Comcast Argues 'We've Never Sold Customers' Data' (mediapost.com) 56
An anonymous reader quotes MediaPost:
Faced with a new controversy related to online privacy, Comcast said this week that it doesn't draw on information about the sites broadband users visit for advertising or targeting. The company said Thursday that it deletes information every 24 hours about the domain names people navigate to online. "Millions of Comcast customers look up billions of addresses online every day," Chief Privacy Officer Christin McMeley wrote on the company's blog. "We've never used that data for any sort of marketing or advertising -- and we have never sold it to anyone."
The company's statement came one day after the publication Motherboard reported on Comcast's efforts to rally opposition on Capitol Hill to Google's plan to encrypt domain names... "While cloaked as enhancing user privacy, Google's DNS encryption will in fact vastly expand Google's control over and use of customer data, and will result in the complete commercialization of DNS data for Google's own ends," [Comcast's] presentation states. Google has said its plans were mischaracterized by broadband organizations, and that it has no intention of centralizing the web, or changing people's existing DNS providers to Google by default. "Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate," a company spokesperson said last month...
One day after Motherboard posted the material reportedly prepared by Comcast, the cable provider touted its privacy policies in a blog post. "Where you go on the Internet is your business, not ours," McMeley wrote. "As your Internet Service Provider, we do not track the websites you visit or apps you use through your broadband connection. Because we don't track that information, we don't use it to build a profile about you and we have never sold that information to anyone."
Several years ago, Comcast opposed Federal Communications Commission privacy regulations that would have required broadband providers to obtain consumers' opt-in consent before drawing on their web-browsing activity for advertising. The FCC passed those rules in 2016, but the regulations were revoked by Congress the following year.
The company's statement came one day after the publication Motherboard reported on Comcast's efforts to rally opposition on Capitol Hill to Google's plan to encrypt domain names... "While cloaked as enhancing user privacy, Google's DNS encryption will in fact vastly expand Google's control over and use of customer data, and will result in the complete commercialization of DNS data for Google's own ends," [Comcast's] presentation states. Google has said its plans were mischaracterized by broadband organizations, and that it has no intention of centralizing the web, or changing people's existing DNS providers to Google by default. "Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate," a company spokesperson said last month...
One day after Motherboard posted the material reportedly prepared by Comcast, the cable provider touted its privacy policies in a blog post. "Where you go on the Internet is your business, not ours," McMeley wrote. "As your Internet Service Provider, we do not track the websites you visit or apps you use through your broadband connection. Because we don't track that information, we don't use it to build a profile about you and we have never sold that information to anyone."
Several years ago, Comcast opposed Federal Communications Commission privacy regulations that would have required broadband providers to obtain consumers' opt-in consent before drawing on their web-browsing activity for advertising. The FCC passed those rules in 2016, but the regulations were revoked by Congress the following year.
Yeah, right (Score:2)
Re: Yeah, right (Score:3)
It could be revenue from that stupid sitefinder type DNS nxdomain hijack that many ISPs use these days. Obviously it makes enough that they think it is worth maintaining the service that nobody asked for. Not sure if Comcast does that in particular, but I'm 100% certain that Cox, Sprint, and TMobile do.
Incomplete statement (Score:5, Insightful)
So many holes here. I don't to hear that the data has not been sold. I want to hear that it hasn't been passed on to anybody else. Also, DNS queries could be deleted as soon as fulfilled. Why 24 hour log delay?
Re: (Score:2)
Look at their business models (Score:2)
Comcast: Sell you shitty, overpriced Internet service.
Google: Gather as much data as they possibly can about you and sell it to anyone willing to pay for it.
Gee, I wonder which one of those business models is a threat to privacy, and which company I'd trust more with my DNS history?
Then there's the other issue that the whole DoH thing is mostly a red herring, a bunch of Google geeks demonstrating how clever they are. If I do a DoH lookup followed milliseconds later by going to the IP address for Pr0nhub, n
Re:Look at their business models (Score:4, Informative)
Your example is good, in theory, for the internet 10 years ago. However, today, the vast majority of the internet as we know it is housed in either AWS, Azure, or Google Cloud. Many of these sites are using elastic load balancers using IP addresses provided by the cloud hosting solution. These IP addresses also shift regularly from one customer to another with these respective providers. Taking out DNS visibility means it is indeed significantly more difficult to see what sites you're visiting in today's modern cloud hosting age.
Re:Look at their business models (Score:5, Insightful)
If they deleted their customers' records every 24 hours, how did they ever prove that their customers DID go to torrent sites to download copyrighted material on behalf of media companies?
Re: (Score:2)
They don't do it directly, they simply outsource it to contractors that do their dirty work for them.
Same deal goes for reselling mailing lists to mass marketers. AT&T, anyone?
Re:Look at their business models (Score:4, Interesting)
Your example is good, in theory, for the internet 10 years ago. However, today, the vast majority of the internet as we know it is housed in either AWS, Azure, or Google Cloud.
This argument works both ways. When majority of Internet users attention is taken up by a small number of large content companies the implication of shared hosting and reverse proxy services carry less weight than it has in the past.
