
Disapproval of FCC regulations a significant blow against privacy protection - crispyambulance
https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html
======
edraferi
I want a privacy first router. Does such a product exist?

Key features:

    
    
      - I pay a subscription for maintenance (so I'm not the product) say $10/mo
    
      - Automatically routes all traffic over a VPN.
    
      - Smart VPN bypass for performance-sensitive traffic like streaming video and gaming
    
      - Provides non-logging DNS service
    
      - Automatic advertisement blocking
    

For VPN, DNS, and adblock I want the option to use servers & block lists
maintained by the paid service, augment them with my own, or use my own
exclusively. Bonus points for rotating requests between providers.

Does such a product exist? I think I could hack together something similar
using DD-WRT[1], but I'm confident the maintenance hassle will eventually
outweigh my desire for privacy. #shutupandtakemymoney

[1] [http://www.dd-wrt.com/site/index](http://www.dd-wrt.com/site/index)

~~~
pdkl95
> VPN

This is a political problem. Technology like a VPN or alternative DNS is
little more than a placebo. With the ISP as a permanent MitM, modern deep-
packet inspection, _etc_ , you are probably still leaking a lot of
information.

Worse, you're only moving the problem to a different location. Even if you
were able to hide your traffic from your local ISP, your VPN host or DNS
service _becomes_ your ISP _de facto_. Also, if any of your online accounts
can be tied back to you on their own, you might not get a choice in the
matter; the server's ISP can also sell information. What about TLS?
Unfortunately far too many websites are only encrypted to CloudFlare.

However, the real reason that VPNs/etc are not a solution is that privacy
shouldn't be limited to people with a technical background. Those of us that
_do_ understand the technology have a duty to help the people without that
knowledge and experience.

~~~
galacticpony
> Those of us that do understand the technology have a duty to help the people
> without that knowledge and experience.

No, we don't. The fact that the "common people" don't value privacy enough led
to this whole situation. Those that do value privacy, can pay for it with
their money (or their time to learn).

~~~
Rudism
I think the problem is not that most people don't value privacy, it's that
most are unaware of the privacy issues that affect them, or have been misled
to believe that the cost of having the websites and services that they rely on
(facebook, gmail, etc.) is necessarily tied to giving up privacy.

~~~
galacticpony
This isn't a new problem. We "know" the common people don't care because all
attempts at scandalizing this in the media, for years, have not found much
resonance.

~~~
pseudalopex
If people didn't care about privacy, companies wouldn't be so opposed to
regulations requiring them to get consent before selling personal information.
Advertisers wouldn't disguise targeting to avoid creeping people out. Uber
wouldn't have deleted a blog post mapping one-night stands. Republicans
wouldn't have had any reason to spin this bill as being about which agency
should have authority.

People do more to protect their privacy when they know it's being violated,
understand the impact, and believe they can do something about it.

~~~
galacticpony
_Some_ people care about privacy. Most probably may even care about it to some
degree, but not to the degree where they sacrifice their convenience for it.

Again, the media has done its best to scandalize the very real privacy
concerns with companies like Google and Facebook. Did it hurt their success
with the unwashed masses?

If privacy was really such a big deal, why would Uber write that blog post in
the first place? Sure, enough people complained online to get it pulled, but
that's not representative.

To wake people up, we'd need a real "story" here, like somebody getting fired
over googling something relatively innocent.

