What we have in protections and freedoms were purchased through a ton of hard work by prior generations: the liberty to slack and think that it just works ok is a nice side effect of the prior sweat.
For JS 34  Mitch McConnell (R, KY) limited debate to 10 minutes--I'm unclear from the transcript exactly how this was allowed. Richard Blumenthal (D, CT) offered resistance to limiting debate, and Kamala Harris (D, CA) and Patrick Leahy (D, VT) requested the role be called several times as a delaying tactic, but the limiting of debate went through.
Just prior to the vote, Brian Schatz (D, HI) offered some debate, but this is cosmetic given the known votes.
My read there is little to be gained by trying to legislate implementation power that has been ceded to the executive branch and the various agencies that are run by appointment, and therefore a costly filibuster and fight was not worth the time, effort and political mud.
The law provides a procedure for expedited consideration in the Senate. If the committee to which a joint resolution is referred has not reported it out within 20 calendar days after referral, it may be discharged from further consideration by a written petition of 30 Members of the Senate, at which point the measure is placed on the calendar, and it is in order at any time for a Senator to move to proceed to the joint resolution. If the Senate agrees to the motion to proceed, debate on the floor is limited to 10 hours and no amendments to the resolution or motions to proceed to other business are in order, and so the Senate may pass the joint resolution with a simple majority. A joint resolution of disapproval meeting certain criteria cannot be filibustered.
I haven't seen any reporting on a specific law that these rules were tied to, but I have seen references made to laws predating the public internet that mandate privacy on phone calls that.
Really interesting. Thanks for sharing.
In linguistics the illustrative analogy is that prescriptivism is akin to an anthropologist entering into a foreign culture and rather than simply observing, they instruct the members of this culture on how to cook, dress, cut their hair, etc. Most modern dictionaries (including the Oxford English dictionary) take a descriptive approach to the study of language.
By that argument, we should all just be able to say and write whatever we want however we want to, even if it's technically or factually incorrect, like Humpty Dumpty or Donald Trump.
Why bother hewing to "elitist" rules of grammar and accepted spellings, being that it's just prescriptivism?
How does one decide objectively if something is just plain wrong, or merely prescriptive?
Case in point: "premises". So many people treat this singular noun as a plural and use horrors like "on-premise", which is so utterly wrong that it is painful for me to look at. What's worse is that "premise" is a real word and an entirely different thing and is most definitely not the singular of "premises".
This word came about (as many English words do) as a corruption of the Latin "praemissus", meaning something like "the aforementioned", and was used often in legal agreements for properties, and so became a word in itself that meant "the property".
Now we are corrupting it yet again, this time without the excuse of it being a different language, on the basis that "I'll say it however I please." People I have mentioned this to have told me that it is so difficult to get people to use the right word that they've just gone with "on-prem".
Now readers can take this comment as the rant of a "grammar nazi" or a pedant, but it wasn't meant that way, and I'll respond in advance with this: why is it not ok to identify something that is wrong? Because it's mere nitpicking?
Maybe so - but that's how matters devolve, over the decades, back to widespread ignorance and intolerance: one little oversight at a time.
Sorry, I didn't mean to get on the soapbox - sometimes it's just frustrating for those of us who are perhaps overly detail-oriented. But the world needs "pedantic" people like us more than it likes to admit.
> write whatever we want
> however we want to
> being that it's just
> This word came about ... as a
> corruption ... without the excuse
> of it being a different language
I don't have an issue with every "error" on that page and I have no problem with style guidelines for writing, but the problem comes when the prescriptivists think that logic is on their side when they opine on subjective stylistic and dialectic issues. "Ice tea" is a perfect example. The author of that site argues that "iced tea is not literally made of ice, it simply is 'iced': has ice put into it.". Apparently he is unaware of English's enormous fondness for attributive nouns. By his reasoning, we should all be saying "appled pie", or "apple-infused pie", or something crazy like that.
I also have a more general problem with prescriptivism because frequently it is used to justify a certain type of racist and classist thought.
Apple is describing the type of pie. "ice" is not a type of tea.
No it's not. "Ice" or (more appropriately IMO) "iced" a state of tea. Find me 'ice' or 'iced' on this page: https://www.teasource.com/pages/types-of-tea
Nobody is making tea from ice. If they were, then you could call it 'ice tea'.
Ice algae are not made from ice, for example -- they are algae that are found in ice. The point is that in noun-noun compounding, the semantic relationship between the two nouns varies widely from case to case (far more widely than the distinction we are nitpicking over between "apple pie" and "ice(d) tea").
EDIT: one more example, is it also wrong to say "bubble tea"?
Which makes sense, because it's referring to a type of algae found in ice.
If there were a type of tea that only grew or were only found in ice, then it might make sense to call it 'ice tea'. However, that's not the case because it's regular tea that has been 'iced'.
The relationship between two nouns in a noun-noun compound is very flexible. Sometimes it means the head noun is made out of the attributive noun ("apple pie"), sometimes it means the head noun is found in the attributive noun ("ice algae"), sometimes it means something completely different (how about "ice axe"?). So, because that relationship is so flexible, it's just not absurd to consider that in the case of "ice tea" the relationship is that the head noun contains the attributive noun, as is exactly the case with "bubble tea" and many other NN compound examples.
And I will say again that the semantic relationship between "is made out of" and "contains" is so, so similar. Given the huge variety of acceptable semantic relationships between two nouns in a NN compound, it's really ridiculous to claim that "contains" is not acceptable whereas "is made out of" is, especially so when there are tons of examples of the "contains" relationship that staunch prescriptivists never object to (again, "bubble tea").
- Pie found in apple(s)? Nope.
- Apple that is used to do something to pie! Hmm, no.
- Pie that is modified by an apple. No...
- Pie that is made with apple the primary ingredient? Yes
- Algae found in ice? Bingo.
- Algae that is used to do something to ice? No.
- Algae that is modified by ice? Nope.
- Algae that is made with ice the primary ingredient? No again.
- Axe found in ice? No.
- Axe that is used to do something to ice! Yes.
- Axe that is modified by ice? Definitely not.
- Axe that is made with ice the primary ingredient? No.
- Tea found in ice? No.
- Tea that is used to do something to ice? Not that I've heard of.
- Tea that is modified by ice? Mmm... it's not modified. It's still tea, only cold, not hot. Its temperature, a non-essential property of tea, has been modified. So wouldn't that be "iced tea", as in, "tea that is normally served hot but has been cooled down, namely, iced"?
- Tea that is made with ice the primary ingredient? No.
Bottom line: "ice tea" is ambiguous. "Iced tea" is not.
I regret I have honestly never heard of bubble tea (but I have heard of bubble gum), so I have no clue what it is, other than it has something to do with tea and bubble(s).
Is it tea with which one makes/blows bubbles?
Tea served in a bubble?
Tea made from bubbles?
That is the relationship... "contains". There are many other examples in English of that relationship in NN compounds, and I guarantee you use them unconsciously without a second thought. You are also not getting my point, please reread my last post.
> Bottom line: "ice tea" is ambiguous. "Iced tea" is not.
This is how I know you and others in this thread have not spent a lot of time thinking about language. When has ambiguity ever prevented humans from using and understanding language? If you look at any piece of writing deeply, it is filled with an unimaginable amount of nuanced ambiguity. That's exactly why NLP is so hard.
I think you are making an unwarranted assumption about me. I have indeed spent a great deal of time thinking about language; I just have different thoughts, or points of view, about it. I have been very interested in etymology for a long time.
I neither claimed that natural language was capable of being entirely unambiguous, nor that people cannot communicate in the face of ambiguity. In fact, ambiguity in language allows for great artistic expression: humor, poetry, and other word play. So I agree with you on that point.
But holy crap, do we have to make it harder than necessary to communicate, when we aren't deliberately playing with words?
Surely you agree that much of the misery, pain, and suffering in this world of ours is due to avoidable language-related misunderstandings?
My work in linguistics and NLP is strongly related to ambiguity, so I tend to see things in those terms and I do not see resolving ambiguity as an impediment to understanding language (for humans at least, but for computers it is an enormous problem). We'll agree to disagree!
It's popular in Asia and Australia, and originates from Taiwan.
Also called boba tea or pearl tea.
Note that the prominent English dictionaries have usage panels that make judgements about whether the usage of a certain form of a word is sufficiently wide as their criteria for inclusion.
It's not that it is not ok to identify something as wrong, but you will need to accept that people will disagree with it, and that what is wrong to you now may very well have enough support in usage that the battle is already lost. When you then opt for comparisons to Trump, then it is not surprising that you get downvotes.
A lot of the "I'll say it however I please" is down to usage. I'll drag out my favourite example: "begs the question". It's my favourite because I didn't even know about the original meaning until I started seeing rants about how horrible the new meaning was. Do a search for it today, and the results are dominated by sites complaining about how awful the change is, and articles about it.
To date, I can recall only one instance where I've seen the original meaning used outside of such a rant. It's basically a lost battle, where people will often respond along the lines of "I'll say it however I please" for the simple reason that to most people the original meaning is entirely foreign because of its niche usage.
Usage panels, which often lags trends like this, for good reason, have in recent years started tipping towards the new usage for "begs the question", often marking the original form as "formal", because ultimately language is about communication, and you can not communicate effectively if you pretend the most common form doesn't exist. Here  is an article at Merriam Webster discussing the issue.
What I'm railing against is more that there appears to be little interest, in general, even to try to get things right. I see this not just in human language, but in business, software development, publishing, pretty much everywhere.
I'm really tired, so I'm not expressing myself as well as I should, so perhaps I should just wrap this up and get some sleep. An iPad is also not the best UI for writing on HN.
Thanks for your thoughtful and thought-provoking response.
Language is a means to an end. If my entire audience understands what I am saying, and is not put-off by how I say it, then I did, in fact, get things right.
You need to draw a line somewhere, or you will end up spending your life obsessing over unimportant details of what you write instead of actually communicating.
It may also happen that the one person who you felt was not "worth the trouble" turns out to be someone who will be very important to you one day, like a potential business partner or investor, and who interprets your misuse of language as ignorance.
There's a difference between obsessing over unimportant detail and being thorough, IMHO.
OMG u shuld see wat they do in germanny its so different their!
But at some point you do start to get diminishing returns, so there are practical limits to how worried one should be about pedants.
I didn't know that! Thanks!
However, I like tools in my arsenal that enable me to express myself precisely. Prescriptivist rants often open my eyes to subtle shades of possible meaning that I otherwise would not have seen.
Also, it's not even applied to 50% of resolutions:
And the only reason Democrats voted against it was a tactic to save face for their constituents back home.
Why in the world would you think some politicians are magically sincere while others are not just by the little letter in parenthesis after their name?
Hyper partisan people that think this way are the reason political discourse has gone to shit and everything turns into some childish red team vs blue team ideology. As you keep propagating this mindset, people on both sides keep turning up the volume on their echo chamber and we get the most partisan congress (on both sides) in a hundred years.
Say you have 54 democrats in the senate, and a democratic president 4 democrats that had difficult races can abstain or vote against the bill while 50 democrats can vote for it, with the vice president being the tiebreaker.
So Americans choose to agree with either EVERYTHING person A says, or EVERYTHING person B says.
That's what it boils down to. And it freaks me out that in a day and age where we're so educated and "free", we still think that this is a good solution.
Apologies for veering off topic. Had to get it off my chest for once, as I don't normally voice this stuff. (Because I'm sure others have said it better before.)
I'd like to see the GOP split into the 2-3 parties it shelters, and the Democrats go their 3 or so ways as well. I'd bet it'd significantly stabilize US policy and reduce the zero sum power plays that are becoming quite common.
If you go out and talk to these actual Democrats and Republicans, the bipartisan distinction seems more and more like a fraud.
Seriously, have you ever met a person who's "core driving force" is money and "all they care about"? Does that description fit about half the people your know?
Seems pretty cartoonish to me.
The people around me are not mega-rich. It is not a problem of that people being "bad people". It is a circumstance problem. The situation is that they have so much money that can change the laws.
Cut lobbing, redistribute wealth and you will stop this cartoon evil behavior. Keep people so rich that they don't understand what being middle class is, and they will continue pressing for ridiculous reductions on our rights.
Americans keep complaining about their politicians, then elect the same parties they complain about over and over again. I work with an American who explained it - she voted for a party she didn't like because she was desperate to do anything she could to prevent the other party winning. It turned out the other party won afterall so her efforts just went towards entrenching the two party system and discouraging anyone else from voting for what they actually want next time.
Approval voting is much simpler than ranked-choice, and more appropriate for the general public.
I did get the chance to flick through a Californian voter information guide for this last election and it seems like if your goal is to make voting simpler then looking at ballot initiatives would be far more useful.
Maybe they think it's too complicated.
I think his points are pretty good ones. There was a lot of anger and unhappiness after the 2010 election and the role preferences played in it. I'm not going to change my mind entirely on one poll which hasn't ever been repeated when there are valid objections to the question and the signal isn't even that large. You could have polled people on if the electoral college should be gotten rid of after the last US election and you'd probably get a similar sort of polarised answer for the same reasons.
More importantly, I don't really care about what people prefer in their voting system. That probably sounds bad, and I think it's important that people trust it but it's a technical answer to the question of how we discover what people want. That's what I care about, which is why I support compulsory voting which ensures a more representative government at the cost of forcing everyone on the rolls to vote.
I'm also not some weird person who thinks we have it perfect here. Obviously optional preferential voting in all cases would be better, not just for the federal senate, and Hare-Clark nationwide would be even cooler than that. There's always improvements to be made.
Later-no-harm is a silly "anti-criterion" that causes more harm than benefit. See explanation by a Princeton math PhD who co-founded the Center for Election Science.
He refutes similar FairVote FUD here.
FairVote lacks expertise and lies a lot.
Here's a layman friendly talk I gave to the Colorado League of Women Voters a few years back.
I suppose we'll see how Maine handers their newly-implemented ranked-choice scheme in the coming election cycles.
This can be objectively measured via metrics like ballot spoilage and precinct summability.
Here's a read-through of a talk I gave on this.
True, but equilibrium is not the goal. The mere fact that a political system has been around long enough to approach equilibrium means that people have been sleeping at the wheel for a long time.
For example, I've heard from a small but non-trivial number of swing supporters that they would have voted for Sanders, but instead voted for Trump. Ranked voting might have allowed them to vote Sanders > Trump > Hillary in 2016. Others may have preferred Rand Paul, or Gary Johnson, etc.
FPTP is directly responsible for our dichotomous and increasingly unstable political system. We need more choice at the ballot box.
If there's a sizeable proportion of people like that, they'd be able to get their candidate in the primary. By and large you need far fewer votes to win the primary than to win the general.
It always surprises me that there are people who don't bother to vote in the first round of voting, and then complain about the quality of candidates that made it to the second round. Well, yeah; you can't sit things out and hope that other people will pick the person you like. Only 28.5% of eligible voters voted in the presidential primary in 2016 (and non-presidential primaries often have lower turnout).
This was the focus of my post, though I guess it wasn't clear...
What you're suggesting doesn't work across party lines. The Democrat primaries don't care whether Republicans would have voted for Sanders over Trump, and the Republican primaries have a similar problem. Primary systems acts to amplify the passionate voices within each party at the cost of bipartisan preferences.
Really, do people expect the public to be able to rank their candidates?
And what's the problem? Everyone wants to be a king. Government's job is to make sure no one is, with a social contract.
And, in a Democracy, the self-interest of government is the public's interests.
I guess you are too young to remember SOPA/PIPA - that was voted for by Democrats, against by Republicans.
As you mature you'll realize Republican vs Democrat is not as simple as you make it out to be.
The choice is extremely clear. Activism plus voting against the worst option.
Of course, since I live in California, both of "my" senators are Democrats, one of which has been in office since I started high school (24 years ago); it would have been both if the younger of the two (Boxer) hadn't retired.
Somehow, "my" representative is a Republican, though I still think most of the people in this district don't realize that he replaced his father (who held the office from 1981-2009). Maybe the DoJ investigation into his use of campaign finances for personal expenses will open some eyes, but it seems more likely that, if he is removed from office, whoever gets on the ballot with the R next to their name will get the seat (or maybe we'll get multiple people with an R next to their name, like most of the local races).
Not sure how you can hang this on the democrats.
PIPA was introduced by Leahy. Still had some republican sponsors.
They didn't vote on either.
I'm really not sure why you had to be condescending about this. You could have made the same point by bringing up SOPA/PIPA. No need to start talking about other posters being young and immature.
But the problem is more systemic. It's at the center of the culture of this society: it's the fact that MONEY (== DOMINATION) has been made the most central and culturally venerated value.
To change that, a lot of suffering will have to occur, because those who benefit from MONEY (== DOMINATION) will use exactly that to defend this (sick) cultural value by - you guessed it - dominating everybody who's against it. And for that, other sick things like mass surveillance technology, a militarized police force, perfectly controlled media, and pressure on your economic wellbeing and your physical and mental health will be used.
Active and rational political conversations would, in my mind, have mitigated a lot of the problems with money in politics. Gerrymandering would not be (as large as) a problem if the masses had not been asleep at the wheel.
It is an uphill fight from this point forward.
Upon what do you base this hypothesis? Because history shows otherwise. The oligarchy/aristocracy has always had disproportionate influence in the US. It has always been an uphill fight for the average citizen.
>I believe the British government forms the best model the world ever produced, and such has been its progress in the minds of the many, that this truth gradually gains ground. This government has for its object public strength and individual security. It is said with us to be unattainable. All communities divide themselves into the few and the many. The first are the rich and well born, the other the mass of the people. The voice of the people has been said to be the voice of God; and however generally this maxim has been quoted and believed, it is not true in fact. The people are turbulent and changing; they seldom judge or determine right. Give therefore to the first class a distinct, permanent share in the government. They will check the unsteadiness of the second, and as they cannot receive any advantage by a change, they therefore will ever maintain good government.
