Plans For Massive Web Tracking Via ISPs 122
Lauren Weinstein, the moderator of the PRIVACY Forum, writes: "My latest issue of the PRIVACY Forum Digest, going out now,
reveals Predictive Networks' plans for widespread Web Tracking
via direct links to ISPs! Details are here. Thanks much." Pay ISPs for the ability to snoop on their customers, what a great idea. Dave Farber has a comment on Predictive Networks as well.
Re:Your ISP is not stupid (Score:1)
Like, duh. Well, sorta. Even using an unencrypted connection to a proxy will force the ISP to jump through a few extra hoops to figure out what you're up to. But you're right that this wouldn't make the problem effectively insoluble, as encryption would.
2.till such use of proxies is widespread, it might be fairly easy to figure out: "oh, this is that guy Bill who used the proxy to buy the airline ticket."
Not necessarily true, if the proxy is set up to do things like fetch unrequested pages (simply not returning them to any client) in addition to the requested ones. Other tactics are to (along with a few other users of the proxy) to set up a job on your machine that periodically requests something via the proxy, so that there's always a bit of traffic that makes it harder to distinguish what 'real' user requests are. Of course, all these thengs increase load on the proxy and thus slow down response, but if you really want privacy, you might be willing to pay the price.
Re:What impact on DSL? (Score:1)
Wah! (was: SLASHDOT IS WATCHING YOU!!!) (Score:1)
pb writes "Picture a world where information about your every move on Slashdot is all shipped off to many third parties, with the willing cooperation of your Internet Service Provider (ISP). Check out guru CmdrTaco's latest offering at Andover.net's Secret Labs on Predictive Networks plan to know everything you do... no book rights... no story moderation... just everything you do all the time."
"He knows when you are sleeping, he knows when you're awake he knows when you've been trolling lots, so you'd better be good for goodness sake!"
Does this strike anyone else as a little paranoid? First, "Internet Privacy" is a sick oxymoron. Second, there are technical solutions which can allow a user privacy regardless.
And finally, if they *really* want to store all my web information, so be it. They will get sued, or pretty soon they won't be able to fit the (damn doubleclick.com) logs on their servers. And either way, I'll still be laughing at them.
Heck, combine some technologies. Have a fake (alladvantage.com) web-browsing program that goes to wherever you want, just to confuse them, and a real (private) connection, cryptographically secure and all that jazz.
---
pb Reply or e-mail; don't vaguely moderate [152.7.41.11].
Re:Thoughts (Score:1)
Is that really true? VPNs are one of the best reasons to use a cable modem or DSL. If you only use it for "recreational" web browsing it's a bit of an extravagance to pay the prices that are charged by most providers.
Re:Noise (Score:1)
Re:My recent refused submission (Score:1)
Re:CNN DDOS script-kiddie caught (Score:1)
Re:I just don't get it. (Score:1)
Allow me to quickly point out that if you have more than one medium you have media, not mediums. That's why when newspapers, television, radio, etc. all get lumped together they're called the Media. Each one is a medium of communication. All of them taken together are communications media. Don't blame me, blame the guys who invented Latin. Or was it Greek?
Anyway, you're right, the reason the Nightly News with Tom Brokaw runs a bunch of antacid and laxitive commercials, and the Saturday morning cartoons run toy ads, and the golf tournament broadcasts run Cadillac and Lincoln spots, is demographics.
But that's still spending money to reach a bunch of people, of whom only some are the ones that you really want to reach. What if you could focus your advertising more tightly, or more locally or regionally?
Say, for instance, there's a baseball game on WGN with a piece of fence behind the catcher that's actually got an ad saying "subscribe to The Chicago Tribune for great sports coverage every day". If you're sitting in the stands at the game in Chicago, or watching it over the air on WGN somewhere in the Chicago area, where you can get the Trib home delivered, that's the ad you see. But if you're watching on a cable system in the hometown of the opposing team (which is usually Atlanta, so that there's nothing to watch for a few hours on WGN *or* WTBS), then what if that piece of fence is displaying an ad for a business that's local to the visiting team's hometown? You're watching the same game as the guy in Chicago is, and you're watching it on WGN, but you've been more narrowly targeted than if they didn't know your geographic area.
Or what about the time slots that your local cable company gets to fill? I see ads for local businesses even though I'm watching CNN, USA, TNT, whatever. What if your cable company sorts viewers out not just by city but according to neighborhoods, and you get the used car dealer's 30 second spot and the guy a few miles away in the house that cost 3 to 10 times what yours did sees a local Mercedes or Jaguar dealer's ad instead, even though you're both looking at "Fistfull of Dollars" on the same cable channel at the same time. Each car dealer just reached *his* target demographic without spending money advertising to the wrong viewer.
It's not that technically difficult nowadays to show a different ad to a different cable company's subscribers; for the cable co. themselves to segregate by neighborhood might still be too expensive, and sorting you out from your neighbor so that she sees the J.C. Penny jewelry sale ad while you see the Red Lobster combo platter ad while both of you are individually watching "Frasier" or VH-1 or whatever is probably not in the cards for the immediate future.
But that's television.
Computers and the Internet, on the other hand, aren't as communal. It's not a case of watching whatever's on the local cable or in the local airwaves, it's ask for and be sent a web page that maybe nobody else in your town knows or cares about, but if there is an advertiser out there who already knows that you probably make enough money to buy his product, let's say outboard motor, for example, and that you subscribe to a fishing magazine, and that you've been looking at new boats on other web sites, and that you reported your old boat and motor stolen and filed a claim with your insurance company, then even though you've just downloaded a site about model railroading, he just might want to replace the generic ad for HO scale scenery or Pulse Width Modulation power supplies at the top of the page with an announcement about his latest remote start, low wake, fuel efficient 2 cylinder outboard (or whatever features would make an outboard attractive to buyers)on the version of the page that you see. If the model railroading site sells that ad space to a company that can find you in their database and match the info on you against client businesses, then it's just a matter of whether they have the computer power to do it cheaply enough for that outboard motor manufacturer to be willing to pay. If so, they've just bought some very tightly targeted advertising, without spending anything to advertise to a household that's not even home to watch the TV this weekend.
just web? (Score:1)
I wonder if they plan on contacting universities to ask for this data also?
subvertise is broken (Score:1)
You don't have permission to access / on this server.
