Hacker News new | comments | show | ask | jobs | submit login
The House just voted to wipe out the FCC’s landmark Internet privacy protections (washingtonpost.com)
901 points by blazingfrog2 28 days ago | hide | past | web | 499 comments | favorite

This, right here, is the consequence of the withdrawal from politics many geeks advocated very strongly in an earlier time. "Everything is corrupt, it doesn't matter"... turns out to only be a viable philosophy when things mostly work well enough.

What we have in protections and freedoms were purchased through a ton of hard work by prior generations: the liberty to slack and think that it just works ok is a nice side effect of the prior sweat.

The votes in both the house and the senate were almost entirely along party lines. Every republican in the senate that voted, voted for this act and every democrat in the senate that voted, voted against this act.

The reality is more nuanced--the time to stop this legislation was by preventing it coming to vote in the senate. Typically the senate needs 60 votes to forcefully end debate[0], then merely majority to pass it. Once can disguise support for a bill by approving to end debate, then voting "Nay" given it will get the necessary 50 to be approved.

For JS 34 [1] Mitch McConnell (R, KY) limited debate to 10 minutes--I'm unclear from the transcript exactly how this was allowed. Richard Blumenthal (D, CT) offered resistance to limiting debate, and Kamala Harris (D, CA) and Patrick Leahy (D, VT) requested the role be called several times as a delaying tactic, but the limiting of debate went through.

Just prior to the vote, Brian Schatz (D, HI) offered some debate, but this is cosmetic given the known votes.

My read there is little to be gained by trying to legislate implementation power that has been ceded to the executive branch and the various agencies that are run by appointment, and therefore a costly filibuster and fight was not worth the time, effort and political mud.

[0] https://www.senate.gov/CRSpubs/577d2a5e-2b47-4045-95fa-a7639...

[1] https://www.congress.gov/congressional-record/2017/03/23/sen...

You can't do that for rule repeals, they are only subject to a majority vote in the senate:


Relevant section:

The law provides a procedure for expedited consideration in the Senate. If the committee to which a joint resolution is referred has not reported it out within 20 calendar days after referral, it may be discharged from further consideration by a written petition of 30 Members of the Senate, at which point the measure is placed on the calendar, and it is in order at any time for a Senator to move to proceed to the joint resolution.[7] If the Senate agrees to the motion to proceed, debate on the floor is limited to 10 hours and no amendments to the resolution or motions to proceed to other business are in order, and so the Senate may pass the joint resolution with a simple majority.[7] A joint resolution of disapproval meeting certain criteria cannot be filibustered.[8]

Probably with good reason too, since if I'm understanding the US system correctly proposed regulations are created by unelected officials and can come into effect without any congressional vote whatsoever. Allowing filibustering of CRA votes would mean that regulations could be created despite the majority of the Senate and House strongly opposing them.

Not really -- rulemaking from the executive branch agencies is supposed to be what takes laws and implements them into concrete policy. The CRA is supposed to allow Congress the ability to void the rules that are perceived as going against the spirit of the law that was passed.

I haven't seen any reporting on a specific law that these rules were tied to, but I have seen references made to laws predating the public internet that mandate privacy on phone calls that.

People don't seem to like this comment, but that is a great link. Browsing around the site, I found this list of common English language errors: http://public.wsu.edu/~brians/errors/errors.html

Really interesting. Thanks for sharing.

Most of those are made up prescriptive guidelines, mixed in with some common misspellings. One grumpy person does not get to decide how the rest of us choose to use and evolve language. The "forceful" / "forcible" example is particularly inane and pedantic but hardly the worst on that page. I'll continue to say "being that", "ice tea", "center around", etc. as I please.

In linguistics the illustrative analogy is that prescriptivism is akin to an anthropologist entering into a foreign culture and rather than simply observing, they instruct the members of this culture on how to cook, dress, cut their hair, etc. Most modern dictionaries (including the Oxford English dictionary) take a descriptive approach to the study of language.

> I'll continue to say... as I please.

By that argument, we should all just be able to say and write whatever we want however we want to, even if it's technically or factually incorrect, like Humpty Dumpty or Donald Trump.

Why bother hewing to "elitist" rules of grammar and accepted spellings, being that it's just prescriptivism?

How does one decide objectively if something is just plain wrong, or merely prescriptive?

Case in point: "premises". So many people treat this singular noun as a plural and use horrors like "on-premise", which is so utterly wrong that it is painful for me to look at. What's worse is that "premise" is a real word and an entirely different thing and is most definitely not the singular of "premises".

This word came about (as many English words do) as a corruption of the Latin "praemissus", meaning something like "the aforementioned", and was used often in legal agreements for properties, and so became a word in itself that meant "the property".

Now we are corrupting it yet again, this time without the excuse of it being a different language, on the basis that "I'll say it however I please." People I have mentioned this to have told me that it is so difficult to get people to use the right word that they've just gone with "on-prem".

Now readers can take this comment as the rant of a "grammar nazi" or a pedant, but it wasn't meant that way, and I'll respond in advance with this: why is it not ok to identify something that is wrong? Because it's mere nitpicking?

Maybe so - but that's how matters devolve, over the decades, back to widespread ignorance and intolerance: one little oversight at a time.

Sorry, I didn't mean to get on the soapbox - sometimes it's just frustrating for those of us who are perhaps overly detail-oriented. But the world needs "pedantic" people like us more than it likes to admit.

    > write whatever we want
    > however we want to
You have conflated two separate things.

    > being that it's just
    > prescriptivism
The irony of course being that "being that" in the way you've used it is one of the examples of "incorrect English" given by the op. And you're using it to support the idea that these things are important...

    > This word came about ... as a
    > corruption ... without the excuse
    > of it being a different language
You have some unorthodox ideas about how language came into being.

Point taken, I made a mistake, but I think you're so focused on picking apart the comment that you've ignored the meat of it. That's ok, I said my piece and expected it to be downvoted - and it was.

I'll upvote you (although technically HN doesn't like meta-commentary about upvotes / downvotes) because you made your point well.

I don't have an issue with every "error" on that page and I have no problem with style guidelines for writing, but the problem comes when the prescriptivists think that logic is on their side when they opine on subjective stylistic and dialectic issues. "Ice tea" is a perfect example. The author of that site argues that "iced tea is not literally made of ice, it simply is 'iced': has ice put into it.". Apparently he is unaware of English's enormous fondness for attributive nouns. By his reasoning, we should all be saying "appled pie", or "apple-infused pie", or something crazy like that.

I also have a more general problem with prescriptivism because frequently it is used to justify a certain type of racist and classist thought.

Apple pie is not the same thing as "ice tea".

Apple is describing the type of pie. "ice" is not a type of tea.

"Ice" is not a type of tea, but ice tea is a type of tea just as apple pie is a type of pie. I see no difference. Ice tea is tea with ice in it, apple pie is pie with apples in it.

>but ice tea is a type of tea

No it's not. "Ice" or (more appropriately IMO) "iced" a state of tea. Find me 'ice' or 'iced' on this page: https://www.teasource.com/pages/types-of-tea

Nobody is making tea from ice. If they were, then you could call it 'ice tea'.

Ok, even if I accept that, it's not a reason to prefer the term "iced tea" to "ice tea".

Ice algae are not made from ice, for example -- they are algae that are found in ice. The point is that in noun-noun compounding, the semantic relationship between the two nouns varies widely from case to case (far more widely than the distinction we are nitpicking over between "apple pie" and "ice(d) tea").


EDIT: one more example, is it also wrong to say "bubble tea"?

>they are algae that are found in ice

Which makes sense, because it's referring to a type of algae found in ice.

If there were a type of tea that only grew or were only found in ice, then it might make sense to call it 'ice tea'. However, that's not the case because it's regular tea that has been 'iced'.

You are not getting my point.

The relationship between two nouns in a noun-noun compound is very flexible. Sometimes it means the head noun is made out of the attributive noun ("apple pie"), sometimes it means the head noun is found in the attributive noun ("ice algae"), sometimes it means something completely different (how about "ice axe"?). So, because that relationship is so flexible, it's just not absurd to consider that in the case of "ice tea" the relationship is that the head noun contains the attributive noun, as is exactly the case with "bubble tea" and many other NN compound examples.

And I will say again that the semantic relationship between "is made out of" and "contains" is so, so similar. Given the huge variety of acceptable semantic relationships between two nouns in a NN compound, it's really ridiculous to claim that "contains" is not acceptable whereas "is made out of" is, especially so when there are tons of examples of the "contains" relationship that staunch prescriptivists never object to (again, "bubble tea").

Sometimes it can be useful to expand the compound noun to see if it makes sense.

Apple pie:

- Pie found in apple(s)? Nope.

- Apple that is used to do something to pie! Hmm, no.

- Pie that is modified by an apple. No...

- Pie that is made with apple the primary ingredient? Yes

Ice algae:

- Algae found in ice? Bingo.

- Algae that is used to do something to ice? No.

- Algae that is modified by ice? Nope.

- Algae that is made with ice the primary ingredient? No again.

Ice axe:

- Axe found in ice? No.

- Axe that is used to do something to ice! Yes.

- Axe that is modified by ice? Definitely not.

- Axe that is made with ice the primary ingredient? No.


Ice tea:

- Tea found in ice? No.

- Tea that is used to do something to ice? Not that I've heard of.

- Tea that is modified by ice? Mmm... it's not modified. It's still tea, only cold, not hot. Its temperature, a non-essential property of tea, has been modified. So wouldn't that be "iced tea", as in, "tea that is normally served hot but has been cooled down, namely, iced"?

- Tea that is made with ice the primary ingredient? No.

Bottom line: "ice tea" is ambiguous. "Iced tea" is not.

I regret I have honestly never heard of bubble tea (but I have heard of bubble gum), so I have no clue what it is, other than it has something to do with tea and bubble(s).

Is it tea with which one makes/blows bubbles?

Carbonated tea?

Tea served in a bubble?

Tea made from bubbles?

- Tea that contains ice? Yes.

That is the relationship... "contains". There are many other examples in English of that relationship in NN compounds, and I guarantee you use them unconsciously without a second thought. You are also not getting my point, please reread my last post.

> Bottom line: "ice tea" is ambiguous. "Iced tea" is not.

This is how I know you and others in this thread have not spent a lot of time thinking about language. When has ambiguity ever prevented humans from using and understanding language? If you look at any piece of writing deeply, it is filled with an unimaginable amount of nuanced ambiguity. That's exactly why NLP is so hard.

But iced tea typically does not contain ice unless you add it. Buy a can of Lipton's Iced Tea - it's still iced tea, with no ice in it. But whatever, this is getting to angels on the head of a pin territory :)

I think you are making an unwarranted assumption about me. I have indeed spent a great deal of time thinking about language; I just have different thoughts, or points of view, about it. I have been very interested in etymology for a long time.

I neither claimed that natural language was capable of being entirely unambiguous, nor that people cannot communicate in the face of ambiguity. In fact, ambiguity in language allows for great artistic expression: humor, poetry, and other word play. So I agree with you on that point.

But holy crap, do we have to make it harder than necessary to communicate, when we aren't deliberately playing with words?

Surely you agree that much of the misery, pain, and suffering in this world of ours is due to avoidable language-related misunderstandings?

Sorry for being a bit rude. And yeah, this is the most hair-splitting argument I've ever been involved in on HN :)

My work in linguistics and NLP is strongly related to ambiguity, so I tend to see things in those terms and I do not see resolving ambiguity as an impediment to understanding language (for humans at least, but for computers it is an enormous problem). We'll agree to disagree!

Bubble tea is a tea based drink which happens to have tapioca balls (aka. pearls) in it.

It's popular in Asia and Australia, and originates from Taiwan.

Also called boba tea or pearl tea.

What you call corruption, others call evolution. The fact of the matter is that there is no authority defining English. As a result, there is no way of objecctively deterimining if something is plain wrong. The best we can do is going by usage. You can try to influence usage, certainly, but some of those battles are simply not winnable.

Note that the prominent English dictionaries have usage panels that make judgements about whether the usage of a certain form of a word is sufficiently wide as their criteria for inclusion.

It's not that it is not ok to identify something as wrong, but you will need to accept that people will disagree with it, and that what is wrong to you now may very well have enough support in usage that the battle is already lost. When you then opt for comparisons to Trump, then it is not surprising that you get downvotes.

A lot of the "I'll say it however I please" is down to usage. I'll drag out my favourite example: "begs the question". It's my favourite because I didn't even know about the original meaning until I started seeing rants about how horrible the new meaning was. Do a search for it today, and the results are dominated by sites complaining about how awful the change is, and articles about it.

To date, I can recall only one instance where I've seen the original meaning used outside of such a rant. It's basically a lost battle, where people will often respond along the lines of "I'll say it however I please" for the simple reason that to most people the original meaning is entirely foreign because of its niche usage.

Usage panels, which often lags trends like this, for good reason, have in recent years started tipping towards the new usage for "begs the question", often marking the original form as "formal", because ultimately language is about communication, and you can not communicate effectively if you pretend the most common form doesn't exist. Here [1] is an article at Merriam Webster discussing the issue.

[1] https://www.merriam-webster.com/words-at-play/beg-the-questi...

Yeah, look, I'm aware of language evolution (or devolution, as it may be), and that there's no formal authority for the language. I mean, there are already at least two major dialects of English (British and American), and there's enough of a difference between the two to cause problems for the unwary.

What I'm railing against is more that there appears to be little interest, in general, even to try to get things right. I see this not just in human language, but in business, software development, publishing, pretty much everywhere.

I'm really tired, so I'm not expressing myself as well as I should, so perhaps I should just wrap this up and get some sleep. An iPad is also not the best UI for writing on HN.

Thanks for your thoughtful and thought-provoking response.

> What I'm railing against is more that there appears to be little interest, in general, even to try to get things right.

Language is a means to an end. If my entire audience understands what I am saying, and is not put-off by how I say it, then I did, in fact, get things right.

Language is a set of tools. In the same way it can be annoying to watch someone hammer in a nail with the end of a wrench, it can be annoying to watch someone sort through their linguistic toolset, ignore the finely-honed implement meant for the job and grab another.

But when you're writing something down (especially for publication), you can not know your entire audience. Not using reasonable care in your written language communicates exactly that: that you care not for your audience.

Or that you care for a specific audience. I, for one, do not care about any audience members who get up in arms if I use "begs the question" in the sense of "raises the question", for example. The use has become so common, that I expect anyone who finds that offensive will not be worth the trouble for me to try to cater to.

You need to draw a line somewhere, or you will end up spending your life obsessing over unimportant details of what you write instead of actually communicating.

If your omission of what you assume is "unimportant detail" leads to your audience misunderstanding the "important" detail, you actually are failing to communicate.

It may also happen that the one person who you felt was not "worth the trouble" turns out to be someone who will be very important to you one day, like a potential business partner or investor, and who interprets your misuse of language as ignorance.

There's a difference between obsessing over unimportant detail and being thorough, IMHO.

Well your right their.

You think you're being cute, but if spoken aloud, there is no difference. It's only for historical reasons that homophones have different spellings.

If someone posts a link to correct you, there is at least one person put off by your language.

Oh absolutely; the ethos of one's argument could be greatly damaged with something like:

OMG u shuld see wat they do in germanny its so different their!

But at some point you do start to get diminishing returns, so there are practical limits to how worried one should be about pedants.

> Case in point: "premises". So many people treat this singular noun as a plural and use horrors like "on-premise"

I didn't know that! Thanks!


Sorry, I disagree. Kindly enlighten me.

Prescriptivism is dumb. I think everyone here gets that.

However, I like tools in my arsenal that enable me to express myself precisely. Prescriptivist rants often open my eyes to subtle shades of possible meaning that I otherwise would not have seen.

That's on fleek, whatever the hell that means.

I'm happy to learn more about the English language -- thanks for the link!

I don't quite agree with "typically". The numbers of filibusters (and cloture votes) has radically increased in recent history, but I'm not sure if you can really call it the default behavior yet.



Also, it's not even applied to 50% of resolutions:


> requested the role be called


Thank you, fellow detail-oriented person.

Although this is mostly true, it's not entirely true (at least in the house).

In the House, 15 Republicans broke ranks to vote against the repeal. With five more votes, it would have failed. That's a very close vote.


No, he's correct, about 7% of republicans in the house didn't vote for the bill.

And 0% of Democrats in the house voted for the bill. This bill is 100% owned by the GOP.

15 House Republicans voted against it:


They're the ones who brand new congress needs to be courting

For reference/laziness: https://brandnewcongress.org/

I'm glad to see that my congressman is on the list of republicans who voted nay. I would like to think that my call to his office made a difference.

