Not just harder. Infinitely more dangerous. Probably the scariest implications for NN being gutted are those around loss of anonymity through the Internet. ISPs who are allowed to sell users' browsing history, data packets, personal info with zero legal implications --> that anonymity suddenly comes with a price. And anything that comes with a price can be sold.
A reporter's sources must be able to be anonymous in many instances where release of information about corruption creates political instability, endangers the reporter, endangers the source, endangers the truth from being revealed. These "rollbacks" of regulations make it orders of magnitude easier for any entity in a corporation or organization to track down people who attempt to expose their illegal actions / skirting of laws. Corporations have every incentive to suppress information that hurts their stock price. Corrupt local officials governments have every incentive to suppress individuals who threaten their "job security". Corrupt PACs have every incentive to drown out that one tiny voice that speaks the truth.
A government that endorses suppression cannot promote safety, stability, or prosperity of its people.
EDIT: Yes, I am also referring to the loss of Broadband Privacy rules as they have implications in the rollback of net neutrality: https://www.theverge.com/2017/3/29/15100620/congress-fcc-isp...
Loss of broadband privacy: Yes, your data can and will be sold
Loss of net neutrality: How much of it and for how much?
The way I understand it is that ISPs can sell anonymized data from groups of users. Like: people who visit news.ycombinator.com generally also visit stackoverflow. I also don't know how an ISP would get your actual internet history if the website uses HTTPS.
Yes, I am a strong supporter of NN and I was appaled when the EU diluted it, but this reply is directed at your 'ISPs who are allowed to sell users' browsing history' part.
The regulations being overturned here are ones that have only recently taken effect, and non-anonymized, non-aggregate selling of ISP data is still outlawed by the Cable Communications Act of 1984, which protects subscriber privacy is 47USC § 551.
Put simply, neither the most recent executive order, nor a reversal on Net Neutrality overturns that law on the federal register.
Of course, if Congress were to draft a bill that does so, the current fears would be well justified.
Legally, I can't think of a case where it's been tested that didn't lean the government's way, so who knows?
Repealing the Obama rule does mean that you can't opt out of data collection or sale. It does not mean that your individual browsing records are available to anyone with enough cash. Moreover, much of the rules Trump's executive order overturn had either very recently taken effect, or not yet taken effect.
There may be much theoretical damage from overturning the regulations, but the practical effect here will be minimal, and limited because of the other laws that already exist to prevent exactly the doomsday scenario many are predicting.
I'm not saying that Trump isn't after your privacy rights, but the surest test of that will be whether or not he goes after or seeks to circumvent the 1984 protections I referenced earlier.
I think it is truly insane.
I do agree. There are somethings you can do to mitigate things. But at some point you have to be you (e.g., FB, etc.) and as small and minor as such digital breadcrumbs might seem, they add up.
I don't know anyone who would fault me for not being on Facebook (yes I know this has a strong selection bias). Only time was at a convenience store, looking a bit puzzled I had to scan my ID-card in some device (to buy cigarettes), the guy explained this was announced on Facebook, I (completely neutral, matter-of-factly, already having complied with the ID-device thing) replied I don't have an account on Facebook which he took as a cue to start some anti-privacy diatribe at me. My guess he was probably having a bad day, possibly from other people giving him a much harder time about the ID thing. I finished the transaction, excused myself because I (really) had to catch a bus, and wished him a very nice day.
My point is, when I look around, it seems like Facebook is going the way of the cigarettes. The majority of people (that I know) know of at least one or two scandalous things that are deeply wrong about the way Facebook treats privacy and manipulates its users. Of those people, a good chunk hate it, really want to quit, but feel they can't due to social pressure or addiction. Just like cigarettes. Others make excuses about convenience, little vices, relaxing. Just like cigarettes.
I don't know how many of you are old enough to remember that you could smoke in trains, bars, in restaurants while people were still eating 2 metres next to you. As late as the early 90s. And only after those bans people started to dare to ask if you could maybe smoke outside, in home situations, even if they're the guests and it's your home (I was younger and inconsiderater).
If you don't remember you maybe also don't remember how thoroughly ingrained the social act of smoking was in society. Only a few decades ago, nobody could imagine where we are today. Smoking was just so normal, even if you didn't really, you would occasionally, your friends would offer, people just liked it too much, were addicted too much.
The almost-entirely-non-smoking-everywhere society we have today was seen as an impossibility. We could never get there, we couldn't change or impose, people wanted it too much. And it was a hard transition before it got momentum, but it did in the end. I personally, as a smoker, welcomed these bans, because I figured it would make it easier for me to quit (hint: if you're addicted, you still have to quit by yourself. those bans maybe helped me the first 5% of quitting).
