Then one of the first things Trump and the Republicans in Congress did after the election was repeal the FCC's privacy rules :(
Zero Democrats voted for the PATRIOT Act and continue to support dragnet surveillance and serve on their committees, and Edward Snowden wasn't a felon under the Obama Administration.
Oh, shit. It's almost like both parties are bought and paid for... which is why even when a Democrat is the President, Wall Street never actually goes to jail for destroying the economy, unprecedented tracking and harassment of journalists, and gleefully continues (and increases!) smuggling guns into Mexican drug cartel hands which were used for an incalculable amount of murders (including one confirmed US border patrol agent). All we need to end all these evil acts... is more Democrats. Then everything will be fine.
Except it wasn't. They told us things would change, smiled, and then kept on with business as usual and corporations getting even more power. He said he'd close Guantanamo, but didn't even to bother telling us there was one (we didn't even know about yet) in Chicago. ("Chicago black site.") He decried the Iraq war, and then started a few of his own. He ran on a platform of government transparency and then oversaw the largest expansion of classified documents in the history of the USA. (Google it.)
So forgive me, as someone who watches the news, that I'm not getting my hopes up that simply electing another Democrat (instead of enacting broad, sweeping a changes to the foundations of the system) will somehow save us and undo all the bad aspects of our country.
Jimmy Carter was right when he said "The USA is now an oligarchy with unlimited political bribery power."
But you can be forgiven for not knowing about this story, because a simple Google will review that NONE of the MSM outlets actually covered it. You know, because what's "news" about an ex-president saying "the entire system is corrupt." Surely, Pokemon and thigh-gaps are more important to the political discussion.
(not a country of course, but somewhere privacy is a constitutional right. question then is how a state can protect this right)
Not saying that a right to privacy doesn't exist. I think it exists because a combination of other rights DO exist. But rights can't obligate others, and if your information ends up in the public sphere, I don't believe you have a natural right to have it taken down.
If you contracted with a third party, and as part of that exchange, your info was supposed to be secured, you have a right to secure damages within the scope of that contract.
It's obviously not workable, though; you can see that the goal listed before "privacy" which all Californians have the legal right to obtain is "happiness". This would appear to imply that you have the same legal rights against someone who violates your privacy as against someone who makes you unhappy.
> The bill, H.R. 702, stipulates that immediately upon its passage into law, the 4,000 brave soldiers who have lost their lives in Iraq come marching triumphantly over the horizon, directly into the arms of their loved ones, looking the same as they did on the day they left home.
And the sky hasn't fallen, my service is quite good and the telcos are still making profits.
Thing is,the US Constitution as brilliant as it is was written a long time ago and nobody wants to update it. And Capitol Hill seems preoccupied.
Yeah, nice theory :)
I wouldn't worry/care about individual hackers, but even if you have complete trust in everyone who has or will have legal access there are a lot of organizations for which hacking cameras one-by-one (even if hacking is actually needed) is well worth the effort.
I know your idea is the same as that of the USA law, but that really doesn't make it right
Universal Declaration of Human Rights, Article 12
> No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
 https://danalinc.com/privacy-policy/ - "Danal is committed to ensuring that the information we obtain and use about you is accurate for its intended purpose. You can contact us at email@example.com at any time to review, update, delete or correct (for future use) your personally identifiable information maintained by Danal. We will reply to your request within thirty (30) days of submission. You can help us maintain accurate records by informing us of changes or modifications to your personal information."
Edit: For payfone: https://www.payfone.com/company/privacy-policy/ - firstname.lastname@example.org
"Hi [my name],
While we should explain more clearly that these services are used to protect consumers from fraud, with one's consent, you can set up what you are asking about with your phone company. We can send you the procedures to do that. I'd like to go a step further and see if we can just opt you out entirely across the board. I should also note that we do note store any current or historical personally identifiable data. Hold on for more info."
As an aside, I didn't provide [my name] with my request - of course they looked it up based on the phone number provided.
So if my someone's phone is lost or stolen they won't be able to use their credit card or debit card? Wow that sounds like quite a service - losing access to your phone now means losing access to your money? So your card is blocked because of a fraud alert and you have no ability to call your bank or credit card company. You better hope you are not by yourself when this happens.
I would close or cancel any account or card if they ever put me in such an imposition as a result of using this service.
> ...thank you for checking in. We have notified your phone company based on the phone number provided, to opt you out. We do not store any of your data. So we have done what you have asked. Thank you.
And my mistake: although he may have, he likely didn't need to look up my name as I just realized the email account I sent it from included it.
I've had someone tell me they visited a shopping site once and without giving the company any information, they got an e-mail from that company a day later. I told them it wasn't really possible (from just the browser's perspective) and that they must have been tracked through some 3rd party cookies.
Apparently that was false and it's totally possible for a site to use one of these APIs and instantly get your full name, phone number, e-mail address, and physical address just by looking up your IP, and then track you across "switching carriers, changing phone numbers, upgrading devices, and replacing lost devices". Scary shit.
Then you call MEO to cancel the service and then you learn they're not refunding your money and that instead of this 1€ call you could have disabled the 3rd party services through their web login.
It's incredibly hostile, and there are more dirty tricks they use.
Did you try calling your phone carrier? No way this is legal.
I can't edit to make my post clearer. I'm also not their customer anymore.
This is not new. TMN/MEO subscription shit has been going on for more than 10 years, but before widespread mobile internet it looked more like a SMS fishing attempt to get you subscribed.
I had this once from a Cisco reseller in Glasgow. It looked like they done a reverse DNS lookup on our office IP, then a Whois on the domain and just spammed the crap out of me. They started calling a day or two later. When I told them how creepy and inappropriate it was, they actually seemed proud of the lead gen system they subscribed to.
They emailed the admin contact of the domain, which is what tipped me off.
“We will not sell your personal information to anyone, for any purpose. Period.”
How is this not contrary to that?
Additionally, they define personal information as:
"Personal Information: Information that directly identifies or reasonably can be used to figure out the identity of a customer or user, such as your name, address, phone number and e-mail address. Personal Information does not include published listing information."
> Here are just some of the ways we use it. To:
> Deliver Relevant Advertising;
> Create External Marketing & Analytics Reports;
American databrokering is a really mature industry after all.
"We're not selling it, we license it."
With T-Mobile USA, the 2nd link correctly identified my phone number.
In the 2nd link though: name, current address, email address, phone number, how long I've had the account, when it renews, who my previous carrier was, my phone hardware details and my current latitude/longitude!
This is scary that anyone can access this with just a site visit.
For the record storing this information would be folly - can’t lose what you don’t have. Let the payment processor assume the responsibility by storing and handling that if needed.
Well, anyone using your phone on LTE.
The ONLY thing this advertising-surveillance industrial complex is missing is a sample of my DNA!
If you work for AT&T, Verizon, etc you have a responsibility to stop this even by sabotage.
tldr: They aren't aware. They aren't techies.
P.S. We're in a two party system. Just because you agree with some policies doesn't mean you agree with all policies.
I literally do not give a damn about anything else other than lowering my taxes. I don't care about climate change (it is being accelerated by humans, I agree) and I literally don't care about BART or SF public transit or homelessness. Just give me my clean air vehicle tag so I can drive in the carpool lane as a single driver in my Model S.
Yes, there are tens of thousands of people like me in the bay area.
STEM folks are the most susceptible to this, I think -- working in a technical field tends to isolate you from other people. Being wealthy and working in a technical field is horribly alienating. You literally, over time, lose the capacity to understand others or consider them as people.
I'm not a Trump fan (nor even American) but I think your analysis of skin colour based demographics is probably flawed in some way.
Yet if it's privatized it's ok.
I think it's fair to say that the (potential for) harm wasn't sufficiently strong in the public psyche to justify White House-level attention prior to (and probably including) W Bush. Also, the distinction between ISP and Telco was still sufficiently weak that existing Telco regulations designed to protect consumer privacy still had teeth when applied to ISPs. It wasn't until the Obama admin that ISPs starting suing to disentangle themselves from Telco regulations.
As for Obama, well... if you haven't heard net neutrality described as "obamacare for the internet", then you're not paying attention. But there's only so much anyone can do with out controlling the Legislative branch.
No, really, your assertion that Obama-era Net Neutrality rules and privacy rules are disconnected is simply wrong! See "What does that have to do with privacy?
" on https://www.epic.org/privacy/netneutrality/
When people talk about rolling back FCC rules on net neutrality, they are -- by definition! -- talking about rolling back these privacy protections. There's no debate to be had here.
More generally, you may be confused by timelines. Hopefully this will help:
pre-2014: Phone companies and ISPs begin tracking customers.
2014 - 2016: FCC begins process of cracking down on this sort of behavior (e.g., see top comment on this story).
2017: FCC reverses course on that crackdown.
Perhaps you are claiming that there wasn't a substantive change in valence on the issue of consumer privacy within the FCC and other regulatory agencies over the past six months. And perhaps "net neutrality" means something very specific do you. But that doesn't mean that late Obama-era net neutrality rules weren't aimed and strengthening privacy protections. They were.
This seems like an unfair claim. Since you didn't provide a citation, I looked for one. I found plenty of articles insisting that Ajit Pai and through association that Trump are both out to harm privacy online, but this is typically an inference based on the fact that Ajit is blocking more regulations placed on ISPs. His reasoning has consistently been anything that makes it harder to compete (the context is in small-medium businesses, think tiny companies trying to upset Comcast or AT&T) is bad, and specifically in this case that extra regulations on ISPs that businesses (read: the entities that actually have virtually all of your data) are not required to follow is unnecessarily limiting to competition. That's really not the same as "Ajit Pai is stoked about this." I will thus consider this bullshit until someone actually asks him what he thinks about this and whether he supports it. I doubt he does, because I doubt anyone does, and because it appears it may already be illegal.
The DNS entry for this site is already gone, though I can't tell if it was an action by GoDaddy or if it was explicitly removed to hide the page. In either case, that kind of response indicates guilt to me, and unless the ISPs are explicitly informing people that this is happening, it may already be illegal. I'd expect a class action lawsuit to determine that, and legislation to make it illegal for ANY ENTITY, be it a business operating on the internet or an ISP, to do this without consent from the user, which is what we really need.
I've been very annoyed at businesses like Spokeo that operate entirely in the realm of selling information about people, and they're fueled by shit that Facebook, Google, and friends freely offer about people, and now worse what about cross-referencing what they already have (everything in this case plus things like residential history, criminal history, etc) with your entire credit history and SSN and more thanks to Equifax and even hashed passwords due to the dozens of leaks we get every year.
I don't think this belongs in the FCC's wheelhouse, this belongs in Congress, because this kind of shit is getting out of hand, and it's not just ISPs.
Voting against the regulations means he did not want them to pass, but they did. They were repealed this year, which logically he must have been happy about. Unless he publicly states otherwise, it is fair to conclude that he is happy with the most direct obvious consequences of the repeal.
In theory it's possible that Pai supports the goals of the regulations but disagrees with the means, but has stayed completely silent about his support and made no effort to accomplish the goals through more appropriate means. There is no meaningful difference between that and simply opposing the regulation because he doesn't like its goals.
It's not about one's dream role/job/company. It's about whether one is willing to tolerate something that makes one ethically uncomfortable for a number on a check... or not.
And although everyone's circumstances are different, I know far more people who work for shady companies and live in McMansions than ones who do it to support their family.
Judgy? Absolutely. But there are a lot of jobs out there: if you work at Comcast / US NSA / Chinese Bureau of Public Information and Network Security Supervision then it's because you don't have a problem with how they conduct business.
(1) These companies (as far as I know) tend to be technically and creatively conservative (in the sense that they don't like new ideas). (2) They have a captive market and effective monopolies. (3) The type of engineer likely to work at such a company values stability over risk. (4) There is C-level and down support for policies / products like the original article that generate profit. (5) It's a small enough industry (in terms of number of companies) that getting blackballed is feasible.
In that context, I don't foresee a logical person making an ethical decision (for leaking or sabotage) when it goes against his or her employer's wishes.
In my opinion, the answer is never no. I speak as someone who has actually refused to implement functionality on the basis of ethics before.
In any case, the market is moving way to fast for professional licensing. Both when it comes to total demand of coders, and when it comes to the churn in required knowledge. A licensed coder that thinks jQuery is the best way to write a web-app is not going to be hired over an unlicensed coder with experience in angular/react.
It's where the word sabotage comes from.
The DSAT in the name of these rounds stands for
Now you've got their personal info. Scary..
The claim is you need to be on the carrier’s mobile data network, the carrier gives you an IP address, then a website owner asks the carrier who is at that ip address and then the carrier gives the website owner the data that it has on you (your real name, the address where they send the bills, the phone number they assigned to you, etc)
For supporting technologies like wifi offload, VoLTE, etc the phone can be told to tunnel traffic back to the carrier network, even when using wifi. This is to support features like using wifi to complete voice call's, but could be used for IP mobility as well (keeping you're IP address as you switch access networks).
I'm a bit rusty as I've been out of the industry for a year now and didn't work on this directly, so I forget how the phone get's this configuration. I think it might be an APN setting to connect back to the ePDG when on other access networks, but I could easily be mistaken.
People would visit that URL using mobile internet...
I believe the original idea was to allow companies selling ring tones to able to bill customers who downloaded their ring tones directly on the customers' telco bill.
From a privacy standpoint it's been a catastrophe. There are countless of operators who have been caught decorating customers' outgoing HTTP traffic with their mobile number or personal details. It's just a few years since one operator was caught doing this in Denmark .
Again, just a few years ago, in Sweden, a company setup porn sites and pretty much blackmailed their mobile visitors into paying $$$ for porn they supposedly had agreed to download. This company was using operators' billing APIs to lookup subscriber details from the IP:port numbers of connections to their porn sites .
In Norway, a company called MobileTech, use the same APIs to improve unreliable web tracking using cookies. By using these billing APIs they can assign a unique identifier to a particular subscriber regardless if this subscriber clears their cookies or share the connection across multiple devices. Their tracking script (b.mobiletech.no iirc) is embedded on many popular nordic sites. Their improved visitor tracking and demographic data is also sold to third party marketing companies such as Research International.
This is not Equifax-big so apart from the outrage by all the nerds nothing will happen and we will all be here next year outraged at some new privacy-raping revelation.
What recourse do I have?
Streisand is pretty useful for this purpose.
That's why moral and ethical posturing must be met with ridicule and skepticism. When it comes to actual action most people are much more narrowly focused with a unique ability to live in dissonance and hand wave and brush away nearly anything.
Only regulation with laws and consequences works.
With regards to setting it up on Android, that does alleviate this specific privacy concern, however it is still entrusting your OS to Google and our carrier, neither of which have the best track records in consumer information privacy. Android also has limited app access controls and frequently comes with carrier-required bloat/spyware.
Don't forget that Android is open-source, open-source, non-backdoored versions of Android exist.
I was reading the article on my laptop and had to type the URLs into my phone, so I appreciated the bit.ly links.
Besides, "obfuscated" is a bit strong -- as evidenced by your post, no information is hidden.
> as evidenced by your post, no information is hidden
"not made obvious is a bit of a strong word, as your comment indicates, it does actually exist"
It kind of helps when you don't move goal posts mid sentence.
The pricing is very as-you-use it, which works well for some people and not as well for others (it's great for people who use very little data but want flexibility; the international data roaming is amazing; it's more expensive than other plans for multiple-GB/month users). I put together a spreadsheet (copyable, google sheets) for comparing price vs GB/data used when I was trying to figure which carrier to use. If it's useful - https://da-data.blogspot.com/2015/10/comparing-prepaid-cell-... (Updated: I just updated the pricing, since it was getting a little stale.)
(Ob disclaimer: I'm part time at Google, but have no beans in the cellular stuff.)
Another perk is unlimited international data roaming at the same price as regular data, and at decent speeds too.
Billing is simple, support is great. The one downside is data is a bit on the expensive side. But since you actually pay per GB, the GBs are yours. There are no arbitrary limits or throttling that I'm aware of, tethering is allowed, etc. Also you don't have to predict your usage ahead of time to choose a plan. You only pay for what you use no matter how much or how little.
Disclaimer: I work for Google (but not on Fi)
IMO this is the killer feature rather than merely a perk. Otherwise, in most of the country, you're basically just paying quite a bit more for a slightly better payment experience and equivalent actual service.
(I'm a Fi user).
And Trump signed it:
Hey Republicans in the audience, can you at least acknowledge that on this issue, the GOP may have gotten things wrong?
I tried both demos mentioned in the article. The first loaded some generic looking data. The second pulled my phone number, name and address correctly.
