
'Cards Against Humanity' Creator to Buy and Publish Congress's Browser History - tim333
http://resistancereport.com/news/cards-humanity-creator-just-pledged-buy-publish-congresss-browser-history/
======
DaiPlusPlus
As amusing as it would be, the ISPs are only permitted to sell aggregate
anonymized data, not anything personally-identifiable (as per the 1984 Cable
Act).

They wouldn't get actual Google or Bing searches as neither company would sell
those on - I imagine at most they'd get top-lists of DNS resolutions in a
given geographical area, possibly with some demographic data thrown in - still
valuable data for some marketers though, but unlikely to be anything juicy.

I wonder if any ISPs would sell that data for any price, given the risk of
backlash.

~~~
michaelbuckbee
You're right, it's never going to be that you PayPal your ISP $25 and get
someone's network history (though I may regret those words in a decade).

But, "Sell" is different than "Act" on though, right?

If I'm an ISP, my number one job tomorrow is going to be setting up some sort
of software bridge that interacts with current real time bidding ad tech
software to better target ads.

Expect the number of "ads that follow you around the Internet" to spike
considerably, and be utterly resistant to things like clearing out your local
browser cookies, PrivacyBadger, etc.

~~~
movedx
As /u/fjdlwlv said, uBlock Origin will make sure work of that, plus if you're
serious about blocking this stuff, pi-hole ([https://pi-hole.net](https://pi-
hole.net)) will again add an extra layer of loveliness to your ad-network
blocking capabilities.

Now throw a VPN on top of all this (and THEN work on the problems with policy,
people)...

EDIT: missing words EDIT 2: URL

------
aresant
It's highly unlikely that the ISPs are going to piecemeal out private customer
data & browsing history by name.

And why bother when they can follow Google & Facebook's insanely profitable
profiling / targeting ad playbook?

Considering that almost 60% of us use Chrome which is owned / designed by the
world's biggest advertising company (1) and that leaks privacy even in
"incognito" mode (2) I feel like the narrative around the FCC order is not
intellectually honest.

EG - Google - in fact - came out AGAINST the original framework that was
repealed this week! (3)

The new FCC Chairman - Ajit Pai - has stated he endorsed this act to re-level
the playing field for ISPs vs Facebook / Google / and the less visible ad
tracking / ad profiling agencies.

And he's further stated that he's going to use this opportunity, of resetting
the playing field, to create a framework that applies for EVERYTHING digital.

I am not going to pretend that I am optimistic that the FCC is going to build
a consumer framework that we can all live with, but I am confused how Google /
FB / etc are getting away with murder on the privacy / profiling side.

Let's use this opportunity to push for the "opt in" framework that makes the
most sense.

(1) [https://www.netmarketshare.com/browser-market-
share.aspx?qpr...](https://www.netmarketshare.com/browser-market-
share.aspx?qprid=0&qpcustomd=0)

(2) [https://www.quora.com/Does-Google-track-what-happens-in-
the-...](https://www.quora.com/Does-Google-track-what-happens-in-the-
incognito-window)

(3)
[https://ecfsapi.fcc.gov/file/100319291940/2016-10-03%20Googl...](https://ecfsapi.fcc.gov/file/100319291940/2016-10-03%20Google%20Letter%20\(WC%2016-106\).pdf)

~~~
threeseed
I don't use Google or Facebook. I do use the internet.

I don't pay Google or Facebook. I do pay my ISP.

That is why Google/Facebook get away with so much. Their users opted-in and
gave consent for their information to be used in advertising. If people
weren't happy they could choose to not use the website. I don't necessarily
have that choice with my ISP especially since in many areas there is no
competition.

~~~
aresant
Even though you don't use Facebook or Google they ABSOLUTELY are using you.

Both operate global advertising networks, even if you never log into Facebook
or set up an account they are tracking you.(1)

And Google owns the largest mobile OS which is RIPE with tracking / profiling
features.

MacOS and Windows 10 also track you, Apple seems a little better -
theoretically - about leaking your privacy rights - but MSFT is humming right
along not only building a massive data business, but also buying up companies
like LinkedIn to improve their ability to target you based on how you're using
their OS.

So I disagree on the "we have a choice" part.

You've got me on the "I pay my ISP" but that argument died when Cable started
showing ads.

(1) [http://bgr.com/2016/05/27/facebook-ads-tracking-non-users-
pr...](http://bgr.com/2016/05/27/facebook-ads-tracking-non-users-privacy/)

~~~
threeseed
I can use AdBlock on my phone and computer and not be subjected to anything
from Google or Facebook. And Apple absolutely does not track you if you don't
allow them to. So please explain to me how I am being tracked. It's
technically not possible.

ISPs are completely different in that they can track me (a) without my consent
and (b) with no technical means for me to stop them.

~~~
mirimir
Just use VPN. Or VPN and Tor. Or VPN, Tor, and VPN. Or ...

~~~
sjy
Using a VPN to another country slows down browsing a lot – in my experience,
enough to make the web unusable from a bad hotel WiFi connection. It's
annoying enough that I usually just accept the loss of privacy.

~~~
mirimir
Quality paid VPNs don't reduce speed enough to be problematic in that context.
Free VPNs are sometimes throttled. And some ISPs may throttle VPN traffic. If
you have problems, you can see if port 443 is better. Or TCP vs UDP.

~~~
Neliquat
Then you have the issue of anonymous payment, and trusting your VPN. Many paid
services are honeypots, because, the assumption is why pay if you are
innocent.

~~~
mirimir
Well, but then ISPs are honeypots too ;)

------
gingerbread-man
There actually is a totally separate debate to be had on the topic of public
records and communications by elected officials.

Under federal law, all communications to which a federal employee is a party
constitute public records. Obviously, that doesn't mean they are all
publically available; white house emails, for example, have traditionally been
released several decades following the end of the administration. (With
redactions, of course.)

Today, congressional staffers and politicians at every level use private email
accounts and cell phones to subvert public disclosure, and by extension,
public accountability. Even when the political or security sensitivity of such
records is long gone, historians will likely never be able to track them down
or study them.

EDIT: Congress is specifically granted an exemption to most of the public
records laws that apply to the executive branch, including FOIA.

~~~
samirillian
Citation?

~~~
Alex3917
Watch the #archemail symposium videos from the library of congress.[1] For
FOIA a lot of the emails actually do eventually go on the web. But with
private individuals, when they donate their email correspondence you can
almost always only read them on one computer in one specific university
library.

But yeah, even when documents are supposed to go on the web there are often
gaps. E.g. Hillary Clinton basically hired folks to steal documents about her
legislative record from the library of congress.

[1]
[http://www.digitalpreservation.gov/meetings/archivingemailsy...](http://www.digitalpreservation.gov/meetings/archivingemailsymposium.html)

------
gingerbread-man
"Cards Against Humanity" is known for their crazy publicity stunts. They
raised $100k this winter to dig an enormous "holiday hole" for self-described
pointless reasons. ([http://www.npr.org/sections/thetwo-
way/2016/11/27/503502142/...](http://www.npr.org/sections/thetwo-
way/2016/11/27/503502142/people-donated-nearly-100-000-to-dig-a-big-pointless-
hole-in-the-ground))

I'm not really sure how I feel about this one, though. The reason we're in
this mess in the first place is that too few Americans really understand
what's at stake re: online privacy.

~~~
djsumdog
I remember the Holiday Hole. We had it up on a screen at work. On the website,
one of the frequently asked questions was "Where is this hole?" to which the
answer was, "In American, and in our hearts."

------
pboutros
Perhaps a practical answer to these critical comments: he could fund lawyers
to fill out FOIA requests for that information. Presumably anything on govt
computers and govt email is fair game.

\--Update-- He brings that up (kinda) here
[https://www.reddit.com/r/politics/comments/62a3kj/cards_agai...](https://www.reddit.com/r/politics/comments/62a3kj/cards_against_humanity_creator_just_pledged_to/dflaubi/)

------
blhack
I've seen a few things pop up about ISPs and selling user data. Some of this
is a bit worrying (especially since I seen at least one seeming-scam
purporting to "buy congress's browser history"):

As far as I know, nobody is looking to make browser history available for
purchase. It's unlikely that anybody aside from the NSA or some other state-
actor, with very significant resources available to them, is even capable of
_storing_ that data.

Ask yourself this question: can you currently buy all of, for instance, Jeff
Session's private facebook data? Every message he's ever sent, like he's made,
etc.?

Of course not.

What you _can_ do, and what ISPs are very possibly looking to do, is make
general demographic information available to advertisers.

For instance: if a person has shown a recent interest in camping, show them
ads for camping equipment.

Now, I absolutely do not think that this is acceptable (ISPs sharing data,
however I do think that facebook giving me targeted advertisements is a
perfectly reasonable exchange).

I just think that it's important to know _what_ is being talked about.
Especially when it comes to people trying to scam others for money.

~~~
tw04
There are two different questions there. Can _I_ personally buy the info? No.

Is that information currently for sale? I have no idea.

Just because it isn't being sold publicly doesn't mean it isn't being sold at
all.

Furthermore, comparing Facebook to ISPs is ridiculous. If Facebook pisses me
off, I stop using it and I'm slightly inconvenienced. On the flip side, if my
ISP pisses me off, I have literally no other choice in ISPs. I would go
without internet beyond tethering to my phone, which means pretty much just
basic email (IE: no internet). So your comparison is... bad.

Furthermore, for you to suggest the cards against humanity guys are running a
scam shows complete ignorance of the company and the group of people behind
it. Literally 0 chance they're trying to scam people.

~~~
blhack
I'm talking about this:
[https://www.gofundme.com/BuyCongressData](https://www.gofundme.com/BuyCongressData)

And this:
[https://www.gofundme.com/searchinternethistory](https://www.gofundme.com/searchinternethistory)

------
devnull42
That isn't how the data sales work at all.

------
fsargent
He can only buy it if someone's willing to sell it. ISPs won't sell
information this granularly - not directly.

~~~
colefichter
> ISPs won't sell information this granularly - not directly.

That's not for certain. And anyway, what stops a purchaser of bulk data from
reselling individual records as a value-add?

------
Mandatum
Wonder how fine-grained you'll be able to purchase data. Say you can buy data
in a 2km circle minimum from a given point, and results with
anonymized/aggregate.

Then you buy 2 more circles, find out where they all intersect - bam, got
yourself data for a given point.

Same as the old Tinder tracking exploit.

------
nsxwolf
I'm feeling really manipulated by the media here. So if I am understanding
this correctly, this is what ISPs have already been doing forever, and it will
continue. There was a new rule put in place to increase privacy protections,
but it wasn't in effect yet, and that rule is what is being rescinded.

So the status quo is being maintained, Telecommunications Act already makes it
illegal to sell personally identifiable information, and there is no browser
history apocalypse coming.

------
th0ma5
Would be nice to have a TLS encrypted DNS. I know that wouldn't hide
everything from aggregate reporting but it would help I would think.

------
nsxwolf
Just because you can buy it doesn't mean you can't be sued if you use the
information to harm or embarrass someone... right?

~~~
hn_throwaway_99
Well, you can sue anyone for most anything - the question is whether you have
a case. If the information is true, anyone who published it would most likely
be protected on first amendment grounds, especially since there is clear
public value and a policy reason for publishing the information.

------
good_vibes
Good man. I work at Bluehost and I spoke to him on the phone once, his website
was/is hosted by Bluehost. :)

------
drawkbox
Really this is a jab at net neutrality, the open selling of data by ISPs is a
power grab away from the FCC that helped to make net neutrality a thing by
labeling broadband/ISPs as common carriers.

Republicans (this was a party line vote) say it is unfair that Google and
Facebook have your personal information and use it for ads but why can't ISPs
have that and also sell it? One big fucking reason is people sign up to Google
and Facebook for the purpose of sharing and agree to their ads in exchange for
a service. Google built the most powerful search engine and Facebook built the
social graph. Google/Facebook built value and they only use your info to
target ads to you, they don't sell it because others would do the same. They
sell ads and people use them because they have info on you, not necessarily to
sell off to others.

If you ask me it is unfair for republicans to legally allow ISPs to do the
same because we expect privacy from ISPs in ways we do not from Google and
Facebook. You can choose not to use Google or Facebook but you cannot choose
your ISP/broadband provider. In my opinion this is like letting someone view
your mail, read it and then sell information about you. It is also an unfair
competitive advantage for ISPs because they can place ads on any website if
they want or track you across all sites not just like Google/Facebook which
are huge but only see a portion of what you do. ISPs built no value product
like a search engine or social graph for this purpose, they should do that if
they want access like Google and Facebook. It seems almost like the GOP are
harming innovative companies and rewarding/catching up non-innovators. I bet
broadband companies/ISPs won't even use the profits to improve broadband and
rollout gigabit service for real. It is a rewarding of lazy semi-monopolies
over innovative companies and products.

Republicans also control the FTC not the FCC so they want all control to fall
to the FTC instead. It is both a power grab and a bending over of all their
constituents.

Most of all, it is also another step in dismantling net neutrality as FCC
protected that by categorizing the broadband/ISPs as a common carriers and
they want to sap the FCCs power in that regard.