You're correct and I edited my comment. I suspect that that may just be a tactic to save face in vulnerable districts rather than a sincere desire to oppose the bill.

>I suspect that that may just be a tactic to save face in vulnerable districts rather than a sincere desire to oppose the bill.

And the only reason Democrats voted against it was a tactic to save face for their constituents back home.

Why in the world would you think some politicians are magically sincere while others are not just by the little letter in parenthesis after their name?

Hyper partisan people that think this way are the reason political discourse has gone to shit and everything turns into some childish red team vs blue team ideology. As you keep propagating this mindset, people on both sides keep turning up the volume on their echo chamber and we get the most partisan congress (on both sides) in a hundred years[1].

1. https://www.washingtonpost.com/news/the-fix/wp/2016/01/13/he...

That's a good point. Are the Republicans who voted against the bill relatively unpopular with their constituencies?

Hard won congressional seats will often sit out or sometimes even vote against their parties legislation but coordinate their votes inch a way that ensures that their parties legislation still passes.

Say you have 54 democrats in the senate, and a democratic president 4 democrats that had difficult races can abstain or vote against the bill while 50 democrats can vote for it, with the vice president being the tiebreaker.

As far as I know Justin Amash is well liked within his district.


I realise this is a total straw man, but whenever I read Republicans vs Democrats I can't help but think about how utterly insane it is to have the opinions of 300 million Americans represented by TWO parties.


So Americans choose to agree with either EVERYTHING person A says, or EVERYTHING person B says.

That's what it boils down to. And it freaks me out that in a day and age where we're so educated and "free", we still think that this is a good solution.

Apologies for veering off topic. Had to get it off my chest for once, as I don't normally voice this stuff. (Because I'm sure others have said it better before.)

This is definitely something worth pushing for, if you're an American. Figuring out how to shift our system into one where viable third parties can play ball would be frigging grand.

I'd like to see the GOP split into the 2-3 parties it shelters, and the Democrats go their 3 or so ways as well. I'd bet it'd significantly stabilize US policy and reduce the zero sum power plays that are becoming quite common.

If you want that, push for your local voting to switch to approval voting. That's the #1 thing that will enable more parties.

just found out about "approval voting" last night, so i'm experiencing baader-meinhof thanks to your comment. found out that The ACM and IEEE use this type of voting system (i think), and maybe there are some scientists out there that could start spreading the word about this form of voting.

OP's comment is the straw man, not yours.

If you go out and talk to these actual Democrats and Republicans, the bipartisan distinction seems more and more like a fraud.

Seriously, have you ever met a person who's "core driving force" is money and "all they care about"? Does that description fit about half the people your know?

Seems pretty cartoonish to me.

Cartoon of a president doesn't help USA's reputation.

> Seriously, have you ever met a person who's "core driving force" is money and "all they care about"? Does that description fit about half the people your know?

The people around me are not mega-rich. It is not a problem of that people being "bad people". It is a circumstance problem. The situation is that they have so much money that can change the laws.

Cut lobbing, redistribute wealth and you will stop this cartoon evil behavior. Keep people so rich that they don't understand what being middle class is, and they will continue pressing for ridiculous reductions on our rights.

If poor people stopped voting for the most lobbied politicians, that would stop it too. It's voters who ultimately choose, and they consistently demonstrate that they prefer lobbying - for both major parties.

Americans keep complaining about their politicians, then elect the same parties they complain about over and over again. I work with an American who explained it - she voted for a party she didn't like because she was desperate to do anything she could to prevent the other party winning. It turned out the other party won afterall so her efforts just went towards entrenching the two party system and discouraging anyone else from voting for what they actually want next time.

It's not that anyone is defending this system, it's that it is the only stable equilibrium of the winner-takes all parts of our elections.

Right, I think you have to change the dynamics. Voting ought to better capture citizens preferences, it like we vote with one hand tied behind our backs. Why can't we at least rank the candidates?

Because that would empower minor candidates. The parties that are in power aren't going to change the system in a way that disadvantages themselves and perhaps even poses an existential risk. That means if you vote democrat or republican, you're voting against your proposal. Neither party is so kind-hearted that they'll cut off the branch they're sitting on!

Too complicated.

Approval voting is much simpler than ranked-choice, and more appropriate for the general public.

My country has ranked voting. Compulsory ranked voting. No-one seems to have any difficulties with it. What's so hard to understand about rank the candidates in the order that you want them?

I did get the chance to flick through a Californian voter information guide for this last election and it seems like if your goal is to make voting simpler then looking at ballot initiatives would be far more useful.

Most of your Australian countrymen want to get rid of ranked voting.


Maybe they think it's too complicated.

The mentioned discussion by Antony Green: http://blogs.abc.net.au/antonygreen/2011/02/more-australian-...

I think his points are pretty good ones. There was a lot of anger and unhappiness after the 2010 election and the role preferences played in it. I'm not going to change my mind entirely on one poll which hasn't ever been repeated when there are valid objections to the question and the signal isn't even that large. You could have polled people on if the electoral college should be gotten rid of after the last US election and you'd probably get a similar sort of polarised answer for the same reasons.

More importantly, I don't really care about what people prefer in their voting system. That probably sounds bad, and I think it's important that people trust it but it's a technical answer to the question of how we discover what people want. That's what I care about, which is why I support compulsory voting which ensures a more representative government at the cost of forcing everyone on the rolls to vote.

I'm also not some weird person who thinks we have it perfect here. Obviously optional preferential voting in all cases would be better, not just for the federal senate, and Hare-Clark nationwide would be even cooler than that. There's always improvements to be made.

The problem with approval voting is that game-theoretically it devolves to plurality voting once everyone understands the system. Approval voting violates the later-no-harm principle: indicating approval for secondary candidates can harm the chance that your primary candidate is elected. Knowing this, why would anyone approve of more than one candidate?


Absolutely false. Strategic Plurality Voting means NOT voting for your favorite, e.g. a Green voting Democrat. With Approval Voting, that same voter's best strategy is to vote Democrat AND Green. THAT is why you'd vote for more than one candidate.

Later-no-harm is a silly "anti-criterion" that causes more harm than benefit. See explanation by a Princeton math PhD who co-founded the Center for Election Science.


He refutes similar FairVote FUD here.


FairVote lacks expertise and lies a lot.


Here's a layman friendly talk I gave to the Colorado League of Women Voters a few years back.


Thanks for posting all this info. In the youtube video, I liked the end where you talked about an objective satisfaction measure for these systems. For someone who wants to be able to provide more preference information at the ballot, and is not married to any particular method, it does make you wonder, why not directly use the objective measure for voting? You'd get a 1-1 correspondence. Wouldn't that maximize satisfaction and the voting method objective function?

You can't use it for voting because the voting system isn't omniscient.


I would think that given different peoples' standards of "approval", ranked-choice voting is much simpler for the genreal public to grasp, and a more useful metric to base an election on.

I suppose we'll see how Maine handers their newly-implemented ranked-choice scheme in the coming election cycles.

Instant Runoff Voting is actually one of the most complicated voting methods. Approval Voting is arguably the simplest.

This can be objectively measured via metrics like ballot spoilage and precinct summability.


Here's a read-through of a talk I gave on this.


Ranking by preference isn't exactly hard. Most 18+ year olds can handle it.

Ah I meant not hard to vote your preferences, it can definitely be hard to understand the outcomes. I think you might be right that that's what the parent was talking about. Nice work injecting some research into this thread.

it's that it is the only stable equilibrium of the winner-takes all parts of our elections.

True, but equilibrium is not the goal. The mere fact that a political system has been around long enough to approach equilibrium means that people have been sleeping at the wheel for a long time.

In the general. But you also have to look at the primaries. For instance, this year we had 22 major candidates running for president in the two major parties. And people like Trump and Sanders show that there is plenty of room for heterodox candidates to be successful.

Primaries are part of the problem, not the solution. If I'm a member of party A, I can't voice a preference for the failed candidates of party B or A. I can only pick between the winners.

For example, I've heard from a small but non-trivial number of swing supporters that they would have voted for Sanders, but instead voted for Trump. Ranked voting might have allowed them to vote Sanders > Trump > Hillary in 2016. Others may have preferred Rand Paul, or Gary Johnson, etc.

FPTP is directly responsible for our dichotomous and increasingly unstable political system. We need more choice at the ballot box.

> For example, I've heard from a small but non-trivial number of swing supporters that they would have voted for Sanders, but instead voted for Trump.

If there's a sizeable proportion of people like that, they'd be able to get their candidate in the primary. By and large you need far fewer votes to win the primary than to win the general.

It always surprises me that there are people who don't bother to vote in the first round of voting, and then complain about the quality of candidates that made it to the second round. Well, yeah; you can't sit things out and hope that other people will pick the person you like. Only 28.5% of eligible voters voted in the presidential primary in 2016 (and non-presidential primaries often have lower turnout).

> If there's a sizeable proportion of people like that, they'd be able to get their candidate in the primary.

This was the focus of my post, though I guess it wasn't clear...

What you're suggesting doesn't work across party lines. The Democrat primaries don't care whether Republicans would have voted for Sanders over Trump, and the Republican primaries have a similar problem. Primary systems acts to amplify the passionate voices within each party at the cost of bipartisan preferences.

What everyone wants is Approval voting. Far simpler than Ranked-choice voting.

Really, do people expect the public to be able to rank their candidates?

Um… Yes? Why do you think no one would be able to do that?

Government is just one, and it represents 300 million people.

And what's the problem? Everyone wants to be a king. Government's job is to make sure no one is, with a social contract.

Except when the government effectively becomes, collectively, the king, and represents nothing more than their royal self-interest. Which is how I see things going in the USA, for all intents and purposes.

Government is always the king. That's their job.

And, in a Democracy, the self-interest of government is the public's interests.

Minor point, in a well functioning Democracy the self interest is the people. I don't think we have that right now.

> If you value things like privacy or the environment, then never vote Republican. Always vote Democrat.

I guess you are too young to remember SOPA/PIPA - that was voted for by Democrats, against by Republicans.

As you mature you'll realize Republican vs Democrat is not as simple as you make it out to be.

It's not that the Democrats are pure good. Far from it. It's that the Republican party of the last few decades is horrifically awful in basically every possible way.

The choice is extremely clear. Activism plus voting against the worst option.

SOPA/PIPA was not as clearly Republican vs. Democrat as you make it out to be, either. Whenever a law is dressed up as IP protections and backed by the entertainment industry, you will probably see a lot of support from CA's representatives, which means a lot of Democrats. However, there were a lot of people from both sides supporting (and eventually opposing) those bills. SOPA was introduced by a Republican, and 8 of its 12 sponsors were Republicans.

Of course, since I live in California, both of "my" senators are Democrats, one of which has been in office since I started high school (24 years ago); it would have been both if the younger of the two (Boxer) hadn't retired.

Somehow, "my" representative is a Republican, though I still think most of the people in this district don't realize that he replaced his father (who held the office from 1981-2009). Maybe the DoJ investigation into his use of campaign finances for personal expenses will open some eyes, but it seems more likely that, if he is removed from office, whoever gets on the ballot with the R next to their name will get the seat (or maybe we'll get multiple people with an R next to their name, like most of the local races).

SOPA was introduced by a republican. 8/12 of the initial sponsors were republican.

Not sure how you can hang this on the democrats. PIPA was introduced by Leahy. Still had some republican sponsors.

They didn't vote on either.

I'm really not sure why you had to be condescending about this. You could have made the same point by bringing up SOPA/PIPA. No need to start talking about other posters being young and immature.

It's about the person, not the party. Plenty of profit motivated democrats and republicans who care about their districts. This kind of tribalism prevents us from finding middle ground; we should be against ideas and practices, and be principled instead of loyal to a party.

Ow, how I would have loved for not only Sanders, but also Trump to have been cheated out of their primary election, and then them both to have started a new party, America would have been a four-party system, overnight. One can dream...

Withdrawal from politics certainly is an important factor that has made America a currently sinking ship.

But the problem is more systemic. It's at the center of the culture of this society: it's the fact that MONEY (== DOMINATION) has been made the most central and culturally venerated value.

To change that, a lot of suffering will have to occur, because those who benefit from MONEY (== DOMINATION) will use exactly that to defend this (sick) cultural value by - you guessed it - dominating everybody who's against it. And for that, other sick things like mass surveillance technology, a militarized police force, perfectly controlled media, and pressure on your economic wellbeing and your physical and mental health will be used.

I would argue that the withdrawal is the core problem and the money is the symptom of that problem. Same with gerrymandering, election systems, distribution of power, and other key talking points.

Active and rational political conversations would, in my mind, have mitigated a lot of the problems with money in politics. Gerrymandering would not be (as large as) a problem if the masses had not been asleep at the wheel.

It is an uphill fight from this point forward.

>I would argue that the withdrawal is the core problem and the money is the symptom of that problem.

Upon what do you base this hypothesis? Because history shows otherwise. The oligarchy/aristocracy has always had disproportionate influence in the US. It has always been an uphill fight for the average citizen.

>I believe the British government forms the best model the world ever produced, and such has been its progress in the minds of the many, that this truth gradually gains ground. This government has for its object public strength and individual security. It is said with us to be unattainable. All communities divide themselves into the few and the many. The first are the rich and well born, the other the mass of the people. The voice of the people has been said to be the voice of God; and however generally this maxim has been quoted and believed, it is not true in fact. The people are turbulent and changing; they seldom judge or determine right. Give therefore to the first class a distinct, permanent share in the government. They will check the unsteadiness of the second, and as they cannot receive any advantage by a change, they therefore will ever maintain good government.

-Alexander Hamilton, Farrand's Records of the Federal Convention, v. 1, p. 299.1787-06-19


When looking at the turnout over the years. The engagement has rarely been > 65%. Last time was 1904.

Your point is well taken though. I am not a political science expert. Just an IT person trying to make sense of it all.

Yeah this has a lot to do with the disaster called the Citizens United decision giving corporation's unlimited ability to donate to politicians. Back in the 50s that still had the concept of the crime of bribery.

"Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone." - RMS

I have consistently found rms to be the most prescient tech voice. A lone prophet, if you will. He always bears careful thought in his vision of where tech and politics will play out - even if you disagree with him.

Who is RMS?

Richard Matthew Stallman

Thanks, the M was the missing link :)

See also: "Just because you do not take an interest in politics doesn't mean politics won't take an interest in you."


Ironically, not that I can compare to RMS, but my senior thesis in college (2003) was "the politics of information technology are disruptive to organizations". I had no idea then how much worse it would get.

This whole discussion is disheartening. When I first heard about this is came to HN to get the facts and try to actually form an opinion, because honestly I can't figure out what the bill is supposed to change and how. Instead I find people pontificating along party lines like every comments section across the internet. Where's the analysis and insight? Where's the objectivity? I've come to expect more from this site and I know we can do better.

The bill allows ISPs to sell their customers' data, among other things. The article says enough about what the bill does.

Your complaints about "people pontificating along party lines" do nothing but reveal your own biases when the vote is so starkly along party lines. In a case like this, the objective analysis is clearly that the Republicans are wrong and the Democrats are right.

The party claiming to represent "personal liberty" and "responsibility" has now voted to have your browser history sold on data-markets. Ever looked at anything particular embarrassing? Welcome to blackmailsville.

I really hope hackers obtain records of every Republican Congresscritter's creepiest porn viewing.

> Instead I find people pontificating along party lines

The vote was along party lines. You are asking for non-partisan insight where there is literally none to be had. There are good guys and bad guys in this issue, and they wear uniforms to tell you who they are.

The text of the resolution is very short, it simply says the FCC rule is repealed. You can read the rule here:


At 73 pages, it's a doozy. I don't know exactly what the effects would have been, but one important thing to note that I did not see mentioned once in any of the reporting about this is that the rule has only been in effect for 84 days. So I wouldn't expect any changes to be too noticeable.

Also worth noting is that whatever restrictions on ISPs are removed by this, it doesn't guarantee that ISPs will start doing that thing immediately, if at all. I also haven't seen reporting on what past behavior ISPs have already engaged in that this rule would have stopped.

The first fifth of the linked resolution addresses what is customer personal information (protocols, ports, IP addresses, MAC addresses, contained information, etc.)

Paragraph 106 mandates that the information released should not be able to be de-identified, and third parties must be contractually obligated to not de-identify customers from the data.

Paragraph 117 says the clause must be transferable to third-parties all the way down the list, but a middle-man can hire a company in a different country to do the necessary work, outside the jurisdiction of the FCC.

Paragraph 115 says the ISP can share the IP address, and no other identifying data, and meet the requirements of de-identification. A clause to "revisit this topic later" is present. Damn right you better -- combined with other data sources from social media and search engines, I can trivially combine multiple data sources using the IP address and build a "personal profile" of your entire Internet usage, including those really unique "outlier" destinations.

Paragraph 143 says that no periodic reminder is required, so expect the "privacy notice" to be buried in a sea of required checkboxes at point-of-sale, and never seen again. There are provisions that it be available on a website and via other methods, etc., but "available" versus "easily found" are two different things.

Most of these rules will take effect in 12 months, not immediately. (The rule of preventing ISP services requiring you waive your privacy to provide service is 30 days (paragraph 295, § 64.2011), data security requirements in 90 days (§ 64.2005), and data breach notifications and requirements in 6 months (§ 64.2006).)

> but one important thing to note that I did not see mentioned once in any of the reporting about this is that the rule has only been in effect for 84 days. So I wouldn't expect any changes to be too noticeable.

Isn't that just because the agency responsible changed from the FTC to the FCC?

I always interpreted that resignation as "both sides are terrible, so I'm going to keep voting for my side". I wonder how many people really felt strong enough about politics to claim both sides are equally bad and then decided not to vote on that basis alone.

That attitude is true to a point, but surely people don't think that Gore would have invaded Iraq? That difference alone strikes me as so obvious and tangible, that there's no excuse for these kinds of false equivalences anymore.

He also would have kept us in Kyoto, which may have been even more consequential. I voted Nader in a blue state and regret it. Voting third party without IRV is naivety.

It's actually a GOP strategy to paint all of government incompetent and that both sides are terrible. You get less participation.

I wonder how many people really felt strong enough about politics to claim both sides are equally bad and then decided not to vote on that basis alone.

Since both sides are astonishingly bad, I usually end up voting third party in races where there is one.

The third parties are even worse than the two parties. The Libertarians ran Bob Barr, a Clinton House prosecutor and Gary Johnson who happily sent people to prison for drug crimes. Jill Stein supports Putin.

Jill Stein is also pretty anti-science as she supports the anti-vaxxer community and supports GMO hysteria.

> and Gary Johnson who happily sent people to prison for drug crimes.

...what? Gary Johnson is himself a marijuana user who has long been am advocate of drug policy reform (not just for marijuana, but for other drugs as well).


As Republican Governor of New Mexico.

> As Republican Governor of New Mexico.

When running for governor, Johnson campaigned on a platform of marijuana decriminalization and harm reduction for all other drugs. This was during the height of the Clinton-era anti-drug hysteria - you'd be hard pressed to find many other politicians who supported harm reduction at that point.

There are things to dislike about Johnson, but criticizing him on drug policy is really bizarre. He's been one of the strongest (if not the strongest) political advocate for abolishing the War on Drugs for over two decades - much more vocally so and for far longer than any other politician I can name offhand.

What did he actually do when he was twice elected as the Republican governor of New Mexico from 1995 to 2003. I give credit for what people do rather than what they say.


Also, he didn't campaign on legalization. He gave a speech about it in his second term. Did he parole any non-violent drug offenders? Did he use the powers of his office?

> Jill Stein supports Putin

No she doesn't, this is an absurd smear based on her attending a single event in Moscow.

How do you turn Putin saying "I agree with [Stein], on many issues." into "Stein supports Putin"?

what you wrote does not make them sound worse than the two main parties in power.

and that's why bills like this pass.

Right. The only way to stop Kang from ruining everything is to vote for Kodos instead.

You can keep using clever witticisms like that if it makes you feel better, and meanwhile bills like this will keep passing along party lines.

So it's the fault of people who vote third party that you have a two-party state?

It's sensible to ask whether a specific 3rd-party vote had a chance of affecting the outcome in a positive way. E.g., one of the more effective arguments against the current Green party in the US is they don't seem to try very hard in local elections, where they might stand a chance; but they always run someone for president who stands no chance. If we have a hope of getting out of this, it's going to start on school boards and city councils. Prop up your 3rd parties there, but vote the lesser of two evils when it's the most effective thing to do.

Very much this. There are many de facto one party districts in the U.S. where a third party wouldn't run into the issue of being a spoiler. The Vermont Progressive Party only runs candidates like this. The result is that thought they're only active in Vermont, they have 11 seats in the Vermont state legislature. In contrast, the Libertarian Party and the Green Party are across in the entire U.S., and out of all 50 state legislatures they have a combined total of 2 seats (2 for the Libertarians, 0 for the Greens).

And it's this kind of impetus that creates voter apathy. If you insist on trying to shove square pegs into a round or triangular hole, you're just going to end up with vote tallies similar to the one you just saw with the national election.

As someone who didn't vote, no, I would not have changed my decision given the outcome, and this "lesser of two evils" justification crap is exactly why. Enjoy your shitty country.

I suppose you will also enjoy the same shitty country?

It sounds like you are the apathetic voter in this scenario.

No, it would be a two-party state whether or not they voted third party.

third party voters can wind up choosing which of the two parties win. in 2016, they gave Trump the win, because they equated him and the Republicans with Hillary in terms of deleterious effects.

> third party voters can wind up choosing which of the two parties win. in 2016, they gave Trump the win, because they equated him and the Republicans with Hillary in terms of deleterious effects.

This is a common line used by leftists who are angry that Trump won and are looking for someone to blame. Third party voters make an easy target, and the left has long felt entitled to the support of third-party voters.

But this entitlement assumes that third party voters would otherwise have voted for Clinton, which is a pretty strong assumption that also doesn't really hold up against the polling data from late in the election. Johnson took more than half of the third-party vote, and had he not been running, most Johnson voters would either have voted Trump or not voted at all.

Trump didn't win because of the few voters who voted third party. He won because of the 63 million people who voted for him. If you want to blame someone for Trump's victory, blame them, not the 7 million who chose not to vote for Trump.

He won because of the broken electoral college system which gives us tyranny of the minority.

That's an absurd assertion.

Two-party? The American federal government is, de facto, a one-party state.

Yeah. The Janus party.

No, the Republican Party. Policy for the last decade has been that Democrats mustn't be allowed to win elections, and should they somehow manage to win elections, they mustn't be allowed to govern.

Of course, the Democrats have themselves totally acceded to this scheme.

Look up Duverger's law.

Effectively, in a first past the post electoral system, any vote that isn't for the major party that most closely aligns with your views is a vote that supports the views least aligned with your preference.


I just re-read that article again, and don't really see your claims in in anywhere. I can kinda see how you might draw that conclusion, but I think it's an oversimplification and not really that accurate.

I do see some listed counterexamples to the "law", and also a note about occasional upsets where the parties get completely rearranged.

If both major parties suck, how do I ask for an upset? Is it by fuming quietly and voting for the lesser of the two evils, or by saying "no, fuck you both"? Or does the fact that any upset probably won't happen this election mean that it's part of "the long run" where per Keynes we're all dead, and so it doesn't actually matter?

Do the major parties just ignore any non-major-party vote, or do they analyze it to tweak their platforms for next time? (And, is this consistent over time and space? I'm hearing that it seems to be the case in the US now, but in the same breath I'm hearing that that's a recent localized disaster.)

I am in my phone, traveling.

The Wikipedia page is a tremendously short summary, and yes, doesn't go into depth about the implications of duverger's law.

I strongly suggest digging into the literature around it, which does bear out the thesis I states above.

If both parties suck equally and no party is more closely aligned to your preferences than another, I suggest you enter politics yourself. It's just made up of people not too different from yourself.

If both parties suck equally and no party is more closely aligned to your preferences than another, I suggest you enter politics yourself. It's just made up of people not too different from yourself.

I've actually thought about that a bit, and don't think I'd enjoy it enough to consistently put in the time needed to ever really get good at it.

Fairvote.org works on electoral reform issues that are meant to help with issues like this. I think that "the marketplace of ideas" in the US is too much of an oligopoly. Ideas like single transferable vote seem like realistic options for improving the situation. (I'm excited to see how thing go in Maine now that they've​ adopted some of these measures.)

There are dozens of us. Dozens!

I vote 3rd-party in every contest I can. At this point, I'd vote for a puppy dog, if it wasn't a D or an R. It makes my wife, family, and friends mad, but I will not waste my vote on the status quo. I'm voting to send a signal that I want other options.

I believe that if we can get to the point of just having a 3rd party on the platform for a presidential debate, we can open the door to other parties having a non-negligible effect on the election process. Of course, that's the Election Commision's fear as well: https://www.washingtonpost.com/news/post-politics/wp/2016/09...

The turnout dropped by a huge amount. It's like people assumed that Obama's policies were not worth continuing their voting turnout.

Or that this election was so crazy that they decided not to vote in spite.

Quite a few potentially:


To paraphrase A. Einstein?, When intelligent people refuse to participate in politics, they'll be governed by the less intelligent members of society.

That's apparent in the US where elections results are influenced more by those with barely a high school education than by their more educated fellow citizens.

The most important qualification one needs to have, it seems, to be elected to the Texas Education Agency, is to be a "true conservation". That board practically decides what your children study in school.

And over here on HN, the policy is to not get into political discussions.

Off-topic: Always better to quote the earliest reference. Plato said practically the same think around 347BC. Maybe there was someone before him too when we had no written texts. History repeats itself.

I can only quote a known source. Though I won't be surprised if Einstein made that statement after reading Plato's.

Taking the bait: Why is it better? If one is attempting to persuade, I would suggest using the attribution that most strongly connects with the audience's sense of expertise and/or power. So, given that, I'd wager that Einstein is better reference than Plato for many in the modern world.

I get what you're saying, the idea is much older than Einstein but do you want to be right or do you want to be truthful and persuade?

Credit for originality.

At least nod the prior. "As Einstein's improvement on Plato's dictum says, ...".

By comparison, I was reading a paper on an alternative fuels process and found that its citations were all to 1990s and subsequent work.

This actively obscured the fact that the underlying concepts and idea dated from the 1960s, and excluded considerable significant prior research.

It would be ... like a study of evolutionary biology failing to credit Charles Darwin, and giving the impression, say, that the entire field grew out of recombinant DNA efforts of the 1970s.

I agree, though I find it likely the person you're responding to quoted their own earliest known reference :)

Here is an alternative account of what has happened.

The government is trying to reduce protections of civil liberties, the environment, etc.


Because the party in control of the legislative and executive branches are removing those protections.


Because it is in their best interest and because they promised to do so in their election campaigns.


A. Because their corporate sponsors want less regulation.

B. Because their supporters want less regulation.


Because less regulation means more profits (If you ignore the environmental and human costs).

And, because many Americans equate regulation with infringement of their personal freedom.

We need to stop assuming that bad things are happening because a few bad apples tricked roughly half the population to support them. They are making America great again. Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered. And no one was fooled. It is straight up whathalf the population asked for.

I'm sorry for not responding to your post earlier.

> We need to stop assuming that bad things are happening because a few bad apples tricked roughly half the population to support them. They are making America great again. Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered. And no one was fooled. It is straight up what half the population asked for.

You're correct by and large. I won't get into the remarks on the (effective) propaganda efforts Fox & crew have done. Much deception has happened there.

But, this specific bill is troublesome in part because the lawmakers often are very ignorant of what's going on, much like many of the senior judges in the US. This is one part generational divide, one part tech avoiding law, and one part lobbying. Some of that is avoidable by engagement, and if adult geeks had realized this in the 80s & 90s instead of disengaging from politics, the world would be different.

> Because less regulation means more profits (If you ignore the environmental and human costs).

This is completely false. Less regulations helps the status-quo as companies stop to need to be innovative. And it helps old-fashioned contaminating industries.

> Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered.

Yes. That's it. And that's why so much powerful people want bad schools and worse education. If people knew how the world works, they will be less prone to populism.

A core problem is that it's much easier to break things than to build or maintain things, so huge amounts of work can be eliminated very easily, whether through neglect or design.

That's a sutra.

I supported the FCC's move to assist with consumer privacy, although it was a tough call.

I oppose what the Republican Congress is doing.

Having said all of that, the FCC has no freaking business defining privacy. The system was terribly out of whack to have them do this in the first place. My support of their move and my opposition to what Congress is currently doing is simply because I'm trying to pick the lesser of two evils. It's not because there was simple good position/side and bad position/side. Wish that it were so simple.

Both political parties have screwed over privacy and anonymity online -- in terrible and huge ways. And the system is terribly corrupt. And....we should take action to make our political views clear.

My problem is that "let's take action" turns quickly into "Group X is in the pocket of political party Y"

And that's how we got here in the first place.

Hi Daniel,

I would agree that the remit of Congress is to govern the people, by the people, and privacy falls under that umbrella. The executive branch should not be operating as an independent law-making body, as it has been.

I would gently suggest that when geeks look at politics, it's much like looking at a huge codebase written for decades - our reaction is that it's corrupt and needs a rewrite. I have learned through very careful study and hard experience that often there are good reasons for codebases to be "crufty", and similar with politics. Doesn't mean reform can't be done, but it means we have to work within the codebase, and with the current web of loyalties to some extent.

Thank you for your kind reply. As both a geek and a student of history and philosophy, it's nice to hear civility :)

I specialize in helping large organizations of people change and become better, so I've been quite fortunate to have hands-on experience with these kinds of things.

For a good political person who can work contacts, there's always value. I would humbly posit that the system as a whole has overall attributes. I really don't like waving my hands around and saying "we're all going to die", but sometimes the Titanic actually is sinking. I'm sure those guys in the band had a hoot playing those last few songs, though.

So I understand and respect your opinion. Hopefully I'm able to see the tactical as well as strategic situation. Maybe not, but that's what great conversations are for. :)

Thanks again.

It's not only complacency, although it is a large part of it. Some of the main issues here is money in politics, gerrymandering, the gutting of the civil rights act. In fact, the most central issue here is probably money in politics.

I'd argue that it's not money in politics. The democrats and republicans get tons of money from tons of different interest groups and industries, yet the the only party that voted whatsoever for this bill were Republicans. The problem isn't the money, it's the ideology.

Or that tech companies are a democrat lobby and telecoms are a republican lobby.

Democrats wouldn't apply this rule to search engines or email. Why? Because tech companies would flip out.

Democrats are free to vote ideology when it's a GOP ox that is going to get gored. And vice versa.

Please, don't undercount the number of "libertarian" crypto-geeks who think that regulation is the devil.

I agree. Do you have any particular recommendations for how we might engage on this particular problem?

I would suggest (1) working with the Democrats to focus on removing gerrymandering to using a more algorithmic approach that is party-independent. This helps ensure that seats aren't (in effect) locked to a single party. And, (2) working with political/advocacy organizations locally that help brief officials on tech reality.

When was this earlier time?

That was a huge thrust of the 90s Linux nerd thought. Call it a lazzeiz faire countercultural perspective. esr provides a certain window into that time, although he seems to me to get more and more right-wing libertarian over the years.

The culture has shifted and moved, but the "avoid politics, it's evil" mentality still hangs around, a lot.

No, this is a consequence of the republicans being in power.

The Democrats also have policies that are... poor, particularly around the internet. This is a cross-party problem.

Given this vote was split along party lines this smells of whataboutism.

This vote had a bad result, and the Rs were pushing the bad thing. But a bit of puttering around older newspaper articles reveals the Democrats have also done their fair share of problematic votes here. Obama's Administration was not particularly sympathetic to these sorts of concerns, although more so than the current Administration. The EFF had more than a few things to say.

I don't mean to exculpate the Rs or go "ruh ruh whatabout those bad Democrats". Lack of understanding of consequences and technology is a cross-party issue, and each party has performs their ignorance differently. I think that part of this is age, as well as the age of the vested interests.

Also, personally, I wish you'd have checked my comments. I am no GOP evangelist/apologist. I'm trying to hew to the truth and be fair.

> I don't mean to exculpate the Rs or go "ruh ruh whatabout those bad Democrats".

Well... good. It did read a bit that way however. But you know, tone, text, internet, etc

The rules in place were put in by the Obama administration FCC. The same people who setup net neutrality rules that are waiting to be gutted.

"I'm trying to be fair" is exactly the problem with whataboutism.

whataboutism was famously used as a deflective defense to redirect conversation from the USSR's (major) issues to the US (not quite as major) issues.

But I think I'm done with this conversation. Thank you for your time.

We cannot toss out 8 years of history by the results of two votes in Congress.

Whataboutism is irrelevant. What matters is whether his assertion is true: are both parties' policies toward the Internet a problem?

No, what matters is tradeoffs. Is one party's set of policies far more problematic than those of the other party?

"The lesser of two evils" is an important consideration in who to support politically, but the "absolute values" are even moreso--otherwise you're merely being blown about by trends, only ever getting closer to good policy by chance, rather than actively pursuing good policy. If neither party's policies are good, that absolutely matters.

In the previous election we had a milquetoast liberal running against a ur-fascist demagogue. It is clear which one was the lesser of two evils, and now we are seeing the effects of America's choice in this bill and others.

If Hillary Clinton was president or if the Democrats had control of one chamber of Congress, this bill never would have passed.

> It is clear which one was the lesser of two evils

Obviously there is significant disagreement on that issue.

> If Hillary Clinton was president or if the Democrats had control of one chamber of Congress, this bill never would have passed.

Yes, because the left is happy for government agencies run by unelected, unaccountable bureaucrats to continually enlarge their regulatory domain. Other people consider that a bad idea in general.

And if that had happened, FCC regulations would control our privacy--after they would have taken effect, over a year from now--regulations which are not law and can be changed by unelected FCC bureaucrats who are unaccountable to the people.

I'm no fan of Congress, but it's definitely better for this to be controlled by federal law rather than an agency regulation.

Sometimes the outcomes are better when appointed technocrats to decide things, particularly when the people are manifestly incapable of making good decisions.

Of course, there is something to be said for allowing people to screw up their own government irreparably and be forced to suffer the consequences.

Care to elaborate?

Well, I'd encourage you to look into the expansion of the NSA under the obama administration and how his administration responded to whistle blowers who leaked information related to that expansion.


If you want to compete with other large groups of humans for limited resources, you need to band into a large group yourself, or be overtaken. That's always been the case, and seems likely it will always continue to be the case.

Also, there are certain nice things that we have that are only possible by working together. The national highways, for example.

But at its core, the most basic necessity is the common defense.

Nice how "working together" is an euphemism for having a bunch of rulers enslave everyone else "for the common good" :)


Please don't post such inflammatory nonsense here; we're trying to have thoughtful and civil discussions.


Before getting all spun up, I'd dig a little deeper on the issue than what the WaPo does in this piece.

These regulations were only voted on late in 2016 and never went into effect. To do the regulations, the FCC reclassified the internet as basically ye olde telephone system, which then made it subject to their purview based on laws created in the 1930s. This is classic overreach. Congress never gave this authority to the FCC and is acting to put them back in line with the law.

It's pathetic the the WaPo used their platform to create more heat than light on this, by selective quoting. Here's a more full quote from Rep Blackburn that explains her position more fully.

“The FCC already has the ability to oversee privacy with broadband providers,” Blackburn explained. “That is done primarily through Section 222 of the Communications Act, and additional authority is granted through Sections 201 and 202. Now, what they did was to go outside of their bounds and expand that. They did a swipe at the jurisdiction of the Federal Trade Commission, the FTC. They have traditionally been our nation’s primary privacy regulator, and they have done a very good job of it.”

The lesson here really is that if the issue is really important, then get an actual law passed instead of trying to contort regulatory authority based on laws from the 1930s. The previous president could certainly have done this, but chose not to.

The FTC did regulate ISPs, until they sued AT&T over their "unlimited" claims and lost in appeal. In losing, they actually lost the ability to regulate ISPs at all. AT&T wanted this. Here's the ruling: https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/29/1...

Seeing this coming, FCC proposed privacy rules around the same time: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-39A1_Rc...

Which did go into effect on January 3rd: https://www.federalregister.gov/documents/2016/12/02/2016-28...

Among the privacy requirements, there are also mandatory breach notifications.

The industry's response is here: https://www.washingtonpost.com/blogs/the-switch/files/2017/0... . They complained about the breach requirements, and also claimed the difference between them being opt-in for advertising profiling vs Google et al being opt-out violated their First Amendment rights.

A coalition of Internet advertisers filed a similar response: http://ana.net/getfile/24564 . Here, they claim another First Amendment conflict with: "The creation, analysis, and transfer of consumer data for marketing purposes constitutes speech"

So yes, please dig deeper. This is a year-long end to a battle that AT&T successfully opened up in their appeal. It's over; the ISPs won, at the expense of individual American privacy.

Thanks for posting this -- very informative!

That decision seems insanely broad; there's nothing in there that prevents AT&T from buying a breakfast cereal company and selling corn flakes that claim each 1 pound box contains 80 pounds of cereal and will make you live forever.

At the same time, it doesn't seem to apply to ISP broadly; only ISPs that qualify as common carriers. Although the definition of common carrier seems overly broad itself, according to [1], even pointing out that Disney is a common carrier because their roller coasters in their theme parks carry passengers [2].

Has any attempt been made to amend either the FTC acts or the FCC acts to clarify the extent to which entities are classified as common carriers only as regards to those activities which meet the definition?

[1] https://en.wikipedia.org/wiki/Common_carrier

[2] Gomez v. Superior Court (Walt Disney Co.) (2005) 35 C4th 1125, http://online.ceb.com/calcases/C4/35C4t1125.htm

Selling your customers’ private browsing data constitutes speech… Wow. Just wow.

Yeah that statement makes it sound like everyone is using their browser in a public park on a 60' projector making it available for the ISP to sell.

Also, from a closer look at the Federal Register, it does not appear that the regulations went into effect in any meaningful way -- the sections excluded from that effective data are _all_ of the relevant regulations.

See my comment below https://news.ycombinator.com/item?id=13986192

I don't understand why people like yourself have to try to reframe and deflect attention on everything to fit your political narrative. Why can't you just see the problem for what it is and hold the representatives with your political affiliation accountable? Who really cares who our "traditional" privacy regulator is if neither of them end up able/willing to do the regulating? Why are you trying to frame this as a mistake made by the "previous president" when every single vote cast to repeal the only possible legal barrier to the commoditization of the internet activity of US citizens was cast by house/senate republicans? Are you perhaps suggesting that republicans would be the ones behind pushing a law through congress protecting internet privacy? I cannot comprehend how you can rationalize this (UM ACTUALLY... THIS IS OBAMA'S FAULT!) drivel in your head without some serious cognitive dissonance

Because the truth matters. You're reacting to this based on the politically spun narrative that was fed to you when you first encountered the issue. The truth is actually a fair bit more complex.

This is a case of a regulatory agency overstepping its bounds and seizing jurisdiction outside of the domain allowed for it by Congress. That's the language in which the bill is framed, the the way in which it has been discussed in the past weeks and months that is has gotten (minimal) coverage.

Then the issue got picked up and spun when somebody called attention to the fact that the FCC's regulations (which they were not authorized to make) were more consumer-friendly than the FTC's. That's true, and it's a real problem. But that does not mean that the answer is to sanction the FCC's power-grab here. The right thing to do is to pursue consumer regulatory protections _within the confines of the law_, which means either petitioning the FTC or new legislation.

Don't confuse concern over process with favoring the resulting outcomes.

The FTC previously proposed essentially this same rule and was shot down by the courts as not having authority.

That's interesting. But wouldn't it be better to pass a law to do this, rather than relying an executive agency's regulations, which may change at their will and be interpreted as they please each time the government changes hands?

It would be lovely for Congress to pass a statute ensuring data-privacy. Pity they just voted the other way around on party lines.

... did you read the thread you are replying to?

Do you have a link or further information on this?

The Ninth Circuit ruled that the FTC had no authority to regulate common carriers: https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/29/1...

He's quoting a woman that accepted more than 650k from ISPs for reelection campaigns.

Because this is not an individual but rather shill for ISP trying to push a narrative.

ISPs should be classified as modern utilities. They are trying to be the infrastructure provider while being regulated like the business' that consume the infrastructure. But they don't want to be classified as such because of the burden of regulations this would inherit.

I've yet to meet someone in life that thinks that their internet provider should be able to sell all information about their activities (while charging for the service).

You can't just say the regulations are old and therefore invalid because they're old.

Remember, the telephone industry was regulated because telephone companies merged and cooperated to create regional monopolies and destroy competition, all at the expense of consumers. Comcast, Time Warner and the like have all been doing the same.

You also can't just say that the internet is the same as POTS.

The FCC has scarcely been better than these companies. It has a history of being a revolving door for companies. Consider what RCA/FCC did to Armstrong back in the day.


Just because the FCC does something doesn't mean its good, legal, or whatever. It's just what 3 of 5 unelected, unaccountable appointees cooked up. When the board changes, they can just as easily uncook it up.

You bring up a good point that many people might not have realized: relying on the FCC to regulate solely without the backing of legislation will not result in the kind of long-term stable regulations and consumer protections that we are looking for because what the FCC decides to do could change on a dime whenever the administration changes.

The FCC did have the backing of legislation, which is why it took an act of Congress to overturn it.

It had the backing of legislation to do whatever it wanted, leading to instability of regulation.

This law was written to prevent an overstep of a non legislative body's ability to legislate.

It's true the outcome sucks in this case, but that doesn't mean it wasn't the right thing to do from a balance of power perspective.

> It's true the outcome sucks in this case, but that doesn't mean it wasn't the right thing to do from a balance of power perspective.

HN, the only place on the internet for thoughtful/rational political discourse.

This is the only place I've seen having this conversation. That actually questioned the utility of the agencies to follow out the intended goal and whether this is the best policy to do thee job. It's sad it's not even being tapped on by the newspapers, even as an aside to their doomsday headlines they love to stir up.

As Thomas Sowell said: "Economics is not about hopes and good intentions, it's about cause and effect". The same applies to regulatory policy.

> It had the backing of legislation to do whatever it wanted, leading to instability of regulation.

This makes no sense. It's not true, for one thing--the FCC cannot "do whatever it wants." And independent rulemaking is the entire point of creating an independent federal regulatory agency in the first place.

Calling it a "regulatory overstep" is fine as a means of expressing an opinion about this rule, but the rule was legally promulgated. Again: that's why it took an act of Congress to reverse. Illegal rules get reversed in court.

I understand that a phone connection is different from an internet connection. But I couldn't think of two more similar industries. Wasn't dial-up,the first real consumer internet delivered through via telephone lines and switches?

More importantly, at the backbone level, the phone system has been run through the same type of SONET fiber optic networks as the internet for the last couple of decades, at least. In most cases the only reasons the two were isolated from one another were: - phone traffic was considered higher priority if an outage occurred (it used to be, but probably not any longer) - regulations on the internet (especially as pertains to giving access to ISPs, such as the cable companies) giving the phone companies incentive to segregate the two as much as possible

Another point regarding the consolidation of the two industries comes in the form of most of the cable companies now delivering home phone service through the internet.

The FCC's reclassification of ISPs under Title II does not assume the internet is the same POTS. It's a classification, not an equivalance.

The national infrastructure for the internet and POTS is the same, and has been since the mid-1990s, if not always. Internet PoP sites and telephone PoP sites in the U.S. are housed in the same building, usually in the same rack. The fiber was run in separate trays and they used slightly different equipment for each (OC-48 vs. OC-192 in the mid-1990s), but at least from that point on the primary difference between POTS and internet has been that POTS usually runs through a slightly lower-bandwidth version of the same system. The same people built, maintained, and upgraded the cables and equipment on the backbone, whether it was POTS or internet. It's still run primarily by Level 3 (which swallowed up most of the companies that built it, or the infrastructure and employees that survived or spun out of those companies) and AT&T, and many of the fiber runs across the country are still marked with MCI's logo.

I don't think the FCC is the best place to fix the problems with the internet, but I don't see the "repeal and don't fix" method that seems to be so popular with the Republicans lately as a better way to deal with it.

POTS == Plain Old Telephone Service for those who didn't recognize the acronym

As a communication mechanism I can say that some of the rules will likely apply.

Oh look, more whataboutism.

With regards to this, I absolutely can.

Well, calling them "old" is silly because these privacy improvements never went into effect.

Referring to this privacy exposure as "something that may/will happen because of Trump" ignores that it is already Federal law and has been since 2015. Yes, in removing FTC authority over broadband, the Obama administration created this privacy exposure in the first place. That tap wouldn't shut off until next December at the earliest if the current administration did nothing.

That privacy ship has sailed. Broadband providers can have been sucking this data up for over two years by the time this particular Obama regulation would kick in, even if left as was. The Obama administration could have timed the FTC authority removal to not happen until replacement protections were in place, but, no.

The EFF is oddly silent about why they've been so oddly silent about this exposure for over a year now. Their partisanship is showing.

The court decision (it was a court interpretation, not a particular executive action that led to the FTC's authority being removed) dates from August, 2016, and only applied to the 9th circuit. See https://cdn.ca9.uscourts.gov/datastore/opinions/2016/08/29/1... (The case was the FTC suing to prevent AT&T conducting data-throttling to customers who had bought unlimited data plans. AT&T claimed that the FTC no longer had jurisdiction, and the court agreed.

Given that circuit split, it's unlikely -- no matter how evil you imagine ISPs to be -- that they would start scooping up data and selling it immediately, and only in a narrow set of States. The FCC regulation was an attempt to restore an existing privacy situation, across the whole of the US market.

Again, it's extremely unlikely that with an impending privacy regulation being imposed, ISPs would proceed with monetising user browser histories for a short period of time before they were once again vulnerable to regulatory penalties for doing so.

If I may be less than oddly silent, I think we (EFF) didn't talk about this much because it seemed like various parts of the USG were (slowly) moving to fix a problem that came out of a court decision that could have gone either way.

You can read a little bit more about our work during the Obama administration (and before) on net neutrality here: https://www.eff.org/deeplinks/2014/07/deep-dive-defense-neut... . One of the points we talked about during that administration, and this one, is the risk of FCC over-regulation, and regulatory capture. If you want to view these challenges in a public choice theory (ie generally Republican) model -- at the FCC, the risk is largely one of ISP dominance, as it is traditionally the telcos that stand to benefit from investing in moving the FCC to their position. In this case, you actually have Congress stepping into to push them even more that way. That's a problem under a Democratic or Republican administration, which is why I think you saw more Republicans move to oppose the repeal than Democrats support it.

Actually no -- an obscure interpretation of a one off line in an unrelated law was used to prevent the FTC from regulating here. The FTC tried to regulate -- and was shot down because it was determined that FCC had authority. Then the proposals were re-worked through the FCC -- now the same people who claimed FTC didn't have regulatory authority are now claiming that FCC doesn't and FTC does. Not classic government overreach, classic right wing misdirection.

> These regulations were only voted on late in 2016 and never went into effect. To do the regulations, the FCC reclassified the internet as basically ye olde telephone system

You are conflating two different orders; the reclassification was part of the 2015 open internet order (and was expressly laid out as a legal option in the court decision striking down the 2010 open internet order), not the 2016 privacy order at issue here.

> They did a swipe at the jurisdiction of the Federal Trade Commission, the FTC.

The FTC has no authority over even the non-telephone operations of the telephone companies who are many of the major ISPs.

> To do the regulations, the FCC reclassified the internet as basically ye olde telephone system, which then made it subject to their purview based on laws created in the 1930s. This is classic overreach. Congress never gave this authority to the FCC and is acting to put them back in line with the law.

It was the FCC that decided in the first place to classify ISPs as information services rather than common carriers. They have the authority from Congress to do that, and I'm aware of nothing in the laws that granted that authority that say that once the FCC makes such a classification they cannot later revisit that and change the classification.

> The lesson here really is that if the issue is really important, then get an actual law passed instead of trying to contort regulatory authority based on laws from the 1930s.

There have been several additions and amendments to the 1930s laws, such as the Telecommunication Act of 1996. It is disingenuous to suggest that the FCC is relying on 1930s laws for their authority.

nit: The previous president could certainly have done this, but chose not to. obscures the reality that the opposition party - and its grassroots supporters was ruthless in opposing all that Obama did, often for no apparent reason. For instance, the SCOTUS nominee. It was poor behavior, giving us "legislative debt", as it fostered executive action over legislative action.

Couple of issues here:

1. The opposing party's opposing the ruling party is a natural process of government. It's the normal state of things. Your saying that it was "poor behavior" implies that it was an anomaly, that the Republicans did something wrong by not supporting everything Obama wanted to do, and that the minority party is supposed to accede to every demand of the ruling party, which would be absurd.

2. The Democrats only controlled Congress for 2 of Obama's 8 years. You imply that, even when Congress is not controlled by the President's own party, that Congress should accede to his demands. This is absurd. It's not how our government works, it's not how it's ever worked, and it's not how it was intended to work--indeed, exactly the opposite is the case.

3. If your implications were true, you should be criticizing the Democrats for doing exactly the same thing right now with far more vehemence.

4. The ostensibly "grassroots supporters" of the current opposition is actually ruthless. Were there violent riots in the streets of cities across the country when Obama was elected?

Your comments that this isn't how the government was intended to work are spot on -- the founders did not want a two party system.

> the founders did not want a two party system.

Well, they said they didn't want a factional system, then they built rules which guaranteed two factions, modelled directly after rules which had done the same elsewhere, and all while organizing themselves into two factions which were visible in nascent form in the first national elections under the Constitution and well solidified by the time Washington was to be replaced as President.

So, do you listen to their words, or their actions? The founders were, to all evidence, a lot like politicians of today, publicly cursing the ills of partisanship while deeply engaged in it, mostly as a rhetorical device against the other party.

Of course, the math says that with the current voting system, any third party that emerges as a major force will always consume one of the existing major parties, leading the nation back to a two party system. I wonder why people always ignore this inconvenient theorem.

Most people don't understand that intuitively, I think.

To which theorem do you refer ...?

The problem with this line of reasoning is that it somehow assumes that if the FTC were still regulating this then the Republicans would have left it alone. And that's nonsense. It doesn't matter who is regulating it, what matters is that you have a certain privacy, and soon you won't. That's all this is about.

Procedural arguments are a way to avoid dealing with the substantive issue. The elephant in the room is that one political party thinks it's totally fine to exploit your information for as much commercial gain as can be mined from it.

I'm confused. If these rules that were repealed never went into effect, or only partially, does that mean that our data was already (or is currently) being sold?

Does this legislation explicitly condone the collection or sale of browsing data? (I'd still rather have the protection than not, but can't seem to find a good detailed explanation.)

Verizon has been doing this since at least 2012. It's sure as sh*t AT&T and others (not just mobile providers) are doing it as well.

  does that mean that our data was already (or is currently) being sold?
Probably. I doubt that broadband carriers would admit it publicly one way or the other.

They've been able to for at least 1.5 years, and counting.

> get an actual law passed ... the previous president could certainly have done this, but chose not to.

Right, the Republican Congress was very happy to work the prior President on sensible legislation.

The FTC recently lost their ability to regulate ISPs. That's why it was done this way. If the FTC had not been stripped of it's powers, then there would have been no need.

> These regulations were only voted on late in 2016 and never went into effect.

False. Parts of the regulation went into effect 30 days after publication. Parts went into effect 90 days after publication. Part would have gone into effect 6 months after publication. Part would have gone into effect 12 months after publication.

See pg. 202 of the Report and Order.

So then, surely, the current Republican leadership in government will pass these rules the "right way"?

I thought not.

"The lesson here really is that if the issue is really important, then get an actual law passed instead of trying to contort regulatory authority based on laws from the 1930s."

That's silly. That's like saying phone doesn't deserve protection from wiretapping because there never was a law specifically against it.

<edited> So as it's going to be a flame war apparently I've deleted the comment.

I'd just like to register my opinion that I don't see Washington Post is an objective, nor even a trustworthy source at this point. When they print something it's often worth looking deeper into I believe.

>Although Washington Post isn't quite Brietbart yet they appear to be headed rapidly in that direction from my perspective

So you've never actually been to Breitbart then? I checked it regularly before the 2016 elections and, in those days, it certainly earned its nickname "stormfront lite." They've toned it down since the additional scrutiny and subsequent mainstreaming of the Trump era, but WaPo has never been and will never even come close to Breitbart. Also Breitbart is an overt propaganda outlet. WaPo may seem biased, but it certainly does not engage propaganda on the same level as Breitbart.

  WaPo has never been and will never even come close to Breitbart.
Well, they certainly weren't close to the Obama administration or Clinton campaign like WaPo was, as clearly revealed in numerous WikiLeaks-exposed email exchanges.

Meanwhile, if you see any factual errors on Breitbart, by all means post them.

> Meanwhile, if you see any factual errors on Breitbart, by all means post them.

I liked this one:


You don;'t need facts when your product is bigotry rather than information.

> I'd just like to register my opinion that I don't see Washington Post is an objective, nor even a trustworthy source at this point.

That's because you probably believe that the Illuminati or clockwork elves are real.

Or maybe its because operation mockingbird never went away and wapo is quantifiably part of that core narrative group.

Yours is the kind of negative, noncontributory comment I would'nt be surprised to see dang flag.

Yours is the kind of negative, noncontributory comment I wouldn't be surprised to see dang flag.

Your comment consists entirely of conspiracy theories and personal attacks.


You've been posting quite a few unsubstantive and borderline uncivil comments to HN. Would you please stop?

So posting comments with misleading information and media bashing is substantive and civil?

I'll stick to that then.

Ya, so do I. Seriously. We can't have different political opinions without it turning into this?

That's entirely incorrect. The Republicans own actions, and absolutely nothing else, portrays them in a bad light.

Please do not complain into the echo chamber of comments here. Please take a moment to support the EFF, call your representatives, and speak to friends and family.

EFF: https://www.eff.org/ Find your reps: https://tryvoices.com/

I think discussion is absolutely essential. I already saw this one coming, but I learn about political issues like this from here and other forums fairly often.

Of course, said discussions are pointless without action.

Of course! Sorry I didn't mean to suggest otherwise. I'm just frustrated and doing my best to channel that into action.

I renewed with pride a month or so ago. The US has an enormous influence on the internet, and those of us on the outside are counting on you to look after it for us.

If my rep already voted Nay, what else can I realistically do?

Keep the pressure up. If ISPs actually do almost any of the acts that this repeal enable, this vote will have ramifications that politicians will want to distance themselves from.

With over 20,000 phone calls to Congress in just 48 hours, this is now on the scopes of current congresspeople (and those who would like to campaign against them).

(And please consider joining EFF as a recurring dues-paying member. The more people we can say we speak for, the more impact our arguments have. https://supporters.eff.org/donate/ )

Also, calling after a vote to say you agreed helps them chart future decisions. Support of an action will help keep them down that policy path.

You can call up their office and thank them. Seriously. Reps need to hear that people stand by their decisions. Also, you can spread the word to friends and family.

Make it a mark of shame that does real damage to their reelection campaign.

Call your Rep's office, and tell them (politely) that, because of votes like this, you will be voting for whomever challenges them in the next election, unless you see your Rep's vote record improve drastically and align with your interests. And then follow through on that.

"Nay" was the pro individual privacy vote.

interestingly enough the top comment is argues the regulation in question is overreach so I think you're giving the HN community too little credit.

  support the EFF
Not to say that most of what EFF does isn't valuable, but this privacy exposure has been going on for over a year and a half already. Why didn't the EFF call attention to it until now?

I wonder where masonic is now.

The court case over the FTC's authority was decided last August, and the FCC issued new regulations in October.

They did. And it resulted in the FCC regulations that just got rolled back.

In Feburary 2015, the EFF was cautiously celebrating [1][2][3], although the context was primarily Net Neutrality:

"Reclassification under Title II was a necessary step in order to give the FCC the authority it needed to enact net neutrality rules. But now we face the really hard part: making sure the FCC doesn't abuse its authority." [2]

"The FCC has also failed to give proper consideration to the invasiveness of deep packet inspection, used by ISPs to read a user's Internet traffic. The "lawful content" limitation may give legal cover to this privacy-violating practice. In response, the Commission simply suggests that users protect their own privacy using encryption, virtual private networks, and Tor. While it's a very good idea for users to protect themselves with such tools, that shouldn't be their only protection against the very companies they are forced to trust in order to gain access to the Internet – particularly when ISPs like Verizon have gone to extreme measures to circumvent users' privacy controls. Leaving users to fend for themselves does not bode well for the FCC's future proceedings on privacy rules." [3]

By January 2016, the EFF, along with several other advocacy groups, have co-authored a letter [9] to the FCC in response to the FCC's announcement that it will soon make rules about customer privacy for broadband internet [5]. This was done soon after the FTC's commissioner welcomed the FCC's cooperation to result in stronger privacy protections. For a rationale of the FCC's actions, too long to quote inline, I highly recommend the section "III. A. Background and Need for the Rules" of FCC 16-148 [11] and other sections to follow.

As they often have, Ars Technica provided excellent coverage of the context surrounding these events [4][5][6][7][10]. Notably, their recent article [8] writes about the nuances of which rule was made in response to what, and how the situation we find ourselves in today came to be. The 9th Circuit's opinion in the FTC vs. AT&T case threw a wrench into things [10][12].

[1] https://www.eff.org/deeplinks/2015/02/huge-win-open-internet... [2] https://www.eff.org/deeplinks/2015/02/fcc-votes-net-neutrali... [3] https://www.eff.org/deeplinks/2015/03/todays-net-neutrality-... [4] https://arstechnica.com/business/2015/02/fcc-votes-for-net-n... [5] https://arstechnica.com/tech-policy/2016/03/isps-wont-be-all... [6] https://arstechnica.com/business/2016/03/fcc-votes-to-help-p... [7] https://arstechnica.com/information-technology/2016/10/isps-... [8] https://arstechnica.com/information-technology/2017/03/how-i... [9] https://www.publicknowledge.org/assets/uploads/documents/Bro... [10] https://arstechnica.com/tech-policy/2016/08/atts-common-carr... [11] https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.p... [12] https://iapp.org/news/a/the-att-v-ftc-common-carrier-ruling-...

Something that is not mentioned in the article is that the FCC regulations in question were passed in October 2016 and have never gone in to effect. So, to be strictly accurate, the vote does not roll back any regulations which actually ever affected the internet.

Sources: http://www.usatoday.com/story/tech/news/2017/03/02/fcc-sets-... http://www.usatoday.com/story/tech/news/2017/03/28/broadband...

A few posters on the thread [1] for the Senate version's passing have noted [2][3][4] that this is the case, but those points appeared largely lost in the discussion to follow. To quote the comment at [2]:

"This undoes the 73-page publication published on 2016-12-02 by the FCC, most of which took effect 2017-01-03, some parts later on 2017-03-02, both after the election and one of them after the inauguration."

Meanwhile, [4] says:

"This pending rule change is not in effect at all yet; it was only put through 3 weeks after the 2016 election and wouldn't have taken effect until next December."

Not sure if it's [2] or [4] that's wrong about the dates of taking effect, but it's clear that the FCC rule was enacted very late.

[1] https://news.ycombinator.com/item?id=13942345 [2] https://news.ycombinator.com/item?id=13943942 [3] https://news.ycombinator.com/item?id=13943458 [4] https://news.ycombinator.com/item?id=13944790

The actual rule[0] as recorded in the Federal Register says: "The notice and choice rules we adopt today will become effective the later of (1) PRA approval[1], or (2) twelve months after the Commission publishes a summary of the Order in the Federal Register[2]."

So, given that it was published on 2 December 2016[2], the earliest it could possibly have taken effect is December 2 or even 4 (December 2 is a Saturday)

[0] https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.p... (Item #312. Page 132 of 219 of the PDF. Yes, it's a huge file.)

[1] "PRA approval, as defined herein, is not complete until the Commission publishes notice of OMB approval in the Federal Register", so it was also conditional on approval by the Office of Management and Budget. AFAIK, that never happened, either.

[2] https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.p...

There's the actual Federal Register notes regarding the new policies [1]. Here it notes:

> DATES: Effective January 3, 2017, except for §§ 64.2003, 64.2004, 64.2006, and 64.2011(b)

The complete list of sections that are specified in the rule change (last couple of pages):

  64.2001 Basis and purpose.
  64.2002 Definitions.
  64.2003 Notice requirements for telecommunications carriers.
  64.2004 Customer approval.
  64.2005 Data security.
  64.2006 Data breach notification.
  64.2010 Business customer exemption for provision of telecommunications services other than BIAS.
  64.2011 BIAS offers conditioned on waiver of privacy rights.
  64.2012 Effect on State law. 

64.2011 is further broken down; section (a) says (effectively) that you can't offer financial incentives for the customer to waive (b).

So it went into effect, but only the parts of it that were basically definitional in nature, and some places specifying where the regulations do not apply. So in a realistic sense, the regulations never went into effect.

[1] https://www.gpo.gov/fdsys/pkg/FR-2016-12-02/pdf/2016-28006.p...

This bill rolls back the FCC rules. The problem is that it doesn't necessarily restore the FTC rules that had been in place for ISPs.


But what's also not mentioned is that AT&T and Verizon have already shown willingness to sell use browser data via supercookies http://techmeme.com/search/query?q=supercookies&wm=false, and the reason they backed off is because the FCC showed it had a spine. There is every reason to believe ISPs will begin these practices again because these rules have been lifted and Ajit Pai-led FCC is very different from Wheeler's... and there is very little reason for ISPs to fear losing consumer trust because of few local high speed options

It's a bit disappointing to see that aside from a few abstained votes, everybody just chose to vote along party lines. Do these people just rubber stamp a bill because there's a D or an R next to it? Even if it meant more nay votes for the bill, I really wish we had representatives that vote based on critical thought rather than what their friends were doing.

I mean, as long as I'm dreaming too, we should give assembly programming kits to first graders.

Yes, and it's been getting worse. See the charts here: http://www.realclearscience.com/journal_club/2015/04/24/poli...

I don't know that much about the inner workings of Congress, but I'm guessing that it might be because reps who vote against party lines won't get support for their own pet projects later on?

It's also easy to run an attack ad saying "Rep. X voted to keep job-killing Obama regulations" without saying exactly what the regulation was so the potential voter never questions whether they might have wanted it in place.

That, and the Congressional GOP used up their political mana points on the failed Obamacare repeal.

Maybe. Could be why some people chose to abstain rather than vote against the party.

First off, you're disappointed that one of the two primary political parties in the United States unambiguously agrees with you on this issue?

Six more flipped Republicans would have killed this bill, which would have meant this wouldn't happen. You have the ability to make a real difference here by calling your Representative and telling them how you expect them to vote.

But, instead, what I'm hearing is that you're throwing up your hands and saying 'party line votes!' Call next time. It'll make a difference.

One problem is that legislators need to make decisions on a wide range of domains. This leaves them subject to influence by expert lobbyists and party whips. Critical thought about an issue requires much more time and study than most people have except for their own specialization.

I assume you know how to pitch manure, program a computer, and cook a tasty meal. Yet tell me, how long would it take you to butcher a hog from carcass to grocery portions? Have you ever done so?

How long would it take you to plan an invasion of the scale of the landings at Inchon? Have you ever done so?

The solution to this problem isn't to forsake specialization. It is to admit that specialization exists and for legislators to specialize in synthesizing the arguments of both lobbyists and their constituents and to be aggressively transparent about them. This requires a lot of work though -- a legislator would have to write a lot of posts that sounded like "and today I met with Yan Zhu from the EFF. She argued that secure encryption was vital to America's ability to reduce the cost of communication in healthcare by enabling trust in ... I was skeptical because X, and Y etc". The barriers to this happening are:

- Constituents don't generally follow their congresspeople. Nobody is subbbed to /r/HoR12thdistrictofCA.

- Legislators don't have the time to do such updates because they spend a lot of it fundraising.

- Being honest about how they evaluate arguments would leave legislators open to the scorn of people who think the government officials should never have misconceptions or make errors of reasoning.

They're not voting on that many issues. This is their job, they're supposed to study and try to understand the issues.

And really, this isn't that hard of an issue, I could probably ask my gramma "should AT&T be able to sell your browsing history to advertisers" and she would say no.

The question you're asking your grandma isn't the issue they're concerned about. The quesiton they're asking themselves is if I go against my party, how is this going to affect my re-election. That's why we have party line votes like this. They don't give two shits about the people they're representing, they only care about maintaining office.

What about when calls come in from their constituents to tell them that a bill is bad? I called my representative, and I saw a considerable amount of people rallying others to do the same.

> One problem is that legislators need to make decisions on a wide range of domains.

Maybe we should reduce that range of issues by cutting down the amount of regulation that the government is responsible for maintaining.

That's what they just did.

The Republicans have a majority. This lets them do things that fit with the ideological center and/or other priorities of their party. So we will have lots of party line votes in the next couple years.

(They could have let the rule go into effect and then drafted legislation to clarify and unify the regulation of internet privacy. This might have been annoying for ISPs. So what.)

More or less.

You might have a few R's (Amash?) that will pull the Libertarian card saying that free market should resolve this one it's own...choosing to ignore reality...the monopoly (just about) every American faces when it comes to choice for an ISP.

And obviously all the D's will vote yes as the rules were created and established in a Dem FCC / Presidency.

Despite party, it is sad to see quotes like Blackburn's carry any weight on any periodical outside of the puzzle section containing a where's waldo-esq spot the BS.

Here is the actual roll call for anyone curious, I had trouble finding it...maybe because the vote was so recent?: http://clerk.house.gov/evs/2017/roll200.xml

That's the roll call vote, the actual vote is here: http://clerk.house.gov/evs/2017/roll202.xml

Turns out echo chambers aren't just for internet recluses.

Who knew.

> Do these people just rubber stamp a bill because there's a D or an R next to it?

Pretty much, yes. It's fucking depressing.


Unsubstantive comments like this take us straight into partisan flamewars, so please don't post them.

As someone who grew up during the early days of the internet I don't know of any other way to describe this than utterly depressing.

The internet was supposed to be this bastion of knowledge, information and free exchange of ideas. Now it's just heading towards another avenue for large-organizations monetize the individual.

"The internet" is to broad. This is only about american privacy protections. The rest of the internet remains protected. If anything this local trend away from privacy places US internet businesses in a more difficult place. As US customers are less protected year on year, canadian, uk and european customers are being covered by stronger rules. The lawyers and compliance experts (me) will win biggly as everyone starts setting up complex schemes to bridge the two worlds.

...he posted, on Hacker News, a bastion of knowledge and information.

Your point is valid but I wish you'd framed it better.

Granted, the internet will indeed remain a bastion of knowledge and information but we shouldn't have to look over our shoulders when taking advantage of that.

You're conflating a single anecdotal example with the overall issue. Of course this vote doesn't mean that all websites that are free, open, or focused on knowledge will go away. What it _does_ mean that your ISP can now sell the fact that you post here to Microsoft, who will know that malchow is you (tied to your real name, since the ISP knows that), and now Microsoft can start targeting you in new and exciting ways.

If my argument was impaired, it was certainly less impaired than the parent, who declared that the glorious free and open internet is over (b. 1974, d. 2017) because of this regulatory rollback.

By the way, the fact that you cannot predict Microsoft's "new and exciting" ways of targeting me is a great example of why your argument is unconvincing. Do you really want me to believe that, as long as we kept this rule in place, network providers would never conceive of novel ways to participate in the advertising business using the network-level data they enjoy?

Your best friend, if you are looking for a no-tracking digital lifestyle, is the free market's likelihood of delivering to you just that. It may come at a premium price, which I assume you'll be happy to pay. At the moment, you are just making everyone else pay a premium price for the no-tracking digital lifestyle you prefer, and relying on bureaucrats in D.C. to patch up the rules from time to time to keep up with novel targeting methods.

If you knew the first thing about economics, you would know that the natural, regulation-free state of ISPs is for them to merge together into a single company the way that oil companies merged together to form Standard Oil at the turn of the 20th century. In that scenario, what you would get is the choice of one product, and you would pay an unreasonable amount of money for it.

Of course, since you don't know the first thing about economics, what we're treated to instead is some false ideological platitudes about the free market.

You are embarrassing yourself. Care to offer a testable hypothesis? You appear to predict that the market, with this rule repeal, will not yield any non-tracking ISP options. Is that your prediction?

You may wish to read this (now antiquated) document, which details why verticalization was market-motivated in the oil industry in the industrial age: https://www.aei.org/wp-content/uploads/2017/02/Vertical-Inte...

And, again, do you really want to be in the position of saying that the ISP industry will consolidate the way the oil companies have? Do you have any idea how rambunctious the energy industry is at the present moment? At best, you've shown that you are correct for a very short timeframe, and proven that you are wrong on a longer timeframe.

Nice personal attack there.

For what it's worth the parent is right. I have a single ISP available to me, as is the case with the majority of the US(or maybe two if you're lucky enough to live in a large metro that hasn't signed exclusivity agreements).

The free market isn't going to bring a solution to this. When the internet started out there were tons of ISPs, now there's only a few large ones that are split by region so they have an effective monopoly.

You are embarrassing yourself. The concept of natural monopolies and why they are bad was settled economics in the 19th century. https://en.wikipedia.org/wiki/Natural_monopoly

Also, I was talking about the oil industry 110 years ago, not the modern energy industry. A similar modern industry to ISPs is telecom, and the only reason that those companies haven't all merged together is because of antitrust law (which you would also want repealed if you were consistent at all).

One aspect of this that is being missed is how well this illustrates the inability of the Democratic party to take advantage of an obviously advantageous situation.

It's a no brainer that most people would recoil at the idea of everything they do on the Internet suddenly being for sale. It would be super easy to come up with at least a dozen relatable nefarious use cases and stuff them into TV commercials and ads and tying it to the Republican party.

But nope, silence. It's almost like they don't want to be in power. It feels like I live in a de facto one-party state.

Realistically it is a fringe issue and people have 18 months to forget about it before there is an election.

The GOP has survived, and thrived, on fringe issues for generations. In the poli-sci world such tactics are known as wedge issues. The Dems know they exist, but are very poor at the successful execution of them. At the end of the day, the federal government has very little daily impact on most people's lives. In order to get people's interest, one has to elevate fringe issues and create strawmen to get people interested. The GOP has understod this forever.

The wedge issues they use have pretty big blocks of motivated voters.

I don't think privacy has that.

EFF has 25,000 members. NRA has 5 million. EFF has a budget of ~$16 million a year. NRA has a couple hundred million.

If you want an idea to get mass movement against this;

Start some display campaigns injecting peoples names and other personal information into ads. Have this follow people around the web. Even if data is not taken from what has been allowed here, most people will find it creepy. Link ad to a website explaining whats going on and how to contact their local member.

I suspect with a fairly reasonable spend you could get some strong resistance and media attention.

This, I'd suggest to feature add porn viewing history too in those ads.

This thread may grow long and maybe turn to the topic of HTTPS. SSL with SNI exposes plaintext hostnames/domainnames on the wire for anyone to read, aggregate and sell, not to mention tamper with. It should be an optional extension. For many users it adds no benefit. For some users, it breaks their software and adds needless complexity. Now the privacy advocates have a reason to dislike it too. Just say no to SNI.

If you don't have SNI, then the server's IP address is going to be tied to a specific domain name anyway (unless you do a shared certificate like CloudFlare does, which now makes actual data more vulnerable). A government or telecom company is definitely going to have precisely zero trouble linking IP addresses to domain names absent SNI.

The IP layer already exposes the IP addresses they are contacting, and you can use reverse DNS or passive DNS to get the domain name. SNI doesn't even make things easier, because extracting that from traffic requires DPI and TCP sessionization.

You assume that DNS is being used. What if the user already has the IP address and knows the hostname?

SNI makes gettng the hostnames easier than if they were encrypted as they are without SNI.

> What if the user already has the IP address and knows the hostname?

Then the ISP just does a reverse DNS lookup, which can be implemented a bunch of different ways, it's not particularly difficult.

> SNI makes getting the hostnames easier

Getting the hostname from SNI requires TCP sessionization and at least some form of DPI. Getting the hostname my way just requires single-packet inspection with a reverse DNS lookup. If anything, my way is easier.

Do you understand why I do not like SNI? It has nothing to do with getting these stupid hostnames.

It is a modification that needs to be made to software to accomodate the spread of the use of the SNI extension. As a user, I have no need for SNI.

Are you saying that doing reverse lookups on every IP address, where some of these IPs will have many virtual hostnames, is easier than extractng the plaintext hostname from a certain offset in a Client Hello packet?

If there are many virtual hostnames, how do you know which one the user has requested?

What if the reverse DNS data just lists an ambiguous subdomain and not the domainname in the user's HTTP request, or what if the rDNS data is missing?

> Do you understand why I do not like SNI? It has nothing to do with getting these stupid hostnames. > It is a modification that needs to be made to software to accomodate the spread of the use of the SNI extension. As a user, I have no need for SNI.

It's a modification that has already been made to software and widely deployed. The RFC was back in 2003. Are there even any TLS implementations that don't support SNI that aren't also so horribly out of date that they're full of since patched vulnerabilities?

Also it sounded like you cared a ton about getting "these stupid hostnames", and if you don't I'm not even sure what your objection is. That you can't browse some websites on Windows XP anymore? If you care enough about security to complain that TLS sucks compared to CurveCP, you definitely shouldn't be using it anyway.

I do not use Windows. I do not use the kernel or the browser you use. It is not your business what I use anyway. Notice I never said TLS sucks, you did.

Maybe I do not care about security and I just like carefully written software by people who do not make many mistakes? Is there something offensive about that? Am I allowed to make my own choices of software?

This is all beside the point. I care about having to use SSL and now with SNI. It is a hassle. Whether one likes SSL or not. It makes everything more complicated.

I believe there are too many websites encrypting content that honestly does not need to be encrypted. But I am sure they have their reasons.

I know how old the RFC is, but only in recent years has SNI become widespread. Probably because of all the hype around https adoption.

It is obvious that some people must care about privacy and/or security, or maybe they are just pretending to care? How else to explain the growth of https?

> I do not use Windows. I do not use the kernel or the browser you use. It is not your business what I use anyway.

I just said that because it's the only one I can think of people still having around that doesn't support SNI. OpenSSL, NSS, etc. have all supported SNI for a decade. In fact, I can't find any TLS implementation that supports even TLS 1.1 that doesn't support SNI. So unless you have an example I'd say SNI reached fixation a long time ago.

> Notice I never said TLS sucks, you did.

From another one of your comments: "I would not use SSL. Why spend time learning and fiddling with something that is so flawed?". Using TLS definitely counts as fiddling with SSL (TLS is a derivative).

> Maybe I do not care about security and I just like carefully written software by people who do not make many mistakes? Is there something offensive about that? Am I allowed to make my own choices of software?

Sure, write your own SSL/TLS/CurveCP implementation. But you started with "Just say no to SNI" and claimed privacy advocates should push back on it, which obviously doesn't only apply to you.

Do you like to make all sorts of assumptions about users, what software they use, what software they "should" use and what software "no one uses"?

I don't. Unlike many forum commenters, I do not try to convince people what software to use. I am not telling any users to stop using SSL. (Even though I strongly dislike it myself.) I am only addressing SNI, an extension to SSL that has become widespread in recent years.

Unlike you, I am not making presumptions about other users (except perhaps that some value privacy). They might know about some software I don't. I do not conclude "Well, that's all I can think of, so it must be everything that is worth considering."

If someone asks me how to do something using SSL libraries I am always going to say I would not use those. I am just being honest. Next time I will not mention CurveCP. Then they will ask: So what would you use? If I say anything other than SSL/TLS, they will attack my choice even if they know nothing about it.

A lot of very popular software is poor quality. That is my opinion. I do not choose software based on popularity. Sorry for not comporting to your assumptions.

Pre-SNI: Domainnames encrypted. Post-SNI: Domainnames unencrypted. Fact. That is not the only reason a user could dislike SNI. But it is the one that is applicable to this news event.

I think it is for users to decide whether they like SNI or not. And in my opinion silence does not necessarily mean they approve.

I really don't care what you do, my only "assumption" was that you claimed, repeatedly and loudly, that privacy advocates should step away from SNI and that SSL was "so flawed". You didn't start making your statements only apply to yourself until you ran out of arguments that people should do just that.

Also I went looking for TLS libraries released in the past ~10 years without SNI, my only "assumption" about users was that there were myriad of other reasons why you wouldn't want a decade old TLS implementation (the biggest one being security). If you have a more recent example, I'd love to hear it.

If you don't want people to ask for evidence when you make general statements like you did for quite a while before you decided this must be a personal attack, then don't tell people quite clearly what they should do if they care about privacy.

"I really don't care what you do..."

Then why comment? One user expresses dislike for SNI and you feel compelled to respond? If you have your own reasons for liking SNI you could have stated them, but you did not.

If I do not like SNI, then why would you care? My reasons are my reasons.

SSL-enabled software has to be "updated" because SSL-enabled software did not support SNI since 2003. It spread more recently. The reasons behind this I leave as an exercise for the reader.

As a user, I have no need for SNI. It is annoying for multiple reasons. Leaking hostnames is among them.

I am still able to use many websites that do not require SNI. They are no less "secure" by virtue of not enabling it. And the software I use is no less secure for not supporting SNI.

I say it one last time: because you didn't just say what you do, you told other people what to do if they cared about privacy. If someone (not you, or me, this isn't a private chat) took that seriously, and you are wrong, you are at best spreading FUD. Don't expect me (or anyone else) to assume you are right that SNI is a significant threat to privacy based on your super-secret reasons that totally exist but you refuse to share.

You are reading things into my comments.

Whether leaking the domainname in the Client Hello packet bothers a user or not is up to them. I simply brought it up as a consideration. I have a particular dislike for SNI because it requires modifying software that works just fine without SNI. I happen to like this software better than complex programs like "modern" browsers or command line programs with hundreds of thousands of lines of code and vast arrays of "features". Whether anyone else cares about such things, I have no idea. With HN, there may be some readers there with a similar aesthetic to mine. But probably very few if any.

As a user, I do not need SNI. I am not very motivated to modify software to support it. Especially when it moves the hostname out of the encrypted stream.

Secret reasons? FUD? Are you kidding?

Information about SNI is all over the web, in well-known places, from GitHub to StackExchange to Wikipedia. One does not have to chase up RFCs and dissect pcap files to verify what it does.

https://github.com/dlundquist/sniproxy/ Here is an example of a proxy that uses the plain text hostnames to do redirection.

https://security.stackexchange.com/questions/86723/ There are so many questions about SNI on stackexchange I do not know which one to choose. Here is a random example.

https://en.wikipedia.org/wiki/Server_Name_Indication "The desired hostname is not encrypted."[2]

I am the last person to tell other users what software to use. No one would want to use my selections. I work in VGA textmode.

Everyday I see people telling other what software to use or not use, ad nauseum, in forum comments. I see little respect for users, especially from the large tech companies who assume all users are like lumps of clay to be molded however it suits them.

That you think I am doing this I find amusing. Again, my "desktop" is a VGA textmode console. The number of users who would choose such a working environment in the face of tech company marketing is minute.

Now, that is not to say I do not think they could easily adapt to textmode. I know they could because I saw many users do this in the 90's. I do not make assumptions about what users can handle. I am not trying to delibrately sell anyone on my software aesthetic.

More accurately, what I was trying to do in my original comment, before getting suckered into arguing over inane comments (and I apologize for this), was to make a whimpering plea to the folks who are driving the SSL/TLS bandwagon. The IETF types. I think they deplore unconventional users like me so the idea of pleading with them is probably futile to begin with. Maybe other users would care, too? I have read that someone has proposed a draft solution to exposing the hostnames in plain text. That is a start. Perhaps they are begginning to acknowledge they can do better.

The bizarre nature of your concern with my dislike for SNI actually suggests you are wielding some sort of FUD. Why do you care about what users know? You do not want users to question the merits of SNI? As far as I know, the sole purpose SNI is for virtual hosting. Maybe you work for a hosting company? Maybe you are a small website owner who does not have a dedicated IP address? And you want to run multiple https sites from the same IP? There are reasons to defend SNI but no one in these comments raised them.

To conclude, judging by the comments from openasocket, it may be that ISPs will be mining DNS requests as the primary means of profiling users for marketing their data to third parties.

If that is the case, there are solutions for users. Avoiding third party DNS, or even DNS altogether, is easy. Encrypting DNS packets is also easy.

Avoiding SSL/TLS on the www is probably impossible. It has spread like the plague, with hordes of staunch defenders who will not tolerate any experimental ideas that could be used as alternatives. For them it is SSL/TLS or nothing.

The biggest threat to privacy is probably ignorance and blind faith.

> You are reading things into my comments.

You appear to have forgotten to read your first comment:

"This thread may grow long and maybe turn to the topic of HTTPS. SSL with SNI exposes plaintext hostnames/domainnames on the wire for anyone to read, aggregate and sell, not to mention tamper with. It should be an optional extension. For many users it adds no benefit. For some users, it breaks their software and adds needless complexity. Now the privacy advocates have a reason to dislike it too. Just say no to SNI."

The grammatical form of the last sentence is called imperative[0]. It is not a misnomer. The previous sentence quantifies over "privacy advocates". The first tells people who are not you what to do, the previous one tells people who are not you what they have reason to believe. You were the first person "telling others what software to use" in this thread.

[0]: https://en.wikipedia.org/wiki/Imperative_mood

What browser are you using that makes SSL "a hassle," with or without SNI?

Any sslclient that has not been modified to accomodate SNI.

As someone else commented, SNI appeared in 2003. Was all SSL-enabled software written after 2003 SNI-enabled? Why not?

There are still many https websites that do not require SNI. God bless them.

Perhaps they can afford a dedicated IP and do not need to engage in virtual hosting.

> Are you saying that doing reverse lookups on every IP address, where some of these IPs will have many virtual hostnames, is easier than extractng the plaintext hostname from a certain offset in a Client Hello packet?

If the SNI info was at a fixed offset in a packet, it would be easy. But, per the RFC, it goes at the end of the client hello, after the list of supported cipher suites and compression methods. Not only does that mean it's not at a fixed offset, the actual client hello message may not be contained in a single packet, but rather several. So the ISP has to gather the packets and put them in order to re-construct the TCP stream, and then compute the offset. That is not trivial to do, especially at scale. Reverse DNS lookups are much much easier. Trust me: in my work I've helped implement both TCP sessionization and reverse DNS lookup infrastructure, and the latter is far more scalable.

Are you saying that programs that extract hostnames like "sniproxy" cannot scale?

And you are saying that all hosts have set up reverse DNS and the data is complete and accurate?

No and No.

I'm talking about a hypothetical ISP that wants to extract all the hostnames its customers are connecting to. It has to analyze the traffic off a live stream and re-construct the TCP stream to do this. Rebuilding the TCP stream on a 100Gbps switch is pretty hard to do. Something like "sniproxy" is only extracting the hostname for all traffic connecting to it, so it doesn't have to try and re-build the tcp stream.

For the reverse DNS stuff, yeah you can't count on PTR records. The easiest thing is to use a third party like Domain Tools (https://www.domaintools.com/), or you can roll your own. The quick and dirty way to do this is to get your hands on regularly updated zone files with all the hostnames, do a DNS lookup for that domain name, and store that data in an index. Assuming you get regular updates to your zone files the daily load is manageable. From memory, for .com you only need to evaluate about 400K domain names a day.

"Getting the hostname from SNI requires TCP sessionalization and at least some form of DPI."

I have done it with tcpdump.

What does getting the hostname from an encrypted packet require?

Assume DNS is not used and there is no reverse DNS information available that gives the specific domainname requested by the user.

tcpdump does TCP sessionization, yeah. But we're talking about ISPs extracting the hostnames in bulk for all their customers' traffic live, right? Maybe you're talking about something else, but I figured, based on the article we're having this conversation about, the attacker is these scenarios is an ISP, which only cares about doing these things at scale. You can't put tcpdump in front of a 100Gbps switch and do sessionization live.

> Assume DNS is not used and there is no reverse DNS information available that gives the specific domainname requested by the user.

If it's a hostname it has to correspond to a valid domain name, right? You can always use a third party or roll your own reverse DNS entry, as I described in my other answer. As long as the domain name actually has a DNS A record, we can get it.

"If it's a hostname it has to correspond to a valid domain name, right?"

If it is listed in the ICANN DNS, maybe.

DNS is not mandatory for a website to work.

Most of the time I do not use DNS when reading the www. I have my own databases of the info I need to reach websites. Not that I expect anyone else would do this, but it is very fast and reliable.

Please describe a way to do SSL without the domain being visible that can work for most sites.

What would you encrypt the hostname with?

Establish an enciphered, unauthenticated, connection to an IP.

This is now a tunnel.

Over that tunnel:

* If you've connected before attempt to reuse the cached credentials to further establish a connection to the requested certificate. This validates prior authorization of being the target host.

* If the above fails or if it's a new host, ask for the certificate, perform extensive validation including REQUIRING that the external revocation check authenticates and confirms non-revoked.

How do you create an encrypted connection to an IP address? Just a regular Diffie-Hellman key exchange? That's pretty easy to MitM, and then the attacker can view the certificate the server passes, which will contain the domain name. A little more involved than sniffing SNI, because now you need to scale out MitM-ing instead of DPI, but pretty much the same problem.

Once the connection is MitM'd, the certificate validation would fail, since the MitM host cannot sign the "hash of everything that's been exchanged in this connection so far" with the correct server certificate. So the MitM would have to choose between either learning the domain name but failing the connection, or letting the connection pass but not learning the domain name.

Darn, that right. I guess I fall back to my other answer then: the ISP can always get the domain name from the server ip address and reverse or passive DNS, and there's nothing you can do about that.

I would not use SSL. Why spend time learning and fiddling with something that is so flawed? If I was serious about encrypting traffic I would use CurveCP. SSL is simply a nuisance I tolerate to read the www. Every minute I spend learning about it is wasted time... because I could be spending that time learning about something better, like CurveCP. The spread of SNI has just made SSL even more annoying.

Reading a bit about CurveCP isn't enlightening; it seems to be a UDP protocol that uses elliptic curve cryptography for encryption and authentication. But that, by itself, doesn't explain how it solves the problem that SNI solves better.

Say a client is speaking CurveCP with another party; how do they authenticate the other end? What if the other end has limited resources (such as IPv4 addresses) and needs to serve multiple entities, how do the client and server distinguish or determine which entity to authenticate to/for/with?

I am not suggesting that anyone use something else besides SSL. Use whatever you want to use. I am suggesting that SSL users may want to consider the merits of the SNI extension. Website owners are unlikely to care let alone oppose it.

As a www user, I do not like SNI and that is only an opinion, as a user. Why? Because all existing software that has to be SSL compatible now has to be modified to handle SNI. As a user, I derive no benefit from SNI. That is why I dislike it, first and foremost.

But I believe there may be other reasons to dislike it. Perhaps privacy. Perhaps censorship. Maybe none of the above. I don't know. You decide.

In any event, it seems there are at least a few folks that agree with me that the merits of SNI are at least questionable which is both surprising and encouraging.

> not to mention tamper with

Modifying the SNI hostname in transit is pointless - the client still knows what hostname they sent. Changing the SNI hostname would only cause the server to send back a different certificate, which would immediately be noticed by the client.

And break the connection. Mission accomplished.

The ISP owns the transit of traffic between the client and the server. If they want to block people from accessing certain places they can just block it at the ip layer with packet filtering. Why would they go through all this rigmarole with mangling SNI data?

If you can tamper with the connection and "breaking the connection" is "Mission accomplished", SNI isn't going to make any difference. You can just drop all the packets, and be done w/ it.

# House

YEAs ---215


NAYs ---205


Not Voting ---9


House Results - http://clerk.house.gov/evs/2017/roll202.xml

# Senate

YEAs ---50


NAYs ---48


Not Voting ---2


Senate Results - https://news.ycombinator.com/item?id=13943060

(I liked this format.)

This really couldn't be clearer, could it?

You raise a good point- IANAL, but I can see this being a good avenue for challenging this soon-to-be law. Per COPPA, you have to confirm that someone is 13 years of age before collecting information on them.

What are they going to do, repeal a law that was sold on the premise of "think of the children"? Sounds like something that would come up during re-election: imagine a "Rep. X voted to make it easier for online predators to find your children online" campaign.

Anything goes at this point. They have no shame.

For the children might be one way we can get them to support keeping search results private. Imagine some predator who decides to buy the history of certain demographics that will capture those 13 to 17 (and those under 13 who lie). They can then go through the search and look for anything that indicates someone who can easily be preyed upon. Find someone who searches things like how to be beautiful, use the internet history to stalk them on social media, and then use their internet history to form of a connection.

Condense something like this into a 1 minute add, run it as a 'how to' aimed at predators with the intent of striking fear into the hearts of parents who see it, and then end it with a short message on why we should keep internet usage private.

While I'd definitely like to see restrictions on internet browsing being protected at least as much as library circulation records [1] and video rentals [2], as a fan of checks and balances, the mere concept of a regulatory agency passing "landmark" regulations on anything is troubling. Either that power is in the law giving regulatory authority to the agency, and hence, it shouldn't be called "landmark"; or the power is outside the scope of what Congress intended when enacting the law, in which case it's a a bureaucratic power grab.

1. http://www.ala.org/advocacy/privacyconfidentiality/privacy/s... 2. https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

Before we jump in a shock and talk about the TFW political disaster there is happening in DC at the moment I want to ask a question:

Is there a simple guide or steps that I can follow to make myself anonymous? I know there is TOR and VPNs, how can I go about setting it up?

Awesome, thanks!

I think it's time that we as a community really start putting effort into security. Making tools that people can use is so important, Tor is not really a plug and play system. If Grandma can't do it, then it's not good enough.

This is pretty much the only way to ensure any remote privicy (sometimes).

This might be a good starting place for you.


That just moves the problem

It moves it from an entity that is highly motivated to monetize the customer's information to one whose business is to do the opposite.

You can roll your own VPN on a cloud provider.

Still not perfect, but I'd argue Azure, AWS, and the like are less likely to try to inspect/monetize traffic than a consumer ISP.

When there is something that can be monetized, an MBA will eventually find it.

Which could change at any time - the business could be acquired, subpoenaed, etc.

I'd recommend a VPN service called Private Internet Access. StrongVPN was the one I used to use. Either way, you don't have to set anything up on your smartphone or computer so long as they support your OS with an application.

It's still beta, but if you'd like a (more) private Evernote (assuming you even have note-taking as part of your flow), check out Turtl (turtlapp.com).

Disclosure: I built it.

Please share your VPN setups. I would like to have my VPN connection at the router level, if possible.

Edit: Here's sort of an answer to my own question https://www.howtogeek.com/221889/connect-your-home-router-to...

I used to have an OpenVPN setup but I ditched it for https://github.com/trailofbits/algo

Streisand sets up a new server running L2TP/IPsec, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, a Tor bridge, and WireGuard.


But where would your VPN go to? It would have to be outside of the US, I assume. That means slower speeds and higher latencies.

It doesn't have to be outside the US to avoid your ISP selling the data.

If you run through a 3rd party VPN you have to trust the provider to not sell your information.

If you run through a US based datacenter your data is still within reach of a subpoena but your ISP won't have access to it.

To all of you who are you who are saying that it's now vital to use a VPN I have to ask:

Why weren't you running a VPN already?

This was a vote to head off the implementation of a regulation that hadn't gone into effect already.

I also found it quite shocking at the sheer volume of requests for VPN guidelines; something I already take for granted. Just when I thought 2013 A.D changed everything.

Welp, now there's a real market opportunity for 'open' ISP's. I would gladly pay more to a smaller ISP with slightly higher latency for guaranteed privacy.

SpaceX's planned satellite internet will hopefully fill this void for the world... until Elon dies and it's taken over by the evil, ignoramuses of corporate greed.

Given the obvious barriers to entry for an ISP, realistically, how is there a "real market opportunity for 'open' ISP's" when new ISPs themselves can't even get a foothold? For example, Google's recent attempt with Fiber: as much as I wish it were to succeed, they seem to have run into a lot of red tape.

For broadband Internet, my understanding is that most have exactly one choice; in my experience, usually one of Comcast or TWC. (Currently, where I live in the Bay Area, Comcast is my only choice. And it shows: Google Fiber would offer a speed 500% higher, for the same price, if it could only materialize.)

If you allow for non-broadband options, okay, yes, I have choices. That gets me AT&T — who sells their users data — and mobile cell carriers (the latency is unacceptable).

Yes, it's troubling. Huge infrastructure costs. Regulations. And with little to no differentiation between service providers, the incentive really hasn't been there for competition.

But all is not lost. There are municipalities that are providing a competing internet service. Internet is fast approaching a public good/right, so I believe this is a worthy approach. Here's an example near me: http://www.timescall.com/longmont-local-news/ci_28030675/lon...

As mentioned, SpaceX will circumvent the local restrictions and limitations of 'wire in the ground' with their satellites.

And now, if there are some ISPs that will sell your data and some that won't, that differentiation may open up the door to greater competition. Perhaps even, that's a silver lining to breaking up the ISP oligarchy that exists now.

Most of the US will kill just to have a choice of which ISP they use though.

Chances are the market opportunity will come from your existing oligopoly as an extra feature, and they will gladly charge you more for it.

I would expect that this will have an unexpected (?) side effect of further weakening the capabilities of packet inspection by intelligence agencies through increased utilisation of VPN services, especially those outside of the US.

At face value this is a good thing for privacy, but I am concerned that when lawmakers realise their error they will just legislate themselves out of the hole by making access to VPN services harder.

Your average internet user doesn't even know what a VPN is, let alone the significance of this law.

Isn't doing this type of data collection without consent already banned under the [Wiretap Act](https://www.law.cornell.edu/uscode/text/18/2511)? What part of these protections weren't redundant?

Without consent is the important part, it will soon be part of your ISP's TOS to allow them to sell your data. The wiretap act has a specific call out for this occasion:

> (d) It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.

But the FCC rules that were repealed allowed data collection if you "opt-in" too, right? I haven't read the entire text of the legislation, but their news release covers this: https://apps.fcc.gov/edocs_public/attachmatch/DOC-341937A1.p...

> Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

The FCC rules prohibited making consent a condition of service.

Doesn't this mean the government can basically buy user data through shell corps and bypass warrants all together?

Does this mean we can crowdsource and buy the private browsing history of our favorite representatives and post them online for everybody to see?

Legally yes. Practically no.

There is no ISP in the business of selling the data for a single individual by name.

That's a lot of money that could go to other causes like the EFF. Black hat hacking is cheaper and has the potential to reveal much more about the people that voted for this.

This vote will be a lubricant for just such black hat cracking. The Congress opened the barn door on their own members' privacy.

They didn't need warrants before.


Is there another side to this debate or is it really this black and white?

I'll take a stab at it because I think it's a useful discussion. Allowing internet companies to make contractual arrangements with their customers will result in situations similar to Google. Google shows you ads for things you are interested in, and in return you get a really great search engine for free. Similarly, if ISPs are allowed to collect information about your browsing habits, and sell it to advertisers, they will lower the monthly rates for consumers. The consumers can then choose whether they would rather pay lower rates and their ISP sells their browsing information to advertisers, or pay more.

The obvious followup is complaints about how ofter consumers don't have a choice. Perhaps the reason there is so little competition is that local municipalities enter into franchise agreements where in order to add internet to one house, you have to agree to cover the entire area. This makes it so that only big pockets and people that can influence politicians get the build an ISP. Also, we could look at access fees to explain monopoly providers. https://www.wired.com/2013/07/we-need-to-stop-focusing-on-ju...

If there were genuine competition perhaps real consumer preference would win out, whichever that may be. Rather than deciding how much people value privacy, perhaps we should let people choose for themselves at a level other than the federal one.

See, I don't buy the market based arguments. This is not something we want anyone doing, regardless of ISP. So why allow it to happen at all?

The "market" counterargument is to set an infinite price on the practice.

Or in other words: a taboo.

One thing that I think is being ignored and was not mentioned in the article is that the referenced regulations were passed by the FCC near the tail-end of the Obama administration and never actually went into effect. So, strictly speaking, this vote did not change ISP regulations, it just keeps them the same as they have been in the past.

The FCC regulations were meant to provide protections that were previously enforced by the FTC. This vote keeps ISP regulations different from what they were in the past.

I have no context on this... What were those regulations? The whole argument against this was that ISPs would be able to sell our private browsing history. Anyone know if they can really do that now?

> Is there another side to this debate

Yes, think of all the poor, unfortunate ISPs that are barely scraping by every year to give you your unprecedented internet bandwidth. These are small companies, owned by people who have children to feed. Selling your private data is one of the only ways they can stay out of bankruptcy. We all need to be a little more mindful of who we're hurting next time we enact this kind of draconian regulation.

https://www.govtrack.us/congress/votes/115-2017/h202 215 yea, 205 nea. All yeas were Republicans.

>> ISP companies also contended that the FCC rules have placed them at a disadvantage with other non-ISP Internet companies that also collect user data, like Netflix or Facebook.

I think there is always a flip side and I think this is it. Why can facebook take my data and sell it but for the ISP, my data is treated like a health record? Personally, I don' think anyone should be able to sell my data.

I think part of it is choice. You can legitimately choose to not use Facebook (even though admittedly for some people that's difficult due to network effects). Don't like Google's data collection policies? Use Bing, Yahoo, or DuckDuckGo. Don't like Netflix? Use HBO Now, Prime Video, Google Play, iTunes, Hulu, or buy a cable subscription.

However, most people in the US have a choice of only one or two ISPs, so there may not be an option to choose a company that doesn't sell your data.

THAT IS NOT A FLIP SIDE. The solution to being upset about one entity being able to sell your data is NOT to let other entities do it too!

Any clarity re: this comment[1], which seems to suggest that things are not as they seem?

[1] https://news.ycombinator.com/item?id=13942989

> In June 2015, the FCC reclassified the ISP's as common carriers. Tada, the FTC rules no longer apply. So the FCC regulated them with roughly the same set of rules. Now they've undone this.

The legislation, if enrolled into law, undoes the future privacy changes. The existing privacy exposure (since 2015) goes on until then regardless.

Implementing this change via legislation also means that changes in these regulations require statute change (not purely by the whim of any President).

The underlying argument here is there is no difference between say Google and Verizon: the customer has to opt in (or pay) for both. And from a free market (aka conservative) economic perspective if this is a concern shared by the population, someone will offer it as a service that people will pay for (a VPN tax if you will).

This is an unfortunate example where government is not set up to address concerns of today's environment. They are trying to apply legal constructs of 20-50 years ago to a quickly changing age. And while you can argue whether the prior administration did the right thing legislating in this environment, the one thing they did was understand that access to the Internet should be a right as opposed to a privilege. Like education, access to 911, etc. As more services move exclusively online, this fundamental access question only becomes a greater concern.

If individuals aren't guaranteed access nor have any protections online, then we are heading into a very dangerous area (if the only way to lodge a claim against your internet provider is online, then they will know what you are doing).

The Register: Your internet history on sale to highest bidder: US Congress votes to shred ISP privacy rules


"Now, the really big question is: can your ISPs see the content of your online interactions? Can it read your emails? Can it read your search results? Can it store and search through the words you typed into a webpage?

And the answer is: yes, sometimes.

If the website you visit is not secured with HTTPS – meaning that any data between you and the website is encrypted – then your ISP can see exactly what you are doing."

Read the article for suggestions on how to protect yourself.

Also read: http://www.theregister.co.uk/2017/03/28/so_my_isp_can_now_se...

I wonder if this has any consequences for the US EU Privacy Shield agreement.

So the GOP argues that it's unfair because streaming services and search engines can already collect this data and ISPs couldn't.

I don't understand how they fail to recognize that ISPs will

a) see all of the sites you will visit and

b) many people can't choose between ISPs because there are only a few in their area

It seems that for the GOP, as long as there is profit for corporations, they are willing to give up the privacy of the voters.

How is this different than the telephone company eavesdropping on your calls and selling the information gained to marketing companies?

I hear people say how important it is to participate in the political process. But when the process itself is broken, what's the point of participating?

We can vote alright, but what we are actually voting for is the person who is the most convincing liar and makes the most appealing "promises", without them being obligated in any way to actually implement their promises once elected.

As I see it, individuals only have a couple of effective ways to influence politics:

- withdraw your financial participation in things you don't agree with. This is extremely difficult: most people are not willing to endure the sacrifices necessary, and we're not coordinated to do it together. If everyone (or even 10%) canceled their Internet service, cable service, or whatever, for 1 month, THAT would get attention. If 10% were willing to lower their standard of living in order to reduce the government's tax take by 10%, that would get attention.

- regular individuals need to donate more money to politicians than corporations and wealthy individuals. It's a sickening thought to me that the only way to get public servants to actually serve the public is to bribe them, but obviously that works.

So why is this necessarily bad? My understanding is that the Congress repealed a fiat control by the executive branch. They can now, if they are are so inclined, enshrine in law, a more durable medium than agency policy, a freer Internet. Let's assume that the Republicans don't. Let's also assume that they make local municipal Internet or competition harder. The Democrats could get elected in 2018 at which point they could enshrine privacy. How is limiting the executive branch bad?

So, how should we write an daemon that pings high-advertising-value domains to poison their dataset?

Can anyone explain why, when this went through the Senate, it wasn't filibustered? I was under the impression that almost all controversial legislation had to pass the filibuster threshold, and since Democrats were united in opposition against it, I would have expected them to filibuster this. Was there some loophole preventing them from doing so, or did they not consider it important enough to filibuster?

This bill is under the Congressional Review Act, which allows Congress to overturn rules enacted by the executive branch in the last 6 months. A joint resolution of disapproval under this act can't be filibustered.[1]


Does anyone know if this works retroactively? Is every data-hungry company soon going to know all of our past browsing behavior?

My understanding is that this repeals a law which was passed at the end of the Obama administration which never actually went into effect. If that's the case, it's already been happening - this bill just brought the issue front and center.

The regulations that are being repealed were passed on October of 2016, so data-hungry companies already have whatever browsing history you gave them.

It's been legal to do so since 2015 and through next December at a minimum. That is the status the new administration inherited.

The removed rule wasn't slated to go in to affect until 2018.

Edit: The rule was intended to stop existing practices or prevent companies from doing this in the future.

Well, they had unlimited bullets and needed just one to hit. We needed to block everyone. But how can people follow a story let alone a lobbying effort with our current ADHD news cycle...

Can someone give people like me a "5 things to fight back" list?

Welp, time to pipe all port 80 and 443 traffic in my home through http://privateinternetaccess.com , via the OpenVPN config in OpenWRT.

Maybe someone at YC could reach out to Thiel who could convince Trump to veto? Something like that is probably the only realistic chance of this failing, and I have no idea how much Thiel personally cares about this issue anyway.

A presidential veto is a big deal, especially going against his own party whose support will be critical for getting anything done (or staving off those pesky ethics investigations).

I don't think Thiel has that kind of juice. Maybe Bannon does but it really seems like this would have to be an issue he cares deeply about personally, and it's hard to think of one where there's much space between the president and the modern GOP.

I should have added last night that those are the pragmatic reasons why I don't think that's likely. The stronger argument is that Thiel's most likely reaction is going to be expanding Palantir's data sources or investing in more data mining companies.

> Maybe someone at YC could reach out to Thiel who could convince Trump to veto?

What makes you think the guy who describes his preferred business model as being to establish a monopoly would do that?

Because in Thiel's case, he has repeatedly demonstrated himself as being in favor of privacy more than not. That said, it's unlikely Thiel would get personally involved, and it's unlikely Trump would go against such a block Republican vote (especially given the party's cohesion problems currently, Trump needs them all to get on to tax cuts & infrastructure etc).

Awful. I stand to profit greatly from that data being commercially available but the personal violation underlying it is unjustifiable.

Who will be the first to start a "privacy-driven" ISP with marked up prices?

What's the immediate consequence of this ruling? What is liable to change? Who can buy "my" data? What kind of time-frame are we looking at? Can foreign nationals buy data en-masse directly and/or will their purchases be proxied through "US citizens"? What depth of archives will be up for purchase? So man questions regarding this... I'd like to know the general fallout of this in both short and long-term results.

Why don't articles like this ever link to the votes so you can actually look up how your rep voted (mine? Party line, no surprise)? Took me a few minutes to find it.

Time to start paying the VPN tax.

until they start throttling encrypted traffic systematically

That's all fine an idea until people use steganography to hide encrypted messages in plain sight.

Good luck scaling that. Things like DesuDesuTalk have pretty limited adoption for a reason.

Using jpg or other images is one method, but I imagine that you can use steganography in a variety of mediums. The only constraint is that the eavesdropper must not know that the cipher text is inside of the metaphorical plain text, otherwise you are throttled.

In other words, the secret must have the same heuristics as any plain text. Can you fool the sensor that detects ciphertext? Great -- no throttle for you!

That would piss off all big businesses that have remote workers that have to VPN to their networks.

Business level service would permit and not throttle VPN. For consumer products, it will (probably) be an add-on. Whether they block or throttle or do both, is a market opportunity each ISP will decide.

Curious: if you're an ISP, how do you tell the difference between me VPNing into my Big Tech, Inc. and me VPNing into Private VPN, Inc?

Not necessary (and presumably not possible). Each end point pays extra for VPN.

Unfortunately some popular services (Netflix, Hulu) block VPN traffic. So I've moved a large chunk of my browsing over to Tor, but that makes it an open target for the NSA since they feel they can attack any data passing through links outside the NSA.

Damned if you do, damned if you don't.

Not to mention a VPN is another expense, and a bandage for the greater problem..

given the fact that deep packet inspection is real, to what extent will this actually help?

There's a limit to DPI, if you use an efficient encryption and ssh, you should be fine unless they really want to get you.

VPNs are encrypted.

Good ones anyway. Many don't. Even https://github.com/jlund/streisand if set up on ec2 won't warn you that your ipv6 connections probably aren't blackholed.


No matter what you're replying to, personal attacks like this are not OK on HN.

That's fine. I am aware that properly configured VPNs are DPI resistant.

I am also aware that they aren't foolproof.

(1) This wipes out almost all the value of surveillance companies that don't require logins. Why bother with doubleclick et al when you can get data straight from the ISP?

(2) HTTPS makes a limited amount of sense. Even on encrypted connections, ISPs know which domains you visit. In some situations they may also be able to MITM your certificates and read the data you transmit.

(3) Any semblance of privacy now requires either a reputable VPN or TOR.

Not that I'm necessarily OK with either, but what's the difference between this and the myriad of other sites that are collecting your browser habits/search history and selling it?

I'm not for this at all vote at all, and I'm not sure why Trump supporters are, I'm just trying to come up with a good argument for why it's worse.

I don't think Trump supporters are actually behind this. It's one of those things he never campaigned on but we're going to get anyway. Plus, it's congress that pushed it. Presumably, if it's unpopular enough he could veto it.

And the reason ISP is much worse is your ISP is your gateway to the internet. Everything you do can be tracked and it's directly tied to your personal identity. You can't avoid being tracked by it by using a different site. Want a list of cat owners in San Fransico? Comcast has that list and they'll sell it to you, names, addresses, etc. How about a list of people who have googled 'given medical condition' in the tri-state area? How about a list of names and addresses of people who are interested in gay sex in Utah? How about who have visited Ashley Madison in Washington, DC?

Bypassing your ISP or mobile provider is more challenging.

In theory you can opt out of FBGOOGZON tracking.

There is no difference. The rule, passed along party lines by democrats in the FCC, heavily favored companies like Google and Facebook who are constantly using your data.

Those who prefer a smaller government and objected the the FCC'c huge over reach that this rule was part of.

I wish Google would offer VPN service again (waaaay back they had some Windows utilities that would proxy your web connection).

That's would be an interesting privacy improvement.

Being that this is a pretty red vs. blue issue, there's not a ton ton can do about it if you live in non-red states.

The eff is an obvious choice and I'm a member and have been for almost 20 years.

In my mind the big thing is people that vote for republicans don't fully understand that they are voting for non-privacy, pro-business, and really, pro-military. Granted, there are some dems that can fall into this trap and 9/11 pretty much ensnared all but a few into the reactionary mindset. This actually took true visionaries and leaders to overcome; few and far between.

So, really, local debate has to happen in the red states where these majorities are elected. This is a long uphill battle, but the message of "mega-corporations are not your friends" has to be paramount and when you're not earning tech salaries, we are part of the problem.

For coal miners and all these higher profile ise cases, we need to re-connect with the human and community level. That's the disconnect right there; it's easier to get angry about 'the swamp' than it is to try to take your own local municipality into your own hands or figuring out how to stay local vs. state.

California, New York, etc - these aren't the battlegrounds. They are the future. The majority of their population already agrees on global warming, privacy, tech, etc. They're one step behind bitcoin/ethereum/altcoins globalization.

But for somone in W. Varginia that's a coal miner that has been laid off (a big Trump talking point), these things matter On a massive level.

So there's our schism - how can we provide a forward thinking, longer term vision that helps the common citizenry? In my mind, everything this repubican extremist 'president' represents are big interests and reducing their unfettered access to unlimited profits, regardless of what that means.

Your (what's left of it) privacy and whatever else is fair game.

I'd advise to (of course) moving to tor, vm's and seriously, cryptocurrencies. Currency is a great way to start hacking back towards 1:1, person:person transactions which leads to a less decentralized money system.

And, If course, money underpins pretty much all us entrepreneurs do.

So, we do have options. :-/ These options include vpn, tor, cryptocurrencies, ethereum, etc.

Edit: mobile spelling corrections.

I never cared too much for privacy, but that's one step too far. Lawmakers probably don't understand how this makes them a target, and how their own information will be accessible. Hopefully this will create a market for ISPs that want to protect you. I see VPN markets growing even more.

> Lawmakers probably don't understand how this makes them a target, and how their own information will be accessible.

Your "will be" should be changed to "has been." The data selling was possible (100% guaranteed to be occurring rather) prior to Trump's election for example.

How can I as a user buy access to my own personal information? Maybe this is an opportunity for a new venture.

I don't care whose fault it is, what can we actually do to defend ourselves?

Does anyone have suggestions on staying private that my mom could easily follow?

Ideally integrated into the device that provides wifi, e.g. openwrt or dd-wrt running openvpn, and then get a monthly vpn service provider - always on at the local router level, for all of her devices.

I'd think not using the ISP's DNS server would be a good start. Either find one somewhere else or run your own.

Does this even help? Are DNS requests encrypted? I had thought that they were not.

They aren't.

algo[0] doens't require any client software so maybe set that up on her computer and she'll be set?


This indicates to me an architectural flaw with the internet. We need to start exploring other techniques to circumvent tracking, perhaps through more distributed systems. The politicians can not be trusted.

I know the political issues are different than in SOPA, but this situation reminds me of how powerful publicity is as a factor in legislation. SOPA was a mostly-unheard of bill that seemed certain to pass (had a huge number of bipartisan sponsors in the Senate [0] and the House [1]) until it blew up into a big online campaign and became mainstream with the blackout [2]. I remember many legislators' staff saying it was the most email and calls they had ever received in a day/week, and these are for members of Congress who voted on Obamacare and the 2002 authorization of use of force in Iraq.

I can't pretend I know what it's like to be a general layperson about tech, but my base instinct is that this issue of Internet privacy protections is much more salient to the average person than SOPA. Yet even as a follower of politics, I barely heard about this until last week when the Senate voted on it.

I can think of a couple of factors:

1. Internet giants advocated heavily against SOPA. Those same companies have less incentive to argue against selling user data, even though selling data at the ISP level is, to me, substantially different than at the website/service level.

2. So much political energy and attention has been spent on the Trump Administration, particularly on the recent push to repeal Obamacare. IIRC, even though SOPA didn't get much media coverage until around the week of the blackout, it wasn't competing with anything quite as big as this past week's vote on Obamacare (nevermind the other issues surrounding the executive branch).

[0] https://www.congress.gov/bill/112th-congress/senate-bill/968...

[1] https://www.congress.gov/bill/112th-congress/house-bill/3261...

[2] https://en.wikipedia.org/wiki/Protests_against_SOPA_and_PIPA

Edit: Worth pointing out the Senate vote from last week, in which no Republican broke ranks in a 50-48 vote. 2 Republicans were not present (edit: I originally wrote "abstained"), including Sen. Rand Paul who is listed as a co-sponsor:



The UK and USA engaged in a fierce battle of 'hold my beer'.

Question. When were these FCC rules implemented? I know they were under Obama but right now as I try to learn the history google just keeps giving me the news of the repeal.

> When were these FCC rules implemented?

Adopted last November, published in December, parts went into effect in January and parts earlier this month, with more parts due to go into effect in June and December.

Thank you.

What are the plans to anonymize the data? Are there any standards in the advertising industry for sharing such information?

Not sure they have to anonymize the data after this. Do they?

Where's the crowdfunding to buy the navigation history of the representatives involved in the approval of the law?

Just move to Europe, where there is still some semblance of reasonable regulations and politics (for now).

What VPN provider do you guys recommend?

I hope someone buys browsing history of all Republican Congressman and publishes them on the web

Could and should have been filibustered in the Senate

edit: note Senate....

Democratic Senators need to be careful what they filibuster. Absurdly, it only takes a majority vote for the Senate to change the rules to disallow filibusters.

Then again, the vote to change the rules to disallow filibusters could itself be filibustered.

But, the Senate, despite all that, could (on motion) declare the filibuster unconstitutional, and only require a simple majority vote to affirm it.

Man, our Congress is so broken.

Source: 2nd paragraph of https://en.wikipedia.org/wiki/Filibuster_in_the_United_State...

  Then again, the vote to change the rules to disallow filibusters could itself be filibustered.
That's what the Wikipedia article says, but I don't think that's correct. Otherwise, I think the Republicans would have filibustered Reid's invocation of the "Nuclear Option" that changed Senate rules to disallow filibusters on Federal judge appointments.

No, the Congressional Review Act provides for an expedited process that cannot be filibustered.

Ahh yes that's correct. Darn.

Isn't "https everywhere" going to make this a moot point?

Only partially. Your ISP can sell what domains you visit and the details of those visits such as duration. Your ISP can push various trackerware that steps in front of the https. Your ISP can do trackerware pre-installs on hardware you buy for example, such as smartphones.

But that trackerware would be easily filtered out with ad blockers. Not that we should have to do so, but we can.

Don't worry, the president will veto this. /s

because he's worried about losing incognito mode?

Last I checked his dirty laundry has been aired and the public gasped and forgot. Golden shower anyone?

Not to mention that he already publishes his browsing and TV history via Twitter for anyone who cares to really track it down.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact