
Comcast, AT&T and Verizon pose a greater surveillance risk than Facebook - pmoriarty
https://www.theguardian.com/commentisfree/2018/apr/06/delete-facebook-live-us-still-share-data
======
ereyes01
Yes, ISPs can snoop on you to a degree, but I don't see how it's worse than
Facebook or Google. ISPs have to work around widespread (and growing)
encryption, while Google/Facebook have your _actual_ data... plus, they know
way more about you in minute detail via their mobile apps and devices. My home
internet is VPN'ed and unless my ISP is expending undue effort on monitoring
me, it can't see much detail about what I do on the Internet. However,
Google/Facebook break all the security layers because we explicitly _trust_
them with all our data. Unless something fundamentally changes (maybe via net
neutrality somehow allowing ISPs to penalize encrypted traffic or something),
I don't see how Facebook/Google don't run away with all the power here.

~~~
ThoAppelsin
I, too, use encrypted VPN, but we are just a minority. Many people use the
services provided as-is without taking any extra measures, and I think that
those are the people more likely to be influenced by the influencers anyway.

We, the ones that they'll have to _spend undue effort_ to sniff out a profile
about, are not targets to them. We are much too resistant to it that we have
gone all through the effort of setting up a private VPN with good encryption.

~~~
2bitencryption
Just wondering, what makes you trust your VPN provider more than your ISP?

~~~
ThoAppelsin
I use DigitalOcean as my VPN provider and make my connections to there over
IPSEC. I did not set the server up myself alone, but used the Algo VPN [1]
script to do it for me. With this setup, I have two things to be concerned
about:

1- I did not audit the script myself, and they may have injected various
malware to the VPN server it spun up during the setup. I am not concerned
enough to not trust them, but I could just read the script thoroughly to
eliminate the necessity for trust.

2- DigitalOcean has the access to hardware, so it might be doing whatever
while I am not looking, and I just never look. Similarly, I could monitor the
activity on the server to assume some control.

I chose DO for being the cheapest ($5/month).

[1] [https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)

------
citilife
I recently received a "terms of service" update from Comcast, with the
notification that they can now "monitor and record anything going through the
network. Including, but not limited to: audio recording, video recording, ..."

I don't even have an alternative in my area.

~~~
ians
for anyone interested I pulled up the Terms and found what I believe the OP is
referencing:

`Monitoring and Recording. You agree that Comcast and its agents may monitor
and record any telephone calls or other voice, data or image communications
that are transmitted between: (1) Comcast and its agents and (2) you, your
agents, any user of your Service(s) or Equipment, or any user of any phone
numbers associated with your account.`

~~~
savanaly
Well doesn't that just mean they're allowed to record the conversations
between me and their tech support? How is that worrisome? I assumed the person
you were replying to was asserting that Comcast had proclaimed its right to
record all communications I had over the internet.

~~~
seorphates
I don't know. I'm reading it differently. I'm reading it in a way that almost
any other entity with the power to execute on a term like that probably would
- liberally and with deference to their own interpretation of lawful. Not too
mention the 100% murky scope of requests and behests of government.

I read that the wire is owned by Comcast. Its agents roam free and everything
traversing that wire is monitored. 100%.

~~~
rayiner
If you're going to read the language non-sensically, why even bother to point
to the text? Why not just make up whatever you want?

The numbering and the "and" clearly mean that one of the two endpoints must be
"Comcast and its agents." The language is there to allow them to record
customer service calls because otherwise in some states that would be a
violation of wiretap consent laws.

~~~
munk-a
I think this language could allow for Comcast to monitor any traffic passing
through their proxies?

I agree that it seems to be worded to imply that it's just CS monitoring but I
don't believe that `transmitted between` would necessitate that the party be
the intended endpoint.

------
pascalxus
I've always wondered why people are so hard on Facebook, but give At&t and the
other ISPs a free pass to do whatever they want. If you ask me, the ISP
cartels are orders of magnitude more evil than FB.

At least FB is making changes to address the issues, unlike At&t who keeps
screwing people over more and more every year.

~~~
rayiner
Largely because FB is mining your data today and has built a half-trillion
dollar business doing it. For ISPs it's mostly theoretical and attempts here
and there. (That's why this article uses the phrase "pose a greater
surveillance _risk_ ").

~~~
welder
Spoiler Alert: ISPs also already sell your data to advertisers and data
middle-men. They also have built a business selling your data.

------
iClaudiusX
The text of Joint Resolution 34 when it passed in the Senate last year
[https://www.congress.gov/bill/115th-congress/senate-joint-
re...](https://www.congress.gov/bill/115th-congress/senate-joint-
resolution/34)

The role call vote breakdown
[https://www.senate.gov/legislative/LIS/roll_call_lists/roll_...](https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=115&session=1&vote=00094)

Ars Technica's coverage of the bill (now law) with context
[https://arstechnica.com/tech-policy/2017/03/senate-votes-
to-...](https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-
sell-your-web-browsing-history-to-advertisers/)

------
peterwwillis
If you use Chrome or Firefox, almost all of your data is hidden from the ISP -
increadingly more sites use HTTPS, and use a CDN, and browsers are
implementing DNS over HTTPS and have their own DNS resolvers. In addition,
providers like Google are literally proxying your mobile requests to unrelated
sites to capture even more data.

Google and CloudFlare can see probably more than 90% of your traffic without
even trying. Google's business model is dependent on selling advertisement
based on your data. Your ISP can see maybe 50%, and it's shrinking fast.

All of these companies exist because _you agreed to them_. You're paying them
to continue this behavior, or using their free services. Stop agreeing to free
services and stop using monopolies. Lobby your local government to overturn
laws preventing municipal internet providers.

That won't happen though, because people don't really care _that_ much about
surveillance to go to those lengths just to stop it. Hell, the NSA is still
illegally wiretapping US citizens.

~~~
GordonS
> If you use Chrome or Firefox, almost all of your data is hidden from the ISP

Can you elaborate on how Chrome and Firefox hide your traffic from your ISP,
and what privacy advantages they have over IE, Safari or Opera?

~~~
peterwwillis
Sure. Chrome and Firefox both implement (or are implementing) DNS over HTTPS,
which hides what domains you're visiting by passing the request encrypted
through a provider such as Google. Chrome also has a "data saver" on mobile
that passes your traffic through Google's servers. Opera has had similar
functionality for some time. Safari and IE will implement DNS over HTTPS once
it's a standard, which should be soon. Don't know if they have plans to
support tunneling too.

~~~
iggg
What is stopping yourisp from doing reverse dns and looking up what domain is
pointing to the IP you are connecting to?

~~~
peterwwillis
You can't do reverse DNS for sites using SNI. Multiple hosts use the same IP.

------
gscott
Further expanding on the article, ATT sells a spy service to police
departments and many police departments are paying 100k and more yearly to ATT
for this.

[https://mashable.com/2016/10/25/att-selling-data-
police/#DuI...](https://mashable.com/2016/10/25/att-selling-data-
police/#DuI6_vekkqqx)

------
jacquesm
Comcast, AT&T and Verizon don't have a single bit of data on me, I'm not a
customer. As opposed to Facebook and Google being present on just about every
webpage and gobbling up data about _all the people on the planet that have
internet access_.

The article has this bit in it:

"Your internet provider doesn’t just know what you do on Facebook – it sees
all the sites you visit and how much time you spend there. Your provider can
see where you shop, what you watch on TV, where you choose to eat dinner, what
medical symptoms you search, where you apply for work, school, a mortgage.
Everything that is unencrypted is fair game. "

The last part is the important part: hardly anything is unencrypted these days
(and if it isn't it really should get with the times). So if that part of the
article would have been adjusted to the present day situation that only thing
that remains is that _if_ these parties are your provider then they can indeed
see which IP addresses you connect to (if you don't use a VPN).

