Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast, AT&T, Verizon Pose a Greater Surveillance Risk Than Facebook (theguardian.com)

Posted by BeauHD on from the always-watching dept.

An anonymous reader writes: "Comcast, AT&T and Verizon pose a greater surveillance risk than Facebook -- but their surveillance is much harder to avoid," writes Salome Viljoen in an opinion piece for The Guardian. From the report: "Facebook isn't the only company that amasses troves of data about people and leaves it vulnerable to exploitation and misuse. As of last year, Congress extended the same data-gathering practices of tech companies like Google and Facebook to internet providers like Comcast, AT&T and Verizon. Because service providers serve as gatekeepers to the entire internet, they can collect far more information about us, and leave us with far less power to opt out of that process. This means that the risks of allowing our internet providers to collect and monetize the same type of user data that Facebook collects -- and the potential that such data will therefore be misused -- are much, much worse. Your internet provider doesn't just know what you do on Facebook -- it sees all the sites you visit and how much time you spend there. Your provider can see where you shop, what you watch on TV, where you choose to eat dinner, what medical symptoms you search, where you apply for work, school, a mortgage. Everything that is unencrypted is fair game. But internet providers don't just pose a greater surveillance risk than Facebook -- their surveillance is also far harder to avoid. 'Choosing' not to use an internet provider to avoid surveillance is not really a choice at all. As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%.

65 comments

  1. Pose? by ebonum · · Score: 4, Interesting

    How about "already are a greater surveillance risk than Facebook "?

    1. Re: Pose? by Anonymous Coward · · Score: 0

      This proves that Slashdot quality keeps getting lower.
      Government âmandatesâ(TM) AT&T or Comcast to âFacebookâ(TM) people?
      Thanks to the patriot act, your metadata is collected - which in a language the poster will understand, means âComcast knows you visited Starbucks.comâ(TM). Facebook in turn, knows that you âlovedâ(TM) that latte.
      AT&T knows you called mom, Facebook will block your conversation if you use dirty words. Facebook (and Google) knows any site you visit if it has a single âfâ(TM) icon or ad from them while Comcast only knows you transferred some bytes to IP 1.2.3.4:443...

    2. Re:Pose? by _Sharp'r_ · · Score: 1

      they can collect far more information about us, and leave us with far less power to opt out of that process.

      This is silly, "can" isn't the same as "do" and we have plenty of power to "opt out".
      Facebook does collect tons of info about it's users. ISP's don't typically store everything all of their users do. Sure, maybe the NSA is hoovering up a ton of data and sticking it in storage somewhere, but the amount of storage to just store http URLs being requested over the long term, let alone the contents of all packets, is crazy.

      If you're actually concerned, then just use encryption for your Internet communications. There's your super-easy "opt-out". You can use secure DNS, use a VPN to tunnel outside your ISP, use TLS for HTTPS traffic, whatever you like.

      It's currently a non-issue. About the only way it's going to become an issue in the near future is if your government decides to require your ISP to collect and turn info over to them. Even then, the encryption solution still works out unless they mandate back doors.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    3. Re:Pose? by walshy007 · · Score: 1

      Depends on what country you are in, Australia's recent metadata laws collect all, no warrant required to look up.

      The trouble with using encryption when such sweeping items become the norm is that using encryption places you as a target. Even if you have nothing to hide simply not wanting to be passively stalked can mark you as a person of interest for further scrutiny. Which could be a less than fun position to be put in.

      Even not using the internet at all would not render you immune. It is one piece of a far larger puzzle Have a drivers license? congratulations your face is now in the national face recognition database.

      Catch public transport recently? The scan cards used in different states can be linked to identities and profile your usage and location. While giving your names for the card is optional even if you always pay cash to top up and regularly change cards, the cctv footage combined with facial recognition can be enough to still get a pattern on you.

      Welcome to the future, 1984 has nothing on our present. The craziest thing is not even the lack of oversight of the organizations in charge, but how quickly the public has become complacent with it all.

      I suppose those that are critical of the security circus and try to bring attention to potential abuses are either dismissed as nutters or do not last if they are competent at bringing awareness to the many issues mass surveillance can bring to a society.

      The night of long knives was amateurish and crude compared to what is capable with such sweeping surveillance of the populace. Anyone even partially trying to evade it becoming a potential target.

      So long as the pot is boiled slowly, the frogs never jump.

    4. Re:Pose? by DethLok · · Score: 1

      "As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%."

      That's the bit that I always find so curious. I have a choice of dozens of ISPs and mobile phone providers and no longer have a land line, here in an Australian city (I use fixed wireless internet to avoid the debacle called the NBN).

      Why does "the land of the free" have so little choice?

      Lack of government regulations requiring sharing of equipment, I suspect? So everyone has to duplicate networks or ... just go somewhere else where there is no network and build your own monopoly?

      Aren't monopolies supposed to be bad?

    5. Re:Pose? by Jane+Q.+Public · · Score: 1

      Because there is no competition.

      And yes, monopolies are bad.

      But too many in the US seem to be blind to this corporate oligopoly which is what the U.S. internet has become.

      And it must be said: it has become so with the aid of the US government. Not just lack of regulation, but mis-regulation. And Trump's administration has not helped in this area. In fact it has made things worse.

      When you don't have competition, you MUST have regulation. One or the other. Today, we effectively have neither.

      And THAT is how this happened.

    6. Re: Pose? by Anonymous Coward · · Score: 0

      You left out how everyone also now knows you use Apple products.

    7. Re:Pose? by drinkypoo · · Score: 0

      Facebook does collect tons of info about it's users. ISP's don't typically store everything all of their users do.

      Unless requested by law enforcement, at which point they will literally capture all of their traffic.

      Sure, maybe the NSA is hoovering up a ton of data and sticking it in storage somewhere, but the amount of storage to just store http URLs being requested over the long term, let alone the contents of all packets, is crazy.

      It is well-known that all backbone connections are monitored for interesting activity.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:Pose? by Anonymous Coward · · Score: 0

      We already know that the NSA has been doing that with AT&T, and we've known that for at least a decade.

      I'd be shocked if other companies aren't in on it as well.

      The real problems here are that the 4th amendment isn't being respected by the government or courts, the courts don't recognize the right to an internet connection and many people have only one or two options of ISP. In most cases those ISPs themselves have similar terms that don't allow for customers to have a connection without agreeing to those terms.

      The US is being really aggressive in becoming the first first world nation to skip second world on the way to 3rd world without any outside help.

    9. Re:Pose? by Anonymous Coward · · Score: 0

      Because a ton of Americans are focused entirely on being free from government interference without realizing that in the absence of government regulation, something else steps in to fill the void. In the case of the US, that's generally corporate entities that right even more restrictive rules than what you see in other countries that have a stronger government.

      And yes, the situation here is every bit as ignorant and backwards as it probably seems. The US is one of the few countries where people will proudly proclaim that they support policies that fuck them over with no sense of irony whatsoever.

    10. Re:Pose? by _Sharp'r_ · · Score: 1

      If you actually read the link I posted in the comment you responded to, you'll find it debunks the over-inflated claims in your link by citing the actual law and an actual ISP's data collection. The Australian data collection law was claimed to require ISPs to collect everything, but in reality only requirs the ISP to track when you connect and disconnect to the ISP, primarily so they can always associate an IP address with a customer account. That's it.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    11. Re:Pose? by walshy007 · · Score: 1

      Apologies for not reading your link, I had skipped it assuming it was american seeming as NSA etc mentioned.

      I hope that is the reality, a lot of the ISP's claims of added expenses make little sense if that is the case.

