Forgot your password?
typodupeerror
News Your Rights Online

Plans For Massive Web Tracking Via ISPs 122

Posted by michael
from the peeping-tom dept.
Lauren Weinstein, the moderator of the PRIVACY Forum, writes: "My latest issue of the PRIVACY Forum Digest, going out now, reveals Predictive Networks' plans for widespread Web Tracking via direct links to ISPs! Details are here. Thanks much." Pay ISPs for the ability to snoop on their customers, what a great idea. Dave Farber has a comment on Predictive Networks as well.
This discussion has been archived. No new comments can be posted.

Plans For Massive Web Tracking Via ISPs

Comments Filter:
  • by Anonymous Coward
    1.unless you are encrypting your traffic to the proxy, your ISP can just as easily track it.

    Like, duh. Well, sorta. Even using an unencrypted connection to a proxy will force the ISP to jump through a few extra hoops to figure out what you're up to. But you're right that this wouldn't make the problem effectively insoluble, as encryption would.

    2.till such use of proxies is widespread, it might be fairly easy to figure out: "oh, this is that guy Bill who used the proxy to buy the airline ticket."

    Not necessarily true, if the proxy is set up to do things like fetch unrequested pages (simply not returning them to any client) in addition to the requested ones. Other tactics are to (along with a few other users of the proxy) to set up a job on your machine that periodically requests something via the proxy, so that there's always a bit of traffic that makes it harder to distinguish what 'real' user requests are. Of course, all these thengs increase load on the proxy and thus slow down response, but if you really want privacy, you might be willing to pay the price.

  • by Anonymous Coward
    SWBell does NOT (yet, anyway, also no plans to do so in the foreseeable future either, but then you can never trust the PHBs) track/log its DSL customers' internet traffic. Hell, they can barely get the damn DSL gear to work properly in the first place. It'll even be quite a long while before they'll even have the ability to provide law enforcement warranted taps on DSL lines of customers who are suspects due to current lack of technical aptitude. You didn't hear this info from me. Got it?
  • My post got lost in a wormhole [slashdot.org]. Damn you, Taco... :)

    pb writes "Picture a world where information about your every move on Slashdot is all shipped off to many third parties, with the willing cooperation of your Internet Service Provider (ISP). Check out guru CmdrTaco's latest offering at Andover.net's Secret Labs on Predictive Networks plan to know everything you do... no book rights... no story moderation... just everything you do all the time."

    "He knows when you are sleeping, he knows when you're awake he knows when you've been trolling lots, so you'd better be good for goodness sake!"

    Does this strike anyone else as a little paranoid? First, "Internet Privacy" is a sick oxymoron. Second, there are technical solutions which can allow a user privacy regardless.

    And finally, if they *really* want to store all my web information, so be it. They will get sued, or pretty soon they won't be able to fit the (damn doubleclick.com) logs on their servers. And either way, I'll still be laughing at them.

    Heck, combine some technologies. Have a fake (alladvantage.com) web-browsing program that goes to wherever you want, just to confuse them, and a real (private) connection, cryptographically secure and all that jazz.
    ---
    pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
  • I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.



    Is that really true? VPNs are one of the best reasons to use a cable modem or DSL. If you only use it for "recreational" web browsing it's a bit of an extravagance to pay the prices that are charged by most providers.

  • 1-800-BE-A-GEEK an isp run by geeks

  • And your source for these rather serious allegations is...?
  • I think everybody from AuntTilliesQuiltingCircleDotOrg to the Mattel Hot Wheels site *except* Slashdot carried the story (though now that 2600 is involved, Taco&Co. have a take on it as well), but considering that Predictive Network is probably secretly telling the government to be nice to them because they can help with tracking down "mafiaboy" types, I don't see the above post as off-topic at all, and feel that the moderator in question could have found better use for that point elsewhere.
  • "...in mediums such as TV, ads are placed according to the demographics of the poeple who watch the show they air during. Same with radio I assume."

    Allow me to quickly point out that if you have more than one medium you have media, not mediums. That's why when newspapers, television, radio, etc. all get lumped together they're called the Media. Each one is a medium of communication. All of them taken together are communications media. Don't blame me, blame the guys who invented Latin. Or was it Greek?

    Anyway, you're right, the reason the Nightly News with Tom Brokaw runs a bunch of antacid and laxitive commercials, and the Saturday morning cartoons run toy ads, and the golf tournament broadcasts run Cadillac and Lincoln spots, is demographics.

    But that's still spending money to reach a bunch of people, of whom only some are the ones that you really want to reach. What if you could focus your advertising more tightly, or more locally or regionally?

    Say, for instance, there's a baseball game on WGN with a piece of fence behind the catcher that's actually got an ad saying "subscribe to The Chicago Tribune for great sports coverage every day". If you're sitting in the stands at the game in Chicago, or watching it over the air on WGN somewhere in the Chicago area, where you can get the Trib home delivered, that's the ad you see. But if you're watching on a cable system in the hometown of the opposing team (which is usually Atlanta, so that there's nothing to watch for a few hours on WGN *or* WTBS), then what if that piece of fence is displaying an ad for a business that's local to the visiting team's hometown? You're watching the same game as the guy in Chicago is, and you're watching it on WGN, but you've been more narrowly targeted than if they didn't know your geographic area.

    Or what about the time slots that your local cable company gets to fill? I see ads for local businesses even though I'm watching CNN, USA, TNT, whatever. What if your cable company sorts viewers out not just by city but according to neighborhoods, and you get the used car dealer's 30 second spot and the guy a few miles away in the house that cost 3 to 10 times what yours did sees a local Mercedes or Jaguar dealer's ad instead, even though you're both looking at "Fistfull of Dollars" on the same cable channel at the same time. Each car dealer just reached *his* target demographic without spending money advertising to the wrong viewer.

    It's not that technically difficult nowadays to show a different ad to a different cable company's subscribers; for the cable co. themselves to segregate by neighborhood might still be too expensive, and sorting you out from your neighbor so that she sees the J.C. Penny jewelry sale ad while you see the Red Lobster combo platter ad while both of you are individually watching "Frasier" or VH-1 or whatever is probably not in the cards for the immediate future.

    But that's television.

    Computers and the Internet, on the other hand, aren't as communal. It's not a case of watching whatever's on the local cable or in the local airwaves, it's ask for and be sent a web page that maybe nobody else in your town knows or cares about, but if there is an advertiser out there who already knows that you probably make enough money to buy his product, let's say outboard motor, for example, and that you subscribe to a fishing magazine, and that you've been looking at new boats on other web sites, and that you reported your old boat and motor stolen and filed a claim with your insurance company, then even though you've just downloaded a site about model railroading, he just might want to replace the generic ad for HO scale scenery or Pulse Width Modulation power supplies at the top of the page with an announcement about his latest remote start, low wake, fuel efficient 2 cylinder outboard (or whatever features would make an outboard attractive to buyers)on the version of the page that you see. If the model railroading site sells that ad space to a company that can find you in their database and match the info on you against client businesses, then it's just a matter of whether they have the computer power to do it cheaply enough for that outboard motor manufacturer to be willing to pay. If so, they've just bought some very tightly targeted advertising, without spending anything to advertise to a household that's not even home to watch the TV this weekend.

  • Are they planning on just tracking web usage or are they going to look at other things such as ftp and telnet?

    I wonder if they plan on contacting universities to ask for this data also?
  • Forbidden

    You don't have permission to access / on this server.
    --
  • Dude, anarchy won't work either.
    Anarchy is based on the same pretense as socialism, and we all know how well that one turned out in practice.

    That pretense is that man is not inherently greedy, and the success of capitalism shows how wrong this is.

    Yes, we need a revolution.
    No, anarchy isn't going to do it for us.
  • Greedy.

    Not evil.

