Forgot your password?
typodupeerror
Privacy Advertising The Internet Your Rights Online

Deep Packet Inspection Set To Return 125

Posted by Soulskill
from the rising-from-the-dead-to-feast-on-the-blood-of-the-living dept.
siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."
This discussion has been archived. No new comments can be posted.

Deep Packet Inspection Set To Return

Comments Filter:
  • Really? (Score:3, Insightful)

    by Anonymous Coward on Friday November 26, 2010 @06:38PM (#34353548)

    More like the identity theft market....

  • How would I get those news stories that I'm so interested in? I'm not going to their website.

    Maybe they'd like to clog up my inbox! Sure, what the hell. I always felt that having midget tranny anal fisting and nasty naked cilice-wrapped nuns were too hard to find. I'd love having that delivered right to me.

    • Sure, what the hell. I always felt that having midget tranny anal fisting and nasty naked cilice-wrapped nuns were too hard to find. I'd love having that delivered right to me.

      Careful what you ask for. I wouldn't be so quick to be posting stuff like this these days. If you know what I mean.

      • I repulsed by the very idea that they would violate of their common carrier status (we're Ma Bell, we connect everyone from presidents and kings to the scum of the earth - Ernestine the hone operator.)

        If your ISP is doing that, thrown them off the 'net.

        The day they announce some bone headed scheme like that is the day I use wide key PGP and 256 bit SSL to encrypt EVERYTHING I send.

        (And I don't use Google mail for anything non-trivial.)

        • They don't have common carrier status. That's the problem. When the FCC started regulating them, the plan was to make them common carriers. But they lobbied Congress and threw too much money around. The FCC was prevented from regulating them as common carriers.

          One of the chiefs of the FCC recently pushed to re-designate them as common carriers. That would solve a lot of problems (like this one). But so far it hasn't happened.
  • by guanxi (216397) on Friday November 26, 2010 @06:40PM (#34353576)

    Deep Packet Inspection Set To Return

    I didn't know Deep Packet Inspection ever went away. Did I miss something?

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      No, it never went away. I used to work for a top5 cable ISP in the US... and all they did put their sandvines servers in 'shunt' mode. Also, they are corporately controlled, so they could be turned on ANYTIME for ANYTHING without the local network admins even being aware. Oh yeah, and I found access to them while i was still there, and still have access to them.... so I could turn them on for ANYTHING without anyone knowing also. Scary, huh? Firesheep anyone?

    • by Savantissimo (893682) on Friday November 26, 2010 @11:03PM (#34355508) Journal

      No, as an ex-employee of a southeastern US ILEC I can tell you that they were doing deep packet inspection (and alteration) on all DSL lines from 2003 at latest. The equipment used was the Lucent BSN5000 switches. We weren't supposed to know about the packet alterations, but they made some problems impossible to fix.

  • Trust (Score:4, Insightful)

    by Jugalator (259273) on Friday November 26, 2010 @06:42PM (#34353598) Journal

    I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
    Thanks for giving me your word, and only reading other parts of my surfing habits!

    • Re:Trust (Score:5, Insightful)

      by Monkeedude1212 (1560403) on Friday November 26, 2010 @06:46PM (#34353616) Journal

      Its a stupid thing for them to say that too...

      They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities

      Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

      • Re:Trust (Score:5, Insightful)

        by Jah-Wren Ryel (80510) on Friday November 26, 2010 @06:53PM (#34353670)

        Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

        Exactly the same way all the other trackers like google's doubleclick let people "opt-out" - they still collect all the information about you, they just defer from showing you advertising that would remind you that you are still being tracked. Seriously the industry's idea of "opt out" is never to opt out of data collection, its just to opt out of obviously skeeving you out.

    • I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy! Thanks for giving me your word, and only reading other parts of my surfing habits!

      They... refrain from reading the emails... I wonder if their software is under such restrictions.

      Oh!!!! But they offered free adware software in the past... which would simply allow them to collect even more information (like all your offline information). Neato!

      I trust them!!!! You should too!!![/sarcasm]

  • by rolfwind (528248) on Friday November 26, 2010 @06:44PM (#34353604)

    And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.

    Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.

    I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.

    I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.

    • by Culture20 (968837)
      To be fair, if someone is running a meth lab out of their apartment, or has 20 members of their extended family living in a two-bedroom, I think it's okay for a landlord to provide warnings and then evict. That said, the analogy broke down far before that.
      • Re: (Score:3, Insightful)

        by rolfwind (528248)

        That said, the analogy broke down far before that.

        All analogies break down. If they didn't, it would be because all properties down the list would be equal meaning the situation is the exact same in every respect.

        All that matters with an analogy is if it illustrates the point to the audience and whether it is truthful in doing so.

