Hacker News new | past | comments | ask | show | jobs | submit login
[dupe] Anger as US internet privacy law scrapped (bbc.com)
313 points by clouddrover on March 29, 2017 | hide | past | favorite | 193 comments



I remember being so excited as a kid when I started getting drawn into the computing age. I remember when the internet seemed like mankind's next step forward. I remember being excited about so many new trends, social media, the age of everything being free on the internet.

Then, everyone else caught up. Now it's just like watching television. A bunch of companies vying to get you to buy something at any cost, and taking that strategy further than they ever did before the internet.

Now, I just want to leave my phone at home and go ride my bike. I rarely feel like developing anything anymore, haven't done a side project in over a year. Whenever I get motivated to do things like that I see shit like this and it just feels hopeless. There's no way to defeat these companies, because they are full of people struggling to get ahead and doing their cog's part in the machine that ultimately does this to us all.


This will force the country to learn about how important privacy is. Couldn't have done it any better myself.

You can all feel as hopeless and defeated as you like. When it comes down to it nothing in history came easy. With the Advent of the internet it forced the hands of those in power come up with new ways of making us think they are more powerful or have more power.

And unfortunately​ it works like a charm. A tech revolution would completely undermine the entire worlds markets over night. With the help of HN, it's members and a few months and some serious agenda pushing anything can get done. Problem is you all feel so defeated nobody wants to agree on the same agenda.

Like I said. It works. But we know how now. And with all the brain power on HN it's only a matter of time before they start targeting us. And they already have by passing this and putting that shit head in charge of the FCC.


I'm a lawyer whose practice involves privacy issues. My opinion is that identity itself is going to completely unreliable and impossible to verify within my lifetime. When your phone rings and you have absolutely no way of knowing whether the person on the other end is who they say they are, even if you know them well, and even if there is video, biometrics, etc.--that's when personal identity will be truly over. From there, it will progress quickly until even an in-person meeting will be hard to authenticate.


You would probably enjoy Hannu Rajaniemi's work. Even individuals may not know for sure if they're who they think they are.


Thanks for the recommendation. I think we're quite lucky to live in this time before that transition is completed.


> There's no way to defeat these companies

What about working to elect representatives who will pass privacy legislation?


Problem with that being:

If they're not corrupt(-ed) before entering office, they most certainly will be through lobbying (aka "generous donations") once they enter office. Exceptions to this rule are certainly rare and seem to only surface ahead of elections and vanish -again- as soon as they are elected.


Correct. Everything can be solved with more layers of abstaction though. Elect people who will reform lobbying and campaign finance (even if it takes an amendment), eliminate gerrymandering, and fix the other beyond broken parts of the political process. Then maybe we can consider policy.

If even that proves impossible, well, then I guess it would have to come down to violent revolution.


Nope, violent revolution produces worse regimes than what they replace. Emigrate instead.


And yet this law did get passed in the first place.


That's provably false. If it were true there would be very little difference between the votes of the major political parties on most important issues except around election time. Yet on most major issues there are significant consistent vote differences between Democrats in general and Republicans in general regardless of the nearness of elections.


Lobbying is a serious US problem and sounds absolutely corrupt from European POV, it just makes us more desperate.


> Lobbying is a serious US problem and sounds absolutely corrupt from European POV, it just makes us more desperate.

German here. Absolutely believe there's virtually no difference in that regard. Lobbyists write law proposals that end up being the verbatim law.


This would be true if the vote for this bill were not so close.


That helps solve the privacy problem. It doesn't solve the walled garden, monetized, commercial web outcompeting smaller hobbyists who usually have less slick but far deeper or more interesting content.

I remember that in the late 90s through early 2000s, I would regularly see personal sites pop up on my searches through the web, but I'm finding less and less non-commercial content. Either all the search results want to sell me something, or they're optimized to make money off of my clicks.


> I would regularly see personal sites pop up on my searches through the web, but I'm finding less and less non-commercial content.

That's because personal homepages have died off, to be replaced with better replacements - not because Disney and TimeWarner have paid Google to rank their results higher.

For example, Wikipedia (and Wikia) have replaced personal museum websites for all kinds of esoteric information - ditto fansites. For "Prof. Smith's computer science examples webpage" we have GitHub; Reddit has replaced "Links" pages and Webrings, and Google itself has rendered curated directory sites completely obsolete.

The only thing on Geocities and Angelfire/Tripod that Facebook has replaced are those insufferable "The Baker Family Homepage" websites.


> That's because personal homepages have died off, to be replaced with better replacements

Is it really a replacement if it's private and stuck in some walled garden? I don't care about the platform used, I care about the surfacing and availability of non-commercial content.


Why do you consider Wikipedia a private walled garden? Arguably it's freer and less commercial than older personal home pages because of the mandatory copyleft license.


Wikipedia has heavily curated content that must be presented in a certain way, protected from editing by trolls, and is reverted regularly.

Try making a significant change or writing a new article without being mired in beaurocracy.

It's not an example of diverse user-generated content any more. For good reason -- it can't be, if it wants to be considered a useful source on anything.


Here's a tally for S.J.Res 34 with profile links to each representative:

https://www.govtrack.us/congress/votes/115-2017/h202

Plenty of dots in there to scape, connect, visualize, and disseminate for anyone looking for a fun way to let off some steam.

A big shout out to the reps on both sides of the aisle that had the guts to stand for what's right.

And anyone reading this should take a minute to check the list to see how their rep voted and take action. The easiest thing to do is call your rep and let them know how you feel about their vote (good or bad), but it's even more affective if you share the link with your friends and family outside of your area. Explain to them why this is a bad idea and point out how their representative voted (good or bad) and make a date to check back with them before the next election.


>> There's no way to defeat these companies, because they are full of people struggling to get ahead and doing their cog's part in the machine that ultimately does this to us all.

I don't think this is true at all. It certainly won't happen fast enough for most people's liking though.

The best example of this is how Microsoft had no option but to do a 180 on open source once it realized that it was turning into an object of ridicule. (Although Windows 10 shows they still have some ways to go). You are really underestimating how powerful peer respect is amongst geeks.

