Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Deep Packet Inspection Set To Return

Soulskill posted more than 3 years ago | from the rising-from-the-dead-to-feast-on-the-blood-of-the-living dept.

Privacy 125

siliconbits passes along this quote from a Wall Street Journal report: "'... two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users' interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly."

cancel ×

125 comments

Sorry! There are no comments related to the filter you selected.

Really? (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34353548)

More like the identity theft market....

Re:Really? (0)

Anonymous Coward | more than 3 years ago | (#34353892)

Yeah, my first thought was "would we give an exception to the USPS to look through and record peoples mail to better serve them advertisements because the USPS is in debt"???? No way. Same with this gig. The companies pursuing this tech will be struck down by our beautiful country's Constitution.

Re:Really? (1)

mjschultz (819188) | more than 3 years ago | (#34356004)

The better analogy is letting the USPS read our postcards and use information from that to create better advertisements to help pay for the service. You have a legitimate right to privacy with a sealed envelope (according to the law) and you have that same right to privacy if you seal your packets (i.e. encrypt them). In fact, your ability to protect your private packets is much stronger than your ability to protect your private mail.

Now, my personal opinion on the matter is that a decent company shouldn't use DPI in such ways, but it is my responsibility to protect information I want to keep private and to educate others to do the same.

Re:Really? (1)

easyTree (1042254) | more than 3 years ago | (#34356910)

In fact, your ability to protect your private packets is much stronger than your ability to protect your private mail.

How so? The contents of paper-based mail can be encrypted with a public key too and additionally has a sticky envelope flap!

Re:Really? (1)

SuricouRaven (1897204) | more than 3 years ago | (#34356860)

There is no constitutional issue if they get the customer's consent. I imagine at first it'll be opt-in, and later on it'll turn into a section under page 23 clause 129(c)3 on your ISP's contract. It's still legally binding, even if hardly anyone ever reads even page one.

i just wanted to be the first to post!! (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#34353552)

But really, who cares if they inspect my packets. as an administrator i have been able to do this for years.. and it never really needed to be used for anything better than advertising anyways. Its not a better than for instance a keylogger...

Oh, targeted spam? (1)

BadAnalogyGuy (945258) | more than 3 years ago | (#34353560)

How would I get those news stories that I'm so interested in? I'm not going to their website.

Maybe they'd like to clog up my inbox! Sure, what the hell. I always felt that having midget tranny anal fisting and nasty naked cilice-wrapped nuns were too hard to find. I'd love having that delivered right to me.

Re:Oh, targeted spam? (1)

ColdWetDog (752185) | more than 3 years ago | (#34353802)

Sure, what the hell. I always felt that having midget tranny anal fisting and nasty naked cilice-wrapped nuns were too hard to find. I'd love having that delivered right to me.

Careful what you ask for. I wouldn't be so quick to be posting stuff like this these days. If you know what I mean.

Keep your hands out of my packets. (1)

crovira (10242) | more than 3 years ago | (#34355146)

I repulsed by the very idea that they would violate of their common carrier status (we're Ma Bell, we connect everyone from presidents and kings to the scum of the earth - Ernestine the hone operator.)

If your ISP is doing that, thrown them off the 'net.

The day they announce some bone headed scheme like that is the day I use wide key PGP and 256 bit SSL to encrypt EVERYTHING I send.

(And I don't use Google mail for anything non-trivial.)

Encryption (0)

Anonymous Coward | more than 3 years ago | (#34353574)

This is why everything should be end-to-end encrypted... either at the application layer or at the transport layer (or both!)

Re:Encryption (2, Informative)

MichaelSmith (789609) | more than 3 years ago | (#34353926)

An ISP which controls DNS and access to certificates can transparently position itself in the middle of an encrypted link. Unless keys are exchanged off line, or through other networks, end to end encryption will not help.

Re:Encryption (1)

Threni (635302) | more than 3 years ago | (#34354056)

That would be illegal in the UK. ISPs tend to avoid doing stuff that's going to get them fined; lose them customers etc.

Re:Encryption (1)

CrossChris (806549) | more than 3 years ago | (#34356530)

It might be illegal, but certain ISPs (Virgin and BT) do plenty of illegal stuff. They have ever since the Phorm technology became available. Do you honestly believe they switched it off once they were caught?

Re:Encryption (1)

KhabaLox (1906148) | more than 3 years ago | (#34355840)

Can you explain that a little more to the lest tech savvy? What do you mean by "DNS control?" I'm guessing that simply using a DNS server that doesn't belong to your ISP isn't enough, is that correct? Is off-line keys the only way?

