Slashdot Mirror
Activist Starts a Campaign To Buy and Publish Browsing Histories of Politicians Who Passed Anti-Privacy Law (searchinternethistory.com)
On Tuesday, Congress sent proposed legislation to President Trump that wipes away landmark online privacy protections. In a party-line vote, House Republicans freed Internet service providers such as AT&T, Verizon, and Comcast of protections approved just last year that had sought to limit what companies could do with information such as customer browsing habits, app usage history, location data and Social Security numbers. Now call it a poetic justice, online privacy activist Adam McElhaney has launched an initiative called Search Internet History, with an objective of raising funds to buy browsing history of each politician and official who voted in favor of S.J.Res 34. On the site, he has also put up a poll asking people whose internet history they would like to see first.
Update: The campaign, which was seeking $10,000, has already raised over $55,000.
Update: The campaign, which was seeking $10,000, has already raised over $55,000.
Please make sure to purchase , but not publicize their children's information also. .... How this is legal is beyond me....
Every politician, all the time, with the results updated in real time. This is the only way the rest of us will ever see our privacy respected.
https://www.gofundme.com/buycongressdata
It should be clear by now that fake facts are just as good as real facts, maybe better if they support xenophobic nationalism.
God damn politicians need a taste of their own medicine.
Many ultra-conservative, bible preaching Congress members found to frequently visit porn sites most likely LGBT ones.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Is about to find out just how limiting the ability to get information is even if they pay for it. Even in industries where there's no data protection laws why would an ISP sell this?
A baker sells a variety of bread to suit tastes, they don't sell you a specific bread made from your own recipe, and they don't sell you their recipes or equipment either.
Back when the UK passed the Snoopers Charter (the one that lets everyone and their dog access your full internet history), those clever politicians made just one important exemption - they themselves wouldn't be subject to the law.
http://www.independent.co.uk/l...
I'd be surprised if the US hasn't done the same thing, but then the UK *is* a world leader in surveillance of their own citizens.
Just because a company CAN sell something does not mean they will.
I think it will be pretty interesting to see what they can actually end up buying.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Great idea. If the ISPs refuse to sell the information for some half-assed reason then there'll be fireworks.
Spotted the big telecom shill. But true, Google shouldn't have all the fun. So two options: strengthen the FTC's privacy regs, or gut the FCC's. Wouldn't the former be better than the latter?
In the wake of the Kelo vs. City of New London case, where the Supreme Court ruled 5-4 that municipalities can forcibly buy out your land under eminent domain just to do a redevelopment of some kind, some guy went public that he wanted to buy out Justice David Souter's house and raze it and build a bed and breakfast on it. I was greatly pleased with this idea as I'm still pretty angry about the verdict, but this just ended up being 100% talk and nothing even came close to being done. No development was ever actually done on the land acquired. It's currently a vacant lot. So you can thank the Supreme Court for the idea that if anybody in your local government has a grievance against you, they can get a bogus developer to come up with a phony plan to redevelop your land, force you to sell it to them, tear down your house and then do absolutely nothing with the property and it's all 100% legal.
To be honest with you, I would expect the Congresscritters involved to complain a lot about this plan and wouldn't be surprised if they pass legislation to make it illegal to harvest their data and only theirs. But most voters don't care about anything but whether there is an R or a D by a candidate's name and I wouldn't expect any browsing revelations to matter in the next election, nor would Congress even protecting themselves from such matter. If the past election taught us anything, it's that for 80% or more of the voters, no matter what they say, they really don't care about anything except party affiliation of the candidates.
Just because a company CAN sell something does not mean they will.
I think it will be pretty interesting to see what they can actually end up buying.
One thing that got lost in all the wailing and moaning is that protecting privacy is the purview of the FTC, not the FCC.
The law got axed because it was a standout overreach of a specific government agency, only affected a certain segment, and was done badly.
What *should* have happened is the FTC should pass a low saying that *every* corporation has to protect customer privacy.
Everyone got so distracted with "muh rites!" and completely lost track of whether it was a good law or not.
"The lesson here is that it is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics. Encryption is too important to be left solely to governments." -- Bruce Schneier
Proud neuron in the Slashdot hivemind since 2002.
That's what they say, but it's misguided..you can block data from Google or Facebook. You can't from your ISP.
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
First, just drafting a law doesn't make it law -- they would have to pass the law through the usual channels.
Second, the US Constitution prohibits Congress from passing ex post facto laws (Article I, Section 9: "No Bill of Attainder or ex post facto Law shall be passed.") and States from passing ex post facto laws (Article I, Section 10: "No State shall [...] pass any Bill of Attainder, ex post facto Law [...]).
Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading
This is a cute idea, but I don't think much will come of it. ISPs won't be selling individual browsing histories- despite whatever changes to the laws happen, the liability would be staggering and most buyers would be looking for data in a bulk, automated way that scales. As an advertiser, one individual's complete browsing history is completely useless to me; there's no market for that data that ISN'T to publicly shame people or otherwise spy on people. While I suppose private investigators and law enforcement might be a niche market for this sort of thing, I just don't it happening in a significant way.
What you'd actually be buying are audience segments against IP addresses and possibly device IDs, which could then in turn be matched up to other data sets. Ie, if I'm Coscto, I might be trying to identify "Devices that have recently shopped at Walmart.com". Once I have that, I might be able to match some percentage (maybe 10-40%) of those devices to some other kind of data set (for example, to add demographic data). That's just two data points- not nearly enough to identify anyone- and I've already likely narrowed my starting set of devices down to 10-20% of what the ISP provided me.
It IS possible to ultimately drill down into this kind of data far enough that you can be pretty sure you've found the history for an individual person- in theory anyway. But the amount of time/effort/luck involved to get there makes this impractical to do at scale (i.e., for all the Congress-critters) or to keep up to date manually as cookies expire/are deleted, IP addresses change, people upgrade their phones every 1-2 years... it takes full time teams of people to do this at a very basic level.
Plus there's the whole "That wasn't me, damn neighbors stealing my wifi" defense for anything nefarious.
Source: I work in programmatic audience targeting for a Fortune 100. (I promise we're not evil, we just want to sell you stuff you might actually want)
I block Google Analytics and most all other google pieces, without any problems. The only ones I generally have to let in is the occasional google api bits....but for the most part you can block most all Google bits and the sites will work just fine.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
It's wishful thinking and pathetic to hope that we'll catch them going to porn sites. Sure there's guys like Anthony Weiner, but the fact is that almost all these guys know better than to do anything like that on the Internet, and they're not that interested in porn anyway because they're grownups and have better things to do with their time.
I still think exposure maybe will work.
One way these things are done is that you go after the family, friends, and business associates of the politician.
When Congressman Bob is on the board of directors of Acme Corp, and the browsing history of everyone else on the board gets published as "Congressman Bob's associates at Acme Corp was looking at from his home computer for 3 hours last Tuesday. Also, here's the bank sites and online stock brokerage that they been accessing, and these two have treasury direct accounts.
Bob is going to get a phone call to fix this, and it'll be coming from the people he really wants to please.
Do you remember a time before when medical records were considered private, and the law punished anyone sharing your record?
I do. No one in government ever gave a shit about the we peons' medical records privacy.
That whole privacy thing came about in the late 1960's when a candidate got the idea that during an election you could expose your opponents medical record and let the world know that Congressman Bob had gotten a prescription for valium, and thus was mentally unstable. Also, Congressman Bob had a heart bypass operation and was likely to die at any moment, and in any case certainly didn't have the stamina to serve as congressman. Then many others started doing started doing it until the plug was pulled by the newly discovered need for privacy, by Congress.
If I were an ISP, I would maintain a VIP list and cull those records from anything I sell, so you would never see anyone in higher levels of government, big-name entertainers and so on. I might even offer it as a paid service to opt-out for some extra gravy.
You can easily protect data with encryption. It's harder to protect meta data. For example: with proper encryption we may never know what Devin Nunes was actually watching on pornhub. To actually hide that Devin Nunes was on pornhub requires something like TOR or a VPN.
the browsing history for Mitch McConnell and Paul Ryan first. Let's see if they're actually working or fucking off. I think they're fucking off.
This was NOT a party line vote. The following Republicans voted NO and should be congratulated for standing with the People, not the ISP $$$.
If five more Republicans had switched to a NO vote, the resolution would NOT HAVE PASSED!
A thank you phone call to their offices today will be noted and WILL make a difference in future efforts to enact comprehensive privacy legislation.
Brooks, Mo AL 5th
McClintock, Tom CA 4th
Coffman, Mike CO 6th
Yoder, Kevin KS 3rd
Graves, Garret LA 6th
Amash, Justin MI 3rd
Zeldin, Lee NY 1st
Faso, John NY 19th
Stefanik, Elise NY 21st
Jones, Walter NC 3rd
Davidson, Warren OH 8th
Sanford, Mark SC 1st
Duncan, John TN 2nd
Herrera Beutler, Jaime WA 3rd
Reichert, David WA 8th
https://www.govtrack.us/congress/votes/115-2017/h202
FACTS MATTER
Correction: Use a VPN regardless.
VPNs are a lot more sensitive to bad press, because they can be tossed and another one picked up pretty easily. ISPs, you likely have the telco or cable, and that's it. VPNs also offer much better privacy guarantees.
Plus, VPNs also protect against a lot of attacks, from FireSheep-like spoofing of HTTP headers to adding additional HTTP headers for identifying reasons into every handshake, which two ISPs did a few years ago so sites could ID even "anonymous" users. It also locks out people trying to attack via spoofed Wi-Fi networks as well.
Others have already suggested why this might not work, but if government perceives even the slightest possibility that their browsing histories might become public, they will just add an amendment to the bill making it illegal for THEIR data to be sold.
You can, though the result gives the ISP profile of you making a buttload of connections to a private VPN... and nothing else.
Quo usque tandem abutere, Nimbus, patientia nostra?
A 5$ one-time reduction on their bill for checking the opt-in of this fabulous promotion !!!
Umm... the "explicit user opt-in" was what was just KILLED by Congress.
From ArsTechnica:
The rules issued by the FCC last year would have required home Internet and mobile broadband providers to get consumers' opt-in consent before selling or sharing Web browsing history, app usage history, and other private information with advertisers and other companies. But lawmakers used their authority under the Congressional Review Act (CRA) to pass a joint resolution ensuring that the rules "shall have no force or effect" and that the FCC cannot issue similar regulations in the future.
Republicans argue that the Federal Trade Commission should regulate ISPs' privacy practices instead of the FCC. But the resolution passed today eliminates the FCC's privacy rules without any immediate action to return jurisdiction to the FTC, which is prohibited from regulating common carriers such as ISPs and phone companies.
If Trump signs the resolution to eliminate privacy rules, ISPs won't have to seek customer approval before sharing their browsing histories and other private information with advertisers.
Take it easy, Charlie, I've got an Angle...
I choose whether or not I give Google certain information. Google may be able to deduce personal details about my life. But my ISP should not be able to. I should be able to safely hide behind a screen name without my ISP guessing things about my life.
I'll see your senator, and I'll raise you two judges.
That's exactly what they can sell.
During the debate Nancy Pelosi actually put up a sign with a few things this bill allows selling:
"Republicans want this information to be sold without your permission"
Financial information includes your name, address, SSN, and phone number. This will also be attached to your browsing history and other data. A lot of ISPs and mobile providers require SSN when you sign up, they claim so that they can run a credit check. Now, it's also so that they can sell it.
It also sounds like they can also sell the contents of voice calls and SMS too if they want.
Using encryption doesn't really protect you either.
1) It doesn't prevent metadata.
2) Some carriers plan on using spyware on your cell phones so that they even have access to encrypted data. This would also prevent VPNs from being of any use.
A Democrat (I forget who) before this was passed even read about Verizon's patent for a cable box with thermographic camera, microphone, and motion sensor. It includes a "cuddle detector" so that it can show ads for condoms when it detects people "cuddling" in front of the TV.
Microsoft applied for a patent for cable box and console technology that will detect how many people are in the room and allow copyright owners to block content if too many people are in the room. For example, if you buy a PPV fight and invite too many people over it will refuse to play.
Comcast applied for a patent for a cable box which detects who is in a room and personalizes ads based on the person or people in the room.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.
You can't from your ISP.
VPN. Conversely, that'd also protect you reasonably from Google.
But then the VPN admins have access to all your browsing..
Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
The API bits can be mostly replaced with local versions by installing Decentraleyes.
For the rest, Smart Referer lets you block tracking that doesn't include explicit tokens. And Request Policy axes crap that you don't need with a default-deny.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
But then the admins of the second VPN have access to all your browsing...
> I'm still waiting on someone to tell my why I should care about someone purchasing my browsing history.
Yes, you're so very open with everyone that you post as Anonymous Coward instead of even a pseudonym. Your super openness doesn't merely not track back to your real name, it doesn't even track back to a fake name.
AC claiming privacy doesn't matter. Sheesh.
Yup, VPNs limit the ability of the ISP to know where you are going... instead you instead give implicit permission to the VPN provider to know where you go.
How does that improve things any?
Help Brendan pay off his student loans
...I've ever considered using Tor. Thank you Republicans for giving us reasons to obfuscate our online behavior. The FBI and CIA will love what you'd done.
Seriously, we need to get the address, family info , and SSN as well.
That will make these GOP rethink what they are doing.
And if at all possible, lets find out what businesses these GOP own and interact with. It could an interesting source of money for them.
I prefer the "u" in honour as it seems to be missing these days.
would you want your boss to know you're into interracial midget porn?
That's the problem, you choose your disclosure.. in your example, you tell your wife what you're downloading. you tell your friends you like this game or that.
Google/$big_data tells anyone who can pay, whatever they want you lose control over the disclosure of your personal data.
Would you want your insurance company knowing how often you buy beer/red meat? I understand that for *now* there's some safeguards in place to prevent misuse of that kind of data, but those won't last long.
And now, folks, it's time for "Who do you trust!" Hubba, hubba, hubba! Money, money, money! Who do you trust?
And where is the Batman? He's at home washing his tights!
I trust my VPN provider. Why? Because if I don't, what other options do I have?
He's getting rather old, but he's a good mouse.
This is the rep that is pushing this; Marsha Blackburn.
And here is the Senator pushing this;
Anybody who is represented by these ppl should let them know that the internet is waiting to know all about them AND THEIR FAMILY, including kids and grandkids.
I prefer the "u" in honour as it seems to be missing these days.
...if everyone were to post as AC, then it would be the content of their posts that would be rated and nothing else.
Which is why I don't typically post AC. When a /. user sees my sig, they know that whatever preceded it must have been pure gold and any deviation from its goldiness must have been a misunderstanding.
He's getting rather old, but he's a good mouse.
Right subject, wrong article. Try this one:
http://www.nytimes.com/2012/02...
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
WTF do you think people are going to do with your browsing history??
The potential for predatory marketing practices and discrimination is huge. Your search for "funerals" and then "airfares", and presto! airline tickets just got more expensive for you, and you alone. You visit an Alcoholics Anonymous site and then GEICO and presto! car insurance rates just went up for you, and you alone. You visit the DNC website and then presto! your favorite news site can tailor the news it delivers to you to maximize manipulation. The possibilities are horrifying and endless.
> some of us post AC because we don't care enough to create an account
And sometimes logging in is a hassle even for those who have an account, and some things you just don't want tied to your account. But it remains the height of irony for an AC to post on how open he is about every single thing he does or thinks, while posting anon.
There's another problem that is barely worth discussing: the OP AC may in fact be engaging in future-illegal activities. It's easy to forget because we've mostly seen personal restrictions removed in the last few decades, but assuming that every present course or short term trend will continue indefinitely is the one method of predicting the future that is guaranteed to be wrong. In the future, certain information could become illegal (an ideologue government could ban, for instance, BDSM porn, including the transmission, possession, or viewing), certain math could become illegal (cryptography, DMCA, we've already seen "illegal numbers" with DVD Jon, that's practically ancient history in tech terms), and more relevantly, certain topics could become illegal or shunned in certain areas- or you could want to enter an industry where your personal life details actually DO result in discrimination or exclusion (legally or illegally). Keeping your privacy maintains future options much more so than not doing so.
I don't know whether ISPs will suddenly start doing deep packet inspection of your DNS traffic aimed to openDNS or google's DNS or whatever, for marketing and recording purposes (something that they could be doing now, I think, but have been kept at bay by the threat of an FCC coming down on them- they will obviously be more likely to act out if Congress and the President have told them that they can sell stuff without any fear of a regulator agency). I do know that being concerned about privacy, and being concerned about PIECES of your privacy even if you don't have the ENTIRE thing under control, are all sane and normal.
Airlines already do this. Use the same computer and checkout airfares for a week in a row and the. Compare it to fresh computer that hasn't been visiting websites.
Regulations exist because a business can't be trusted not to screw people over. The goal of every business is to take your money for the least amount of work possible. Honest ones at least try to give you fair value in return.
i thought once I was found, but it was only a dream.
No, unfortunately you are wrong and Nancy is correct. HIPAA only protects against covered entities selling your medical information. Covered entities are only health care providers, health plans, and health care clearinghouses. A lot of people don't understand that Google and sites like WebMD collect everything you search for and sell that information even if it is medical information. WebMD in their privacy policy states that they "Send you relevant offers and informational materials on behalf of our sponsors pertaining to your health interests."
Your ISP has no issue selling your medical web searches or if you mention your medical condition in e-mails or other traffic they monitor. Mobile providers have in the past and may again in the future install spyware on cell phones that monitors any health data mentioned on your cell phone. The spyware may even watch you login to your health care provider and what you see. They aren't a covered entity so anything they can find out they can sell.
Selling social security numbers is legal in most states. There are a few states like Illinois that have passed laws requiring a company to get your consent before selling it. Even in those states there is nothing stopping the company from burying it in your mobile contract or a company having it in an EULA.
I am not a lawyer, but if a company sold your SSN and it was used to steal your identity, then they could likely be held liable. However, if your identity is stolen, determining the source of where the identity thief got the information could be quite difficult.
This message is encrypted with Quad ROT-13 to protect the author's copyright under the DMCA.