They can't see what you watch on TV unless you configure your TV to tell them
(or use a set-top box to choose your channels for you), they do not know where
you choose to eat your dinner unless your smartphone leaks GPS coordinates to
them (regular triangulation is too coarse for this) and they do not know where
you apply for work and school or a mortgage.

In general this is a whole bunch of alarmist hoopla, yes, providers see too
much data, no it's _nothing_ compared to Facebook and Google.

What should worry you is AT&T and other cellular services providers access to
your call records (which they are required by law to keep for a long time in
most places) and SMS data as well as the possibility of them recording all
your voice calls without your consent.

~~~
schoen
> The last part is the important part: hardly anything is unencrypted these
> days (and if it isn't it really should get with the times).

It's always nice to see

[https://letsencrypt.org/stats/#percent-
pageloads](https://letsencrypt.org/stats/#percent-pageloads)

Everyone can do something to help increase this!

(On the other hand, there's still an information leakage from the volume and
timing of communications, like inferring that two people are communicating
with one another in real time because their traffic flows are correlated, or
figuring out what page someone's reading on a site from that total volume of
encrypted traffic downloaded.)

~~~
ocdtrekkie
It's pretty hard for ISPs to do that on a large scale: ISPs are only regional
monopolies, in the areas they are monopolies at all. There's likely a
relatively small percentage of your communications where both ends of the
communication are using the same ISP.

~~~
schoen
On the other hand, most people communicate most often with people in their own
geographic region, and in the U.S. the "two people on the same ISP" probably
happens pretty frequently with Comcast and AT&T (as well as national mobile
carriers in the case of mobile data service, where you might not immediately
realize that the carrier could learn that information in the way that it would
if you were making a phone call or sending a text message).

~~~
ocdtrekkie
With calls and texts, certainly, but with Internet traffic? Bear in mind as
well, ISPs tend to be monopolies in more rural areas, where the distance
between people is higher to begin with. And most of your communications on the
Internet will go to or from a server, which is likely not local.

~~~
schoen
In this case, the ISP can correlate the timing of the communications activity
in order to confirm that it involves two particular customers.

~~~
ocdtrekkie
Give me an example, what kind of communication?

~~~
schoen
Like a Skype call. If user A calls user B (of the same regional ISP), the
communications don't go directly from A to B (rather they go from A to Skype
and Skype to B, and vice versa), but the timing and volume of the traffic
flows are extremely well correlated.

~~~
ocdtrekkie
Alright, I can grant that is true, although if you assume an ISP like Comcast
has thousands (or more) simultaneous Skype calls, and they come and go often
enough that it's likely you'll be dealing with many starting at close to the
same time... there's a lot to track there. Also, bear in mind, you have to
weed this out from all the unidirectional calls: Comcast to [other ISP] and
[other ISP to Comcast] calls, so you can't even make one-to-one matches
reliably.

And of course, when you compare to the tech industry alternative: Microsoft
knows who is talking to who straight up (and on a global scale), whereas the
ISP can only guess. And while the ISP's understanding of who is calling who
ends at the household, Microsoft knows which user accounts made the call,
which is much more likely to correlate to individual people.

~~~
jacquesm
MS has access to the payload as well.

------
docdeek
> Many – though by no means all – of us are privileged enough to
> #DeleteFacebook, or at least reduce the time we spend there.

What privilege is being referenced here?

~~~
Jeff_Brown
There are countries where Facebook is a primary means of communication.

~~~
docdeek
I wasn't aware of that. I know of places where it is popular and a reflex for
quick communication but I didn't think it would be a/the primary tool.

------
chvid
This is a somewhat misguided article.

Your ISP does not have access to most of your communication, social media
usage and searches as that runs thru https.

That is why Facebook and others is completely blocked in China. Had the
national carriers been able to surveil and block select communication they
would have been asked to do so by the government.

Secondly an ISP charges you a subscription and that is their revenue model.
They are not incentivised to build an elaborate profile on your in order to
deliver advertisement.

Thirdly ISPs in most countries are required by law to support the police with
surveillance information. That is done in transparent way (you can read the
laws and ask your politicians).

This police support has always existed sinces the days of the tele monopolies.
However now that more communication runs via internet, https and social media,
it creates this strange inbalance where the police cannnot get the same access
to Facebook (or similar) communication as they can to SMS or voice
communication.

Also Facebook provides different level of access to the NSA, the police in
Denmark and the police in Myanmar. And do that in a non-transparent manner.