Finally, if advertisers really try to disguise targeting, they're doing a
terrible job at it. Just try turning adblock off for a moment to see for
yourself. Yes, even the common folk thinks targeting is creepy, but at the end
of the day they don't care _that_ much.

~~~
pseudalopex
I disagree that the media has done anywhere near its best to bring privacy
issues to people's attention. At the same time, many stories that do get
published offer lots of vague scares and no practical suggestions, which fuels
people's sense that there's nothing they can do.

I don't know many people who have stopped using Facebook. I do know a lot of
people who don't post things they would've 5 years ago.

Uber miscalculated, simple as that.

For targeting, I'm talking more about direct advertising. I think most people
know by now that the sites they visit don't directly control the ads they see.
Seeing the same ads everywhere is annoying but doesn't prove anything. A
company you've never given your email address sending you offers for only
items you looked at is creepy.

------
Brendinooo
I am a strong advocate for privacy, please understand that before you continue
reading this. I don't want ISPs to sell my browsing history, and I am
continually disappointed in the Republican opposition to net neutrality and
online privacy. I'm even working on an open source project involving
cryptography and secret protection, so I have skin in the game.

However, this headline is patently false, right? Congress didn't sell
anything. They removed protections that were put into place late last year and
hadn't gone into effect as far as I know.

Just because companies are legally capable of selling your browsing data
doesn't mean that they absolutely will. As far as I know, my browsing history
hasn't been sold by my ISP yet, and the regulations that were rolled back were
not the reason why this is true.

Maybe I'm just posting because I like being a contrarian, but I do expect a
more sober-minded commentary on this site than I've been getting on some
recent news items.

If you're interested in the FCC's response, here is a primary source[0]. I
don't buy most of it - I know that this is a lot of spin doctoring,
particularly that second paragraph. But it provides insight to how the FCC is
viewing this, something I haven't seen a lot of in this coverage.

Here[1] is some coverage from 2015 on the FCC/FTC issue that the third
paragraph in that presser talks about. Also worth noting is this HN thread[2]
from two years ago, where the top comment is a thoughtful critique of putting
the hopes of an open Internet in the hands of a bureaucracy. People didn't
agree, but that's the sort of commentary that keeps me coming back to Hacker
News.

[0]:
[http://transition.fcc.gov/Daily_Releases/Daily_Business/2017...](http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0328/DOC-344116A1.pdf)
[1]: [https://iapp.org/news/a/ftc-officials-concerned-about-
jurisd...](https://iapp.org/news/a/ftc-officials-concerned-about-jurisdiction-
after-fcc-net-neutrality-order/) [2]:
[https://news.ycombinator.com/item?id=9191007](https://news.ycombinator.com/item?id=9191007)

~~~
shawnee_
_However, this headline is patently false, right? Congress didn 't sell
anything. They removed protections that were put into place late last year and
hadn't gone into effect as far as I know._

It's nearly impossible to find even one constituent who wrote to their
Congresspeople asking for this law to be axed. It was a handful of lawmakers
in Congress who accepted bribes, payments[1], and other kinds of lobbying from
telecoms to push this through... that is the definition of "selling". And yes,
the votes _did_ happen almost exactly down party lines.

The headline was taken directly from the NYT article, and it is indeed
accurate. That HN changed it to appease ??? is really disconcerting.

[1][http://www.vocativ.com/415350/house-rep-pushing-to-set-
back-...](http://www.vocativ.com/415350/house-rep-pushing-to-set-back-online-
privacy-rakes-in-industry-funds/)

~~~
Brendinooo
I see where your argument is coming from. Lobbyists give money to politicians
who push legislation that favors lobbyists. In a sense that could be construed
as a 'sale'.

But if we accept that premise, even in that case the only thing that was sold
was the potential to infringe on privacy, not privacy itself.

Congressional Republicans don't own my privacy.

They can certainly make it easier for me to protect my privacy and have
possibly made it harder after this vote, but they never owned it.

~~~
elefanten
Yes, I don't think you should take the headline that literally - there's a
touch of abstraction there. More literally, Congressional Republicans sold
telcos a convenient legal avenue to violate your privacy. They didn't
"possibly" make it harder... they added a massive new burden to your life if
you care about your privacy. Read the other comments in this thread -- see how
complex and incomplete the countermeasures seem to be, even for techies?

There are many ways the government protects your privacy such that you don't
have to worry about it in X scenario. The Republicans sold one of those
protections and added a new scenario to the list of things you have to worry
about. The headline is pretty appropriate in context.

------
acomjean
In case people don't know, the author, Tom Wheeler was the previous chairman
of the Federal Communications Commission.

With the administration changed he no longer is in government.

also formerly a lobyist for the cable and wireless industry, which gives him
some insight into the industry.

