Which ISPs Are Spying On You? 160
firesquirt sends us an article from Wired about a survey they conducted to determine major ISPs' data retention and other privacy practices. Over a period of two months, four national ISPs would not give Wired the time of day; and another four answered some of their questions in a fashion not altogether reassuring.
Re:All of them (Score:5, Insightful)
Noisy clickstream (Score:5, Insightful)
As for the other things such as IM's, emails, torrents, ect I can encrypt those should I feel the need. Yes, I could start using TOR, but it's slow and watching a web crawler do a random walk can be entertainment all by itself.
ISP's fearful of RIAA/MPAA? (Score:5, Insightful)
I would think all they need to do is show they warned their users they are 1. being watched 2. downloading illegal data. Actually providing the authorities with a history of the data is not their job and should only be the acquired by the authorities with their own equipment and only under a court order.
At the least the ISP's should give their users the ability to opt-out of their "data retention" programs.
Re:That's easy (Score:3, Insightful)
The net is being reined in by those who don't like it. There's little anyone who cares can do to stop it.
Re:That's easy (Score:5, Insightful)
Somewhere, there are lobbyists laughing at this comment.
That's true... (Score:5, Insightful)
Think about that... (Score:5, Insightful)
Sure they know where you went, but not what you viewed or 'said' while there.
Back when I was operating a mailing list on a controversial topic on my home machine, I had a couple rules:
- No postings soliciting or admitting to breaking laws.
- No encrypted traffic (not just on the list: All traffic (except passwords) to-from the machine was in the clear).
The thinking was like this:
- Police, other government investigative agencies, and various unofficial snoops have a long track record of ignoring laws against various kinds of eavesdropping. So you have to assume that the line might be tapped.
- If the police became interested they could always get a warrant and tap the line. (Or illegally tap the line without a warrant to see what's going on, then (if it looked interesting) get a warrant to tap it legally.)
- If the data was encrypted they could STILL get it - by getting a warrant and seizing the computer (and everything else of interest in the house).
- If the data was UNencrypted they would want to keep a low profile to avoid scaring off any "bad guys", would eventually see that there was nothing to go after, and thus would probably switch to hunting real bad guys elsewhere and go away WITHOUT breaking in and trashing stuff.
"Encrypt everything" seems like a nice solution. But if only a few are doing it, just the fact that their traffic is encrypted makes them targets. It's easy to trump up enough stuff to get a warrant and go after the machine.
Once a LOT of people are all swapping lots of encrypted traffic (as the default way of "sealing" the "envelope" on the datagrams) the fact of encryption will stop making the users targets. (The police can still get a warrant and grab the machines. But with so many potential machines to grab they'll have to find some other way to pick the ones to hit - like by bothering to dig up real "probable cause" from other evidence, like they're supposed to.)
Fortunately we don't need to construct a "shelling point" for this: The internet is gradually moving toward pervasive encryption, as the legitimate need to encrypt for personal and corporate security becomes broadly understood. Once that becomes the norm our electronic "papers" will be about as secure as our physical ones. We're starting to get there. But IMHO we're not there yet.
Unfortunately we WON'T be fully safe using encryption until the typical machine configurations are such that, if the machines are seized, it will be impossible to recover incriminating data from them - even with passwords browbeaten out of their owners. Until that time it will still be useful to bypass encryption by raiding one of the machines at the endpoints.
= = = =
Re the list and "no encrypted traffic": When one of the regulate-the-internet laws was about to make it too much hassle to continue, we closed down the list (after finding volunteers to run its successor and - since the participants hadn't agreed to have their info forwarded - announcing the successor on the original list and giving people time to sign up.
Now I regularly use SSH to telecommute or to access the primary house machine from the vacation house. But that's still low-profile: It's clear from the IP addresses that the SSH connections are going to the company, coming from it, or coming from a single external dialup machine via a particular service provider.
sAKafdfDds6SFALGI5as4fdf564saDDdaASDSsdaf (Score:5, Insightful)
64F5F6sAS4Dd46KJfUYd0NsafH54UJ6Y35U135KdYUsU1Jf35
JD3hFdJf8o
SD45uio5K2o
Re:Time to encrypt (Score:2, Insightful)
Re:ISP's fearful of RIAA/MPAA? (Score:4, Insightful)
I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.
Re:That's true... (Score:3, Insightful)
charter communications... (Score:1, Insightful)
______________
How long does Charter maintain personally identifiable information?
"Charter will maintain personally identifiable information about Customer only as long as Customer is a subscriber to Charter's services, or as long as necessary for the purpose for which it was collected. If Customer is no longer a subscriber to Charter's services and the information is no longer necessary for the purpose for which it was collected, Charter will only keep personally identifiable information as long as necessary to comply with laws governing our business. These laws include, but are not limited to, tax and accounting requirements that require record retention. Charter will also maintain personally identifiable information to satisfy pending requests or orders for access by a subscriber to his/her information or pursuant to a court order. Charter will destroy Customers' personally identifiable information when the information is no longer necessary for the purpose for which it was collected, when there are no longer pending requests for such information, and when it is no longer necessary to retain the information under applicable laws."