    If man is inherently greedy, and has full freedom, then he will abuse that freedom, to satisfy the greed.

    I will put more faith in my fellow man, when my fellow man gives me a reason to do so.

  • Your outlined solution would result in the spam they send you being totally pointless.

    They still collect the data.

    They still sell that to companies (I presume, else they have no revenue generation).

    Your solution will only work if virtually everyone generated noise. That would mean that the return from the companies that purchase the data would drop, they stop buying it, and then they have no revenue - they stop.

    However, the same logic can be applied to banner ads. If there was a program available to to block banner adds, and people used it, then the advertisers would get no return, and thus they stop paying for useless ads.

    There is such a program - Junkbuster, or relatives. They've been around a while. But banner ads still exist. So, not enough people use it.

    If not enough people will use something that gets rid of an eyesore, why would they suddenly use a program to defeat something they can't see?

    In summary, a noise generating program will only give you a more diverse range of spam. It doesn't solve the problem.
    --
  • Err, it wouldn't be that tough for your ISP to carry out a man-in-the-middle attack. Since they effectively are already the man-in-the-middle. There are transparent proxies out there and it wouldn't be that major of a surprise to find that someone has done the work necessary to bluff an https connection.
  • umm..what good is changing your mac address ? they can still track you thru your dynamically assigned ip address (address assigned to your machine by their DHCP server). and anyway, most OSes allow you to change your MAC address..no biggie. try this in linux :
    ifconfig eth1 hw ether deadbeef0001
    (this needs do be done while the card is down for obvious reasons) now your card will answer all arp requests with DE:AD:BE:EF:00:01.
  • from someone running tcpdump at your ISP ?
    its evident that https and ssh sessions to machines dont/wont get sniffed by this system...as more and more web servers support https (specially with the impending expiry of RSA's patents) this sort of scheme will collapse completely.
    if you arent running ssh at least now...i sugggest you do so. i've seen packet sniffers running on most isps...whether the isp was aware of it or not is a whole different matter.
  • As long as you trust verisign, or any certificate signer for that matter, to not 'create a new revenue stream' by partnering with predictive and providing a verisign-signed forged 'proxied ssl' service. After all, you did send them your certificate to be signed.

    Granted it would be highly unethical to do such a thing, but thats never stopped a corporation with profit motive in the past.

    I'm amazed at the "if we don't do it someone else will" justification I hear more and more these days from business leaders defending their unsavory activities.
  • That's really starting to irritate me. When I buy an internet connection, I want an internet connection. Not some stupid web-browsing service that doesn't let me do anything else. It should be illegal to call something "Internet service" when you are restricted like that. "Web access" would be more appropriate.
    --------
    "I already have all the latest software."
  • Most of us probably thought immediately, as did I, "Well, the first thing I'll be doing is finding a server, ssh-ing a tunnel to it, and proxying through it."

    Then I read the comments. We can't be expected to have to do this, as one person wrote, and what about those that don't? We shouldn't have to be geeks to have privacy.

    I read a little on the Predictive Networks site [predictivenetworks.com], particularly an article acclaiming this as the best new form of advertisement since sliced bread. Their arguing point is that as the world stands, using newer technologies (the author seemed to be rambling something about voice recognition...whatever), anyone can ignore commercials. This is true. My VCR has something called 'Commercial advance (credits where due, I think this is trademarked)', whereby recorded programs are scanned and marked for commercials, and when you play the tape, commercials are skipped over. Furthermore, we can scan out banner ads using GPL'd filtering proxies.

    However, I don't think this is justification for targetted privacy invading advertisement. The two points I think the author, and, in fact, the entire company, is overlooking is that no one wants to be advertised to, and no one has a god given right to advertise.

    First things first, as the author of the originally linked article in slashdot mentioned, how about ASKING the `subscribers' what advertising they'd like to view? The answer is, of course, that everyone knows that no one will want any... so they just go around our backs.

    But my final point, and what the author of the article on Predictive Networks (the very name runs chills down my spine) seemed to overlook is that no one has any `right' to advertise, and no one enjoys it. The only advertising currently allowed is shotgun-approach advertising: globally broadcast television and radio commercials, and randomly alternating ads. I'm sure no one minds, or even notices, ads like the one that appears on this very site, it's what keeps it running, and everyone knows that. My argument is that this should be all that's allowed. No one can find out what you're watching on television, and when anayone tries to, they're quickly snuffed out by privacy advocates. The same should go for the internet. There's no difference. We pay for cable tv access, but we don't pay to keep the shows running, they're paid by advertisers (or they are advertisers, i.e. informercials). The internet operates the same way: we pay for bandwidth and equipment, the sites pay to send to us, and they sponser how the want. No one wants to be profiled and forcefed advertisement that someone deems we'd like (I can just imagine how this'd be abused), and before now, no one's been allowed to.
  • by Spyky (58290)
    Police scanners, radio shielding, encryption devices, all for the truly paranoid :-)

    Spyky
  • Personally I don't think it makes sense for ISPs to do it, because, regardless of the amount of money they are paid, even the most ignorant customers will be -very- upset if they find out. I work tech support at an ISP, and I can tell you, these people get pissed over much smaller things than that.

    That sounds fine, but in large companies, the people who make decisions about marking approaches don't care about the feedback they get from customers. If they did, there would be no telemarketers.
  • It's not that hard to create summary report scripts that gather the information from your "matrix-like" mail info screen and put it into human readable form.
  • I'd put my vote in for Freedom by Zero-Knowledge http://www.freedom.net rather than a proxy or iDecide. This whole idea is really disgusting. If enough ISPs get on board, people won't have a choice and will have to take their own precautions. Privacy is an infrastructure issue. We need to build it into every new standard and protocol.
  • SWBell Internet is not regulated because it is not a telephone company. They run as an entirely seperate company owned by SBC.
  • You don't need to read the raw logs. Think about it... do you read your raw web logs or do you put them through an analyzer?
  • Sure, this in concept sounds a little scary. As intimidating as that privacy article is, the truth is that this probably won't be much of a problem. Usually when there is a large revolutionary technology, which plans to change the whole industry, it fails. A perfect example is Iridium. It was a perfect concept, yet it failed. Why? Because they set their sights too high. "Success come to those who are too busy to think about it." People who work very hard, but do not necesarily try to change the world, are the ones who are succesful. This goes for businesses, and technologies, such as the Predictive network.

    The Predictive Network is trying to solve the problem of advertising. This, although, I predict, will not happen.

    I've heard of IPV6, SDMI, and other Orwellian scenarios, yet, I have a dynamic IP, and mp3 is a household name.
  • Hi all,

    I have read some of the post under this article and understand the monetary reasons for people to want targeted advertising, but I still just don't get it. Personally, I don't want targeted adds. I could care less about them and I bet most consumers could too. Here is my reasoning:

    I am into computers. I have a development job, I have computers at home, etc. I look at sites at sites like Slashdot, Bluesnews, Linux Today, etc. When I go to those sites, I expect to see ads that have to do with computers and technology. When I visit CNN and ABCnews I expect to see news related ads. The list goes on.

    My point is that in mediums such as TV, ads are placed according to the demographics of the poeple who watch the show they air during. Same with radio I assume. Why then does the net not just work like this? Really, do I want every single banner ad a I see to be for computer related crap? Even Slashdot readers want to see something else sometimes! Does anyone else agree with this, or am I just cukoo?

    The other thing that pops into my head about this whole issue is libraries. Libraries aren't allowed to keep track of who viewed what. Why can web businesses? It's all ridiculous.

    This is all because people are mis-educated (not _under_educated), but that's a whole other topic.

    -FoodMike

  • by palp (90815)
    This is just plain bad. I don't want my ISP selling where I go to.. I think if ISPs start implementing this the smart people will switch to an ISP that doesn't.
  • Feedback; no. Cancellations, yes. If the general public is convinced to find an ISP that doesn't monitor them, I have a feeling a lot of ISPs would think twice about monitoring.
  • by palp (90815)
    Yeah, that would be nice. But why would the ISP decide to give you money when they could keep it for themselves? Something like AllAdvantage has a buisness model based around giving money to the customer; that's the service they provide - cash for surfing. An ISP is already providing you a product - internet access. They don't need to give you money to keep you using them, unlike pay-to-surf type buisnesses.
  • I would think (and hope) that something like that would have to be in the user agreement. And if you called up your ISP and asked, they had better not tell you no if they are doing it. However, it's rather impropable to check every week or something, and there's really no way to know if they don't post something on their homepage.
    The best possibile scenerio (short of it not happening) is this:
    Someones ISP starts doing this, and doesn't notify anyone, doesn't modify its user agreement, doesn't post anything anywhere about it. That person finds out, and takes it to court, or something of that nature, and a precident is set _requiring_ ISPs to notify users, with at the very least a post on their website, that they are selling their browsing history, and, hopefully, allow them to opt out of that.
    Personally I don't think it makes sense for ISPs to do it, because, regardless of the amount of money they are paid, even the most ignorant customers will be -very- upset if they find out. I work tech support at an ISP, and I can tell you, these people get pissed over much smaller things than that. So the best thing we can do, if this does come to pass, is make as much noise as possibile about it.. Get it featured on TV, radio, all over the web.. wherever we can. The more publicity, the more likely the average Joe Shmoe will wonder if he's being monitored.
  • I can back you up on the getting upset over silly things part. I had to explain to a user for 10 minutes what exactly the "you are entering an insecure area" box meant, and that noone was going to remotely bamboozle her computer. These are folks who may not know the address to yahoo.com, yet they know that they don't want their name anywhere in their email address. The same folks who call up and need to have their browser history cleared because the wife is home in ten minutes...Anything that sounds like a privacy invasion is bound to get them riled up, especially this.

    That is, only if it gets picked up by the mainstream press, because joe-aol-keyword=jugs isn't going to read /. to find it out.

    unrelated note, Palp, I was going to check-see if you worked for the same ISP I do but couldn't...may wanna check your permissions on your page.
  • Most of us are focussing on the bad points on this. (It is bad!)

    Picture this giant billboard for one of your local ISPs: "We do not track your internet activity. Only our competitors do that!". Bingo bango, that will stir up a lot of shit, and my guess is that all but the big AOL, Sprint, etc will opt for *not* tracking because the bad smelling PR is too dangerous for them.

    It is a good marketing tool for the ISPs that DON'T use tracking.

    Then again, what do i know?

  • The corresponding Digital Silhouette will be emailed back to the subscriber within approximately ten business days. Subscriber should note that by emailing Predictive Networks, they may be "identifying" themselves to the Company.

    So finally there's a company that doesn't treat me as just a number, but recognises my individuality. They make you a real 'Digital Silhouette' free of charge and everybody is getting upset. Why is this? I say: request your Silhouette (tm) so they'll know who you are and be an individual too!
  • by bla (96124)

    The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit

    so, what happens if (like probably many people here) the url data they get from you is full of sites like /. or the EFF or the PRIVACY forum, etc. how do you target marketing to someone who is clearly interested sites that argue against targeted marketing?

  • by niekze (96793)
    will the fun ever stop?
    I guess if this happens encryption will be that much more important.
  • by niekze (96793)
    Thats half the point. Sys-admins need to implement sshd and such. You can find ssh clients for pretty much any OS you can find. ssh daemons are available for any *nix system i can think of. The only system i know of that doesn't have ssh is the stupid VMS cluster at my university. Hopefully things like this will increase public awareness of security, encryption, and privacy. Now if i can find a "trusted" certificate signer that doesn't charge a 3 or 4 digit sum for a digital certificate. I can sign it myself, but browers fart with all that warning crap about not a trusted certificate. =(
  • by niekze (96793)
    well obviously https:
    but you could also tunnel requests through somewhere else with ipsec. not an easy task though. But it looks better than having my web activity logged. you can't be an anonymous coward otherwise. =) The internet is outdated in terms of its capability. E-mail security is a joke and people still use telnet. damn i love encryption.
  • #1 let your ISP know NOW that if they deal with this company you will walk...
    My ISP (Best Internet, now a division of Verio) couldn't care less if I walked, or, for that matter, if everyone with a shell account walked. They'd probably be glad they could shut down the shell machines.
  • #2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
    I prefer to use Junkbuster Proxy [junkbusters.com] and block all cookies except those I specifically authorize.
  • Your analysis agrees with mine. And in the meantime, what I've been doing is going to the PN website five times a day and submitting eloquent commentary using various freemail spam accounts as a return addresses. Samples: 1) Predictive Networks: Bad technology. Bad attitude. Bad motive. Bad consequences. Bad People. 2) To whatever human person may be reading this note: I'm going to bed now. Would you please give our older brother a kiss goodnight for me? 3)Fuck you. Childish, sure, like shooting spitballs at the Deathstar. But who knows? "Lotus Marketplace" was cancelled after the big stink, and this looks a lot worse than that. N.A.
  • Up until now large scale dos attacks have been directed at random targets. With the exception of the one that targeted the RIAA recently. I think that targeted dos attacks against people that support this type of thing would be very effective in gettiing our peoples opinion expressed. Instead of one person using a distributed dos attack we could all get together and do it intentionally. That wouldn't be illegal all we have to do is set up a program that reloads the targets website continously. We would also need a large number of people willing to participate. This would be similiar to an intentional and legal slashdot effect. The electronic equivilent to a sit in or demonstration. Posted anonymously for obvious reasons.
  • Heh. His definition of "best customers" is "those with the most money". Tells you how valued you are as an individual by these people, doesn't it?

    I only looked at the first few paragraphs, but the gist I got was that since people don't want to deal with advertising and will soon gain the tools to ignore it, advertisers will have to find new ways to claw for our mindshare. Honestly... If advertising wasn't such an annoying phenomenon in the first place, we wouldn't fight as hard as we do to get away from it. Personally, I don't think any advertiser could ever succeed in targetting me with a message that I'm interested in seeing, no matter how much personal information they gather or how closely they monitor my every move. If I need something, I can easily find out where to get it. What I don't need is to be told that I need something, which is the whole point behind advertising these days. I can decide for myself what I need and what I don't, thank you...

    Oh well... Got off on a rant there myself. I'd rather see advertising eliminated entirely, with products competing on their own merits instead of flashy gimmicks. But since that approach works on the sheeple, I don't think we'll ever see it.


    --Fesh

  • Use encryption to a vendor such as anonymonizer (spelling?) which will decrypt and send. So now all the ISP sees is the encrypted flow from you to anonymonizer. You have a contract with anon. that they WILL not send your information to anybody or log it in any way. This would be a standard business contract so that if anon. violates it, they get sued.
  • Might work - you generate trash searchs, visit the sites found, and get junk Email. Fine, tell `m you've no interest in their junk.

    Perhaps better, set up the `bot to have "personalities", and send replies explaining that your 85 year old aunt was visiting and search for lavender soup and ping-pong balls, and your 11 year old daughter was searching for [current-preteen-music-idol] and body piercing; then tell them that you've no interest in those products/services, stop annoying you. In the case of your "daughter" tell them if they don't go away you'll site the child protection cops on them.

    The purpose would be to both fuzz out your own traffic, and to generate a lot of spurious hits for the people _paying_ PN for the "leads". Those businesses are spending money with the hopes of getting sales; clear feedback that it's not working and is annoying potential customers just might cause them to drop PN.