[https://en.wikipedia.org/wiki/Tom_Wheeler](https://en.wikipedia.org/wiki/Tom_Wheeler)

------
xienze
So the only thing I don't understand as far as the fuss about this is
concerned -- everything I've read indicates that this is undoing a protection
put in place late last year. So essentially we've gone back in time six months
ago or so. If ISPs weren't selling our info then when they could have, why
does it logically follow that we're now in some uncharted territory of ISPs
selling personal info? Or is this simply blowing the situation out of
proportion because Republicans did it?

~~~
programmarchy
Here is a less editorialized summary of the bill:

[https://www.govtrack.us/congress/votes/115-2017/h202](https://www.govtrack.us/congress/votes/115-2017/h202)

It repealed 73 pages [1] of regulation on ISPs.

Personally, I'd like to see more competition in the ISP space. This bill may
help by reducing barrier to entry, but the central problem remains that
national carriers have lobbied the state to prevent competition at the
municipal level.

Furthermore, this bill seems like a minor nuisance compared to the data
collected by Facebook, Google, and the NSA.

So yes, I'd say this is being blown out of proportion. The Republicans aren't
being evil, but they have much more to do before I'd consider them being good.

[1]
[https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.p...](https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.pdf#page=1)

~~~
shopkins
> Furthermore, this bill seems like a minor nuisance compared to the data
> collected by Facebook, Google, and the NSA.

This is the bullshit argument Republicans/ISPs are pushing that anyone
technical should immediately realize as such. It's conflating two separate
issues.

I can _choose_ whether or not to use Google and Facebook, and indeed willingly
"agree" to their TOS when I log on. But to even _get_ to those providers, I
need to go through an ISP. As someone in rural America, I don't have a choice
in ISPs, and even in a lot of cities where you have "choice," they all share
the same privacy-invading practices. _That 's_ the point of the rules passed
by the FCC: protecting us, the consumers who are subject to the whims of anti-
competitive corporations that have access to large swaths of our personal
data.

~~~
programmarchy
Agree with you on Facebook and Google. There's a choice, and at least there is
no law preventing competition/disruption. Not the case with the NSA, but
that's a tangent.

The root issue is the national providers lobbying the state to prevent
competition at the municipal level. Granting more power to the FCC does not
solve that problem. Rather, it would only serve to lock in the existing
monopolies and further centralize control with the state/corporate nexus.

The state preventing the market from functioning is not a valid reason to
introduce more state intervention. In my view, competition will protect the
consumer better than regulation in the long run.

~~~
shopkins
Absolutely, competition will protect the consumer best. But we need that
competition first :)

In the meantime, it seems logical to take _some_ steps to limit the damage
that our currently monopolistic telcos can do and give _someone_ power to
enforce a rule that: "(1) applies the customer privacy requirements of the
Communications Act of 1934 to broadband Internet access service and other
telecommunications services, (2) requires telecommunications carriers to
inform customers about rights to opt in or opt out of the use or the sharing
of their confidential information, (3) adopts data security and breach
notification requirements, (4) prohibits broadband service offerings that are
contingent on surrendering privacy rights, and (5) requires disclosures and
affirmative consent when a broadband provider offers customers financial
incentives in exchange for the provider's right to use a customer's
confidential information." [0]

I mean seriously, considering the current landscape, does that seem like
unreasonable overreach? Is anyone going to go out of business with rules like
that?

[0]: [https://www.congress.gov/bill/115th-congress/senate-joint-
re...](https://www.congress.gov/bill/115th-congress/senate-joint-
resolution/34)

~~~
programmarchy
The summary does sound reasonable on the surface. But read the whole whopping
73 pages. The regulations hurt small ISPs much more than national carriers.

For example, there's a Mom & Pop cellular-based ISP that serves my small
mountain community. They could certainly be put out of business by this type
of regulation after they pay for lawyers, IT services, training staff on new
operations, etc. -- and heaven forbid they get audited by the FCC.

Maybe if the regulations only applied to national carriers, then you could
argue this wouldn't hamper competition. That'd be something I could support.

~~~
pseudalopex
The actual regulations are about 3 pages, 2 if you respect your customers'
privacy. The previous 70 pages include historical context, rationale,
explanation of related regulations, even an overview of the OSI model.

The FCC gave small providers a one-year extension and other concessions. And,
as they pointed out, small providers generally collect less customer
information and use it more narrowly.

------
Clanan
Tom Wheeler, former FCC chairman and cable/wireless lobbyist, fails to
charitably address why his opponents did what they did. To Republicans and
opponents of his FCC chairmanship, this was about regulatory authority, not
"selling your data to ISPs". They believe the FTC, not the FCC, should be the
main privacy regulator as it has in the past. They also contend that ISPs are
already disallowed from scooping and selling data without consent, and that
the FCC already has authority to prosecute, via sections 201, 202 and 222 of
the Communications Act.

~~~
dragonwriter
> They believe the FTC, not the FCC, should be the main privacy regulator as
> it has in the past.

If they believed that, they would pass legislation to correct the law on which
the court relied striking down FTC regulatory authority in this area and allow
the FTC to actually do that; not doing that when reversing the FCC rules which
mirrored the FTC rules which were struck down demonstrates that that is a
pretext, not a genuine motivation.

~~~
JumpCrisscross
> _they would pass legislation to correct the law on which the court relied
> striking down FTC regulatory authority in this area_

The FCC rule is being struck down using the Congressional Review Act [1]. CRA
provides "an expedited legislative process" [2]. Giving the FTC authority in
this area would require passing a real law. (That said, I agree with you
regrind the explanation of motive.)

[1]
[https://en.wikipedia.org/wiki/Congressional_Review_Act](https://en.wikipedia.org/wiki/Congressional_Review_Act)

[2]
[https://web.archive.org/web/20150402230759/http://assets.ope...](https://web.archive.org/web/20150402230759/http://assets.opencrs.com/rpts/RL30116_20080508.pdf)

~~~
tzs
It's not clear to me how the CRA actually makes anything faster in this case.
The "real law" approach would only need a simple law, which surely could be
drafted quickly. Both a "real law" and a CRA action require the same simple
majority in the House and Senate, which they have.

~~~
dragonwriter
CRA actions can't be filibustered, regular legislation can. OTOH, while
Democrats might filibuster repeal of the FCC action if they could, I can't
imagine a clear positive grant of regulatory mandate to the FTC on this issue
would be opposed by Democrats, so if that were really the majority's concern,
I don't see how the procedural distinction between CRA action and regular
legislation would be a real issue.

------
gbrown
This is like FedEx or a privatized USPS being able to open your packages and
read your mail without telling you.

I pay you to carry my damn packets, keep your filthy hands off my data.

~~~
jvandonsel
A better analogy would be FedEx selling your incoming and outgoing addresses
and package weights to third parties, not necessarily the contents of your
packages.

~~~
fowlerpower
Why not the contents? What happens when most content is not over a secure
connection such e.g. Over HTTP? Could they not inspect the content?

It sure seems like they could. For most people most of the internet is still
insecure.

~~~
pythonaut_16
I know for me personally I already assume anything over a non-HTTPS or non-
secured protocol will be received and possibly read by anyone and everyone.

~~~
falcolas
You forgot "and changed". Injected ads, injected JavaScript, replaced ads...
This has been occurring, and without protections against it, it will continue
to occur.

