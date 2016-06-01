Hacker News new | comments | show | ask | jobs | submit login
You can’t buy Congress’s web history – that's not how any of this works (theverge.com)
35 points by gojomo 1 hour ago | hide | past | web | 13 comments | favorite





"and they every major network has robust safeguards in place to prevent you from working back to a single person’s web history."

hahaha. THat's quite a talking point. What would these "Robust safeguards" be? The history of pretty much every study on this, ever, is that it's pretty easy to deaggregate and deanonymize data.

But look i'm sure, verizon, at&t, etc, those great bastions of "doing it right", have done this right too!

20 bucks says if someone buys large amounts of the aggregated data, they can extract significant information that can be pinpointed to individual congresspeople.

People are missing the point on the bill, it isn't just horrible for privacy. Really this is a jab at net neutrality, the open selling of data by ISPs is a power grab away from the FCC that helped to make net neutrality a thing by labeling broadband/ISPs as common carriers.

Republicans (this was a party line vote) say it is unfair that Google and Facebook have your personal information and use it for ads but why can't ISPs have that and also sell it? One big major reason is people sign up to Google and Facebook for the purpose of sharing and agree to their ads in exchange for a service. Google built the most powerful search engine and Facebook built the social graph. Google/Facebook built value and they only use your info to target ads to you, they don't sell it because others would do the same. They sell ads and people use them because they have info on you, not necessarily to sell off to others.

If you ask me it is unfair for republicans to legally allow ISPs to do the same because we expect privacy from ISPs in ways we do not from Google and Facebook. You can choose not to use Google or Facebook but you cannot choose your ISP/broadband provider. In my opinion this is like letting someone view your mail, read it and then sell information about you.

It is also an unfair competitive advantage for ISPs above all because they can place ads on any website if they want or track you across all sites not just like Google/Facebook which are huge but only see a portion of what you do. ISPs built no value product like a search engine or social graph for this purpose, they should do that if they want access like Google and Facebook. It seems almost like the GOP are harming innovative companies and rewarding/catching up non-innovators. I bet broadband companies/ISPs won't even use the profits to improve broadband and rollout gigabit service for real. It is a rewarding of lazy semi-monopolies over innovative companies and products.

Republicans also control the FTC not the FCC so they want all control to fall to the FTC instead. It is both a power grab and a bending over of all their constituents.

Most of all, it is also another step in dismantling net neutrality as FCC protected that by categorizing the broadband/ISPs as a common carriers and they want to sap the FCCs power in that regard.

Discrimating between companies leads to communism. Good opportunity for isps to gain market share by offering privacy protection.

Those are called VPNs.

Of course you can buy a non-identifying information perfectly legal. And then guess what's the definition of non-identifying information? Think again. If ISP thinks it sells you that, nothing stops you to look at that yourself closely - and may be, just may be you'll uncover something which ISP missed. After all, scrubbing data to be perfectly non-identifying could be, you know, expensive. And doesn't exactly fit ISPs business model. So sharing even Congress-related history could be an interesting thing.

You're right. My guess is most "anonymized" data is lazy--stripping out obvious identifying information. There are quite a few cases where you can pinpoint users from correlating to publicly available data. CGPGrey posted a video today showing a layman's example with Social Security Numbers[1].

One cool thing I heard Apple talk about[2] was injecting noise or subsampling to help mask individuals. Although, I don't see that mentioned in their public page on privacy[3] or their whitepaper[4].

[1] https://youtu.be/Erp8IAUouus

[2] https://www.wired.com/2016/06/apples-differential-privacy-co...

[3] http://www.apple.com/privacy/approach-to-privacy/

[4] http://images.apple.com/business/docs/iOS_Security_Guide.pdf

Buy aggregate browsing history for users in DC and nearby area codes. Look for browsing of .gov websites that are effectively government intranet tools. Correlate with access to RNC sites, Infowars, FoxNews, etc. While I'm sure you would both miss people and have some false positives, you'll likely also identify many members of congress and their staff.

Google searches have the query in the URL... probably most "important" people google themselves occasionally.

Prohibiting the sale of individually identifiable information is a very weak protection. It's alarming how quickly multiple dimensions of "anonymized" data can be used to zero in on any target person, and it won't take long for amoral opportunists to start selling de-anonymized data to the highest bidder. See also k-anonymity.

Look no further than the news in Congress last week. Devin Nunes' claim is that he saw conversations where names were masked, but it was obvious who they were about.

When doing this procedurally, it's amazing how few data points are needed to pinpoint a specific person.

> In the meantime, the two biggest campaigns have collectively raised nearly $140,000 for the purchase of web histories that will never go up for sale. It’s anyone’s guess where the money will end up.

Well, NSA staff did LOVEINT. Maybe some ISP staff will want to profit.

Edit: But I wonder how it'd be possible without self-pwning.

>you want to get really clever, the Wiretap Act also makes it illegal to divulge the contents of electronic communications without the parties’ consent, which arguably includes browsing history.

So wouldn't it be illegal for sites to sell visitor information (email lists)?

Didn't Netflix pull their 2nd competition because people figured out how to de-anonymize all the anonymized data? Can you not figure out who someone is by repetitive filtering?