    And don't forget to write on _paper_ to any company that sends unsolicited email and has an actual mailbox. Most companies treat one letter as representing 100s or 1000s of real world consumers that didn't write.

  • Well I havn't read the specs yet, seems the site is slashdotted, I would think this would a dumb idea for an ISP. Almost everyone believes their privacy is important. Just look at how DoubleClick's stock dropped at the announcment of their new practices. So an ISP might agree to sign up for this. Enough customers would switch to another ISP that isn't violating their privacy. It could even be a "feature" in the ads of that non-participating ISP. The only real problem would be finding out if your current ISP is going to participate or not. I would hope they would tell the truth if asked, but you never know when dealing with greed.

  • Dude, it's Mr Bill "knowledge is power" Gates....
  • There are a number of problems with the Data Protection Act.

    Firstly, to sign up with the ISP, you have given them name, address, date of birth and probably your phone number, as condition of using them.

    Since most of them require your e-mail address and password when you sign on, they effectively have, via their logs, who you are, demographics (unless you lied), phone number (because you are phoning them) and everywhere you went. All of this is quite legitimate within the terms of the Data Protection Act. Indeed, under the Regulation of Investigtory Powers Act, it will probably become mandatory.

    The trick is to check the Data Protection registration of the ISP. If they are not registered to use this data for marketing purposes, you have them by the short and curlies. You can search for this on the Data Protection Registrar web site [dpr.gov.uk]. For instance, here is the registration made by the UKs favourite ISP, Freeserve [dpr.gov.uk]. Note the first purpose is marketing to individuals. I also saw an article in Computing magazine [vnunet.com] where Freeserve stated that they intend to do exactly that.

    Note on the Freeserve new user registration page [fsmail.net], you have the normal 'opt out' boxes (jury is out on their legality in the UK AFAIK). It mentions 'Terms and Conditions' too, but this link doesn't work (ha ha ha ROFL). When it works, I bet it mentions that the data they collect will be processed in accordance with the Data Protection Act.

    In short, I don't believe that the Data Protection Act will offer much of a defence to ISPs using their logs to market at you, as you will have to give them this right under the Data Protection Act when you sign up with them in the first place.

  • When I perform my coup and topple this useless government (and replace it with my dictatorial regime, ala Stalin), Predictive networks will be at the top of my payrolls!. Imagine how easy it will be for my NKVD to track dissidents, I'll be able to eliminate all of my rivals in months rather than years of great purges! This will mean a shorter gestation time for my revolutionary armies to march all over the face of the earth (mainly to France, I must conquer France). Since everything is or will be running on IP anyway, the dissidents will be forced to communicate by conventional mail to coordinate their attacks. Alas, the final piece is in place! Viva Napoleon!
  • Mind posting a link; this sounds intresting.

    I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.

  • Yeah, but they'd have to forge a site certificate too. Browsers come with a certificate to make sure the site certificates are legimate for the site. So when you https to Ebay, you know its really Ebay. What you are saying is possible, but extremely difficult. Perhaps the NSA could do it, but unlikely anyone else. (assuming 128 bit or better encryption, 40 bit is child's play, but even that can't be real time cracked as far as I know). For them to get at the actual data (decrypted) they have to make your browser think they are the actual site. That is (extremely) hard. For them to simply pass encrypted data back and forth transparently is easy. No data (no URL level info) but they'd know source and destination IP's (which they can get anyway by packet sniffing).
  • They also got his dad........they were tapping the families phone and discovered that his father was plotting with a hitman to "harm" a bussiness partner.........

  • Hear, Hear!

    While having X amount of /.'ers hit them with sugar and spice is not going to make them change their mind, (I'd love to be in the board meeting for that. "The people say they don't want our ads. Maybe we should close up shop." Yeah, right) but if we all tell them politely that we're not going to do business with their partners, and we're going to talk to our congress people about legislating them out of business, then they may start to figure out another way to blow their investor's money away.

    Most of us here are geeks/nerds/whathaveyou, but those of us who are over 18 and in the US can vote. If you've registered to do so, then send a nice piece of email to your congress people and tell them you'd like your privacy protected on the Internet.

    The "real world" is coming in after us, people. It's time we use the tools that are available to us to keep them where we want them. So we have to play with the politicos. But we have to play with them nice and professionally.

    Use a spell checker. Clear your grammar with your English major/grad buddy. Remove those swear words. Don't be a jerk. They're not going to listen to you otherwise, and they'll do whatever they want with their business plans or introduced legislation, or God help us, voter initiatives.

    Excessive Use of the <B> tag used in place of a Clue-by-Four unavailable via HTTP. :)

  • Here is a question. Havent seen it yet in the threads, but it says in the article that they are massively funded. Who in their right mind, with enough money to make a difference would pay for this? And who has the funding to make it profitable for just about every major ISP to want to hop on?

    Any Takers?

  • by Anonymous Coward
    Check out Foveon at http://www.foveon.com/.
  • by Anonymous Coward
    Crowds is a project which allows people to use other people who use a crowds server as a proxy. When a crowds server receives a request, it randomly choses between forwarding it to the destination or to another crowds proxy.

    Unfortunately, the crowds code seems to be restricted to people in the US only
  • by Anonymous Coward
    #1 let your ISP know NOW that if they deal with this company you will walk...
    #2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
    #3 Lets ALL drop by and express our opinions of their policies and goals, in a professional manner of course :)
    #4 BONUS...surf from Solaris where you can change your MAC address on the FLY...Track this !!!!

    I don't ask for much but I insist on ME!!!!
  • by Anonymous Coward
    set up a script that browses nothing but Power Puff girl web sites. Go Buttercup, Bubbles, and Blossom!

    Image what 2000 hits a day to those sights will do to my "digital sihloutte"
  • Yeah, I'd change ISPs in an instant if I knew they were monitoring me like this.

    How would I know though? My ISP sends me a bill every month, and I pay it. My scripts dial a number and I get connected to the internet. I have no further communication with them. How would I know if they decide to sell data on where I was surfing? Who would tell me?

    Remember, a number of folks will find a new ISP if they start selling data, so it is to their advantage to make sure I never find out.

  • There is a trend toward 10.* addresses in cable modem situations. IPSEC cannot always tunnel through this situation.

    If you can telnet, you can set up a VPN (using ssh and pppd).

  • Stereotypically YRO, it seems as though none of you have taken any business classes and have no idea how things like "supply and demand" work.

    If a company does not have the trust of its customers, the company will die. (For those that will undoubtedly mention Microsoft, remember that people like us make up a tiny fraction of Microsoft's customer base.)

    If all ISP's were to suddenly decide that it would be really neat if all of their customers could be tracked, there would suddenly be a HUGE market for ISP's that did no such tracking. There would be no shortage of alternatives for customers leaving these ISP's in droves.

    It was mentioned that ISP's could possibly offer two account classes, one that was tracked and would be possibly cheaper than one that wasn't. There was further speculation that the un-monitored version could possibly be more expensive than average accounts are today, in an effort to force people to subscribe to the tracked accounts.

    Am I the only one that just doesn't understand why ISP's would collectively do this? Why hike rates for no apparent reason, especially when competitors aren't doing the same? If you really think all of the ISP's in the country would get together and agree to raise rates in an effort to force everyone to subscribe to accounts that track their browsing habits, you're talking conspiracy theories again. (Also stereotypical YRO.)

    Try to think about this logically, folks.
  • Regardless, this will never happen.

    Companies just don't turn "evil" and start tracking all of their customers and deliberately and openly invade their privacy like this. Shady companies have appeared and tried to gradually do this, and there are other companies that make it their business to give you something for free in exchange for this type of concession, but you don't have Internet providers just going rogue like this.

    It doesn't make any sense.

    If your cable modem provider is doing evil things like this, and you have no other alternatives (DSL?), then write them a letter. Write your city or state a letter. Make change.

    I just wish all of this wild speculation about how all of the companies in the world are just going to rise up and start invading everyone's privacy would stop. There is zero reason to think these companies will step up and start doing all of these evil things.

    All I'm trying to say is THINK ABOUT IT. Everyone seems too eager to equate "technologically possible" with "going to happen".
  • YRO does suck. It's filled with paranoid conspiracy theorists. Count up all of the theories and speculations that have appeared in YRO and follow up on them. How many of these things have actually come to pass?

    If people would just think about things logically and rationally and stop the wild speculation and jumping on respective bandwagons, YRO threads could be SO much more productive. Everyone is too eager to assume that just because something is possible, or one company said something and had their words twisted so that it hinted that something was possible, that automatically they and all of the companies you do business with are going to rise up and start invading your privacy and selling your dirty secrets. This is just stupid.

    And I never ever recall saying anything that indicated 'privacy is for criminals.' Perhaps you're confusing me with somebody else? "Go back to watching TV?" I assume by that you're trying to say that my intention is to placate people? That I want people to just quietly go along with what's happening in the world? If that's the case, then perhaps you've never read any of my comments. All I'm trying to do is inject some rationality into this discussion. All we keep seeing are conspiracy theories and wild speculation that NEVER COME TO PASS. People are too busy saying, "Look out! The evil companies are banding together again to steal our dirty secrets and invade our privacy!" that they don't realize that every time they've said this in the past it's never come to pass. I don't know if they think that they're actually making a difference with these speculations or what.

    All I want people to do is think about things rationally. Look at this from the company's point of view. What do they stand to gain? Will they lose customers? Will they break any laws? Does this new company image help them?

    Generally, answers are "not a lot", "yes -- they'll lose quite a lot" and "arguably."

    Rarely do these offset the gains, so it makes ZERO sense for companies to indulge in the behavior people are speculating about. THINK ABOUT IT.
  • by jd (1658)
    First off, this scheme will only affect the clueless. Anyone in the know can (and probably does) use proxy servers, making it impossible for ISPs to track you.

    Secondly, the sheer volume of information they'll need to process will be overwhelming, which means they'll only be able to process the "highlights". It should be easy enough to inject enough decoy communications to render the system effectively useless.

    Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

    Lastly, each time I see a duplicated topic, it always reminds me of Kryten, off Red Dwarf, for some strange reason. :)

  • by jd (1658)
    You've clearly never been to Europe. There are proxy FTP, Gopher and Web servers covering most of the continent and some of the outlying islands such as the United Kingdom.

    I'd say being able to randomly connect with any one of a couple of hundred proxies, in each request, for free, using an SSL connection to hide the real destination, would make it impossible for ISPs, =HOWEVER= advanced their technology, to monitor where you are going.

    Secondly, yes, a tunnel needs two end-points. Take your pick - the 6bone has several hundred participants, including at least one tunnel on request service. For free, might I add. With 3DES encrypted IPSec, for those wanting encryption.

    If people want to know if you have been to a specific place, ngrep won't help. You can only parse a live transaction log at the speed the software will run, which is likely to be slower than the maximum throughput of N broadband lines.

    By using one of the national or international caching systems, such as the one JANet has, the transactions are going to be much harder to identify. You can't simply operate on a given field in the packet, and trust that that will have the right data.

    By using the 6-bone, things get worse. AAAA-type records are not known to be nice to software expecting nice, simple A-type ones.

    It doesn't help, though, knowing that you're connected to the 6-bone. There are plenty of proxies which allow traffic to cross between IPv4 and IPv6 - SOCKS does this. This means that you can be connected to a local 6bone proxy, and then to a 4/6bone cache the other side of the continent. The ISP will have no means of knowing where you're going.

    Privacy is never going to be for the "clueless". Nor, IMHO, should it be. That's not because of any "deserving", or "merit", but because if it's not a priority for someone, nobody made me God to tell them it should be. Nor is it within my right to foist what =I= perceive to be a good thing on such a person.

    My rights start and end with me. I have no rights beyond me - anything else, gifted by law or society is just that. A gift, given voluntarily, which can be accepted or refused. But NOWHERE is it given that I have any rights or power over any other person. They, too, have rights that start and end with them.

    If those people CHOOSE to put security as a low priority, that is THEIR choice to make, not mine, and woe betide any who decides they know better. That way lies dictatorship and detruction. I am not the world's greatest Baseball player. Nor is there any law which dictates I should be. That does not give you, or anyone else, any right to impose Baseball on me, in any way, shape or form. I've made my choice, and it's your tough luck if you don't like it.

    If Fred Bloggs, down the road, chooses to allow their ISP to monitor all their web usage, that too is their choice. My beliefs concerning privacy and security are irrelevent. Their choice is THEIRS. If Fred Bloggs =wanted= to be a Guru on network security, you know what? They would be. If they aren't, and don't wish to be, I have no right to impose that upon them.

  • Here's the deal:

    If man is inherently good, then anarchy is possible because people can regulate their own day-to-day activities without authority.

    If man is inherently evil, then anarchy is necessary, because then nobody can be trusted to be in a position of power.

    State socialism didn't work, but what about council communism, which was very anarchistic until the Bolsheviks took over the councils? What about primitive cultures, which basically existed on very anarchistic principles?

    Don't put so little faith in your fellow people. It's power that corrupts, so eliminate positions of power and authority, and then we can see where we can go from there.

    Michael Chisari
    mchisari@usa.net
  • I don't think it's the smart people they are targeting.
    :)

    Finkployd

  • by Rupert (28001)
    Faced with the choice between a PN ISP and a non-PN ISP, I know which most of use here would choose. However, it may not be easy to find out whether your ISP is in the Predictive Network or not, or the non-PN ISPs may be much more expensive.

    The solution is noise. Code up a browser-bot (GPLed, of course) that randomly surfs the web while you're not (you don't want to interfere with your real browsing). Be careful you don't cross the arbitrary line of "excessive use"! Feed it some biases, or search terms from time to time, and watch as you get bombarded with spam from www.armadillofancier.com.
  • Problem is most people only talk privacy, but will still sign up for a free internet account, willingly subjecting themselves to this level of oversight, and more. The free-ISP I used to work for is working very hard to log as much as possible, of traffic sent, including url's and search keywords. Your account setup process may be "anonymous", but sooner or later, if you use a free-isp, and you fill in a web-form, they are going to have identifiable personal data, stored in their DB, and available to almost anyone within the company. How long before some curious hackers start paying attention to db-security flaws and start sharing this wonderful data?
  • From Predictive Networks product information page [predictivenetworks.com]:

    [The Internet is] big, it's unorganized, and its users are simply unable to wade through it all to find interesting information that satisfies their needs.

    I don't know what warped dimension these guys are living in, but I find ads to be the least interesting thing on the Internet. And my information needs rarely have anything to do with purchasing products or services.

    Until now, the only way reach end-users through all that clutter has been to bombard them with banner ads. And, as today's declining click-through rates show, this approach got old fast.

    Again they assume advertising messages are more important to people than the actual content of web pages. All that stuff is just "clutter". And banner ads are "old" because people find them annoying. Targeting them won't make them any less so. A telemarketer who interupts my dinner trying to sell me something I might be interested in is no less irksome than one with a product I don't care about.

    We have developed a revolutionary infrastructure-based content delivery platform that enhances users' online Internet experience by delivering highly personalized, custom-tailored information right to their desktops.

    What information? And how will it appear on my screen? Are random web pages going to pop up in my browser that they think I might be interested in?

    More likely "information" is their euphemism for ads. So how are these going to appear on my computer? When I read Slashdot, will they be substituting their ads for the ones Andover puts on the pages? Or will there be boxes popping up on my screen flashing ads and disrupting what I am trying to read? Will my ISP insist that I must use their specially customized version of Netscape 6.5 with a special window to dispay the content they think I ought to be reading?

    It all sounds like a marketers wet dream to track all the interests of individuals in order to target the ads, but I am unable to see how they are going to deliver them. Substituting ads on a page would upset site owners who would probably sue. Pop ups will annoy subscribers and probably lose business for the ISPs. Special browsers with ad windows are already in use by "free" ISPs; why would anyone want to pay even a "discounted" rate for same thing they can get for free?

    "Content providers, such as advertising organizations, can harness the power of the Internet to send highly-targeted, rich media messages directly to the audiences they desire."

    The language of this statement makes want to puke (advertising = "rich media messages" ??!!) These people are so out of touch with real life and real people it is quite scary. There is no way I would want people like this to be tracking my private online activities.

  • Couldn't this be circumvented by a simple wire encryption protocol like SSL or something? Or are they actually sniffing packet destinations, etc? I can see web sites with logos proclaiming "Secure Anonymity Site". I would certainly avoid sites which would allow snooping of traffic and move to the more "secure" sites. But then again it is business itself that is doing this. Also, not everybody has an SSL capable browser or server.
  • by Spyky (58290)
    It doesn't matter if you encrypt your data. The point is they know where you are going. It doesn't mean just porn either, though I'm sure you'd prefer to not be in some company's database as a daily visitor to reallyillegalvirginteens.com. It also allows them to track what political sites you go to, if you've been researching homeade explosives, if you like to purchase chinese torture implements on ebay, what stocks you look up at cnnfn.com. Who knows, whatever you are into from weird to normal, private or not, if you go to a website about it, it will appear in some companies database.

    The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit. And tracking you online is just one quick partnership with your ISP away. Then they have an address, a phone number, a credit card number, and a comprehensive database of everything you view online.

    Scary ain't it?

    Spyky
  • That campaign shook up quite a stink in the netherlands. competing ISPs tried suing. They lost. The truth hurts. Although this campaign was mostly targeted against the 'free' ISPs

    //rdj
  • If man is inherently good...
    If man is inherently evil...

    Hmm... how about none of the above? There is no such thing as "man", a creature which always has the same characteristics. Some people are good. Some people are greedy. Some people are evil. Some people are good, but for some unfathomable reason like mayonnaise.

    Humans are not identical. Not everyone can regulate their own activities. Some can be trusted in positions of power. Anarchy might work with robots; it doesn't work with humans.
  • Come on people.. This is hoax type material. I work for an ISP. Our mail log looks like one of those screens from the Matrix. Nobody is spying on you. Really.

    There are a lot of moral, legal, and technical reasons why this is not the case. I don't know about this Predictive Network stuff, but it sounds like a hoax being brought on by l33t h4x0rs.

  • Couldn't you just do all your web browsing through someting like that anonymizer service? not convienient. but a viable solution?

  • I'm especially scared of this kind of censorship.

    The TV media censors conservative viewpoints off the airwaves, especially if it is the viewpoint of someone who isn't a raving racist nut and making us look bad.

    They shut the conservative viewpoint completely out in colleges, too.

    IMO it isn't suddenly cool when AOL just flat out filters out the Democratic National Committee website, and escalates the destruction of productive political dialogue to a new level.

    I hope when I turn on the Larry Elder or Rush Limbaugh show, they've got something negative to say about this...

    ========================
    63,000 bugs in the code, 63,000 bugs,
    ya get 1 whacked with a service pack,
  • Very funny, and on-topic.

    Keep it up!

  • Though the article concerns itself with commercial interests motivating this kind of tracking, and I acknowledge that Uncle Moneybags is more likely to strip away our last illusions of privacy than Big Brother, I think it important to point out that this is the logical result of massive DoS attacks as well as targeted cracks.

    The Infospace is fundamentally vulnerable, and the more we come to depend on it for vital activities the more that vulnerability becomes a threat to which the citizenry demands a response. The day that Yahoo, Ebay and friends went down, everyone heard the "shot heard round the world" that was the hope of privacy and anonymity on the Internet summoning upon itself the attacks of every government.

    It was inevitable. Given the ease with which any 15-year-old script kiddie can disrupt the resources of others, imagine the damage that could be caused by a determined and professional team of terrorists, extortionists and thieves.

    No, I don't believe in security through obscurity, so what I see right now is a race - can we make the web secure through technology, or will it become the stomping ground of manditory constant government surveillance?

    Under the plan in the article there is an opt-out potential - pay more to use an ISP that doesn't pimp out its users. Somehow I don't think the NSA has such an opt-out provision in Echelon, much less on the internet.
  • The site makes no mention of how multiple users on the same computer might be handled. Wouldn't shared usage spoil their profiles?

    And since their tracking relies on an "anonymous" number...what would happen if all of us were to use the same number? (My impression is that the number is somehow incorporated into the client software....shouldn't be too hard to change it. ;)

    Behold, the reading habits of one huge entity named Slashdot!

    -- WhiskeyJack

  • Yeah! OOG rules!

    I say that Slashdot should change their program to give OOG a (5: Funny) by default.

  • Hello All. How many of you are from London? I'm from the states and visited the city recently. I was amazed at the sheer amount of cctv cameras on street corners, in the tube, shops, even in fscking pubs! It really got me thinking. At the company where I work, we have no less than 16 cctv cameras monitoring our entire workforce, and the area surrounding our building. Almost every other company in this area does the same. Credit card company's monitor how much we spend, what stores we spend it at. They even monitor our movements. The same situation exists with our fun to use debit cards. Companies like DoubleClick already monitor most of the less technically savy. Companies buy & sell our online habits all the time. Someone posted above that it isn't big brother that is going to take our privacy away, but mr. moneybags. That person was correct. Except that they (yes, *them*) have already done it. Our privacy has been slowly and anonymously chipped away since the end of world war two. I hate to say it but I suspect that this battle was lost long ago, without anyone noticing. This time the revolution *was not* televised.
  • OOG HATE THOUGHT OF BEING TRACKED BY ISP!!! OOG NO WANT ISP SELLING OOGS RECORDS!!! OOG LIKE VISIT PR0N SITES (FOR HOT LESBO CAVE WOMAN PR0N) AND DOWNLOAD CAVEMAN MP3'S!!! OOG NO WANT PEOPLE SPY ON WHAT OOG LOOK AT ALL THE TIME!!! OOG WANT BE ABLE TO DOWNLOAD GIGS OF PR0N AND MP3'S AND CAVE WAREZ IN PEACE!!! OOG FIND JERK WHO CAME UP WITH IDEA AND BREAK HEAD WITH OPEN SOURCE CD!!!
  • So. They are tracking your "HTTP click stream". Apparently they think the Web = the Internet. Then they say, "You can obtain your ID by clicking on ... ". So apparently you have to be using Windows and have their software of some kind installed. Great.

    So what if I don't use Windows? I fancy any Linux client can be easily hacked/cracked to not send this "click stream" information... Or does that mean I'm not allowed to use that ISP just because I use Linux and not Windows?!?! Or perhaps they are doing it from the ISP's connection, so that any form of outgoing HTTP requests will be attributed to my client...

    All this Web activity tracking makes me sick. I think it's about time we built our own proxies with encrypted HTTP requests so that nobody can track our browsing history. All we need is to have special connection code in Mozilla (or perhaps even a Linux kernel module, anyone?) that encrypts the HTTP stream, perhaps send it via some unknown port (definitely not 80, perhaps some esoteric port like 12529) to a proxy that decrypts the HTTP stream and forwards it to the real Web server.

    The proxy itself may be open to the tracking -- it's irrelevent because they would just be tracking the combined traffic of a large number of proxy users and they can't determine the source of the forwarded HTTP requests anyway. Besides, I for one am going to filter out doubleclick and other such domains completely on my firewall. Banner ads suck. If I want something there are places I can look it up. I don't need to be spoonfed garbage like ads. I can't stand this incessant bombardment of "buy me! Buy this! buy that!" trash. As if TV commercials aren't bad enough.

    Another idea that just came to mind is to have the proxy code available to everybody. We can then use each other's machines as proxies and make the data they collect totally useless and not resemble any real information about you at all. I haven't thought this through so it might be a bad idea, but anyway, it's an idea for slashdotters to talk about.

  • by Zagadka (6641) <`zagadka' `at' `xenomachina.com'> on Friday April 21, 2000 @06:47AM (#1119868) Homepage
    I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.

    Tip: use a search engine. I recommend Google [google.com]. Try searching for "crowds proxy" [google.com]. You should find The Crowds Home Page [att.com].
  • by Xenu (21845) on Friday April 21, 2000 @05:35AM (#1119869)
    Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

    I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.

  • by DarkMan (32280) on Friday April 21, 2000 @06:30AM (#1119870) Journal
    Ah, but to go along with the draconian laws that the RIP bill is, there is a little diamond in the rough.

    The Data protection act. Basically, if any UK organisation (not just a company, any org) wants to store personal data about me on a computer, they have to get my signature on a piece of paper, giving them permision. In other words, such a scheme in the UK must be opt-in.

    Additionally, they _have_ to let you view _all_ the data you hold on them, for a nominal fee.

    (Oh, IANAL, that's just how I precieve it to work, as someone whose tangled briefly with it)

    So, how does this releate? Well, look at the they way they let you see your personal data:

    Any subscriber on The Predictive Network has the right to view their Digital Silhouette free of charge twice during the calendar year. Subscribers will be charged $50.00 per request thereafter.

    Note the two free views. This is so that they can link the Silhouette with a person (or maybe I'm just a bit cynical). After that, you pay through the nose. In UK, assuming it's sent via email, I believe the maximum they can charge is one pound (Those values are typical from companies that snail mail the data to you. They may not be able to charge even that much). Thier planned method of limiting acess to the data they hold is illegal in the UK.

    Other nice touches - it would have to be (technically) opt-in. Admitingly, they can be rather sneaky about it - it's now common to have a small box on any form you send to a company, and if you _don't_ tick the box, they have your permision to sell your data. However, it's trivial to tick the box and stop them.

    Data protection act - As far as I have seen, it's good for individuals, and bad for companies.

    Oh, and there are a number of prosecutions each year under this act - in other words, this has teeth.


    --
  • by Greg@RageNet (39860) on Friday April 21, 2000 @06:54AM (#1119871) Homepage

    Battery Ventures
    [battery.com]
    www.battery.com

    20 William Street, Suite 200
    Wellesley, MA 02481
    phone: (781) 577-1000
    fax: (781) 577-1001

    901 Mariner's Island Boulevard, Suite 475
    San Mateo, CA 94404
    phone: (650) 372-3939
    fax: (650) 372-3930

    Write Robert G. Barrett (Managing Partner) and
    show your displeasure at the types of company
    battery chooses to fund. His address is
    bob@battery.com [mailto]
  • by Cyrano de Maniac (60961) on Friday April 21, 2000 @08:46AM (#1119872)
    If you are truly concerned about this issue, it is a very good idea to politely inform your ISP that you will refuse to do business with them should they participate in this kind of monitoring.

    Just a short note to their sales department or administrators should be enough to let them know
    where you stand.

    For your convenience I'm including a "form letter" that we can use to make our opinions known. Be
    sure to substitute your ISP's name in the appropriate 4 locations in this message, and to substitute your name at the end.
    ------------------------------------------------ --
    Dear (ISP NAME HERE),

    I wanted to take just a minute of your time to highlight an issue of some importance to me, a customer for (TIME PERIOD), by which I hope to make known at least one customer's views on some rather disturbing trends in Interenet access. Just a moment of your time to express my thoughts, and hopefully influence (ISP NAME HERE)'s future direction would be appreciated.

    There is currently an initiative and offering by a company named Predictive Networks to engage ISPs in a scheme by which the ISP will monitor web traffic patterns from individual subscribers. This data would be given to Predictive Networks to create user profiles which are then used for marketing purposes.

    In exchange for this information ISPs would presumably be financially compensated. This of course can only lead to coercion by ISPs upon subscribers to submit to this sort of monitoring lest they face either termination of service or higher service fees.

    The discussion which brought this initiative to my attention can be found at the URL http://www.vortex.com/privacy/priv.09.13.

    I have no desire to particpate in such data collection, and will vigorously oppose the imposition of any such policy upon me. As a satisfied customer of (ISP NAME HERE) to this date, I want to make known that I will refuse to conduct business with any ISP which chooses to participate in this venture. I sincerely hope that (ISP NAME HERE) will never consider detailed monitoring of their customer's Internet traffic.

    Thank you for your time,
    (YOUR NAME HERE)
    ------------------------------------------------ --
  • by wrenling (99679) on Friday April 21, 2000 @04:31AM (#1119873)
    This is mostly referring to ISP's (I know,
    backbones *are* mentioned) -
    and where I live, the major DSL provider is
    SWBell, which is a semi-regulated provider.
    (Semi-regulated by the government). Telephone
    companies keep track of all sorts of data
    about us - all the calls we receive, all of
    the calls that we make. What they can do with that information is extremely limited. They are prohibited
    from selling or making that information available,
    unless its requested by a law enforcement agency.

    Would those regulations also apply information
    that they may/could gather through a DSL-style
    connection? And if they currently do not, should
    they be expanded to do so?

    The concept is rather scary - as long as a company can make money by infringing on people's
    privacy, those companies will have no issue to
    continue to track/monitor and sell information.

    As much as I am against governmental regulation,
    some federal guidelines may be necessary in order
    to keep these companies in line.

    Just my 2 cents... on a sleepy Friday morning...
  • by Mendax Veritas (100454) on Friday April 21, 2000 @05:09AM (#1119874) Homepage
    I doubt this is a hoax. I work for a network management software company, and we've had requests from major-name American ISPs to gather information of this type. We've refused. So there definitely is a "market need" out there waiting to be satisfied, and apparently Predictive Networks wants to satisfy it.
  • by MacRonin (112572) on Friday April 21, 2000 @08:09AM (#1119875) Homepage
    Telephone companies keep track of all sorts of data about us - all the calls we receive, all of the calls that we make. What they can do with that information is extremely limited. They are prohibited from selling or making that information available, unless its requested by a law enforcement agency.

    Sorry but this assumption is not quite valid anymore. Pleae refer to:
    "CNN" - FCC to appeal court ruling vacating privacy regulations [cnn.com] - August 25, 1999. A court ruling overturning federal protection of telephone customer records puts the interests of phone companies over the rights of consumers, a top federal regulator says.

    The Federal Communications Commission("FCC") plans to appeal the decision by the three-judge panel of the 10th U.S. Circuit Court of Appeals, which could enable phone companies to use information about customers for marketing purposes without obtaining their consent.

    "FCC" Chairman Bill Kennard said the court's decision to reject the commission's rules remove important protections to consumer privacy.

    Political News from "Wired News" - Phone Records Up for Grabs? [wired.com]. A court ruling ( 98-9518 -- U.S. West Inc. v. Federal Communications Comm. -- 08/18/1999 [kscourts.org] ) with implications for the use and sale of private telephone records sets a disturbing precedent for how the courts regard privacy, watchdog groups say.

    But the Federal Communications Commission("FCC") will appeal last week's 10th Circuit Court of Appeals decision, which pleased those privacy groups.

    The ruling effectively canceled a vague "FCC" regulation that had forced phone companies to obtain customer permission before using or selling call records for marketing purposes.

    ACLU Press Release: 10-25-99 - Consumer and Privacy Organizations, Legal Scholars Urge Appeals Court to Protect Consumers' Telephone Privacy [aclu.org]. In a friend-of-the-court brief filed today, 15 consumer and privacy organizations and 22 legal scholars urged a federal appeals court to reconsider a decision that would allow telephone companies to use private telephone records for marketing purposes. The groups, including the American Civil Liberties Union, said that the case is of great importance to consumers across the United States. The brief, filed in support of a petition from the Federal Communications Commission, asks the 10th Circuit Court of Appeals to uphold a privacy provision that was enacted by Congress in 1996 and implemented by the FCC.

  • by Noel (1451) on Friday April 21, 2000 @05:00AM (#1119876)

    Doing a quick Google search, I ran across this article [fastcompany.com] praising the development of "interactive relationship managers" (IRMs) like the one developed by Predictive Networks. The author is all agog about the marketing benefits of using these IRMs to target exactly what the customers want. He says that 'the "best customers"...[will] make sure that the only advertising that gets through is advertising that they really want to hear.' But then he claims that the way to do this is to use IRMs that 'collect user data based on the surfing habits of ISP customers and then make appropriate suggestions as to what else those customers might like or need.

    He also mentions the opportunity for companies to act as free ISPs to their customers so that they can easily gather the profiling information.

    <RANT>
    This "solution" is patently ridiculous (maybe it should be patented!). Am I a "best customer" in his terms, or not? I absolutely do not want my time and bandwidth wasted by any advertisement unless I decide that I want to see it. According to his definition, that makes me a "best customer".

    But there's no way that I want any commercial entity, either software or meatware, to profile my actions and try to figure out what I might be interested in. I'm sorry, but this "best customer" wants to choose for himself what he's interested in seeing. I know best what I'm interested in. Any other "solution" is a travesty, and especially one that violates my privacy in order to provide a useless "service" that I do not want at all.

    Not only is the IRM a violation of my privacy, but it's also ineffective -- my current interests are not determined by my previous interests. If I am interested in purchasing something, I will find the information I need for myself. And it will be good information -- not just biased marketing drivel.

    How can someone be so clueless to think that IRMs are a solution for people who want to control what advertising they see? They are the same marketing solution all over again - "we will tell you what you should be interested in."

    Sorry, but I'm not listening. I already know what I'm interested in.
    </RANT>

  • by Non-Newtonian Fluid (16797) on Friday April 21, 2000 @04:38AM (#1119877)
    > this scheme will only affect the clueless

    That's not the point. _No one_ should have to jump through hoops to maintain their right to privacy on the Internet. One shouldn't have to be a "geek" and know how to beat the system, because the system shouldn't be that way in the first place.

    > the sheer volume of information they'll need to process will be overwhelming

    So maybe it'll be difficult in the beginning, but remember Moore's Law can be applied to more things than your Quake III fps score or your Linux compile time. While processing power, bandwidth and storage capacity continue to increase, the last time I checked, the length of URLs was pretty much constant. If they can't handle all the data now, with the right funding, they will be able to soon. It's only a matter of time....

  • by Greyfox (87712) on Friday April 21, 2000 @04:37AM (#1119878) Homepage Journal
    I've been kicking around the idea of setting up an invitation-only IPv6 tunneling network with encrypted tunnels. This story encourages me to develop the idea.
  • by Lowther (136426) on Friday April 21, 2000 @05:13AM (#1119879)
    In the UK, the government will get there first.

    The Regulation of Investigatory Powers Act [fipr.org] will treat ISPs as telcos. It will require them to put the monitoring apparatus in place, so the government can watch what its taxpayers are doing. More detailed discussion of this hideous legislation can be found at the STAND [stand.org.uk] site.

    Once the telcos, sorry, ISPs put this apparatus in place, thy might as well get some return on their 'investment' by gleaning marketing info about their customers in passing.

  • by dominion (3153) on Friday April 21, 2000 @05:28AM (#1119880) Homepage

    I keep seeing these draconian laws being passed by our government, and these orwellian systems being created and implemented by profit- and power-hungry corporations. It seems every day there's a different post to Slashdot describing some new method for controlling the flow of information and the freedoms that we should be taking for granted...

    And what are we doing about it? Why do we keep allowing our rights and freedoms to be taken away?

    Why are those in power doing this to us? That's easy to answer: Because they can. Because anybody in power will seek to extend their power and control.

    Why are we allowing this to happen? I don't know. Some of us are fighting back as much as we can, but most of us simply post to Slashdot and complain.

    Listen up! All this bullshit that we've been fed ("We live in a free country!", "The economy is doing great!"), it's all just that: bullshit! We're losing our rights and freedoms on a daily basis, our economy is fake (the drop on last Friday was equivalent to Black Tuesday in 1929), people all over the world are being forced into sweatshop slavery in the name of "economic progress", and our environment is being raped and destroyed at an alarming rate in the name of profit.

    And most importantly? The technology that we all love and support is being turned back on us in order to control and monitor people. They're usurping something that they have no right to usurp. We have to put the power of technology back into the hands of the people!

    It's time to fight back! It's time for a revolution!

    http://www.indymedia.org [indymedia.org] - Support independant media!
    http://www.soaw.org [soaw.org] - Why are our tax dollars being spent on training murderers?
    http://www.corpwatch.org [corpwatch.org] - So you think only governments can oppress and censor?

    http://www.spunk.org [spunk.org]
    http://www.infoshop.org [infoshop.org] - Communism is dead, Capitalism is close to it. There is another alternative, and it's time we started exploring it.

    http://www.adbusters.org [adbusters.org]
    http://www.rtmark.com [rtmark.com]
    http://www.subvertise.org [subvertise.org] - Subvertising (also known as adbusting) at it's best.

    http://www.ainfos.ca [ainfos.ca] - Keep informed on what is happening in the world, from an anti-authoritarian, grassroots perspective.

    http://www.a16.org [a16.org] - Seattle and D.C. are just the beginning.
    Michael Chisari
    mchisari@usa.net
  • by Hizonner (38491) on Friday April 21, 2000 @05:00AM (#1119881)
    Looks like Zero Knowledge picked an inopportune time to update their Web site.

    They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.

    Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.

    A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.

    The software runs on Windows; Linux version due RSN, so they say.

    50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).

    Disclaimer: I want to work for these guys.

  • by IronChef (164482) on Friday April 21, 2000 @05:29AM (#1119882)
    I work for a big .com, and in the course of my product management duties I have picked up some knowledge about how ad rates on the net are set up.

    (Vocabulary you need to know: CPM. CPM stands for "cost per thousand," and it is how ads are sold. Show an ad to 1000 people, and you earn the ad's CPM, less a fee for ad serving, which is somewhere around $0.30-$0.50, from AdSmart anyway.)

    Anyway, here's why all this tracking hoo-hah is inevitable...

    Un-targeted banner ads -- the "bottom feeders," I have heard them called -- command a measly $1-3 CPM. Many sites that do not have their users categorized display these "run of site" untargeted banners. They make a few bucks per CPM. Nice, but it's not the big money.

    Targeted ads are much more lucrative. If your users are divided into highly "vertical" segments, like car people, pet people, etc. you can make $10-$15 CPMs.

    Right there is the motivation for all of this. Targeted ads make the big bucks.

    But, look on the bright side... in the coming no-privacy ISP world, there's an opportunity for a number of right-thinking geek-run ISPs to really grow and serve our needs...

    ... until the government fixes that by banning on-line anonynimity. Which is their ultimate goal -- don't doubt that for a minute. The President stated that very clearly recently. I wish I had the link handy. Right now we should also be thinking of ways to defeat enforced-by-law identity tracking, as it is inevitable.

The difficult we do today; the impossible takes a little longer.

Working...