------
jonjohn84
I feel like this isn't going to go anywhere but I'm still tempted to
contribute:
[https://www.gofundme.com/BuyCongressData](https://www.gofundme.com/BuyCongressData)

~~~
ericd
Why on Earth would this be set at $500M, and why on Earth would people trust a
random person on the internet with that?

------
djoldman
The fact that this law has passed raises an interesting question: can a
private citizen request and receive any and all information from a government
entity about the users of that government's various assets? For instance:

1\. Detailed data on the number, character, weight, etc. of every car that
passes on a government road. (cameras record license plates, traffic videos
exist, weigh stations are sometimes required for trucks, etc.)

2\. Power companies bill the owning address for every power meter connected to
the grid - therefore it should be possible to compile detailed historical data
on power use. (watt-hours used, at least in monthly time-slices, possibly with
geo-locating data, etc.)

3\. Same as above for water use.

It seems to me that if the government is going to make it legal for a provider
of services that run on government owned property (telephone/internet lines,
which if not in all cases outright owned by the federal government, ARE deeply
regulated by it), then why not all the databases concerning all gov. property?

------
dsr_
If engineers would refuse to implement privacy invasions, they wouldn't
happen.

Do you work for Comcast, Verizon, AT&T, Time-Warner, CenturyLink, Charter,
Cox, Frontier? Don't implement these things. Don't do deep packet inspection,
don't log things that shouldn't be logged, don't put in MITM proxies and don't
insert cookies in traffic that your customers expected to have unmolested.
Explain your decision, and explain it to your coworkers.

Some of you will lose your jobs. I'm sorry. However, you're in high demand.
And maybe you can make a difference.

~~~
Chaebixi
> If engineers would refuse to implement privacy invasions, they wouldn't
> happen.

That'll never work, as long as it's just a personal ethical thing. There's
always someone who would rather take the money.

Now, if there was a professional organization or union with some teeth, which
could enforce some kind of ethical code, then maybe "engineers" could do
something about stuff like this. I'm not sure how it would work in detail, but
it might involve pickets/walkouts of entire organizations engaged in unethical
projects or expelling members who work on them in a way that negatively
affects their future job prospects.

~~~
voidlogic
>That'll never work, as long as it's just a personal ethical thing. There's
always someone who would rather take the money.

So true

>Now, if there was a professional organization or union with some teeth, which
could enforce some kind of ethical code, then maybe "engineers" could do
something about stuff like this.

That won't work either. A few years ago most of the
"programmers/developers/computer scientists" I worked with (we weren't
pretending to be engineers yet), all had C-S degrees (either C-S undergrad or
math/physics undergrad with C-S masters+). And by and large these people were
usually members of the ACM or IEEE.

Now with the rise of the "self tough (software) engineer", these professional
organizations are weaker than ever before. My cube make is not only likely to
be a boot camp graduate, they are likely to not know what the ACM is, never
mind any ethical standards its has and of course have no concern for being
kicked out.

Now I am not saying all this is good or bad, democratization of technology has
pros and cons. But its a shift that makes depending on professional orgs more
worthless than ever before. (some of this is also coast vs inland US, the west
coast as always had more self-tough vs academia tought programmers).

~~~
Chaebixi
> And by and large these people were usually members of the ACM or IEEE.

> But its a shift that makes depending on professional orgs more worthless
> than ever before.

I don't think those organizations have ever had any "teeth" in any space, let
alone the professional one. I don't think anything like what I'm talking about
had ever existed for programmers. I'm thinking of something like more like a
Bar Association (like for lawyers) with regulatory/licensing powers or a union
with labor-market power. I admit, both are unlikely to arise anytime soon.

[https://en.wikipedia.org/wiki/Bar_association#Mandatory.2C_i...](https://en.wikipedia.org/wiki/Bar_association#Mandatory.2C_integrated.2C_or_unified_bar_associations)

> Some states require membership in the state's bar association to practice
> law there. Such an organization is called a mandatory, integrated, or
> unified bar,[3][4] and is a type of government-granted monopoly.

[https://en.wikipedia.org/wiki/Disbarment](https://en.wikipedia.org/wiki/Disbarment):

> Disbarment is the removal of a lawyer from a bar association or the practice
> of law, thus revoking his or her law license or admission to practice law.
> Disbarment is usually a punishment for unethical or criminal conduct.
> Procedures vary depending on the law society.

> Generally disbarment is imposed as a sanction for conduct indicating that an
> attorney is not fit to practice law, willfully disregarding the interests of
> a client, or engaging in fraud which impedes the administration of justice.

------
serafinlion
It's a repeal of the regulation put in place by the FCC last year October
prohibiting ISPs (such as Verizon, AT&T) to sell their customers' data. This
shows how strong the lobbyist groups are if this very recent item was taken on
this quickly -- which makes sense if you think about that it's a $156+ billion
industry in the US alone.