The trend looks considerably worse to me. Look at what Google is trying to pull off not even bothering to show URLs in Google search results, nerfing URL bar in Chrome, scraping "answers" from websites and schemes like AMP... Their vision of the future seems to be encouraging people never to leave Google even if the user themselves is confused or actively mislead into believing they are somewhere else.
These IP addresses also shift regularly from one customer to another with these respective providers. Taking out D.N.S visibility means it is indeed significantly more difficult to see what sites you're visiting in today's modern cloud hosting age.
I'm not so sure of this characterization. Today site name is broadcast in clear over wire in TLS handshake for the ISP and anyone else in the data path to see. D.N.S is inaccurate. Names are cached by home routers and hosts and possibly shared by multiple clients and various prefetch schemes generate phantom hits. Currently all I have to do is inspect the first datagram after TCP session is established whenever a new flow is detected to extract history... it costs me way more to store the data than to gather it.
Perhaps tomorrow there will be some opportunistic (e.g. insecure) group scheme to hide identity and the cost will go up.
Either way all of these privacy and security mechanisms are total bullshit next to the breathtaking scope and scale of privacy violations actually being committed by content providers over completely "secure" sessions. Centralizing control over DNS to a company facilitating content as Mozilla is trying to do in the name of "privacy" and "security" is madness.
Here with Comcast we are talking about theories and assumptions. There is not even real public information that Comcast is even doing shit with DNS but this story keeps coming up again and again.... as some kind of PR campaign to try and switch the narrative away from Mozilla's ridiculous DoH scheme... one so egregious not even fucking ***Google*** is publically contemplating emulating it.
Re: (Score:2)
Re: Look at their business models (Score:2)
Google: Gather as much data as they possibly can about you and sell it to anyone willing to pay for it.
I think Google would make a lot more money if they kept that information to themselves and used it to sell targeted ads, rather than selling it so that other companies can continue to use it without paying Google each time they show an ad.
Re: Look at their business models (Score:2)
The real money comes from selling mass surveillance data to the gestapo.
Comment removed (Score:5, Insightful)
Re: Look at their business models (Score:2)
"Google does not sell your data."
Everyone knows Google sells everyone's data to the gestapo.
You don't seriously believe that sci-fi dystopia-level mass surveillance is for "advertising", do you?
Well they're right about Google (Score:1)
Your ISP only has the DNS records of their customers. Google would have everybody's. It's not a solution. We just have to come up with an alternative to DNS [afnic.fr] [I don't care for any of the examples used].
Re: (Score:3)
Google says they don't intend to make it your default DNS server, because they only intend to make it the default DNS when you use their browser, which now enjoys over 50% market share.
Ask anyone defending Google here if they would be OK with Chrome phoning home reporting every link you click. They would get slammed by slashdotters left and right, obvious and malicious spyware, yes?
Thats exactly what their p
WHY freak out over DNS over https then? (Score:4, Insightful)
WHY freak out over DNS over https if they don't have a use for that data?
Public meetings crowded with uninterested parties PAID by comcast to undermine the functioning of our government. Real trustworthy people.
"Customer Data" can mean many things! It can be analysis of that data creating NEW data... profiles of you and that information is both technically customer data and their property. It's derived from your info and technically they are not selling your info but at the same time it's info about you they got from your data so it's also in a way your data too... I'm sure their PR people can doublespeak in a dozen ways.
Re: (Score:2)
Comcast could just run their own DoH servers and ask Google to add them to the whitelist Chrome uses to enable DoH. It's only enabled for a small number of DNS servers that are known to properly support DoH and have a decent privacy policy.
Ah, but that's what they are afraid of. Their privacy policy will suck or they will get caught violating it, and their own DoH servers blocked as malware with users re-routed to ones that respect their privacy.
as nasty as they are... they do DNSSEC and IPv6 (Score:5, Interesting)
they are far and above one of the better ISP's in terms of implementing technology...
DNSSEC allows you to VERIFY that your DNS has not been MITM
with comcast it actually works (so does google, cloudflare et al ) the difference is that comcast are a actual ISP and not just playing at it like google...
they do lots of other things in terms of business of a ISP that might be judged wrong but focusing on the technology they actually do a good job...
Re: (Score:1)
focusing on the technology they actually do a good job...
Imagine how much better they would do if they had to deal with competing service providers.
Re: (Score:2)
You have to make a very convincing argument as to why something should NOT be encrypted, otherwise I'm encrypting it.
Customers' Data (Score:4, Insightful)
Re: (Score:2)
Re: Customers' Data (Score:2)
Why - what's going too happen? In most markets they are a monopoly. So none of their cattle... I mean, customers... will escape. And they've already bought plenty of judges. Don't expect DUH LAW to lift a finger against them, no matter how egregious their frauds and abuses.
Re: (Score:1)
Re: (Score:2)
They never sold it. But they probably make it available to paying cable TV advertisers.
"We Didn't Burn Him!" (Score:2)
Bull Crap (Score:5, Interesting)
If that were the case, then Comcast, please explain why you ship wireless cable routers that DO NOT ALLOW the customer to edit or change their DNS servers?
