In a 50-to-48 vote along party lines, the U.S. Senate decided to kill FCC rules blocking your ISP from selling your browsing history to the advertising industry without permission. Should the change pass the House, as is expected, the likes of Comcast and Verizon will be able to make money disclosing what you buy, where you browse, and what you search from your own home, all without asking permission.
In an immediate signal that the vote will only benefit monied corporate interests and not the roughly 70% of Americans with a home broadband connection, the Internet & Television Association trade group gloated over their congressional victory:
...
The EFF further warned that without the FCC protections, ISPs would not only be able to commodify your browser history, but "[hijack]their customers' search queries and [redirect] them to a place customers hadn't asked for" and "inject ads into your traffic based on your browsing history." Should Republicans succeed in dismantling the Obama-era rules through this action sponsored by Sen. Jeff Flake, the FCC would be barred from ever reestablishing such consumer protections in the future.
What else is new, we're already dealing with warrant-less searches and back doors in operating systems. I'm almost ready to just drop everything and live like Thoreau.
So glad I invested in a WatchGuard FireBox and other dedicated firewalls with Pi-hole and other various other software to keep crap like this from touching my network.
Honestly, even with HTTPS everywhere, at the rate this is going, isn't it entirely within the realm of possibility of ISP's requiring you to install a cert in order to use their services and allowing them to see all https traffic? I'm not saying that is happening as we speak, but if "the powers that be" are willing to so easily allow ISPs to sweep up all this data, I contend it's not a far stretch for them to allow ISPs (for safety/security/etc... reasons) to force installation of their own cert somewhere in the chain to read all your HTTPS traffic, in which case VPNs would be all that stands between you and all your most sensitive data..
Not really, I mean they could try to SSL proxy your data and terminate it at their side, but nobody is going to give out a full * wildcard cert.. Handling an internet's worth of SSL sessions is a bit beyond what's reasonable from an expense perspective as well.
I'd dump an ISP immediately if they tried that shenanigans.
Quote:
So glad I invested in a WatchGuard FireBox and other dedicated firewalls with Pi-hole and other various other software to keep crap like this from touching my network.
Firewalling doesn't really help in this case as it's viewing the traffic you initiate/request for. They just effectively wireshark what's upstream from your house. You can wrap it in a VPN or something similar to obfuscate what shows up in the payload, however.
Not really, I mean they could try to SSL proxy your data and terminate it at their side, but nobody is going to give out a full * wildcard cert.. Handling an internet's worth of SSL sessions is a bit beyond what's reasonable from an expense perspective as well.
I'd dump an ISP immediately if they tried that shenanigans.
Firewalling doesn't really help in this case as it's viewing the traffic you initiate/request for. They just effectively wireshark what's upstream from your house. You can wrap it in a VPN or something similar to obfuscate what shows up in the payload, however.
So I've been around long enough, I know your networking knowledge far surpasses what I'll probably ever know. But I thought if somehow they required you to install a cert in your browser (or as trusted cert/chain or something along those lines) then they can basically read any/all traffic that's sent over https. Basically, like what a lot of employers do on their corporate networks. Or am I misunderstanding how an ISP-cert installed in your browser/router would work?
::edit:: maybe not a lot, but certainly for large companies or companies that work with financial or otherwise sensitive data, I thought that was what they did to help monitor both internal and external network traffic to look for suspicious traffic. If large companies do actually do that, it doesn't seem like a stretch that ISPs would do that at some point...
Yep, some companies do that. The ISP can't really 'forcibly require you' to trust their certificate though like they would in a controlled domain environment of a company, in that case you would just get constant certificate errors while browsing as the "for all destinations" certificate is only self signed by the ISP and did not originate from a known valid certificate authority.
Also, with the advent of PFS and modern cipher suites, the browsing session key chain is no longer exclusively based on the private key. This means that even if they obtained your private key, they can't automatically decrypt the traffic from that session. That doesn't really apply to a full SSL proxy as the data is decrypted at a specific demarcation point, however if you can negotiate to the endpoint server via TLS when leveraging PFS then you will see those benefits.
Yep, some companies do that. The ISP can't really 'forcibly require you' to trust their certificate though like they would in a controlled domain environment of a company, in that case you would just get constant certificate errors while browsing as the "for all destinations" certificate is only self signed by the ISP and did not originate from a known valid certificate authority.
Also, with the advent of PFS and modern cipher suites, the browsing session key chain is no longer exclusively based on the private key. This means that even if they obtained your private key, they can't automatically decrypt the traffic from that session.
It's possible I have you confused with another user then, it's been almost 2 years (perhaps more) since i've been on OCN, i just remember the username honestly. Perhaps I was thinking of another topic. either way, good to know I'm not crazy that some companies do that and good to know it's not as easy to pull off 'in the wild' as compared to a company
You might be okay with corporations sticking their nose in whatever you do in the privacy of your own home, doesn't mean others are. I don't want a corporation having access to every conversation, every story I read, every thing I buy or watch. It's none of their damn business what I do with my time or money. Which is why I use adblockers on every site I visit. It's also why I root and use adblocker on my phone. Also, why I don't have cable tv (I'm not paying 40% of a monthly bill straight to ads for crap I don't want or need).
This whole "just don't do anything illegal" idea is as dangerous as it is repulsive. People should have more rights than corporations.
This isn't just about ISPs, this shows that you have no right to privacy or anything that you as a human being do.
But what was that about 'nothing to hide'? What was that about it's okay for them to have backdoors? What was that about Windows 10 really isn't that bad? What was that about the hardware backdoors built-in to our CPU's and networking equipment? What was that about us living in the surveillance state for many years but now it's becoming more and more public, where the totalitarianism can be practiced in the public eye now?
This isn't just about ISPs, this shows that you have no right to privacy or anything that you as a human being do.
But what was that about 'nothing to hide'? What was that about it's okay for them to have backdoors? What was that about Windows 10 really isn't that bad? What was that about the hardware backdoors built-in to our CPU's and networking equipment? What was that about us living in the surveillance state for many years but now it's becoming more and more public, where the totalitarianism can be practiced in the public eye now?
The EFF is only concerned now? Your ISP already tracks, records, and sells information about your HTTP and HTTPS traffic (as well as domain info). The biggest buyers include Facebook, Google, etc.
Little slow on the uptake...probably the only thing that hasn't been hit yet are VPN's, but I have a suspicion that's next.
Edit: tried wrangling my Congress critters. No response.
idk about you guys but I've always operated under the assumption that VPNs were compromised a long time ago, hence if I used one to buy my monthly kilo of poppy straw from the Ukraine and then got my door kicked in by Homeland Security it wouldn't come as too great a surprise
not panicking, just advocating people use their voice. which they can every fours years, if not more often, but fail to. though it curious how you think it will fail in the house whereas the article believes it will pass w/o much effort.
Even if I was ok with it, if they want to sell my data then I want my cut.
Time for a VPN.
Status
Not open for further replies.
You have insufficient privileges to reply here.
Related Threads
?
?
?
?
?
Ask a question
Ask a question
Overclock.net
27.8M posts
541.2K members
Since 2004
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!