    12. Re:Pose? by pots · · Score: 1

      Well you're obviously not an American, and the situation is clearly not the same everywhere as it is here, but Slashdot is frequently American-centric and this is one such instance. The summary pretty specifically mentions an American law from March of 2017 which eliminated virtually all privacy protections pertaining to ISPs, not only on what they could collect but what they could do with the data which they had collected.

      Further, this is not about what they "can" do, or what they "might" do, they are doing this. In fact, back in 2013 AT&T had a program to let you opt out, for an additional cost to you of $29/month. Or you could do some reading on Verizon's program of injecting tracking data into all HTTP headers without their customers' knowledge or consent. This is not hypothetical.

      Here, this is a page on some of the possible consequences of the March 2017 law, now our reality. Maybe things aren't as bad for you, but don't count on it staying that way if you maintain your apathy.

    13. Re: Pose? by buchanmilne · · Score: 1

      "Unless requested by law enforcement, at which point they will literally capture all of their traffic."

      So you acknowledge that the problem here isn't the ISPs per se, like with the companies who spie on is for money (Facebook, Google "Analytics" etc.), but instead the government?

    14. Re:Pose? by _Sharp'r_ · · Score: 1

      Your eff page says "could do". Basic alarmism.

      Don't use AT&T. Don't use Verizon. Or use encryption. If you're actually concerned, use encryption. If you can't be bothered to even use encryption, then you obviously aren't actually that concerned.

      --
      The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    15. Re:Pose? by pots · · Score: 1

      Oh for gods' sake, I said that the EFF page listed possible consequences. That was published before the law was passed, what the hell else do you expect? It's "alarmism" if they're limited to predicting the future based on past behavior? Apparently it isn't good enough unless they have a crystal ball.

      "Don't use bad ISPs." is your answer? God, you really are living in a utopia. That isn't an option here.

    16. Re:Pose? by DethLok · · Score: 1

      Both Jane Q. Public and AC make good and interesting points, now that I reply 8 days later... (oops).
      As an outsider it has fascinating reading - over the years - how various US voters happily vote for parties whose policies will literally hurt them, total cognitive dissonance.
      Or maybe it's utter wilful ignorance, it's hard to tell, really.

      I think a quote from the US president best sums it up, "Sad".

  2. Fair game... by msauve · · Score: 4, Interesting

    "Everything that is unencrypted is fair game."

    Finally, the summary gets to the core. All the rest is fear-mongering. More, and increasingly more, services are encrypted. The one which isn't, and needs to be, is DNS, which traffic they could snoop to see who you're talking with. But, some trusted VPN or TOR or other solution will get around even that, if someone cares.

    With so much content being cloud hosted (AWS/Azure/GCloud), it's getting hard to tell who someones talking to just by IP, which is all the ISPs have left if traffic is encrypted.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Fair game... by Anonymous Coward · · Score: 1

      I never encrypt because my life is an open book and I want everyone to know about my goat fetish.

    2. Re:Fair game... by Anonymous Coward · · Score: 2, Interesting

      I long for a bittorrent or blockchain based system that gives you a local copy of the 1 million most used domain names and their corresponding IP addresses. I talked to the Dutch name registrar about this idea, and all the .nl name + IP pairs would only be 1.5 gigabytes. The .com top 1 million list would be 6 gigabytes.

      It would not only offer more privacy, it would speed up the browsing experience too.

    3. Re:Fair game... by Anonymous Coward · · Score: 0

      some trusted VPN?

      Trust? On the internet?? Pull the other one, babe! When are you going to realize that the "Privacy Policy" is nothing but a Miranda Warning?* The situation cannot be remedied while we remained chained to the ISP that will cough up anything to the authorities upon request. They are the gatekeeper. And if you want DNS to be encrypted, the state will demand all communications be logged. DNS is another weak link we have to replace. Just like we need antibiotics to kill infection, we need technology to combat the social problem of popular fascism.

    4. Re:Fair game... by svanheulen · · Score: 4, Informative

      The good news is that encrypted DNS already exists and there are plenty of servers to choose from even. https://en.wikipedia.org/wiki/... https://github.com/jedisct1/dn...

    5. Re:Fair game... by Guybrush_T · · Score: 1

      I had an ATT support person tell me that "given the number of devices connected to my DSL box, maybe I should go for a faster plan". So it's a bit more than what you send unencrypted over the Internet.

      Now I have a router and they see 1 device. And everything goes to the Sonic VPN, because Sonic understand that and gives me a free VPN to bypass the ATT "fair game".

    6. Re: Fair game... by Anonymous Coward · · Score: 0

      Companies already have ways to view that so called encrypted traffic. Your stuff is always going to be out there and some data point will be collected. Some of it is tied to you, but plenty is not. Overtime it will get better and better and they will be able to tell everything because trillions of data points will be collected and analyzed by ai based companies.

    7. Re:Fair game... by Known+Nutter · · Score: 1

      Er... huh?

      --
      Beware of the Leopard.
    8. Re:Fair game... by msauve · · Score: 1

      Point to a broadly supported RFC with service available from a wide range of trusted organizations, and not some unique solution (which I've already linked to), and then you can legitimately claim that "encrypted DNS already exists."

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    9. Re:Fair game... by svanheulen · · Score: 2

      And which "trusted organizations" would those be? And where's an implementation? I linked to an actual usable DNSCrypt client. And there are plenty of "trusted organizations" running DNSCrypt servers: https://dnscrypt.info/public-s...

    10. Re:Fair game... by msauve · · Score: 1

      "And which "trusted organizations" would those be?... there are plenty of "trusted organizations""

      You're confused.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    11. Re:Fair game... by Orgasmatron · · Score: 1

      I'm not sure that I should need to explain this here, but...

      Each device connected directly to the modem uses DHCP to get an IP address from your ISP's servers. They didn't get the information from snooping on you - your devices deliberately and intentionally contacted them to check in.

      --
      See that "Preview" button?
    12. Re:Fair game... by Anonymous Coward · · Score: 0

      Yeah, no. Each device connected directly to the modem gets its IP address from the modem's built-in router. Local devices don't negotiate with your ISP at all, even under DHCP. That's the whole point of a router, and any modem with more than one LAN input is a combo modem, router and switch. ISPs give you one IP address, unless you specifically buy a plan that gives you a number of IP addresses.

      The ISP can control your modem however, and can query it at any time for customer service or marketing - which is what they did for GP. You can tell by checking ipconfig for a connected device, or the local device equivalent. They all use the modem/router as a gateway and have a local IPv4 address, not a distinct IP address assigned by the ISP.

    13. Re:Fair game... by Zontar+The+Mindless · · Score: 1

      My ISP lets me choose between 4 static or unlimited dynamic IPs. And they get no more access my router than any other Joe Internet has.

      But you already knew I don't live in the US...

      --
      Il n'y a pas de Planet B.
    14. Re: Fair game... by Anonymous Coward · · Score: 0

      Honestly, that's a terrible idea. The web is made to be dynamic, you can't substitute a snapshot.

    15. Re: Fair game... by Anonymous Coward · · Score: 0

      What are you going to store on 1.5 G? Text files? That's pointless. The web is huge you can't reasonably store any significant portion on 1.5g's. Think of all the media man. Facebook alone probably has terabytes of pictures

    16. Re:Fair game... by joe_frisch · · Score: 1

      There are technical solutions, but unless they are automatic, or at least extremely simple, the general public will not use them. I think that a right to privacy should not be restricted to people with substantial computer skills.

      I see a number of dangers form the compilation of personal data from large numbers of people and I would want that to stop for everyone even if I were savvy enough to protect myself.

      I completely agree that encryption is a big part of the solution, I just think that it needs to be mandated to be applied to everyone.

    17. Re:Fair game... by Anonymous Coward · · Score: 0

      People already had that idea, it's called a caching DNS server.