-Alexander Hamilton, Farrand's Records of the Federal Convention, v. 1, p. 299.1787-06-19
When looking at the turnout over the years. The engagement has rarely been > 65%. Last time was 1904.
Your point is well taken though. I am not a political science expert. Just an IT person trying to make sense of it all.
Your complaints about "people pontificating along party lines" do nothing but reveal your own biases when the vote is so starkly along party lines. In a case like this, the objective analysis is clearly that the Republicans are wrong and the Democrats are right.
I really hope hackers obtain records of every Republican Congresscritter's creepiest porn viewing.
The vote was along party lines. You are asking for non-partisan insight where there is literally none to be had. There are good guys and bad guys in this issue, and they wear uniforms to tell you who they are.
At 73 pages, it's a doozy. I don't know exactly what the effects would have been, but one important thing to note that I did not see mentioned once in any of the reporting about this is that the rule has only been in effect for 84 days. So I wouldn't expect any changes to be too noticeable.
Also worth noting is that whatever restrictions on ISPs are removed by this, it doesn't guarantee that ISPs will start doing that thing immediately, if at all. I also haven't seen reporting on what past behavior ISPs have already engaged in that this rule would have stopped.
Paragraph 106 mandates that the information released should not be able to be de-identified, and third parties must be contractually obligated to not de-identify customers from the data.
Paragraph 117 says the clause must be transferable to third-parties all the way down the list, but a middle-man can hire a company in a different country to do the necessary work, outside the jurisdiction of the FCC.
Paragraph 115 says the ISP can share the IP address, and no other identifying data, and meet the requirements of de-identification. A clause to "revisit this topic later" is present. Damn right you better -- combined with other data sources from social media and search engines, I can trivially combine multiple data sources using the IP address and build a "personal profile" of your entire Internet usage, including those really unique "outlier" destinations.
Paragraph 143 says that no periodic reminder is required, so expect the "privacy notice" to be buried in a sea of required checkboxes at point-of-sale, and never seen again. There are provisions that it be available on a website and via other methods, etc., but "available" versus "easily found" are two different things.
Most of these rules will take effect in 12 months, not immediately. (The rule of preventing ISP services requiring you waive your privacy to provide service is 30 days (paragraph 295, § 64.2011), data security requirements in 90 days (§ 64.2005), and data breach notifications and requirements in 6 months (§ 64.2006).)
Isn't that just because the agency responsible changed from the FTC to the FCC?
Since both sides are astonishingly bad, I usually end up voting third party in races where there is one.
...what? Gary Johnson is himself a marijuana user who has long been am advocate of drug policy reform (not just for marijuana, but for other drugs as well).
When running for governor, Johnson campaigned on a platform of marijuana decriminalization and harm reduction for all other drugs. This was during the height of the Clinton-era anti-drug hysteria - you'd be hard pressed to find many other politicians who supported harm reduction at that point.
There are things to dislike about Johnson, but criticizing him on drug policy is really bizarre. He's been one of the strongest (if not the strongest) political advocate for abolishing the War on Drugs for over two decades - much more vocally so and for far longer than any other politician I can name offhand.
Also, he didn't campaign on legalization. He gave a speech about it in his second term. Did he parole any non-violent drug offenders? Did he use the powers of his office?
No she doesn't, this is an absurd smear based on her attending a single event in Moscow.
As someone who didn't vote, no, I would not have changed my decision given the outcome, and this "lesser of two evils" justification crap is exactly why. Enjoy your shitty country.
It sounds like you are the apathetic voter in this scenario.
This is a common line used by leftists who are angry that Trump won and are looking for someone to blame. Third party voters make an easy target, and the left has long felt entitled to the support of third-party voters.
But this entitlement assumes that third party voters would otherwise have voted for Clinton, which is a pretty strong assumption that also doesn't really hold up against the polling data from late in the election. Johnson took more than half of the third-party vote, and had he not been running, most Johnson voters would either have voted Trump or not voted at all.
Trump didn't win because of the few voters who voted third party. He won because of the 63 million people who voted for him. If you want to blame someone for Trump's victory, blame them, not the 7 million who chose not to vote for Trump.
Of course, the Democrats have themselves totally acceded to this scheme.
Effectively, in a first past the post electoral system, any vote that isn't for the major party that most closely aligns with your views is a vote that supports the views least aligned with your preference.
I do see some listed counterexamples to the "law", and also a note about occasional upsets where the parties get completely rearranged.
If both major parties suck, how do I ask for an upset? Is it by fuming quietly and voting for the lesser of the two evils, or by saying "no, fuck you both"? Or does the fact that any upset probably won't happen this election mean that it's part of "the long run" where per Keynes we're all dead, and so it doesn't actually matter?
Do the major parties just ignore any non-major-party vote, or do they analyze it to tweak their platforms for next time? (And, is this consistent over time and space? I'm hearing that it seems to be the case in the US now, but in the same breath I'm hearing that that's a recent localized disaster.)
The Wikipedia page is a tremendously short summary, and yes, doesn't go into depth about the implications of duverger's law.
I strongly suggest digging into the literature around it, which does bear out the thesis I states above.
If both parties suck equally and no party is more closely aligned to your preferences than another, I suggest you enter politics yourself. It's just made up of people not too different from yourself.
I've actually thought about that a bit, and don't think I'd enjoy it enough to consistently put in the time needed to ever really get good at it.
I vote 3rd-party in every contest I can. At this point, I'd vote for a puppy dog, if it wasn't a D or an R. It makes my wife, family, and friends mad, but I will not waste my vote on the status quo. I'm voting to send a signal that I want other options.
I believe that if we can get to the point of just having a 3rd party on the platform for a presidential debate, we can open the door to other parties having a non-negligible effect on the election process. Of course, that's the Election Commision's fear as well: https://www.washingtonpost.com/news/post-politics/wp/2016/09...
Or that this election was so crazy that they decided not to vote in spite.
That's apparent in the US where elections results are influenced more by those with barely a high school education than by their more educated fellow citizens.
The most important qualification one needs to have, it seems, to be elected to the Texas Education Agency, is to be a "true conservation". That board practically decides what your children study in school.
And over here on HN, the policy is to not get into political discussions.
I get what you're saying, the idea is much older than Einstein but do you want to be right or do you want to be truthful and persuade?
At least nod the prior. "As Einstein's improvement on Plato's dictum says, ...".
By comparison, I was reading a paper on an alternative fuels process and found that its citations were all to 1990s and subsequent work.
This actively obscured the fact that the underlying concepts and idea dated from the 1960s, and excluded considerable significant prior research.
It would be ... like a study of evolutionary biology failing to credit Charles Darwin, and giving the impression, say, that the entire field grew out of recombinant DNA efforts of the 1970s.
The government is trying to reduce protections of civil liberties, the environment, etc.
Because the party in control of the legislative and executive branches are removing those protections.
Because it is in their best interest and because they promised to do so in their election campaigns.
A. Because their corporate sponsors want less regulation.
B. Because their supporters want less regulation.
Because less regulation means more profits (If you ignore the environmental and human costs).
And, because many Americans equate regulation with infringement of their personal freedom.
We need to stop assuming that bad things are happening because a few bad apples tricked roughly half the population to support them. They are making America great again. Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered. And no one was fooled. It is straight up whathalf the population asked for.
> We need to stop assuming that bad things are happening because a few bad apples tricked roughly half the population to support them. They are making America great again. Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered. And no one was fooled. It is straight up what half the population asked for.
You're correct by and large. I won't get into the remarks on the (effective) propaganda efforts Fox & crew have done. Much deception has happened there.
But, this specific bill is troublesome in part because the lawmakers often are very ignorant of what's going on, much like many of the senior judges in the US. This is one part generational divide, one part tech avoiding law, and one part lobbying. Some of that is avoidable by engagement, and if adult geeks had realized this in the 80s & 90s instead of disengaging from politics, the world would be different.
This is completely false. Less regulations helps the status-quo as companies stop to need to be innovative. And it helps old-fashioned contaminating industries.
> Look at any point in time before now in American history and you will find less civil liberty, more oppression of workers, and more destruction of the environment. It was promised. Its being delivered.
Yes. That's it. And that's why so much powerful people want bad schools and worse education. If people knew how the world works, they will be less prone to populism.
I oppose what the Republican Congress is doing.
Having said all of that, the FCC has no freaking business defining privacy. The system was terribly out of whack to have them do this in the first place. My support of their move and my opposition to what Congress is currently doing is simply because I'm trying to pick the lesser of two evils. It's not because there was simple good position/side and bad position/side. Wish that it were so simple.
Both political parties have screwed over privacy and anonymity online -- in terrible and huge ways. And the system is terribly corrupt. And....we should take action to make our political views clear.
My problem is that "let's take action" turns quickly into "Group X is in the pocket of political party Y"
And that's how we got here in the first place.