Re:Encryption (2, Informative)

MichaelSmith (789609) | more than 3 years ago | (#34356008)

Say you have an account with an ISP. The wider internet is accessed through the ISP network. Nothing stops the ISP from building a model of the internet within their network, so that when you think you are connecting to your bank, you actually connect to a proxy run by the ISP which forwards connections on to the bank.

This is how it works at my workplace. All SSL connections are proxied.

Re:Encryption (3, Informative)

SuricouRaven (1897204) | more than 3 years ago | (#34356864)

You can intercept and proxy an SSL connection easily enough, but you can't do so without detection - the certificate won't match, and browers would start warning of something suspicious.

I disagree (0)

way2trivial (601132) | more than 3 years ago | (#34357568)

if I'm the pipe that feeds you, and I provide your web pages

I can certainly answer with whatever I want to your request
and make it seem to come from the same IP address as you asked it from

Re:I disagree (2, Informative)

SuricouRaven (1897204) | more than 3 years ago | (#34357706)

You could, in theory... except that the browser already has a secure certificate installed with which to verify your identity. They come on the Windows CD (For IE, the most popular browser still) and are thus beyond your power to control. The math is very well-tested. Without access to the corresponding secret numbers for those certificates, no interception without detection. A government agency could pull it off, by demanding those certificates, but an ISP couldn't without their help.

Re:Encryption (1)

Anonymous Coward | more than 3 years ago | (#34357768)

Sculpture for sale [thesculpturepark.com] at [url=http://www.thesculpturepark.com]Sculpture park[/url]: bronze sculptures, metal sculptures, glass sculptures, wood sculptures, stone sculptures, sculpture parks!

Returns? Did it ever go away? (3, Insightful)

guanxi (216397) | more than 3 years ago | (#34353576)

Deep Packet Inspection Set To Return

I didn't know Deep Packet Inspection ever went away. Did I miss something?

Re:Returns? Did it ever go away? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#34354336)

No, it never went away. I used to work for a top5 cable ISP in the US... and all they did put their sandvines servers in 'shunt' mode. Also, they are corporately controlled, so they could be turned on ANYTIME for ANYTHING without the local network admins even being aware. Oh yeah, and I found access to them while i was still there, and still have access to them.... so I could turn them on for ANYTHING without anyone knowing also. Scary, huh? Firesheep anyone?

Re:Returns? Did it ever go away? (4, Interesting)

Savantissimo (893682) | more than 3 years ago | (#34355508)

No, as an ex-employee of a southeastern US ILEC I can tell you that they were doing deep packet inspection (and alteration) on all DSL lines from 2003 at latest. The equipment used was the Lucent BSN5000 switches. We weren't supposed to know about the packet alterations, but they made some problems impossible to fix.

Trust (3, Insightful)

Jugalator (259273) | more than 3 years ago | (#34353598)

I'm happy to hear you won't read the mails. I take your word for this, ISP's, because you're trustworthy!
Thanks for giving me your word, and only reading other parts of my surfing habits!

Re:Trust (4, Insightful)

Monkeedude1212 (1560403) | more than 3 years ago | (#34353616)

Its a stupid thing for them to say that too...

They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

Re:Trust (4, Insightful)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34353670)

Okay - so say my sensitive online activity includes compulsively looking up pornography. How exactly, are you going to determine that its the kind of activity I don't want you to be inspecting, WITHOUT INSPECTING IT?

Exactly the same way all the other trackers like google's doubleclick let people "opt-out" - they still collect all the information about you, they just defer from showing you advertising that would remind you that you are still being tracked. Seriously the industry's idea of "opt out" is never to opt out of data collection, its just to opt out of obviously skeeving you out.

Just sell me internet access please (5, Insightful)

rolfwind (528248) | more than 3 years ago | (#34353604)

And then consider it mine to do with as I please. If people thought of internet access like a rented apartment, they would recognize ISPs seeking revenue on the other end for the double dipping and theft for what it was. It would be like a landlord using your rented place as his storage area and requiring toll for any visitors.

Stop trying to make a 50 cents per user with everything else and be happy with my $20-50 per month. I stop frequenting other businesses that stop treating me less like a customer in my own right and more like a revenue stream to be exploited and maximized at all costs.

I know some people put up with this (buying the cheapest computers that have all manor or shitware on them) but I stopped that game long ago. Not worth my time.

I also drop any so-called friends that try to make me their lower step in any mlm scheme. It's all the same thinking and I want none of that.

Re:Just sell me internet access please (0)

Anonymous Coward | more than 3 years ago | (#34353686)

Great now people who get apartments are going to have to start dealing with someone coming in to paint the new adds on their walls every couple of weeks.

Re:Just sell me internet access please (1)

Culture20 (968837) | more than 3 years ago | (#34353886)

To be fair, if someone is running a meth lab out of their apartment, or has 20 members of their extended family living in a two-bedroom, I think it's okay for a landlord to provide warnings and then evict. That said, the analogy broke down far before that.

Re:Just sell me internet access please (2, Insightful)

rolfwind (528248) | more than 3 years ago | (#34354374)

That said, the analogy broke down far before that.

All analogies break down. If they didn't, it would be because all properties down the list would be equal meaning the situation is the exact same in every respect.

All that matters with an analogy is if it illustrates the point to the audience and whether it is truthful in doing so.

Re:Just sell me internet access please (0)

Anonymous Coward | more than 3 years ago | (#34353996)

I also drop any so-called friends that try to make me their lower step in any mlm scheme.

Oh thats NO fun. Its better to go to the meeting with their upstream. Then say these words 'what is my time to ROI? Not what can I do with more money but what is my ROI time.' Then walk everyone in the room thru the math on why you need more people on the planet to make money at this.

To crush a 'diamond' is much more fun. I like diamond dust I use it for my grinders :)

Plus it shows your friend that you do know what you are talking about with 'that is a scam'. If they do not see it that way leave them be then. At the very least you will have gotten a couple of people out of it.

Re:Just sell me internet access please (2, Insightful)

T-Bone-T (1048702) | more than 3 years ago | (#34354318)

You should read your lease. There are a large number of things you can't do in your apartment.

Re:Just sell me internet access please (5, Informative)

Pharmboy (216950) | more than 3 years ago | (#34355004)

You should read your lease. There are a large number of things you can't do in your apartment.

You should read your TOS. There are a large number of things you can't do with your ISP as well. The point is that as long as you are being a good customer, neither should be meddling into your life. There is already protection on the books for renters that vary from state to state, ie: the landlord has to give notice before an inspection, they can't just kick you to the curb for no reason with 1 days notice, etc. The problem is that there is NO consumer protections for customers of internet access. They just keep figuring out new ways to try to make money off of you, typically at your expense. In older consumer markets, they would be subject to fines and/or prosecution for similar actions.

The problem is that since it is the internet, they think that there are no rules that apply to them, and unfortunately, they are almost correct.

Re:Just sell me internet access please (1)

RobertM1968 (951074) | more than 3 years ago | (#34355924)

Actually, YOU should read YOUR TOS so you can see there are a large number of things that the ISPs can do, but haven't been doing up until this point. Much like how a certain OS manufacturer used to have a buncha services that the TOS stated they could use to sell anything you uploaded... and then later added an option in their picture service to do just that...

Most people never read the fine print in their TOS. I have.

Most people never stop long enough to try to determine what the term "business partner" covers... I have. In most companies' definition, it includes anyone who pays them.

Most of the people who actually do read a TOS, never stop to think about what the open ended phrases and "up to" phrases mean. I'm not one of those people either.

Heck, I've seen various usage agreements and TOS' that allow the company to do just slightly above nothing in offering you a service. Then it becomes a battle of "reasonable expectations" in what can be a costly court case.

Re:Just sell me internet access please (2, Insightful)

Pharmboy (216950) | more than 3 years ago | (#34357258)

You are missing the whole point: In your apartment, the landlord can't just put a clause that allows him to install hidden cameras or gets your first born child. It would be illegal regardless of whether it was in the fine print, as a general rule. (excepting reality shows...). Your ISP however, has the ability to chance the TOS any time without the housing authority oversight. You are stating the whole problem, that they can put shit in the TOS that should be illegal to begin with.

Use and anonymous cafe (0)

Anonymous Coward | more than 3 years ago | (#34358036)

It can be done.

Deja vu (3, Insightful)

jamlam (1101193) | more than 3 years ago | (#34353606)

Err, didn't they try this before [theregister.co.uk] and users hated it and it's invasion of privacy so much that it nearly caused a court case? What's changed to make it different this time? Oh look, nothing, they're just hoping everyone's forgotten already...

Re:Deja vu (4, Interesting)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34353688)

Unfortunately, so called "outrage fatigue" is both well recognized and quite effective. People with a direct profit motive can just keep trying, again and again, until all but the hardcore tinfoil hatters lose interest)...

Re:Deja vu (0)

Anonymous Coward | more than 3 years ago | (#34357296)

They're hoping that American consumers didn't hear about the British experiment presumably.

Re:Deja vu (1)

gilesjuk (604902) | more than 3 years ago | (#34357744)

It's almost considered to be equivalent to wire-tapping. Intercepting someone's communications.

In the end the EU gave the UK government a big slap for letting it happen:

http://www.theregister.co.uk/2010/09/30/eu_phorm/ [theregister.co.uk]

The difference is jurisdiction (0)

Anonymous Coward | more than 3 years ago | (#34358096)

US not EU. Different and sharper set of teeth in the EU. The UK government is in the process of being taken to court and facing very large daily fines for not dealing with the problem. It is now hurriedly trying to change the law - too little too late as usual.