--
Re:We need to fight back! (Score:1)
Anarchy is based on the same pretense as socialism, and we all know how well that one turned out in practice.
That pretense is that man is not inherently greedy, and the success of capitalism shows how wrong this is.
Yes, we need a revolution.
No, anarchy isn't going to do it for us.
Re:We need to fight back! (Score:1)
Not evil.
If man is inherently greedy, and has full freedom, then he will abuse that freedom, to satisfy the greed.
I will put more faith in my fellow man, when my fellow man gives me a reason to do so.
Re:Noise (Score:1)
They still collect the data.
They still sell that to companies (I presume, else they have no revenue generation).
Your solution will only work if virtually everyone generated noise. That would mean that the return from the companies that purchase the data would drop, they stop buying it, and then they have no revenue - they stop.
However, the same logic can be applied to banner ads. If there was a program available to to block banner adds, and people used it, then the advertisers would get no return, and thus they stop paying for useless ads.
There is such a program - Junkbuster, or relatives. They've been around a while. But banner ads still exist. So, not enough people use it.
If not enough people will use something that gets rid of an eyesore, why would they suddenly use a program to defeat something they can't see?
In summary, a noise generating program will only give you a more diverse range of spam. It doesn't solve the problem.
--
Re:hows this different... (Score:1)
Re:A suggestion...or 3 or 4 (Score:1)
ifconfig eth1 hw ether deadbeef0001
(this needs do be done while the card is down for obvious reasons) now your card will answer all arp requests with DE:AD:BE:EF:00:01.
hows this different... (Score:1)
its evident that https and ssh sessions to machines dont/wont get sniffed by this system...as more and more web servers support https (specially with the impending expiry of RSA's patents) this sort of scheme will collapse completely.
if you arent running ssh at least now...i sugggest you do so. i've seen packet sniffers running on most isps...whether the isp was aware of it or not is a whole different matter.
There's already a mass-market way to evade this (Score:1)
Re:hows this different... (Score:1)
Granted it would be highly unethical to do such a thing, but thats never stopped a corporation with profit motive in the past.
I'm amazed at the "if we don't do it someone else will" justification I hear more and more these days from business leaders defending their unsavory activities.
Re:Thoughts (Score:1)
--------
"I already have all the latest software."
New Advertising (Score:1)
Then I read the comments. We can't be expected to have to do this, as one person wrote, and what about those that don't? We shouldn't have to be geeks to have privacy.
I read a little on the Predictive Networks site [predictivenetworks.com], particularly an article acclaiming this as the best new form of advertisement since sliced bread. Their arguing point is that as the world stands, using newer technologies (the author seemed to be rambling something about voice recognition...whatever), anyone can ignore commercials. This is true. My VCR has something called 'Commercial advance (credits where due, I think this is trademarked)', whereby recorded programs are scanned and marked for commercials, and when you play the tape, commercials are skipped over. Furthermore, we can scan out banner ads using GPL'd filtering proxies.
However, I don't think this is justification for targetted privacy invading advertisement. The two points I think the author, and, in fact, the entire company, is overlooking is that no one wants to be advertised to, and no one has a god given right to advertise.
First things first, as the author of the originally linked article in slashdot mentioned, how about ASKING the `subscribers' what advertising they'd like to view? The answer is, of course, that everyone knows that no one will want any... so they just go around our backs.
But my final point, and what the author of the article on Predictive Networks (the very name runs chills down my spine) seemed to overlook is that no one has any `right' to advertise, and no one enjoys it. The only advertising currently allowed is shotgun-approach advertising: globally broadcast television and radio commercials, and randomly alternating ads. I'm sure no one minds, or even notices, ads like the one that appears on this very site, it's what keeps it running, and everyone knows that. My argument is that this should be all that's allowed. No one can find out what you're watching on television, and when anayone tries to, they're quickly snuffed out by privacy advocates. The same should go for the internet. There's no difference. We pay for cable tv access, but we don't pay to keep the shows running, they're paid by advertisers (or they are advertisers, i.e. informercials). The internet operates the same way: we pay for bandwidth and equipment, the sites pay to send to us, and they sponser how the want. No one wants to be profiled and forcefed advertisement that someone deems we'd like (I can just imagine how this'd be abused), and before now, no one's been allowed to.
Re:HMmm (Score:1)
Spyky
Re:Sure, refuse if you know about it (Score:1)
That sounds fine, but in large companies, the people who make decisions about marking approaches don't care about the feedback they get from customers. If they did, there would be no telemarketers.
Re:I can't sit back and watch this! (Score:1)
Re:A suggestion...or 3 or 4 (Score:1)
Re:What impact on DSL? (Score:1)
Re:I can't sit back and watch this! (Score:1)
Hey, how's IPV6 coming along? (Score:1)
The Predictive Network is trying to solve the problem of advertising. This, although, I predict, will not happen.
I've heard of IPV6, SDMI, and other Orwellian scenarios, yet, I have a dynamic IP, and mp3 is a household name.
I just don't get it. (Score:1)
I have read some of the post under this article and understand the monetary reasons for people to want targeted advertising, but I still just don't get it. Personally, I don't want targeted adds. I could care less about them and I bet most consumers could too. Here is my reasoning:
I am into computers. I have a development job, I have computers at home, etc. I look at sites at sites like Slashdot, Bluesnews, Linux Today, etc. When I go to those sites, I expect to see ads that have to do with computers and technology. When I visit CNN and ABCnews I expect to see news related ads. The list goes on.
