Linked by Thom Holwerda on Tue 9th Oct 2012 21:18 UTC
Privacy, Security, Encryption As it turns out, new Verizon customers (although there are reports existing customers are getting notified too) have 30 days to opt out of something really nasty: Verizon will sell your browsing history and location history to marketers. Apparently, AT&T does something similar. Doesn't matter what phone - iOS, Android, anything. Incredibly scummy and nasty. I quickly checked my own Dutch T-Mobile terms, and they don't seem to be doing this.
Thread beginning with comment 538021
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Wow...
by Alfman on Wed 10th Oct 2012 03:26 UTC in reply to "RE[4]: Wow..."
Alfman
Member since:
2011-01-28

Morgan,

"Once again, it comes down to how much you trust the service provider."

Voted you up...unless all your traffic is encrypted, you have to trust your ISP & it's partners.

I attempted to play devil's advocate and find some dirt on comcast, but I didn't find much recently; I did find this tidbit a decade ago however:

http://usatoday30.usatoday.com/life/cyber/tech/2002/02/13/comcast-p...

"Comcast, the nation's third-largest cable company, acknowledged this week that it is recording which Web pages each customer visits as part of a technology overhaul that it hopes will save money and speed up its network. The company said the move was not intended to infringe on privacy."

However amid political criticism, they've officially stopped tracking web requests.


There has been more recent criticism about comcast's use of DPI to block legit customer traffic, the feds intervened in that case, but it's arguable whether that fits under the classification of a "privacy" violation? It's kind of similar to having a mail man use some kind of xray to inspect the documents inside an envelope to determine the mail's priority. On the other hand, some people will argue the ISP should be entitled to shape traffic based on it's contents. My own view is that the ISP is to blame if they are over subscribing their service in the first place.

Reply Parent Score: 3

RE[6]: Wow...
by Laurence on Wed 10th Oct 2012 16:14 in reply to "RE[5]: Wow..."
Laurence Member since:
2007-03-26

unless all your traffic is encrypted, you have to trust your ISP & it's partners.

Encrypting your traffic would only hide the content of your traffic, but that data isn't really of interest anyway. It's who connected to where, when the connection was made and from where. You cannot encrypt that data as you have to go via your ISP / cell carrier.

However, what you can do is run a proxy (VPN, SSH tunnel or even just a straight up web proxy). At least then all of your traffic appears to be going to the same destination (the proxy) and thus their records of you are worthless.

Reply Parent Score: 2

RE[7]: Wow...
by Alfman on Wed 10th Oct 2012 17:54 in reply to "RE[6]: Wow..."
Alfman Member since:
2011-01-28

Laurence,

"Encrypting your traffic would only hide the content of your traffic, but that data isn't really of interest anyway."

Really? The DPI contents reveals specific search terms, the videos you watch, etc. This is far more personal than knowing which IPs you've connected to. It's the difference between knowing you've connected to ebay, or knowing exactly which products you've been browsing (*).

* Not that I know what ATT & Verizon are actually doing with the data, but there's no doubt the URL/contents can reveal much more about you than the IPs do.


"However, what you can do is run a proxy (VPN, SSH tunnel or even just a straight up web proxy). At least then all of your traffic appears to be going to the same destination (the proxy) and thus their records of you are worthless."

Yes, onion routing tunnels like tor are probably the best defence against ISP tracking today & in the future.

http://www.torproject.org/

A side benefit is that it can be used to work around censorship as well.

Another thing to consider is that one's browser may be "leaky" regardless of the transport encryption. There is a chromium fork designed to strip out identifying bits from packets sent to google.

http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php

Reply Parent Score: 2

RE[7]: Wow...
by JAlexoid on Thu 11th Oct 2012 08:21 in reply to "RE[6]: Wow..."
JAlexoid Member since:
2009-05-19

Nope. What you searched for and what pages you visited is also interesting. The fact that you connected to one of the servers of BBC falls under a lot of categories - news, sports, entertainment, weather and a lot more. Or take visiting any of Google's services - there is known difference only with regard to GMail, while most other services have been moved under the www.google.com domain(ex. https://www.google.com/calendar/ is indistinguishable from https://www.google.com/search?q=test)

Reply Parent Score: 2