For example, imagine if someone from Google asked you to come work for them in 2002-2004, and said "Our motto is Dont be evil", and suddenly that became a sort of rallying cry and everyone knew who the target was. Imagine if they said the same thing today - they would be laughed off. And that is a great thing. I would guess most geeks working at the tech giants have some part of them thinking they are doing things which really benefit humanity.

Here is a thread where you can see this in effect, when the person's motives are challenged, they become completely defensive. We want more of that. My prediction is at some point there will be serious internal conflict, which is excellent!

https://news.ycombinator.com/item?id=13868299

Once more people start making a lot of noise about this in the very places that the geeks wish to hang out, they will find themselves with fewer and fewer places to go hang out. And it will then only be a matter of time before there is a large exodus from the top companies to the more obscure companies - those which can't do much damage simply because they are too small.

At that point, both outcomes would be favorable - either things get so bad that the tech giants implode from internal conflict and external competition, or they will change their behavior so that they can continue to attract the developers who actually care about these things.

Or it could go in the exact opposite direction because everyone stops caring, in which case we are all just completely screwed :-)


I would like to believe you are correct but being the cynical Eastern European that I am, and having a big experience from watching our corrupt governments get away with everything, here's what I think will happen instead:

(1) Companies will become better at deceiving their employees they are not evil, not eliminating small competition, and that they care about privacy and diversity. Many younger devs are as naive as cocker spaniel pups and will easily buy any corporate propaganda.

(2) How will there be an exodus to smaller companies when the giants do their very best to kill competition? Google is known for buying an emerging company in a certain area then quietly shut it down but still keep patents and knowledge for the future, being one prominent example.

(3) People become more and more indifferent every day, I feel, even on HN. I know I am in that group as well. The people who want the internet to be a controlled environment are, as of today, much too powerful and very, VERY persistent. Plus it's not like you can just sue; for a long time now it's not about justice, it's about who has the deeper pockets for lawyers. And that's not you and me.

IMO we're headed for a pretty classic cyberpunk future. I kind of hoped that I will die before that but at the rate things are going... It's pretty scary.


No offense, but you should act the opposite way, if you feel the world is that wrong, think and act

For example here, there is a good example in France there is fdn, an association of very smalls internets providers, they are not companies, but associations,

What if everyone could make an internet provider with no motivation in financial profits...

Maybe it will be a bit more expensive, because it scale less, but trusting you internet provider is priceless.


>Now, I just want to leave my phone at home and go ride my bike.

I understand your sentiment; it sucks.

One can still do stuff that doesn't need net access, computing is a very broad field, not limited to the internet. Or one can search for technological fixes that make it harder to snoop on us ....


Kids love their you tube, god bless them.


Before anyone races in with a suggestion to use a VPN service, I STRONGLY suggest that you consider running your own self-hosted server instead. There is a great set of Ansible scripts to do just that right here:

https://github.com/trailofbits/algo


VPN question. If you take out a credit card and pay for a cloud solution (aws,etc) and run this software, isn't your identity clearly tracked back to you via your one exit ip? It seems if you want to use VPN services you would want to be in a pool of users with many exit nodes - and have deniability?


Algo's stated goal is explicitly not to provide anonymity. It is to secure connections made on untrusted networks, e.g. while traveling. It will work for the use case being discussed w/r/t ISPs collecting and selling your usage info, too, because it's not about hiding who you are, it's about preventing your ISP from seeing the final destination of your requests.


It depends on your threat model. If you want anonymity, you'll have to take further steps. Self-hosting on a VPS that's linked to you protects you only from your ISP, which is enough if you're concerned about your ISP selling your traffic data. Of course, you'll need to trust your VPS' outbound ISP... but I think it's fairly reasonable to assume that consumer ISPs are more likely to sell your data than larger providers.


> I think it's fairly reasonable to assume that consumer ISPs are more likely to sell your data than larger providers.

Why? Most consumer ISPs are larger than data centre ISPs, if they're not the same company in a given region.


Because, in aggregate, random server traffic data is going to be less valuable/monetizabe than home use traffic, that can be linked to a specific person or household..


There are VPN services that let you pay in a way that can be anonymized -- like Bitcoin. You can take it one step further by using a VPN provider that does not reside in a country that is a member of Five Eyes (a spy alliance comprising of Australia, Canada, New Zealand, the UK, and the US).


So now it's at the point where we need to be running our own self-hosted servers? As a European I find it weird that America land of Silicon Valley does not fight for important issues like this. Can anyone explain?


I think you misunderstand how modern Silicon valley works. The new wave of companies is not about technology. It's about what makes money and effective marketing. Even Google which supposedly the tech lord of our generation.. is really about ads. Take away ads and Google isn't google anymore doing cool things as they will have no money for it.


Yeah, I think this is being underestimated. These hip tech companies WANT to get as much data on you as possible, so they're not raising complaints. If they can get a contract with your ISP for access to all of your requests, they can see anything you do on the net, not just what you do from Chrome and/or Android!


I think it's called corruption. Most working folks trusted that rational people were in charge and a duty to the greater good would be more powerful than self-interest. I gather this sort of thing has happened before: http://www.rome.info/history/empire/fall/


Why would Silicon Valley companies fight for tighter government regulation of what and how user data can be used for? Wouldn't you expect the opposite?


Because not all SV companies are data whores/pimps?

I know the hot new thing is to get zillions in VC funds to provide some half-assed free service, based on the idea that one day you'll have a heap of users who you can somehow milk for a profit, but once upon a time, tech companies made money by providing useful products and services that people were willing to pay for.


> Because not all SV companies are data whores/pimps?

True, but the biggest ones among them definitely are (depending on your definition of "data whores/pimps", Apple might or might not be included here).


The companies doing this are not Silicon Valley companies. They're old phone companies, more or less, that became internet companies because they owned all the cable that was already laid.

And of course the politicians passing this don't give a shit about the Silicon Valley culture or ideals; Republicans care about profits for corporations because that means more fat donations to them.


Silicon Valley culture of ideals ?

No offense, but that's the most ludicrous statement I read in a long time.

Silicon Valley is about money and power. Ideals, apart from "ideals" packed into cheesy marketing slogans, just don't play into that.


