglas, but he still sucks at his job.
That only works when you have more than one to choose from. Where I am at you have the cable monopoly and AT&T who couldn't even keep dial-tone service working 3 days in a row let alone dsl (which caps out at 128 up 768 down!).
Mycroft
https://signup.leagueoflegends.com/?ref=4c3ed6600b6ea
I can understand why the RIAA and MPAA would be interested in this happening, by why would an ISP want to do this? The act of monitoring the activity of their customers requires a lot of dedication to packet capturing and inspection which would cost a lot of money. From a business standpoint, embarking on this conquest to monitor every single customer is a bad idea because no revenue will be generated by doing this. The only reason I can think of for ISP's to do this is that they are being paid to do so by the RIAA and MPAA, that is the only way they would spend money on this program when it does not generate more revenue from their customers. So what is happening here is two big industries are paying members of another industry to violate the privacy of their customers for financial gain. I wonder where we will see this next if this succeeds. Perhaps the porn industry will pay ISP's to track their customers porn habits so that they can effectively market to those individuals. There is a wide variety of possibilities so long as they isn't illegal. You could argue that pirating is illegal and that is why this differs from other situations, but who the hell made the RIAA and MPAA into legal institutions? They aren't getting court orders to have ISP's snoop on customers, there is no court system here.
Fact:
First, there is no law requiring any action on the part of any ISP.
Disclosure: I participate in running an ISP, but not one of the ones involved in this.
Fact:
Some large national carriers have agreed to do some things. "Agreed" and "partnership" have no legal meaning. "An agreement is yet to be signed." is in the OP's link and that gives us an idea that in the future there MAY be an agreement. For now, should it happen, it's voluntary.
Fact:
No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA.
Opinion:
It would be counter to the AOL decision (Zeran v AOL) that an ISP is responsible for either monitoring content, taking action based on content, or being liable for content or failing to take action based on content. That's a fourth-circuit decision that makes it likely that any ISP that doesn't want to join the "partnership" with the MPAA/RIAA can easily not opt-in to their program. Note that I didn't say "opt-out" because that would beg the question of whether there's a requirement to join.
Looking forward, I can guess that our "friends" in the MPAA/RIAA will continue their program to CHANGE THE LAW through spending lots of money, lobbying, using the influence of former senator Dodd, etc. If they can get the law to require ISPs to do so, and thereby trump the 4th circuit's AOL decision, then there will be a concern.
However, as Sonic.net's CEO Dane Jasper said ISPs should keep as little logs as possible, preferably under two weeks. That would make it difficult unless they are doing real-time DPI, analysis, investigation, and sending out C&D letters for any of this to have meaning.
While the resources necessary for ISPs to provide access under CALEA are minimal ("Here's your Ethernet port, have a nice day, Feds") the requirement to do DPI for hundreds of gigabits-per-second of data is beyond onerous -- if even achievable. Consider -- it's not just that an ISP has to monitor their "upstream" pipes, but also customer-to-customer. The amount of bandwidth inside each ISP's core is immense.
Sorry to be long-winded, but having read the other responses, I see a lot of D&G and nay-saying. I agree that the landscape is pretty harsh, and the earth is getting scorched. I see hope because I see that we have defeated SOPA, PIPA, ACTA, (and yes I know the TPP is still alive) and we can likely continue to teach our congressional non-representatives that when the majority of the country doesn't want something ... it's likely not something they should support in our name.
Ehud
That is all well, but the US is not a free market when it comes to ISPs because the government gave out massive amounts of moneys to large corporations to "modernize" the US which means that in many areas there are only 1 or 2 ISPs, both megacorporations and no other ISP can compete with them either by law or because they already had such a large competitive advantage by having all the infrastructure basically paid for by theft (taxes). We need to not make this mistake again and cut off all taxpayer support to ISPs and other private companies in order to allow the free market to work, otherwise you have a mess like we have today.
Taxation is legalized theft, no more, no less.
The UK is leading the charge once again in destroying freedom and democracy http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data , with their plan to install "black boxes" in all internet providers.. it's for your protection you see, so many nasty terrorists out there http://www.dailymail.co.uk/news/article-2134333/Why-allowed-spy-Facebook-Twitter-Whitehall-intelligence-chief.html If you don't allow your internet connection to be spied up, you'll be killed....do you want that? http://www.dailymail.co.uk/news/article-2159041/Snoopers-Charter-matter-life-death-says-Met-Police-chief-Home-Secretary-unveils-plans-monitor-website-use.html
The UK already said they will allow access to the information to the USA and to Brussles (EU). Think of all the other crooks, I mean corporations that could do with this information. See, now YOU have to PAY the corporations to prove you're innocent...... http://www.bbc.co.uk/news/technology-18594105
Take Nobody's Word For It.
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them. If they decide to increase the price of stamps to $15 a piece, they can do that and there's not much that anyone can do about it since it is illegal to deliver mail except by the USPS.
In fact, a guy named Lysander Spooner made a competitor to the US post office called the American Letter Mail Company, it did everything better than the USPS, faster delivery, cheaper rates, less waste, etc. but it was shut down because of the monopoly that the USPS has.
ISPs are not the same. While arguably many have monopoly status due to the fact that the government gave them massive amounts of money to "modernize" the US, there is nothing preventing me from starting a better, more privacy friendly ISP aside from the startup costs.
Taxation is legalized theft, no more, no less.
Big startup costs. Unlike in Europe where our regulators can to some extent compel it, no existing ISP is going to let you use their cables - so you'd have to get roads dug up and cable laid. After which you are left competing with an incumbant, so you're already at a disadvantage: Switching ISPs is a hastle, and people already on the established provider will need a very compelling reason. You are free to start up your own ISP - but only a fool would invest in it.
They depend on external monitoring companies, which in turn are hired by the copyright holders.
1. Copyright holder hires investigator company.
2. Investigator company finds some infringers (Easily done)
3. Investigator company contacts infringer's ISP on copyright holder's behalf.
4. ISP looks through their logs to see who had the specified IP at the specified time.
5. Strike.
The CNN link is an opinion piece where the author dreams up a scenario of ISP content inspection not supported by any external evidence.
I can sit on my lazy ass all day and dream shit up too. This does not mean I should be expected to be taken seriously.
Where is the actual evidence this is being implemented or even seriously contemplated by any stakeholder?
In the interim I'm just going to sit back and wait for the lawsuits to start flying against ISPs for cutting off their paying customers without due process.
The other is the back-doors on every incoming hub http://www.cablemap.info/
I have plenty of choices. Let's see... Comcast, Comcast, and Comcast! Oh, and Comcast, too! Unfortunately, AT&T isn't in the area yet, but there are still plenty of choices!
Filthy, filthy copyrapists!
Has everybody somehow forgotten the ruling of several years ago? Comcast was forced by the government to stop its deep packet inspection that it used for throttling traffic.
If it goes that route again, it's just going to get slapped down again.
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them.
Are you forgetting about UPS, FedEx, DHL, and within large cities, numerous small courier services?
If you build it, nerds will come. Soylentnews.org
That just gets passed along to the consumer.
---- Booth was a patriot ----
Which amounts to allowing a third party to interfere in my private contract, without my consent... which is very much against the most basic contract law.
Here's some research from the USPS Wikipedia Article:
"The USPS has exclusive access to letter boxes marked "U.S. Mail" and personal letterboxes in the United States, but still competes against private package delivery services, such as UPS and FedEx."
"Due to the postal monopoly, they are not allowed to deliver non-urgent letters and may not directly ship to U.S. Mail boxes at residential and commercial destinations. However both companies have transit agreements with the USPS in which an item can be dropped off with either FedEx or UPS who will then provide shipment up to the destination post office serving the intended recipient where it will be transferred for delivery to the U.S. Mail destination, including Post Office Box destinations."
"Many of the thousands of courier companies focus on same-day delivery, for example, by bicycle messenger."
However, there is an issue here:
"... there is nothing preventing me from starting a better, more privacy friendly ISP aside from the startup costs."
Yes, there is. In my town, the City Council is required every year to evaluate and vote on service providers. And every year, so far, they have voted to NOT allow competition in the cable business, because (so they say) of problems with overhead cabling (telephone poles, etc.).
Clearly their reasoning is bullshit, and they are just engaging in Crony Capitalism (which is not real capitalism at all). Nevertheless, so far they have managed to get away with it, and the only alternatives to the one cable company are DSL, which is inferior, and satellite, which has high latency.
As a result, in this community we CAN get good cable service, but it probably costs about 3 times what it should. Bandwidth has been getting ever cheaper for the ISPs, but they have been steadily increasing their prices. There is no correlation between their cost, and their prices.
CALEA applies to Internet communication.
Pen/Trace - asking for email headers and IP headers but not content.
Full detail - asking for actual dump of bidirectional communication from a specific IP address or address-range.
See ISPs can be requested to forward all traffic...
or a company that helps ISPs comply...
or this has been a law since 2007...
To find these things check out this link.
Fact: I appreciate your copying my style. However, when doing so, please ensure that after the word "Fact:" comes a fact.
Ehud
The difference is the USPS is a government sponsored monopoly where legally you cannot compete with them.