    18. Re: Fair game... by Monster_user · · Score: 1

      This has come in handy from time to time when troubleshooting remote locations. Can't remote into a PC over a WAN connection to fix a modem, call the ISP and tell them to fix it. Account authentication is. B*tch, but still quicker than either having the ISP dispatch a tech, or me driving two states over to fix the problem.

    19. Re:Fair game... by Anonymous Coward · · Score: 1

      TBH, I do think that people should start using the most disgusting, but legal, media for steganography. Just force all those bastards to get fucked up looking at the nasty pictures all day while they try to decipher them.

      I really hope somebody creates goatsenet for all our secure communications needs.

    20. Re:Fair game... by Anonymous Coward · · Score: 0

      The ISP can control your modem however, and can query it at any time

      Only if the modem belongs to the ISP, which it may or may not do. If you don't like that, put a firewall+router+vpnbox between that modem and your own network. All the ISP can see then, is that your box connects to some VPN. If they try to scan your network, they get stopped at the firewall.

      Keeping a mere ISP out of the loop is not hard. Keeping your government out at least require VPN to some other jurisdiction (country). Since they may have the resources to break your encryption, you may want to use several layers so they only find another encrypted stream. You may want a VPN within the VPN anyway, since the country you VPN into may not be too trustable either. At which point local government just bug your computer instead bruteforcing it all.

    21. Re: Fair game... by yuriklastalov · · Score: 1

      That sounds about the right size for APKs hostfile, which is essentially what is being suggested.

  3. Hmmm by rmdingler · · Score: 1

    Congress extended the same data-gathering practices of tech companies like Google and Facebook to internet providers like Comcast, AT&T and Verizon.

    Why on earth would it behoove Congress, outside of the campaign contribution factor, to ease the path for other internet providers to evolve into top flight data collection outfits?

    Perhaps campaign contributions are but the penultimate incentive, and government exploitation of the collected data is the end game.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  4. Elon will come to the rescue by Spy+Handler · · Score: 1

    As of 2016, only about half of Americans have more than one option for broadband internet. In rural areas, this number drops to just 13%.

    As of 2020, SpaceX could be providing high speed satellite internet for competitive pricing. And I sure as hell trust Elon a lot more than Comcast or Facebook.

    Please note that SpaceX satellites will be low earth orbit (very close to Earth), so latency will not be a problem. As opposed to current satellite internet, which suffer from high lag due to their satellites being geosynchronous (far far away from earth).

    1. Re:Elon will come to the rescue by Anonymous Coward · · Score: 0

      Ummm, no.

      It may well create a worldwide internet but not with any significant throughput for a significant number of people. Think of each satellite as a single cell tower. How many people are going to be served by that one uplink?

    2. Re:Elon will come to the rescue by Anonymous Coward · · Score: 0

      "Not geosynchronous" = "Not viable". Just think about it.

  5. Monopoly by Anonymous Coward · · Score: 0

    I can choose whether to use Facebook or any other web service. I can't avoid paying one of these monopolists for at least one of cell, home, or business internet and telephony.

    The monopolists need to be regulated to avoid market harms. Any business in a competitive market can be avoided.

    1. Re: Monopoly by buchanmilne · · Score: 1

      "The monopolists need to be regulated to avoid market harms."

      Sure, but the real question is how to regulate them. You can either try and think up all the ways they can make their customers umhappy and add regulatioms preventing them from, or you can require all last-mile infrastructure owners (usually telcos) to allow other companies (usually ISPs) to offer services over the infrastructure (at the price they use as an input cost for their own retail products) , and let the market do the rest.

  6. Well duh! by mschaffer · · Score: 1

    So what are you going to do about it?

  7. Ajit Pai will save us! by mschaffer · · Score: 0

    Ajit Pai has our back. Protecting all that is near and dear to us on the internet.
    https://www.youtube.com/watch?...

