Linked by Thom Holwerda on Tue 9th Oct 2012 21:18 UTC
Privacy, Security, Encryption As it turns out, new Verizon customers (although there are reports existing customers are getting notified too) have 30 days to opt out of something really nasty: Verizon will sell your browsing history and location history to marketers. Apparently, AT&T does something similar. Doesn't matter what phone - iOS, Android, anything. Incredibly scummy and nasty. I quickly checked my own Dutch T-Mobile terms, and they don't seem to be doing this.
Thread beginning with comment 538167
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Wow...
by Alfman on Wed 10th Oct 2012 17:54 UTC in reply to "RE[6]: Wow..."
Alfman
Member since:
2011-01-28

Laurence,

"Encrypting your traffic would only hide the content of your traffic, but that data isn't really of interest anyway."

Really? The DPI contents reveals specific search terms, the videos you watch, etc. This is far more personal than knowing which IPs you've connected to. It's the difference between knowing you've connected to ebay, or knowing exactly which products you've been browsing (*).

* Not that I know what ATT & Verizon are actually doing with the data, but there's no doubt the URL/contents can reveal much more about you than the IPs do.


"However, what you can do is run a proxy (VPN, SSH tunnel or even just a straight up web proxy). At least then all of your traffic appears to be going to the same destination (the proxy) and thus their records of you are worthless."

Yes, onion routing tunnels like tor are probably the best defence against ISP tracking today & in the future.

http://www.torproject.org/

A side benefit is that it can be used to work around censorship as well.

Another thing to consider is that one's browser may be "leaky" regardless of the transport encryption. There is a chromium fork designed to strip out identifying bits from packets sent to google.

http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php

Reply Parent Score: 2

RE[8]: Wow...
by Laurence on Thu 11th Oct 2012 09:37 in reply to "RE[7]: Wow..."
Laurence Member since:
2007-03-26


Really? The DPI contents reveals specific search terms, the videos you watch, etc. This is far more personal than knowing which IPs you've connected to.

It's the difference between knowing you've connected to ebay, or knowing exactly which products you've been browsing (*).

* Not that I know what ATT & Verizon are actually doing with the data, but there's no doubt the URL/contents can reveal much more about you than the IPs do.

Ahh yes, good point. I forgot that URIs and query strings are sent in the HTTP headers *facepalm*


Another thing to consider is that one's browser may be "leaky" regardless of the transport encryption. There is a chromium fork designed to strip out identifying bits from packets sent to google.

http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php

Don't run Iron, it's a scam:
http://insanitybit.wordpress.com/2012/06/23/srware-iron-browser-a-r...

Reply Parent Score: 2

RE[9]: Wow...
by Alfman on Thu 11th Oct 2012 14:07 in reply to "RE[8]: Wow..."
Alfman Member since:
2011-01-28

Laurence,

"Don't run Iron, it's a scam:"

Your link made some valid points, however I feel it is overreaching to call it a scam, at worst it'd be FUD. If Iron does what it claims to do (stop the browser from phoning home), then it seems legitimate to me even if chrome could manually be configured in a similar manor.

I guess instead of creating a chrome fork, he could provide instructions to end users on how to disable the phone home mechanisms in mainline chrome, but it still might be more convenient to install a browser which isn't hard coded to call google by default in the first place.

I know when I install firefox, I go into about:config and strip out all references to google's web services, but what sucks is that this has to be repeated for each user account on the system. Once in a while I'll forget to do this for new accounts and the browser starts making unrequested connections to google. It would be better for me to have a firefox executable where defaults were not hardcoded to contact google.

Edit: I also install adblock, ghostery, etc, but it has to be repeated for each user/computer/etc... It would be useful to me if someone released a version with these configured as defaults. I could probably do it myself, but then it would be criticised as a scam ;)

Edited 2012-10-11 14:20 UTC

Reply Parent Score: 2