The regulation from last October required to ask for expressive consent to
sell the following:

\- Precise geo-location \- Children’s information \- Health Information \-
Financial Information \- Social Security Numbers (wait, they actually sold
those?!) \- Web Browsing History \- App Usage History \- The content of
communication

With the new regulation, passing all of these information on is fair game
again. Which is absolute fucking shocking!

Btw, for anyone interested, I wrote a blog post about the implications of the
new regulation for ISPs when it was first passed -- just make sure to read it
as the opposite of what I wrote: [https://blog.datawallet.io/broad-band-
providers-take-a-hit-b...](https://blog.datawallet.io/broad-band-providers-
take-a-hit-by-the-fcc-why-should-we-care-5b565c960d74)

------
zaroth
Internet Provisers -- that's Google and Facebook, right?

On a more serious note, people need to understand that every domain you visit,
every query you search, every digital conversation you have, every number you
call, every movie you watch or book you read, everything you buy, unless you
take active measures to mask your identity that record is being retained by as
many different people that can get their hands on it as possible.

Let's be clear about what this bill is potentially changing -- not who is
collecting the data but who can _monetize_ it.

Frankly, a bill that allows monetization of data already collected is not
about privacy it's about deregulation. As long as the data is retained,
privacy is already lost.

I actually really like this bill because it exposes, well, how _exposed_ we
all are online. The more people understand how much tracking is going on, the
more likely we can garner the will, the market, the demand for technological
solutions which actually protect _privacy_ rather than regulating
monetization.

~~~
M_Grey
More likely people will, without ever understanding any of this, become
agitated and then over time... nothing they recognize will happen, nothing
they can see will change. It will be even harder to get their attention next
time...

~~~
tcfunk
It's the slow boil

------
pragone
Since this isn't posted in this thread yet, here it is:
[https://github.com/jlund/streisand](https://github.com/jlund/streisand)

Unless someone can point out why it's not what it's cracked up to be? Seems
like a rather easy-to-setup solution, somewhere between straight up paying a
service and rolling everything yourself (I do pay PIA, but I've found that,
not infrequently, my speeds are _drastically_ throttled. I'll be actively
downloading a file while connected at 400kb/s, cancel the download, disconnect
from them, restart the same file, and be at 10mbit/s. I have no doubt some of
that is due to the nature of the VPN, but I can't imagine all of it is. But,
I'm not not a network engineer.)

~~~
snowpanda
My concern is that if you connect to a VPN server in the US that your traffic
will still be sold because the VPN provider technically also an ISP. I could
be wrong though.

------
Asdfbla
At least consumers still have https going for them I suppose? Or maybe ISPs
are now more motivated to man-in-the-middle those connections to get to the
data, under the guise of security or something?

~~~
huxley
I don't believe SSL alone would protect you since ISPs would still have access
to the DNS lookups, the fully qualified domain name of the server (which is
sent in cleartext for SNI), and IP addresses for the person browsing, so
there's still plenty of "meta-data" for them to sell.

Maybe if you use a third party DNS service, but then you need to trust them.

~~~
state_less
Is there TLS connections to DNS servers available for the major operating
systems?

edit: You're still broadcasting the IP you're connecting to, but it's still
nice to close up this DNS lookup leak.

------
Thrymr
I am curious whether any companies are concerned about this for employees who
work from home. Can ISPs resell business espionage to the highest bidder? Not
all employers are savvy enough to provide and require VPNs.

------
good_sir_ant
The article's main argument is that the ISPs are selling something that
doesn't belong to them, but to the consumer.

I don't like the idea of my personal information being sold, but how could you
state this as fact? Shouldn't it be up to the consumer to choose to do
business with a company that sells your personal info vs a company that does
not?