The U.S. mail box is protected.
It was one way our town was able to fight back against the distribution of poison pen letters and cobbled together tabloid news sheets by a corrupt and vicious faction that taken control of our local school board ---
a faction too clever to be caught paying postage, but not quite clever enough to avoid being spotted on the road.
For a courier service, cherry-picking the big metro markets has always been easy and profitable. Universal postal service --- affordable flat rate delivery anywhere in the fifty states and territories --- is a very different beast.
This so off-topic as to be absurd.
Jane Q Public: You wrote "Fact: CALEA applies only to telephony; to date, it does not apply to the internet at all. "
Note: You didn't say "content" but later you clarified you meant it in context to imply content.
That's fine. Now go back and read my response where I pointed out that Federal agencies HAVE and DO request
[with court orders] pen/trace on email headers and IP packets.
I also appreciate that you labeled the three links I gave and a google search result (which has many more)
as "liberal University[sic] professors and journalists" but your ad-hominem attack only detracts from any claim you might have.
I know the EFF is wonderful, and I support them financially and use their 4th am. packing tape to seal my packages.
Unfortunately your lack of knowledge and insisitence that the EFF is the only source of knowledge despite "liberal
University[sic] professors and jounralists] is of no positive value in this discussion.
Finally, having personally been presented these court orders (and no, these were not National Security Letters;
these were plain old "Tap this, send us this" orders) by US three-letter agencies, I know it to be fact.
Stick to the facts, maam*.
E
* The real facts, not opinion, not ad-hominem attacks, not straw-man arguments, not anything.
My goal was to prevent disinformation -- THE EXACT THING YOU ARE NOW DOING. Stop it please and go time out.
Comment removed based on user account deletion
To those who think that it's not all that bad and it's just voluntary, etc. etc.: this is a sliding scale. This is how it starts. Just sending a few notices to naughty customers. It will end in full-blown surveillance: deep packet inspection and anything that smells like encryption to other-than-whitelisted-approved-sites will be dropped.
When the copyright term is "forever minus a day", live every day like it's the last.
So as long as they're not tampering with US Government property (mailboxes) you are allowed to run a competing mail services. The government went through the trouble of setting up and paying for all those mailboxes with taxes, so the government mail system gets exclusive use of them. Seems fair to me.
If you build it, nerds will come. Soylentnews.org
At that point they'd have to start doing inspection to make sure all 80 traffic looks like http. That would even get somewhat more complicated if the SSL port were used. Its game over once people implement local stub DNS resolvers that actually call a web service somewhere over https to do queries.cong ty dich vu bao ve hanh tinh cung cap dich vu bao ve chuyen nghiep, Cong ty bao ve dia diem ngan hang, cong trinh, co quan, van phong, biet thu, nha rieng, van chuyen tien, tai san, tu diem ca nhac, giai tri
We need an official Tor discussion forum.
I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:
** HackBB:
http://www.tinyurl.com/hackbbonion
** Onion Forum 2.0
http://www.tinyurl.com/onionforum2
Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead you to .onion sites.
I know the Tor developers can do better, but how many years are we to wait?
Caution: some topics may be disturbing. You should be eighteen years or older. I recommend you disable images in your browser when viewing these two forums[1] and only enabling them if you are posting a message, but still be careful! Disable javascript and cookies, too.
If you prefer to visit the hidden services directly, bypassing the tinyurl service:
HackBB: (directly)
http://clsvtzwzdgzkjda7.onion/
Onion Forum 2.0: (directly)
http://65bgvta7yos3sce5.onion/
The tinyurl links are provided as a simple means of memorizing the hidden services via a link shortening service (tinyurl.com).
[1]: Because any content can be posted! Think 4chan, for example. onionforum2 doesn't appear to be heavily moderated so be aware and take precautions.
* https://www.eff.org/pages/switzerland-network-testing-tool
* https://www.eff.org/testyourisp
Switzerland Network Testing Tool
"Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press, and EFF, Comcast would still be stone-walling about their now-infamous BitTorrent blocking efforts.
Developed by the Electronic Frontier Foundation, Switzerland is an open source software tool for testing the integrity of data communications over networks, ISPs and firewalls. It will spot IP packets which are forged or modified between clients, inform you, and give you copies of the modified packets.
You can download the latest release of Switzerland here. Before you run Switzerland, be sure to check out the notes about privacy, security, and firewalls. Switzerland is currently in alpha release as a command line tool. In other words, right now it is aimed at relatively sophisticated users. However, because it's an open source effort, we anticipate making it easier to use over time (please please please let us know by email, by IRC, or by filing bugsif you're running the client but it isn't working for you â" we've seen some clients reconnecting in cycles that makes us think there's a bug we should fix!).
Switzerland is designed to detect the modification or injection of packets of data traveling over IP networks, including those introduced by anti-P2P tools from Sandvine (widely believed to be used by Comcast to interfere with BitTorrent uploads) and AudibleMagic, advertising injection systems like FairEagle, censorship systems like the Great Firewall of China, and other systems that we don't know about yet.
The software uses a semi-P2P, server-and-many-clients architecture. Whenever the clients send packets to each other, the server will attempt to determine if any of them were dropped, forged, or modified (if you're interested in how it does that, you can read the design document here â" we'll try to continually revise that document so that it accurately describes the code, though inevitably it may lag a little behind). Switzerland is a much more sophisticated successor to the pcapdiff software that we released last year. It automates many of the things that had to be done by hand with the earlier code.
One advantage this architecture has over other network testing toolsis that it can spot arbitrary kinds of packet modifications in any protocol â" it doesn't assume that the interference comes in the form of TCP reset packets or web page modifications, and it isn't limited to BitTorrent or any other specific application. In the future we expect it to offer a good platform for collecting statistics on bandwidth, bidirectional latency, jitter and other traffic performance characteristics that might be signs of prioritization of some applications over others.
How do I run tests with Switzerland?
There are a few different ways to run tests with Switzerland. Any packets exchanged between Switzerland clients connected to the same server will be tested automatically. The question is, how do you find other clients and talk to them using the protocols you want to test? For now, the easiest way to set up tests is to co-ordinate them through this wiki page.
If you want to test whether BitTorrent downloads are working correctly, go to that page and find some torrents that others are seeding from test machines. If you want to test if your ISP is interfering with BitTorrent seeding, you can post a link to a torrent file on the wiki, seed that torrent while running a Switzerland client and other people can find it on the wiki and try
"That's quite true. However, your traffic is STILL going through your ISP. There literally isn't any way around that."
Tor, or:
DNSCrypt
"In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesnâ(TM)t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone donâ(TM)t work in the security world, however, so weâ(TM)ve opened up the source to our DNSCrypt code base and itâ(TM)s available on GitHub"
https://www.opendns.com/technology/dnscrypt/
- Download the right package for your Linux distribution:
https://blog.opendns.com/2012/02/16/tales-from-the-dnscrypt-linux-rising/
https://github.com/opendns/dnscrypt-proxy/blob/master/README.markdown
https://github.com/opendns
https://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://techcrunch.com/2011/12/05/dnscrypt-encrypts-your-dns-traffic-because-theres-always-someone-out-to-get-you/
http://www.h-online.com/security/news/item/DNSCrypt-a-tool-to-encrypt-all-DNS-traffic-1392283.html
http://blog.opendns.com/2012/02/06/dnscrypt-hackers-wanted/
https://www.linuxquestions.org/questions/debian-26/dnscrypt-930439/
But seriously, I think you mean "even more than they are currently FORCED to do?" ISPs are currently forced by law in many countries to keep certain records of their clients and to monitor certain content. This is only going to increase, not decrease. And in the US there is the "Patriot Act" which says "All your base is belong to us." So what was the question again?
"Ehhhhhh... (sound of an obnoxious buzzer)"
When you make fun of my name, you drop yourself even lower than ad-hominem attacks.
Please take your spewage elsewhere. This thread doesn't need more of your misinformation,
and your attacks on my name are at best below the belt.
Best regards,
Ehud (sound of someone who has no tolerance for idiots)
I'm behind 7 proxies...and several VPN's.
Deep packet inspection is already happening in the UK. Don't believe me? Try a telnet to port 80 on a webserver you control from a domestic UK internet connection. Then enter 'HTTP \nHOST piratebay.org\n' Your connection gets hijacked at that point and the server sees a faked reset from your IP.
Don't have a webserver? Try any website instead but if you use your own you can tcpdump both sides of the connection to see the hijacking happening.
Between this, email and telephone snooping, stop and search without the suspicion of wrongdoing, and indefinite house arrest without trail the UK has already become a fascist prison.
I would love to see simple fluorescent fliers start to show up in everyone's cable bills:
Your bill has increased by $xx due to purchasing infrastructure required for the government monitoring of all your online activities and communications. Have a nice day.
I wonder how this would fit in with corporate customers of the participating ISPs and the loss of business hours that could occur, since even if nobody is falsely accused by mistake, a lot of these copyright issues are subjective and are subject to the judicial system.
Could the participating ISPs be held liable if a company's business is disrupted through no fault of their own (or if the company has a case and is willing to take the issue to court)?