To be fair, those old phone companies just wanted to be able to do the same thing that Google, Facebook and other SV companies are already doing. So much for the "Silicon Valley culture or ideals".


Sure, I can explain it in one word: Republicans.


The idealistic conservative's perspective is that the government should regulate the minimum amount of conduct necessary to have a successful and functioning market. In accordance with free market principles, this regulation is being repealed on the belief that it does not serve a necessary function.

Before you scoff, please realize that legal restrictions are immensely heavy-handed, and very frequently abused or misappropriated. Regulations frequently accidentally overshoot their target, and they stay on the books for years. Discarding unnecessary regulations is not only good hygiene, but it may be critical to the development of some improvement or technology that the lawmakers had not conceived when the law was made.

It'd be nice if Congress was fast enough on its feet to recognize this as it was occurring and make the necessary adjustments, but it simply does not work that way; once something is law, it's very likely going to stay that way, untouched for decades or even centuries. Remember all the articles about the FBI attempting to invoke a statute from 1798 (yes, seventeen-ninety-eight, numbers not transposed) to compel the decryption of an iPhone?

For example, the CFAA passed long before the World Wide Web was a thing, but it's had an immense effect on the internet's development and continues to be misappropriated by large companies to harass small players and break their products before they get large enough to pose a threat. Another example is the Copyright Act, which, under current interpretation, considers RAM copies of copyrighted works as distinct copies eligible for protection. This means that you're potentially violating someone's copyright just by downloading their web site!

Combine these two statutes written for bygone times but very much in full effect today, and if you make the wrong person mad, you're looking at not only going bankrupt trying to figure out how to pay your legal bills, but also becoming a felon. Such was the case with Aaron Swartz, who was facing prosecution under these outdated regulations for downloading publicly-funded research papers from a paywalled database.

It should also be clarified that this repeal only removes one set of regulations, a set imposed by the FCC and that has only existed for the last couple of years. I'm not a lawyer, but somehow I doubt the issue is so simplistic that Comcast is going to open up "BuyYourNeighborsBrowsingHistory.com" any time soon. There are a variety of other laws that may apply to the legality of reselling such data, and surely these would require evaluation before the concept was greenlit. Furthermore, if Congress can be convinced that this is a bad idea, they need only to pass a new bill.

The core issue is that telecommunications services, including ISPs, are not what most people would consider a functioning free market, because 90%+ of the U.S. can not obtain comparable service from anyone besides the main telecommunication provider in their area. If they could, moving to an ISP that respected privacy without being compelled to do so by legal force would be a perfectly reasonable position to take.

The focus must be on getting our reps to solve the constrained telco market. Interestingly enough, that may also involve liberations to and/or removals of the FCC regulations around radio broadcasting, licensing, etc.

One humorous note: if we believe the most dramatic prophecies about the meaning of this repeal, the last season of South Park may be closer to real life than we think. A foreign company develops technology to uncover the complete internet history of every human and the real-world identity behind every anonymous or pseudonymous post and threatens to publicize these. Complete social breakdown ensues.


Actually, the Republican position is that the FTC (Federal Trade Commission), not the FCC, has the statutory mandate to regulate "online privacy."

In order to justify their legal authority to issue this rule, the FCC used a reinterpretation of legal terms defined in a 1934 law.

Often times in DC, the fight is not really about the end goal, it's about the path that is taken to achieve that goal. Usually, when you see literally unbelievable claims and hyped-up rhetoric, it's a sign that the situation is probably a bit more complicated than those who are making those claims are letting on. (e.g., "Republicans want to sell your, and their own, incognito browsing history because all they care about is making more money for big corporations!"). As everyone knows by now (see: TRUMP, Donald. 2016.), it's much easier to sell scary straw men than nuanced policy details. It's also a convenient way to hide what is really going on behind the scenes:

Nearly every Republican Member and Senator believes that consumers should have these exact same privacy protections!

That's right: they agree with the goals of this regulation! Broadly, these lawmakers disagree with this federal agency taking liberty with the law, especially in the Eleventh Hour of an administration. (Can you really blame them? The FCC is justifying their authority to regulate online privacy by using a law written 55 years before the World Wide Web was even invented!)

For decades, the U.S. government agency responsible for protecting consumers (ISP users) through the regulation and enforcement of online privacy rules has been the Federal Trade Commission (FTC). (see Privacy Policies, Safe Harbor, etc.). This is within both their historical role and their statutory mandate. They are the "nation's consumer protection agency."

Nancy Pelosi had two options: she could call it the "GOP Measure to Eliminate Internet Privacy" and score some (admittedly really, really, really easy) political points – or, she could try to get into a nuanced inside-baseball debate over the roles and mandates of specific regulatory regimes, and no one would bat an eye.

Easy pick for her. But that doesn't make it the truth.


There's tons of back and forth on this, but what I've heard is the reason these rules were set up by the FCC was that the new classification status of ISPs as common carriers took them out from under FTC regulatory authority.

I don't know the motives for the votes on this and afaik most members haven't commented to explain themselves. There are some particularly libertarian-leaning Congresspeople, like Rand Paul, who would clearly support it out of principle. We assume that others also support it out of ideological sympathy, and that everyone else is trying to play nice with the party leaders by going along with it.

You are 100% correct that a great deal of these legal modifications are technicalities that are touted as disasters for political convenience.

Let's not forget that the Republicans did the same thing when they pretended that the sky was falling over net neutrality going into effect, claiming that Obama was trying to "take over" the internet. Whether one agrees or disagrees with net neutrality as a policy matter, those claims are absurd.

Political parties, and especially the parties not presently in power, are always going to be trudging this type of muck up. It's very tiring, from both sides.


You're doing exactly what you accuse Pelosi of.

* The Communications Act of 1934 was substantially updated in 1996. Even if it hadn't been, age alone doesn't make a law outdated.

* The FCC classified ISPs as "telecommunications services", same as now, until the mid-2000s.

* The Supreme Court ruled in 2005 that the FCC had the authority to classify ISPs as either "telecommunications services" or "information services".[1]

* By 2010, ISPs had begun to violate the consumer protection guidelines the FCC laid out in 2005. The FCC responded with regulations, but ISPs challenged even the most basic provision: no outright blocking of lawful content.