National Do Not Advertise List!!! (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34353620)

Just like the "national do not call list" we need a "National do not advertise list" .

Re:National Do Not Advertise List!!! (2, Insightful)

lostmongoose (1094523) | more than 3 years ago | (#34354212)

It's not about 'not advertising to me' it's about 'not collecting my data in the first place.'

Re:National Do Not Advertise List!!! (0)

Dutch Gun (899105) | more than 3 years ago | (#34354526)

Advertisement is the motivation for collecting the data. We might be able to solve the collection problem by removing the monetary incentive.

Hmm... (5, Insightful)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34353650)

As much as I think Phorm, Nebuad, and their ilk are worse-than-worthless subhumans who are only alive because it is illegal to kill them, burn their corporate offices to the ground, and erase every last miserable trace of their existence, they might actually have an unintended positive impact.

At present, most sites the public interacts with(outside of the very moment of a credit card transaction or banking login) tend to skip SSL, even when that is a terrible idea. Social networks, email, loads of other not-directly-financial-but-really-shouldn't-be-unencrypted stuff goes flying over the wire, in the clear, because the providers don't want the computational overhead of SSL. Even when they have the capability, it is rarely the default, and people who go to http://foo.whatever/ [foo.whatever] typically aren't kicked over to https://foo.whatever./ [foo.whatever.]

However, most of those sites depend on advertising and user profiling(either third party, as in the case of sites that run adsense or equivalent, first party, as with Gmail, or as a proprietary advantage, as with Amazon's customer recommendation engine). The advertisers will be, to put it in the mildest possible terms Unbelievably Fucking Ripshit when they hear that ISPs and their spook cronies will be horning in on their action. Not Happy. Very, Very, Not Happy. And if you think that they were not happy at that, just wait until the DPI crew starts injecting 3rd party ads and things into pages. Using your DPI evil to, say, inject 3rd party recommended products right into Amazon or any other online retailer's website would be eminently doable, technologically. That will really piss them off. Lawyers will be deployed, faces will turn purple. Shoes will be banged upon boardroom tables, Khrushchev style.

Since, as stated above, strangling their executives with the entrails of their own children isn't generally legal, they'll have to do something else. Specifically, pull their cheap heads out of their tightwad asses and start using SSL more seriously. Since your ISP is the ultimate man-in-the-middle, they won't be able to stop them from seeing where you are going; but they will be able to stop them, dead, from monkeying with, or even reading in any useful way, your traffic.

Ideally, Phorm and friends will do more than the EFF has, probably by a substantial margin, to drive mainstream SSL adoption, and then suffer a series of crippling workplace spree-killings.

Re:Hmm... (0)

Anonymous Coward | more than 3 years ago | (#34354014)

If I could, I would buy you a cookie and a beer.

Very well put and spelled out for the average Slashdotter (like me).

cheers

Re:Hmm... (1)

SJ (13711) | more than 3 years ago | (#34354246)

It's interesting to note that if you try to visit Slashdot on 443, it immediately redirects you to 80...

Re:Hmm... (1)

tepples (727027) | more than 3 years ago | (#34355236)

It's interesting to note that if you try to visit Slashdot on 443, it immediately redirects you to 80...

Subscribe to disable this redirection.

Re:Hmm... (1)

mrmeval (662166) | more than 3 years ago | (#34355666)

So they want us to pay? So they might like this additional ad revenue stream. /. used to be cool

Re:Hmm... (1)

sgbett (739519) | more than 3 years ago | (#34356880)

How dare they provide a free service, that doesn't do exactly what I want!

Re:Hmm... (0)

Anonymous Coward | more than 3 years ago | (#34358040)

Yes, how dare they take a feature that is built into their httpd, disable it, and ask people to pay for it, even through it doesn't cost them anything remotely significant. Reminds me of telephone companies.

Re:Hmm... (0)

Anonymous Coward | more than 3 years ago | (#34354252)

Absolutely, encryption is the key. (Pun intended.) Any communication link you use should be by default assumed to be untrusted, simple as that. Anyone along the chain of hops is able (and sometimes eager) to snoop on connections. It's dangerous out there.

Often I get the tone from the various as-seen-on-slashdot analogies (unlocked car doors, information that can be seen through your house windows, advertising that you have an open wifi connection) that force is unnecessary or useless when dealing with bad guys who use your data in a manner you find objectionable. It could be fraudsters, vandals, pranksters, or in this case, advertisers. (I agree that preventing it all in the first place is preferable, but must we take all the fun out of imagining the bastards clubbed with a bat?)

I started studying encryption a few months ago. Later firesheep is released, articles about it and articles like these come along. It feels like encryption is in the zeitgeist. (Or maybe it's just my confirmation bias.)

Regards,
AC

SSL can only be adopted if provided by websites (2, Interesting)

Mandrel (765308) | more than 3 years ago | (#34354482)

Using SSL may not be a solution, because websites that think that these techniques will increase their revenue, because the ads they display will be better targeted, have an incentive to not provide an SSL service.

Re:SSL can only be adopted if provided by websites (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#34355028)

I'm obviously not expecting 100% noncompliance from all websites, there is always somebody willing to try, if the money looks good; but I would argue that Phorm, and anybody with a similar business model, are a necessarily pro-isp, anti-site operator outfit and that that will not endear them to web operators.

The situation is actually quite analogous to net-non-neutrality. Some sites will likely play ball; but the overall effect of such a scheme is(quite evidently to any player paying attention) a net transfer of wealth from website operators to ISPs.

Phorm et al. are, essentially, in the business of providing the technology for ISPs to leverage their man-in-the-middle position to extract rents from the online advertising/behavioral-research market, rather than just being a dumb pipe for it; just as deals to selectively speed, degrade, or redirect traffic are attempts to exploit that same position with respect to the market in data transmission. In both cases, certain sites, particularly losers owned by entities with substantial capital from other operations(say, for example, Myspace, which is getting its clock cleaned by Facebook; but might be tempted to buy an otherwise unavailable advantage by making a deal with the men-in-the-middle) may be tempted to bite; but the overall intent is quite clearly against the interests of website operators and advertisers as a class.

A website operator or advertiser can already show ads and gather data on people who they manage to entice, by offering something of interest or value, to visit them. With Phorm and friends, an ISP can snap up exactly the same data from all their subscribers, while still getting paid. Even if they refrain from actively modifying content(it would be technologically trivial, for instance, to strip google ads and insert bing ones in their place on an unencrypted site) site operators and advertisers aren't going to be happy. If they don't refrain, There Will Be Blood...

Re:Hmm... (2, Insightful)

pknoll (215959) | more than 3 years ago | (#34355500)

One small issue with moving everything to https is that you need one IP address per domain. That puts a pretty big wrinkle in the many, many servers out there that serve up multiple domains per IP. (Technically, you can do so if you utilize unique ports on the same IP for each served domain, but that breaks the "just works" aspect of port 443).

It's not insurmountable, but it does put more pressure on the already shrinking IPv4 pool. Another reason to hasten the adoption of IPv6, I suppose...

I think this is... (3, Insightful)

Etyme (1747182) | more than 3 years ago | (#34353656)

...a good reason to encrypt everything by default.

Re:I think this is... (1, Insightful)

Anonymous Coward | more than 3 years ago | (#34353830)

For how many more years do you think that will be legal, outside of https for your credit card numbers and such which they can't really get rid of?

Encryption causes all kinds of "problems" for those who would be our masters. I'm starting to surf through an encrypted VPN tunnel for anonymity, and use GPG for emails to and from friends. I expect inside 10 years there will be laws letting governments shut that kind of thing down. Only terrorist need privacy.

Re:I think this is... (0)

Anonymous Coward | more than 3 years ago | (#34353848)

Optimism: won't happen.
Businesses need privacy more.

Re:I think this is... (1)

SuricouRaven (1897204) | more than 3 years ago | (#34356878)

A valid point. It's not practical to ban encryption, it's too commercially useful. I imagine any government afraid of it will take the UK route: Make it a criminal offense to refuse to supply the keys to a law enforcement agency.

Re:I think this is... (1)

wvmarle (1070040) | more than 3 years ago | (#34358062)

That works only in a few situations.

Encrypted e-mail maybe, encrypted storage in general will work.

But not your https connection. Or ssl connection. For those there are no keys stored: they are created time and again, and dropped when done. "Listened" in to an encrypted VoIP conversation? Well good luck getting keys to decrypt that.

You make it sound... (1)

Lanteran (1883836) | more than 3 years ago | (#34354814)

... like there weren't a plethora of reasons to before.

Your Honor (3, Insightful)

paiute (550198) | more than 3 years ago | (#34353658)

Your Honor, my client was irreparably harmed by a Comcast customer's emails and web traffic, which they now have the technical abiltiy to monitor and are in fact doing so on a regular basis to their financial advantage. Comcast's failure to use this technology to stop the harm done to my client is the basis for our claim of one bazillion dollars in damages.

Re:Your Honor (0)

Anonymous Coward | more than 3 years ago | (#34357122)

Anyone who works for these companies, is friends with those who work at these companies, should be barred from trading commodities, equities or bonds on the basis they have access to inside information unavailable to the general public
Anyone who executes a trade of any sort, including reallocating their 401k spend should be imprisoned for insider trading
Anyone with access to the end product including advertisers should be barred from all markets as they have access unavailable to the general public
This includes everyone at google as well

The real problem (1)

morcego (260031) | more than 3 years ago | (#34353668)

The real problem with this kind of technology is that it works often enough to make it worth for them. I for one blame, first and foremost, the people who buy from this kind of advertisement (including spam).

Re:The real problem (1)

SuricouRaven (1897204) | more than 3 years ago | (#34356888)

Advertising works. It's become a very sophisticated blend of art and science. Modern advertising agencies hook people up to fMRI machines to monitor their brain activity, they employ psychiatrists to find the points of emotional manipulation. This isn't the old days, when advertising was just about making your product look better than your competitor's. A skilled manipulator can make people crave a product without even realising why.

Let it come! (0)

Anonymous Coward | more than 3 years ago | (#34353706)

Just let it come, and let it come fast so that encryption becomes mainstream and make them shoot themselves in their foot.

As soon as encryption becomes mainstream it will be much harder for anyone to try to track emails, torrents, IMs, etc.
Say goodbye to many privacy concerns.

Incentive (5, Informative)

Beerdood (1451859) | more than 3 years ago | (#34353712)

When I started reading this article, I thought to myself "what possible incentive could they possibly provide if I opt in for targeted ads? Maybe a cheaper monthly bill?" Then I found this little gem :

The companies now offering ad services based on deep packet inspection believe they have learned how to make the services acceptable to privacy advocates and Internet users. This includes asking for permission up front and offering people incentives to receive targeted ads, such as Kindsight's free security service, which includes identity-theft protection. Customers can pay a monthly fee to receive no ads.

Wow, that's just fucking fantastic. So according to their model, you're going to have to pay your ISP to not receive ads..? Great, now my ISP is going to start a protection racket - "hey, for a small monthly fee, we won't bombard you with ads and snoop your data!".

Re:Incentive (3, Funny)

MightyMartian (840721) | more than 3 years ago | (#34353808)

Yeah, you sees, if you pay da money to us, your bakery won't, y'know, burn down, see?

Re:Incentive (1)

Rob_Bryerton (606093) | more than 3 years ago | (#34355664)

Not that I agree w/this model of paying to not see ads, but a lot of sites are doing this, including slashdot. Again, that doesn't make it "right". Just a thought.

Re:Incentive (1)

Skidborg (1585365) | more than 3 years ago | (#34356198)

Hang on, that fee will only make you stop receiving ads, not make them stop snooping your data.

Re:Incentive (0)

Anonymous Coward | more than 3 years ago | (#34357764)

There is no difference between a discount to receive adds and paying a monthly fee to not receive adds. you may perceive it as a difference but it is really not there.

They'll still snoop your data (0)

Anonymous Coward | more than 3 years ago | (#34357820)

The just won't target you with ads. They'll save the data until the day when you can't afford to opt out...

Re:Incentive (1)

wvmarle (1070040) | more than 3 years ago | (#34358074)

Bad marketing.

They should raise the fees by that amount, and then offer a discount for the version with extra ads. And then the discounted version is the same cost as the old price. And of course advertise the hell out of the "discounted" price as if that's the new "enhanced" service.

Protecting Privacy (1)

vldragon (981127) | more than 3 years ago | (#34353718)

"protect people's privacy with steps that include obtaining their consent" That sounds more like protecting the ISP then anyones privacy...

Don't touch my packet! (2, Funny)

rsteele19 (150541) | more than 3 years ago | (#34353722)

I read the headline and assumed this would be another story about the TSA's screening procedures...

Re:Don't touch my packet! (4, Funny)

MightyMartian (840721) | more than 3 years ago | (#34353762)

The difference is subtle. The TSA scanners scan your penis, Phorm's scanners scan you scanning other peoples' penises.

Re:Don't touch my packet! (3, Funny)

seanonymous (964897) | more than 3 years ago | (#34353814)

The TSA's version is called Deep Package Inspection. It's totally different.

Phorm phights phoul phreedom phighters (2, Funny)

David Gerard (12369) | more than 3 years ago | (#34353796)

Beleaguered Internet advertising phirm Phorm is hitting back at critics with StopPhoulPlay.com, in an attempt to lure Internet activists into herniating from laughter.

"It is clear that the campaign against Phorm originates in the sinister manipulations of Alex Hanff and Marcus Williamson," said Kent Ertegun, CEO of Phorm, "who have used mind control lasers and the killer robot armies of the Open Rights Group and FIPR to deceive millions of Britons into a Communistic fervor of hatred against the engines of the free market and customer demand, the salesmen and marketers, the true creators and enablers of objective value."

