
AT&T’s GigaPower plans turn privacy into a luxury that few would choose - TwoFactor
http://gigaom.com/2014/05/13/atts-gigapower-plans-turn-privacy-into-a-luxury-that-few-would-choose/?
======
morgante
To be honest, I'm not so concerned about them looking at my packets. Well,
more specifically, I take it as a given of the modern web that any data which
people can mine they will mine.

What is more concerning is how AT&T actually serves those targeted ads. Are
they injecting ads into pages and modifying HTML? That seems like an
incredibly disastrous procedure which would hopefully get them into trouble
with content providers and even the FCC. I surely hope that's not the case.

~~~
downandout
More likely than not, they are talking about selling your browsing history to
major ad networks that already have ads embedded on the sites you use rather
than injecting their own ads into others' content. I assume this to be the
primary difference between the "snooping" and "non-snooping" plans, because
many ISP's already internally keep some amount of browsing history but don't
sell it to third parties.

If they are doing ad injection, it is unclear whether or not they could be
successfully sued. Some browser plugins with very large user bases
inject/modify ads, and although some have received cease and desist letters
from content providers, and some have been sued and settled out of court
before trial, I don't believe any have gone to trial and lost. The law is
murky at best on that issue, and as the ISP, odds are that AT&T would be in a
far stronger legal position than even the browser plugins that have been doing
this for years.

~~~
btown
Not only can they sell your browsing history, they are in the unique position
to _associate your current IP address with your browsing history, and sell
real-time access to that information_. If I open up an Incognito window right
now and go to a site I've never visited before, they couldn't serve me
targeted ads, because without cookies they'd have no reliable way of knowing
that I was the same 111.222.111.222 that connected a few days ago. But now,
AT&T could set up a server that ad networks can call out to, that can return a
browsing profile if queried with an IP address. You've given them permission
to do that. As far as I know, Tor is the only way to circumvent this... and
with the forthcoming FCC rules, Tor traffic could be significantly rate-
limited. This is a pretty big deal.

~~~
logicchains
This highlights the importance of obfsproxy development for tor. Not only can
it allow tor's use in regimes that employ deep packet inspection to prevent
tor traffic, it could also prevent throttling of tor traffic, as it would look
just like normal traffic.

------
kenthorvath
Or you could pay an additional $5/month for a decent VPN. In fact, I have a
number of close contacts who work in the industry who tell me that this type
of practice is of heavy interest and routine on the wireless end of things.
Companies are tracking not just your browsing habits but your location data
based on cell tower triangulation.

This is why we need to decentralize the ISPs and move to local mesh networks.

~~~
digitalengineer
Personal (non-company) VPN still doens't fully work on smartphones. It needs
to be manually activated each time, making 'all-traffic-behind-vpn' impossible
for now. It _is_ possible for coporate VPN's so we know iPhones can do it. A
choice by Apple HQ?

~~~
lazerwalker
I don't know how they're accomplishing it technically, but
[http://getcloak.com](http://getcloak.com) manages to auto-enable my VPN on my
iPhone every time I connect to a non-whitelisted wireless network.

~~~
jeff_tyrrill
I'm a Cloak user. Connect on Demand in iOS has a great design, but
unfortunately it's buggy. About once a week, I will catch it not using the VPN
(and not blocking traffic nor trying to reconnect). I even connected my iPhone
to Apple's desktop utility that allows reading the device logs and I
correlated the behavior to certain log errors. This problem started in iOS 7.0
and remains up to 7.1.1 (iOS 6 was fine).

As a result of this bugginess, I'm no longer willing to use untrusted wi-fi
networks even with VPN. It's really too bad that Apple is not fixing this,
because it renders the Connect on Demand feature useless from a security point
of view, and it nullifies the functionality of Cloak. Cloak is otherwise an
awesome app and service, and it's not their fault as they can't control this
code.

------
gfisher
As a recent Austin subscriber to AT&Ts GigaPower, I opted to let them snoop on
my traffic for the discount. I really didn't see the difference in what they
were doing versus Google or any other search engine. That, along with the
significant price reduction ($320/mo versus $140/mo - they didn't let me
bundle any services without the deal) led me to allow this.

As another poster mentioned - if I get really paranoid, I will eventually set
up a VPN, and tunnel all of my traffic through that.

I did want to add that once Google Fiber comes to my neighborhood, I will be
jumping ship though. We have had two significant outages in the first month of
GigaPower.

~~~
Tepix
The most obvious difference is that they get to see _all_ your traffic, not
just those websites which integrate google analytics (which can be a sizeable
chunk).

If your smartphone also uses AT&T they see that traffic also. The only place
where you are hidden from them is at work.

~~~
gfisher
>The only place where you are hidden from them is at work.

Of course, at work we have Gigapower as well.

------
xhrpost
Even if we had a more competitive market, what could really be done about
this? It seems people tend to flock towards lower price, particularly when the
difference is something that's not immediately tangible. I worked retail years
ago and I know that people would sometimes come in, get help from our staff,
and then go to Walmart to buy the same printer a few bucks cheaper. In the
end, the incentive is for the retail outlets to have as little service as
possible.

~~~
wmf
Is AT&T really making $30/month from people's browsing histories? I suspect
that data is worth dramatically less, so in a competitive market the premium
for not being spied on ought to drop.

~~~
xhrpost
I have my doubts on that figure as well, but if it's worth a lot less, why
give the customer such a discount?

~~~
arjie
It may not be a discount. The higher fee is to discourage the more expensive
service. We're assuming that the baseline cost is the lower one, but what if
it isn't?

------
frozenport
How can AT&T target ads, if they don't run ads? Are going to be intercepting
our pages and feeding their crap into my HTML?

~~~
phkahler
I was going to ask that same question but decided to read all the other
comments first. That practice should be illegal IMHO. That is altering
content. Creating derivative works? It'd clearly be anti-competetive if the
replaced others ads with their own.

~~~
graylights
IANAL but it seems they could lose safe harbor protections provided by DMCA
and be liable for ALL copyrighted material going over their system:

"Section 512(a) protects service providers who are passive conduits from
liability for copyright infringement, even if infringing traffic passes
through their networks. In other words, provided the infringing material is
being transmitted at the request of a third party to a designated recipient,
is handled by an automated process without human intervention, is NOT MODIFIED
IN ANY WAY, and is only temporarily stored on the system, the service provider
is not liable for the transmission."

[http://en.wikipedia.org/wiki/Online_Copyright_Infringement_L...](http://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act#.C2.A7_512.28a.29_Transitory_Network_Communications_Safe_Harbor)

~~~
morgante
I would absolutely love AT&T and copyright holders to get into a long and
protracted legal fight over this. Let the demons tear each other to bits.

------
PeterisP
The prices seem insane - are they representative of the US broadband market?

I'm currently paying 15 EUR/mth for a 100mbit service, more bandwidth would be
more expensive, but not extremely so.

~~~
xhrpost
No, they're much cheaper. I pay $50/mo for 18Mbps. The more rural you are, the
worse it gets. I know people paying $35/mo for 2Mbps.

~~~
trebor
I live in a "rural" place on one of the nation's fiber backbones, one of the
top in the country due to nearby military/government facilities, and we don't
even get the full 7Mbps bandwidth we pay for. And that's still $30-40/mo.

And all that is because Verizon won't upgrade their equipment to handle the
congestion that happens at night. It's not that they can't, but that we're
"rural".

~~~
Sxw1212
I live on a farm in Texas. We pay $100/mo for 5mbps internet and rarely get
one. (Our landline is bundled with it) Our whole internet has gone down for
days multiple times.

------
DanBC
I am a bit confused by this.

What do people think the ISP does with the packets? Who thinks that their
browsing habits are hidden from the ISP (without using a VPN)?

So is this just an expensive opt out of targetted ads, or is it actually
providing extra privacy features?

~~~
antsar
It is an expensive opt out of targeted ads.

AT&T refers to the ad targeting as "Internet Preferences":
[http://www.att.com/esupport/article.jsp?sid=KB421828&cv=812&...](http://www.att.com/esupport/article.jsp?sid=KB421828&cv=812&_requestid=290890)

Sounds like they gather your full browsing history, and then assist 3rd-party
ad networks in targeting their ads at you. Or, worse yet, just hand over your
browsing history for ad networks to process. Their marketing materials don't
seem to make this clear.

------
njharman
I'm sure most corporations suck (it's inherent in their size, structure and
purpose). But I __know __AT &T sucks. I've loathed them, ever since their
backing of the Clipper Chip.

I'm currently using tethered wifi cellphone as my only home internet because I
refuse to give money to either of my only two broadband options, AT&T or Time
Warner.

------
rayiner
I don't like this whole trend of collecting user data, but at least AT&T
offers a way to pay extra to opt-out of targeted advertising, unlike, well,
nearly ever other entity on the internet. I'd happily pay $62/month for
spyware-free Facebook.

~~~
chiph
Paying someone extra to _not_ do something you don't like is commonly called
paying protection money.

~~~
xhrpost
Sounds similar to having to pay the phone company to NOT put your phone number
in the phone book. I once heard it described as "Corporate Blackmail".

~~~
dragonwriter
> Sounds similar to having to pay the phone company to NOT put your phone
> number in the phone book.

Shocking how something coming from _AT &T_ seems a lot like well-established,
if unwelcome, practice of "the phone company".

------
jamieb
Will they start doing that to my phone line too? Selling my call history to
third parties?

~~~
mbreese
Don't they do that already? Except they call them "partners" and it's
"anonymized".

At least for wireless users they already do. It's only a matter of time before
they do the same with land-line users.

[http://online.wsj.com/news/articles/SB1000142412788732346370...](http://online.wsj.com/news/articles/SB10001424127887323463704578497153556847658?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424127887323463704578497153556847658.html)

[http://www.attpublicpolicy.com/privacy/our-updated-
privacy-p...](http://www.attpublicpolicy.com/privacy/our-updated-privacy-
policy-2/)

~~~
ehPReth
My cellular provider monitors data traffic to sell off to advertisers.
Everyone is opted in by default - no price increase for opting out though

------
ticktocktick
Now we know why common carrier will never happen.

------
eyeareque
If they've been giving a copy of our packets to the NSA for years, this isn't
really that big of a deal with all things considered.

Personally, I would never use AT&T for broadband at home again. I'll always go
with their competitor and I wish other people would do the same. Their motto
should be: monopolize and do evil whenever possible.

~~~
pktgen
Except said "competitor" is most likely Comcast who is no different.

~~~
eyeareque
Sadly I'd choose comcast over ATT. Let's hope we have more options than that
in the future though.

~~~
pktgen
Difficult situation. I've already decided I will never move to any location,
anywhere, where AT&T, Verizon (even FiOS), or Comcast are my only viable
options. I hate all of those companies and will never, ever give them a single
penny.

Even CenturyLink (my current ISP, who happens to be the only choice here
besides Comcast) is starting to piss me off lately, but what the hell am I
going to do about it...

------
justizin
comcast charges netflix for interconnects, not prioritization, and everyone is
up in arms, but AT&T performs NSA-style deep packet inspection to fuel ads,
unless you pay a ransom, and everyone is basically ok with it.

This is why I don't think we're ready to pass net neutrality legislation.

------
hardwaresofton
While I'm not a fan of the telecoms, AT&T shouldn't be getting flak for this.
Google is snoop-by-default (not holding it against them, they are a company
looking for profit just like any other), at the very least, AT&T is making the
choice here clear.

Fiber's privacy notice:
[https://fiber.google.com/legal/privacy.html](https://fiber.google.com/legal/privacy.html)

It looks like the same snooping that's in all the other google apps (whether
to serve you ads or otherwise). I'm glad that it's out in the open, and
hopefully it causes people to think about the value of their privacy (and feel
a little bit more paranoid about their lack of it)

I'm not sure who said it first, or where I heard it, but the belief that
"everything google does is a loss leader for adwords" holds true here -- this
is why I believe they're going to snoop-by-default, and not think twice about
using your data as it flows through their fiber.

~~~
aeturnum
I agree that it's ok to give users a discount for giving up privacy. The
problem, in this case, is how hard to tell: what level of privacy you're
giving up, how they'll deliver the ads and that there's "private" option.
Google does not have to meet the same standard as they do not have a "private"
version (except google apps).

If AT&T presented this as $179 + $50 for normal, or $150 + $0 "with special
offers" (think kindle model), I think people would be much less worried.

------
coldcode
So unless you win the Google lottery you have a choice between having AT&T
watching your every packet or Comcast's Standard "Oil" Cable monopoly in
progress. No Google for me so it's essentially a Hobson's choice for me.

~~~
adestefan
I don't know why people think Google will be any better.

Sure, now they're all about unicorns and rainbows, and talking the good game
to get into what is a very capital heavy market. I can easily see Google
switching to this exact same model to inject Adwords and extract even more
money from subscribers once they're hooked. The difference is Google won't let
you opt out.

~~~
ds9
I'm not even clear on whether ATT lets subscribers opt out. Does the offer say
you can opt out of the wiretapping or that you can opt out of only the
targeted ads? If you care about privacy, the DPI is the enemy, and the ad-
targeting is irrelevant (you already have the ability to not retrieve ads,
just blacklist the ad servers). But if what ATT offers for the higher price is
only to not target ads, they'll trick most people into thinking they still
have privacy, while the DPI is applied to everyone.

It's the difference between tracking only by server/client tricks (IP,
cookies, hit logs etc.) vs. tracking by the ISP. The former can be avoided by
client config, the latter only with a VPN.

Even if they let you supposedly opt out of the DPI, who trusts a corporation
like this? And as adestefan notes, where do people get the assumption that
Google is not doing the same?

Edit: I finally found ATT's (semi-) disclosure about this:
[http://www.att.com/esupport/article.jsp?sid=KB421828&cv=812](http://www.att.com/esupport/article.jsp?sid=KB421828&cv=812)

It says that if you don't opt out they collect " webpages you visit, the time
you spend on each, the links or ads you see and follow, and the search terms
you enter" \- but there is no statement that they're not collecting that info
if you opt out. All they promise for opting out is not targeting ads with that
data.

------
digz
Or you can just not subscribe to AT&T. Austin's a great example of a place
where customers have choice. Cable provider(s?)/AT&T/DSL/Google
Fiber/LTE/LTE/LTE/LTE.

------
api
Google might be doing the same thing to everyone with Google Fiber. The
solution is to encrypt everything. Smother this business model in the crib by
making packet inspection worthless.

------
jmilkbal
We're working on municipal fiber optic internet in Omaha and this is fantastic
ammunition for a project like ours.

------
bitwize
The endpoints may not be interested in the network, but the network is
interested in the endpoints. At least in Murka.

------
justizin
"In their defense I should have probably read the fine print"

Nope.

