Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

122 comments

Re:Your ISP is not stupid (1)

Anonymous Coward | more than 14 years ago | (#1119761)

1.unless you are encrypting your traffic to the proxy, your ISP can just as easily track it.

Like, duh. Well, sorta. Even using an unencrypted connection to a proxy will force the ISP to jump through a few extra hoops to figure out what you're up to. But you're right that this wouldn't make the problem effectively insoluble, as encryption would.

2.till such use of proxies is widespread, it might be fairly easy to figure out: "oh, this is that guy Bill who used the proxy to buy the airline ticket."

Not necessarily true, if the proxy is set up to do things like fetch unrequested pages (simply not returning them to any client) in addition to the requested ones. Other tactics are to (along with a few other users of the proxy) to set up a job on your machine that periodically requests something via the proxy, so that there's always a bit of traffic that makes it harder to distinguish what 'real' user requests are. Of course, all these thengs increase load on the proxy and thus slow down response, but if you really want privacy, you might be willing to pay the price.

Re:What impact on DSL? (1)

Anonymous Coward | more than 14 years ago | (#1119762)

SWBell does NOT (yet, anyway, also no plans to do so in the foreseeable future either, but then you can never trust the PHBs) track/log its DSL customers' internet traffic. Hell, they can barely get the damn DSL gear to work properly in the first place. It'll even be quite a long while before they'll even have the ability to provide law enforcement warranted taps on DSL lines of customers who are suspects due to current lack of technical aptitude. You didn't hear this info from me. Got it?

Wah! (was: SLASHDOT IS WATCHING YOU!!!) (1)

pb (1020) | more than 14 years ago | (#1119763)

My post got lost in a wormhole [slashdot.org] . Damn you, Taco... :)

pb writes "Picture a world where information about your every move on Slashdot is all shipped off to many third parties, with the willing cooperation of your Internet Service Provider (ISP). Check out guru CmdrTaco's latest offering at Andover.net's Secret Labs on Predictive Networks plan to know everything you do... no book rights... no story moderation... just everything you do all the time."

"He knows when you are sleeping, he knows when you're awake he knows when you've been trolling lots, so you'd better be good for goodness sake!"

Does this strike anyone else as a little paranoid? First, "Internet Privacy" is a sick oxymoron. Second, there are technical solutions which can allow a user privacy regardless.

And finally, if they *really* want to store all my web information, so be it. They will get sued, or pretty soon they won't be able to fit the (damn doubleclick.com) logs on their servers. And either way, I'll still be laughing at them.

Heck, combine some technologies. Have a fake (alladvantage.com) web-browsing program that goes to wherever you want, just to confuse them, and a real (private) connection, cryptographically secure and all that jazz.
---
pb Reply or e-mail; don't vaguely moderate [152.7.41.11] .

Re:Thoughts (1)

Paul Carver (4555) | more than 14 years ago | (#1119764)

I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.



Is that really true? VPNs are one of the best reasons to use a cable modem or DSL. If you only use it for "recreational" web browsing it's a bit of an extravagance to pay the prices that are charged by most providers.

just web? (1)

CodeMonky (10675) | more than 14 years ago | (#1119769)

Are they planning on just tracking web usage or are they going to look at other things such as ftp and telnet?

I wonder if they plan on contacting universities to ask for this data also?

subvertise is broken (1)

FascDot Killed My Pr (24021) | more than 14 years ago | (#1119770)

Forbidden

You don't have permission to access / on this server.
--

Re:We need to fight back! (1)

Nodatadj (28279) | more than 14 years ago | (#1119771)

Dude, anarchy won't work either.
Anarchy is based on the same pretense as socialism, and we all know how well that one turned out in practice.

That pretense is that man is not inherently greedy, and the success of capitalism shows how wrong this is.

Yes, we need a revolution.
No, anarchy isn't going to do it for us.

Re:We need to fight back! (1)

Nodatadj (28279) | more than 14 years ago | (#1119772)

Greedy.

Not evil.

If man is inherently greedy, and has full freedom, then he will abuse that freedom, to satisfy the greed.

I will put more faith in my fellow man, when my fellow man gives me a reason to do so.

Re:Noise (1)

DarkMan (32280) | more than 14 years ago | (#1119773)

Your outlined solution would result in the spam they send you being totally pointless.

They still collect the data.

They still sell that to companies (I presume, else they have no revenue generation).

Your solution will only work if virtually everyone generated noise. That would mean that the return from the companies that purchase the data would drop, they stop buying it, and then they have no revenue - they stop.

However, the same logic can be applied to banner ads. If there was a program available to to block banner adds, and people used it, then the advertisers would get no return, and thus they stop paying for useless ads.

There is such a program - Junkbuster, or relatives. They've been around a while. But banner ads still exist. So, not enough people use it.

If not enough people will use something that gets rid of an eyesore, why would they suddenly use a program to defeat something they can't see?

In summary, a noise generating program will only give you a more diverse range of spam. It doesn't solve the problem.
--

Re:hows this different... (1)

Score Whore (32328) | more than 14 years ago | (#1119774)

Err, it wouldn't be that tough for your ISP to carry out a man-in-the-middle attack. Since they effectively are already the man-in-the-middle. There are transparent proxies out there and it wouldn't be that major of a surprise to find that someone has done the work necessary to bluff an https connection.

Re:A suggestion...or 3 or 4 (1)

Zurk (37028) | more than 14 years ago | (#1119775)

umm..what good is changing your mac address ? they can still track you thru your dynamically assigned ip address (address assigned to your machine by their DHCP server). and anyway, most OSes allow you to change your MAC address..no biggie. try this in linux :
ifconfig eth1 hw ether deadbeef0001
(this needs do be done while the card is down for obvious reasons) now your card will answer all arp requests with DE:AD:BE:EF:00:01.

hows this different... (1)

Zurk (37028) | more than 14 years ago | (#1119776)

from someone running tcpdump at your ISP ?
its evident that https and ssh sessions to machines dont/wont get sniffed by this system...as more and more web servers support https (specially with the impending expiry of RSA's patents) this sort of scheme will collapse completely.
if you arent running ssh at least now...i sugggest you do so. i've seen packet sniffers running on most isps...whether the isp was aware of it or not is a whole different matter.

There's already a mass-market way to evade this (1)

Hizonner (38491) | more than 14 years ago | (#1119777)

http://www.freedom.net [freedom.net]

Re:hows this different... (1)

Greg@RageNet (39860) | more than 14 years ago | (#1119778)

As long as you trust verisign, or any certificate signer for that matter, to not 'create a new revenue stream' by partnering with predictive and providing a verisign-signed forged 'proxied ssl' service. After all, you did send them your certificate to be signed.

Granted it would be highly unethical to do such a thing, but thats never stopped a corporation with profit motive in the past.

I'm amazed at the "if we don't do it someone else will" justification I hear more and more these days from business leaders defending their unsavory activities.

Re:Sure, refuse if you know about it (1)

DreamerDude (65407) | more than 14 years ago | (#1119782)

Personally I don't think it makes sense for ISPs to do it, because, regardless of the amount of money they are paid, even the most ignorant customers will be -very- upset if they find out. I work tech support at an ISP, and I can tell you, these people get pissed over much smaller things than that.

That sounds fine, but in large companies, the people who make decisions about marking approaches don't care about the feedback they get from customers. If they did, there would be no telemarketers.

Re:I can't sit back and watch this! (1)

DreamerDude (65407) | more than 14 years ago | (#1119783)

It's not that hard to create summary report scripts that gather the information from your "matrix-like" mail info screen and put it into human readable form.

Re:A suggestion...or 3 or 4 (1)

PouletFrite (72768) | more than 14 years ago | (#1119784)

I'd put my vote in for Freedom by Zero-Knowledge http://www.freedom.net rather than a proxy or iDecide. This whole idea is really disgusting. If enough ISPs get on board, people won't have a choice and will have to take their own precautions. Privacy is an infrastructure issue. We need to build it into every new standard and protocol.

Re:What impact on DSL? (1)

wajlee (84051) | more than 14 years ago | (#1119785)

SWBell Internet is not regulated because it is not a telephone company. They run as an entirely seperate company owned by SBC.

Re:I can't sit back and watch this! (1)

wajlee (84051) | more than 14 years ago | (#1119786)

You don't need to read the raw logs. Think about it... do you read your raw web logs or do you put them through an analyzer?

I just don't get it. (1)

foodmike (90022) | more than 14 years ago | (#1119788)

Hi all,

I have read some of the post under this article and understand the monetary reasons for people to want targeted advertising, but I still just don't get it. Personally, I don't want targeted adds. I could care less about them and I bet most consumers could too. Here is my reasoning:

I am into computers. I have a development job, I have computers at home, etc. I look at sites at sites like Slashdot, Bluesnews, Linux Today, etc. When I go to those sites, I expect to see ads that have to do with computers and technology. When I visit CNN and ABCnews I expect to see news related ads. The list goes on.

My point is that in mediums such as TV, ads are placed according to the demographics of the poeple who watch the show they air during. Same with radio I assume. Why then does the net not just work like this? Really, do I want every single banner ad a I see to be for computer related crap? Even Slashdot readers want to see something else sometimes! Does anyone else agree with this, or am I just cukoo?

The other thing that pops into my head about this whole issue is libraries. Libraries aren't allowed to keep track of who viewed what. Why can web businesses? It's all ridiculous.

This is all because people are mis-educated (not _under_educated), but that's a whole other topic.

-FoodMike

No. (1)

palp (90815) | more than 14 years ago | (#1119789)

This is just plain bad. I don't want my ISP selling where I go to.. I think if ISPs start implementing this the smart people will switch to an ISP that doesn't.

Re:Sure, refuse if you know about it (1)

palp (90815) | more than 14 years ago | (#1119790)

Feedback; no. Cancellations, yes. If the general public is convinced to find an ISP that doesn't monitor them, I have a feeling a lot of ISPs would think twice about monitoring.

Re:No. (1)

palp (90815) | more than 14 years ago | (#1119791)

Yeah, that would be nice. But why would the ISP decide to give you money when they could keep it for themselves? Something like AllAdvantage has a buisness model based around giving money to the customer; that's the service they provide - cash for surfing. An ISP is already providing you a product - internet access. They don't need to give you money to keep you using them, unlike pay-to-surf type buisnesses.

Re:Sure, refuse if you know about it (1)

palp (90815) | more than 14 years ago | (#1119792)

I would think (and hope) that something like that would have to be in the user agreement. And if you called up your ISP and asked, they had better not tell you no if they are doing it. However, it's rather impropable to check every week or something, and there's really no way to know if they don't post something on their homepage.
The best possibile scenerio (short of it not happening) is this:
Someones ISP starts doing this, and doesn't notify anyone, doesn't modify its user agreement, doesn't post anything anywhere about it. That person finds out, and takes it to court, or something of that nature, and a precident is set _requiring_ ISPs to notify users, with at the very least a post on their website, that they are selling their browsing history, and, hopefully, allow them to opt out of that.
Personally I don't think it makes sense for ISPs to do it, because, regardless of the amount of money they are paid, even the most ignorant customers will be -very- upset if they find out. I work tech support at an ISP, and I can tell you, these people get pissed over much smaller things than that. So the best thing we can do, if this does come to pass, is make as much noise as possibile about it.. Get it featured on TV, radio, all over the web.. wherever we can. The more publicity, the more likely the average Joe Shmoe will wonder if he's being monitored.

Good Anti-marketing for ISPs! (1)

Bluedove (93417) | more than 14 years ago | (#1119794)

Most of us are focussing on the bad points on this. (It is bad!)

Picture this giant billboard for one of your local ISPs: "We do not track your internet activity. Only our competitors do that!". Bingo bango, that will stir up a lot of shit, and my guess is that all but the big AOL, Sprint, etc will opt for *not* tracking because the bad smelling PR is too dangerous for them.

It is a good marketing tool for the ISPs that DON'T use tracking.

Then again, what do i know?

I don't get it. (1)

tve (95573) | more than 14 years ago | (#1119795)

The corresponding Digital Silhouette will be emailed back to the subscriber within approximately ten business days. Subscriber should note that by emailing Predictive Networks, they may be "identifying" themselves to the Company.

So finally there's a company that doesn't treat me as just a number, but recognises my individuality. They make you a real 'Digital Silhouette' free of charge and everybody is getting upset. Why is this? I say: request your Silhouette (tm) so they'll know who you are and be an individual too!

Re:HMmm (1)

bla (96124) | more than 14 years ago | (#1119796)

The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit

so, what happens if (like probably many people here) the url data they get from you is full of sites like /. or the EFF or the PRIVACY forum, etc. how do you target marketing to someone who is clearly interested sites that argue against targeted marketing?

HMmm (1)

niekze (96793) | more than 14 years ago | (#1119797)

will the fun ever stop?
I guess if this happens encryption will be that much more important.

Re:HMmm (1)

niekze (96793) | more than 14 years ago | (#1119798)

Thats half the point. Sys-admins need to implement sshd and such. You can find ssh clients for pretty much any OS you can find. ssh daemons are available for any *nix system i can think of. The only system i know of that doesn't have ssh is the stupid VMS cluster at my university. Hopefully things like this will increase public awareness of security, encryption, and privacy. Now if i can find a "trusted" certificate signer that doesn't charge a 3 or 4 digit sum for a digital certificate. I can sign it myself, but browers fart with all that warning crap about not a trusted certificate. =(

Re:HMmm (1)

niekze (96793) | more than 14 years ago | (#1119799)

well obviously https:
but you could also tunnel requests through somewhere else with ipsec. not an easy task though. But it looks better than having my web activity logged. you can't be an anonymous coward otherwise. =) The internet is outdated in terms of its capability. E-mail security is a joke and people still use telnet. damn i love encryption.

Re:A suggestion...or 3 or 4 (1)

Mendax Veritas (100454) | more than 14 years ago | (#1119800)

#1 let your ISP know NOW that if they deal with this company you will walk...
My ISP (Best Internet, now a division of Verio) couldn't care less if I walked, or, for that matter, if everyone with a shell account walked. They'd probably be glad they could shut down the shell machines.

Re:A suggestion...or 3 or 4 (1)

Mendax Veritas (100454) | more than 14 years ago | (#1119801)

#2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
I prefer to use Junkbuster Proxy [junkbusters.com] and block all cookies except those I specifically authorize.

Re:Set up tunnel network other types of activism (1)

|deity| (102693) | more than 14 years ago | (#1119803)

Up until now large scale dos attacks have been directed at random targets. With the exception of the one that targeted the RIAA recently. I think that targeted dos attacks against people that support this type of thing would be very effective in gettiing our peoples opinion expressed. Instead of one person using a distributed dos attack we could all get together and do it intentionally. That wouldn't be illegal all we have to do is set up a program that reloads the targets website continously. We would also need a large number of people willing to participate. This would be similiar to an intentional and legal slashdot effect. The electronic equivilent to a sit in or demonstration. Posted anonymously for obvious reasons.

Re:Scary article from marketroids' perspective (1)

Fesh (112953) | more than 14 years ago | (#1119804)

Heh. His definition of "best customers" is "those with the most money". Tells you how valued you are as an individual by these people, doesn't it?

I only looked at the first few paragraphs, but the gist I got was that since people don't want to deal with advertising and will soon gain the tools to ignore it, advertisers will have to find new ways to claw for our mindshare. Honestly... If advertising wasn't such an annoying phenomenon in the first place, we wouldn't fight as hard as we do to get away from it. Personally, I don't think any advertiser could ever succeed in targetting me with a message that I'm interested in seeing, no matter how much personal information they gather or how closely they monitor my every move. If I need something, I can easily find out where to get it. What I don't need is to be told that I need something, which is the whole point behind advertising these days. I can decide for myself what I need and what I don't, thank you...

Oh well... Got off on a rant there myself. I'd rather see advertising eliminated entirely, with products competing on their own merits instead of flashy gimmicks. But since that approach works on the sheeple, I don't think we'll ever see it.


--Fesh

Re:HMmm (1)

john*mckown (114789) | more than 14 years ago | (#1119805)

Use encryption to a vendor such as anonymonizer (spelling?) which will decrypt and send. So now all the ISP sees is the encrypted flow from you to anonymonizer. You have a contract with anon. that they WILL not send your information to anybody or log it in any way. This would be a standard business contract so that if anon. violates it, they get sued.

Re:Noise (1)

scott@b (124781) | more than 14 years ago | (#1119806)

Might work - you generate trash searchs, visit the sites found, and get junk Email. Fine, tell `m you've no interest in their junk.

Perhaps better, set up the `bot to have "personalities", and send replies explaining that your 85 year old aunt was visiting and search for lavender soup and ping-pong balls, and your 11 year old daughter was searching for [current-preteen-music-idol] and body piercing; then tell them that you've no interest in those products/services, stop annoying you. In the case of your "daughter" tell them if they don't go away you'll site the child protection cops on them.

The purpose would be to both fuzz out your own traffic, and to generate a lot of spurious hits for the people _paying_ PN for the "leads". Those businesses are spending money with the hopes of getting sales; clear feedback that it's not working and is annoying potential customers just might cause them to drop PN.

And don't forget to write on _paper_ to any company that sends unsolicited email and has an actual mailbox. Most companies treat one letter as representing 100s or 1000s of real world consumers that didn't write.

This seems like a dumb idea for ISPs (1)

billyt007 (126527) | more than 14 years ago | (#1119807)

Well I havn't read the specs yet, seems the site is slashdotted, I would think this would a dumb idea for an ISP. Almost everyone believes their privacy is important. Just look at how DoubleClick's stock dropped at the announcment of their new practices. So an ISP might agree to sign up for this. Enough customers would switch to another ISP that isn't violating their privacy. It could even be a "feature" in the ads of that non-participating ISP. The only real problem would be finding out if your current ISP is going to participate or not. I would hope they would tell the truth if asked, but you never know when dealing with greed.

I know (1)

$lacker (127735) | more than 14 years ago | (#1119808)

Dude, it's Mr Bill "knowledge is power" Gates....

Re:Data Protection Act (1)

Lowther (136426) | more than 14 years ago | (#1119809)

There are a number of problems with the Data Protection Act.

Firstly, to sign up with the ISP, you have given them name, address, date of birth and probably your phone number, as condition of using them.

Since most of them require your e-mail address and password when you sign on, they effectively have, via their logs, who you are, demographics (unless you lied), phone number (because you are phoning them) and everywhere you went. All of this is quite legitimate within the terms of the Data Protection Act. Indeed, under the Regulation of Investigtory Powers Act, it will probably become mandatory.

The trick is to check the Data Protection registration of the ISP. If they are not registered to use this data for marketing purposes, you have them by the short and curlies. You can search for this on the Data Protection Registrar web site [dpr.gov.uk] . For instance, here is the registration made by the UKs favourite ISP, Freeserve [dpr.gov.uk] . Note the first purpose is marketing to individuals. I also saw an article in Computing magazine [vnunet.com] where Freeserve stated that they intend to do exactly that.

Note on the Freeserve new user registration page [fsmail.net] , you have the normal 'opt out' boxes (jury is out on their legality in the UK AFAIK). It mentions 'Terms and Conditions' too, but this link doesn't work (ha ha ha ROFL). When it works, I bet it mentions that the data they collect will be processed in accordance with the Data Protection Act.

In short, I don't believe that the Data Protection Act will offer much of a defence to ISPs using their logs to market at you, as you will have to give them this right under the Data Protection Act when you sign up with them in the first place.

Wow! What luck! (1)

ilduce (141065) | more than 14 years ago | (#1119810)

When I perform my coup and topple this useless government (and replace it with my dictatorial regime, ala Stalin), Predictive networks will be at the top of my payrolls!. Imagine how easy it will be for my NKVD to track dissidents, I'll be able to eliminate all of my rivals in months rather than years of great purges! This will mean a shorter gestation time for my revolutionary armies to march all over the face of the earth (mainly to France, I must conquer France). Since everything is or will be running on IP anyway, the dissidents will be forced to communicate by conventional mail to coordinate their attacks. Alas, the final piece is in place! Viva Napoleon!

Re:Crowds (1)

hardburn (141468) | more than 14 years ago | (#1119811)

Mind posting a link; this sounds intresting.

I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.

Re:hows this different... (1)

Frank T. Lofaro Jr. (142215) | more than 14 years ago | (#1119812)

Yeah, but they'd have to forge a site certificate too. Browsers come with a certificate to make sure the site certificates are legimate for the site. So when you https to Ebay, you know its really Ebay. What you are saying is possible, but extremely difficult. Perhaps the NSA could do it, but unlikely anyone else. (assuming 128 bit or better encryption, 40 bit is child's play, but even that can't be real time cracked as far as I know). For them to get at the actual data (decrypted) they have to make your browser think they are the actual site. That is (extremely) hard. For them to simply pass encrypted data back and forth transparently is easy. No data (no URL level info) but they'd know source and destination IP's (which they can get anyway by packet sniffing).

Re:My recent refused submission (1)

Sasquach (144074) | more than 14 years ago | (#1119813)

They also got his dad........they were tapping the families phone and discovered that his father was plotting with a hitman to "harm" a bussiness partner.........

Who's paying for this? (1)

SupahVee (146778) | more than 14 years ago | (#1119815)

Here is a question. Havent seen it yet in the threads, but it says in the article that they are massively funded. Who in their right mind, with enough money to make a difference would pay for this? And who has the funding to make it profitable for just about every major ISP to want to hop on?

Any Takers?

Bitch there, not here! (1)

Once&FutureRocketman (148585) | more than 14 years ago | (#1119816)

If you don't like this plan, go here [predictivenetworks.com] and tell them. Be polite, be specific, and make sure that they understand that you will lobby your congresscritter if that's what it takes to defeat plans like theirs.

Big Brother has the last laugh (1)

coulbc (149394) | more than 14 years ago | (#1119817)

The Internet may Big Brothers salvation. No need to investigate anybody. Just look at their web habits and create a nice psych profile. No surfing data on the individual?...they must be technophobic. If they Spend all their time at EBAY...Money to burn. How about to much time at Slashdot....Definite intellectual...kill em all.

Re:CNN DDOS script-kiddie caught (1)

Stary (151493) | more than 14 years ago | (#1119818)

... or check CNN, there was an article about it there too just a few days ago.

Here [cnn.com] .

W.A.V.E. Tie-in? (1)

Tetsujin28 (156148) | more than 14 years ago | (#1119819)

How long until this "individualization" gets tied into W.A.V.E [slashdot.org] ?

After all, someone's going to fill this market need; might as well be Pinkertons...

Re:Thoughts (1)

babykong (163360) | more than 14 years ago | (#1119821)

>First off, this scheme will only affect the >clueless.
So privacy is not for the great unwashed?

>use proxy servers, making it impossible for ISPs >to track you
Huh? Who's proxy server? If it's your proxy server they know it's you, they just don't know which one of your macines behind the proxy server. If it's your ISP's, or your company's, well, that's how your tracked.

>Secondly, the sheer volume of information >they'll need to process will be overwhelming

Information on everywhere everyone has been may be overwhelming.

However, information on where you have been or who has been where is much more targeted. Especially if some one wants to know if you have been to a specific place.

An easy search of the log files of a firewall or a sniffer. Could be done I think in real time using ngrep or some other sniffer.

>Third, there is NOTHING to stop you using >tunnels

Tunnels to where? A tunnel has two endpoints. Both of which are obvious to anyone in a position to sniff. Only the encrypted packets and headers (if they are also encrypted) inside the packets are encrypted. They may not know what you were doing, but they would know where you were.

If the tunnel is to a point from which tou can surf with out being traced, that is essentially a secondary ISP (and probobly a secondary charge).

Frankly, you sound a bit clueless yourself.

Re:Banner ads (1)

rfg (163595) | more than 14 years ago | (#1119822)

As an ISP, I can tell you how I think it will work and your schemes are not going to do much good. 1. You dial in, and my server records your username and the dynamic assigned IP address. It creates a log of this (which I now keep for about 45 days before dumping it in case you want to know). 2. Your connection is directed to my transparent proxy server; ie, it runs squid. Way this works is that the dialup terminal server uses the squid proxy server as its gateway, so ALL IP traffic is directed via the proxy server. There is nothing for the customer to do; his proxy settings are blank. 3. The proxy server obviously has to keep track of who is asking for what so it can send it back. It creates a log file, and the logfile has this information on it: requesting IP address, type of operation (like HTTP GET) and the object being fetched (the URL in other words or a subelement thereof like a JPG or GIF). These logfiles can grow rather large; I dump them after a while, but only because I want to. NOW, as an ISP, I can associate the two logfiles by timestamp and IP address to the GET requests. This would be where the PRedictive Networks software comes in. The "I.D. Number" spoken about is the result of the username at time of login, which is matched to the dynamic IP. You can use all the proxies in the world you want, but your http requests still come thru my system and I can look at them. I am NOT part of the predictive network, so don't flame me. I am just pointing out how things work now and how PN could tie into this system easily enough.

Re:A suggestion...or 3 or 4 (1)

eclipse127 (167016) | more than 14 years ago | (#1119823)

sounds like you need a better ISP...

Re:Noise (1)

SquadBoy (167263) | more than 14 years ago | (#1119824)

Why would a non PN ISP be more expensive? All I saw in the article was that it may be more expensive if you went with a PN ISP and wanted to opt out. Ok everybody all together now. CHOOSE AN ISP OWNED AND RAN BY GEEKS!! And you will not have a problem with this.

I don't really care (1)

Walob (169905) | more than 14 years ago | (#1119827)

Everything nowdays comes with strings attached, they will soon fucking realise that all these personalization is fucking bollocks, unless what they conclude that all I fucking do is post shit-comments on /. "Can we possibly offer you an upgrade to Windoze 4024:The Borg Edition", yeah right. My personal point of view is that if they want to collect information on me, fuck them, I am *clever* enough to make my own mind up, and not fall for this personalization shit, but I guess that something good will come out of this, whilst all these "aol" dumbasses finance the internet we can have relatively free services such as this, which at the end of the day, makes how much money?. P.S. Does this mean that all the advertising that I will be receiving will be porn related, where's the fun in that, I rather waste my **own** time looking for it. [jenna.com]

Re:Sure, refuse if you know about it (1)

Ian Wolf (171633) | more than 14 years ago | (#1119828)

If there was ever an argument to "know your ISP" this is it. Don't trust AOL, NetCom, Mindspring, etc. to do what is in the best interests of your privacy. Shop around for your ISP. I've found the smaller shops will be a lot more responsive to your concerns about your privacy/security/support issues. There are good ISP's out there.

Re:It's inevitable: simple economics, plus the gov (1)

MrBogus (173033) | more than 14 years ago | (#1119829)

As for the "big bucks", I wonder...

The horrible magazine The Industry Standard printed a pie chart showing total reciepts for web advertising dollars. The top 20 sites garnered something like 90% of the ad revenue.

That leaves 10% of the advertising money spent to be split among the other 99,999,980 websites.

So, the question is why would advertisers want to track users when they are going to spend most of their money on the big sites like Yahoo and MSN? It looks like they are optimising the 10% of the pie, and not the 90%.

Re:Banner ads (1)

PollMastah (174649) | more than 14 years ago | (#1119830)

You missed my point. The underlying concept behind my whole idea was to encrypt the HTTP requests at the client's machine. So the ISP's proxy never gets to see the HTTP requests at all. The proxy (which preferably resides outside the ISP, but doesn't have to) decodes these HTTP requests and forwards them to the webserver they were intended for. The underlying idea is to keep the HTTP stream unrecognizable as a HTTP stream (ie. encrypted) until it has reached a place where the traces of its true origin can be removed.

Your ISP is not stupid (1)

G Neric (176742) | more than 14 years ago | (#1119833)

  1. unless you are encrypting your traffic to the proxy, your ISP can just as easily track it.
  2. till such use of proxies is widespread, it might be fairly easy to figure out: "oh, this is that guy Bill who used the proxy to buy the airline ticket."

Re:Set up tunnel network (1)

G Neric (176742) | more than 14 years ago | (#1119834)

I'm not familiar with that particulcar protocol. Are you talking about setting up a particular invitation-only tunnel for you and your friends, or are you talking about creating software/platform/api which allows anyone to create such a little cluster?

I was thinking that a cool way to do this stuff would be based on barter. The more bandwidth you give to other people for anonymous use, the more bandwidth you can consume. This way, it wouldn't have to be invitation only.

Tracking, fine by me if... (1)

zTTTz (176815) | more than 14 years ago | (#1119835)

Tracking (from an anonymous stand point) by an ISP can help the ISP to create better, more efficient (optional) proxy servers. I.E. You go through the proxy, you get tracked. Most common sites get cached, speeding up your connection, less hits on the webservers and faster connections for everyone everywhere. Keys to this are: 1: Logging is NOT done by source IP and 2: The user can disable logging period. If results are sent to a third company, money earned should be contributed toward particpating users' monthly ISP bill.

Re:No. (1)

zTTTz (176815) | more than 14 years ago | (#1119836)

This could be a good thing, depending on the scope. If it only tracked http: movement and you could turn off the tracking, that would be great pending some of the income earned by the ISP came back to you (i.e. surf for 20 hrs a month with check box on and you don't get a bill in the mail from your ISP. I could live with that.

Re:Noise (1)

j-pimp (177072) | more than 14 years ago | (#1119837)

You could also flood the filters with garbage by putting the bot on all your non-technical friends computers. Program it it go to slashdot and freshmeat and sync with the mozilla CVS at night. And for all you DSL and cable modem owners with home networks if you put the bot on the 386 you use as a router and make it say its a Winblows box running IE when queried by CGI progs and set up ypur proxies and firewalls right you could look like joe blow, regulr web server

Foveon does the same thing (2)

Anonymous Coward | more than 14 years ago | (#1119838)

Check out Foveon at http://www.foveon.com/.

Crowds (2)

Anonymous Coward | more than 14 years ago | (#1119839)

Crowds is a project which allows people to use other people who use a crowds server as a proxy. When a crowds server receives a request, it randomly choses between forwarding it to the destination or to another crowds proxy.

Unfortunately, the crowds code seems to be restricted to people in the US only

A suggestion...or 3 or 4 (2)

Anonymous Coward | more than 14 years ago | (#1119840)

#1 let your ISP know NOW that if they deal with this company you will walk...
#2 visit http://www.idcide.com The greatest tool for online privacy I've seen since Luckman went away.
#3 Lets ALL drop by and express our opinions of their policies and goals, in a professional manner of course :)
#4 BONUS...surf from Solaris where you can change your MAC address on the FLY...Track this !!!!

I don't ask for much but I insist on ME!!!!

Well I'm gonna (2)

Anonymous Coward | more than 14 years ago | (#1119841)

set up a script that browses nothing but Power Puff girl web sites. Go Buttercup, Bubbles, and Blossom!

Image what 2000 hits a day to those sights will do to my "digital sihloutte"

Sure, refuse if you know about it (2)

bluGill (862) | more than 14 years ago | (#1119842)

Yeah, I'd change ISPs in an instant if I knew they were monitoring me like this.

How would I know though? My ISP sends me a bill every month, and I pay it. My scripts dial a number and I get connected to the internet. I have no further communication with them. How would I know if they decide to sell data on where I was surfing? Who would tell me?

Remember, a number of folks will find a new ISP if they start selling data, so it is to their advantage to make sure I never find out.

Blown out of proportion again (2)

Fastolfe (1470) | more than 14 years ago | (#1119844)

Stereotypically YRO, it seems as though none of you have taken any business classes and have no idea how things like "supply and demand" work.

If a company does not have the trust of its customers, the company will die. (For those that will undoubtedly mention Microsoft, remember that people like us make up a tiny fraction of Microsoft's customer base.)

If all ISP's were to suddenly decide that it would be really neat if all of their customers could be tracked, there would suddenly be a HUGE market for ISP's that did no such tracking. There would be no shortage of alternatives for customers leaving these ISP's in droves.

It was mentioned that ISP's could possibly offer two account classes, one that was tracked and would be possibly cheaper than one that wasn't. There was further speculation that the un-monitored version could possibly be more expensive than average accounts are today, in an effort to force people to subscribe to the tracked accounts.

Am I the only one that just doesn't understand why ISP's would collectively do this? Why hike rates for no apparent reason, especially when competitors aren't doing the same? If you really think all of the ISP's in the country would get together and agree to raise rates in an effort to force everyone to subscribe to accounts that track their browsing habits, you're talking conspiracy theories again. (Also stereotypical YRO.)

Try to think about this logically, folks.

Thoughts (2)

jd (1658) | more than 14 years ago | (#1119847)

First off, this scheme will only affect the clueless. Anyone in the know can (and probably does) use proxy servers, making it impossible for ISPs to track you.

Secondly, the sheer volume of information they'll need to process will be overwhelming, which means they'll only be able to process the "highlights". It should be easy enough to inject enough decoy communications to render the system effectively useless.

Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

Lastly, each time I see a duplicated topic, it always reminds me of Kryten, off Red Dwarf, for some strange reason. :)

Re:Thoughts (2)

jd (1658) | more than 14 years ago | (#1119848)

You've clearly never been to Europe. There are proxy FTP, Gopher and Web servers covering most of the continent and some of the outlying islands such as the United Kingdom.

I'd say being able to randomly connect with any one of a couple of hundred proxies, in each request, for free, using an SSL connection to hide the real destination, would make it impossible for ISPs, =HOWEVER= advanced their technology, to monitor where you are going.

Secondly, yes, a tunnel needs two end-points. Take your pick - the 6bone has several hundred participants, including at least one tunnel on request service. For free, might I add. With 3DES encrypted IPSec, for those wanting encryption.

If people want to know if you have been to a specific place, ngrep won't help. You can only parse a live transaction log at the speed the software will run, which is likely to be slower than the maximum throughput of N broadband lines.

By using one of the national or international caching systems, such as the one JANet has, the transactions are going to be much harder to identify. You can't simply operate on a given field in the packet, and trust that that will have the right data.

By using the 6-bone, things get worse. AAAA-type records are not known to be nice to software expecting nice, simple A-type ones.

It doesn't help, though, knowing that you're connected to the 6-bone. There are plenty of proxies which allow traffic to cross between IPv4 and IPv6 - SOCKS does this. This means that you can be connected to a local 6bone proxy, and then to a 4/6bone cache the other side of the continent. The ISP will have no means of knowing where you're going.

Privacy is never going to be for the "clueless". Nor, IMHO, should it be. That's not because of any "deserving", or "merit", but because if it's not a priority for someone, nobody made me God to tell them it should be. Nor is it within my right to foist what =I= perceive to be a good thing on such a person.

My rights start and end with me. I have no rights beyond me - anything else, gifted by law or society is just that. A gift, given voluntarily, which can be accepted or refused. But NOWHERE is it given that I have any rights or power over any other person. They, too, have rights that start and end with them.

If those people CHOOSE to put security as a low priority, that is THEIR choice to make, not mine, and woe betide any who decides they know better. That way lies dictatorship and detruction. I am not the world's greatest Baseball player. Nor is there any law which dictates I should be. That does not give you, or anyone else, any right to impose Baseball on me, in any way, shape or form. I've made my choice, and it's your tough luck if you don't like it.

If Fred Bloggs, down the road, chooses to allow their ISP to monitor all their web usage, that too is their choice. My beliefs concerning privacy and security are irrelevent. Their choice is THEIRS. If Fred Bloggs =wanted= to be a Guru on network security, you know what? They would be. If they aren't, and don't wish to be, I have no right to impose that upon them.

Re:We need to fight back! (2)

dominion (3153) | more than 14 years ago | (#1119849)

Here's the deal:

If man is inherently good, then anarchy is possible because people can regulate their own day-to-day activities without authority.

If man is inherently evil, then anarchy is necessary, because then nobody can be trusted to be in a position of power.

State socialism didn't work, but what about council communism, which was very anarchistic until the Bolsheviks took over the councils? What about primitive cultures, which basically existed on very anarchistic principles?

Don't put so little faith in your fellow people. It's power that corrupts, so eliminate positions of power and authority, and then we can see where we can go from there.

Michael Chisari
mchisari@usa.net

Re:No. (2)

finkployd (12902) | more than 14 years ago | (#1119850)

I don't think it's the smart people they are targeting.
:)

Finkployd

Noise (2)

Rupert (28001) | more than 14 years ago | (#1119851)

Faced with the choice between a PN ISP and a non-PN ISP, I know which most of use here would choose. However, it may not be easy to find out whether your ISP is in the Predictive Network or not, or the non-PN ISPs may be much more expensive.

The solution is noise. Code up a browser-bot (GPLed, of course) that randomly surfs the web while you're not (you don't want to interfere with your real browsing). Be careful you don't cross the arbitrary line of "excessive use"! Feed it some biases, or search terms from time to time, and watch as you get bombarded with spam from www.armadillofancier.com.

Re:This seems like a dumb idea for ISPs (2)

hope1ess (32588) | more than 14 years ago | (#1119852)

Problem is most people only talk privacy, but will still sign up for a free internet account, willingly subjecting themselves to this level of oversight, and more. The free-ISP I used to work for is working very hard to log as much as possible, of traffic sent, including url's and search keywords. Your account setup process may be "anonymous", but sooner or later, if you use a free-isp, and you fill in a web-form, they are going to have identifiable personal data, stored in their DB, and available to almost anyone within the company. How long before some curious hackers start paying attention to db-security flaws and start sharing this wonderful data?

Lunatic marketroids (2)

Trickster Coyote (34740) | more than 14 years ago | (#1119853)

From Predictive Networks product information page [predictivenetworks.com] :

[The Internet is] big, it's unorganized, and its users are simply unable to wade through it all to find interesting information that satisfies their needs.

I don't know what warped dimension these guys are living in, but I find ads to be the least interesting thing on the Internet. And my information needs rarely have anything to do with purchasing products or services.

Until now, the only way reach end-users through all that clutter has been to bombard them with banner ads. And, as today's declining click-through rates show, this approach got old fast.

Again they assume advertising messages are more important to people than the actual content of web pages. All that stuff is just "clutter". And banner ads are "old" because people find them annoying. Targeting them won't make them any less so. A telemarketer who interupts my dinner trying to sell me something I might be interested in is no less irksome than one with a product I don't care about.

We have developed a revolutionary infrastructure-based content delivery platform that enhances users' online Internet experience by delivering highly personalized, custom-tailored information right to their desktops.

What information? And how will it appear on my screen? Are random web pages going to pop up in my browser that they think I might be interested in?

More likely "information" is their euphemism for ads. So how are these going to appear on my computer? When I read Slashdot, will they be substituting their ads for the ones Andover puts on the pages? Or will there be boxes popping up on my screen flashing ads and disrupting what I am trying to read? Will my ISP insist that I must use their specially customized version of Netscape 6.5 with a special window to dispay the content they think I ought to be reading?

It all sounds like a marketers wet dream to track all the interests of individuals in order to target the ads, but I am unable to see how they are going to deliver them. Substituting ads on a page would upset site owners who would probably sue. Pop ups will annoy subscribers and probably lose business for the ISPs. Special browsers with ad windows are already in use by "free" ISPs; why would anyone want to pay even a "discounted" rate for same thing they can get for free?

"Content providers, such as advertising organizations, can harness the power of the Internet to send highly-targeted, rich media messages directly to the audiences they desire."

The language of this statement makes want to puke (advertising = "rich media messages" ??!!) These people are so out of touch with real life and real people it is quite scary. There is no way I would want people like this to be tracking my private online activities.

Security initiative (2)

Hard_Code (49548) | more than 14 years ago | (#1119854)

Couldn't this be circumvented by a simple wire encryption protocol like SSL or something? Or are they actually sniffing packet destinations, etc? I can see web sites with logos proclaiming "Secure Anonymity Site". I would certainly avoid sites which would allow snooping of traffic and move to the more "secure" sites. But then again it is business itself that is doing this. Also, not everybody has an SSL capable browser or server.

Re:HMmm (2)

Spyky (58290) | more than 14 years ago | (#1119855)

It doesn't matter if you encrypt your data. The point is they know where you are going. It doesn't mean just porn either, though I'm sure you'd prefer to not be in some company's database as a daily visitor to reallyillegalvirginteens.com. It also allows them to track what political sites you go to, if you've been researching homeade explosives, if you like to purchase chinese torture implements on ebay, what stocks you look up at cnnfn.com. Who knows, whatever you are into from weird to normal, private or not, if you go to a website about it, it will appear in some companies database.

The purpose: targeted marketing. Thats what all these information schemes are all about. No longer are companies content with knowing just your age, marital and financial status. They want to know everywhere you visit. And tracking you online is just one quick partnership with your ISP away. Then they have an address, a phone number, a credit card number, and a comprehensive database of everything you view online.

Scary ain't it?

Spyky

I can't sit back and watch this! (2)

net-fu (85849) | more than 14 years ago | (#1119858)

Come on people.. This is hoax type material. I work for an ISP. Our mail log looks like one of those screens from the Matrix. Nobody is spying on you. Really.

There are a lot of moral, legal, and technical reasons why this is not the case. I don't know about this Predictive Network stuff, but it sounds like a hoax being brought on by l33t h4x0rs.

solution (2)

niekze (96793) | more than 14 years ago | (#1119859)

Couldn't you just do all your web browsing through someting like that anonymizer service? not convienient. but a viable solution?

Re:Predictive's watching me (2)

348 (124012) | more than 14 years ago | (#1119861)

Very funny, and on-topic.

Keep it up!

Thanks, Mafiaboy, for giving them an excuse. (2)

jjsaul (125822) | more than 14 years ago | (#1119862)

Though the article concerns itself with commercial interests motivating this kind of tracking, and I acknowledge that Uncle Moneybags is more likely to strip away our last illusions of privacy than Big Brother, I think it important to point out that this is the logical result of massive DoS attacks as well as targeted cracks.

The Infospace is fundamentally vulnerable, and the more we come to depend on it for vital activities the more that vulnerability becomes a threat to which the citizenry demands a response. The day that Yahoo, Ebay and friends went down, everyone heard the "shot heard round the world" that was the hope of privacy and anonymity on the Internet summoning upon itself the attacks of every government.

It was inevitable. Given the ease with which any 15-year-old script kiddie can disrupt the resources of others, imagine the damage that could be caused by a determined and professional team of terrorists, extortionists and thieves.

No, I don't believe in security through obscurity, so what I see right now is a race - can we make the web secure through technology, or will it become the stomping ground of manditory constant government surveillance?

Under the plan in the article there is an opt-out potential - pay more to use an ISP that doesn't pimp out its users. Somehow I don't think the NSA has such an opt-out provision in Echelon, much less on the internet.

What about multiple users? (2)

WhiskeyJack (126722) | more than 14 years ago | (#1119863)

The site makes no mention of how multiple users on the same computer might be handled. Wouldn't shared usage spoil their profiles?

And since their tracking relies on an "anonymous" number...what would happen if all of us were to use the same number? (My impression is that the number is somehow incorporated into the client software....shouldn't be too hard to change it. ;)

Behold, the reading habits of one huge entity named Slashdot!

-- WhiskeyJack

Re:OOG NO WANT BE TRACKED!!! (2)

hardburn (141468) | more than 14 years ago | (#1119864)

Yeah! OOG rules!

I say that Slashdot should change their program to give OOG a (5: Funny) by default.

Privacy? What Privacy? (2)

zarathustra93 (164244) | more than 14 years ago | (#1119865)

Hello All. How many of you are from London? I'm from the states and visited the city recently. I was amazed at the sheer amount of cctv cameras on street corners, in the tube, shops, even in fscking pubs! It really got me thinking. At the company where I work, we have no less than 16 cctv cameras monitoring our entire workforce, and the area surrounding our building. Almost every other company in this area does the same. Credit card company's monitor how much we spend, what stores we spend it at. They even monitor our movements. The same situation exists with our fun to use debit cards. Companies like DoubleClick already monitor most of the less technically savy. Companies buy & sell our online habits all the time. Someone posted above that it isn't big brother that is going to take our privacy away, but mr. moneybags. That person was correct. Except that they (yes, *them*) have already done it. Our privacy has been slowly and anonymously chipped away since the end of world war two. I hate to say it but I suspect that this battle was lost long ago, without anyone noticing. This time the revolution *was not* televised.

OOG NO WANT BE TRACKED!!! (2)

OOG_THE_CAVEMAN (165540) | more than 14 years ago | (#1119866)

OOG HATE THOUGHT OF BEING TRACKED BY ISP!!! OOG NO WANT ISP SELLING OOGS RECORDS!!! OOG LIKE VISIT PR0N SITES (FOR HOT LESBO CAVE WOMAN PR0N) AND DOWNLOAD CAVEMAN MP3'S!!! OOG NO WANT PEOPLE SPY ON WHAT OOG LOOK AT ALL THE TIME!!! OOG WANT BE ABLE TO DOWNLOAD GIGS OF PR0N AND MP3'S AND CAVE WAREZ IN PEACE!!! OOG FIND JERK WHO CAME UP WITH IDEA AND BREAK HEAD WITH OPEN SOURCE CD!!!

Banner ads (2)

PollMastah (174649) | more than 14 years ago | (#1119867)

So. They are tracking your "HTTP click stream". Apparently they think the Web = the Internet. Then they say, "You can obtain your ID by clicking on ... ". So apparently you have to be using Windows and have their software of some kind installed. Great.

So what if I don't use Windows? I fancy any Linux client can be easily hacked/cracked to not send this "click stream" information... Or does that mean I'm not allowed to use that ISP just because I use Linux and not Windows?!?! Or perhaps they are doing it from the ISP's connection, so that any form of outgoing HTTP requests will be attributed to my client...

All this Web activity tracking makes me sick. I think it's about time we built our own proxies with encrypted HTTP requests so that nobody can track our browsing history. All we need is to have special connection code in Mozilla (or perhaps even a Linux kernel module, anyone?) that encrypts the HTTP stream, perhaps send it via some unknown port (definitely not 80, perhaps some esoteric port like 12529) to a proxy that decrypts the HTTP stream and forwards it to the real Web server.

The proxy itself may be open to the tracking -- it's irrelevent because they would just be tracking the combined traffic of a large number of proxy users and they can't determine the source of the forwarded HTTP requests anyway. Besides, I for one am going to filter out doubleclick and other such domains completely on my firewall. Banner ads suck. If I want something there are places I can look it up. I don't need to be spoonfed garbage like ads. I can't stand this incessant bombardment of "buy me! Buy this! buy that!" trash. As if TV commercials aren't bad enough.

Another idea that just came to mind is to have the proxy code available to everybody. We can then use each other's machines as proxies and make the data they collect totally useless and not resemble any real information about you at all. I haven't thought this through so it might be a bad idea, but anyway, it's an idea for slashdotters to talk about.

Re:Crowds (3)

Zagadka (6641) | more than 14 years ago | (#1119868)

I checked crowds.org and its not regestered. crowds.com is owned by some German guy who hasn't put much of anything up. And crowds.net is also regestered.

Tip: use a search engine. I recommend Google [google.com] . Try searching for "crowds proxy" [google.com] . You should find The Crowds Home Page [att.com] .

Re:Thoughts (3)

Xenu (21845) | more than 14 years ago | (#1119869)

Third, there is NOTHING to stop you using tunnels to convince your ISP that you never visit any place of interest.

I wouldn't bet on it. The terms of service of some cable modem ISPs prohibit VPNs.

Data Protection Act (3)

DarkMan (32280) | more than 14 years ago | (#1119870)

Ah, but to go along with the draconian laws that the RIP bill is, there is a little diamond in the rough.

The Data protection act. Basically, if any UK organisation (not just a company, any org) wants to store personal data about me on a computer, they have to get my signature on a piece of paper, giving them permision. In other words, such a scheme in the UK must be opt-in.

Additionally, they _have_ to let you view _all_ the data you hold on them, for a nominal fee.

(Oh, IANAL, that's just how I precieve it to work, as someone whose tangled briefly with it)

So, how does this releate? Well, look at the they way they let you see your personal data:

Any subscriber on The Predictive Network has the right to view their Digital Silhouette free of charge twice during the calendar year. Subscribers will be charged $50.00 per request thereafter.

Note the two free views. This is so that they can link the Silhouette with a person (or maybe I'm just a bit cynical). After that, you pay through the nose. In UK, assuming it's sent via email, I believe the maximum they can charge is one pound (Those values are typical from companies that snail mail the data to you. They may not be able to charge even that much). Thier planned method of limiting acess to the data they hold is illegal in the UK.

Other nice touches - it would have to be (technically) opt-in. Admitingly, they can be rather sneaky about it - it's now common to have a small box on any form you send to a company, and if you _don't_ tick the box, they have your permision to sell your data. However, it's trivial to tick the box and stop them.

Data protection act - As far as I have seen, it's good for individuals, and bad for companies.

Oh, and there are a number of prosecutions each year under this act - in other words, this has teeth.


--

Re:Who's paying for this? (3)

Greg@RageNet (39860) | more than 14 years ago | (#1119871)


Battery Ventures
[battery.com]
www.battery.com

20 William Street, Suite 200
Wellesley, MA 02481
phone: (781) 577-1000
fax: (781) 577-1001

901 Mariner's Island Boulevard, Suite 475
San Mateo, CA 94404
phone: (650) 372-3939
fax: (650) 372-3930

Write Robert G. Barrett (Managing Partner) and
show your displeasure at the types of company
battery chooses to fund. His address is
bob@battery.com [mailto]

Write to your ISP (3)

Cyrano de Maniac (60961) | more than 14 years ago | (#1119872)

If you are truly concerned about this issue, it is a very good idea to politely inform your ISP that you will refuse to do business with them should they participate in this kind of monitoring.

Just a short note to their sales department or administrators should be enough to let them know
where you stand.

For your convenience I'm including a "form letter" that we can use to make our opinions known. Be
sure to substitute your ISP's name in the appropriate 4 locations in this message, and to substitute your name at the end.
------------------------------------------------ --
Dear (ISP NAME HERE),

I wanted to take just a minute of your time to highlight an issue of some importance to me, a customer for (TIME PERIOD), by which I hope to make known at least one customer's views on some rather disturbing trends in Interenet access. Just a moment of your time to express my thoughts, and hopefully influence (ISP NAME HERE)'s future direction would be appreciated.

There is currently an initiative and offering by a company named Predictive Networks to engage ISPs in a scheme by which the ISP will monitor web traffic patterns from individual subscribers. This data would be given to Predictive Networks to create user profiles which are then used for marketing purposes.

In exchange for this information ISPs would presumably be financially compensated. This of course can only lead to coercion by ISPs upon subscribers to submit to this sort of monitoring lest they face either termination of service or higher service fees.

The discussion which brought this initiative to my attention can be found at the URL http://www.vortex.com/privacy/priv.09.13.

I have no desire to particpate in such data collection, and will vigorously oppose the imposition of any such policy upon me. As a satisfied customer of (ISP NAME HERE) to this date, I want to make known that I will refuse to conduct business with any ISP which chooses to participate in this venture. I sincerely hope that (ISP NAME HERE) will never consider detailed monitoring of their customer's Internet traffic.

Thank you for your time,
(YOUR NAME HERE)
------------------------------------------------ --

What impact on DSL? (3)

wrenling (99679) | more than 14 years ago | (#1119873)

This is mostly referring to ISP's (I know,
backbones *are* mentioned) -
and where I live, the major DSL provider is
SWBell, which is a semi-regulated provider.
(Semi-regulated by the government). Telephone
companies keep track of all sorts of data
about us - all the calls we receive, all of
the calls that we make. What they can do with that information is extremely limited. They are prohibited
from selling or making that information available,
unless its requested by a law enforcement agency.

Would those regulations also apply information
that they may/could gather through a DSL-style
connection? And if they currently do not, should
they be expanded to do so?

The concept is rather scary - as long as a company can make money by infringing on people's
privacy, those companies will have no issue to
continue to track/monitor and sell information.

As much as I am against governmental regulation,
some federal guidelines may be necessary in order
to keep these companies in line.

Just my 2 cents... on a sleepy Friday morning...

Re:I can't sit back and watch this! (3)

Mendax Veritas (100454) | more than 14 years ago | (#1119874)

I doubt this is a hoax. I work for a network management software company, and we've had requests from major-name American ISPs to gather information of this type. We've refused. So there definitely is a "market need" out there waiting to be satisfied, and apparently Predictive Networks wants to satisfy it.

Re:What impact on DSL? (3)

MacRonin (112572) | more than 14 years ago | (#1119875)

Telephone companies keep track of all sorts of data about us - all the calls we receive, all of the calls that we make. What they can do with that information is extremely limited. They are prohibited from selling or making that information available, unless its requested by a law enforcement agency.

Sorry but this assumption is not quite valid anymore. Pleae refer to:
"CNN" - FCC to appeal court ruling vacating privacy regulations [cnn.com] - August 25, 1999. A court ruling overturning federal protection of telephone customer records puts the interests of phone companies over the rights of consumers, a top federal regulator says.

The Federal Communications Commission("FCC") plans to appeal the decision by the three-judge panel of the 10th U.S. Circuit Court of Appeals, which could enable phone companies to use information about customers for marketing purposes without obtaining their consent.

"FCC" Chairman Bill Kennard said the court's decision to reject the commission's rules remove important protections to consumer privacy.

Political News from "Wired News" - Phone Records Up for Grabs? [wired.com] . A court ruling ( 98-9518 -- U.S. West Inc. v. Federal Communications Comm. -- 08/18/1999 [kscourts.org] ) with implications for the use and sale of private telephone records sets a disturbing precedent for how the courts regard privacy, watchdog groups say.

But the Federal Communications Commission("FCC") will appeal last week's 10th Circuit Court of Appeals decision, which pleased those privacy groups.

The ruling effectively canceled a vague "FCC" regulation that had forced phone companies to obtain customer permission before using or selling call records for marketing purposes.

ACLU Press Release: 10-25-99 - Consumer and Privacy Organizations, Legal Scholars Urge Appeals Court to Protect Consumers' Telephone Privacy [aclu.org] . In a friend-of-the-court brief filed today, 15 consumer and privacy organizations and 22 legal scholars urged a federal appeals court to reconsider a decision that would allow telephone companies to use private telephone records for marketing purposes. The groups, including the American Civil Liberties Union, said that the case is of great importance to consumers across the United States. The brief, filed in support of a petition from the Federal Communications Commission, asks the 10th Circuit Court of Appeals to uphold a privacy provision that was enacted by Congress in 1996 and implemented by the FCC.