~~~
fiatpandas
>Secondly an ISP charges you a subscription and that is their revenue model.
They are not incentivised to build an elaborate profile on your in order to
deliver advertisement.

Please, everyone, stop saying things like this. Just because you pay a company
money for a service does not mean you magically have a perfectly balanced
relationship with them. They are in a position of extreme power and will not
stop caring about aggregating what you do in a machine readable format in fine
detail, all the while doing so behind a veil of legalese opt-out style
tactics.

Beyond the lobbying for more relaxed data collection / monetization laws, ISPs
have been fined in the past for injecting tracking cookies to keep better
record of your browsing habits. They’ve been caught selling IP identification
api’s. No, they don’t care about delivering advertising to you, they just want
to broker your data to companies who will.

------
confounded
If you have a local independent ISP, _use them_!

Two great ones in SF, MonkeyBrains and Sonic. Both support net neutrality, and
don't do any of this evil shit.

[https://www.monkeybrains.net/](https://www.monkeybrains.net/)
[https://www.sonic.com/](https://www.sonic.com/)

------
kerng
Doesn't Comcast even require a special router, where they install custom certs
and packet analysis software. Remember a friend of mine was on the phone long
with their support, because he just wanted to use his own router, but Comcast
wouldn't wanna patch him through. Anyone had similar experience? I can ask him
again for details.

------
jason_slack
Can anyone talk about hardware and software one can run at home to help
protect themselves more?

I have a pfsense box for firewalling the whole connection. I should look and
see if I can integrate VPN with this as well.

Right now I use a personal router with Astrill VPN for when I am out and about
at coffee places. This:
[https://www.amazon.com/gp/product/B01K6MHRJI/ref=oh_aui_sear...](https://www.amazon.com/gp/product/B01K6MHRJI/ref=oh_aui_search_detailpage?ie=UTF8&psc=1)

Plus I also have this Ubiquite Edge Router I carry around too for wired
connections.
[https://www.amazon.com/gp/product/B00YFJT29C/ref=oh_aui_sear...](https://www.amazon.com/gp/product/B00YFJT29C/ref=oh_aui_search_detailpage?ie=UTF8&psc=1)

------
inspecotrrr
They can't read the contents of conversations masked by TLS, but Facebook can.
This is incredibly relevant to modern services and technology.

Telephone is an audio stream, so speech-to-text is a bit more wobbly. SMS, on
the other hand... well, at least their price gouging was cost prohibitive for
a few decades.

------
LeoPanthera
I've been forwarding all outgoing connections on port 80 (and a selection of
other commonly-unencrypted ports) through a VPN (in the router) for a while
now - but leaving all other ports (including most importantly 443) connecting
directly.

It feels like a good compromise between privacy and speed.

------
droopybuns
I think this is fear mongering in the extreme.

Facebook, Twitter and Google have persuaded all of the major internet sites to
add code to their pages in the hope that it will drive more page views. At
this point they have implemented enough code to reap the same level of benefit
that you might get from passively MITM’ing all internet traffic. What’s
“worse”, is that Facebook and Google are campaigning heavily to move all web
traffic to encrypted. The end result: a “more secure” internet that just
happens to fend off a competitive threat.

The author should be ashamed of themselves. I think this falls under the
“relative privation” fallacy. Google and FB are peerless when it comes to
surveillance.

~~~
gcb0
plus google amp, where google serves your site from their servers. and 4.4.4.4
and 8.8.8.8 dns servers, where they can see which ssl site you visit that
still haven't added their spy code

------
_bxg1
The good news is, HTTPS is pretty common these days and Cloudflare just
launched encrypted DNS (1.1.1.1). Those two things cover a large portion of
exposed data.

If you're on Android, this is an excellent app that allows you to set a custom
DNS server across all apps and connections, without root:
[https://f-droid.org/en/packages/org.jak_linux.dns66/](https://f-droid.org/en/packages/org.jak_linux.dns66/).
As a bonus it also lets you blacklist domains, though of course that's not
relevant to concerns about your ISP.

Be wary of third-party VPNs, though (bottom section titled "VPNs could put you
at risk"): [https://arstechnica.com/information-
technology/2016/06/aimin...](https://arstechnica.com/information-
technology/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-
in-2016/)

------
enedil
Whining about Comcast might be actually valid, but for most people of this
world it's largely irrelevant. People from every place have Facebook access.
Comcast customers are minority - Americans are minority. That's why Facebook
has a lot harder time (also, ditching Facebook is more achievable).

------
throw2016
Either you are concerned about surveillance or you are not. If you are then
you would have to be concerned about both.

And more about Google and Facebook because of their global reach, access to
location and content across all devices, an insatiable greed for user data
including collation from all available sources to build detailed long term
profiles of individuals, not unlike files by the stasi.

Here is Facebook trying to get user data from hospitals. [1]. This is truly
sinister.

[1] [https://www.cnbc.com/2018/04/05/facebook-
building-8-explored...](https://www.cnbc.com/2018/04/05/facebook-
building-8-explored-data-sharing-agreement-with-hospitals.html)

------
xexers
When the article says "what medical symptoms you search"... Comcast can't see
what you search if you're connected to a page using https, right? All of the
major search engines and medical sites all use https... so, what are they
talking about?

~~~
ocdtrekkie
Indeed. They can know you're at WebMD, not that you looked up erectile
dysfunction symptoms at WebMD. Only the ad companies get that kind of detail.

And beyond that, we're so centralized these days that most websites people
spend time on are generic. For example, you have no idea what someone's
interests are because they connect to Reddit, Google, Facebook, Twitter, and
YouTube, nor who they might be communicating with over those domains.

------
Jeff_Brown
The article doesn't address strategies for avoiding such surveillance. How
well does it work? Does it prevent you from doing anything you might need to
do? How hard is it? How much slower? Can it be done on a mobile device?

~~~
exabrial
You can setup your own VPN on a provider with generous transfer allocations.
You can buy an off the shelf vpn. You could also use DNSCurve and exclusive
https.

------
hacknat
Most web traffic is encrypted these days so ISPs can only see what sites
you’re visiting via DNS and SNI. While that is worrisome, I fail to see how
that is greater data than my search history.

------
mistrial9
a key difference here is the data structures behind the scenes, dont you
think? FB built a state-of-the-art pipeline designed for graph analytics, and
sold that as a revenue source. Meanwhile, the ISPs spent money on attorneys to
secure favorable legal terms, and the "moron count" inside the company is
likely quite high.. A zillion streams of sequential records are more like the
90s data warehouse situation, not FB graph search.

------
jwilk
> _Your provider can see [...] what medical symptoms you search [...].
> Everything that is unencrypted is fair game._

Which search engines are unencrypted these days?

~~~
stolsvik
Does that matter much when your next DNS lookup is erectiledysfunction.org and
your next ip packets go to the ip address of that domain?

~~~
jwilk
I don't think I've ever visited a website that had name of an illness in the
domain name. But maybe it's just me.

------
gdulli
I'm not as concerned about CA having data I've given to FB as I am about their
admission of using it to spread false information. If cable and phone
companies were politically weaponizing my data the same way I'd be just as
concerned.

On the one hand, maybe worrying sooner prevents issues. On the other hand, I
don't want to assume a slippery slope out of principle.

~~~
reaperducer
>If cable and phone companies were politically weaponizing my data the same
way I'd be just as concerned.