* The DC Circuit ruled the FCC couldn't regulate "information services" that way but suggested the FCC could undo the reclassification.[2] So it did.

* ISPs sued over that too, but the DC Circuit upheld it.[3]

Is that the FCC reinterpreting a 1934 law or a court applying a 2005 precedent?

After that was settled, the Ninth Circuit ruled that the FTC had no authority to regulate common carriers.[4] The FCC published the regulations Congress just overturned two months after that.

I'll believe Republicans want the FTC to enforce these exact same privacy protections when they pass a bill giving it that authority.

[1] https://en.wikipedia.org/wiki/National_Cable_%26_Telecommuni...

[2] https://en.wikipedia.org/wiki/Verizon_Communications_Inc._v....

[3] https://en.wikipedia.org/wiki/United_States_Telecom_Ass'n_v....

[4] https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/29/1...


What is the benefit of this over using a provider like PIA? PIA claims to store no logs, and this claim is supported with evidence that government entities could not force them to turn over any logs. But if you use a provider like Digital Ocean and run your own VPN, then Digital Ocean can and will log all connections and traffic to and from the VPN, and if a government entity of any sort ever approached them for any reason (such as if self-hosting VPNs became commonplace with DO, and the NSA wanted to suck all that data up), they'd hand it all over immediately.


You place full trust in the provider of your VPN. If you'd like to use PIA, you have to trust them -- and you can make your own decisions about that. I think it's fairly reasonable to trust them based on available evidence, but it really depends on your threat model.


The threat in this model is not the government, but rather from a private isp selling usage data attached to your name.

As you are a paying customer it is not in Digital Ocean's interest to sell usage stats attached to real identities. This somehow is not the case for Comcast.


What makes you think DO logs all traffic?


They don't advertise themselves as a company particularly concerned with preserving the absolute privacy of their customers like PIA does. I admit I haven't read their privacy policy, but I'm assuming they would have no problems handing over logs, and I'm assuming they indeed keep logs (or at least are entirely willing to do so if asked to).


And here I am with the VPN solution :)

https://www.privateinternetaccess.com/pages/privacy-from-int...

Disclosure: I'm a customer but thankfully not a US-based customer (there are more and more reasons to NOT live in the US these days).


Are you an affiliate for them?


No I'm not.


Sorry, that was a bitchy question. I like PIA too, but their affiliates are notorious for spamming VPN review sites.


I don't think this is good advice unless you are a security professional or engineer and isn't a good solution for the vast majority of the country. The amount of things you can misconfigure, screw up or fail to understand is enormous if you aren't well versed. Imo, vpn service is like crypto: far better to leave it up to the pros. Rolling your own may leave you open to far worse things. The real solution is a vpn service people can actually trust.


You should read the mission statement of something like https://github.com/trailofbits/algo (linked to by parent post) before making this statement. Would you rather trust your own locked own server which does one thing very well, or a vpn service which has to provide everything under the sun in order to cater to as many customers as possible?

Edit: also https://blog.trailofbits.com/2016/12/12/meet-algo-the-vpn-th...


> Something to know about Algo: the VPN box operator, or whoever pwns it, can MitM all your TLS (!!) connections

https://twitter.com/FiloSottile/status/808355117011521537

Worth noting. I guess no solution is flawless.


Isn't one of the benefits of a VPN service that many people use its exit nodes, thus the chance of identifying you is greatly lessened?


Maybe we should all start running a script that browses random websites at random times. Seems to me that would go a long ways towards making the data collected about as valuable as a magic 8 ball. It would be even better if such a script could actually look at my real browsing history and try to generate the most confusing anti-traffic. If I search for cats it searches for dogs and birds. If I check the weather for zip code X it checks it for zip code Y and Z.


Similarly, why not have an open wifi guest network? My neighbors can use it, my friends can use it, my mail man could use it. Having a secure connection just proves YOU are the one responsible for the browsing at hand. I agree, adding random browsing completely screws the game for people that snoop.


If people use it for illegal things, your ISP can solve the problem by denying you service even if you're not held legally responsible.


Have done this for years. As long as the traffic on your network is secure(ish) I see no problem having an open network as another tool towards obfuscation.

other note...it also makes me feel like I contribute to taking money out of the pockets of the greedy US cell carriers but that is probably just an ego trip


You'll then be part of a highly sought-after demographic to receive ads for privacy-related products and services.


Seriously. Active privacy countermeasures give away that you're technology professional who subscribes to a particular ethos, with all the demographic and commercial markers that statistically entails (white, male, young, high income, influences how software is written and deployed, etc) which is what you were trying to hide in the first place.

We need them by default in a way that says nothing about the real user.


The effectiveness also depends what they're trying to gather. If they're just looking for statistical data (e.g. to sell, which is something I suspect ISPs are very interested in), the random browsing can be made to cancel out in a large enough dataset. If it's your government focusing on you in particular, they're probably more interested in forensics/malware on your clients so they can see HTTPS stuff too.


If everyone engaged in this form of counterveillance, though, wouldn't it backfire by bogging down the network with superfluous traffic?


Might that motivate the ISP to remove the incentive to take the privacy measures?


Or the ISP will simply adapt by developing ways of sorting through the noise because there's money to be made.


Run a Tor exit node.


Isn't that dangerous? I'd be afraid of random showing ups of FBI at my door.


Unless running a TOR exit node is deemed illegal, you have an almost air tight argument if they show up at your door. They cannot prove you did it beyond reasonable doubt unless they find actual evidence on your machines.


They might not be able to convict you, but that won't stop them from breaking down your door and bringing you to jail from terrorism/hacking/child pornography while you get your name associated with it in the local news.


While true, the reality is that they will seize your home computer equipment as evidence, and you'll have to fight tooth and nail to see it again. Tor exit node operators are heroes in my book.


Is it sufficient to give them cause to get a warrant and go over your machine (and possibly house) with a fine tooth comb? Because that could get old really fast.


But that means there is somewhat a risk of them even showing up and taking all my stuff. I'll rather take ads over that for sure.


More likely, websites will blacklist your IP address. Tor Project wants everyone to know all exit IPs.

The general consensus on tor-relays seems to be against running relays, or at least exit relays, at home.


Ajit Pai's career is the canonical example of revolving door crony capitalism and regulatory capture. His career is dedicated to using the US government to transfer wealth from the public to Verizon.

https://en.wikipedia.org/wiki/Ajit_Varadaraj_Pai


I hope this is the beginning of a process that will improve this situation in the future.

Not a long time ago people were completely ignorant about this subject. As companies started to take advantage and abuse the lack of awareness of general people they started to do it more broadly and publicly.

Now the idea of lack of privacy is starting to get out on the streets and make people more aware of the problem.

At some point we will be able to turn the table and a strict legislation around privacy will be put in place.

Things are going to improve, but they still need to get worse, before.


I am assuming with all the money made selling all this private data, ISPs are going to be slashing consumer broadband rates across the US and building better infrastructure!

Cheaper faster internet for all in the USA!

Wait, they don't have to lower rates, I'll go to the one of the other many ISP options I have...

Oh wait..


I do not understand. I thought that in the current climate, where people are becoming increasingly aware and concerned about privacy, that such laws would be expanded in scope. But here, the law is being repealed.

Additionally, I find the implications of this kind of admission to be astonishing: Last year, the Federal Communications Commission pushed through, on a party-line vote, privacy regulations designed to benefit one group of favoured companies over another group of disfavoured companies. That's a pretty huge statement, made in a business-as-usual kind of way, that calls into question the overall integrity of the FCC.


The FCC is full of sincere people who want to do the right thing for the public interest. This move comes from above the FCC.


Ajit Pai, the chairman of the FCC, is not doing anything for the public interest.


The head of the FCC explicitly wants to remove net neutrality


> The FCC is full of sincere people who want to do the right thing for the public interest.

No, it's not.

2/5 full (and, a few months ago, 3/5 full) you might have an argument for.


> I do not understand. I thought that in the current climate, where people are becoming increasingly aware and concerned about privacy, that such laws would be expanded in scope.

It's very simple. The government is not working towards our interests, but their own.

That applies to every government everywhere, all throughout history, because all governments are populated by psychopaths.

They don't want you to have any privacy at all. Instead, they want to monitor everything you say and do, because it helps them maintain their rule over you.

Red Pill: https://www.youtube.com/watch?v=ngpsJKQR_ZE&t=8

Oh and by the way, this account will be shadowbanned, because HN is controlled by psychopaths too, and anti-government (=pro-sanity) posters are censored out.

One more thing. You're being told about a "privacy law" being scrapped, because they want to advance "the chilling effect". They want everyone to be afraid of speaking out, as the budding police state engulfs them.

You could look into moving to some less scary country.


I wouldn't use the word "psychopaths" but outside of that, I feel HN lately is populated by people who are overly optimistic about the USA governmental organizations -- or refuse to be realists, pick one.

Still, you don't have to use such an extreme language. I too agree USA is becoming pretty scary, but "corrupt" is probably a much better word than "psychopaths".


So using the word "psychopath" is "offensive" or something? :D

Give me a break.


Offensive? No, not what I meant. I meant that your argument loses part of its credibility by using it. :)

Doesn't matter thought because I overall agree with you.


Worth making a shout-out to the independent ISPs that opposed the change (including the Bay Area's own MonkeyBrains & Sonic).

If you're lucky enough to have one, support your local ISP!

https://twitter.com/monkeybrainsnet/status/84658580913846272...


If anyone in Portland, OR is looking for an ISP that will respect your privacy, you might try reaching out to Stephouse (https://www.stephouse.net/).

I recently switched to them from Comcast, and this news makes me all the happier that I did.


I am reminded of a conversation with a Russian-born Valley-based venture capitalist. I asked why Silicon Valley seems less politically organized, and thus influential, at the grassroots level than New York City.

"New York is closer to D.C.," she observed. But that doesn't explain why the average person from Silicon Valley has less influence than, say, from Los Angeles.

We're Alan Turings, she said. Turing wanted to be left alone to make things. Unfortunately, his government didn't see similarly. First, with World War II and later by prosecuting him for his sexual orientation. Being able to be left alone to make things is a luxury, a delicate balance almost unprecedented across human history.

We will lose the privilege if we refuse to defend it. Please donate to the EFF [1] or the ACLU [2]. Call your Congressperson [3] and Senator [4]. Get to know their aides. Let your Attorney General [5] know you care about this.

[1] https://supporters.eff.org/donate

[2] https://action.aclu.org/secure/protect-rights-freedoms-we-be...

[3] http://www.house.gov/representatives/find/

[4] https://www.senate.gov/senators/contact/

[5] https://oag.ca.gov/contact

Note: this comment recapitulates an earlier one [I]

[I] https://news.ycombinator.com/item?id=13963777


Ask your ISP. Show them this matters to you, enough to cancel your contract. I asked mine (PAXIO in the Bay Area) and they said they have no plans to sell any customer data.


The problem with America is there is no competition in most areas. When there is it's usually just two big providers you're stuck picking between and they will both tell you to sod off. If this were many other parts of the world that have dealt with the monopoly problem correctly, by splitting the provision of wholesale last mile service from the retail ISP service there could be a market overnight for ISPs that respect your privacy. But we don't have that. We have a vertical monopoly. That means we need regulation to protect consumers. But now we can't rely on regulation either.


Good thing all these pro-business republicans are all about competition and marketplaces! /s


> it's usually just two big providers you're stuck picking between

Is that the logical endpoint of capitalism? Becoming so successful that competition is obliterated? There are no real checks and balances working against monopoly/cartels these days.


How nice you can do that. I'll just call 1-800-COMCAST and see what they have to say. I mean, if I cancel, I guess I can get DSL at a tenth of the speed maybe.


Then do it.


How will you know if they do start selling the data. Plans change when someone comes knocking with a large bag of cash (theoretically).


"they said they have no plans to sell any customer data."

WhatsApp said that too. When they change their minds, it will be too late.


So, ISP's can sell your data now. The few who use VPN's or other methods to obfuscate/hide their data are a rounding error, big ISP won't care at all because the barrier to entry is at the moment much more complex than installing an adblocker, not to mention, the immediate impact is not so apparent to the average user.

What gets me, in the world we live in data is king, now that the ISP's can use this data, surely they could sell it, but what's stopping them from looking at googles throne?

Google at the moment leverages the data they gather from their services, but your ISP has _everything_

Am I missing something here, or does the endgame look like the issue will be what ISPs choose to do with this data in house rather than out of it.

Not to mention, do they also no longer need to disclose when they suffer a data breach or am I mis-remembering?

All this together looks like it ends with gross oversteps in the use of data by your ISP, not to mention they will do the [three letter agency of choice]'s job for them, all they need to do is find a way in.


> Google at the moment leverages the data they gather from their services, but your ISP has _everything_

...which is surely part of the reason Google is pushing so hard to encrypt everything.

(I'm not saying there aren't altruistic reasons too.)


If there would be altruistic reasons, Google would push for end to end encryption - however they try very hard to be the man in the middle - looking at your searches, mail, location, everything.

And they make it worthwhile for you to give them data because they pay in features - Gmail search works beautifully, just try web Outlook to see how hard is to get it right; maps works so well that I can't even name a competitor.

What benefit will consumers get from ISP sharing their data? None, obviously.


Google does push for end to end encryption. And why should they try to be the man in the middle when they are the man at the end anyway?


Can we not just have some representatives browser history leak and blame it on this?


Dane Jasper, ceo at Sonic in the bay area has a good track record around privacy...so far...https://corp.sonic.net/ceo/category/privacy/


Can states enact their own law? California maybe?


This might be deemed a federal matter, as it involves transactions across state lines.


I think it's possible, for example, this seems to be in a related area:

https://consumercal.org/about-cfc/cfc-education-foundation/c...


May be a good time to reconsider that move abroad. There are quite a bunch of places that still cherish privacy or don't even bother about privacy (so you run your own infrastructure as you like), while you still get to conduct your business reliably. With an Internet connection and a few good bank accounts (and of course a BTC wallet), you can be anywhere these days and still accomplish so much. But you must be willing to be quite flexible about your worldview and learn.


I think there is a hope in free software companies. I am working at one nowadays and we are breaking the law almoust daily and get sued with similar frequency. Now we are installing Lye transmitters into any village which is interested communicating via satelite to bring the internet there. Becoming your own ISP solves the problem right? If we see increase in such behaviour the problem might disappear. Because the future is distributed


Would you mind sharing which company by the way? What you posted is really interesting.


Seems like one could write a program that continuously (with some sleeping of course) hit random websites in the background. This would hide the "signal" of the sites one is actually browsing. The ISP's data would be much less valuable. The solution to pollution is dilution. I wonder if an approach like that would sufficiently cloak one's data and sufficiently screw the carriers.


Isn't this in conflict with the fourth amendment? Does the US constitution permit this practice?


Whether or not the constitution permits it doesn't really matter, because it's clear that nobody wants to enforce the law against Comcast or Verizon.


I was told that it can matter if the practice is challenged in court


Where is the anger the article refers to? Literally none of the big tech executives who have a voice have spoken up about this. I am not sure we minions count for anything anymore.


Honestly, it is for the good. Let it burn. I am hoping for a phoenix.

I met a guy who started a bakery instead of a web startup as he was worried about patent trolls & being bullied by the big companies.

The internet is today over commercialized and it cannot be relied on for accurate information thanks to fake news.

I am reminded of a quote by Jeff Hammerbacher: ‘The best minds of my generation are thinking about how to make people click ads… That sucks.’.


I am waiting for the day a cheery Russian teenager leaks all of the browsing history of several USA senators.

Nothing motivates politicians more than them being directly affected.

As ironically amusing such a story would be, I don't think they'll draw the right conclusion however. They'll probably push for more laws "against terrorism" and will not see such an accident as a proof of how much of a slippery slope the killing of internet privacy is.


I have a question. Right now I'm using a cheap $3.49 VPS and it is located in Beauharnois, Canada. How are the privacy laws in Canada? Better than US or worse? Is there anything else I should know?

PS/PSA: It was the best value with unlimited internet I could find. It was the cheapest option from OVH. Cheapest, considering I wouldn't have to worry that the company would shut down. Latency isn't terrible actually.


You should assume that every thing that happens in the US is happening in Canada. As a member of the Five Eyes, the G7, and G8, our policies are closely linked.

I believe that Canada's ISPs might have stricter data protection laws, but really you should have been using a VPN well before this latest policy change.


If you have some ssh server somewhere (who hasn't), you can very easily use 'VPN over ssh' by calling:

sshuttle -r user@remote_host 0.0.0.0/0 --dns


I don't use it myself, but could the technology behind the tor network [1] (or the product itself) be used to counter this?

1) https://en.wikipedia.org/wiki/Tor_(anonymity_network)


Yes it can be used, but beware, your ISP WILL know that you are using Tor, so there's that.


They'll know you're using a VPN too.


The only difference between allowing the postal and waste industries inspect what they are hired to deliver, log and sell those logs to whoever pays and allowing the Internet pipe industry from doing it is that it's much cheaper for the Internet pipe business to do so.


Were there any ISPs who did not, if not fight the measure, not overtly support it? Wireless carriers?


But why should Google be allowed to share your data but not ISPs? Not that I love this move but the reasoning does resonate, or at least make me question if the former law really did anything at all or if FB/Google lobbied it through to stifle competition.


1) Yes, Google has a lot of services, but you can avoid them. Admittedly it's challenging but it's doable. For many Americans, choosing a different ISP isn't "challenging" so much as "impossible".

2) Google doesn't sell your data to third parties. This is a big one. They make money by showing you ads and reporting to the advertisers that they did it. Nobody else gets access to your data, and Google goes to great lengths to lock it down and prevent unauthorized access. Do you trust every company your ISP will sell the data to?

3) Google itself has ways to opt out temporarily for highly sensitive things, like with an incognito window. Can't do that with an ISP.

4) You generate a lot of traffic that Google has nothing to do with. Do you have an iPhone? Do you use a laptop other than a chrome book? Have a gaming console? Use a non-chrome browser? Your ISP will inhale all of this.