My point is that in mediums such as TV, ads are placed according to the demographics of the poeple who watch the show they air during. Same with radio I assume. Why then does the net not just work like this? Really, do I want every single banner ad a I see to be for computer related crap? Even Slashdot readers want to see something else sometimes! Does anyone else agree with this, or am I just cukoo?
The other thing that pops into my head about this whole issue is libraries. Libraries aren't allowed to keep track of who viewed what. Why can web businesses? It's all ridiculous.
This is all because people are mis-educated (not _under_educated), but that's a whole other topic.
-FoodMike
No. (Score:1)
Re:Sure, refuse if you know about it (Score:1)
Re:No. (Score:1)
Re:Sure, refuse if you know about it (Score:1)
The best possibile scenerio (short of it not happening) is this:
Someones ISP starts doing this, and doesn't notify anyone, doesn't modify its user agreement, doesn't post anything anywhere about it. That person finds out, and takes it to court, or something of that nature, and a precident is set _requiring_ ISPs to notify users, with at the very least a post on their website, that they are selling their browsing history, and, hopefully, allow them to opt out of that.
Personally I don't think it makes sense for ISPs to do it, because, regardless of the amount of money they are paid, even the most ignorant customers will be -very- upset if they find out. I work tech support at an ISP, and I can tell you, these people get pissed over much smaller things than that. So the best thing we can do, if this does come to pass, is make as much noise as possibile about it.. Get it featured on TV, radio, all over the web.. wherever we can. The more publicity, the more likely the average Joe Shmoe will wonder if he's being monitored.
Re:Sure, refuse if you know about it (Score:1)
That is, only if it gets picked up by the mainstream press, because joe-aol-keyword=jugs isn't going to read
unrelated note, Palp, I was going to check-see if you worked for the same ISP I do but couldn't...may wanna check your permissions on your page.
Good Anti-marketing for ISPs! (Score:1)
Picture this giant billboard for one of your local ISPs: "We do not track your internet activity. Only our competitors do that!". Bingo bango, that will stir up a lot of shit, and my guess is that all but the big AOL, Sprint, etc will opt for *not* tracking because the bad smelling PR is too dangerous for them.
It is a good marketing tool for the ISPs that DON'T use tracking.
Then again, what do i know?
I don't get it. (Score:1)
So finally there's a company that doesn't treat me as just a number, but recognises my individuality. They make you a real 'Digital Silhouette' free of charge and everybody is getting upset. Why is this? I say: request your Silhouette (tm) so they'll know who you are and be an individual too!
Re:HMmm (Score:1)
The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit
so, what happens if (like probably many people here) the url data they get from you is full of sites like /. or the EFF or the PRIVACY forum, etc. how do you target marketing to someone who is clearly interested sites that argue against targeted marketing?
HMmm (Score:1)
I guess if this happens encryption will be that much more important.
Re:HMmm (Score:1)
Re:HMmm (Score:1)
but you could also tunnel requests through somewhere else with ipsec. not an easy task though. But it looks better than having my web activity logged. you can't be an anonymous coward otherwise. =) The internet is outdated in terms of its capability. E-mail security is a joke and people still use telnet. damn i love encryption.
Re:A suggestion...or 3 or 4 (Score:1)
Re:A suggestion...or 3 or 4 (Score:1)
Re:Lunatic marketroids (Score:1)
Re:Set up tunnel network other types of activism (Score:1)
Re:Scary article from marketroids' perspective (Score:1)
I only looked at the first few paragraphs, but the gist I got was that since people don't want to deal with advertising and will soon gain the tools to ignore it, advertisers will have to find new ways to claw for our mindshare. Honestly... If advertising wasn't such an annoying phenomenon in the first place, we wouldn't fight as hard as we do to get away from it. Personally, I don't think any advertiser could ever succeed in targetting me with a message that I'm interested in seeing, no matter how much personal information they gather or how closely they monitor my every move. If I need something, I can easily find out where to get it. What I don't need is to be told that I need something, which is the whole point behind advertising these days. I can decide for myself what I need and what I don't, thank you...
Oh well... Got off on a rant there myself. I'd rather see advertising eliminated entirely, with products competing on their own merits instead of flashy gimmicks. But since that approach works on the sheeple, I don't think we'll ever see it.
--Fesh
Re:HMmm (Score:1)
Re:Noise (Score:1)
Perhaps better, set up the `bot to have "personalities", and send replies explaining that your 85 year old aunt was visiting and search for lavender soup and ping-pong balls, and your 11 year old daughter was searching for [current-preteen-music-idol] and body piercing; then tell them that you've no interest in those products/services, stop annoying you. In the case of your "daughter" tell them if they don't go away you'll site the child protection cops on them.
The purpose would be to both fuzz out your own traffic, and to generate a lot of spurious hits for the people _paying_ PN for the "leads". Those businesses are spending money with the hopes of getting sales; clear feedback that it's not working and is annoying potential customers just might cause them to drop PN.
And don't forget to write on _paper_ to any company that sends unsolicited email and has an actual mailbox. Most companies treat one letter as representing 100s or 1000s of real world consumers that didn't write.
This seems like a dumb idea for ISPs (Score:1)
I know (Score:1)
Re:Data Protection Act (Score:1)
Firstly, to sign up with the ISP, you have given them name, address, date of birth and probably your phone number, as condition of using them.
Since most of them require your e-mail address and password when you sign on, they effectively have, via their logs, who you are, demographics (unless you lied), phone number (because you are phoning them) and everywhere you went. All of this is quite legitimate within the terms of the Data Protection Act. Indeed, under the Regulation of Investigtory Powers Act, it will probably become mandatory.
The trick is to check the Data Protection registration of the ISP. If they are not registered to use this data for marketing purposes, you have them by the short and curlies. You can search for this on the Data Protection Registrar web site [dpr.gov.uk]. For instance, here is the registration made by the UKs favourite ISP, Freeserve [dpr.gov.uk]. Note the first purpose is marketing to individuals. I also saw an article in Computing magazine [vnunet.com] where Freeserve stated that they intend to do exactly that.