The website, designed in Microsoft Word, uses the infallible public relations format so successfully put into play by the ReligiousFreedomWatch.org site of the Church of Scientology, an upstanding community institution of similarly flawless repute. StopPhoulPlay.com reveals how:

  • At the age of five, Hanff REFUSED to share his crayons with the little girl next to him, saying she was "poopy" and would only draw a picture to be used against him.
  • At age twelve, Williamson accepted MONEY from his mother to buy sweets, but not to tell schoolmates in case they wanted some.
  • Hanff and Williamson may have attempted to access POTENTIALLY ILLEGAL images blocked by the Internet Watch Foundation.
  • Hanff and Williamson have used WIKIPEDIA at least once in their lives.
  • Hanff and Williamson INVADED POLAND in 1939.

"Given the persistence with which they propagate incorrect information, we cannot rule out the possibility that a competitor is involved," he said. "The competitor goes under the name 'reality.' Needless to say, we have no tolerance for an entity of such limited possibilities.

"These people are privacy pirates — people who steal privacy online, off the coast of Somalia. With Internet guns! And drugs! And child pornography!"

Mr Hanff and Mr Williamson said they were unsure whether to sue Phorm into atomic dust for gross defamation or just to let them continue with their infallible public relations work. Phorm shares have dropped from 405p to being rated a "serious infection risk" by the World Health Organization.

Picture: Targeted just for you. [newstechnica.com]

What if they did this with phone calls? (5, Interesting)

Logic Worshipper (1518487) | more than 3 years ago | (#34353810)

Could anyone imagine the uproar if phone companies let telemarketers listen to your calls to find out what kind you products to market to you? This would give ISPs the ability to that to non-encrypted voip calls.

I couldn't imagine a cell phone or land-line phone company getting away with that.

Re:What if they did this with phone calls? (2, Interesting)

dltaylor (7510) | more than 3 years ago | (#34354032)

Don't they?

Not the content, at least for now, but there's money to be made selling the contact list, and not just to the gov't.

If you're regularly calling the local pharmacy, for example, don't the health insurance scammers have "a right to know that" (for a fee, of course) so they can stuff your mailbox (and email box, if you're lame enough to use your phone company as an ISP) with advertising?

Re:What if they did this with phone calls? (1)

Logic Worshipper (1518487) | more than 3 years ago | (#34354680)

No, no one who doesn't have a warrant has the right to know if I'm calling the local pharmacy, my mistress, or a local drug dealer. And this would include the content of the transmission, not just to/from information.

Warrantless wiretapping isn't OK, even if it's just done by corporations.

Re:What if they did this with phone calls? (1)

SuricouRaven (1897204) | more than 3 years ago | (#34356898)

The health insurance companies would want to know that too. If you keep calling the pharmacy you may have a preexisting condition or just general health, and they'd like to be aware of that before they accept your risk.

Re:What if they did this with phone calls? (0)

Anonymous Coward | more than 3 years ago | (#34357158)

Won't make a difference, they already have rights to check your medical records pretty much anytime they want. If you are getting something from a real pharmacy there is a doctor who charged someone for an appointment, a prescription written by that doctor, etc, etc. The fact you call them is pretty insignificant.

Nope. Nope and some more nope.. well... (0)

Anonymous Coward | more than 3 years ago | (#34353838)

The only way i will ever sign up for this is if:
1) i have full control over the service down to the lowest levels of my "profile".
2) can turn it on and off at will
3) will at least get a cheaper connection for it.
1 and 2 are possible maybes, but i highly doubt 3 will ever happen.

I, personally, do not mind in the slightest targeted advertising. But if the companies aren't going to be honest with me, or allow me control of my profile to make it better for me AND them*, then i don't want anything to do with them.
People will wonder if i am serious. And to answer that pretty simply, yes, i am very serious.
I don't want to see ads for useless crap, or stuff i hate, this is why most people hate advertising as it is, they are unrelated to anything they like.
I like games, computing, architecture, horror, sci-fi. I don't care about football, i don't care about some awful "pop princess" shaving her head clean, and i certainly don't care about cars.
I love when websites let you choose what things you get to see. This is usually a much more acceptable method of targeted advertising for most people.

If you hate targeted advertising, why do you hate it so much? Do you really think you have any privacy browsing the net? You don't know 100% for sure that ISPs aren't collecting data on you unless you personally work there for one. (or government at that)
Your government almost certainly has more information on you than all of those internet entities out there combined, regardless, so i don't see why you care so much about some websites gathering some information on you...
Are you scared friends and/or family find out you are in to midgets or something else? Hey, guess what, all those people you know, they all have sexual fetishes as well. And, unless they are extremely tight gits, they will probably not even care about it the day after, maybe tease you about it for a few days, maybe a week, but they really won't give a damn. If they do? Tell them to go to hell, find better friends, ditch the family, problem solved. (joking, of course. OR AM I?!)