What makes you think they aren't? They have influencers in Washington, just
like any political group does.

The only difference between what the ISPs did and CA did is that the ISPs sell
the data, whereas CA stole it. Your data still gets transferred.

~~~
gdulli
Of course they lobby, and for self-serving purposes. And that could use
reform. But it's not related to the FB/CA story. They use our data to
participate in the ad-tech ecosystem but that's separate from lobbying, which
doesn't benefit from having my likes or social graph in any way I'm aware of.

------
mattsfrey
Yet another reason Musk's new satellite internet will be awesome. I'd
personally sacrifice some bandwidth for privacy.

~~~
ironjunkie
what makes you feel that one will be "private"? Please don't tell me that you
believe into the Musk PR. Google used to be the same way "Don't be evil...".

It is the great circle of life. The incumbents love to be privacy-centric, but
as soon as they become big enough, they realize that they can make a shitload
of money with data//metadata now that they got a captive set of customers

~~~
mattsfrey
True, I have more faith in that guy though. Maybe he is just another money
grubbing hackjob that will eventually morph his companies into evil
enterprises but it just doesn't seem like thats his schtick atm.

~~~
RcouF1uZ4gsC
No he just releases software that kills a customer, and then publicly releases
the data from the car sensors to paint the now dead customer as an incompetent
driver. Sounds like exactly the person to trust with my privacy.

------
mikeyanderson
If you talk to a sales person from any third party ad service and ask
questions about what you can do with data—you'll find there is an entire
market of buying and selling data from every cell company, credit card
company, banks, corporate rewards cards, voting records and donations, etc.

------
loourr
Yeah, sure, agreed, but why call the article that? Don't we want them all to
stop sucking?

------
innagadadavida
I’m disappointed that a respectable website like the guardian is trying to
take the heat away from Facebook and google in this recent privacy fiasco.
Please don’t click on that article and give them your
cookies/clicks/profile/$$$

------
eveningcoffee
Why greater or smaller? The effect of this comparison will only diminish
Facebook risk in people minds.

The right answer is that Comcast, AT&T and Verizon pose a the same
surveillance risk as Facebook.

------
vladsanchez
I was saying this while the Cambridge Analytica scandal unfolded.

All my UVerse traffic goes thru AT&T proxy servers and that dwarves what FB
and Google get from me on a regular basis.

------
dna_polymerase
Oh cool, now it is the big ISPs. What is the Guardian coming up with next?

"The ISPs surveillance is nothing compared with the NSA"??

How are people waking up only now? Snowden happened in 2013!

------
neo4sure
The biggest difference here that we don't pay to use facebook or google. We
pay to use Comcast and most of the time we don't have an alternative.

------
wemdyjreichert
Though it's a problem, theres a solution: VPN. Openvpn and outline are 2 good
options you can use to roll-you-own gigabit on a vps for $5/mo.

------
friendlydude12
How about they all pose a serious threat to privacy?

------
mithoon
ISP data is "Our" data, whereas FB/ Google data is "MY" data. So they can
generally be extremely accurate.

------
thrillgore
It would be nice if the US had GDPR policies like the EU has. Shit, it would
be nice if we had a functioning democracy.

------
jh72de
The NSA already has access to all that data that internet access provides can
gather themselves.

------
cronix
In addition to the ISP you use, the DNS you use sees all as well, doesn't it?

------
whatupmd
Doesn't the guardian mean Sky, BT, and Virgin Media?

------
markhahn
how about banks and cc companies? commercial behavior is inherently less noisy
than social - though finding disparities between them would be interesting.

------
CodinM
* possibly, if you live in the U.S.

------
75dvtwin
This article reads to me like a propaganda piece, employing USSR-style 'what-
aboutism' argument [1].

ISPs 'could be worse' than Facebook already is, the article argues.

> _" Your internet provider doesn’t just know what you do on Facebook – it
> sees all the sites you visit and how much time you spend there. Your
> provider can see where you shop, what you watch on TV, <"_

But, really, a consumer has a choice of VPN to protect his/her traffic, and
demarry it from their identity. This is not an option when a user has to login
to use features within Facebook or Google+, or Youtube.

What I think is happening, is that Ad-revenue based service providers (eg most
CA-based 'thought-leaders') are deathly afraid of consumers choosing VPN.

I think, actually, ISPs should encourage consumers to use VPN, this way ISPs
will still get paid their 'utility' value, but the 'digital footprint
collection, and then Ad-selling business companies, would have to rethink
their business models...

Which is why, the content-providers propaganda machine was so intensive
against repeal of 'net-neutrality' (which was, essentially, a form of
business-net-privilege for Ad-selling content providers).

[1]
[https://en.wikipedia.org/wiki/Whataboutism](https://en.wikipedia.org/wiki/Whataboutism)

------
drawkbox
Your ISP tracking your every move is scarier than anything after the ISP
privacy bill passed [1][2]. At least Facebook and Google give you something
for it and you can route around them if you desire. No routing around ISPs
unless you use a VPN but even then they will start blocking those again.

Broadband/cable/telcos capture everything you do and can now sell that
information and do [1][2]. That bill was the pre-cursor to removing net
neutrality by taking privacy and policy from the FCC to the FTC.

Part of Jeff Flake's argument for getting rid of the privacy protections were
so that ISPs can compete with Facebook and Google and sell your data/offer ads
to you. Yet Facebook and Google at least built products you wanted that you
willingly gave up privacy to use and at least got something for it [3][4].

ISPs you have to pay to use and they still take your data as if you are the
product. ISPs could have built products people wanted to get that data but
they instead bribed 'representatives' to get it via legislation with their
local monopolies. Noone wanted this bill but ISPs [2].

I expect tracking from free services I am not paying for that my data is the
product. I expect tracking from companies that make their money from
ad/marketing to do that.

I do not expect tracking and privacy invasions from my ISP, my front door to
the internet.

I can't route around my ISP, there is no local competition and what
competition there is amounts to false competition. From the FCCs own data,
most people only have 1 or maybe 2 real competitive ISPs in their area and
virtually no competition at 100Mbps, zero options for gigabit [5][6].

> _FCC report finds almost no broadband competition at 100Mbps speeds_ [5][6].

> _Even at 25Mbps, 43 percent of the US had zero ISPs or just one_ [5][6].

ISPs like Comcast, Verizon, AT&T etc are your base gateway to the network and
entry point. Facebook is just built on top of the network.

ISPs lobbied hard to remove your privacy protections for a reason [1][2] as
stated in Jeff Flake's op-ed as the bill sponsor. [3][4]

> _The FCC rules subject all web browsing and app usage data to the same
> restrictive requirements as sensitive personal information. That means that
> information generated from looking up the latest Cardinals score or checking
> the weather in Scottsdale is treated the same as personal health and
> financial data._

> _The new rules also restrict an ISP’s ability to inform customers about
> innovative and cost-saving product offerings. So much for consumer choice._

So privacy protections were removed for _' consumer choice'_ according to the
bill.

ISPs lobbied hard to remove network neutrality so your ISP can not only bias
connections but track your every move, _reducing consumer choice_.

ISPs you cannot route around or not use and there is false competition in most
areas and really only one provider so they have local monopolies [5][6],
_reducing consumer choice_.

Instead of building products on top of the web they bribed and lobbied to get
their way, _reducing consumer choice_.

When you only have a handful of large ISPs where AT&T has been known to split
your data to share with the NSA and authorities, that is dangerous [7].

> _Room 641A is a telecommunication interception facility operated by AT &T
> for the U.S. National Security Agency that commenced operations in 2003 and
> was exposed in 2006_

[1] [https://arstechnica.com/tech-policy/2017/03/senate-votes-
to-...](https://arstechnica.com/tech-policy/2017/03/senate-votes-to-let-isps-
sell-your-web-browsing-history-to-advertisers/)

[2] [https://www.eff.org/deeplinks/2017/03/five-creepy-things-
you...](https://www.eff.org/deeplinks/2017/03/five-creepy-things-your-isp-
could-do-if-congress-repeals-fccs-privacy-protections)

[3] [https://www.flake.senate.gov/public/index.cfm/2017/3/op-
ed-f...](https://www.flake.senate.gov/public/index.cfm/2017/3/op-ed-for-the-
wall-street-journal)

[4]
[https://www.flake.senate.gov/public/index.cfm/2017/3/flake-i...](https://www.flake.senate.gov/public/index.cfm/2017/3/flake-
introduces-resolution-to-protect-consumers-from-overreaching-internet-
regulation)

[5] [https://arstechnica.com/information-
technology/2018/02/fcc-r...](https://arstechnica.com/information-
technology/2018/02/fcc-report-finds-almost-no-broadband-competition-
at-100mbps-speeds/)

[6]
[https://transition.fcc.gov/Daily_Releases/Daily_Business/201...](https://transition.fcc.gov/Daily_Releases/Daily_Business/2018/db0207/DOC-349074A1.pdf)

[7]
[https://en.wikipedia.org/wiki/Room_641A](https://en.wikipedia.org/wiki/Room_641A)

------
joelrunyon
How about both are bad?

------
electriclove
This is typical Facebook manipulation of media to take the eye off them.

~~~
zmitri
You were down voted, but this is actually an internal talking point that FB
uses to rally their current employees behind the company with.

Some of the points an FB employee said about the situation around a week ago:
"Well the ISPs are worse" "Imagine if it was them instead of us, we do a
better job" "Net Neutrality is the real problem".

They think of everything as a PR problem unfortunately, and would rather go
this route than dealing with the problems they have.

------
dabockster
Good luck, I'm behind seven proxies.

------
alexnewman
and amex is even scarrier

------
feelin_googley
Naive questions:

What has been the US legal/regulatory framework governing "privacy" that
telecomunications operators have had to work within for the past thirty years?

Has Facebook had to operate within that same framework? As FB grew, has it
been subject to the same restrictions?

Has Facebook, with the billions they have made through collecting and
monetising user data, and with the competition they have given to the
telecommunications providers, played any role in any "shrinking" of past
privacy protections afforded telecom subscribers?

I have not lived very long but the big difference I see from past decades is
that collecting user data and _monetising it_ is viewed as a "core business".

While I was not yet born at the time, I am confident that the telegraph was
not funded by reading peoples telegrams and trying to sell that information to
merchants. As far as I know telephone service was not funded by recording
peoples conversations and marketing the value of the collected information to
advertisers. Even consumer internet service, first appearing in the 1990s, was
not funded by collecting user data and trying to "monetise" it.

"Free" communication thanks to the internet has brought us a new type of
company. It operates in a legal grey area, free from many of the restrictions
that applied to its predecessors. Until proven otherwise, it appears that
without _collecting data on users_ and marketing it to third parties, this
type of company cannot survive.

Yet, whether these new companies exist or not, as far as I can see
_communication over the internet is still "free"_. (The cost being the
internet subscription fees.) Of course when a user chooses to utilise the
"services" of these companies to "simplify" their internet use (or even their
first introduction to the internet), that notion of "free" becomes rather
complicated.

~~~
gcb0
sites and isp were excempt of all common carrier laws. then fcc tried to add
privacy considerations on isp similar to telcos, but that was shot down
recently by republicans. granted, if the proposals also included
sites/advertising, democrats would join in shutting it down.

------
pfarnsworth
We should implement browser extensions that randomly go to sites in the
background, and create so much noise that the ISPs can't get any signal from
us.

~~~
gcb0
be more useful and run a tor node

~~~
pfarnsworth
Most tor nodes are government run anyway what’s the point.

------
908087
My ISP can't sniff what I'm doing on a properly encrypted website. Google
Analytics and Facebook "like" buttons, however, certainly can and do.