Note on the Freeserve new user registration page [fsmail.net], you have the normal 'opt out' boxes (jury is out on their legality in the UK AFAIK). It mentions 'Terms and Conditions' too, but this link doesn't work (ha ha ha ROFL). When it works, I bet it mentions that the data they collect will be processed in accordance with the Data Protection Act.
In short, I don't believe that the Data Protection Act will offer much of a defence to ISPs using their logs to market at you, as you will have to give them this right under the Data Protection Act when you sign up with them in the first place.
Wow! What luck! (Score:1)
Re:Crowds (Score:1)
Mind posting a link; this sounds intresting.
I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.
Re:hows this different... (Score:1)
Re:My recent refused submission (Score:1)
Re:Bitch there, not here! (Score:1)
Hear, Hear!
While having X amount of /.'ers hit them with sugar and spice is not going to make them change their mind, (I'd love to be in the board meeting for that. "The people say they don't want our ads. Maybe we should close up shop." Yeah, right) but if we all tell them politely that we're not going to do business with their partners, and we're going to talk to our congress people about legislating them out of business, then they may start to figure out another way to blow their investor's money away.
Most of us here are geeks/nerds/whathaveyou, but those of us who are over 18 and in the US can vote. If you've registered to do so, then send a nice piece of email to your congress people and tell them you'd like your privacy protected on the Internet.
The "real world" is coming in after us, people. It's time we use the tools that are available to us to keep them where we want them. So we have to play with the politicos. But we have to play with them nice and professionally.
Use a spell checker. Clear your grammar with your English major/grad buddy. Remove those swear words. Don't be a jerk. They're not going to listen to you otherwise, and they'll do whatever they want with their business plans or introduced legislation, or God help us, voter initiatives.
Excessive Use of the <B> tag used in place of a Clue-by-Four unavailable via HTTP. :)
Who's paying for this? (Score:1)
Any Takers?
Foveon does the same thing (Score:2)
Crowds (Score:2)
Unfortunately, the crowds code seems to be restricted to people in the US only
A suggestion...or 3 or 4 (Score:2)
#2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
#3 Lets ALL drop by and express our opinions of their policies and goals, in a professional manner of course
#4 BONUS...surf from Solaris where you can change your MAC address on the FLY...Track this !!!!
I don't ask for much but I insist on ME!!!!
Well I'm gonna (Score:2)
Image what 2000 hits a day to those sights will do to my "digital sihloutte"
Sure, refuse if you know about it (Score:2)
Yeah, I'd change ISPs in an instant if I knew they were monitoring me like this.
How would I know though? My ISP sends me a bill every month, and I pay it. My scripts dial a number and I get connected to the internet. I have no further communication with them. How would I know if they decide to sell data on where I was surfing? Who would tell me?
Remember, a number of folks will find a new ISP if they start selling data, so it is to their advantage to make sure I never find out.
Re:Thoughts (Score:2)
There is a trend toward 10.* addresses in cable modem situations. IPSEC cannot always tunnel through this situation.
If you can telnet, you can set up a VPN (using ssh and pppd).
Blown out of proportion again (Score:2)
If a company does not have the trust of its customers, the company will die. (For those that will undoubtedly mention Microsoft, remember that people like us make up a tiny fraction of Microsoft's customer base.)
If all ISP's were to suddenly decide that it would be really neat if all of their customers could be tracked, there would suddenly be a HUGE market for ISP's that did no such tracking. There would be no shortage of alternatives for customers leaving these ISP's in droves.
It was mentioned that ISP's could possibly offer two account classes, one that was tracked and would be possibly cheaper than one that wasn't. There was further speculation that the un-monitored version could possibly be more expensive than average accounts are today, in an effort to force people to subscribe to the tracked accounts.
Am I the only one that just doesn't understand why ISP's would collectively do this? Why hike rates for no apparent reason, especially when competitors aren't doing the same? If you really think all of the ISP's in the country would get together and agree to raise rates in an effort to force everyone to subscribe to accounts that track their browsing habits, you're talking conspiracy theories again. (Also stereotypical YRO.)
Try to think about this logically, folks.
Re:Blown out of proportion again (Score:2)
Companies just don't turn "evil" and start tracking all of their customers and deliberately and openly invade their privacy like this. Shady companies have appeared and tried to gradually do this, and there are other companies that make it their business to give you something for free in exchange for this type of concession, but you don't have Internet providers just going rogue like this.
It doesn't make any sense.
If your cable modem provider is doing evil things like this, and you have no other alternatives (DSL?), then write them a letter. Write your city or state a letter. Make change.
I just wish all of this wild speculation about how all of the companies in the world are just going to rise up and start invading everyone's privacy would stop. There is zero reason to think these companies will step up and start doing all of these evil things.
All I'm trying to say is THINK ABOUT IT. Everyone seems too eager to equate "technologically possible" with "going to happen".
Re:Stereotypically Fastolfe (Score:2)
If people would just think about things logically and rationally and stop the wild speculation and jumping on respective bandwagons, YRO threads could be SO much more productive. Everyone is too eager to assume that just because something is possible, or one company said something and had their words twisted so that it hinted that something was possible, that automatically they and all of the companies you do business with are going to rise up and start invading your privacy and selling your dirty secrets. This is just stupid.
And I never ever recall saying anything that indicated 'privacy is for criminals.' Perhaps you're confusing me with somebody else? "Go back to watching TV?" I assume by that you're trying to say that my intention is to placate people? That I want people to just quietly go along with what's happening in the world? If that's the case, then perhaps you've never read any of my comments. All I'm trying to do is inject some rationality into this discussion. All we keep seeing are conspiracy theories and wild speculation that NEVER COME TO PASS. People are too busy saying, "Look out! The evil companies are banding together again to steal our dirty secrets and invade our privacy!" that they don't realize that every time they've said this in the past it's never come to pass. I don't know if they think that they're actually making a difference with these speculations or what.
