ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Browsers could remove popup support.

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Re:Browsers could remove popup support.

[LinuxIsGarbage]

If web browsers removed the code that implements popups, then it would be far less likely that they show up, regardless of what privacy laws are in place.

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception. However they still seem to allow popups created by other means (JavaScript, HTML5, etc). The result seems to be annoying popups still show up, but useful popups from a legacy application are blocked.

Re:Browsers could remove popup support.

[fustakrakich]

Then the ISP will simply redirect.

Re:Browsers could remove popup support.

[ShanghaiBill]

Modern Web Browsers have Popup blockers that block standard HTML popups, giving indication that a popup was blocked, with options to create an exception.

That works well. I get popup alerts from my bank, letting me know my session is about to expire, but only because I have specifically enabled those. I never see unexpected popups from other sites.

However they still seem to allow popups created by other means (JavaScript, HTML5, etc).

Those are not real popups. They don't appear in a separate window, they have no ability to grab the focus from other tabs, and they are easy to ignore.

Re:Browsers could remove popup support.

[radams217]

Javascript Popups are not easier to ignore. They are much more invasive when you want to read an article or not have to mute your sound. The websites that do the follow me as a scroll video ads need to die a slow death.

Re:Browsers could remove popup support.

Those are not real popups. They don't appear in a separate window, they have no ability to grab the focus from other tabs, and they are easy to ignore.

I work in porn, those are called pop-unders and they make a lot of money to my boss, more than good old popups. They all pop in a new window and they're all annoying.

I wish browser vendors would just disable new windows unless I ^n it explicitely.

Re:Browsers could remove popup support.

Christ no.
I despise unwanted pop-ups more than anything, but they still have legit use-cases.
Any decent browser has the ability to whitelist them now. And actually do it properly, at that!

I use a pop-up window for tab management. (Tabs Outliner)
I also use others for website feeds, chats, videos, RSS and the developer tool whenever making sites.

Another good part about pop-up windows is they have no minimum size unlike the main browser windows usually have. (because stupid min-width toolbars, address bars or other nonsense)
I can resize this Chrome window to a size that is still much wider than is necessary for any tasks I would need it for. Pop-up window can go as small as the titlebar icons.
I'd use Firefox as a main browser, but Mozilla killed literally every reason to ever want to use that piece of shit ever again by shitting on the extension API every major update. You couldn't pay me enough to use that. I value my mind over money. FF fork? They're still based on Gecko. Sorry, it is just inferior.

Re:Browsers could remove popup support.

[Cederic]

They all pop in a new window

Those are not what he's referring to.

I wish browser vendors would just disable new windows unless I ^n it explicitely.

That's what popup blockers achieve. Your pop-under windows are blocked by those too.

Re:Browsers could remove popup support.

[ShanghaiBill]

They all pop in a new window and they're all annoying.

I don't believe you. Can you provide a link to a page that does this?

I use Chrome. I NEVER see a popup in a new window except for the one site (my bank) where I have explicitly enabled it.

Re:Browsers could remove popup support.

Modern Web Browsers have Popup blockers that block standard HTML popups, [...] However they still seem to allow popups created by other means (JavaScript, HTML5, etc).

Er. There is no such thing as a "standard HTML popup".

They're all created by JavaScript. They have always been.

Re:Browsers could remove popup support.

They all pop in a new window and they're all annoying.

I don't believe you. Can you provide a link to a page that does this?

I use Chrome. I NEVER see a popup in a new window except for the one site (my bank) where I have explicitly enabled it.

Not gonna give a porn link but this site pops unless I have the adblocker on: https://eztv.ag/. I'd still expect vanilla FF to block it. From what I reckon, reading pop up scripts (at work, not eztv), they usually turn an entire page into a straight up anchor so that the click is natural (Javascript "clicks" are not natural and so they're blocked).

What they meant

[sit1963nz]

" Privacy laws directly attack one of our income streams, our ability to collect, store, and sell your personal information"

Re: What they meant

[easyTree]

...which is why we are uncharacteristically unified.

Re:What they meant

[Altrag]

Basically yes, and they're implying that if you remove that income stream, they'll just go ahead and implement something even worse to be a new income stream.

Of course, that leaves out the little tidbit that if they could actually use all those popups and shit as a revenue stream, they would already be doing it. Its not like ISPs are known to be terribly scrupulous.

Re:What they meant

Of course, that leaves out the little tidbit that if they could actually use all those popups and shit as a revenue stream, they would already be doing it.

You misunderstand. They aren't already doing it, because there is no need. Because the popups they refer to are ones asking you every five seconds "hey, can we sell your data?" over and over and over again until you finally relent and say yes.

Re:What they meant

[Altrag]

Hm.. I didn't consider that. Looks like there's a paragraph way down TFA mentioning the possibility but yikes. If they went that route they'd be really asking for a battle as "showing the opt-in box continuously until the user clicks yes" is not really any different from being opted in automatically. What's the point of a "no" button if it does effectively nothing? Essentially they'd be 100% violating the spirit of the new law.

Re:What they meant

[Big+Hairy+Ian]

Remember to marketers you are the product what they sell is you!

Re:What they meant

[syn3rg]

"That's a nice Internet experience you have there. It'd be a shame if something happened to it..."

Re:What they meant

[JohnFen]

Essentially they'd be 100% violating the spirit of the new law.

These people don't give two shits about the "spirit" of any laws. They view laws as things to be worked around.

Re:What they meant

[Altrag]

The companies might not, but lawmakers and judges certainly do. If lawmakers spend a bunch of time and effort coming up with a law and the first thing you do is skirt it, they're going to patch it up pretty quick. Its one thing when someone finds a loophole down the line, or there's a loophole intentionally left in.. its quite another to be blatantly flagrant about it.

Judges also tend to be pretty pissy about things like that (even moreso than the lawmakers lately it feels like,) so if it ended up in court for some reason there'd be a bit of an uphill battle there as well for such companies.. and given the type of thing we're talking about, groups like the EFF would be lining up to drop lawsuits.

Re: Bogus

These companies are too big for the truth... they have been making money by selling their customers private info while charging same customers for the privilege.

Together with abolishing net neutrality they will be triple dipping... the customer, the marketers, and the sites that pay the bribe to be throttled less than the competition.

Perfect Opportunity.

[sexconker]

This is the perfect opportunity for that one AC to come along and say "ISPs can suck my DAMN balls!".

Re:Perfect Opportunity.

[MightyMartian]

Would you actually want their lips on your testicles?
  I think I'd rather get it done by ten dollar prostitute with cold sores, she'd be cleaner.

Re:Perfect Opportunity.

Knock yourself out. I'll take the receptionist.

capcha: gargling

Eeeww! Gross!!

Re:Perfect Opportunity.

[ArylAkamov]

I miss the app apping APPER. APPS!!! ac.

Re:Perfect Opportunity.

[sexconker]

I miss the app apping APPER. APPS!!! ac.

LUDDITES

Re:Perfect Opportunity.

ONLY Scopes can scope scopey scopes, not LUDDITE apps!

Scopes!

Re:Perfect Opportunity.

[sconeu]

Sigh.... I miss the old time trolls, like OOG the Internet Caveman, The Glorious MEEPT!, The "IF I EVER MEET YOU I WILL KICK YOUR ASS" guy....

Re:Perfect Opportunity.

How dare you talk about me without my permission. IF I EVER MEET YOU I WILL KICK YOUR ASS.

Oh my god!

[Opportunist]

I had no idea what saint my ISP is. Just think how many ads and how much spam you'd get if they did NOT sell your personal information to advertisers and spammers.

Re:Oh my god!

[Ichijo]

Protecting "us" from "them" is the same argument the GOP makes for voter ID laws.

Re:Oh my god!

What's ridiculous is that they're probably getting less than 10% of their revenue from you from selling your info. Would you put up with prices going up $6-10 for a guarantee of no selling your data and there was a way to prove and enforce it?

Re:Oh my god!

A lot of countries have voter ID laws. The opposition to them is preposterous.

Re:Oh my god!

[Opportunist]

Me? Yes.

Millions of people using Facebook? Well...

Re:Oh my god!

A lot of countries have voter ID laws. The opposition to them is preposterous.

Lots of countries have universal healthcare and robust privacy laws too. But you don't see those in the 'States, now do you?