    • Re: (Score:3, Insightful)

      by T-Bone-T (1048702)

      You should read your lease. There are a large number of things you can't do in your apartment.

      • by Pharmboy (216950) on Friday November 26, 2010 @09:32PM (#34355004) Journal

        You should read your lease. There are a large number of things you can't do in your apartment.

        You should read your TOS. There are a large number of things you can't do with your ISP as well. The point is that as long as you are being a good customer, neither should be meddling into your life. There is already protection on the books for renters that vary from state to state, ie: the landlord has to give notice before an inspection, they can't just kick you to the curb for no reason with 1 days notice, etc. The problem is that there is NO consumer protections for customers of internet access. They just keep figuring out new ways to try to make money off of you, typically at your expense. In older consumer markets, they would be subject to fines and/or prosecution for similar actions.

        The problem is that since it is the internet, they think that there are no rules that apply to them, and unfortunately, they are almost correct.

        • Actually, YOU should read YOUR TOS so you can see there are a large number of things that the ISPs can do, but haven't been doing up until this point. Much like how a certain OS manufacturer used to have a buncha services that the TOS stated they could use to sell anything you uploaded... and then later added an option in their picture service to do just that...

          Most people never read the fine print in their TOS. I have.

          Most people never stop long enough to try to determine what the term "business partner"

          • Re: (Score:3, Insightful)

            by Pharmboy (216950)

            You are missing the whole point: In your apartment, the landlord can't just put a clause that allows him to install hidden cameras or gets your first born child. It would be illegal regardless of whether it was in the fine print, as a general rule. (excepting reality shows...). Your ISP however, has the ability to chance the TOS any time without the housing authority oversight. You are stating the whole problem, that they can put shit in the TOS that should be illegal to begin with.

            • Where one lives is governed my a different set of rules because the circumstances are entirely different. Physical objects, expectation of being able to be totally naked without being spied on (ie: shower, bedroom, or anywhere else simply for the hell of it).

              Also, housing is deemed for many legal purposes, as your own while it is being rented. You don't buy (in any legal sense) the Internet when you get a connection.

              Also, one chooses what they put online, or what they do online. Which is far different fr

              • by Pharmboy (216950)

                How about this then: Lets let Ma Bell listen to your phone calls using "deep packet inspection" so they can serve you up advertising. Both are communications channels.

                • How about this then: Lets let Ma Bell listen to your phone calls using "deep packet inspection" so they can serve you up advertising. Both are communications channels.

                  I didn't say it was right (though, AFAIR, Ma Bell already does that - sans the advertising part). I just said you made a very bad analogy, and that there are no laws that apply to prevent such from occurring, unlike (due to the differences in your analogy) the stuff you used in your renter's analogy.

                  So, again, I fully think this sucks, and should not happen. I was just pointing out that sadly, there is nothing to prohibit it that I can find, as long as the TOS allows it. I can't think of an analogy that f

  • Deja vu (Score:3, Insightful)

    by jamlam (1101193) on Friday November 26, 2010 @06:44PM (#34353606)
    Err, didn't they try this before [theregister.co.uk] and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...
  • by Anonymous Coward

    Just like the "national do not call list" we need a "National do not advertise list" .

    • Re: (Score:3, Insightful)

      by lostmongoose (1094523)
      It's not about 'not advertising to me' it's about 'not collecting my data in the first place.'
      • by Dutch Gun (899105)

        Advertisement is the motivation for collecting the data. We might be able to solve the collection problem by removing the monetary incentive.

  • Hmm... (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Friday November 26, 2010 @06:49PM (#34353650) Journal
    As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.

    At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ [foo.whatever] typically aren't kicked over to https://foo.whatever./ [foo.whatever.]

    However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.

    Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.

    Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.
    • by SJ (13711)

      It's interesting to note that if you try to visit Slashdot on 443, it immediately redirects you to 80...

      • by tepples (727027)

        It's interesting to note that if you try to visit Slashdot on 443, it immediately redirects you to 80...

        Subscribe to disable this redirection.

    • Using SSL may not be a solution, because websites that think that these techniques will increase their revenue, because the ads they display will be better targeted, have an incentive to not provide an SSL service.
      • I'm obviously not expecting 100% noncompliance from all websites, there is always somebody willing to try, if the money looks good; but I would argue that Phorm, and anybody with a similar business model, are a necessarily pro-isp, anti-site operator outfit and that that will not endear them to web operators.

        The situation is actually quite analogous to net-non-neutrality. Some sites will likely play ball; but the overall effect of such a scheme is(quite evidently to any player paying attention) a net tra
    • Re: (Score:3, Insightful)

      by pknoll (215959)

      One small issue with moving everything to https is that you need one IP address per domain. That puts a pretty big wrinkle in the many, many servers out there that serve up multiple domains per IP. (Technically, you can do so if you utilize unique ports on the same IP for each served domain, but that breaks the "just works" aspect of port 443).

      It's not insurmountable, but it does put more pressure on the already shrinking IPv4 pool. Another reason to hasten the adoption of IPv6, I suppose...

  • I think this is... (Score:3, Insightful)

    by Etyme (1747182) on Friday November 26, 2010 @06:50PM (#34353656)
    ...a good reason to encrypt everything by default.
    • Re: (Score:1, Insightful)

      by Anonymous Coward

      For how many more years do you think that will be legal, outside of https for your credit card numbers and such which they can't really get rid of?

      Encryption causes all kinds of "problems" for those who would be our masters. I'm starting to surf through an encrypted VPN tunnel for anonymity, and use GPG for emails to and from friends. I expect inside 10 years there will be laws letting governments shut that kind of thing down. Only terrorist need privacy.

    • ... like there weren't a plethora of reasons to before.
  • Your Honor (Score:4, Insightful)

    by paiute (550198) on Friday November 26, 2010 @06:50PM (#34353658)

    Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.

  • The real problem with this kind of technology is that it works often enough to make it worth for them. I for one blame, first and foremost, the people who buy from this kind of advertisement (including spam).

    • Advertising works. It's become a very sophisticated blend of art and science. Modern advertising agencies hook people up to fMRI machines to monitor their brain activity, they employ psychiatrists to find the points of emotional manipulation. This isn't the old days, when advertising was just about making your product look better than your competitor's. A skilled manipulator can make people crave a product without even realising why.
  • Incentive (Score:5, Informative)

    by Beerdood (1451859) on Friday November 26, 2010 @06:56PM (#34353712)
    When I started reading this article, I thought to myself "what possible incentive could they possibly provide if I opt in for targeted ads? Maybe a cheaper monthly bill?" Then I found this little gem :

    The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.

    Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".

    • by MightyMartian (840721) on Friday November 26, 2010 @07:08PM (#34353808) Journal

      Yeah, you sees, if you pay da money to us, your bakery won't, y'know, burn down, see?

    • Not that I agree w/this model of paying to not see ads, but a lot of sites are doing this, including slashdot. Again, that doesn't make it "right". Just a thought.
    • by Skidborg (1585365)
      Hang on, that fee will only make you stop receiving ads, not make them stop snooping your data.
    • by wvmarle (1070040)

      Bad marketing.

      They should raise the fees by that amount, and then offer a discount for the version with extra ads. And then the discounted version is the same cost as the old price. And of course advertise the hell out of the "discounted" price as if that's the new "enhanced" service.

      • by BlindBear (894763)
        No way, they should REDUCE the cost for the ad infested spyware version and leave the regular version alone! There, fixed it for you. Customer friendly marketing.
  • "protect people's privacy with steps that include obtaining their consent" That sounds more like protecting the ISP then anyones privacy...
  • by rsteele19 (150541) on Friday November 26, 2010 @06:58PM (#34353722) Homepage

    I read the headline and assumed this would be another story about the TSA's screening procedures...

  • Beleaguered Internet advertising phirm Phorm is hitting back at critics with StopPhoulPlay.com, in an attempt to lure Internet activists into herniating from laughter.

    "It is clear that the campaign against Phorm originates in the sinister manipulations of Alex Hanff and Marcus Williamson," said Kent Ertegun, CEO of Phorm, "who have used mind control lasers and the killer robot armies of the Open Rights Group and FIPR to deceive millions of Britons into a Communistic fervor of hatred against the engines of the free market and customer demand, the salesmen and marketers, the true creators and enablers of objective value."

    The website, designed in Microsoft Word, uses the infallible public relations format so successfully put into play by the ReligiousFreedomWatch.org site of the Church of Scientology, an upstanding community institution of similarly flawless repute. StopPhoulPlay.com reveals how:

    • At the age of five, Hanff REFUSED to share his crayons with the little girl next to him, saying she was "poopy" and would only draw a picture to be used against him.
    • At age twelve, Williamson accepted MONEY from his mother to buy sweets, but not to tell schoolmates in case they wanted some.
    • Hanff and Williamson may have attempted to access POTENTIALLY ILLEGAL images blocked by the Internet Watch Foundation.
    • Hanff and Williamson have used WIKIPEDIA at least once in their lives.
    • Hanff and Williamson INVADED POLAND in 1939.

    "Given the persistence with which they propagate incorrect information, we cannot rule out the possibility that a competitor is involved," he said. "The competitor goes under the name 'reality.' Needless to say, we have no tolerance for an entity of such limited possibilities.

    "These people are privacy pirates — people who steal privacy online, off the coast of Somalia. With Internet guns! And drugs! And child pornography!"

    Mr Hanff and Mr Williamson said they were unsure whether to sue Phorm into atomic dust for gross defamation or just to let them continue with their infallible public relations work. Phorm shares have dropped from 405p to being rated a "serious infection risk" by the World Health Organization.

    Picture: Targeted just for you. [newstechnica.com]

  • by Logic Worshipper (1518487) on Friday November 26, 2010 @07:08PM (#34353810)

    Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.

    I couldn't imagine a cell phone or land-line phone company getting away with that.

    • Re: (Score:3, Interesting)

      by dltaylor (7510)

      Don't they?

      Not the content, at least for now, but there's money to be made selling the contact list, and not just to the gov't.

      If you're regularly calling the local pharmacy, for example, don't the health insurance scammers have "a right to know that" (for a fee, of course) so they can stuff your mailbox (and email box, if you're lame enough to use your phone company as an ISP) with advertising?

      • No, no one who doesn't have a warrant has the right to know if I'm calling the local pharmacy, my mistress, or a local drug dealer. And this would include the content of the transmission, not just to/from information.

        Warrantless wiretapping isn't OK, even if it's just done by corporations.
      • The health insurance companies would want to know that too. If you keep calling the pharmacy you may have a preexisting condition or just general health, and they'd like to be aware of that before they accept your risk.
  • by whoever57 (658626) on Friday November 26, 2010 @07:17PM (#34353844) Journal
    Does "obtaining consent" and allowing "opt-out" mean that customers will be free to terminate their Internet connection if they don't opt-in? Or will there be an option to retain Internet service while opting-out of the snooping?
  • HTTPS everywhere! (Score:1, Informative)

    by Anonymous Coward

    http://www.eff.org/https-everywhere

    Inspect *this* !

  • I love PR articles like this one. This is the kind of piece that future researchers can than use as a reference - since it appeared in a reputable newspaper, it's "proof" that such services are "coming back". Ultimately the companies offering this service are made to appear more legitimate to potential investors and partners -- even though readig the article shows no actual evidence of a "comeback" for deep packet inspection beyond the fact that a couple of companies are trying to get it moving. cf "Sui [paulgraham.com]
  • Polly want a fucking cracker?

    I want money! That's what I want!. Peeking at my package.. er packets will cost you a pretty penny.

  • quite effective at deep packet inspection and other man in middle attacks.

  • Now! (Score:3, Insightful)

    by CSFFlame (761318) on Friday November 26, 2010 @09:26PM (#34354946) Homepage
    Everyone needs to get off their asses and enable https.
    • Re: (Score:3, Insightful)

      by dargaud (518470)

      Everyone needs to get off their asses and enable https.

      The https-everywhere plugin is great, but as a small website writer, am I supposed to $hell for a certificate or am I supposed to explain to my readers that, yes, the self-signed certificate is not a sign of viral attack onto their browser from my parts. Good luck with that.

    • by Toze (1668155)

      Many of the sites I run already have HTTPS.

      I did, however, finally turn on a secured SOCKS proxy this morning, when I discovered my ISP's been doing DPI for over a year. No such thing as paranoia, I guess. :T

  • by Lanir (97918) on Friday November 26, 2010 @10:27PM (#34355326)

    I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.

    Let's see if we can boil down what a truthful ad for their spyware would look like.

    "Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.

    In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?

    In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!

  • So, Advertisers/ISPs can do this,but police need a search warrant to do the same thing? This is a very wrong picture.
    • by JeffAtl (1737988)

      Even worse, this gives the police the ability to obtain the information without a warrant by just asking the ISPs to make it available to them.

      Wiretapping laws would probably protect voice communications, but all other information would be fair game since the ISP isn't acting as an agent of the police but simply an entity willing to share information that it owns as a "public service".

  • Scum and Trash or is it Trash and Scum Inc. These companies are turd polishers, the internet does not need them. The people that run these companies will take every last vestige of your private life and sell it if they think they can make a buck, please try to put them out of business as soon as possible.... perhaps we could get them an honest job, flipping' burgers maybe.
  • That's what this shit is. "Oh, we'll respect your privacy, give you opt-in". Bull. Fucking. Shit.
    The government is seizing websites en-masse as the tools of the MAFIAA that they are. Big telecoms are purchasing control of the internet. Advertising companies are datamining the living fuck out of us. So-called "social networking" sites suck in clueless people who don't have any clue that their privacy is precious and priceless, and these people willingly post their entire lives for all to see and for corporat
  • There are obviously a lot of problems with these ad services, but maybe there is some value to the Security-for-Ads business model.

    The enterprise has an arsenal of security technology that, for the most part, has not made it to the consumer space. This makes consumer-owned computers very easy targets, and that has given rise to botnets.

    Either ISPs can give away this kind of security (e.g. IPS, botnet detection) for free, or consumers can pay for it. But, consumers will not pay for it. Maybe supporting

Never say you know a man until you have divided an inheritance with him.

Working...