  8. Lucky for me then. by Anonymous Coward · · Score: 0

    I haven't finished the 2001 copy of the internet that I got on 2 million usb thumdrives at home. Don't tell me how it ends, I'm only on drive 145,408.

  9. Why I'm pushing Congress critter by WindBourne · · Score: 1

    To make it that intel world does NOT need a warrant unless data and stream are encrypted. By doing this, I have no doubt that most ppl will be concerned and encrypt everything. Oddly, Russia, and china are grabbing everything that unencrypted, and few object.

    --
    I prefer the "u" in honour as it seems to be missing these days.
    1. Re:Why I'm pushing Congress critter by Anonymous Coward · · Score: 0

      mmm, because all the data travel through China and Russia. Them being the major hubs of the Internet that lots of connections run through and all.

    2. Re:Why I'm pushing Congress critter by Anonymous Coward · · Score: 0

      If Russia can get Trump elected then they can MITM some lousy unencrypted datastreams, sheesh.

    3. Re:Why I'm pushing Congress critter by Anonymous Coward · · Score: 0

      mao is calling for you.
      He says to suck harder and faster.
      Dumb fuck.

  10. the spin begins by sheramil · · Score: 1

    Trying to lessen the impact of Facebook's criminal activity by saying "Comcast, AT&T and Verizon are a worse threat". I hope Salome got paid in Bitcoins.

    Because they're worthless.

    1. Re: the spin begins by Anonymous Coward · · Score: 0

      Worthless = $6800

    2. Re: the spin begins by sheramil · · Score: 1

      When I stopped playing Eve:online, I had about 12 billion ISK in funds and about twice that in materiel and ships. If I sold it all on one of those dubious sites that allow newbies to buy virtual assets from older players, I'd have a couple of thousand dollars.. theoretically. If you want to pretend that your dogecoin is worth anything at all, then I'm fine with that.. as long as you understand it's a fantasy and that it will, one day, be involved in a high-speed head-on collision with cold, heartless reality.

  11. what about equifax? by Anonymous Coward · · Score: 0

    experian? acxiom? neustar? all these companies collect data without you even knowing and having .no way to opt out

    and as we can all see - if they get hacked and their data gets breached...nothing happens

  12. What about Akamai? by Anonymous Coward · · Score: 0

    The ISPs are certainly a risk, especially now, with the questionable status of net neutrality. But how is it that arguably the worst actor of all, Akamai, never gets noticed?

    http://blogs.wsj.com/digits/20...

  13. This article brought to you by Facebook? by TrumpThemAll · · Score: 0

    Sounds like someone is trying to deflect.

  14. Use a VPN by AHuxley · · Score: 1

    The ISP can then see some nice encryption.

    --
    Domestic spying is now "Benign Information Gathering"
  15. Carbon Monoxide is worse than Arsenic poisoning! by Anonymous Coward · · Score: 0

    Carbon Monoxide is worse than Arsenic poisoning!

  16. HTTPS and Encrypted DNS does not help against ISP by emj · · Score: 2

    ISPs can still see the hostnames of the sites you visit, that is sent in clear text because of Server Name Indication (TLS SNI). That is plenty of information.. So encrypted/signed DNS still only give you part of a solution.

  17. Re:HTTPS and Encrypted DNS does not help against I by Anonymous Coward · · Score: 0

    Not if you are using a VPN.

  18. And that's not even their business model! by sabbede · · Score: 1
    It's one thing for Facebook to do it - it's their model and was never a secret that it was how they could provide service for "free" - but ISPs are a subscription service. You pay a monthly fee for service! If I'm paying for a service, there's no excuse for harvesting and selling my data on top of that.

    They are more than welcome to provide a cheaper or free tier of service supported by data harvesting if they want. Given that my bill seems to go up every year, I reject the potential assertion that they could currently be harvesting to provide service at a lower price.

  19. Don't use their DNS, use Tor or VPN by Rick+Schumann · · Score: 1

    About the best you can do to frustrate their data-collection methods.