Overclock.net banner
Status
Not open for further replies.

[The Intercept] The Senate Just Voted to Sell You Out to Advertisers

9K views 162 replies 58 participants last post by  Arizonian 
#1 ·
https://theintercept.com/2017/03/23/the-senate-just-voted-to-sell-you-out-to-advertisers/

Quote:
In a 50-to-48 vote along party lines, the U.S. Senate decided to kill FCC rules blocking your ISP from selling your browsing history to the advertising industry without permission. Should the change pass the House, as is expected, the likes of Comcast and Verizon will be able to make money disclosing what you buy, where you browse, and what you search from your own home, all without asking permission.

In an immediate signal that the vote will only benefit monied corporate interests and not the roughly 70% of Americans with a home broadband connection, the Internet & Television Association trade group gloated over their congressional victory:

...

The EFF further warned that without the FCC protections, ISPs would not only be able to commodify your browser history, but "[hijack]their customers' search queries and [redirect] them to a place customers hadn't asked for" and "inject ads into your traffic based on your browsing history." Should Republicans succeed in dismantling the Obama-era rules through this action sponsored by Sen. Jeff Flake, the FCC would be barred from ever reestablishing such consumer protections in the future.
This is madness. American OCNers at this rate may need a VPN or something along those lines. That and HTTPS everywhere must come.
 
#2 ·
#3 ·
Yawn, who cares? I seriously can't understand why you guys get so worked up about stuff like this that doesn't matter even a little bit?
 
#4 ·
So glad I invested in a WatchGuard FireBox and other dedicated firewalls with Pi-hole and other various other software to keep crap like this from touching my network.
 
#5 ·
Quote:
Originally Posted by b3machi7ke View Post

Honestly, even with HTTPS everywhere, at the rate this is going, isn't it entirely within the realm of possibility of ISP's requiring you to install a cert in order to use their services and allowing them to see all https traffic? I'm not saying that is happening as we speak, but if "the powers that be" are willing to so easily allow ISPs to sweep up all this data, I contend it's not a far stretch for them to allow ISPs (for safety/security/etc... reasons) to force installation of their own cert somewhere in the chain to read all your HTTPS traffic, in which case VPNs would be all that stands between you and all your most sensitive data..
Not really, I mean they could try to SSL proxy your data and terminate it at their side, but nobody is going to give out a full * wildcard cert.. Handling an internet's worth of SSL sessions is a bit beyond what's reasonable from an expense perspective as well.

I'd dump an ISP immediately if they tried that shenanigans.
Quote:
So glad I invested in a WatchGuard FireBox and other dedicated firewalls with Pi-hole and other various other software to keep crap like this from touching my network.
Firewalling doesn't really help in this case as it's viewing the traffic you initiate/request for. They just effectively wireshark what's upstream from your house. You can wrap it in a VPN or something similar to obfuscate what shows up in the payload, however.
 
#6 ·
Quote:
Originally Posted by beers View Post

Not really, I mean they could try to SSL proxy your data and terminate it at their side, but nobody is going to give out a full * wildcard cert.. Handling an internet's worth of SSL sessions is a bit beyond what's reasonable from an expense perspective as well.

I'd dump an ISP immediately if they tried that shenanigans.
Firewalling doesn't really help in this case as it's viewing the traffic you initiate/request for. They just effectively wireshark what's upstream from your house. You can wrap it in a VPN or something similar to obfuscate what shows up in the payload, however.
So I've been around long enough, I know your networking knowledge far surpasses what I'll probably ever know. But I thought if somehow they required you to install a cert in your browser (or as trusted cert/chain or something along those lines) then they can basically read any/all traffic that's sent over https. Basically, like what a lot of employers do on their corporate networks. Or am I misunderstanding how an ISP-cert installed in your browser/router would work?

::edit:: maybe not a lot, but certainly for large companies or companies that work with financial or otherwise sensitive data, I thought that was what they did to help monitor both internal and external network traffic to look for suspicious traffic. If large companies do actually do that, it doesn't seem like a stretch that ISPs would do that at some point...
 
#7 ·
Yep, some companies do that. The ISP can't really 'forcibly require you' to trust their certificate though like they would in a controlled domain environment of a company, in that case you would just get constant certificate errors while browsing as the "for all destinations" certificate is only self signed by the ISP and did not originate from a known valid certificate authority.

Also, with the advent of PFS and modern cipher suites, the browsing session key chain is no longer exclusively based on the private key. This means that even if they obtained your private key, they can't automatically decrypt the traffic from that session. That doesn't really apply to a full SSL proxy as the data is decrypted at a specific demarcation point, however if you can negotiate to the endpoint server via TLS when leveraging PFS then you will see those benefits.

https://en.wikipedia.org/wiki/Forward_secrecy
Quote:
I know your networking knowledge far surpasses what I'll probably ever know.
You are too kind. I know how to plug in an ethernet cable if that helps
biggrin.gif
 
#8 ·
Quote:
Originally Posted by beers View Post

Yep, some companies do that. The ISP can't really 'forcibly require you' to trust their certificate though like they would in a controlled domain environment of a company, in that case you would just get constant certificate errors while browsing as the "for all destinations" certificate is only self signed by the ISP and did not originate from a known valid certificate authority.

Also, with the advent of PFS and modern cipher suites, the browsing session key chain is no longer exclusively based on the private key. This means that even if they obtained your private key, they can't automatically decrypt the traffic from that session.

https://en.wikipedia.org/wiki/Forward_secrecy
You are too kind. I know how to plug in an ethernet cable if that helps
biggrin.gif
It's possible I have you confused with another user then, it's been almost 2 years (perhaps more) since i've been on OCN, i just remember the username honestly. Perhaps I was thinking of another topic. either way, good to know I'm not crazy that some companies do that and good to know it's not as easy to pull off 'in the wild' as compared to a company
smile.gif
 
#10 ·
Quote:
Originally Posted by Majin SSJ Eric View Post

Yawn, who cares? I seriously can't understand why you guys get so worked up about stuff like this that doesn't matter even a little bit?
You might be okay with corporations sticking their nose in whatever you do in the privacy of your own home, doesn't mean others are. I don't want a corporation having access to every conversation, every story I read, every thing I buy or watch. It's none of their damn business what I do with my time or money. Which is why I use adblockers on every site I visit. It's also why I root and use adblocker on my phone. Also, why I don't have cable tv (I'm not paying 40% of a monthly bill straight to ads for crap I don't want or need).

This whole "just don't do anything illegal" idea is as dangerous as it is repulsive. People should have more rights than corporations.
 
#11 ·
This isn't just about ISPs, this shows that you have no right to privacy or anything that you as a human being do.

But what was that about 'nothing to hide'? What was that about it's okay for them to have backdoors? What was that about Windows 10 really isn't that bad? What was that about the hardware backdoors built-in to our CPU's and networking equipment? What was that about us living in the surveillance state for many years but now it's becoming more and more public, where the totalitarianism can be practiced in the public eye now?
 
#12 ·
Quote:
Originally Posted by assaulth3ro911 View Post

This isn't just about ISPs, this shows that you have no right to privacy or anything that you as a human being do.

But what was that about 'nothing to hide'? What was that about it's okay for them to have backdoors? What was that about Windows 10 really isn't that bad? What was that about the hardware backdoors built-in to our CPU's and networking equipment? What was that about us living in the surveillance state for many years but now it's becoming more and more public, where the totalitarianism can be practiced in the public eye now?
Yep. Don't care about any of that. None of what you said even comes close to totalitarianism.
 
#15 ·
The EFF is only concerned now? Your ISP already tracks, records, and sells information about your HTTP and HTTPS traffic (as well as domain info). The biggest buyers include Facebook, Google, etc.

Little slow on the uptake...probably the only thing that hasn't been hit yet are VPN's, but I have a suspicion that's next.

Edit: tried wrangling my Congress critters. No response.
 
#17 ·
idk about you guys but I've always operated under the assumption that VPNs were compromised a long time ago, hence if I used one to buy my monthly kilo of poppy straw from the Ukraine and then got my door kicked in by Homeland Security it wouldn't come as too great a surprise
 
#18 ·
Quote:
Originally Posted by Jupitel View Post

Could anyone explain if/how this affects international users visiting a US Isp ip?
This hasn't passed the House so you don't need to worry...yet. There's also the possibility that this could be vetoed.
Quote:
Originally Posted by looniam View Post

communicate like you're an adult.
smile.gif
Congress critters do not understand polite, unfortunately. They will be handled as befits their low, base, bestial nature.
smile.gif
 
#19 ·
Quote:
Originally Posted by lombardsoup View Post

Congress critters do not understand polite, unfortunately.
I hear Congress creatures, Senate simians and all the various and sundry fauna of Foggy Bottom understand torches and pitchforks, though
 
  • Rep+
Reactions: kyrie74
#21 ·
Quote:
Originally Posted by lombardsoup View Post

Quote:
Originally Posted by canttouchthis64 View Post

I hear Congress creatures, Senate simians and all the various and sundry fauna of Foggy Bottom understand torches and pitchforks, though
Remember to spay and neuter your representatives.
and there is that exact chance every fours years, but what happens?

people fail to do anything.
 
#23 ·
Quote:
Originally Posted by looniam View Post

and there is that exact chance every fours years, but what happens?

people fail to do anything.
IMO, I wouldn't start panicking unless it passes the House. There's the (extremely slim) chance it may be less ******ed.

I'll be lucky to get an autogenerated response from my state's reps.
Quote:
Originally Posted by canttouchthis64 View Post

I fear they are lacking in the prerequisite characteristics for this endeavor, brother
lol I stand corrected.
 
#24 ·
Quote:
Originally Posted by lombardsoup View Post

Quote:
Originally Posted by looniam View Post

and there is that exact chance every fours years, but what happens?

people fail to do anything.
IMO, I wouldn't start panicking unless it passes the House. There's the (extremely slim) chance it may be less ******ed.

I'll be lucky to get an autogenerated response from my state's reps.
not panicking, just advocating people use their voice. which they can every fours years, if not more often, but fail to. though it curious how you think it will fail in the house whereas the article believes it will pass w/o much effort.
 
#26 ·
Even if I was ok with it, if they want to sell my data then I want my cut.

Time for a VPN.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top