Deep Packet Inspection Set To Return

siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."

Really?

[Anonymous Coward]

More like the identity theft market....

Returns? Did it ever go away?

[guanxi]

Deep Packet Inspection Set To Return

I didn't know Deep Packet Inspection ever went away. Did I miss something?

Trust

[Jugalator]

I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
Thanks for giving me your word, and only reading other parts of my surfing habits!

Just sell me internet access please

[rolfwind]

And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.

Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.

I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.

I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.

Deja vu

[jamlam]

Err, didn't they try this before [theregister.co.uk] and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...

Re:Trust

[Monkeedude1212]

Its a stupid thing for them to say that too...

They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

National Do Not Advertise List!!!

[Anonymous Coward]

Just like the "national do not call list" we need a "National do not advertise list" .

Hmm...

[fuzzyfuzzyfungus]

As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.

At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ [foo.whatever] typically aren't kicked over to https://foo.whatever./ [foo.whatever.]

However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.

Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.

Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.

I think this is...

[Etyme]

...a good reason to encrypt everything by default.

Your Honor

[paiute]

Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.

Re:Trust

[Jah-Wren Ryel]

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

Exactly the same way all the other trackers like google's doubleclick let people "opt-out" - they still collect all the information about you, they just defer from showing you advertising that would remind you that you are still being tracked. Seriously the industry's idea of "opt out" is never to opt out of data collection, its just to opt out of obviously skeeving you out.

Re:I think this is...

[Anonymous Coward]

For how many more years do you think that will be legal, outside of https for your credit card numbers and such which they can't really get rid of?

Encryption causes all kinds of "problems" for those who would be our masters. I'm starting to surf through an encrypted VPN tunnel for anonymity, and use GPG for emails to and from friends. I expect inside 10 years there will be laws letting governments shut that kind of thing down. Only terrorist need privacy.

Re:National Do Not Advertise List!!!

[lostmongoose]

It's not about 'not advertising to me' it's about 'not collecting my data in the first place.'

Re:Just sell me internet access please

[T-Bone-T]

You should read your lease. There are a large number of things you can't do in your apartment.

Re:Just sell me internet access please

[rolfwind]

That said, the analogy broke down far before that.

All analogies break down. If they didn't, it would be because all properties down the list would be equal meaning the situation is the exact same in every respect.

All that matters with an analogy is if it illustrates the point to the audience and whether it is truthful in doing so.

Now!

[CSFFlame]

Everyone needs to get off their asses and enable https.

Re:Hmm...

[pknoll]

One small issue with moving everything to https is that you need one IP address per domain. That puts a pretty big wrinkle in the many, many servers out there that serve up multiple domains per IP. (Technically, you can do so if you utilize unique ports on the same IP for each served domain, but that breaks the "just works" aspect of port 443).

It's not insurmountable, but it does put more pressure on the already shrinking IPv4 pool. Another reason to hasten the adoption of IPv6, I suppose...

Re:Now!

[dargaud]

Everyone needs to get off their asses and enable https.

The https-everywhere plugin is great, but as a small website writer, am I supposed to $hell for a certificate or am I supposed to explain to my readers that, yes, the self-signed certificate is not a sign of viral attack onto their browser from my parts. Good luck with that.

Re:Just sell me internet access please

[Pharmboy]

You are missing the whole point: In your apartment, the landlord can't just put a clause that allows him to install hidden cameras or gets your first born child. It would be illegal regardless of whether it was in the fine print, as a general rule. (excepting reality shows...). Your ISP however, has the ability to chance the TOS any time without the housing authority oversight. You are stating the whole problem, that they can put shit in the TOS that should be illegal to begin with.