I noticed some weasel words in a bank's ToS back in January that should have been a harbinger of this kind of 'service'. I wrote to my carrier's privacy team, and of course, heard complete radio silence in return. Here's what I sent them:
> I recently opened an account at MEGABANK, and read through the opening documents. Towards the end of the documents is this paragraph:
> You authorize your wireless operator (AT&T, Sprint, T-Mobile, US Cellular, Verizon, or any other branded wireless operator) to use your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber status details, if available, solely to allow verification of your identity and to compare information you have provided to MEGABANK with your wireless operator account profile information for the duration of the business relationship.
> You may opt out of this information sharing by contacting your wireless operator directly.
> Googling phrases in this paragraph shows many banks and other companies that have identical or very similar language in their terms of service or privacy policies.
> I tried to contact customer service to opt out of this sharing (I absolutely do not want to share this with anybody,) but they were unable to help me. Can you please let me know how to opt out of this information sharing on all lines on my account and to provide me with any other details you have available on it?
This has been a thing for at least this entire year, and the "opt-out" mechanism appears to be completely ineffective.
I feel that all the talk of privacy at the big tech companies like Google, FB, etc. is unwarranted compared to the threat. They have solid security and don't actually sell data. Letting advertisers target viewers based on demographic data is different from providing anonymized data to people and they have policies that make sure that advertisers can't get too narrow with their targeting.
ETA: The second one choked up a Wordpress error. So, not sure what to make of that.
-a happy customer
solar power generation
local social networks
identity that you control on your own phone
hopefully the phone hardware and security will be commoditized and auditable.
Here is what I'm talking about https://www.youtube.com/watch?v=WzMm7-j7yIY
Edit: why the downvotes? I am genuinely curious. Can people who feel this way explain?
"Based on the comments, I can opt out from those specific site but not from the phone company making data available to who ever purchases it?"
Well you can opt out of the phone company once people decentralize the stuff I mentioned. And then I said the same can be done for power generation companies and so on.
But anyway, even though I disagree with it, at least that is a possible reason I was downvoted.
Any code running on your phone has access to all this information, with just a few HTTP calls, when your phone is on cellular data.
Is that perhaps an "Oh, shit. They found us!" move?
I'm sure collectively HN could sneak this technology onto enough web platforms to reach a sizable portion of the US. So let's do it.
Let's just call everyone we can possibly get the number of and tell them exactly how we got it -- their phone company sold it to us when they loaded a bit of code while visiting innocuous websites.
I assume they have CORS setup properly to not allow any old JS to scrape it, they would have to explicitly allow origins access for that.
Of course, you could buy one of these services and have access, too.
If a malicious stranger on a dating site sends you some link where he gets your IP addres. Using that service, he may be able to collect your phone, full name... and billing address so he can eventually knock at your door a few minutes/hours after your visited the link... How scary...
This tends to get used mostly for internal traffic and partners where an agreement exists, although I think I read once that a US carrier messed up their configuration once and the header injection was happening on every site.
For encrypted traffic, I'm not sure what's happening these day's.
Unlisted users might be able to present any data they please here:
Cancel phone contracts and just rely on WiFi?
First link: Didn't work, kept saying my billing zip code was incorrect.
Second link: "We used our mobile authentication to instantly discover your mobile phone number from the phone network." but it didn't show any information.
The first opt-in, which the Medium article describes, can be online with boilerplate language. But then you have to opt-in a second time by replying to an SMS sent directly to the device by the provider with language pre-determined by the carrier. The user has to reply YES to the text message, and you have to keep auditable records of these things.
If these 2 providers aren't requiring the second opt-in step, I expect they'll be kicked off the platform pretty quickly.
If true, it appears that any applicable carrier policies are not being effectively enforced. This is dangerous as it leaves the door open for selective enforcement of such policies by the carriers.
That's the very least they could do to protect their customer's privacy.
So, I never got to experience the data myself but I'm sure it's there.
Does anyone have a new working demo URL for either service?
Sad thing is, I used to be John Q. Public - someone who votes, pays taxes, someone with rights. Now I'm just Joe Consumer.
Edit: 2nd demo displayed my phone number correctly
Been going on for a long time. I think safegraph does it with SDK data output or something.
Demo doesn't work:
You have a privacy setting on at
Your mobile operator.
Try this demo on another phone.