Deep Packet Inspection Set To Return

siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."

Re:Deja vu

[fuzzyfuzzyfungus]

Unfortunately, so called "outrage fatigue" is both well recognized and quite effective. People with a direct profit motive can just keep trying, again and again, until all but the hardcore tinfoil hatters lose interest)...

What if they did this with phone calls?

[Logic Worshipper]

Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.

I couldn't imagine a cell phone or land-line phone company getting away with that.

"Opt out" of the Internet service altogether?

[whoever57]

Does "obtaining consent" and allowing "opt-out" mean that customers will be free to terminate their Internet connection if they don't opt-in? Or will there be an option to retain Internet service while opting-out of the snooping?

Re:What if they did this with phone calls?

[dltaylor]

Don't they?

Not the content, at least for now, but there's money to be made selling the contact list, and not just to the gov't.

If you're regularly calling the local pharmacy, for example, don't the health insurance scammers have "a right to know that" (for a fee, of course) so they can stuff your mailbox (and email box, if you're lame enough to use your phone company as an ISP) with advertising?

Re:Returns? Did it ever go away?

[Anonymous Coward]

No, it never went away. I used to work for a top5 cable ISP in the US... and all they did put their sandvines servers in 'shunt' mode. Also, they are corporately controlled, so they could be turned on ANYTIME for ANYTHING without the local network admins even being aware. Oh yeah, and I found access to them while i was still there, and still have access to them.... so I could turn them on for ANYTHING without anyone knowing also. Scary, huh? Firesheep anyone?

SSL can only be adopted if provided by websites

[Mandrel]

Using SSL may not be a solution, because websites that think that these techniques will increase their revenue, because the ads they display will be better targeted, have an incentive to not provide an SSL service.

"Security" Service? Really?

[Lanir]

I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.

Let's see if we can boil down what a truthful ad for their spyware would look like.

"Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.

In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?

In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!

Re:Returns? Did it ever go away?

[Savantissimo]

No, as an ex-employee of a southeastern US ILEC I can tell you that they were doing deep packet inspection (and alteration) on all DSL lines from 2003 at latest. The equipment used was the Lucent BSN5000 switches. We weren't supposed to know about the packet alterations, but they made some problems impossible to fix.

Re:Now!

[CyberDragon777]

You should get one for free: http://www.startssl.com/?app=1 [startssl.com]