FTC: ISPs are Spying on You. ISPs: Deal With It.

securityboulevard.com – 2021-10-25 18:44:05 – Source link

Your internet service provider snoops on your browsing habits, records them and sells you—the product—to the highest bidder. So says the Federal Trade Commission (FTC) in a new report.

Are you surprised? Did you really think your ISP has your best interests at heart? This is the same company that overcharges you for a slow, unreliable service. And it barely competes for your business, because there’s no alternative in your market.

DevOps Experience

Privacy is dead. In today’s SB Blogwatch, we mourn its passing.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Animated postcards.

Ghost of Privacy

What’s the craic? Tonya Riley reports—“Internet providers fail to inform Americans about how they use sensitive data for advertising”:

Difficult for consumers to opt out
Internet service providers fail to disclose to consumers how they use sensitive data, obscure privacy practices and make it difficult to opt-out of collection, according to?…?the Federal Trade Commission. [It] comes as the agency weighs pursuing a privacy rule-making process as Congress dithers on passing a federal privacy law.

The key takeaways offer a scathing view of the industry’s privacy practices as a whole. … Common collection practices across many of the ISPs included gathering data that wasn’t necessary to provide internet services, as well as using web browsing data to serve up specific advertisements. … Numerous ISPs also shared real-time location data with third parties, allowing third parties to garner sensitive details about an individual’s life, such as if they visit a rehab or where their children go to daycare.

Crucially, FTC staff found that ISPs made it both difficult for consumers to opt out of data collection [and] to find out what ISPs had collected on them. FTC Chair Lina Khan said that the report raised the need to consider “a new paradigm” when it comes to how consumers can consent to data collection.

Feeling sick yet? Karl Bode’s well—“Internet Service Providers Collect, Sell Horrifying Amount of Sensitive Data”:

Coalition of lobbying opposition
Over the last few years, the justified fixation on the bad behavior of Google, Amazon, Facebook and other Silicon Valley giants has let the abuses of the telecom sector fly under the radar. But?…?when it comes to consumer privacy, broadband providers are every bit as terrible as you thought they were.

Six unnamed broadband ISPs?…?routinely collect an ocean of consumer location, browsing, and behavioral data. They then share this data with dodgy middlemen via elaborate business arrangements that often aren’t adequately disclosed. … ISPs often [proclaim] to provide users with a wide variety of opt out options but these choices are often “illusory.”

Because ISPs have access to the entirety of the data that flows across the internet and your home network, they often have access to even more data than what’s typically collected by large technology companies, ad networks, and app makers. … ISPs have even developed tracking systems that embed each packet a user sends over the internet with an individual identifier, allowing monitoring of user behavior in granular detail.

Efforts to rein in broadband privacy abuses?…?are also often quickly dismantled by?…?a cross-industry coalition of lobbying opposition. … While the FTC voted 4-0 to approve and issue [the] report?…?actually doing something to rein in the industry’s bad behavior will prove to be another issue entirely.

Aye, there’s the rub. elsergiovolador sees a more sinister side:

Various agencies
Here we see collusion in a broad daylight. The goal is to communicate to people that they are being under surveillance, little by little until people become indifferent.

For average citizens, such surveillance won’t change their life in any bit. Getting screwed by getting wrongly flagged for something of course will happen to some, but the majority of the population thinks, “There is no smoke without fire.”

After several years, maybe a decade of such theatre?…?companies will [claim] it “always has been this way and there was no public outrage.” Various agencies of course will have taps to all this data and there will be no interest in changing that either.

I’m shocked—SHOCKED! But u/ZombieJesusaves is not one bit shocked:

Vile putrid garbage
They can see every single website you have visited and every unencrypted file you download. … We have absolutely zero—and I mean zero—privacy online.

They sell this information along with who you are from a demographic perspective to other parties to use for market analysis and research, maybe even direct marketing. Most of the data sold is aggregated—i.e., not personally identifiable—but the ISP definitely has it all tied directly to you, your name, your address, your phone number.

You should operate with absolute knowledge and certainty that every single online activity you perform from the benign, to the perverse, to the explicitly illegal, is all tracked and recorded, cataloged and stored. … I honestly feel sorry for them considering the amount of vile putrid garbage that they have stored in their servers just related to me.

Not just the web, either. This Anonymous Coward fills in a blank:

They snoop your email, too. … A lot of ISPs also run your outgoing mail through transparent proxies?…?to scan your outgoing email “for your safety,” erhm for scumbag marketing purposes.

So what should ISPs do? TaabuTheCat says it’s simple:

This isn’t hard, and it’s not nuanced. … Sign up for any service, app. etc with data collection capabilities and you are immediately presented a list the first time [of] what we collect [and] what we do with it:

  • Your viewing habits. We sell that to advertisers and use it to insert custom ads. …
  • Your race. We “share” that so others can discriminate against you. …
  • Your location. We sell that so marketers, your local divorce attorney and anyone else willing to pay can stalk you. …
  • Your buying habits. We use that to figure out how much all of your other data is worth.

Take a broader view. Here’s u/KDamage:

In some way, we’re getting that cut in all the free internet services (social media?…?Google search, Maps?…?YouTube streaming, etc.). … Not advocating data collection here, just reminding how these services we use daily are funded.

Sounds like a job for a VPN? Luckily, khchung is here to burst your bubble:

Does not sound like a winning approach
You mistakenly assumed that VPN providers would collect less of your data than your ISP.
Guess which one is more regulated—ISP or VPN providers?
Guess which one costs more to startup from scratch? …
Guess which one is easier for shady companies to startup and run? …
Guess which one is easier for the [feds] to use as a front to collect data?

Letting your data be collected by a less regulated and lower barrier-to-startup company does not sound like a winning approach for privacy.

Never mind, just become familiar with arcane geek gobbledygook. LinuxBender can help:

Should work from your PiHole
In this particular case?…?route your web traffic out of a VM or rented server. … If using an open source VPN like tinc that does user-space dynamic mesh routing you can even route out of a different node than the one you are talking to making correlation attacks less easy. This can also be done with multiple ssh forwarding tunnels. SSH tunnels should work from your PiHole.

And Finally:

Guess where Justin went on vacation

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Vadim Bogulov (via Unsplash)

Source link

Add a Comment