It's a nightmare in Canada with Privacy

[WillAffleckUW]

In Canada, the Canadian Constitution mandates Privacy.

People spend years handling the privacy popups required.

Oh. Wait. They don't. They just say "No" once and then the ads can't steal their info.

Hmmm.

Re:It's a nightmare in Canada with Privacy

[WillAffleckUW]

Blanket? NORAD just admitted they won't do anything.

You're welcome for the satellites that keep you safe.

Re:It's a nightmare in Canada with Privacy

[ShanghaiBill]

You're welcome for the US blanket of protection you live under.

Please provide a list of countries that would attack Canada if not for American protection.

Some factoids to help you prepare your list:
Canada's GDP: 1.53 T USD
Russia's GDP: 1.28 T USD

Re: It's a nightmare in Canada with Privacy

Why would money matter to Russia if they attack Canada?
I'm pretty sure they have more nukes than Canada.

Re:It's a nightmare in Canada with Privacy

> Please provide a list of countries that would attack Canada if not for American protection.

US. They don't attack Canada because they already "protect" it.

Re:It's a nightmare in Canada with Privacy

And you are welcome for not having to spend money on defense since your cousins down here do it for you.

Re:It's a nightmare in Canada with Privacy

Canada uses Alaska as a buffer zone against all imaginable attacks, even alien invasions since the aliens always come for the US first. So it's all cool and icy. Oh wait, you meant that the protection provided by US corporations enables every other country to make sane constitutional changes except the US itself?

Re:It's a nightmare in Canada with Privacy

I am willing to bet you would wet your panties if you had to enlist.

Re:It's a nightmare in Canada with Privacy

And you are welcome for not having to spend money on defense since your cousins down here do it for you.

Sorry, when was the last time the US defended Canada from attack?

Re:It's a nightmare in Canada with Privacy

[WillAffleckUW]

And you are welcome for not having to spend money on defense since your cousins down here do it for you.

I'm a veteran. "Spend money on defense"?

Privacy is a Constitutional Right. It doesn't end at the border. And I kept your "cousins" safe.

Do what now?

[PopeRatzo]

Privacy laws will also cause you to become sterile. You can look it up.

Re:Do what now?

Now c'mon you can admit it's from all that kangaroo boxing you do.

Well done, ISP lobbyists!

[llamalad]

As a direct result of your efforts, I just clicked over to the EFF site to sign up to do recurring monthly donations to them.

I've had a vague intention to do so for a while, but thanks much for pushing me into action.

If Comcast is against it, I'll support that bill!

Even if they tack on 300$ billion for the perverted arts.

But no Border Wall money. Seriously. Not gonna do it. Uh-uh.

Go to Taco Bell instead.

Why oh why

Seriously, why are ISPs in the US seems to treat everyone like they are god damn morons?
This kind of BS wouldn't even make it in the news in other countries, they wouldn't try to do this shit to begin.

Re: Why oh why

Because you ain't gonna do anything about it you cuck.

Re: Bogus

Don't forget they already use the data to raise prices too.
So they will be quadruple dipping in the near future.

Also I don't know why anyone thinks this will be stopped while it is all "perfectly legal(tm)."

Re: Bogus

5x dipping. They often recive government subsidies as well.

Businesses are not your friends

They want just one thing: money. All businesses, not just the shady ones like AT&T and Comcast. Some find better excuses for the ways they pursue their true motivation and don't make their lies as obvious as the ISPs do, but they all would sell you for a profit if they could.

Popup concern?

[mysidia]

The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing ....

In addition to REQUIRING customers' permission, I suggest they add the following to the law:

• For the purposes of this act; specific permission MUST be obtained from the customer IN WRITING with the customer's official signature EACH time their history information or private details are to be shared, sold, or used for any purpose not directly essential to providing that customer's broadband service or resolving abuse complaints due to customer's activity. Non-written forms such as a verbal direction or acknowledging a "Click-Through Agreement" may not be used to obtain permission.
• Customer's permission to share information SHALL NOT be required as a condition to purchase or renew subscription to any broadband, or internet access services.
• Service providers SHALL NOT interfere with network access or delivery of purchased services in any way order to request or wait for permission.