The point is, it may seem impossible to imagine a way out of this anti-privacy swamp. But it's not too late. Just remember the cigarettes and how far we got. DON'T let anyone tell you it's useless to refrain from using surveillance tech X just because "you're going to be tracked any way because P, Q and R" (being your phone, CCTV and the NSA). The fight is NOT lost, not at all. It's just getting started, now that people are slowly realizing they don't actually really want this, they are mostly made to want this, and more and more people want it to stop, and it would help if only everybody else would stop shoving it in their face.
Just because it seems impossible now doesn't mean we should roll over, curl up and stop voicing your dissent, ever.
Then maybe our kids (or other people's kids--who didn't ask for this either) can grow up in a society where they're not quite as pervasively tracked and surveilled as our generation.
If it helps maybe to imagine the next impossible thing, imagine everybody securely wiping the exabytes of private data they've collected on us so far. I really can't see that happening either and it kind of gives me hope in a weird "wishing on a star" kind of way, because other important things used to seem just as impossible.
 I've quit since. It's hard. Very hard. Unfathomably harder for some people than others. I will never judge an addict in my life.
47 U.S. Code § 551 (c)(1)
Except as provided in paragraph (2), a cable operator shall not disclose personally identifiable information concerning any subscriber without the prior written or electronic consent of the subscriber concerned
So this section of the law, though another might, does not support your statement that "that they could sell that (which is false)".
Your statement is too strong. It's not outlawed. There is a relatively easy avenue for ISPs to sell this type of data, and it's written into the law, and not some sort of weird loophole. It is voluntary that they have not pursued it on their part.
What the bill stripping Broadband Privacy rules does is make it nearly impossible for the law to set a precedent for what should be considered illegal to sell when it comes to users' data. What may have happened if broadband privacy rules were enacted as intended here[https://www.nytimes.com/2016/10/28/technology/fcc-tightens-p...]
... someday somebody who didn't "opt out" would have discovered their [medical, financial, insert whatever] data had been sold to their detriment. Lawsuit. Legal scrutiny. Precedent == Baseline for what is acceptable and what is not for people who don't opt out.
Now, with no consumer privacy rights by default on broadband, and no neutral delivery system (net neutrality), and with provisions the GOP inserted into the Broadband Privacy rollback explicitly to make it harder to sue entities who sell your data, the default situation is already stacked badly against the average person.
Your ISP can (and likely does) monitor your DNS queries, which (as far as I know) are not encrypted.
Personally I think the net neutrality stuff is a tad overblown. I'd vote for maintaining it, but I've never been particularly convinced by the whole "surveillance state/beyond-orwellian/ISP censoring your speech" arguments that get thrown around on HN, among other places.
I think the problems with ISPs are more practical: they overcharge, provide shitty service, have no incentive to upgrade their infrastructure, and clearly collude with one another. Therefore they need to be regulated.
Agreed. Though I would prefer that we do whatever we can to identify and implement mechanisms to increase competition. I want new ISP options, and several of them, rather than just marginally better behavior from the one or two ISPs I have in my neighborhood. I'd prefer regulation that increases competition (even if that hurts the incumbents) rather than regulation that assumes the incumbents are fixed and therefore just manages how they conduct their business. The prior is designed to create new ISP options, the latter tends to serve to decrease the incidence rate of new options.
I've always been a voracious Internet consumer. For all of its faults, I really enjoyed the regulatory framework of the Communications Act of 1996 that allowed competitive ISPs to lease physical wires.
> Your ISP can (and likely does) monitor your DNS queries, which (as far as I know) are not encrypted.
HTTPS does expose the domain name in plain-text through SNI. Yes, DNS is not encrypted.
Until the world switches to DNSCrypt, DNS-over-HTTPS, or DNS-over-TLS and while most Internet users are using ISP provided DNS resolvers, recent research shows it is possible to narrow down what pages the user browsed based on their DNS queries.
Like say I run hackernews — couldn't I just cross-reference my own logs with that "anonymized" data and get a pretty good idea of what a specific users' traffic was?
Based on some of the tools Uber has used to pinpoint specific users like, government officials, it doesn't seem too far beyond the realm of possibility.
The ISP could monitor your DNS requests or the SNI in the TLS handshake.
Why shouldn't there be similar provisions to protect my browsing history?
Charge users extra fees for "premium service" unless they agree to let the ISP their traffic.
If they want to determine your political leanings your browsing history is enough.
With a fee, this requirement could then be waived.
Dystopian but technically possible.
Gogo didn't require installing a root cert, but they DID issue forged certificates to MitM connections to *.google.com (and others).
Also, remember "Superfish"? Their root cert was pre-installed by Lenovo.
"On October 27, 2016, the Federal Communications Commission (FCC) issued a proposed rule that seeks to expand its regulatory jurisdiction, create a two-tiered privacy regime for different types of Internet companies, and impose data restrictions on Internet service providers. These types of regulations have traditionally been under the jurisdiction of the Federal Trade Commission (FTC), which already has in place a regulatory regime to protect consumers. Full implementation of this proposed rule would have, among other things, given consumers a false sense of protection and privacy. As a bipartisan group of representatives stated in a 2016 letter to the FCC in response to its notice of proposed rulemaking:
-We had hoped the FCC would focus on those protections that have traditionally guarded consumers from unfair or deceptive data practices by ISPs and the other companies in the Internet services market. But, based on the [FCC’s] Notice of Proposed Rulemaking, we remain increasingly concerned that the Commission intends to go well beyond such a framework and ill-serve consumers who seek and expect consistency in how their personal data is protected. If different rules apply to the online practices of only selected entities, consumers may wrongly assume that the new rules apply to all of their activities in the Internet. But when they discover otherwise, the inconsistent treatment of consumer data could actually undermine consumers’ confidence in their use of the Internet due to uncertainty regarding the protections that apply to their online activities.-
In response to these actions, the House and Senate introduced legislation in March to disapprove of this proposed FCC rule. The House version of this legislation, H.J.Res.86, was introduced by Rep. Marsha Blackburn (R – TN) on March 8, 2017. The measure seeks to block the proposed FCC rule. On March 28, 2017, the House passed the Senate version, S.J.Res.34, with my support, and the measure now heads to the president’s desk for signature. Again, it must be noted that recent actions in Congress have not changed the status quo in terms of privacy-protection standards for consumers."
That's what they attest. And the Washington Post had a good editorial (which I'm currently at pains to find) explaining how, under Commissioner Wheeler, the FCC pushed for broadband privacy rules, but ran roughshod over the FTC in the process. While it was a win in the sense that a legal gap was closed (more on that in a minute), it wasn't good in that it weakened the definitions between the FTC and FCC, which bother have governance roles to play. While it might sound like needless bureaucracy, firm and clear rules are the underpinnings of strong court rulings, which are essential to good governance.
Except, now that gap still exists. While it's claimed that the FTC will now fill in the gap, the problem is that it couldn't effectively in the first place. WP explains:
"Can't the FTC go after Internet providers with its rules?
At the moment, not really. The reason has to do with the FCC's rules on net neutrality. When the FCC passed those rules, it branded all Internet providers as “common carriers,” essentially a fancy legal term to describe traditional phone companies.
The problem is that the FTC is bound by something called the “common carrier exemption.” The agency isn't allowed to take action against companies that have been labeled common carriers by the FCC. (The idea behind the exemption is to prevent both agencies from going after the same companies twice for the same infraction.)
So if the House vote succeeds and Trump signs the measure, that releases Internet providers from the FCC's privacy regulation but does not do anything to apply the FTC's own privacy guidelines to the industry. The FCC can still sue companies after they have allegedly violated consumer privacy, industry groups say. So can state attorneys general. But the FCC will be unable to write regulations that preemptively bar privacy violations, meaning that Internet providers will be subject to less oversight as a result of the congressional measure."
So, with regards to selling data. Is it anonymized? Probably. To an extent. People get assigned an advertising ID, which is a random number in place of your legal name, and your profile is built under that. But you and I both know that it's not really anonymous, and it's trivial to then do a correlation between your, say, name and address, and then your advertising ID and address, and suddenly you have a full profile on someone. That's an issue when other businesses and services begin to take advantage of your health, interests, associations, etc, to charge you more or deny service based on these indicators. ISPs feel they've been at a disadvantage compared to online services like Facebook. Remember, that they do not want to be "just a bit provider". There's a very powerful profit factor if they can use their lock-in to be your content provider as well.
Anyways, hope that helps!
Aside from that, the danger of the internet doesn't seem to be free speech, but free thought. The bar is much higher and deeper. Droves are being manipulated, nudged and misled. That's happening, nearly frictionless, now. Even Orwell would blush thinking, "My, I really underestimated what was going to happen."
Mind you a lack of NN isn't going to help. But with NN or without NN the root issue(s) aren't NN.
without it they can just block/charge extra for things they cant read. making anonymity and privacy harder. but again, they wont have any new rigths that they don't have today.
Does it currently exist?
Do something significantly illegal enough online most anywhere and you will be caught. Other than very specialized internet usages that are outside the purview of the common individual, the only question currently is if the government can justify going after you, not if they can go after you. Right now if you point out corruption against a local government they likely won't go after you due to lack of resources, not technical limitations. Point out major corruption at a high enough government scale and you will be caught (especially given that one will have to go outside of legal channels to do so).
In fact, since the anti-privacy law was put into law, removing Title II status from ISPs would allow the FTC to regulate privacy again.
The current GOP-controlled administration is implementing a cunning strategy to undermine the safety and freedom of all Americans. These are deliberate actions being taken, with specific goals to suppress what it is calling "fake" news/media, but what most people call facts. The most astonishing thing is that they've twisted and mangled the definition of "freedom" into something that doesn't resemble freedom at all; and yet there are many people who are stupid enough to believe they're actually being helped by these ludicrous decisions.
How is that by necessity a bad thing? People aren't anonymous in every day life and their internet anonymity is mostly an illusion anyway. Big brother can almost always find out who did what if they want to.
" These "rollbacks" of regulations make it orders of magnitude easier for any entity in a corporation or organization to track down people who attempt to expose their illegal actions / skirting of laws"
It also makes it orders of magnitudes easier for anyone to find out about a coorportions illegal actions / skirting of laws.
I agree with most of your statements. But in the long run there really are a lot of benefits to a non-anonymous internet that can't be denied (just as there are a lot of problems as well). For instance, full access to health and medical data for research purposes would be a huge benefit for mankind and the sick people themselves just as that same access would necessitate a major rehaul of the ligislation concerning insurance companies.
I don't see how removing anonymity is inherently by its very nature a bad thing. It seems likely it would be like everything else, you'd need to legislate the legality of certain things given that all activity is non-anonymous, etc.
Its because I do not trust social structures and government that I think anonymity needs to go away.
In a truly de-anonymized system if you are a malevolent actor (gov't or individual) anywhere your actions are broadcasted to the world and people or governments can respond before too much damage is done, no one cares what the benevolent actor is doing.
In a fully anonymous system a malevolent actor can run wild and no one will be able to stop him. The same is true for a benevolent actor, but in a de-anonymized system no one is trying to stop him anyway.
The whole thing though does depend on whether you think the world at large is made up in majority of benevolent people willing and wanting to help their fellow man or malevolent people wishing to do damage in the world.
I think the majority is benevolent which is why I'm for de-anonymizing structures.
Not the same scenario being discussed, but worth noting that the consequences of a loss of anonymity through the internet have the potential to be a lot farther-reaching and more sinister than they are in any analogous loss of anonymity in everyday life. I'd be interested to hear if you find the linked argument persuasive.
I agree with him that the consequences of loss of anonymity are worse than a loss of anonymity in everyday life. In everyday life if a person sees my credit card number I only have to worry about that person say, whereas conversely on the internet its as if everyone the world over were to see my credit card number.
Assuming we don't have NN i.e. anonymity then the world knows everytime I use my credit card (no privacy). However, they do not know my credit card number because its encrypted (security).
So my thinking hasn't changed much after listening to the google engineers argument, I still think its a much better balance of powers to have everyone have access to everything than only those with the skills or power to acquire it, since I think given an absence of anonymity we would build better software and societal structures to ensure we have security for everyone even though privacy might be gone.
I see a few issues with such massive violations of privacy:
1. Slippery slope: Knowledge of people's private lives is extremely valuable, and nobody with the power to collect or use it is going to relinquish it, if anything they're more likely to try to get more, until they have absolutely everything. This isn't inherently bad, as concentrated power is very easily abused. We have a wonderful case study of this with the NSA, their ever expanding powers, their willful breaking what few legal limits are imposed upon them, and their inability to prevent themselves from breaking their own policies about abusing access to their treasure trove.
2. Benevolent dictator: This privacy invasion will most certainly work it's way back to the government, which has severe implications for civil disobedience and political dissent in general. While it's all peaches when the government is "nice", you're never going to have all citizens agree with the government, and future politicians abusing previously allocated power/resources is extremely likely (not that there has ever been a government administration worthy of invading everyone's privacy to begin with).
3. Drawing a line here is not only a great place, it also lets everyone consolidate resources to fight for a known good state. There's a lot of information to be gleaned from the data, and it's unlikely that everyone can commit fully to understanding the ramifications of letting this information out, much less understand how it will be used, or how it can be used. And much like giving the legislation a pile of money with legislatively imposed spending limitations, they're going to be constantly fighting to tweak and remove those limits. And its so much harder to be constantly vigilant when there's dozens of laws governing what can or cannot be done with the data, before we even presume that we agree with those laws to begin with.
4. As noted above with the NSA, it's not possible to trust custodians of this treasure, they're only human, and they're bound to abuse their power at some point. But we don't just have to worry about people with legitimate access obtaining this data, we also have to worry about hackers grabbing it from poorly secured servers, which seems to be an inevitable computer event, even more so for such massively useful information.
> _It also makes it orders of magnitudes easier for anyone to find out about a coorportions illegal actions / skirting of laws._
I would add that I find it more important to ensure that there is transparency about the ISPs and other corporations' (and governments') actions.