Great points. I'm personally tying to avoid Google services as much as possible, but I guess I was thinking in a more general context. Even so, your points still stand. (Small obligatory remark: incognito is entirely client side.)

The silver lining might be, considering your ISP can now access your data, that maybe the culture will shift and people will take online privacy a little more seriously, both applicastion and services providers and users. Maybe people will stop sending user analytics in plain text all the time. Maybe people will expect tls everywhere. Maybe a layer 3.5 overnet will emerge..


False equivalence.

Google doesn't share or sell your information. This is a common misunderstanding. No advertiser can identify you individually. Rather you're an anonymous part of a large group with certain characteristics specified by the advertiser. Google also allows you to opt out of targeted advertising. Finally, Google's philosophy is that it will release PII data of its users over Google's dead body.

In comparison, ISPs can share "precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications”.

There are powerful financial interests at work here. I think this is going to be a common way to swerve the conversation away from the heart of the issue.

Disclaimer: used to work at Google.


It might also be another thing if major ISPs didn't have protected monopolies and we could speak with our money. But most of us can't.

Not trying to swerve any convoys more just trying to figure out how the head of the FCC could possibly in any way rationalize this without assuming loads of money changing hands. Sigh.


By choosing to use Google you agree to their privacy policy and terms of use. Most people don't have the choice of ISP, they are stuck with the one their city allows in their neighborhood.

Also, stop using Google as a distraction.


It's not a distraction think of the question as a general: why should service X be allowed something that service Y is not? There are still really good reasons why X != Y (or conditions that would cause seemingly equivalent X and Y to be evaluated differently). Perhaps the FCC needs more education on the subject. But more likely there is absolutely no rational rationale behind this action.


Google is a de facto monopoly.


No, it's really not. There are alternate search engines like duck duck go and bing, alternate email providers, photo sharing services, etc etc.


There were alternate operating systems in the 1990s, but Microsoft was still found to be exercising monopoly power.


Last I checked, I pay my ISP over $50 a month for their services - services they happen to have a monopoly on in my area. Comparing them to a free website is absurd.


I asked this is in the other thread on this topic, when did the Obama-era rules emerge? If anyone has the bill info that would be ideal. I've been trying to find stuff on google but it's flooded with the current news.


2015-03-12. This is rolled into the FCC's implementation of net neutrality. (wileyrein.com/newsroom-articles-3501.html)


So what's the best VPN that doesn't store or sell their user data?

Surely a new business opportunity if there isn't one good enough to recommend for privacy.


I like Private Internet Access for most uses (the inline adblock is particularly nice as a way to save data on unrooted phones), and NordVPN for things like Netflix, or easy dual-VPN. Been using them for a while, they're both great.


I like Private Internet Access. The're usually ranked pretty high by privacy advocates and they don't keep logs.


P.S. just found out about PIA's full-page ad in NYT: https://www.reddit.com/r/pics/comments/61ns2w/private_intern...


See https://thatoneprivacysite.net/

Ones that have been around for years and widely trusted: AirVPN, BolehVPN, Insorg, IVPN, Mullvad, PIA.

Disclosure: I write stuff for IVPN.


https://www.f-secure.com/en/web/home_global/freedome

Finnish privacy laws are really strong.


I use (not necessarily an endorsement) BlackVPN. I like that they are based Hong Kong, and not the US or a US-friendly country.


You somehow trust China better?


China likely lacks any kind of legal authority over him.


Get your own VPN server. Convince your friends to get the same and just share resources with them. Mini VPN company :)


Is there any hope I'll be able to find a major ISP that doesn't sell my data? (Google Fiber, I wish?)


Is there a way to opt out explicitly by requesting the ISP not to share your data?


Sure. Cancel service.

Or use a VPN.


Hey Google, when all email providers sucked you fixed it with Gmail, you run a DNS at 8.8.8.8, and now -- now, I think you know what you need to do now :)

(I personally recommend you also do a web-based proxy, because who is going to filter https://www.google.com now or in the future?)

I believe in you. You can do it!

Counter this chilling effect today - and show more adwords as a result. (There is no irony in this statement. I mean from web sites that opt into adwords, not from selling VPN traffic logs.)


I'm pretty sure throwing our political weight behind corporations play-acting benevolence, instead of actual reform, is how we ended up here.


I'll take what I can get :) The damage is done and I think Google should help route around it.

Of course I agree with you that attacking the policy is also very important, but people still have to use the Internet every day. I'm not asking Google to do this as a policy statement - but as a practical matter. They can solve this problem for users by running a VPN for everyone and also web proxy via https://www.google.com which nobody could really filter.

This does not take away from the importance of attacking this policy.


Does Chrome's Data Saver (which at least routes HTTP requests around your ISP) count as a start?


from your description, sure. It just needs to do something bigger. :)


And hope the VPN isn't selling the data, also. Pretty bad news for everyone involved.


My ISP Comcast has the following in its privacy policy. I hope this clause stays the same - then you can opt out :)

--- The Cable Act authorizes Comcast as a cable operator to disclose limited personally identifiable information to others, such as charities, marketing organizations, or other businesses, for cable or non-cable “mailing list” or other purposes. From time to time we may disclose your name and address for these purposes. However, you have the right to prohibit or limit this kind of disclosure by contacting us by telephone at 1-800-XFINITY or by sending us a written request as described below under “How do I contact Comcast?” Any “mailing list” and related disclosures that we may make are limited by the Cable Act to disclosures of subscriber names and addresses where the disclosures do not reveal, directly or indirectly, (i) the extent of any viewing or other use by the subscriber of a cable service or other service provided by us; or (ii) the nature of any transaction made by the subscriber over our cable system.


I wouldn't be surprised to see this quickly changed to differentiate between cable and internet.


True.

But consider that many major ISPs supported this unpopular change. Why didn't they fear backlash? Well, outside large cities, there isn't much competition among ISPs. And even when there is, there may be no privacy-friendly options.

Conversely, VPN services compete on privacy and speed. VPN services that pwn users will likely get called out in communities like /r/VPNs. And there are resources like https://thatoneprivacysite.net/ that rate VPN services.