~~~
Asdfbla
You say that as if everyone had the ability to changes ISPs freely. Consumer
choice is irrelevant if there's nothing to choose from.

~~~
fosco
I have a single altenative ISP that offers over 15 mbs, there is no fiber in
my area. I live in New York. not the city, and I do not live 'upstate'.

as the above pointed out to your comment, it is very difficult to chane ISP's
I am not happy with mine and I do not have an alternative. my unhappiness came
way before this bill.

------
singularity2001
This can't be repeated often enough:

If you have some ssh server somewhere (who hasn't), you can very easily create
a 'VPN over ssh' by calling:

sshuttle -r user@remote_host 0.0.0.0/0 --dns

------
milesf
Time to roll up our sleeves and get to work. I've watched the tech community
battle back many times: PGP, SCO Unix vs Linux, WebStandards.org, etc.

How do we fight this using software? Remember that many of the innovations
came from single individuals. Is there a way to have a fully private, fast
communication between two computers when we know everything we do is being
saved and analyzed? Because that's all the Internet really is, whether one of
those computers is a web server and the other a browser or any other infinite
combination.

------
j2bax
Is there anything the average user can do to protect their data/privacy from
their ISP?

~~~
somebehemoth
VPN is a solution but requires trust in VPN provider. OpenVPN on a VPS can
help. Also, consider DNS traffic can leak information, but I've not read of a
fool proof way to fully protect DNS queries.

~~~
edraferi
I use a VPN, but I have to turn it on for each device. Is there a good way to
set up my router to automatically push all traffic through a VPN? I'd probably
need to make exceptions for stuff like video traffic.

~~~
barryfandango
You can install Tomato
([http://www.polarcloud.com/tomato](http://www.polarcloud.com/tomato)) on a
compatible router. It has a bunch of options for routing all/some/groups of
devices through various VPN's. This might be a feature in newer stock router
firmware too.

------
jaySmith
One idea that I have been running through my head for awhile is a Tor like
onion router that could be funded by a special cryptocurrency. This would mean
each relay would get some amount of money for passing a packet on to the next
relay. Ultimately this would solve two problems with Tor: speed (as it is paid
there would likely be more relays with faster connection) and issues with spam
(DOS over the network would cost a lot more.) Obviously it would suffer from
some anonymity issues that would need to be solved as you are paying and it
could be traced. I don't know if this idea would solve the issue in this case
but I figured I would mention it.

------
erdojo
Might be an ignorant question, but could individual websites do more to
prevent an ISP from seeing your activity on the site?

I know HTTPS should be able to help (?), but ISPs can still see the domain
you're visiting and get metadata on the encrypted traffic, which can be
revealing.

Are there architectural or tech stack decisions a company could make that
would basically lock an ISP from knowing anything except the root domains you
visited?

------
valine
What I want is a way to tie my own VPN to something like my Apple id and have
it auto configured anytime I move to a different device. Right maintaining VPN
clients on a range of devices is a pretty big hassle. I'm not saying I want
Apple to run vpn services, I just want an easy way to manage vpn
configurations on personal devices.

~~~
lloyd-christmas
[https://betterspot.com/](https://betterspot.com/) was a Kickstarter project I
funded. They haven't shipped yet, but look to be this month.

------
cryoshon
if i dare to say that the republicans fucked us over i'll be banned for
"partisan bickering", so:

we just need to develop technological workarounds to the politicians. vpns are
an okay start.

~~~
notheguyouthink
It's actually interesting, now i feel like VPNs are going to get a huge spike
in customers.

On that note though, if all ISPs are doing this, what VPN choice do you have?

------
Spoom
I'm curious if this will result in ISPs requiring the installation of an SSL
root CA on customers' devices -- they can't track SSL traffic without it.

~~~
croon
They know where you connect to. That's still plenty of information.

------
eternalban
This is basically like having your mailman/postoffice sell the list of your
to/from addresses.

Isn't it possible to challenge this on constitutional grounds?

~~~
deong
I really doubt it. First, the Constitution places limits on the government;
not so much on contractual agreements between private parties. What you and
Comcast agree to just has to avoid depriving you of basic human rights (i.e.,
you can't sell yourself into slavery).

Even ignoring that, you give up most constitutional privacy claims if you
start disclosing the information to third parties. The ISP is a permanent and
necessary third party here. If you tell your ISP that you want to go to
ihaveherpes.com or whatever (by asking them to route your traffic there), then
I'm not sure you have any claim to privacy as it pertains to a conversation
between you and the herpes people. You willingly gave the ISP the information.

That's why we need legal protections like the prior FCC rules. Because by
necessity, you need something above any bare constitutional protection.

------
wu-ikkyu
Sounds like it's time for an "AdNauseam" for browser history obfuscation. Does
anyone know if such a tool already exists?

------
JohnLeTigre
Great, now everyone will use Tor and torrent over I2P. I wonder if these
technologies can handle the extra bandwidth.

------
xori
I'm curious, does this mean that an ISP can sell non-anonymized data collected
between last October and now?

------
davidgerard
Fake title. Actual title: "How the Republicans Sold Your Privacy to Internet
Providers"

------
earlyriser
How difficult would be to create a DuckDuckGo of the ISPs? Both at national or
local levels.

------
0wl3x
Does anyone have a good VPN that they would recommend? This bill is totally
fucked.

~~~
needz
I use PIA
([https://www.privateinternetaccess.com/](https://www.privateinternetaccess.com/))
and don't have any complaints. They have apps for every OS, servers all over
the place, and don't log anything. If you search around you can find a deal
for 2 years for $60.

------
joe_momma
good thing this will create jobs jobs jobs! aka just ordinary bull shit.

------
ryanmarsh
Begun the crypto wars have.

------
dfar1
What is the name of the bill? And where can I read it? Thanks.

~~~
tzs
Here: [https://www.congress.gov/bill/115th-congress/senate-joint-
re...](https://www.congress.gov/bill/115th-congress/senate-joint-
resolution/34/text)

Here's the full text:

> Providing for congressional disapproval under chapter 8 of title 5, United
> States Code, of the rule submitted by the Federal Communications Commission
> relating to “Protecting the Privacy of Customers of Broadband and Other
> Telecommunications Services”.

> Resolved by the Senate and House of Representatives of the United States of
> America in Congress assembled, That Congress disapproves the rule submitted
> by the Federal Communications Commission relating to “Protecting the Privacy
> of Customers of Broadband and Other Telecommunications Services” (81 Fed.
> Reg. 87274 (December 2, 2016)), and such rule shall have no force or effect.

------
twsted
This and the move to dismantle the Clean Power Plan. Sad.

------
mozumder
But her emails?

------
peregrine
The Hacker News mods should comment why this post has been 'bumped' from the
top spot and why it's title is no longer the original title of the article.

From the
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html):

> Otherwise please use the original title, unless it is misleading or
> linkbait.

The title is the original, it wasn't misleading and it isn't 'linkbait'. Its
the premise of the article and it's the truth.

dang please help me out here.

~~~
Brendinooo
The headline isn't true. Congress voted to remove regulations, they didn't
complete a financial transaction with ISPs.

~~~
peregrine
Because none of them received donations or were lobbied?

~~~
snowpanda
You're reaching..

~~~
peregrine
I did one google search and found
[https://www.theverge.com/2017/3/29/15100620/congress-fcc-
isp...](https://www.theverge.com/2017/3/29/15100620/congress-fcc-isp-web-
browsing-privacy-fire-sale) and is fully sourced by generally reputable data.
I'd be just as pissed if Democrats sold us down the river, which I am about
Obamacare several years ago.

------
bubblethink
Why was the title of this post changed retroactively on HN ? The article is an
op-ed with the title "How the Republicans Sold Your Privacy to Internet
Providers".

------
0xfeba
> In 2016, the F.C.C., which I led as chairman under President Barack Obama,
> extended those same protections to the internet.

Oh how nice of Tom Wheeler to play the good-guy now. It took a lot of public
outcry for him to change his tune about Net Neutrality.

~~~
chrisrhoden
He came around, and then was a reasonably good champion. Let's live in a world
where people aren't permanently branded with temporary positions.

~~~
0xfeba
I suppose you're right. But I will still remain suspicious of a former
lobbyist turned head of FCC turned NN champion.

