Slashdot Mirror
Activist Starts a Campaign To Buy and Publish Browsing Histories of Politicians Who Passed Anti-Privacy Law (searchinternethistory.com)
On Tuesday, Congress sent proposed legislation to President Trump that wipes away landmark online privacy protections. In a party-line vote, House Republicans freed Internet service providers such as AT&T, Verizon, and Comcast of protections approved just last year that had sought to limit what companies could do with information such as customer browsing habits, app usage history, location data and Social Security numbers. Now call it a poetic justice, online privacy activist Adam McElhaney has launched an initiative called Search Internet History, with an objective of raising funds to buy browsing history of each politician and official who voted in favor of S.J.Res 34. On the site, he has also put up a poll asking people whose internet history they would like to see first.
Update: The campaign, which was seeking $10,000, has already raised over $55,000.
Update: The campaign, which was seeking $10,000, has already raised over $55,000.
Why should Google have all the fun?
Please make sure to purchase , but not publicize their children's information also. .... How this is legal is beyond me....
Every politician, all the time, with the results updated in real time. This is the only way the rest of us will ever see our privacy respected.
https://www.gofundme.com/buycongressdata
It should be clear by now that fake facts are just as good as real facts, maybe better if they support xenophobic nationalism.
God damn politicians need a taste of their own medicine.
Many ultra-conservative, bible preaching Congress members found to frequently visit porn sites most likely LGBT ones.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Is about to find out just how limiting the ability to get information is even if they pay for it. Even in industries where there's no data protection laws why would an ISP sell this?
A baker sells a variety of bread to suit tastes, they don't sell you a specific bread made from your own recipe, and they don't sell you their recipes or equipment either.
Back when the UK passed the Snoopers Charter (the one that lets everyone and their dog access your full internet history), those clever politicians made just one important exemption - they themselves wouldn't be subject to the law.
http://www.independent.co.uk/l...
I'd be surprised if the US hasn't done the same thing, but then the UK *is* a world leader in surveillance of their own citizens.
Just because a company CAN sell something does not mean they will.
I think it will be pretty interesting to see what they can actually end up buying.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Great idea. If the ISPs refuse to sell the information for some half-assed reason then there'll be fireworks.
One: Companies CAN sell your data. They're not mandated to do so... and they'd be stupid to screw those who can control them with legislation.
Two: If they're stupid enough, or you get the data through a middleman, they will simply find a law to charge you with for doing it. And if they can't do that, they'll draft such a law THEN charge you.
Best case, one or two of them is mildly embarrassed before you have a new home with very secure doors and windows.
I know this law has been passed but surely the law doesn't let them sell personally indentifiable information like names, SSNs, and addresses? Does it?
Too bad https://www.searchinternethist... is currently showing nothing more than SHTML Wrapper - 500 Server Error
Might makes right irrelevant.
and Social Security numbers
How do ISPs have those?
In the wake of the Kelo vs. City of New London case, where the Supreme Court ruled 5-4 that municipalities can forcibly buy out your land under eminent domain just to do a redevelopment of some kind, some guy went public that he wanted to buy out Justice David Souter's house and raze it and build a bed and breakfast on it. I was greatly pleased with this idea as I'm still pretty angry about the verdict, but this just ended up being 100% talk and nothing even came close to being done. No development was ever actually done on the land acquired. It's currently a vacant lot. So you can thank the Supreme Court for the idea that if anybody in your local government has a grievance against you, they can get a bogus developer to come up with a phony plan to redevelop your land, force you to sell it to them, tear down your house and then do absolutely nothing with the property and it's all 100% legal.
To be honest with you, I would expect the Congresscritters involved to complain a lot about this plan and wouldn't be surprised if they pass legislation to make it illegal to harvest their data and only theirs. But most voters don't care about anything but whether there is an R or a D by a candidate's name and I wouldn't expect any browsing revelations to matter in the next election, nor would Congress even protecting themselves from such matter. If the past election taught us anything, it's that for 80% or more of the voters, no matter what they say, they really don't care about anything except party affiliation of the candidates.
Just because a company CAN sell something does not mean they will.
I think it will be pretty interesting to see what they can actually end up buying.
One thing that got lost in all the wailing and moaning is that protecting privacy is the purview of the FTC, not the FCC.
The law got axed because it was a standout overreach of a specific government agency, only affected a certain segment, and was done badly.
What *should* have happened is the FTC should pass a low saying that *every* corporation has to protect customer privacy.
Everyone got so distracted with "muh rites!" and completely lost track of whether it was a good law or not.
"The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to governments." -- Bruce Schneier
Proud neuron in the Slashdot hivemind since 2002.
This is a cute idea, but I don't think much will come of it. ISPs won't be selling individual browsing histories- despite whatever changes to the laws happen, the liability would be staggering and most buyers would be looking for data in a bulk, automated way that scales. As an advertiser, one individual's complete browsing history is completely useless to me; there's no market for that data that ISN'T to publicly shame people or otherwise spy on people. While I suppose private investigators and law enforcement might be a niche market for this sort of thing, I just don't it happening in a significant way.
What you'd actually be buying are audience segments against IP addresses and possibly device IDs, which could then in turn be matched up to other data sets. Ie, if I'm Coscto, I might be trying to identify "Devices that have recently shopped at Walmart.com". Once I have that, I might be able to match some percentage (maybe 10-40%) of those devices to some other kind of data set (for example, to add demographic data). That's just two data points- not nearly enough to identify anyone- and I've already likely narrowed my starting set of devices down to 10-20% of what the ISP provided me.
It IS possible to ultimately drill down into this kind of data far enough that you can be pretty sure you've found the history for an individual person- in theory anyway. But the amount of time/effort/luck involved to get there makes this impractical to do at scale (i.e., for all the Congress-critters) or to keep up to date manually as cookies expire/are deleted, IP addresses change, people upgrade their phones every 1-2 years... it takes full time teams of people to do this at a very basic level.
Plus there's the whole "That wasn't me, damn neighbors stealing my wifi" defense for anything nefarious.
Source: I work in programmatic audience targeting for a Fortune 100. (I promise we're not evil, we just want to sell you stuff you might actually want)
Google
Giving up the web? Because if you hit a site using Google Analytics, or a site clamoring for any of the many, many resources Google hosts, you're tracked. Sure, you could blacklist Google outright. Good luck with half the web being broken.
You can't from your ISP.
VPN. Conversely, that'd also protect you reasonably from Google. Either way, it's a fucktarded solution to bad legislation that was pushed because Big Tech lined Democrats' pockets slightly more than Big Comcast.
According to the bill, selling of search history requires "explicit user opt-in". I am not sure how providers will obfuscate the "opt-in" checkbox for the rest of us, but for members of congress that "opt in" will not be granted - I can assure you of that. So, nothing to buy.
When ISP's start selling customer browsing history to advertisers, i think they would give the advertising company a weird look if they asked "give us the browsing history of these 400 people"
More likely they would need an agent to purchase browsing history of 'IP addresses in Washington D.C' and then the browsing data would (god i hope) be anonymized, requiring forensic analysis to determine which browsing history belonged to a sentaor/house member. I don't know if you could easily match a particular senator with a particular record of browsing history. You could easily say '20% of congressmen searched for 'teen porn' it the last month' i don't know if you would be able to say 'these particular senators browsed for teen porn'
It's wishful thinking and pathetic to hope that we'll catch them going to porn sites. Sure there's guys like Anthony Weiner, but the fact is that almost all these guys know better than to do anything like that on the Internet, and they're not that interested in porn anyway because they're grownups and have better things to do with their time.
I still think exposure maybe will work.
One way these things are done is that you go after the family, friends, and business associates of the politician.
When Congressman Bob is on the board of directors of Acme Corp, and the browsing history of everyone else on the board gets published as "Congressman Bob's associates at Acme Corp was looking at from his home computer for 3 hours last Tuesday. Also, here's the bank sites and online stock brokerage that they been accessing, and these two have treasury direct accounts.
Bob is going to get a phone call to fix this, and it'll be coming from the people he really wants to please.
Do you remember a time before when medical records were considered private, and the law punished anyone sharing your record?
I do. No one in government ever gave a shit about the we peons' medical records privacy.
That whole privacy thing came about in the late 1960's when a candidate got the idea that during an election you could expose your opponents medical record and let the world know that Congressman Bob had gotten a prescription for valium, and thus was mentally unstable. Also, Congressman Bob had a heart bypass operation and was likely to die at any moment, and in any case certainly didn't have the stamina to serve as congressman. Then many others started doing started doing it until the plug was pulled by the newly discovered need for privacy, by Congress.
If I were an ISP, I would maintain a VIP list and cull those records from anything I sell, so you would never see anyone in higher levels of government, big-name entertainers and so on. I might even offer it as a paid service to opt-out for some extra gravy.
You can easily protect data with encryption. It's harder to protect meta data. For example: with proper encryption we may never know what Devin Nunes was actually watching on pornhub. To actually hide that Devin Nunes was on pornhub requires something like TOR or a VPN.
the browsing history for Mitch McConnell and Paul Ryan first. Let's see if they're actually working or fucking off. I think they're fucking off.
This was NOT a party line vote. The following Republicans voted NO and should be congratulated for standing with the People, not the ISP $$$.
If five more Republicans had switched to a NO vote, the resolution would NOT HAVE PASSED!
A thank you phone call to their offices today will be noted and WILL make a difference in future efforts to enact comprehensive privacy legislation.
Brooks, Mo AL 5th
McClintock, Tom CA 4th
Coffman, Mike CO 6th
Yoder, Kevin KS 3rd
Graves, Garret LA 6th
Amash, Justin MI 3rd
Zeldin, Lee NY 1st
Faso, John NY 19th
Stefanik, Elise NY 21st
Jones, Walter NC 3rd
Davidson, Warren OH 8th
Sanford, Mark SC 1st
Duncan, John TN 2nd
Herrera Beutler, Jaime WA 3rd
Reichert, David WA 8th
https://www.govtrack.us/congress/votes/115-2017/h202
FACTS MATTER
Correction: Use a VPN regardless.
VPNs are a lot more sensitive to bad press, because they can be tossed and another one picked up pretty easily. ISPs, you likely have the telco or cable, and that's it. VPNs also offer much better privacy guarantees.
Plus, VPNs also protect against a lot of attacks, from FireSheep-like spoofing of HTTP headers to adding additional HTTP headers for identifying reasons into every handshake, which two ISPs did a few years ago so sites could ID even "anonymous" users. It also locks out people trying to attack via spoofed Wi-Fi networks as well.
Who's browser history would I want to see up for sale? Adam McElhaney's, of course.
Good, inexpensive web hosting
Others have already suggested why this might not work, but if government perceives even the slightest possibility that their browsing histories might become public, they will just add an amendment to the bill making it illegal for THEIR data to be sold.
privacy is for the ruling class. I can guarantee there's exception processing in place for anyone who makes over a certain amount of money. They have personal assistants who make more than you and will see to it.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Out them all.
Everywhere.
No privacy for us == No privacy for you.
-- Tigger warning: This post may contain tiggers! --
We'll know exactly what Nunes was watching on Pornhub because it uses HTTP GET instead of POST. Having unique URLs for content and having people visit them is important for searchability and SEO, so the porn industry probably can't afford to give up its URLs and GET in favor of some more secretive AJAX method or Fetch. As long as sites want to present themselves well to web spiders, they'll use insecure methods of navigation for real customers.
As for your VPN, you only trust that they're not logging you. In point of fact, beyond all their promises, they have just as much ability to log your traffic as does your ISP.
There is no safe way to indulge in thoughtcrime online. Keep your thoughts inside your head, and keep your internet browsing clean: abstinence is the only way never to get caught.
CAPTCHA: blacked. Not even kidding.
Still protects the content. So even if they are able to discern who you were talking to they won't be able to discern what was said.
Minimum threshold fixed. Thanks!
If you're an ISP, you just won't sell this information to a buyer (even if they were to sell individual browsing history, which is totally unlikely given it's relative lack of utility to advertisers) to accomplish two things:
1) you're a well behaved ISP
2) not make an enemy of the lawmakers
Any attempt at buying lawmakers browsing histories is only going to reinforce the argument of the ISP industry that they behave sans regulation when they politely decline to do so.
"Old man yells at systemd"
Please also see https://www.gofundme.com/buyco...
Please don't dominate the rap, Jack, if you got nothin' new to say.
Random people can't buy the information, and trusted companies can only buy it in bulk,
and it's going to cost a lot more money than this guy could ever raise, anyway.
And even if all that weren't the case: the expose web site would be shut down as an
allegedly illegal operation, probably the operators arrested, and of course civil actions.
What will be necessary to make the point is for some Verizon employee to be compromised,
or their data center to be compromised, and the information to be leaked.
Then some group can do the de-anonymization work (or if somehow raw data were
available, the data integration work).
Then it can be published irrevocably on Wikileaks.
To be effective, it should include ALL of the lawmakers, not just the ones who voted wrong,
and also everyone in the White House, and the entire FCC board.
Not just the obvious wrongdoers.
Imagine you're an ISP who paid your congressperson to vote for this law. Someone wants to use your freshly-purchased law to embarrass you and your law vendor.
If I were in that position, I would tell Search Internet History, "Sorry, we don't sell that." (At first, and then when I later got caught selling it to others, it'd become a more combative "Sorry, we don't sell that to you.")
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
...I've ever considered using Tor. Thank you Republicans for giving us reasons to obfuscate our online behavior. The FBI and CIA will love what you'd done.
Seriously, we need to get the address, family info , and SSN as well.
That will make these GOP rethink what they are doing.
And if at all possible, lets find out what businesses these GOP own and interact with. It could an interesting source of money for them.
I prefer the "u" in honour as it seems to be missing these days.
This is the rep that is pushing this; Marsha Blackburn.
And here is the Senator pushing this;
Anybody who is represented by these ppl should let them know that the internet is waiting to know all about them AND THEIR FAMILY, including kids and grandkids.
I prefer the "u" in honour as it seems to be missing these days.
Starting now...
Don't just stand there, get that other dog!
I should be able to safely hide behind a screen name without my ISP guessing things about my life.
Well it looks like you're in luck. They won't have to guess, they can rummage through everything you do online.
If you ever find a bottle with a genie in it, do yourself a favor, put it back and run away. ;-)
https://www.opensecrets.org/in... (Hint for liberals - look for the "blue").
"I say we take off, nuke the site from orbit. It's the only way to be sure."
which is also going to be unregulated. We elected a president and congress who's stated goal is to eliminate regulations. Why is anyone surprised?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Purchase the activists' histories and publish theirs, even if it requires digging deeper.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
The 9th Circuit Court of Appeals ruled in AT&T v. FTC that the FTC has no authority over common carriers. This FCC rule that Republicans got rid of filled the gap from that court decision.
So instead of going to the supreme court to fix yet another boneheaded decision from the 9th, someone decided to plaster over the bad mistake with an FCC ruling.
Which as it turns out is like patching holes in a roof with cotton candy - one wisp of rain and the protection is gone.
If someone wanted real protection why not try and pass a real law to do so, instead of jiggering the FCC to patch something wrong?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Since it was all Republicans that voted YES on the bill, their browsing history is just bum fight videos, cuck porn (gay cuck porn for the Freedom Caucus) and the Daily Stormer.
You are welcome on my lawn.
...somebody REALLY doesn't like that idea.
When the king heard the words of the Book of the Law he tore his robes.2Kings22:11
In an article posted by the Verge today, the members of Congress who voted to Shred the ISP Privacy Rules are listed, by name, along with information of how much they received in donations from the telecom industry and employees of those corporations.
Remember... Congress didn't need to do this. Newly-promoted FCC chairman Ajit Pai was going to gut the FCC rule behind Internet privacy all by himself. But with this move, the members of Congress named in this list took the extra step under the authority of the Congressional Review Act to expressly cause the privacy rules to "have no force or effect" and prohibit the FCC from issuing similar regulations in the future .
They might say that this move was just a legal technicality... that the real power for privacy should properly rest with the FTC. Bullshit. The resolution they passed eliminates the FCC's privacy rules without any immediate action to return jurisdiction to the FTC, which is prohibited from regulating common carriers such as ISPs and phone companies.
All that's left to happen is for Trump to sign it, and then, that's that. Out of the frying pan, into the fire.
Take it easy, Charlie, I've got an Angle...
http://resistancereport.com/ne...
Architectural plans are like computer source code with a couple of differences: You only compile once.
One thing that no one seems to be talking about with this law is that yes it allows companies to sell your browser history and no even allow an opt-out; but the biggest is it takes away the legal responsibility of the companies to report breaches. The restrictions before forced the companies to report breaches because they exposed private customer data; but now they don't have any of the same protections so they do not have to report breaches. Do you really think any of these companies are going to willingly report new breaches? Take all the publicity flak and condemnation for a breaches willingly? No way, they will sit on any breaches and just deal with each affected customer one by one; and no one will know if the breach exposed 1 customer or 10million.
I wonder if my requests and the packets coming to me are protected under copyright law.
I love it...the congresscritters voted to support this bill so they could continue to collect campaign donations from ISPs. Clearly, they did not realize that THEIR browsing histories could be collected, and sold.
Imagine what the infamous Anthony Weiner would reveal.
But, my question is: can browsing history be captured if they us a VPN?