Scary article from marketroids' perspective (4)

Noel (1451) | more than 14 years ago | (#1119876)

Doing a quick Google search, I ran across this article [fastcompany.com] praising the development of "interactive relationship managers" (IRMs) like the one developed by Predictive Networks. The author is all agog about the marketing benefits of using these IRMs to target exactly what the customers want. He says that 'the "best customers"...[will] make sure that the only advertising that gets through is advertising that they really want to hear.' But then he claims that the way to do this is to use IRMs that 'collect user data based on the surfing habits of ISP customers and then make appropriate suggestions as to what else those customers might like or need.

He also mentions the opportunity for companies to act as free ISPs to their customers so that they can easily gather the profiling information.

<RANT>
This "solution" is patently ridiculous (maybe it should be patented!). Am I a "best customer" in his terms, or not? I absolutely do not want my time and bandwidth wasted by any advertisement unless I decide that I want to see it. According to his definition, that makes me a "best customer".

But there's no way that I want any commercial entity, either software or meatware, to profile my actions and try to figure out what I might be interested in. I'm sorry, but this "best customer" wants to choose for himself what he's interested in seeing. I know best what I'm interested in. Any other "solution" is a travesty, and especially one that violates my privacy in order to provide a useless "service" that I do not want at all.

Not only is the IRM a violation of my privacy, but it's also ineffective -- my current interests are not determined by my previous interests. If I am interested in purchasing something, I will find the information I need for myself. And it will be good information -- not just biased marketing drivel.

How can someone be so clueless to think that IRMs are a solution for people who want to control what advertising they see? They are the same marketing solution all over again - "we will tell you what you should be interested in."

Sorry, but I'm not listening. I already know what I'm interested in.
</RANT>

Re:Thoughts (4)

Non-Newtonian Fluid (16797) | more than 14 years ago | (#1119877)

> this scheme will only affect the clueless

That's not the point. _No one_ should have to jump through hoops to maintain their right to privacy on the Internet. One shouldn't have to be a "geek" and know how to beat the system, because the system shouldn't be that way in the first place.

> the sheer volume of information they'll need to process will be overwhelming

So maybe it'll be difficult in the beginning, but remember Moore's Law can be applied to more things than your Quake III fps score or your Linux compile time. While processing power, bandwidth and storage capacity continue to increase, the last time I checked, the length of URLs was pretty much constant. If they can't handle all the data now, with the right funding, they will be able to soon. It's only a matter of time....

Set up tunnel network (4)

Greyfox (87712) | more than 14 years ago | (#1119878)

I've been kicking around the idea of setting up an invitation-only IPv6 tunneling network with encrypted tunnels. This story encourages me to develop the idea.

UK and the Regulation of Investigatory Powers Act (4)

Lowther (136426) | more than 14 years ago | (#1119879)

In the UK, the government will get there first.

The Regulation of Investigatory Powers Act [fipr.org] will treat ISPs as telcos. It will require them to put the monitoring apparatus in place, so the government can watch what its taxpayers are doing. More detailed discussion of this hideous legislation can be found at the STAND [stand.org.uk] site.

Once the telcos, sorry, ISPs put this apparatus in place, thy might as well get some return on their 'investment' by gleaning marketing info about their customers in passing.

We need to fight back! (5)

dominion (3153) | more than 14 years ago | (#1119880)


I keep seeing these draconian laws being passed by our government, and these orwellian systems being created and implemented by profit- and power-hungry corporations. It seems every day there's a different post to Slashdot describing some new method for controlling the flow of information and the freedoms that we should be taking for granted...

And what are we doing about it? Why do we keep allowing our rights and freedoms to be taken away?

Why are those in power doing this to us? That's easy to answer: Because they can. Because anybody in power will seek to extend their power and control.

Why are we allowing this to happen? I don't know. Some of us are fighting back as much as we can, but most of us simply post to Slashdot and complain.

Listen up! All this bullshit that we've been fed ("We live in a free country!", "The economy is doing great!"), it's all just that: bullshit! We're losing our rights and freedoms on a daily basis, our economy is fake (the drop on last Friday was equivalent to Black Tuesday in 1929), people all over the world are being forced into sweatshop slavery in the name of "economic progress", and our environment is being raped and destroyed at an alarming rate in the name of profit.

And most importantly? The technology that we all love and support is being turned back on us in order to control and monitor people. They're usurping something that they have no right to usurp. We have to put the power of technology back into the hands of the people!

It's time to fight back! It's time for a revolution!

http://www.indymedia.org [indymedia.org] - Support independant media!
http://www.soaw.org [soaw.org] - Why are our tax dollars being spent on training murderers?
http://www.corpwatch.org [corpwatch.org] - So you think only governments can oppress and censor?

http://www.spunk.org [spunk.org]
http://www.infoshop.org [infoshop.org] - Communism is dead, Capitalism is close to it. There is another alternative, and it's time we started exploring it.

http://www.adbusters.org [adbusters.org]
http://www.rtmark.com [rtmark.com]
http://www.subvertise.org [subvertise.org] - Subvertising (also known as adbusting) at it's best.

http://www.ainfos.ca [ainfos.ca] - Keep informed on what is happening in the world, from an anti-authoritarian, grassroots perspective.

http://www.a16.org [a16.org] - Seattle and D.C. are just the beginning.
Michael Chisari
mchisari@usa.net

Oops... link down (5)

Hizonner (38491) | more than 14 years ago | (#1119881)

Looks like Zero Knowledge picked an inopportune time to update their Web site.

They run a network that's like a proxy on steroids. They even try to protect you against traffic analysis. Everything is encrypted. Everything goes through three servers, chosen by the user from a long list. The server operators are all independent of each other.

Each server knows only the hop before it and the hop after it. The first server has your IP address, but not the address of the site you're visiting, let alone the URL. It only knows how to send the data to the second server. The second server knows only the other two, and doesn't know who you are or what site you're hitting. The third server knows the URL, and how to send the data back via the second server, but not who's hitting it. You can theoretically use longer chains. You can pick servers in different countries. Etc, etc.

A future version of the system is supposed to send "cover traffic" to screw up traffic analysis.

The software runs on Windows; Linux version due RSN, so they say.

50 bucks buys you 5 pseudonyms for a year. Hizonner says check it out (when the Web site comes back up).

Disclaimer: I want to work for these guys.

It's inevitable: simple economics, plus the gov't. (5)

IronChef (164482) | more than 14 years ago | (#1119882)

I work for a big .com, and in the course of my product management duties I have picked up some knowledge about how ad rates on the net are set up.

(Vocabulary you need to know: CPM. CPM stands for "cost per thousand," and it is how ads are sold. Show an ad to 1000 people, and you earn the ad's CPM, less a fee for ad serving, which is somewhere around $0.30-$0.50, from AdSmart anyway.)

Anyway, here's why all this tracking hoo-hah is inevitable...

Un-targeted banner ads -- the "bottom feeders," I have heard them called -- command a measly $1-3 CPM. Many sites that do not have their users categorized display these "run of site" untargeted banners. They make a few bucks per CPM. Nice, but it's not the big money.

Targeted ads are much more lucrative. If your users are divided into highly "vertical" segments, like car people, pet people, etc. you can make $10-$15 CPMs.

Right there is the motivation for all of this. Targeted ads make the big bucks.

But, look on the bright side... in the coming no-privacy ISP world, there's an opportunity for a number of right-thinking geek-run ISPs to really grow and serve our needs...

... until the government fixes that by banning on-line anonynimity. Which is their ultimate goal -- don't doubt that for a minute. The President stated that very clearly recently. I wish I had the link handy. Right now we should also be thinking of ways to defeat enforced-by-law identity tracking, as it is inevitable.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...