Re:Popup concern?

[RLaager]

At that point, it is effectively a ban on sharing. I assume that is what you want. It is what I want, and I am a manager at a small ISP (not in California). We should just enact an outright ban.

This sort of thing was not allowed in telephone, as far as I know. I see no reason it should be different for Internet.

Re:Popup concern?

I agree. Internet should be handled like telephone or the post. Unless there is a court order it should be illegal for anyone other than the recipient to interpret anything but the IP header.

Re:Popup concern?

[mysidia]

At that point, it is effectively a ban on sharing.

Exactly, because any required "Consent" is going to be obtained surreptitiously or through coercion, or annoying end users;
the providers simply cannot be trusted, and sharing/selling for an additional marketing revenue stream should just be banned, EXCEPT possibly if the customer
voluntarily opts to purchase an additional service completely separate and not bundled with the broadband,
where sharing may be technically necessary to provide the separate service.

I am...

a damn ISP and we do not sell, let alone KEEP, any records on out users past Service Address, Name of person who activated the account, Drivers license number in case they bail on the bill. That is all that is legally required for ISPs to keep. Fk those other ISP's.

Re:I am...

Idiot Stating Poppycock?

HAHAHA

[XSportSeeker]

These fuckers... they really think people are idiots to beliebe in such outlandish claims.
WE NEED TO COLLECT YOUR DATA AND SELL IT FOR YOUR PRIVACY AND SECURITY

What's next? We need to double the price or your current plan because that prevents you from wasting it all on booze and drugs?

Re:HAHAHA

[Xyrus]

Well, we elected Trump. They figure with a bar that low they can do just about whatever they want.

Re:HAHAHA

Nah, for a bar that low you'd have to have a country that elected Hillary.

Pop-ups and EULAs

[thereitis]

This claim is a lie too, and we have no idea how any rational person could read A.B. 375 and think “maybe that will mean more pop-ups.” The best we can come up with is that since A.B. 375 would require Internet providers to get your consent before sharing your data, maybe they think that if they constantly pester people with pop-ups, they’ll succeed in wearing people down until they give their consent. If that’s really what Comcast and Verizon are implying, then lawmakers should understand the claim for what it really is: a threat to hold consumers hostage in the fight for online privacy. As with Lie #1, if big Internet providers have a better explanation, we challenge them to provide it publicly.

Regarding pop-ups, IMO the whole "click to agree to this legally binding document" idea should be rethought. It's far too easy to embed all sorts of nasty stuff in EULA's and most people can't fully understand the implications even if they do take the time to skim/read through it.

That would be like programmers saying: hey, read through the source code at this github address and if you click I Agree, then you are declaring you are ok with whatever the code is doing with your system/data, for better or worse. You don't understand it? Ah well, too bad. Hire a programmer to try and figure it out.

The right to privacy and security should be inalienable rights, impervious to click-wrap agreements.

In the words of the great Capt. Picard: Dafuq?

[sandbagger]

Why is this the dilemma presented. We get user privacy at the cost of a parade of pop up windows. Really? Maaaaaybe you could decide to not spam your customers with popup windows.

This is how bullies talk: don't make me hurt you!

The sooner ISPs become regulated as utilities, the better.

Re:In the words of the great Capt. Picard: Dafuq?

If the law required consent before selling out privacy they would be forced to spam popups until the user occidentally clicked the wrong "Yes" or "No" to the randomly changing "Do you want us to sell" and "Do you want us to not sell" questions.

That wouldn't be necessary without such law.

Re:In the words of the great Capt. Picard: Dafuq?

... don't make me hurt you!

... It's your fault for disobeying your corporate masters. Why are you spamming yourself? Why are you spamming yourself?

Re:In the words of the great Capt. Picard: Dafuq?

If the law required consent before selling out privacy they would be forced to spam popups until the user occidentally clicked the wrong "Yes" or "No" to the randomly changing "Do you want us to sell" and "Do you want us to not sell" questions.

That wouldn't be necessary without such law.

"Forced"? How would they be forced? Incentivized, maybe. But not forced.

Pop ups?

[thegreatbob]

People still use those for advertising? I haven't seen one on my own machines in 10+ years.

Re:Pop ups?

[thegreatbob]

(Hyperbolic of course, one gets through every now and again.. but almost always when the script/other condition that allows it to happen are hosted on the same site)

decentralization and VPNs are amazing tech

We should all assume our internet connections are being monitored by our ISPs because they can't be trusted. This is where VPNs come into play because unlike the monopolies why rely on to get online we do have a choice which service providers take our privacy seriously. I've got a few I'd put some level of trust in, like ThinkPenguin's VPN wifi router produce + VPN service and Private Internet Access. Both have demonstrated a genuine concern. On the other hand most other VPN providers I wouldn't trust as far as I could spit. They're probably even more abusive than my ISP, but that isn't really saying much. Decentralization and encryption are the real answer to this issue though in the long term.

Use a VPN

Problem solved?

Re:Use a VPN

[JohnFen]

It's just moving the trust issue to another company. On the other hand, any random VPN provider has a higher chance of treating your data with a modicum of respect than any of the major ISPs, so it's probably a good move.

Yikes!

Let's see:
- decrease security
- more hackerz
- more popups

What they forgot: IT WILL INCREASE GOLBAL WARMING too! Yes, right. Privacy zealots are the main cause for global warming. And for rotten teeth. And they eat little children.

Folks -- I usually think myself to be a civilized person. But when I read this lobbyist's drivel, I get my doubts.

They are absolutely right

[Erik+Hensema]

Over here in Europe we've got a crazy law requiring websites to ask visitor consent before placing tracking cookies. Now all websites have popups. You can't refuse the cookies like envisioned by the privacy lobbyists when drafting the bill. You can either accept or leave the site. The law is a useless disaster doing absolutely nothing for privacy. It just annoys everybody.

Needless to say, lots of people now just use a browser plugin to just accept the cookies blindly.

Also please note this isn't a browser window popping up of course. It's an overlay over the web page.

Re:They are absolutely right

I usually say no, and usually the web site still works.
If it doesn't, then there I've noticed the the WWW has a few other places to go look.

So, if this works, then can I get VPN service from an ISP in CA and get the same protections from elsewhere?
If so, the CA legislature may be creating a new industry in CA.

Re:They are absolutely right

[GuB-42]

This is the website, not the browser that's asking you.
Usually it is just a popup saying "we use cookies" with an OK button and a link to their privacy policy. There is no "refuse" option. This changed absolutely nothing to the way cookies are used and you can still configure your browser to refuse or accept them, but now you have popups.
The intention was that website would let you choose if you want cookies and adapt accordingly. As if the developers would actually spend time and money implementing a feature that will hurt them when a popup saying "cookies or GTFO" complies with the law and works just as well for 99.9% of users.

Re:They are absolutely right

[JohnFen]

Needless to say, lots of people now just use a browser plugin to just accept the cookies blindly.

Why? When I encounter those overlays, I just ignore them. But, if you're concerned about cookies, then most browsers have a "private mode" and many browsers have a self-destructing cookie add-on of some sort. Use them.

Re:They are absolutely right

It doesn't really help much, because very often you just can't use the website without the consent.

The US is becoming technically scummy

We haven't grown a spine to pass data privacy laws because we are greedy arseholes. Most data companies in the USA are now scum.

The consumer gets digitally raped from any company that can.

Microsoft - Windows 10 steals your data whether you like it or not. Oh, an advertising ID in your O/S? You are pieces of shit.
Google - Location needs to be on for Bluetooth services with no explanation? Really? Pummeling and locking out competitive smaller browsers and companies.
Roomba - Holy fuck that's scummy
Verizon - Scummy has as hell with the super cookie a few years ago now being brought back as a good for you opt in service!

Re:The US is becoming technically scummy

[JohnFen]

"Becoming"? We crossed that line quite a while ago. Now, they're just trying to determine what the maximally accepted level of scum is.

Re: Bogus

[carlos_danger]

At&t and Google fiber are the worst at this, selling as much data as they can to advertisers. I expect this law to result in At&T raising prices and Google fiber leaving the state.

Huh?

Haha, popups -- fuck off!

WOW!

I never thought California would do anything right! GJ Cali; now if you could just stop being shitty at everything else.