All I want people to do is think about things rationally. Look at this from the company's point of view. What do they stand to gain? Will they lose customers? Will they break any laws? Does this new company image help them?
Generally, answers are "not a lot", "yes -- they'll lose quite a lot" and "arguably."
Rarely do these offset the gains, so it makes ZERO sense for companies to indulge in the behavior people are speculating about. THINK ABOUT IT.
Thoughts (Score:2)
Secondly, the sheer volume of information they'll need to process will be overwhelming, which means they'll only be able to process the "highlights". It should be easy enough to inject enough decoy communications to render the system effectively useless.
Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.
Lastly, each time I see a duplicated topic, it always reminds me of Kryten, off Red Dwarf, for some strange reason. :)
Re:Thoughts (Score:2)
I'd say being able to randomly connect with any one of a couple of hundred proxies, in each request, for free, using an SSL connection to hide the real destination, would make it impossible for ISPs, =HOWEVER= advanced their technology, to monitor where you are going.
Secondly, yes, a tunnel needs two end-points. Take your pick - the 6bone has several hundred participants, including at least one tunnel on request service. For free, might I add. With 3DES encrypted IPSec, for those wanting encryption.
If people want to know if you have been to a specific place, ngrep won't help. You can only parse a live transaction log at the speed the software will run, which is likely to be slower than the maximum throughput of N broadband lines.
By using one of the national or international caching systems, such as the one JANet has, the transactions are going to be much harder to identify. You can't simply operate on a given field in the packet, and trust that that will have the right data.
By using the 6-bone, things get worse. AAAA-type records are not known to be nice to software expecting nice, simple A-type ones.
It doesn't help, though, knowing that you're connected to the 6-bone. There are plenty of proxies which allow traffic to cross between IPv4 and IPv6 - SOCKS does this. This means that you can be connected to a local 6bone proxy, and then to a 4/6bone cache the other side of the continent. The ISP will have no means of knowing where you're going.
Privacy is never going to be for the "clueless". Nor, IMHO, should it be. That's not because of any "deserving", or "merit", but because if it's not a priority for someone, nobody made me God to tell them it should be. Nor is it within my right to foist what =I= perceive to be a good thing on such a person.
My rights start and end with me. I have no rights beyond me - anything else, gifted by law or society is just that. A gift, given voluntarily, which can be accepted or refused. But NOWHERE is it given that I have any rights or power over any other person. They, too, have rights that start and end with them.
If those people CHOOSE to put security as a low priority, that is THEIR choice to make, not mine, and woe betide any who decides they know better. That way lies dictatorship and detruction. I am not the world's greatest Baseball player. Nor is there any law which dictates I should be. That does not give you, or anyone else, any right to impose Baseball on me, in any way, shape or form. I've made my choice, and it's your tough luck if you don't like it.
If Fred Bloggs, down the road, chooses to allow their ISP to monitor all their web usage, that too is their choice. My beliefs concerning privacy and security are irrelevent. Their choice is THEIRS. If Fred Bloggs =wanted= to be a Guru on network security, you know what? They would be. If they aren't, and don't wish to be, I have no right to impose that upon them.
Re:We need to fight back! (Score:2)
If man is inherently good, then anarchy is possible because people can regulate their own day-to-day activities without authority.
If man is inherently evil, then anarchy is necessary, because then nobody can be trusted to be in a position of power.
State socialism didn't work, but what about council communism, which was very anarchistic until the Bolsheviks took over the councils? What about primitive cultures, which basically existed on very anarchistic principles?
Don't put so little faith in your fellow people. It's power that corrupts, so eliminate positions of power and authority, and then we can see where we can go from there.
Michael Chisari
mchisari@usa.net
Re: (Score:2)
Noise (Score:2)
The solution is noise. Code up a browser-bot (GPLed, of course) that randomly surfs the web while you're not (you don't want to interfere with your real browsing). Be careful you don't cross the arbitrary line of "excessive use"! Feed it some biases, or search terms from time to time, and watch as you get bombarded with spam from www.armadillofancier.com.
Re:This seems like a dumb idea for ISPs (Score:2)
Lunatic marketroids (Score:2)
[The Internet is] big, it's unorganized, and its users are simply unable to wade through it all to find interesting information that satisfies their needs.
I don't know what warped dimension these guys are living in, but I find ads to be the least interesting thing on the Internet. And my information needs rarely have anything to do with purchasing products or services.
Until now, the only way reach end-users through all that clutter has been to bombard them with banner ads. And, as today's declining click-through rates show, this approach got old fast.
Again they assume advertising messages are more important to people than the actual content of web pages. All that stuff is just "clutter". And banner ads are "old" because people find them annoying. Targeting them won't make them any less so. A telemarketer who interupts my dinner trying to sell me something I might be interested in is no less irksome than one with a product I don't care about.
We have developed a revolutionary infrastructure-based content delivery platform that enhances users' online Internet experience by delivering highly personalized, custom-tailored information right to their desktops.
What information? And how will it appear on my screen? Are random web pages going to pop up in my browser that they think I might be interested in?
More likely "information" is their euphemism for ads. So how are these going to appear on my computer? When I read Slashdot, will they be substituting their ads for the ones Andover puts on the pages? Or will there be boxes popping up on my screen flashing ads and disrupting what I am trying to read? Will my ISP insist that I must use their specially customized version of Netscape 6.5 with a special window to dispay the content they think I ought to be reading?
It all sounds like a marketers wet dream to track all the interests of individuals in order to target the ads, but I am unable to see how they are going to deliver them. Substituting ads on a page would upset site owners who would probably sue. Pop ups will annoy subscribers and probably lose business for the ISPs. Special browsers with ad windows are already in use by "free" ISPs; why would anyone want to pay even a "discounted" rate for same thing they can get for free?
"Content providers, such as advertising organizations, can harness the power of the Internet to send highly-targeted, rich media messages directly to the audiences they desire."
The language of this statement makes want to puke (advertising = "rich media messages" ??!!) These people are so out of touch with real life and real people it is quite scary. There is no way I would want people like this to be tracking my private online activities.
Security initiative (Score:2)
Re:HMmm (Score:2)
The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit. And tracking you online is just one quick partnership with your ISP away. Then they have an address, a phone number, a credit card number, and a comprehensive database of everything you view online.
Scary ain't it?
Spyky
Re:Good Anti-marketing for ISPs? it's been done (Score:2)
//rdj
Re:We need to fight back! (Score:2)
If man is inherently evil...
Hmm... how about none of the above? There is no such thing as "man", a creature which always has the same characteristics. Some people are good. Some people are greedy. Some people are evil. Some people are good, but for some unfathomable reason like mayonnaise.
Humans are not identical. Not everyone can regulate their own activities. Some can be trusted in positions of power. Anarchy might work with robots; it doesn't work with humans.
I can't sit back and watch this! (Score:2)
Come on people.. This is hoax type material. I work for an ISP. Our mail log looks like one of those screens from the Matrix. Nobody is spying on you. Really.
There are a lot of moral, legal, and technical reasons why this is not the case. I don't know about this Predictive Network stuff, but it sounds like a hoax being brought on by l33t h4x0rs.
solution (Score:2)
as a conservative... (Score:2)
I'm especially scared of this kind of censorship.
The TV media censors conservative viewpoints off the airwaves, especially if it is the viewpoint of someone who isn't a raving racist nut and making us look bad.
They shut the conservative viewpoint completely out in colleges, too.
IMO it isn't suddenly cool when AOL just flat out filters out the Democratic National Committee website, and escalates the destruction of productive political dialogue to a new level.
I hope when I turn on the Larry Elder or Rush Limbaugh show, they've got something negative to say about this...
========================
63,000 bugs in the code, 63,000 bugs,
ya get 1 whacked with a service pack,
Re:Predictive's watching me (Score:2)
Keep it up!
Thanks, Mafiaboy, for giving them an excuse. (Score:2)
The Infospace is fundamentally vulnerable, and the more we come to depend on it for vital activities the more that vulnerability becomes a threat to which the citizenry demands a response. The day that Yahoo, Ebay and friends went down, everyone heard the "shot heard round the world" that was the hope of privacy and anonymity on the Internet summoning upon itself the attacks of every government.
It was inevitable. Given the ease with which any 15-year-old script kiddie can disrupt the resources of others, imagine the damage that could be caused by a determined and professional team of terrorists, extortionists and thieves.
No, I don't believe in security through obscurity, so what I see right now is a race - can we make the web secure through technology, or will it become the stomping ground of manditory constant government surveillance?
Under the plan in the article there is an opt-out potential - pay more to use an ISP that doesn't pimp out its users. Somehow I don't think the NSA has such an opt-out provision in Echelon, much less on the internet.
What about multiple users? (Score:2)
The site makes no mention of how multiple users on the same computer might be handled. Wouldn't shared usage spoil their profiles?
And since their tracking relies on an "anonymous" number...what would happen if all of us were to use the same number? (My impression is that the number is somehow incorporated into the client software....shouldn't be too hard to change it. ;)
Behold, the reading habits of one huge entity named Slashdot!
-- WhiskeyJack
Re:OOG NO WANT BE TRACKED!!! (Score:2)
Yeah! OOG rules!
I say that Slashdot should change their program to give OOG a (5: Funny) by default.
Privacy? What Privacy? (Score:2)
OOG NO WANT BE TRACKED!!! (Score:2)
Banner ads (Score:2)
So. They are tracking your "HTTP click stream". Apparently they think the Web = the Internet. Then they say, "You can obtain your ID by clicking on ... ". So apparently you have to be using Windows and have their software of some kind installed. Great.
So what if I don't use Windows? I fancy any Linux client can be easily hacked/cracked to not send this "click stream" information... Or does that mean I'm not allowed to use that ISP just because I use Linux and not Windows?!?! Or perhaps they are doing it from the ISP's connection, so that any form of outgoing HTTP requests will be attributed to my client...
All this Web activity tracking makes me sick. I think it's about time we built our own proxies with encrypted HTTP requests so that nobody can track our browsing history. All we need is to have special connection code in Mozilla (or perhaps even a Linux kernel module, anyone?) that encrypts the HTTP stream, perhaps send it via some unknown port (definitely not 80, perhaps some esoteric port like 12529) to a proxy that decrypts the HTTP stream and forwards it to the real Web server.
The proxy itself may be open to the tracking -- it's irrelevent because they would just be tracking the combined traffic of a large number of proxy users and they can't determine the source of the forwarded HTTP requests anyway. Besides, I for one am going to filter out doubleclick and other such domains completely on my firewall. Banner ads suck. If I want something there are places I can look it up. I don't need to be spoonfed garbage like ads. I can't stand this incessant bombardment of "buy me! Buy this! buy that!" trash. As if TV commercials aren't bad enough.
Another idea that just came to mind is to have the proxy code available to everybody. We can then use each other's machines as proxies and make the data they collect totally useless and not resemble any real information about you at all. I haven't thought this through so it might be a bad idea, but anyway, it's an idea for slashdotters to talk about.
Re:Crowds (Score:3)
Tip: use a search engine. I recommend Google [google.com]. Try searching for "crowds proxy" [google.com]. You should find The Crowds Home Page [att.com].
Re:Thoughts (Score:3)
I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.
Data Protection Act (Score:3)
The Data protection act. Basically, if any UK organisation (not just a company, any org) wants to store personal data about me on a computer, they have to get my signature on a piece of paper, giving them permision. In other words, such a scheme in the UK must be opt-in.
Additionally, they _have_ to let you view _all_ the data you hold on them, for a nominal fee.
(Oh, IANAL, that's just how I precieve it to work, as someone whose tangled briefly with it)
So, how does this releate? Well, look at the they way they let you see your personal data:
Any subscriber on The Predictive Network has the right to view their Digital Silhouette free of charge twice during the calendar year. Subscribers will be charged $50.00 per request thereafter.
Note the two free views. This is so that they can link the Silhouette with a person (or maybe I'm just a bit cynical). After that, you pay through the nose. In UK, assuming it's sent via email, I believe the maximum they can charge is one pound (Those values are typical from companies that snail mail the data to you. They may not be able to charge even that much). Thier planned method of limiting acess to the data they hold is illegal in the UK.
Other nice touches - it would have to be (technically) opt-in. Admitingly, they can be rather sneaky about it - it's now common to have a small box on any form you send to a company, and if you _don't_ tick the box, they have your permision to sell your data. However, it's trivial to tick the box and stop them.
Data protection act - As far as I have seen, it's good for individuals, and bad for companies.
Oh, and there are a number of prosecutions each year under this act - in other words, this has teeth.
--
Re:Who's paying for this? (Score:3)
Battery Ventures
[battery.com]
www.battery.com
20 William Street, Suite 200
Wellesley, MA 02481
phone: (781) 577-1000
fax: (781) 577-1001
901 Mariner's Island Boulevard, Suite 475
San Mateo, CA 94404
phone: (650) 372-3939
fax: (650) 372-3930
Write Robert G. Barrett (Managing Partner) and
show your displeasure at the types of company
battery chooses to fund. His address is
bob@battery.com [mailto]
Write to your ISP (Score:3)
Just a short note to their sales department or administrators should be enough to let them know
where you stand.
For your convenience I'm including a "form letter" that we can use to make our opinions known. Be
sure to substitute your ISP's name in the appropriate 4 locations in this message, and to substitute your name at the end.
-----------------------------------------------
Dear (ISP NAME HERE),
I wanted to take just a minute of your time to highlight an issue of some importance to me, a customer for (TIME PERIOD), by which I hope to make known at least one customer's views on some rather disturbing trends in Interenet access. Just a moment of your time to express my thoughts, and hopefully influence (ISP NAME HERE)'s future direction would be appreciated.
There is currently an initiative and offering by a company named Predictive Networks to engage ISPs in a scheme by which the ISP will monitor web traffic patterns from individual subscribers. This data would be given to Predictive Networks to create user profiles which are then used for marketing purposes.
In exchange for this information ISPs would presumably be financially compensated. This of course can only lead to coercion by ISPs upon subscribers to submit to this sort of monitoring lest they face either termination of service or higher service fees.
The discussion which brought this initiative to my attention can be found at the URL http://www.vortex.com/privacy/priv.09.13.
I have no desire to particpate in such data collection, and will vigorously oppose the imposition of any such policy upon me. As a satisfied customer of (ISP NAME HERE) to this date, I want to make known that I will refuse to conduct business with any ISP which chooses to participate in this venture. I sincerely hope that (ISP NAME HERE) will never consider detailed monitoring of their customer's Internet traffic.
Thank you for your time,
(YOUR NAME HERE)
-----------------------------------------------
What impact on DSL? (Score:3)
backbones *are* mentioned) -
and where I live, the major DSL provider is
SWBell, which is a semi-regulated provider.
(Semi-regulated by the government). Telephone
companies keep track of all sorts of data
about us - all the calls we receive, all of
the calls that we make. What they can do with that information is extremely limited. They are prohibited
from selling or making that information available,
unless its requested by a law enforcement agency.
Would those regulations also apply information
that they may/could gather through a DSL-style
connection? And if they currently do not, should
they be expanded to do so?
The concept is rather scary - as long as a company can make money by infringing on people's
privacy, those companies will have no issue to
continue to track/monitor and sell information.
As much as I am against governmental regulation,
some federal guidelines may be necessary in order
to keep these companies in line.
Just my 2 cents... on a sleepy Friday morning...
Re:I can't sit back and watch this! (Score:3)
Re:What impact on DSL? (Score:3)
Sorry but this assumption is not quite valid anymore. Pleae refer to:
"CNN" - FCC to appeal court ruling vacating privacy regulations [cnn.com] - August 25, 1999. A court ruling overturning federal protection of telephone customer records puts the interests of phone companies over the rights of consumers, a top federal regulator says.
The Federal Communications Commission("FCC") plans to appeal the decision by the three-judge panel of the 10th U.S. Circuit Court of Appeals, which could enable phone companies to use information about customers for marketing purposes without obtaining their consent.
"FCC" Chairman Bill Kennard said the court's decision to reject the commission's rules remove important protections to consumer privacy.
Political News from "Wired News" - Phone Records Up for Grabs? [wired.com]. A court ruling ( 98-9518 -- U.S. West Inc. v. Federal Communications Comm. -- 08/18/1999 [kscourts.org] ) with implications for the use and sale of private telephone records sets a disturbing precedent for how the courts regard privacy, watchdog groups say.
But the Federal Communications Commission("FCC") will appeal last week's 10th Circuit Court of Appeals decision, which pleased those privacy groups.
The ruling effectively canceled a vague "FCC" regulation that had forced phone companies to obtain customer permission before using or selling call records for marketing purposes.
ACLU Press Release: 10-25-99 - Consumer and Privacy Organizations, Legal Scholars Urge Appeals Court to Protect Consumers' Telephone Privacy [aclu.org]. In a friend-of-the-court brief filed today, 15 consumer and privacy organizations and 22 legal scholars urged a federal appeals court to reconsider a decision that would allow telephone companies to use private telephone records for marketing purposes. The groups, including the American Civil Liberties Union, said that the case is of great importance to consumers across the United States. The brief, filed in support of a petition from the Federal Communications Commission, asks the 10th Circuit Court of Appeals to uphold a privacy provision that was enacted by Congress in 1996 and implemented by the FCC.
Scary article from marketroids' perspective (Score:4)
Doing a quick Google search, I ran across this article [fastcompany.com] praising the development of "interactive relationship managers" (IRMs) like the one developed by Predictive Networks. The author is all agog about the marketing benefits of using these IRMs to target exactly what the customers want. He says that 'the "best customers"...[will] make sure that the only advertising that gets through is advertising that they really want to hear.' But then he claims that the way to do this is to use IRMs that 'collect user data based on the surfing habits of ISP customers and then make appropriate suggestions as to what else those customers might like or need.