* by providing amendments to data, such as erasing stuff i don't actually care about and was linked to by a friend, or just casually came across it when browsing random crap.
They benefit from nothing if they just log and advertise using everything.

"Opt out" of the Internet service altogether? (3, Interesting)

whoever57 (658626) | more than 3 years ago | (#34353844)

Does "obtaining consent" and allowing "opt-out" mean that customers will be free to terminate their Internet connection if they don't opt-in? Or will there be an option to retain Internet service while opting-out of the snooping?

Re:"Opt out" of the Internet service altogether? (0)

Anonymous Coward | more than 3 years ago | (#34358148)

Of course you would be able to retain your internet connection, for a small fee.

HTTPS everywhere! (1, Informative)

Anonymous Coward | more than 3 years ago | (#34353982)

http://www.eff.org/https-everywhere

Inspect *this* !

I love PR articles (1)

thePowerOfGrayskull (905905) | more than 3 years ago | (#34354282)

I love PR articles like this one. This is the kind of piece that future researchers can than use as a reference - since it appeared in a reputable newspaper, it's "proof" that such services are "coming back". Ultimately the companies offering this service are made to appear more legitimate to potential investors and partners -- even though readig the article shows no actual evidence of a "comeback" for deep packet inspection beyond the fact that a couple of companies are trying to get it moving. cf "Suits are back!" [paulgraham.com]

Oooo.. free "security".. Customized web experience (1)

countertrolling (1585477) | more than 3 years ago | (#34354862)

Polly want a fucking cracker?

I want money! That's what I want!. Peeking at my package.. er packets will cost you a pretty penny.

Re:Oooo.. free "security".. Customized web experie (0)

Anonymous Coward | more than 3 years ago | (#34357186)

Don't peek my packet man!

tis called https (1)

MarkH (8415) | more than 3 years ago | (#34354914)

quite effective at deep packet inspection and other man in middle attacks.

Now! (2, Insightful)

CSFFlame (761318) | more than 3 years ago | (#34354946)

Everyone needs to get off their asses and enable https.

Re:Now! (2, Insightful)

dargaud (518470) | more than 3 years ago | (#34356420)

Everyone needs to get off their asses and enable https.

The https-everywhere plugin is great, but as a small website writer, am I supposed to $hell for a certificate or am I supposed to explain to my readers that, yes, the self-signed certificate is not a sign of viral attack onto their browser from my parts. Good luck with that.

Re:Now! (2, Interesting)

CyberDragon777 (1573387) | more than 3 years ago | (#34357202)

You should get one for free: http://www.startssl.com/?app=1 [startssl.com]

Re:Now! (2, Informative)

wvmarle (1070040) | more than 3 years ago | (#34358104)

Then at least give the correct link: https://www.startssl.com/?app=1 [startssl.com] !

"Security" Service? Really? (4, Interesting)

Lanir (97918) | more than 3 years ago | (#34355326)

I love how they settled on the soft target of "identity theft protection" too. This is just a non-starter.

Let's see if we can boil down what a truthful ad for their spyware would look like.

"Hi! I want to provide you with a service we're going to say protects you from someone pretending to be you. Most likely we'll make sure you can't possibly sue us if someone does steal your identity or we'll just claim someone got your info offline or from a computer not covered by the service.

In return, you let is spy on you and use this to send ads to you. We promise not to look at certain types of info but this won't be transparent to you in any way. And realistically speaking, we can't possibly keep up with every site of the type we're saying we don't look at but we'll lie to you and say we won't look at email or sites with medical information anyway. By the way did we mention our EULA will immunize us from prosecution for doing it anyway?

In summary: We onwzorz your infos and you oggle our ads. We'll also make gratuitous statements about protecting your info but you won't be able to hold us to any of it. Have a good day! Big Brother is watching and he wants you (and your little wallet too)!

So, Advertisers/ISPs can (1)

Stan92057 (737634) | more than 3 years ago | (#34355894)

So, Advertisers/ISPs can do this,but police need a search warrant to do the same thing? This is a very wrong picture.

Re:So, Advertisers/ISPs can (1)

JeffAtl (1737988) | more than 3 years ago | (#34356548)

Even worse, this gives the police the ability to obtain the information without a warrant by just asking the ISPs to make it available to them.

Wiretapping laws would probably protect voice communications, but all other information would be fair game since the ISP isn't acting as an agent of the police but simply an entity willing to share information that it owns as a "public service".

Use a VPN (0)

Anonymous Coward | more than 3 years ago | (#34357910)

Use a VPN in a country like Switzerland that has stringent data protection laws. Problem solved, everything is encrypted to hell, and you don't have to dick around with SSL.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>