
AT&T Charging Customers to Not Spy on Them - jeremynixon
https://gigaom.com/2015/02/19/dont-let-att-mislead-you-about-its-29-privacy-fee/
======
Taek
$30/mo for AT&T, $10/mo for Facebook, $25/mo for Verizon, $35/mo for Google,
but the rest of the companies tracking you don't offer this feature, so are
you even protecting yourself? Reminds me of how Germany got around the Maginot
line by going through Beligum.

You can't set a precedent of paying for privacy because you can't pay everyone
who can spy on you. All it takes is for one reasonably frequently used service
(credit card, Amazon, AdWords) to refuse to respect privacy, and you are back
to square one.

Privacy is not something a single company can successfully sell you by paying
other companies not to spy. It can only be obtained by making spying expensive
and difficult. (Perhaps with cryptography, perhaps with legislation, perhaps
through some other means)

~~~
username223
> It can only be obtained by making spying expensive and difficult.

Yes! The only real solutions are client-side: IP-block trackers and encrypt
your connection. The "please, sir, can I have some privacy" nonsense of do-
not-track headers and IAB opt-out pages needs to die.

~~~
Silhouette
_The only real solutions are client-side: IP-block trackers and encrypt your
connection._

Even those actions have limited value as long as you have any other reasonably
reliable signature as you navigate the Web. Anyone with a static IPv4 address
for their home computers does. Anyone with a browser that will allow queries
for a bunch of collectively-almost-unique properties of the host system does.
Even certain standard web protocols inherently act in this way when used for
their intended purpose.

That means almost the entire web-using population is carrying around at least
triple signature information, and if too many people start to block ads and
trackers served via third-party systems, the major networks providing those
things will just move to a model where sites hosting their ads act as proxies
and serve the content from their own domain, which if anything would be
slightly worse for privacy.

This risk will remain until we get fixes for each issue I mentioned above.
Leaving aside TOR and the like, we could move towards dynamic and rapidly
rotating IPv6 addresses as points of origin with sufficient ISP support.
Browsers could then close the other loopholes, but some of them will be
difficult to fully eliminate and keep eliminated without compromising the user
experience, because unfortunately some features that are useful for legitimate
purposes are also inherently leaky.

------
TrevorJ
I was an AT&T customer for about 6 months. I really cannot overstate how
terrible they are. I've never had any desire to seek power, but dealing with
them made me wish I could be dictator for a day just so I could dismantle the
company.

AT&T is a Frankenstein of a company that is simply chewing through customers
with a horrific combination of incompetence, and actual malice.

~~~
ninv
45 days before my contract expires with AT&T, i signed up a new service with
T-mobile, i also ported my number to T-mobile.

With in a week, i got 150 bill for breaking the contract. I argued that i
never asked to cancel the service. I want to pay my last month bill and
complete my contract.

Nope!

AT&T cancelled my service because i ported my number. I ended up paying them
150$ just days before my contract expires. No prorated no discount.

Never ever going back to anything related AT&T. Never.

~~~
sigzero
I would have to side with AT&T there.

~~~
Dylan16807
Because they wrote a contract that says you can't pay them for 'service' for a
ported number?

Because they wrote a contract that says you have to pay them more than the
remaining months of full-price service if you leave them?

Why would you side with that?

~~~
adekok
> Why would you side with that?

Because the letter of the contract and law is more important than
reasonableness or ethics.

~~~
Silhouette
If the law in your jurisdiction requires more than payment of actual damages
in this sort of situation, then I would argue that your law is broken. Clearly
those damages can not exceed the full cost of the original plan plus any
actual costs of dealing with the early transfer, so a bill for 100+ bucks is
just a shakedown, pure and simple.

------
wmf
Offsetting the cost of Internet access is one thing, but I doubt that’s what
AT&T is doing. They can’t be getting $29/month from your browsing habits, so
it amounts to an artificial penalty reminiscent of non-prorated ETFs.

~~~
GhotiFish
Exactly, this is a political game. "See? People arn't paying for privacy, they
don't want it.

I don't pay everyone I meet a dollar not to mug me, it's nonsense their
customers have to do this.

------
Evolved
If AT&T is using this for advertising then I wonder what net effect it would
have to take advantage of the no data cap on home Internet and serve them up a
heaping helping of contradictory data. If you automate a process to search
anything and everything (within reason) then their targeted advertising
becomes...nonspecific advertising.

Amazon goes to AT&T to ask what users are searching and buy that data -> AT&T
says they're searching everything -> Amazon stops writing checks to AT&T since
this does them no good as far as choosing what to sell to which individuals.

------
username223
A VPN solves this cheaper for me (until AT&T MITMs the root CAs, anyways), but
I'll have to keep an eye out for my less tech-savvy friends and relatives.

~~~
corv
What is the point of getting gigabit internet in order to slow it down with a
VPN? Now the onus is on the VPN provider not to track you.

~~~
username223
Yeah, the slowdown is a bummer, but it's still fast enough to torrent the
Daily Show on weeknights ;-). And there are lots of VPN providers, so if one
starts spying on me, it's easy to switch to another. For internet access where
I live, I'm stuck with Comcast, Google at the Starbucks, or carrier pigeons.

~~~
revelation
Instead of using a VPN provider, I can recommend using a dedicated server. You
can use a VM from DigitalOcean or others if you prefer those, I personally use
an Atom from OVH for just 4Eur/month, which in some cases is outright cheaper
than a VPN, too.

Plus of course you get the plenty of disk space and 24h computing a server
gives you. Great learning tool, too.

~~~
corv
Dedicated servers are great but having a fixed IP address is not going to help
against tracking unfortunately. I can also recommend OVH/Kimsufi and Hetzner.

------
hwstar
If these AT&T shenanigans is the way very large businesses are run in America,
than there needs to be legislative reform, as those ways of running a business
are parasitic. I believe that the incentives need to change for corporations.
(B-corps are a good start). Businesses should exist not only to please
shareholders, but to delight customers as well, and to solve a problem that
customers need a solution for. Rent-seeking should not be allowed under any
circumstances, and there should be tax penalties in place to discourage it.

------
jdavis703
What if AT&T offered a $29 discount instead for opting in to ads? I relize its
just rephrasing the issue, but it's kind of like I can become a member of my
grocery store's "club card" to save money in exchange for them spying on my
purchasing habits. I of course chose not to participate, but some don't mind
giving up their privacy for the right price.

~~~
axaxs
FWIW, at Kroger and probably other places, just ask for a card and tell them
you're in a hurry and will fill out the form at home. Of course, never do
that. Been using mine for years. I see it as a win win, they could probably
get interesting correlations from my buying habits, but have no idea who I am.

Of course share phone numbers work too, as another poster mentioned.

~~~
techsupporter
> but have no idea who I am.

If you pay with a credit or debit card in your own name when using that card,
the store very much does know who you are.

Target dispenses with the entire loyalty-card-and-discount idea to just match
by payment data.

~~~
callesgg
it is not allowed to use the information on cerdit/debit cards for anything
but payments.

~~~
techsupporter
Not allowed by whom? The New York Times documented, in its famous "Target knew
someone was pregnant before the rest of the family did" article, that the non-
numeric information is used:

"Whenever possible, Target assigns each shopper a unique code--known
internally as the Guest ID number--that keeps tabs on everything they buy. 'If
you use a credit card or a coupon, or fill out a survey, or mail in a refund,
or call the customer help line, or open an e-mail we've sent you or visit our
Web site, we'll record it and link it to your Guest ID,' [Target Stores
statistician Andrew] Pole said. 'We want to know everything we can.'"

[http://www.nytimes.com/2012/02/19/magazine/shopping-
habits.h...](http://www.nytimes.com/2012/02/19/magazine/shopping-
habits.html?pagewanted=1&_r=2&hp)

~~~
kevin_thibedeau
This isn't isolated to Target. Long time data aggregators like Acxiom collect
electronic payment records on everyone. Incidentally, they perform contract
work for the NSA which undoubtedly has unlimited access to Acxiom's entire
dataset.

------
X-Istence
I'll take the plan that is cheaper, and run a VPN to a VPS somewhere. Good
luck intruding on my web browsing.

------
myrandomcomment
Write a program to parse a dictionary file, enter a word into google, click on
the first link. Rinse wash repeat. When you reach the end of the dictionary,
start over and click on the second link, etc. run this all the time in the
background. Raise the noise floor so high that all data is useless.

~~~
DanBC
There are extensions that do that for you. They're generally hopeless:
providers could probably easily tell real traffic from false traffic; and you
pollute your bubble making ads and search results weird.

[http://cs.nyu.edu/trackmenot/](http://cs.nyu.edu/trackmenot/)

[https://addons.mozilla.org/en-
us/firefox/addon/trackmenot/](https://addons.mozilla.org/en-
us/firefox/addon/trackmenot/)

------
Animats
Apparently AT&T offers much better pricing if you bargain. [1]

[1] [http://stopthecap.com/2013/12/04/how-to-score-a-better-
deal-...](http://stopthecap.com/2013/12/04/how-to-score-a-better-deal-with-
at-28mo-for-18mbps-33mo-for-24mbps/)

------
swayvil
Well they charge you extra for food that doesn't have any poison in it, so
it's only fair.

------
dang
Url changed from
[https://www.schneier.com/blog/archives/2015/02/att_charging_...](https://www.schneier.com/blog/archives/2015/02/att_charging_cu.html),
which points to this. It points to a couple of articles, but this one seems to
have the most information. We kept Schneier's title since it's more general.

------
wantab
ATT was just kicked off the Dow Jones Industrials so, as a sagging, old
company, they gotta make money somehow.

------
ldl033
At least they give the option unlike google fiber

~~~
msabalau
Do you have evidence to present that Google Fiber is using the deep packet
inspection referenced in the article? Because they make it clear that they
don't here:

[https://fiber.google.com/legal/network.html](https://fiber.google.com/legal/network.html)

Also, you created your account two minutes before posting this claim?

~~~
pdkl95
You doubt this? When Google's _entire business model_ is based on
surveillance? Even if they are not logging everything _now_ , they will be.

Google's standard tactic has been to offer some service that is enticing, that
"just happens" to put them in a position to log massive amounts of data. They
do it with analytics, they do it with email/IM, they do it with DNS, and every
other service they offer. Each one gives them access to a new type of data
they can log. Are we supposed to believe they will suddenly run ISP services
differently?

~~~
magicalist
> _They do it with analytics, they do it with email /IM, they do it with DNS_

Send a lot of cookies with your DNS queries, do you?

DNS has this page[1]. Analytics uses first-party cookies, not google ones. The
best they could do there is associate it all with an IP address, which would
be a bad way to associate data and still leaves the question of what they
would do with it at that point. Customize the ads only for that IP address?

[1] [https://developers.google.com/speed/public-
dns/privacy](https://developers.google.com/speed/public-dns/privacy)

------
dferlemann
I don't know. It seems reasonable to at least provide the options. It sort of
like paying to get rid of Ads on the apps, except it's privacy, much more
controversial. I bet there are people think privacy is non-negotiable,
labeling it with a price somehow stains it. Unfortunately, the real world just
does work like that way.

~~~
pdkl95
We've been down that type of road before, and it always ends with the "option"
being made into a "Hobson's choice"[1] due to the inherent power imbalance.
This kind of free-market solution only works when people can _and do_ freely
choose between options. With an ISP, most people will be stuck with "whatever
the local ISP offers" or not having internet.

This is why there are various rights[2] that we have created laws saying you
cannot negotiate them away. Without these restrictions we got things like
indentured servitude. Unfortunately, the law hasn't yet kept up with the
changes in technology.

[1]
[http://en.wikipedia.org/wiki/Hobson%27s_choice](http://en.wikipedia.org/wiki/Hobson%27s_choice)

[2] and privacy absolutely IS a _human right_

~~~
dferlemann
What do you propose as a solution to Hobson's choice?

~~~
pdkl95
Regulation. Specifically, as I somewhat implied, business doesn't get to ask
people to give up privacy, for similar reasons to why you can't ask people to
sign contracts that give up various other important rights. Any alternative to
this needs to bring along liability for anything that happens to someone's
important privacy rights.

For ISPs, we already have a model that we _should_ be using: common carrier.
It may need adaption to the realities of ISPs, but the basic idea that you get
certain immunities if you _only_ provide transit.

Dan Geer was talking about network neutrality, but I believe his solution
should apply to privacy as well when he explained[1]:

    
    
        Channeling for Doctor Seuss, if I ran the zoo I'd call up the ISPs
        and say this:
    
          Hello, Uncle Sam here.
    
          You can charge whatever you like based on the contents of what
          you are carrying, but you are responsible for that content if it
          is hurtful; inspecting brings with it a responsibility for what
          you learn.
           -or-
          You can enjoy common carrier protections at all times, but you
          can neither inspect nor act on the contents of what you are
          carrying and can only charge for carriage itself.  Bits are bits.
        
          Choose wisely.  No refunds or exchanges at this window.
    
        In other words, ISPs get the one or the other; they do not get both.
    

[1]
[http://geer.tinho.net/geer.blackhat.6viii14.txt](http://geer.tinho.net/geer.blackhat.6viii14.txt)

~~~
dferlemann
I see your point. It would be nice to have that.