He also mentions the opportunity for companies to act as free ISPs to their customers so that they can easily gather the profiling information.
<RANT>
This "solution" is patently ridiculous (maybe it should be patented!). Am I a "best customer" in his terms, or not? I absolutely do not want my time and bandwidth wasted by any advertisement unless I decide that I want to see it. According to his definition, that makes me a "best customer".
But there's no way that I want any commercial entity, either software or meatware, to profile my actions and try to figure out what I might be interested in. I'm sorry, but this "best customer" wants to choose for himself what he's interested in seeing. I know best what I'm interested in. Any other "solution" is a travesty, and especially one that violates my privacy in order to provide a useless "service" that I do not want at all.
Not only is the IRM a violation of my privacy, but it's also ineffective -- my current interests are not determined by my previous interests. If I am interested in purchasing something, I will find the information I need for myself. And it will be good information -- not just biased marketing drivel.
How can someone be so clueless to think that IRMs are a solution for people who want to control what advertising they see? They are the same marketing solution all over again - "we will tell you what you should be interested in."
Sorry, but I'm not listening. I already know what I'm interested in.
</RANT>
Re:Thoughts (Score:4)
That's not the point. _No one_ should have to jump through hoops to maintain their right to privacy on the Internet. One shouldn't have to be a "geek" and know how to beat the system, because the system shouldn't be that way in the first place.
> the sheer volume of information they'll need to process will be overwhelming
So maybe it'll be difficult in the beginning, but remember Moore's Law can be applied to more things than your Quake III fps score or your Linux compile time. While processing power, bandwidth and storage capacity continue to increase, the last time I checked, the length of URLs was pretty much constant. If they can't handle all the data now, with the right funding, they will be able to soon. It's only a matter of time....
Set up tunnel network (Score:4)
UK and the Regulation of Investigatory Powers Act (Score:4)
The Regulation of Investigatory Powers Act [fipr.org] will treat ISPs as telcos. It will require them to put the monitoring apparatus in place, so the government can watch what its taxpayers are doing. More detailed discussion of this hideous legislation can be found at the STAND [stand.org.uk] site.
Once the telcos, sorry, ISPs put this apparatus in place, thy might as well get some return on their 'investment' by gleaning marketing info about their customers in passing.
We need to fight back! (Score:5)
I keep seeing these draconian laws being passed by our government, and these orwellian systems being created and implemented by profit- and power-hungry corporations. It seems every day there's a different post to Slashdot describing some new method for controlling the flow of information and the freedoms that we should be taking for granted...
And what are we doing about it? Why do we keep allowing our rights and freedoms to be taken away?
Why are those in power doing this to us? That's easy to answer: Because they can. Because anybody in power will seek to extend their power and control.
Why are we allowing this to happen? I don't know. Some of us are fighting back as much as we can, but most of us simply post to Slashdot and complain.
Listen up! All this bullshit that we've been fed ("We live in a free country!", "The economy is doing great!"), it's all just that: bullshit! We're losing our rights and freedoms on a daily basis, our economy is fake (the drop on last Friday was equivalent to Black Tuesday in 1929), people all over the world are being forced into sweatshop slavery in the name of "economic progress", and our environment is being raped and destroyed at an alarming rate in the name of profit.
And most importantly? The technology that we all love and support is being turned back on us in order to control and monitor people. They're usurping something that they have no right to usurp. We have to put the power of technology back into the hands of the people!
It's time to fight back! It's time for a revolution!
http://www.indymedia.org [indymedia.org] - Support independant media!
http://www.soaw.org [soaw.org] - Why are our tax dollars being spent on training murderers?
http://www.corpwatch.org [corpwatch.org] - So you think only governments can oppress and censor?
http://www.spunk.org [spunk.org]
http://www.infoshop.org [infoshop.org] - Communism is dead, Capitalism is close to it. There is another alternative, and it's time we started exploring it.
http://www.adbusters.org [adbusters.org]
http://www.rtmark.com [rtmark.com]
http://www.subvertise.org [subvertise.org] - Subvertising (also known as adbusting) at it's best.
http://www.ainfos.ca [ainfos.ca] - Keep informed on what is happening in the world, from an anti-authoritarian, grassroots perspective.
http://www.a16.org [a16.org] - Seattle and D.C. are just the beginning.
Michael Chisari
mchisari@usa.net
Oops... link down (Score:5)
They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.
Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.
A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.
The software runs on Windows; Linux version due RSN, so they say.
50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).
Disclaimer: I want to work for these guys.
It's inevitable: simple economics, plus the gov't. (Score:5)
(Vocabulary you need to know: CPM. CPM stands for "cost per thousand," and it is how ads are sold. Show an ad to 1000 people, and you earn the ad's CPM, less a fee for ad serving, which is somewhere around $0.30-$0.50, from AdSmart anyway.)
Anyway, here's why all this tracking hoo-hah is inevitable...
Un-targeted banner ads -- the "bottom feeders," I have heard them called -- command a measly $1-3 CPM. Many sites that do not have their users categorized display these "run of site" untargeted banners. They make a few bucks per CPM. Nice, but it's not the big money.
Targeted ads are much more lucrative. If your users are divided into highly "vertical" segments, like car people, pet people, etc. you can make $10-$15 CPMs.
Right there is the motivation for all of this. Targeted ads make the big bucks.
But, look on the bright side... in the coming no-privacy ISP world, there's an opportunity for a number of right-thinking geek-run ISPs to really grow and serve our needs...
... until the government fixes that by banning on-line anonynimity. Which is their ultimate goal -- don't doubt that for a minute. The President stated that very clearly recently. I wish I had the link handy. Right now we should also be thinking of ways to defeat enforced-by-law identity tracking, as it is inevitable.