Forgot your password?
typodupeerror
Privacy Advertising The Internet Your Rights Online

Deep Packet Inspection Set To Return 125

Posted by Soulskill
from the rising-from-the-dead-to-feast-on-the-blood-of-the-living dept.
siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."
This discussion has been archived. No new comments can be posted.

Deep Packet Inspection Set To Return

Comments Filter:
  • Incentive (Score:5, Informative)

    by Beerdood (1451859) on Friday November 26, 2010 @05:56PM (#34353712)
    When I started reading this article, I thought to myself "what possible incentive could they possibly provide if I opt in for targeted ads? Maybe a cheaper monthly bill?" Then I found this little gem :

    The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.

    Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".

  • Re:Encryption (Score:3, Informative)

    by MichaelSmith (789609) on Friday November 26, 2010 @06:30PM (#34353926) Homepage Journal

    An ISP which controls DNS and access to certificates can transparently position itself in the middle of an encrypted link. Unless keys are exchanged off line, or through other networks, end to end encryption will not help.

  • HTTPS everywhere! (Score:1, Informative)

    by Anonymous Coward on Friday November 26, 2010 @06:37PM (#34353982)

    http://www.eff.org/https-everywhere

    Inspect *this* !

  • by Pharmboy (216950) on Friday November 26, 2010 @08:32PM (#34355004) Journal

    You should read your lease. There are a large number of things you can't do in your apartment.

    You should read your TOS. There are a large number of things you can't do with your ISP as well. The point is that as long as you are being a good customer, neither should be meddling into your life. There is already protection on the books for renters that vary from state to state, ie: the landlord has to give notice before an inspection, they can't just kick you to the curb for no reason with 1 days notice, etc. The problem is that there is NO consumer protections for customers of internet access. They just keep figuring out new ways to try to make money off of you, typically at your expense. In older consumer markets, they would be subject to fines and/or prosecution for similar actions.

    The problem is that since it is the internet, they think that there are no rules that apply to them, and unfortunately, they are almost correct.

  • Re:Encryption (Score:3, Informative)

    by MichaelSmith (789609) on Friday November 26, 2010 @11:42PM (#34356008) Homepage Journal

    Say you have an account with an ISP. The wider internet is accessed through the ISP network. Nothing stops the ISP from building a model of the internet within their network, so that when you think you are connecting to your bank, you actually connect to a proxy run by the ISP which forwards connections on to the bank.

    This is how it works at my workplace. All SSL connections are proxied.

  • Re:Encryption (Score:4, Informative)

    by SuricouRaven (1897204) on Saturday November 27, 2010 @04:45AM (#34356864)
    You can intercept and proxy an SSL connection easily enough, but you can't do so without detection - the certificate won't match, and browers would start warning of something suspicious.
  • Re:I disagree (Score:3, Informative)

    by SuricouRaven (1897204) on Saturday November 27, 2010 @09:40AM (#34357706)
    You could, in theory... except that the browser already has a secure certificate installed with which to verify your identity. They come on the Windows CD (For IE, the most popular browser still) and are thus beyond your power to control. The math is very well-tested. Without access to the corresponding secret numbers for those certificates, no interception without detection. A government agency could pull it off, by demanding those certificates, but an ISP couldn't without their help.
  • Re:Now! (Score:3, Informative)

    by wvmarle (1070040) on Saturday November 27, 2010 @11:24AM (#34358104)

    Then at least give the correct link: https://www.startssl.com/?app=1 [startssl.com]!

We warn the reader in advance that the proof presented here depends on a clever but highly unmotivated trick. -- Howard Anton, "Elementary Linear Algebra"

Working...