And while I'm on this rant, WHY do they ship your LOCAL passphrase for your wireless network up to their cloud, where it is stored in PLAIN TEXT, and accessible over the interwebs in the name of "customer service"?
Browser manufacturers building in DNS lookups over an encrypted channel bypass this DNS lookup, and by extension, browser history data collection.
FWIW, I have never heard of the government compensating an ISP for collecting this type of data and passing it along, so they are probably accurate when they claim to not be SELLING it.
The only reason ANYONE does business with Comcast, is because they are a monopoly, and you have no viable choice.
-Red
Re: (Score:2)
''Comcast, please explain why you ship wireless cable routers that DO NOT ALLOW the customer to edit or change their DNS servers?''
I've leased a couple of their routers in the past. Changing the default DNS server wasn't the easiest to find in the admin interface, and I've found them flashing the router effectively resetting my config, but I've never had one of their routers I couldn't change the DNS server. I used to see them turn on their public AP without my permission frequently until I bitched to them
Re: (Score:2)
And while I'm on this rant, WHY do they ship your LOCAL passphrase for your wireless network up to their cloud, where it is stored in PLAIN TEXT, and accessible over the interwebs in the name of "customer service"?
Not only do they steal WiFi passwords from rental modems they exfiltrated them from **customer owned equipment**. I've personally witnessed this first hand.
Browser manufacturers building in DNS lookups over an encrypted channel bypass this DNS lookup, and by extension, browser history data collection.
Browser manufacturers building in DNS lookups over an encrypted channel bypass this DNS lookup, and by extension, browser history data collection.
While I have no clue about unchangeable DNS in rented routers it wouldn't surprise me... Regardless the answer is to set a different DNS server on your hosts or save a shit ton of money and buy your own router... not this bullshit Mozilla is trying to get away with.
Re: (Score:3)
If that were the case, then Comcast, please explain why you ship wireless cable routers that DO NOT ALLOW the customer to edit or change their DNS servers?
And while I'm on this rant, WHY do they ship your LOCAL passphrase for your wireless network up to their cloud, where it is stored in PLAIN TEXT, and accessible over the interwebs in the name of "customer service"?
To be fair it's probably to reduce customer service issues. If you can't change the DNS settings then they can't get hijacked. Any large ISP wi
I want a congressional hearing NOW! (Score:2)
This is most likey BS. If there wasn't money involved then why would they care? Send them to congress (not to the FCC, because no one at the FCC cares). Bury comcast in the ground.
Re: (Score:3)
This is most likey BS. If there wasn't money involved then why would they care? Send them to congress (not to the FCC, because no one at the FCC cares). Bury comcast in the ground.
Yeah, send them to a body made up of people likely in their employ... they'll really get the screws put to them, then!
Re: (Score:2)
The Classic Suspiciously Specific Denial (Score:5, Insightful)
"We've never used that data for any sort of marketing or advertising -- and we have never sold it to anyone."
...But we 'Shared it' with our 'partners' for a 'handling fee'.
Re: (Score:1)
Re: (Score:2)
Anyone know about that recaptcha? Does it send the page you are on to Google, too? If you are typing something in, as you always are, like a password or just a post, does it send that, too, so it can add info of where and what you were doing to their IP database on you.
Re: (Score:1)
Re: (Score:1)
Big guy (Score:2)
"We're so large we just monitized detailed information on your surfing behaviors in-house so we could cut out the middleman."
No, itâ(TM)s true. (Score:1)
What does the fine print say? (Score:2)
Re: What does the fine print say? (Score:3)
I just checked. It says:
"You lose. Fuck you, prole, you have no rights. We win, you lose, no matter what. By clicking 'I agree' you signed over your immortal soul and the soul of your firstborn to Satan, our chairman of the board. You agree to let us snoop every detail of your life, day or night, even and especially when you're taking a shit. Your data will be shared with insurance companies, the Social Credit Score bureaus, your boss, the gestapo, Al Qaeda, North Korea, and at least fifty fully evil corpor
BULL FUCKING SHIT (Score:2)
Pure lies. We need to have a law where a company knowingly lies to the public gets someone sent to jail.
https://thenextweb.com/insight... [thenextweb.com]
From a certain point of view (Score:4, Funny)
- Comcast: Our customers were seduced by the dark side of the web. They ceased to be customers and became social media product. When that happened, the good men who were our customers were destroyed. So what I told you was true, from a certain point of view.
- Costomer: [incredulously] A certain point of view?
- Comcast: Dude, you're going to find that many of the truths we cling to depend greatly on our own point of view.
Article Summarized (Score:2)
Article Summarized:
Comcast's Chief Privacy Invasion Officer Christin McMeley issues bold, obvious lie. Absolutely no one is fooled.
We never sold your data... (Score:2)
"We never sold your data, we traded it for these strips of paper with pictures of presidents on them."
My question is.. (Score:1)
Never! (Score:2)
Rented , my friend. We would never sell that data ... it's very valuable.
-- Comcast
Suspicious of Comcast (Score:1)
If Comcast do not use the data then why would they complain about DNS encryption and other privacy improvements?! Oh the level of stupidity.
prepare for the exam (Score:1)