I would agree that the remit of Congress is to govern the people, by the people, and privacy falls under that umbrella. The executive branch should not be operating as an independent law-making body, as it has been.
I would gently suggest that when geeks look at politics, it's much like looking at a huge codebase written for decades - our reaction is that it's corrupt and needs a rewrite. I have learned through very careful study and hard experience that often there are good reasons for codebases to be "crufty", and similar with politics. Doesn't mean reform can't be done, but it means we have to work within the codebase, and with the current web of loyalties to some extent.
I specialize in helping large organizations of people change and become better, so I've been quite fortunate to have hands-on experience with these kinds of things.
For a good political person who can work contacts, there's always value. I would humbly posit that the system as a whole has overall attributes. I really don't like waving my hands around and saying "we're all going to die", but sometimes the Titanic actually is sinking. I'm sure those guys in the band had a hoot playing those last few songs, though.
So I understand and respect your opinion. Hopefully I'm able to see the tactical as well as strategic situation. Maybe not, but that's what great conversations are for. :)
Democrats wouldn't apply this rule to search engines or email. Why? Because tech companies would flip out.
Democrats are free to vote ideology when it's a GOP ox that is going to get gored. And vice versa.
The culture has shifted and moved, but the "avoid politics, it's evil" mentality still hangs around, a lot.
I don't mean to exculpate the Rs or go "ruh ruh whatabout those bad Democrats". Lack of understanding of consequences and technology is a cross-party issue, and each party has performs their ignorance differently. I think that part of this is age, as well as the age of the vested interests.
Also, personally, I wish you'd have checked my comments. I am no GOP evangelist/apologist. I'm trying to hew to the truth and be fair.
Well... good. It did read a bit that way however. But you know, tone, text, internet, etc
"I'm trying to be fair" is exactly the problem with whataboutism.
But I think I'm done with this conversation. Thank you for your time.
If Hillary Clinton was president or if the Democrats had control of one chamber of Congress, this bill never would have passed.
Obviously there is significant disagreement on that issue.
> If Hillary Clinton was president or if the Democrats had control of one chamber of Congress, this bill never would have passed.
Yes, because the left is happy for government agencies run by unelected, unaccountable bureaucrats to continually enlarge their regulatory domain. Other people consider that a bad idea in general.
And if that had happened, FCC regulations would control our privacy--after they would have taken effect, over a year from now--regulations which are not law and can be changed by unelected FCC bureaucrats who are unaccountable to the people.
I'm no fan of Congress, but it's definitely better for this to be controlled by federal law rather than an agency regulation.
Of course, there is something to be said for allowing people to screw up their own government irreparably and be forced to suffer the consequences.
Also, there are certain nice things that we have that are only possible by working together. The national highways, for example.
But at its core, the most basic necessity is the common defense.
These regulations were only voted on late in 2016 and never went into effect. To do the regulations, the FCC reclassified the internet as basically ye olde telephone system, which then made it subject to their purview based on laws created in the 1930s. This is classic overreach. Congress never gave this authority to the FCC and is acting to put them back in line with the law.
It's pathetic the the WaPo used their platform to create more heat than light on this, by selective quoting. Here's a more full quote from Rep Blackburn that explains her position more fully.
“The FCC already has the ability to oversee privacy with broadband providers,” Blackburn explained. “That is done primarily through Section 222 of the Communications Act, and additional authority is granted through Sections 201 and 202. Now, what they did was to go outside of their bounds and expand that. They did a swipe at the jurisdiction of the Federal Trade Commission, the FTC. They have traditionally been our nation’s primary privacy regulator, and they have done a very good job of it.”
The lesson here really is that if the issue is really important, then get an actual law passed instead of trying to contort regulatory authority based on laws from the 1930s. The previous president could certainly have done this, but chose not to.
Seeing this coming, FCC proposed privacy rules around the same time: https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-39A1_Rc...
Which did go into effect on January 3rd: https://www.federalregister.gov/documents/2016/12/02/2016-28...
Among the privacy requirements, there are also mandatory breach notifications.
The industry's response is here: https://www.washingtonpost.com/blogs/the-switch/files/2017/0... . They complained about the breach requirements, and also claimed the difference between them being opt-in for advertising profiling vs Google et al being opt-out violated their First Amendment rights.
A coalition of Internet advertisers filed a similar response: http://ana.net/getfile/24564 . Here, they claim another First Amendment conflict with: "The creation, analysis, and transfer of consumer data for marketing purposes constitutes speech"
So yes, please dig deeper. This is a year-long end to a battle that AT&T successfully opened up in their appeal. It's over; the ISPs won, at the expense of individual American privacy.
That decision seems insanely broad; there's nothing in there that prevents AT&T from buying a breakfast cereal company and selling corn flakes that claim each 1 pound box contains 80 pounds of cereal and will make you live forever.
At the same time, it doesn't seem to apply to ISP broadly; only ISPs that qualify as common carriers. Although the definition of common carrier seems overly broad itself, according to , even pointing out that Disney is a common carrier because their roller coasters in their theme parks carry passengers .
Has any attempt been made to amend either the FTC acts or the FCC acts to clarify the extent to which entities are classified as common carriers only as regards to those activities which meet the definition?
 Gomez v. Superior Court (Walt Disney Co.) (2005) 35 C4th 1125, http://online.ceb.com/calcases/C4/35C4t1125.htm
See my comment below https://news.ycombinator.com/item?id=13986192
This is a case of a regulatory agency overstepping its bounds and seizing jurisdiction outside of the domain allowed for it by Congress. That's the language in which the bill is framed, the the way in which it has been discussed in the past weeks and months that is has gotten (minimal) coverage.
Then the issue got picked up and spun when somebody called attention to the fact that the FCC's regulations (which they were not authorized to make) were more consumer-friendly than the FTC's. That's true, and it's a real problem. But that does not mean that the answer is to sanction the FCC's power-grab here. The right thing to do is to pursue consumer regulatory protections _within the confines of the law_, which means either petitioning the FTC or new legislation.
Don't confuse concern over process with favoring the resulting outcomes.
ISPs should be classified as modern utilities. They are trying to be the infrastructure provider while being regulated like the business' that consume the infrastructure. But they don't want to be classified as such because of the burden of regulations this would inherit.
I've yet to meet someone in life that thinks that their internet provider should be able to sell all information about their activities (while charging for the service).
Remember, the telephone industry was regulated because telephone companies merged and cooperated to create regional monopolies and destroy competition, all at the expense of consumers. Comcast, Time Warner and the like have all been doing the same.
The FCC has scarcely been better than these companies. It has a history of being a revolving door for companies. Consider what RCA/FCC did to Armstrong back in the day.
Just because the FCC does something doesn't mean its good, legal, or whatever. It's just what 3 of 5 unelected, unaccountable appointees cooked up. When the board changes, they can just as easily uncook it up.
This law was written to prevent an overstep of a non legislative body's ability to legislate.
It's true the outcome sucks in this case, but that doesn't mean it wasn't the right thing to do from a balance of power perspective.
HN, the only place on the internet for thoughtful/rational political discourse.
This is the only place I've seen having this conversation. That actually questioned the utility of the agencies to follow out the intended goal and whether this is the best policy to do thee job. It's sad it's not even being tapped on by the newspapers, even as an aside to their doomsday headlines they love to stir up.
As Thomas Sowell said: "Economics is not about hopes and good intentions, it's about cause and effect". The same applies to regulatory policy.
This makes no sense. It's not true, for one thing--the FCC cannot "do whatever it wants." And independent rulemaking is the entire point of creating an independent federal regulatory agency in the first place.
Calling it a "regulatory overstep" is fine as a means of expressing an opinion about this rule, but the rule was legally promulgated. Again: that's why it took an act of Congress to reverse. Illegal rules get reversed in court.
Another point regarding the consolidation of the two industries comes in the form of most of the cable companies now delivering home phone service through the internet.
I don't think the FCC is the best place to fix the problems with the internet, but I don't see the "repeal and don't fix" method that seems to be so popular with the Republicans lately as a better way to deal with it.
Oh look, more whataboutism.
Referring to this privacy exposure as "something that may/will happen because of Trump" ignores that it is already Federal law and has been since 2015. Yes, in removing FTC authority over broadband, the Obama administration created this privacy exposure in the first place. That tap wouldn't shut off until next December at the earliest if the current administration did nothing.
That privacy ship has sailed. Broadband providers can have been sucking this data up for over two years by the time this particular Obama regulation would kick in, even if left as was. The Obama administration could have timed the FTC authority removal to not happen until replacement protections were in place, but, no.
The EFF is oddly silent about why they've been so oddly silent about this exposure for over a year now. Their partisanship is showing.
Given that circuit split, it's unlikely -- no matter how evil you imagine ISPs to be -- that they would start scooping up data and selling it immediately, and only in a narrow set of States. The FCC regulation was an attempt to restore an existing privacy situation, across the whole of the US market.
Again, it's extremely unlikely that with an impending privacy regulation being imposed, ISPs would proceed with monetising user browser histories for a short period of time before they were once again vulnerable to regulatory penalties for doing so.
If I may be less than oddly silent, I think we (EFF) didn't talk about this much because it seemed like various parts of the USG were (slowly) moving to fix a problem that came out of a court decision that could have gone either way.
You can read a little bit more about our work during the Obama administration (and before) on net neutrality here: https://www.eff.org/deeplinks/2014/07/deep-dive-defense-neut... . One of the points we talked about during that administration, and this one, is the risk of FCC over-regulation, and regulatory capture. If you want to view these challenges in a public choice theory (ie generally Republican) model -- at the FCC, the risk is largely one of ISP dominance, as it is traditionally the telcos that stand to benefit from investing in moving the FCC to their position. In this case, you actually have Congress stepping into to push them even more that way. That's a problem under a Democratic or Republican administration, which is why I think you saw more Republicans move to oppose the repeal than Democrats support it.
You are conflating two different orders; the reclassification was part of the 2015 open internet order (and was expressly laid out as a legal option in the court decision striking down the 2010 open internet order), not the 2016 privacy order at issue here.
> They did a swipe at the jurisdiction of the Federal Trade Commission, the FTC.
The FTC has no authority over even the non-telephone operations of the telephone companies who are many of the major ISPs.
It was the FCC that decided in the first place to classify ISPs as information services rather than common carriers. They have the authority from Congress to do that, and I'm aware of nothing in the laws that granted that authority that say that once the FCC makes such a classification they cannot later revisit that and change the classification.
> The lesson here really is that if the issue is really important, then get an actual law passed instead of trying to contort regulatory authority based on laws from the 1930s.
There have been several additions and amendments to the 1930s laws, such as the Telecommunication Act of 1996. It is disingenuous to suggest that the FCC is relying on 1930s laws for their authority.
1. The opposing party's opposing the ruling party is a natural process of government. It's the normal state of things. Your saying that it was "poor behavior" implies that it was an anomaly, that the Republicans did something wrong by not supporting everything Obama wanted to do, and that the minority party is supposed to accede to every demand of the ruling party, which would be absurd.
2. The Democrats only controlled Congress for 2 of Obama's 8 years. You imply that, even when Congress is not controlled by the President's own party, that Congress should accede to his demands. This is absurd. It's not how our government works, it's not how it's ever worked, and it's not how it was intended to work--indeed, exactly the opposite is the case.
3. If your implications were true, you should be criticizing the Democrats for doing exactly the same thing right now with far more vehemence.
4. The ostensibly "grassroots supporters" of the current opposition is actually ruthless. Were there violent riots in the streets of cities across the country when Obama was elected?
Well, they said they didn't want a factional system, then they built rules which guaranteed two factions, modelled directly after rules which had done the same elsewhere, and all while organizing themselves into two factions which were visible in nascent form in the first national elections under the Constitution and well solidified by the time Washington was to be replaced as President.
So, do you listen to their words, or their actions? The founders were, to all evidence, a lot like politicians of today, publicly cursing the ills of partisanship while deeply engaged in it, mostly as a rhetorical device against the other party.
Does this legislation explicitly condone the collection or sale of browsing data? (I'd still rather have the protection than not, but can't seem to find a good detailed explanation.)
does that mean that our data was already (or is currently) being sold?
They've been able to for at least 1.5 years, and counting.
Right, the Republican Congress was very happy to work the prior President on sensible legislation.
False. Parts of the regulation went into effect 30 days after publication. Parts went into effect 90 days after publication. Part would have gone into effect 6 months after publication. Part would have gone into effect 12 months after publication.
See pg. 202 of the Report and Order.
I thought not.
That's silly. That's like saying phone doesn't deserve protection from wiretapping because there never was a law specifically against it.
I'd just like to register my opinion that I don't see Washington Post is an objective, nor even a trustworthy source at this point. When they print something it's often worth looking deeper into I believe.
So you've never actually been to Breitbart then? I checked it regularly before the 2016 elections and, in those days, it certainly earned its nickname "stormfront lite." They've toned it down since the additional scrutiny and subsequent mainstreaming of the Trump era, but WaPo has never been and will never even come close to Breitbart. Also Breitbart is an overt propaganda outlet. WaPo may seem biased, but it certainly does not engage propaganda on the same level as Breitbart.
WaPo has never been and will never even come close to Breitbart.
Meanwhile, if you see any factual errors on Breitbart, by all means post them.
I liked this one:
That's because you probably believe that the Illuminati or clockwork elves are real.
Yours is the kind of negative, noncontributory comment I would'nt be surprised to see dang flag.
Your comment consists entirely of conspiracy theories and personal attacks.
I'll stick to that then.
Find your reps: https://tryvoices.com/
Of course, said discussions are pointless without action.
With over 20,000 phone calls to Congress in just 48 hours, this is now on the scopes of current congresspeople (and those who would like to campaign against them).
(And please consider joining EFF as a recurring dues-paying member. The more people we can say we speak for, the more impact our arguments have. https://supporters.eff.org/donate/ )
support the EFF
"Reclassification under Title II was a necessary step in order to give the FCC the authority it needed to enact net neutrality rules. But now we face the really hard part: making sure the FCC doesn't abuse its authority." 
"The FCC has also failed to give proper consideration to the invasiveness of deep packet inspection, used by ISPs to read a user's Internet traffic. The "lawful content" limitation may give legal cover to this privacy-violating practice. In response, the Commission simply suggests that users protect their own privacy using encryption, virtual private networks, and Tor. While it's a very good idea for users to protect themselves with such tools, that shouldn't be their only protection against the very companies they are forced to trust in order to gain access to the Internet – particularly when ISPs like Verizon have gone to extreme measures to circumvent users' privacy controls. Leaving users to fend for themselves does not bode well for the FCC's future proceedings on privacy rules." 
By January 2016, the EFF, along with several other advocacy groups, have co-authored a letter  to the FCC in response to the FCC's announcement that it will soon make rules about customer privacy for broadband internet . This was done soon after the FTC's commissioner welcomed the FCC's cooperation to result in stronger privacy protections. For a rationale of the FCC's actions, too long to quote inline, I highly recommend the section "III. A. Background and Need for the Rules" of FCC 16-148  and other sections to follow.
As they often have, Ars Technica provided excellent coverage of the context surrounding these events . Notably, their recent article  writes about the nuances of which rule was made in response to what, and how the situation we find ourselves in today came to be. The 9th Circuit's opinion in the FTC vs. AT&T case threw a wrench into things .
"This undoes the 73-page publication published on 2016-12-02 by the FCC, most of which took effect 2017-01-03, some parts later on 2017-03-02, both after the election and one of them after the inauguration."
Meanwhile,  says:
"This pending rule change is not in effect at all yet; it was only put through 3 weeks after the 2016 election and wouldn't have taken effect until next December."
Not sure if it's  or  that's wrong about the dates of taking effect, but it's clear that the FCC rule was enacted very late.
So, given that it was published on 2 December 2016, the earliest it could possibly have taken effect is December 2 or even 4 (December 2 is a Saturday)
 https://apps.fcc.gov/edocs_public/attachmatch/FCC-16-148A1.p... (Item #312. Page 132 of 219 of the PDF. Yes, it's a huge file.)
 "PRA approval, as defined herein, is not complete until the Commission publishes notice of OMB approval in the Federal Register", so it was also conditional on approval by the Office of Management and Budget. AFAIK, that never happened, either.
> DATES: Effective January 3, 2017, except for §§ 64.2003, 64.2004, 64.2006, and 64.2011(b)
The complete list of sections that are specified in the rule change (last couple of pages):
64.2001 Basis and purpose.
64.2003 Notice requirements for telecommunications carriers.
64.2004 Customer approval.
64.2005 Data security.
64.2006 Data breach notification.
64.2010 Business customer exemption for provision of telecommunications services other than BIAS.
64.2011 BIAS offers conditioned on waiver of privacy rights.
64.2012 Effect on State law.
So it went into effect, but only the parts of it that were basically definitional in nature, and some places specifying where the regulations do not apply. So in a realistic sense, the regulations never went into effect.
I mean, as long as I'm dreaming too, we should give assembly programming kits to first graders.
That, and the Congressional GOP used up their political mana points on the failed Obamacare repeal.
Six more flipped Republicans would have killed this bill, which would have meant this wouldn't happen. You have the ability to make a real difference here by calling your Representative and telling them how you expect them to vote.
But, instead, what I'm hearing is that you're throwing up your hands and saying 'party line votes!' Call next time. It'll make a difference.
I assume you know how to pitch manure, program a computer, and cook a tasty meal. Yet tell me, how long would it take you to butcher a hog from carcass to grocery portions? Have you ever done so?
How long would it take you to plan an invasion of the scale of the landings at Inchon? Have you ever done so?
- Constituents don't generally follow their congresspeople. Nobody is subbbed to /r/HoR12thdistrictofCA.
- Legislators don't have the time to do such updates because they spend a lot of it fundraising.
- Being honest about how they evaluate arguments would leave legislators open to the scorn of people who think the government officials should never have misconceptions or make errors of reasoning.
And really, this isn't that hard of an issue, I could probably ask my gramma "should AT&T be able to sell your browsing history to advertisers" and she would say no.
Maybe we should reduce that range of issues by cutting down the amount of regulation that the government is responsible for maintaining.
(They could have let the rule go into effect and then drafted legislation to clarify and unify the regulation of internet privacy. This might have been annoying for ISPs. So what.)
You might have a few R's (Amash?) that will pull the Libertarian card saying that free market should resolve this one it's own...choosing to ignore reality...the monopoly (just about) every American faces when it comes to choice for an ISP.
And obviously all the D's will vote yes as the rules were created and established in a Dem FCC / Presidency.
Despite party, it is sad to see quotes like Blackburn's carry any weight on any periodical outside of the puzzle section containing a where's waldo-esq spot the BS.
Here is the actual roll call for anyone curious, I had trouble finding it...maybe because the vote was so recent?: http://clerk.house.gov/evs/2017/roll200.xml
Pretty much, yes. It's fucking depressing.
The internet was supposed to be this bastion of knowledge, information and free exchange of ideas. Now it's just heading towards another avenue for large-organizations monetize the individual.
Granted, the internet will indeed remain a bastion of knowledge and information but we shouldn't have to look over our shoulders when taking advantage of that.
By the way, the fact that you cannot predict Microsoft's "new and exciting" ways of targeting me is a great example of why your argument is unconvincing. Do you really want me to believe that, as long as we kept this rule in place, network providers would never conceive of novel ways to participate in the advertising business using the network-level data they enjoy?
Your best friend, if you are looking for a no-tracking digital lifestyle, is the free market's likelihood of delivering to you just that. It may come at a premium price, which I assume you'll be happy to pay. At the moment, you are just making everyone else pay a premium price for the no-tracking digital lifestyle you prefer, and relying on bureaucrats in D.C. to patch up the rules from time to time to keep up with novel targeting methods.
Of course, since you don't know the first thing about economics, what we're treated to instead is some false ideological platitudes about the free market.
You may wish to read this (now antiquated) document, which details why verticalization was market-motivated in the oil industry in the industrial age: https://www.aei.org/wp-content/uploads/2017/02/Vertical-Inte...
And, again, do you really want to be in the position of saying that the ISP industry will consolidate the way the oil companies have? Do you have any idea how rambunctious the energy industry is at the present moment? At best, you've shown that you are correct for a very short timeframe, and proven that you are wrong on a longer timeframe.
For what it's worth the parent is right. I have a single ISP available to me, as is the case with the majority of the US(or maybe two if you're lucky enough to live in a large metro that hasn't signed exclusivity agreements).
The free market isn't going to bring a solution to this. When the internet started out there were tons of ISPs, now there's only a few large ones that are split by region so they have an effective monopoly.
Also, I was talking about the oil industry 110 years ago, not the modern energy industry. A similar modern industry to ISPs is telecom, and the only reason that those companies haven't all merged together is because of antitrust law (which you would also want repealed if you were consistent at all).
It's a no brainer that most people would recoil at the idea of everything they do on the Internet suddenly being for sale. It would be super easy to come up with at least a dozen relatable nefarious use cases and stuff them into TV commercials and ads and tying it to the Republican party.
But nope, silence. It's almost like they don't want to be in power. It feels like I live in a de facto one-party state.
I don't think privacy has that.
EFF has 25,000 members. NRA has 5 million. EFF has a budget of ~$16 million a year. NRA has a couple hundred million.
Start some display campaigns injecting peoples names and other personal information into ads. Have this follow people around the web. Even if data is not taken from what has been allowed here, most people will find it creepy. Link ad to a website explaining whats going on and how to contact their local member.
I suspect with a fairly reasonable spend you could get some strong resistance and media attention.
SNI makes gettng the hostnames easier than if they were encrypted as they are without SNI.
Then the ISP just does a reverse DNS lookup, which can be implemented a bunch of different ways, it's not particularly difficult.
> SNI makes getting the hostnames easier
Getting the hostname from SNI requires TCP sessionization and at least some form of DPI. Getting the hostname my way just requires single-packet inspection with a reverse DNS lookup. If anything, my way is easier.
It is a modification that needs to be made to software to accomodate the spread of the use of the SNI extension. As a user, I have no need for SNI.
Are you saying that doing reverse lookups on every IP address, where some of these IPs will have many virtual hostnames, is easier than extractng the plaintext hostname from a certain offset in a Client Hello packet?
If there are many virtual hostnames, how do you know which one the user has requested?
What if the reverse DNS data just lists an ambiguous subdomain and not the domainname in the user's HTTP request, or what if the rDNS data is missing?
It's a modification that has already been made to software and widely deployed. The RFC was back in 2003. Are there even any TLS implementations that don't support SNI that aren't also so horribly out of date that they're full of since patched vulnerabilities?
Also it sounded like you cared a ton about getting "these stupid hostnames", and if you don't I'm not even sure what your objection is. That you can't browse some websites on Windows XP anymore? If you care enough about security to complain that TLS sucks compared to CurveCP, you definitely shouldn't be using it anyway.
Maybe I do not care about security and I just like carefully written software by people who do not make many mistakes? Is there something offensive about that? Am I allowed to make my own choices of software?
This is all beside the point. I care about having to use SSL and now with SNI. It is a hassle. Whether one likes SSL or not. It makes everything more complicated.
I believe there are too many websites encrypting content that honestly does not need to be encrypted. But I am sure they have their reasons.
I know how old the RFC is, but only in recent years has SNI become widespread. Probably because of all the hype around https adoption.
It is obvious that some people must care about privacy and/or security, or maybe they are just pretending to care? How else to explain the growth of https?
I just said that because it's the only one I can think of people still having around that doesn't support SNI. OpenSSL, NSS, etc. have all supported SNI for a decade. In fact, I can't find any TLS implementation that supports even TLS 1.1 that doesn't support SNI. So unless you have an example I'd say SNI reached fixation a long time ago.
> Notice I never said TLS sucks, you did.
From another one of your comments: "I would not use SSL. Why spend time learning and fiddling with something that is so flawed?". Using TLS definitely counts as fiddling with SSL (TLS is a derivative).
> Maybe I do not care about security and I just like carefully written software by people who do not make many mistakes? Is there something offensive about that? Am I allowed to make my own choices of software?
Sure, write your own SSL/TLS/CurveCP implementation. But you started with "Just say no to SNI" and claimed privacy advocates should push back on it, which obviously doesn't only apply to you.
I don't. Unlike many forum commenters, I do not try to convince people what software to use. I am not telling any users to stop using SSL. (Even though I strongly dislike it myself.) I am only addressing SNI, an extension to SSL that has become widespread in recent years.
Unlike you, I am not making presumptions about other users (except perhaps that some value privacy). They might know about some software I don't. I do not conclude "Well, that's all I can think of, so it must be everything that is worth considering."
If someone asks me how to do something using SSL libraries I am always going to say I would not use those. I am just being honest. Next time I will not mention CurveCP. Then they will ask: So what would you use? If I say anything other than SSL/TLS, they will attack my choice even if they know nothing about it.
A lot of very popular software is poor quality. That is my opinion. I do not choose software based on popularity. Sorry for not comporting to your assumptions.
Pre-SNI: Domainnames encrypted. Post-SNI: Domainnames unencrypted. Fact. That is not the only reason a user could dislike SNI. But it is the one that is applicable to this news event.
I think it is for users to decide whether they like SNI or not. And in my opinion silence does not necessarily mean they approve.
Also I went looking for TLS libraries released in the past ~10 years without SNI, my only "assumption" about users was that there were myriad of other reasons why you wouldn't want a decade old TLS implementation (the biggest one being security). If you have a more recent example, I'd love to hear it.
If you don't want people to ask for evidence when you make general statements like you did for quite a while before you decided this must be a personal attack, then don't tell people quite clearly what they should do if they care about privacy.
Then why comment? One user expresses dislike for SNI and you feel compelled to respond? If you have your own reasons for liking SNI you could have stated them, but you did not.
If I do not like SNI, then why would you care? My reasons are my reasons.
SSL-enabled software has to be "updated" because SSL-enabled software did not support SNI since 2003. It spread more recently. The reasons behind this I leave as an exercise for the reader.
As a user, I have no need for SNI. It is annoying for multiple reasons. Leaking hostnames is among them.
I am still able to use many websites that do not require SNI.
They are no less "secure" by virtue of not enabling it. And the software I use is no less secure for not supporting SNI.
Whether leaking the domainname in the Client Hello packet bothers a user or not is up to them. I simply brought it up as a consideration. I have a particular dislike for SNI because it requires modifying software that works just fine without SNI. I happen to like this software better than complex programs like "modern" browsers or command line programs with hundreds of thousands of lines of code and vast arrays of "features". Whether anyone else cares about such things, I have no idea. With HN, there may be some readers there with a similar aesthetic to mine. But probably very few if any.
As a user, I do not need SNI. I am not very motivated to modify software to support it. Especially when it moves the hostname out of the encrypted stream.
Secret reasons? FUD? Are you kidding?
Information about SNI is all over the web, in well-known places, from GitHub to StackExchange to Wikipedia. One does not have to chase up RFCs and dissect pcap files to verify what it does.
Here is an example of a proxy that uses the plain text hostnames to do redirection.
There are so many questions about SNI on stackexchange I do not know which one to choose. Here is a random example.
"The desired hostname is not encrypted."
I am the last person to tell other users what software to use. No one would want to use my selections. I work in VGA textmode.
Everyday I see people telling other what software to use or not use, ad nauseum, in forum comments. I see little respect for users, especially from the large tech companies who assume all users are like lumps of clay to be molded however it suits them.
That you think I am doing this I find amusing. Again, my "desktop" is a VGA textmode console. The number of users who would choose such a working environment in the face of tech company marketing is minute.
Now, that is not to say I do not think they could easily adapt to textmode. I know they could because I saw many users do this in the 90's. I do not make assumptions about what users can handle. I am not trying to delibrately sell anyone on my software aesthetic.
More accurately, what I was trying to do in my original comment, before getting suckered into arguing over inane comments (and I apologize for this), was to make a whimpering plea to the folks who are driving the SSL/TLS bandwagon. The IETF types. I think they deplore unconventional users like me so the idea of pleading with them is probably futile to begin with. Maybe other users would care, too? I have read that someone has proposed a draft solution to exposing the hostnames in plain text. That is a start. Perhaps they are begginning to acknowledge they can do better.
The bizarre nature of your concern with my dislike for SNI actually suggests you are wielding some sort of FUD. Why do you care about what users know? You do not want users to question the merits of SNI? As far as I know, the sole purpose SNI is for virtual hosting. Maybe you work for a hosting company? Maybe you are a small website owner who does not have a dedicated IP address? And you want to run multiple https sites from the same IP? There are reasons to defend SNI but no one in these comments raised them.
To conclude, judging by the comments from openasocket, it may be that ISPs will be mining DNS requests as the primary means of profiling users for marketing their data to third parties.
If that is the case, there are solutions for users. Avoiding third party DNS, or even DNS altogether, is easy. Encrypting DNS packets is also easy.
Avoiding SSL/TLS on the www is probably impossible. It has spread like the plague, with hordes of staunch defenders who will not tolerate any experimental ideas that could be used as alternatives. For them it is SSL/TLS or nothing.
The biggest threat to privacy is probably ignorance and blind faith.
You appear to have forgotten to read your first comment:
"This thread may grow long and maybe turn to the topic of HTTPS. SSL with SNI exposes plaintext hostnames/domainnames on the wire for anyone to read, aggregate and sell, not to mention tamper with. It should be an optional extension. For many users it adds no benefit. For some users, it breaks their software and adds needless complexity. Now the privacy advocates have a reason to dislike it too. Just say no to SNI."
The grammatical form of the last sentence is called imperative. It is not a misnomer. The previous sentence quantifies over "privacy advocates". The first tells people who are not you what to do, the previous one tells people who are not you what they have reason to believe. You were the first person "telling others what software to use" in this thread.
As someone else commented, SNI appeared in 2003. Was all SSL-enabled software written after 2003 SNI-enabled? Why not?
There are still many https websites that do not require SNI. God bless them.
Perhaps they can afford a dedicated IP and do not need to engage in virtual hosting.
If the SNI info was at a fixed offset in a packet, it would be easy. But, per the RFC, it goes at the end of the client hello, after the list of supported cipher suites and compression methods. Not only does that mean it's not at a fixed offset, the actual client hello message may not be contained in a single packet, but rather several. So the ISP has to gather the packets and put them in order to re-construct the TCP stream, and then compute the offset. That is not trivial to do, especially at scale. Reverse DNS lookups are much much easier. Trust me: in my work I've helped implement both TCP sessionization and reverse DNS lookup infrastructure, and the latter is far more scalable.
And you are saying that all hosts have set up reverse DNS and the data is complete and accurate?
I'm talking about a hypothetical ISP that wants to extract all the hostnames its customers are connecting to. It has to analyze the traffic off a live stream and re-construct the TCP stream to do this. Rebuilding the TCP stream on a 100Gbps switch is pretty hard to do. Something like "sniproxy" is only extracting the hostname for all traffic connecting to it, so it doesn't have to try and re-build the tcp stream.
For the reverse DNS stuff, yeah you can't count on PTR records. The easiest thing is to use a third party like Domain Tools (https://www.domaintools.com/), or you can roll your own. The quick and dirty way to do this is to get your hands on regularly updated zone files with all the hostnames, do a DNS lookup for that domain name, and store that data in an index. Assuming you get regular updates to your zone files the daily load is manageable. From memory, for .com you only need to evaluate about 400K domain names a day.
I have done it with tcpdump.
What does getting the hostname from an encrypted packet require?
Assume DNS is not used and there is no reverse DNS information available that gives the specific domainname requested by the user.
> Assume DNS is not used and there is no reverse DNS information available that gives the specific domainname requested by the user.
If it's a hostname it has to correspond to a valid domain name, right? You can always use a third party or roll your own reverse DNS entry, as I described in my other answer. As long as the domain name actually has a DNS A record, we can get it.
If it is listed in the ICANN DNS, maybe.
DNS is not mandatory for a website to work.
Most of the time I do not use DNS when reading the www. I have my own databases of the info I need to reach websites. Not that I expect anyone else would do this, but it is very fast and reliable.
What would you encrypt the hostname with?
This is now a tunnel.
Over that tunnel:
* If you've connected before attempt to reuse the cached credentials to further establish a connection to the requested certificate. This validates prior authorization of being the target host.
* If the above fails or if it's a new host, ask for the certificate, perform extensive validation including REQUIRING that the external revocation check authenticates and confirms non-revoked.
Say a client is speaking CurveCP with another party; how do they authenticate the other end? What if the other end has limited resources (such as IPv4 addresses) and needs to serve multiple entities, how do the client and server distinguish or determine which entity to authenticate to/for/with?
As a www user, I do not like SNI and that is only an opinion, as a user. Why? Because all existing software that has to be SSL compatible now has to be modified to handle SNI. As a user, I derive no benefit from SNI. That is why I dislike it, first and foremost.
But I believe there may be other reasons to dislike it. Perhaps privacy. Perhaps censorship. Maybe none of the above. I don't know. You decide.
In any event, it seems there are at least a few folks that agree with me that the merits of SNI are at least questionable which is both surprising and encouraging.
Modifying the SNI hostname in transit is pointless - the client still knows what hostname they sent. Changing the SNI hostname would only cause the server to send back a different certificate, which would immediately be noticed by the client.
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D D
Not Voting ---9
R R R R R R D D D
House Results - http://clerk.house.gov/evs/2017/roll202.xml
R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R R
D D D D D D D D D D D D D D D D D D D D D D D I D D D D D D D D D D D D I D D D D D D D D D D D
Not Voting ---2
Senate Results - https://news.ycombinator.com/item?id=13943060
(I liked this format.)
What are they going to do, repeal a law that was sold on the premise of "think of the children"? Sounds like something that would come up during re-election: imagine a "Rep. X voted to make it easier for online predators to find your children online" campaign.
Condense something like this into a 1 minute add, run it as a 'how to' aimed at predators with the intent of striking fear into the hearts of parents who see it, and then end it with a short message on why we should keep internet usage private.
Is there a simple guide or steps that I can follow to make myself anonymous? I know there is TOR and VPNs, how can I go about setting it up?
This is pretty much the only way to ensure any remote privicy (sometimes).
Still not perfect, but I'd argue Azure, AWS, and the like are less likely to try to inspect/monetize traffic than a consumer ISP.
Disclosure: I built it.
Edit: Here's sort of an answer to my own question
If you run through a 3rd party VPN you have to trust the provider to not sell your information.
If you run through a US based datacenter your data is still within reach of a subpoena but your ISP won't have access to it.
Why weren't you running a VPN already?
This was a vote to head off the implementation of a regulation that hadn't gone into effect already.
SpaceX's planned satellite internet will hopefully fill this void for the world... until Elon dies and it's taken over by the evil, ignoramuses of corporate greed.
For broadband Internet, my understanding is that most have exactly one choice; in my experience, usually one of Comcast or TWC. (Currently, where I live in the Bay Area, Comcast is my only choice. And it shows: Google Fiber would offer a speed 500% higher, for the same price, if it could only materialize.)
If you allow for non-broadband options, okay, yes, I have choices. That gets me AT&T — who sells their users data — and mobile cell carriers (the latency is unacceptable).
But all is not lost. There are municipalities that are providing a competing internet service. Internet is fast approaching a public good/right, so I believe this is a worthy approach. Here's an example near me: http://www.timescall.com/longmont-local-news/ci_28030675/lon...
As mentioned, SpaceX will circumvent the local restrictions and limitations of 'wire in the ground' with their satellites.
And now, if there are some ISPs that will sell your data and some that won't, that differentiation may open up the door to greater competition. Perhaps even, that's a silver lining to breaking up the ISP oligarchy that exists now.
At face value this is a good thing for privacy, but I am concerned that when lawmakers realise their error they will just legislate themselves out of the hole by making access to VPN services harder.
> (d) It shall not be unlawful under this chapter for a person not acting under color of law to intercept a wire, oral, or electronic communication where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.
> Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.
There is no ISP in the business of selling the data for a single individual by name.
The obvious followup is complaints about how ofter consumers don't have a choice. Perhaps the reason there is so little competition is that local municipalities enter into franchise agreements where in order to add internet to one house, you have to agree to cover the entire area. This makes it so that only big pockets and people that can influence politicians get the build an ISP. Also, we could look at access fees to explain monopoly providers. https://www.wired.com/2013/07/we-need-to-stop-focusing-on-ju...
If there were genuine competition perhaps real consumer preference would win out, whichever that may be. Rather than deciding how much people value privacy, perhaps we should let people choose for themselves at a level other than the federal one.
Or in other words: a taboo.
Yes, think of all the poor, unfortunate ISPs that are barely scraping by every year to give you your unprecedented internet bandwidth. These are small companies, owned by people who have children to feed. Selling your private data is one of the only ways they can stay out of bankruptcy. We all need to be a little more mindful of who we're hurting next time we enact this kind of draconian regulation.
I think there is always a flip side and I think this is it. Why can facebook take my data and sell it but for the ISP, my data is treated like a health record? Personally, I don' think anyone should be able to sell my data.
However, most people in the US have a choice of only one or two ISPs, so there may not be an option to choose a company that doesn't sell your data.
> In June 2015, the FCC reclassified the ISP's as common carriers. Tada, the FTC rules no longer apply. So the FCC regulated them with roughly the same set of rules. Now they've undone this.
Implementing this change via legislation also means that changes in these regulations require statute change (not purely by the whim of any President).
This is an unfortunate example where government is not set up to address concerns of today's environment. They are trying to apply legal constructs of 20-50 years ago to a quickly changing age. And while you can argue whether the prior administration did the right thing legislating in this environment, the one thing they did was understand that access to the Internet should be a right as opposed to a privilege. Like education, access to 911, etc. As more services move exclusively online, this fundamental access question only becomes a greater concern.
If individuals aren't guaranteed access nor have any protections online, then we are heading into a very dangerous area (if the only way to lodge a claim against your internet provider is online, then they will know what you are doing).
"Now, the really big question is: can your ISPs see the content of your online interactions? Can it read your emails? Can it read your search results? Can it store and search through the words you typed into a webpage?
And the answer is: yes, sometimes.
If the website you visit is not secured with HTTPS – meaning that any data between you and the website is encrypted – then your ISP can see exactly what you are doing."
Read the article for suggestions on how to protect yourself.
I don't understand how they fail to recognize that ISPs will
a) see all of the sites you will visit and
b) many people can't choose between ISPs because there are only a few in their area
It seems that for the GOP, as long as there is profit for corporations, they are willing to give up the privacy of the voters.
How is this different than the telephone company eavesdropping on your calls and selling the information gained to marketing companies?
We can vote alright, but what we are actually voting for is the person who is the most convincing liar and makes the most appealing "promises", without them being obligated in any way to actually implement their promises once elected.
As I see it, individuals only have a couple of effective ways to influence politics:
- withdraw your financial participation in things you don't agree with. This is extremely difficult: most people are not willing to endure the sacrifices necessary, and we're not coordinated to do it together. If everyone (or even 10%) canceled their Internet service, cable service, or whatever, for 1 month, THAT would get attention. If 10% were willing to lower their standard of living in order to reduce the government's tax take by 10%, that would get attention.
- regular individuals need to donate more money to politicians than corporations and wealthy individuals. It's a sickening thought to me that the only way to get public servants to actually serve the public is to bribe them, but obviously that works.
Edit: The rule was intended to stop existing practices or prevent companies from doing this in the future.
Can someone give people like me a "5 things to fight back" list?
I don't think Thiel has that kind of juice. Maybe Bannon does but it really seems like this would have to be an issue he cares deeply about personally, and it's hard to think of one where there's much space between the president and the modern GOP.
What makes you think the guy who describes his preferred business model as being to establish a monopoly would do that?
Who will be the first to start a "privacy-driven" ISP with marked up prices?
In other words, the secret must have the same heuristics as any plain text. Can you fool the sensor that detects ciphertext? Great -- no throttle for you!
Damned if you do, damned if you don't.
I am also aware that they aren't foolproof.
(2) HTTPS makes a limited amount of sense. Even on encrypted connections, ISPs know which domains you visit. In some situations they may also be able to MITM your certificates and read the data you transmit.
(3) Any semblance of privacy now requires either a reputable VPN or TOR.
I'm not for this at all vote at all, and I'm not sure why Trump supporters are, I'm just trying to come up with a good argument for why it's worse.
And the reason ISP is much worse is your ISP is your gateway to the internet. Everything you do can be tracked and it's directly tied to your personal identity. You can't avoid being tracked by it by using a different site. Want a list of cat owners in San Fransico? Comcast has that list and they'll sell it to you, names, addresses, etc. How about a list of people who have googled 'given medical condition' in the tri-state area? How about a list of names and addresses of people who are interested in gay sex in Utah? How about who have visited Ashley Madison in Washington, DC?
In theory you can opt out of FBGOOGZON tracking.
Those who prefer a smaller government and objected the the FCC'c huge over reach that this rule was part of.
The eff is an obvious choice and I'm a member and have been for almost 20 years.
In my mind the big thing is people that vote for republicans don't fully understand that they are voting for non-privacy, pro-business, and really, pro-military. Granted, there are some dems that can fall into this trap and 9/11 pretty much ensnared all but a few into the reactionary mindset. This actually took true visionaries and leaders to overcome; few and far between.
So, really, local debate has to happen in the red states where these majorities are elected. This is a long uphill battle, but the message of "mega-corporations are not your friends" has to be paramount and when you're not earning tech salaries, we are part of the problem.
For coal miners and all these higher profile ise cases, we need to re-connect with the human and community level. That's the disconnect right there; it's easier to get angry about 'the swamp' than it is to try to take your own local municipality into your own hands or figuring out how to stay local vs. state.
California, New York, etc - these aren't the battlegrounds. They are the future. The majority of their population already agrees on global warming, privacy, tech, etc. They're one step behind bitcoin/ethereum/altcoins globalization.
But for somone in W. Varginia that's a coal miner that has been laid off (a big Trump talking point), these things matter On a massive level.
So there's our schism - how can we provide a forward thinking, longer term vision that helps the common citizenry? In my mind, everything this repubican extremist 'president' represents are big interests and reducing their unfettered access to unlimited profits, regardless of what that means.
Your (what's left of it) privacy and whatever else is fair game.
I'd advise to (of course) moving to tor, vm's and seriously, cryptocurrencies. Currency is a great way to start hacking back towards 1:1, person:person transactions which leads to a less decentralized money system.
And, If course, money underpins pretty much all us entrepreneurs do.
So, we do have options. :-/ These options include vpn, tor, cryptocurrencies, ethereum, etc.
Edit: mobile spelling corrections.
Your "will be" should be changed to "has been." The data selling was possible (100% guaranteed to be occurring rather) prior to Trump's election for example.
I can't pretend I know what it's like to be a general layperson about tech, but my base instinct is that this issue of Internet privacy protections is much more salient to the average person than SOPA. Yet even as a follower of politics, I barely heard about this until last week when the Senate voted on it.
I can think of a couple of factors:
1. Internet giants advocated heavily against SOPA. Those same companies have less incentive to argue against selling user data, even though selling data at the ISP level is, to me, substantially different than at the website/service level.
2. So much political energy and attention has been spent on the Trump Administration, particularly on the recent push to repeal Obamacare. IIRC, even though SOPA didn't get much media coverage until around the week of the blackout, it wasn't competing with anything quite as big as this past week's vote on Obamacare (nevermind the other issues surrounding the executive branch).
Edit: Worth pointing out the Senate vote from last week, in which no Republican broke ranks in a 50-48 vote. 2 Republicans were not present (edit: I originally wrote "abstained"), including Sen. Rand Paul who is listed as a co-sponsor:
Adopted last November, published in December, parts went into effect in January and parts earlier this month, with more parts due to go into effect in June and December.
edit: note Senate....
Then again, the vote to change the rules to disallow filibusters could itself be filibustered.
But, the Senate, despite all that, could (on motion) declare the filibuster unconstitutional, and only require a simple majority vote to affirm it.
Man, our Congress is so broken.
Source: 2nd paragraph of https://en.wikipedia.org/wiki/Filibuster_in_the_United_State...
Then again, the vote to change the rules to disallow filibusters could itself be filibustered.
Not to mention that he already publishes his browsing and TV history via Twitter for anyone who cares to really track it down.