FTC Tells ISPs To Disclose Exactly What Information They Collect On Users and What It's For

An anonymous reader quotes a report from TechCrunch: The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC -- or states -- may want to take action. The letters requesting info went to Comcast, Google, T-Mobile, and both the fixed and wireless sub-companies of Verizon and AT&T. These "represent a range of large and small ISPs, as well as fixed and mobile Internet providers," an FTC spokesperson said. I'm not sure which is mean to be the small one, but welcome any information the agency can extract from any of them.

To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users -- you know, selling their location to anyone who asks or the like. (Still no action there, by the way.) But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release: "The FTC is initiating this study to better understand Internet service providers' privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content." The report provides this example as to the kind of situation the FTC is concerned about: "If Verizon wants to offer not just the connection you get on your phone, but the media you request, the ads you are served, and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes."

"For instance, if Verizon Wireless says it doesn't collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice," TechCrunch adds. "Of course it's rarely that simple (though don't rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices."

The honest answer to this would be short.

[ffkom]

Like: "We collect all the data we can get hold of, and use it for every conceivable purpose, especially those that make us money."

Let me guess

[burtosis]

FTC: What do you collect?

ISP: Everything

FTC: What's it for?

ISP: Everything legal and maybe some questionably illegal stuff too

Re:Let me guess

remove the "maybe" and you're probably right on target.

also. ftc will now be thoroughly neutered by the orange monkey and friends^H^H^H^H^H^H^Haccomplices.

Trump is on a roll!

Being exonerated.... check!
Finding out the dude that was trying to blackmail him is blackmailing Nike... check!
Rolling back an FU law passed by Obama at the end of his admin... check!
Having his veto upheld..... check!
Getting ready to save the Everglades... check!
On a path to win in 2020... check!

How deep is the rabbit hole?

[Impy+the+Impiuos+Imp]

Go further. I want to know how ISPs, web sites, and big advertising conglomerates like Google, Amazon, and facebook do with all their info. Who feeds what to where? How is it analyzed and applied to you, your various login accounts, and your IP address and phone number. What is stored in your advertising proclivities database they keep on you? Does government need a warrant to access it? Does government do the same thing anyway deep in those billion dollar buildings?

Re:How deep is the rabbit hole?

Facebook doesn't use my information. And if they do. They use it badly. Because they now keep showing me adverts for $150k cars I couldn't possibly afford if they knew anything about me.

Re:How deep is the rabbit hole?

[jeti]

And maybe that's even more scary. In China such systems are already used for a social scoring that limits what people are allowed to do. In the west, this kind of algorithm merely determines your credit worthiness and maybe how much you have to pay for your insurance. If a potential employer can't already purchase your employability score from a data mining company, that's only a matter of time.

Re:How deep is the rabbit hole?

At least it is cars, I went and bought my wife some nice lingerie for her birthday. From that point on, All I get is adds for women's clothing, tampons, maxi pads, and the like.

Two words: Common Carrier

Embrace it, demand it. Don't let big business write the rules

Fuck Federal

Time to give power back to the states

If it says "Federal", fuck it, with a HUGE rubber dick, you Federal fucking faggot fucks

Re: Fuck Federal

You tell 'em, Boris!

Re: Fuck Federal

You tell 'em, you statist asshole!

You can't really collect anything anyway

You can't even get the URL that they are going to with HTTPS, just the IP address.

There's really nothing to worry about.

Re:You can't really collect anything anyway

[jpaine619]

You can't even get the URL that they are going to with HTTPS, just the IP address.

Bull fucking shit. Plenty of HTTPS sites are on multi site servers. In order for the server to present the proper SSL certificate it needs to know which site you want in the first fucking place.. i.e. it needs the initial request in the clear. You're either a goddamn liar or a total clueless fuckwit.. Take your pick..

Not as deep as your moms twat

And I would know, since I went deep in her

Re:Not as deep as your moms twat

I'd hardly call what your dick does "deep."

ISP default DNS requestlogs for 1... apk

See subject: For fav. sites you spend most time @? THIS stops it APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less.

Vs. "Bolt on 'MoAr' illogic-logic" slowing u hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploit!

* See subject: STALL IT via hosts.

APK

P.S.=> Protects vs. scripts/trackers (kernelmode faster vs. usermode slower NoScript vs. 3rd party script)/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware download/malcript/email malpayload

That damm trump!

How dare his FCC try to find out what ISPs are doing with customer data!

Investigation? Seems pretty clear...

[Arzaboa]

In my "agreement" with Comcast, it states that they own all of my information and may sell or give it to anyone they please if they call them a "partner". I've been told that I'm wrong about them being a monopoly and that we really do have a choice based on this map by the U.S. Government https://broadbandmap.fcc.gov/. The government says I'm in an area where there is no monopoly and that I can choose to not be monitored by this ISP. Maybe the investigation will help show that this is wrong?

If you look through these agreements, they basically say Comcast/Xfinity is responsible for nothing and they can share anything they want. The agreements protect xfinity/comcast from ever being in breach of any privacy agreement as they don't agree to be private about anything.

Here are the current privacy policies I found. .
https://www.xfinity.com/corporate/customers/policies/customerprivacy
https://www.xfinity.com/support/articles/comcast-web-services-terms-of-service-and-privacy-policy
https://www.xfinity.com/corporate/legal/privacystatement
https://www.xfinity.com/mobile/policies/privacy-policy
https://my.xfinity.com/privacy/

Here are some highlights:

They do not respect your request to not be tracked
Do Not Track Disclosure

The World Wide Web Consortium (W3C) established a process to develop a “Do Not Track” Standard. Comcast’s Websites do not currently respond to “Do Not Track” signals sent from browsers.

Information We Collect When You Use the Xfinity Mobile Service
They scan your mobile device for all installed applications and record that information. They record everything you do with those apps. They do this across all of your mobile devices, they and they share your data if THEY think it will provide you with more and better services

Comcast and third parties acting on Comcast’s behalf collect technical and service information from all Xfinity Mobile Service users, which we call “Usage Data.” Usage Data includes app usage information, equipment information, network performance and usage information, and location information. This includes information about your use of the Xfinity Mobile network, use of your device, and diagnostic data such as device performance, signal strength, dropped calls, data failures, battery strength, and network performance issues. This may also include information about what apps are on your device, the fact that an app has been used, and the length of time that an app has been running. Other information includes voice recordings or prints, reasons you give for contacting us, network traffic data, device identifiers, service options, and the number of devices you have purchased on our plans.

Users Outside of the United States GDPR? Hah We don't believe in those types of protections..

The Websites that link to this Privacy Policy are for users located in the United States. If you use the Websites from outside of the United States, then by providing any data to Comcast over the Websites or through another direct communication with Comcast, you understand and consent to the collection, use, processing, sharing, and disclosure of your personal data as described in this Privacy Policy. You also consent to the transfer of your personal data to the United States for this collection, use, processing, and disclosure. The European Commission has determined that the United States does not provide an adequate level of protection to personal data and it may not offer the same level of data protection as

Re: Investigation? Seems pretty clear...

[astrofurter]

+1 Informative

Another irrelevant APK spam post

Unless you're using an encrypted VPN tunnel your ISP is still able to sniff all your http traffic. They know where you're going even if you never perform DNS lookups.

They'll lie anyway

[Rick+Schumann]

They'll lie about it, the risk of being caught being small, since they can conceal it, and someone has to be looking for the ways they collect information. If and when they get caught they'll just say "Oops! We didn't even know we were doing that, sorry!" pay a small fine and continue on unabated, after firing the person(s) responsible for being so sloppy about covering their tracks, getting people to replace them who *can* cover their tracks better, and continue collecting the same information.

LOL! You mean DPI? Ok... apk

See subject: IF you become that level of a "person of interest" find another ISP. I offer 1 method of unquestionably working notrack @ the level I noted - it works, & that' all/that's that.

* HAVE YOU OFFERED BETTER YOURSELF OF YOUR OWN EFFORTS? No.

APK

P.S.=> I suggest you endeavor to do the same as I & Make a Wheel https://isc.sans.edu/forums/di... as I did giving users more speed/security/reliability & anonymity NATIVELY doing more for less vs. ANY single 'solution' via the best hosts file multiplatform:

APK Hosts File Engine 2.0++ 64-bit for Linux h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

APK Hosts File Engine 10++ SR-1 32/64-bit for Windows https://hosts-file.net/?s=Down...

APK

P.S.=> I BLOW U AWAY https://tech.slashdot.org/comm... + https://it.slashdot.org/commen... + https://yro.slashdot.org/comme...

Government that promises

... the FTC already has consumer protection rules in place ...

What can a government that promises you have no privacy, do? The government might punish the telecommunication players but only because Facebook and Twitter are the big players of destroying privacy: This is misdirection that tells sheeple the government is 'really concerned' while the government buys data from Facebook and Twitter.

Re: Government that promises

They also want to know precisely what is available for other branches of government to subpoena.

They Know that I Use a VPN

And not much else.

Re:ISP default DNS requestlogs for 1... apk

SOLD! Where do I sign up?

100% free download/no cost & works

See subject & the link I posted (remove spaces & download it) & you avoid DNS tracking/dns downed + kaminsky redirect flaw poisoning a good 99++% of ISP DNS are NOT patched against which is HIGHLY DANGEROUS NOW per:

US DHS issues DNS redirect is HUGE danger (not w/ hosts vs.) https://threatpost.com/gov-war... & ICANN ISSUES SAME WARNING https://tech.slashdot.org/stor...

APK

P.S.=> Enjoy more speed/safety/reliability & anonymity vs. DNS security issues + malware/botnets/ads/trackers/malicious email payload links etc. - et al, for FREE... apk

squeegy

They could allways contract with Hauwei to surreptitiously collect that data on equipment they purchased from them, and sell the data through them. Plausible deniability!