There isn't much competition among ISP's in large cities, either.


Do they carve by block/building?


VPN to a physical box in a colo. Pay for the colo under a business name that you own. This covers most of the bases.


Who needs privacy as long as you have guns.


But they have bigger guns, no?


A great time to start using Opera browser with their free built-in VPN

http://www.opera.com/computer/features/free-vpn

Disclaimer: Worked at Opera ~5 years ago which is why I'm familiar but no skin in the game now.



Do people actually care? Https makes only reveals the domain not the content. Google/Facebook collect way more information. Everyone keeps using them.

If given the choice of targeted ads vs an extra $30 a month I suspect most people would choose targeted ads.

Edit: remember downvote if you disagree


Difference is you can choose not to use them.


If someone chooses to use Facebook then why would they care if their ISP did something similar.

I have never been harmed by targeted ads. Maybe someday but right now they just provide a bunch of free services.

Not to be pedantic. If you don't stream video or audio then a mobile connection is a viable alternative.


Do you honestly think your ISP bill is going to drop $30...Or do you think they sell your data and pocket the $30?


AT&T literally did this. They charged users $30 more to keep their privacy.

http://fortune.com/2016/09/30/att-internet-fees-privacy/


It wasn't a law passed by Congress and signed by the president... It was a regulation. There is a difference.


What difference are you talking about? A regulation is based on law passed by Congress and signed by the president.


He's differentiating between a rule put forth by an administrative agency like the FCC, calling it a "regulation", as opposed to a law passed through conventional means. Laws are sometimes considered "more valid" because they've, at least hypothetically, been through the process designed to allow the people's voice to be manifest on them (approval from elected reps + elected prez), whereas rules put forth by agencies are promulgated by unelected presidential appointees and their staff.

You are correct that in the general sense, the term "regulation" applies equally to laws intended to restrict some commercial behaviors as well as rules put forth by agencies with regulatory powers like the FCC.


There is a semantic difference between a law i.e. something passed by Congress and signed by the president versus a regulation promulgated by a regulatory body. That regulatory body dervies it's power to regulate from law. But in a purely technical sense it is not a law.


There are multiple categories of things which have the force of law. Referring them generally as "laws" is acceptable when technical hair-splitting about their precise origin is unnecessary.


> will soon no longer need consent from users to share browsing history with marketers and other third parties

This is a lie — "fake news", if you will. This congressional action cancels an upcoming change in policy: it maintains the status quo, and therefore "no longer" is not an accurate characterization of the situation.


You don't know what you're talking about. The rules went into effect January 3rd: https://www.federalregister.gov/documents/2016/12/02/2016-28...

They used the Congressional Review Act to strike it down, which requires that it be a new federal regulation: https://en.wikipedia.org/wiki/Congressional_Review_Act

The CRA includes this, too, so the FCC can no longer do anything about it without a new law passed by Congress:

Once a rule is thus repealed, the CRA also prohibits the reissuing of the rule in substantially the same form or the issuing of a new rule that is substantially the same, "unless the reissued or new rule is specifically authorized by a law enacted after the date of the joint resolution disapproving the original rule"


Please read your source more carefully:

> Effective January 3, 2017, except for §§ 64.2003, 64.2004, 64.2006, and 64.2011(b) which contain information collection requirements that have not yet been approved by OMB.

The section in question in the article is 64.2004. It did not go into effect on January 3.


Well, it looks like I don't know what I'm talking about.

The CRA still ensures it will never come to pass, in any form out of the FCC, and I guess the clauses on data security and breach notifications are considered acceptable collateral damage here.


AT&T and Verizon have already shown willingness to sell use browser data via supercookies http://techmeme.com/search/query?q=supercookies&wm=false, and the reason they backed off is because the FCC showed it had a spine. There is every reason to believe ISPs will begin these practices again (without requiring opt-in) because these rules have been lifted and Ajit Pai-led FCC is very different from Wheeler's... and there is very little reason for ISPs to fear losing consumer trust because of monopolies/few local high speed options


Okay. None of that contradicts my claim or makes this article any less untrue.


it does contradict your claim though

> it maintains the status quo

No, it reverses the status quo.

The "status quo" was that the FCC would regulate ISP's sale of consumers' data. There is now a climate for where we were before these rules were passed, ala: a business can be built upon schemes like supercookies without opt-in and other dark patterns


You are deliberately misrepresenting my statement in order to cover up your own misrepresentations: in context, I was referring to the status quo of the law (or executive rules, I don't know if we're calling those laws this week or not). This is evidenced by my immediate reference to the phrase "no longer [need]"; not "no longer feel pressured" or "no longer take precaution" or "no longer desire", but no longer "need", i.e. be compelled by law.


No, wrong again. The resolution prohibits the FCC from making rules like this in the future, so the legal climate itself is different. The threat of regulation doesn't hang over this shady-ass business anymore, and things like this don't happen in a vacuum. Your "fake news" claims are the greatest "misrepresentation" in this thread


It restores a prior status quo that was well through the pipeline to being inoperative--thus, "voted to repeal". The status quo is that this was ending, and changing that literally required an act of Congress and the president's signature. There's nothing fake about this news, it's perfectly accurate.


It is an error. "Lie" implies that the false statement was made deliberately, and we have no evidence to suggest that.

Sometimes news stories contain inaccuracies. It happens. Then corrections are issued.


And "error" implies that the false statement was not made deliberately, and we have no evidence to suggest that either. So you're not being very truthful yourself.

EDIT: I chose "lie" because to make such an obviously false statement accidentally would be a huge mistake for such a trusted organization as BBC; therefore I judged it far more likely to be a deliberate deception. Obviously there's room for interpretation. We'll see if it's ever "corrected".


> I chose "lie" because to make such an obviously false statement accidentally would be a huge mistake for such a trusted organization as BBC

That is a very optimistic view of news gathering. The BBC makes mistakes all the time. So do all other news organisations.

This error could be a deliberate lie, but to what end? What does the BBC gain by incorrectly describing American consumer protection as existing when they are actually only proposed? I know we live in era of conspiracy theory but I'm struggling to see this one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: