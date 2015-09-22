Hacker News new | comments | show | ask | jobs | submit login
How the Republicans Sold Your Privacy to Internet Providers (nytimes.com)
107 points by crispyambulance 1 hour ago | hide | past | web | 49 comments | favorite





So the only thing I don't understand as far as the fuss about this is concerned -- everything I've read indicates that this is undoing a protection put in place late last year. So essentially we've gone back in time six months ago or so. If ISPs weren't selling our info then when they could have, why does it logically follow that we're now in some uncharted territory of ISPs selling personal info? Or is this simply blowing the situation out of proportion because Republicans did it?

reply


Because why the push to undo something if they weren't planning to do it, or weren't already? I know Verizon has an opt in program for it where they gave you deals and free data.

reply


In case people don't know, the author, Tom Wheeler was the previous chairman of the Federal Communications Commission.

With the administration changed he no longer is in government.

also formerly a lobyist for the cable and wireless industry, which gives him some insight into the industry.

https://en.wikipedia.org/wiki/Tom_Wheeler

reply


I feel like this isn't going to go anywhere but I'm still tempted to contribute: https://www.gofundme.com/BuyCongressData

reply


Also this https://searchinternethistory.com/

reply


This is like FedEx or a privatized USPS being able to open your packages and read your mail without telling you.

I pay you to carry my damn packets, keep your filthy hands off my data.

reply


A better analogy would be FedEx selling your incoming and outgoing addresses and package weights to third parties, not necessarily the contents of your packages.

reply


More like your landlord selling the keys to your apartment, but you still have the key to a series of safes inside. Everyone can get a lot of your stuff and probably watch you poop, but hopefully those safes are built well enough to keep everyone out of your valuables.

reply


Why not the contents? What happens when most content is not over a secure connection such e.g. Over HTTP? Could they not inspect the content?

It sure seems like they could. For most people most of the internet is still insecure.

reply


I know for me personally I already assume anything over a non-HTTPS or non-secured protocol will be received and possibly read by anyone and everyone.


Only if every package and letter I sent was securely sealed so they couldn't get in.

reply


Tom Wheeler, former FCC chairman and cable/wireless lobbyist, fails to charitably address why his opponents did what they did. To Republicans and opponents of his FCC chairmanship, this was about regulatory authority, not "selling your data to ISPs". They believe the FTC, not the FCC, should be the main privacy regulator as it has in the past. They also contend that ISPs are already disallowed from scooping and selling data without consent, and that the FCC already has authority to prosecute, via sections 201, 202 and 222 of the Communications Act.

reply


At least consumers still have https going for them I suppose? Or maybe ISPs are now more motivated to man-in-the-middle those connections to get to the data, under the guise of security or something?

reply


They can still correlate traffic going to specific IPs, DNS requests, and SNI information (since it's not encrypted, because the remote server needs to know what certificate to use). There's plenty of data to choose from.

reply


I don't believe SSL alone would protect you since ISPs would still have access to the DNS lookups, the fully qualified domain name of the server (which is sent in cleartext for SNI), and IP addresses for the person browsing, so there's still plenty of "meta-data" for them to sell.

Maybe if you use a third party DNS service, but then you need to trust them.

reply


Yea that was my main question during this. What can we do. I thought https made this near impossible unless they MITM it, which would be difficult no? Or is it easy?

This is all the more reason we need to start encrypting all communication. All my hand built services (home bots, etc) need to start using tls for everything.

reply


Three problems here. First being that the ISP is a permanent MITM. Second is that TLS will not protect the hostnames, which are sent in the clear so that servers can identify the correct certificate for a given connection. Likewise, DNS is not encrypted (though companies like OpenDNS do provide alternatives here).

reply


How difficult would be to create a DuckDuckGo of the ISPs? Both at national or local levels.

reply


Does anyone have a good VPN that they would recommend? This bill is totally fucked.

reply


The article's main argument is that the ISPs are selling something that doesn't belong to them, but to the consumer.

I don't like the idea of my personal information being sold, but how could you state this as fact? Shouldn't it be up to the consumer to choose to do business with a company that sells your personal info vs a company that does not?

reply


Ideally, that would be true - however the market for internet service is far from perfect. Over half of Americans only have one choice in broadband providers (at 25Mpbs), and just under 15% have more than two to chose from (at any speed)[1]. The cost of entering the broadband market and laying last mile cables is simply too high for there to be meaningful competition in much of the US. Hopefully, a policy like dig once[2] will eventually create real competition in ISP market, but until then the largely monopolistic ISP industry cannot go unchecked.

[1]: https://cdn.arstechnica.net/wp-content/uploads/2014/09/fcc-b...

[2]: https://www.washingtonpost.com/news/the-switch/wp/2015/09/22...

reply


You say that as if everyone had the ability to changes ISPs freely. Consumer choice is irrelevant if there's nothing to choose from.

reply


I have a single altenative ISP that offers over 15 mbs, there is no fiber in my area. I live in New York. not the city, and I do not live 'upstate'.

as the above pointed out to your comment, it is very difficult to chane ISP's I am not happy with mine and I do not have an alternative. my unhappiness came way before this bill.

reply


> Shouldn't it be up to the consumer to choose to do business with a company that sells your personal info vs a company that does not?

Ideally, yes. But there's a lack of competition in the ISP industry, due to either government-granted monopolies or plain old high fixed costs, which create a barrier to entry.

Though, the historically low interest rate environment should minimize this "barrier to entry" issue. Are there notable startups in the ISP space?

reply


Via precedent set by protecting phone calls:

"For decades, in both Republican and Democratic administrations, federal rules have protected the privacy of the information in a telephone call. In 2016, the F.C.C., which I led as chairman under President Barack Obama, extended those same protections to the internet."

reply


Regional monopolies are tolerated and the companies benefit tremendously from legislation and regulations that make it near impossible for meaningful competition to exist. Ideologically, the "harmful regulation" rhetoric is incredibly hypocritical.

Which is to say: most consumers have no choice among providers. That fact is a result of government action. If companies would tolerate legislation that would encourage increased competition in exchange for the right to sell consumer information, then you would be right. Of course, that isn't what happened here.

reply


Should a company you pay to make phone calls over sell the data of who you call?

Should a company you pay to mail packages/letters inspect your mail and sell the data of what mail and subscriptions you are getting?

reply


That would be great, but privacy policies are unreadable and ISPs tend to be total or partial geographic monopolies anyway.

This is a classic case for regulation.

reply


Don't downvote people who ask questions. Answer them if you disagree.

reply


It's the same obvious policy applied to phone calls previously and mail previously previously.

reply


> In 2016, the F.C.C., which I led as chairman under President Barack Obama, extended those same protections to the internet.

Oh how nice of Tom Wheeler to play the good-guy now. It took a lot of public outcry for him to change his tune about Net Neutrality.

reply


He came around, and then was a reasonably good champion. Let's live in a world where people aren't permanently branded with temporary positions.

reply


Is there anything the average user can do to protect their data/privacy from their ISP?

reply


Start with not using their DNS servers (OpenDNS https://www.opendns.com)

Install HTTPS Everywhere (https://www.eff.org/https-everywhere)

Install uBlock Origin (Chrome - https://chrome.google.com/.../ublock-origin / Firefox https://addons.mozilla.org/addon/ublock-origin/)

reply


Yes VPN is a good answer here, but another idea to make the data they collect and sell less useful would be something like https://github.com/WhiteBeachStudios/cyberflare to hide your real usage habits among a bunch of artificially generated traffic.

reply


Use Tor.

reply


VPN is a solution but requires trust in VPN provider. OpenVPN on a VPS can help. Also, consider DNS traffic can leak information, but I've not read of a fool proof way to fully protect DNS queries.

reply


I use a VPN, but I have to turn it on for each device. Is there a good way to set up my router to automatically push all traffic through a VPN? I'd probably need to make exceptions for stuff like video traffic.

reply


Good VPNs have DNS leak protection now, and frankly, I recommend avoiding one that doesn't.

reply


Run everything over an encrypted channel.

reply


Encrypted VPN that doesn't keep records (I like NordVPN, but have had good experiences with others like IPV and PIA), uMatrix, uBlock Origin, and don't forget to turn on your user agent spoofing options.

reply


I'm afraid that the problem is bigger than that, most people have a number of devices that connect to the internet, not all of which work with VPN.

reply


That's where a decent router that can support your VPN comes in. Look, I grant you this is not perfect, and there is no perfect enduser solution, but if you want to stop the bleeding, that's how.

reply


vpn?

reply


Begun the crypto wars have.

reply


good thing this will create jobs jobs jobs! aka just ordinary bull shit.

reply


if i dare to say that the republicans fucked us over i'll be banned for "partisan bickering", so:

we just need to develop technological workarounds to the politicians. vpns are an okay start.

reply


It's actually interesting, now i feel like VPNs are going to get a huge spike in customers.

On that note though, if all ISPs are doing this, what VPN choice do you have?

reply


But her emails?

reply




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: