In my home, Comcast business uses IPv6. So far, no VPN supports this, and I haven't found proper answers on how to handle this?
I've heard I can just "disable IPv6" on my Mac, but I don't know the full implications of this. If anyone has any input I'd appreciate this, because then I would use a VPN all the time.
EDIT Sorry I meant to type VPN not VPS, stupid typo.
There's no secrecy, there's no product yet. I just already operate a VPN for my own use, and could easily do so for others. Maybe a product would come out of it, maybe not.
I don't have any way to prove I'm not logging your traffic, but I am a big believer in privacy and promise not to. If you don't trust me, you don't have to use it.
According to the Supreme Court you don't have any expectation of privacy in information given to a third party so whether the VPN is in the US or not does not matter.
What I'd really like is a vpn that gives me an ipv4 address and an ipv6/64 so I can have my router do the vpn and route my whole network through a vpn by only configuring one computer.
If you're on Comcast business, there's no real implication on turning off IPv6.
Any sites you use that are exclusively available only via IPv6 will stop working, but due to slow adoption of IPv6, that list of exceptions is quite small. IPv6 adoption is big in China, but even then the major services themselves are available over IPv4. (Weibo.com doesn't even advertise an IPv6 AAAA DNS record, so the things I read about IPv6 adoption in China may be overstated.)
There are, of course, exceptions. There are a number of intentionally ipv6-only test sites like https://ipv6.google.com that won't work. Things like Google.com which are available over both IPv4 and IPv6 will degrade gracefully if you turn off IPv6 on your mac, and just connect over IPv4.
The only thing is, I shouldn't have to pay for a VPN to continue enjoying some measure of privacy when I'm paying for the ISP's service. This is just some MBA's "great idea" to "leverage previously untapped revenue sources" rather than a real need by struggling firms grasping at any life-line.
It's disgusting, and I'm disgusted (_yet again_) by the mercenary Republican Party. They are declaring war on me and my loved ones and the vast majority of our fellow Americans and anyone else unfortunate to have to use an internet connection in the US (and live under the rest of their insane policies).
For the record, I signed up for a personal VPN two weeks ago because this anti-consumer outcome was assured with the current party in power in the US.
I am very happy with f secure freedome. Good speeds (mostly able to give me at least 30-40 megabit) and reputable company that provides decent support. I have been a customer for a few years.
I found this comparison matrix[1] which provided me the info I needed to identify a few services to compare. I'm really just looking to keep my ISP from snooping on my traffic, so my criteria are pretty limited and I just wanted something quick. I don't plan to watch Netflix with it for example, which might have pushed me to a service that would allow me to select specific servers for traffic egress.
I also went with Private Internet Access, but I'm not sure what you mean by
>I don't plan to watch Netflix with it for example, which might have pushed me to a service that would allow me to select specific servers for traffic egress.
PIA has servers in many different countries that you could switch to, does that not that fulfill this?
> It's disgusting, and I'm disgusted (_yet again_) by the mercenary Republican Party
Stop this BS. The democratic party has done pretty much similar bad things that violate our privacy. Are you just good at selectively ignoring things? This is really the fact that every US govt is not for personal data privacy. You have to just accept it (if you are an american).
On this specific issue, it was the Obama FCC that made sure that ISPs couldn't sell this data, and it's the republican congress & president that rolled it back. So it's a pretty fair issue to point this difference out with.
It's also a good concrete issue to use in understanding that while arguments like "Democrats Do Bad Stuff Too So IDK Apathy" may be persuasive to some people in justifying not voting, it's ultimately not true. If this issue matters to you, there was a ballot box solution to preventing it. Not enough people used it.
While I'm usually all for bashing both sides, does it really apply in this case? The bill in question repeals rules set out by the FCC under the Obama administration. Those rules were a proactive measure that increased privacy from ISP monopoly overreach.
If this recent attack on privacy is something both sides support (as you seem to claim), why did the Obama administration set out those rules? And why did the Democrats in Congress not vote for this repeal?
Were? Obama's rules affected by this legislation wouldn't have taken effect until next December at the earliest. It was an Obama administration screwup that opened this privacy hole in 2015, and it's been there ever since. Why is the outrage only popping up now? The ISPs have almost 2 years' worth of data already.
Exactly! While both parties do bad things and are undermining this country, it helps nobody to blame both parties for something specific that one party is doing without the support of the other. The vote was along party lines and in this case, one is right and one is wrong.
Why not? for every other service you use online this measure of privacy doesn't exist and no one seemed to care about it. When services came along that advertised a measure of privacy they were not inundated with business turning them into titans of industry.
If when given the option you don't use services that keep your data private, why is this a big deal to you when yet another service you use sells your data? If you want privacy you either need to shop for services that provider it, or like this article states, take measure to ensure some level of privacy.
Ah, yes, president obama, advocate of the privacy rights of individuals world-wide.
He expanded the powers of the NSA because he could, or had to, or whatever. I struggle to imagine that he then turned around and used the FCC to push meaningful reform along for his citizens.
I think the burden of proof is on you to show that his track record with government spying should be ignored when thinking about his track record with FCC/consumer protections.
Both of those are consistent in one respect, that they both expand executive power. A group with power consistently seeks to increase that power. The FCC wants power, the NSA wants power.
Telecoms give about 6% more to Democrats than Republicans[0] (and more than 20% more in 2010, in fact they've received just as much funding or more than republicans ever since Obama was elected). Voting against this bill because of some personal stand seems like a weird time to suddenly find a moral compass. The Democrats didn't vote yes because they didn't have to, so they get a chance to grandstand and rack up brownie points with their base while their bosses still get what they want. It's a win/win for everyone!
On actually contentious issues, like CISPA and the like, the votes split almost exactly down donation lines as opposed to party lines.
Regardless, even if the split is supposedly true what do you think is the real problem? The current republican gang or the influence and power the rich wield? Even if you replaced every single politician you hated with the wave of a magic wand the powers that be would still find ways to influence the new group.
We should tackle the systemic problems first as a whole nation, then hopefully the issue of removing those that wish themselves our master will be much easier.
Not a single Democrat voted for the bill. The Democrats certainly have their own problems, but this "both sides are the same" shtick is really getting old when they very clearly aren't.
But combined, their views represent only a narrow slice of the political spectrum.
Both parties have their own flavor of expanding the powers of the government, while no one in office is advocating reduction of government power.
Sure, the republicans occasionally give lip service to the idea, but they're all the same as the dems.
I guess I'm a bit fed up being told "pick a party that represents you" and finding absolutely zero options who don't make me feel dirty or stupid.
I maintain that both parties are the same, neither is capable of delivering real change. (A perfect example is the last US presidential election. Trump and Hillary? FFS.)
>Both parties have their own flavor of expanding the powers of the government, while no one in office is advocating reduction of government power.
Not everyone is interested in across-the-board reduction of government power. I understand it appears to be your view, but you need to be careful to treat that as another political position, not as a global constant.
>I maintain that both parties are the same, neither is capable of delivering real change
I think it's a naive fallacy to have the base goal being some nebulous thing called "real change". When things like Obamacare and gay marriage and raising the minimum wage and protecting the environment, like Obama did and Clinton would have worked for, can't be called "real change" because they aren't the perfect solution some liberals/libertarians would want belies a privilege in not being a member of the classes that these things really affect, which coincidentally are not classes often represented well in the tech industry or on tech boards like this one.
I am too quick to elevate my political _opinion_ to that of fact, and in doing so, commit the exact same mistake that drives me bonkers when other people do it.
Also, my own use of "real change", as soon as I read your comment, made me hang my head in shame. "Real Change(TM)" is just a stand in for "something that I think should be done, and until it's done, nothing else matters!"
It's related, I suspect, to the "no true scotsman" fallacy.
So, you're right. I worded that entire comment poorly.
This is one of the reasons I enjoy dipping into the HN comments now and again - I sometimes get really high-value feedback like this.
So thank you, /u/mejari, for taking the time to comment what you did. It's a good gift. :)
> Not everyone is interested in across-the-board reduction of government power. I understand it appears to be your view, but you need to be careful to treat that as another political position, not as a global constant.
It kinda depends on what you mean by "across-the-board reduction of government power." I do believe that everyone is interested in peace. And justice. And creativity. And hope. And being able to relax and do what they want.
And even if government isn't in opposition to these things in every case, empire certainly is. And people recognize that.
So yes, deprecating the American Empire is something that enjoys very broad support; certain aspects enjoy consensus.
> deprecating the American Empire is something that enjoys very broad support
While 'No Empire' seems to be a Good Thing, in general, if the question was instead, "Which country should lead the global Empire if not America?" I wonder what the survey results would be.
> ...both parties are different. But combined, their views represent only a narrow slice of the political spectrum.
That is (by way of the Median Voter Theorem) a consequence of the two-party system, which is (by way of Duverger's law) a consequence of winner-takes-all or first-past-the-post (and not proportional) voting, I'd say.
Yet people will cry "whataboutism" while ignoring the fact that just because no D's voted for this, it's just one of many pendulums in which they both take fucking turns doing the same thing. On that next peice of legislation, all D's vote yay and no R's, so it's obviously the D's fault!
Congress is completely corrupt. They don't write legislation, k-street does. They don't read legislation they pass. When confronted, they waffle about benefits to corporations being beneficial to their constituents. Almost all are in violation of their oath.
After much deliberation I think reprent.us has it right, the only way for us to take of this issue is for a new rallying cry to elect third-parties and indepedents to take away the majorities of both parties. (which is also how we get an independent or third-party elected president by taking the 270 votes away from both parties and the vote goes to the house).
We need to stop letting people push the farcicle duverger's law as if it's irrefutable fact, because it's not.
Really? Because every Republican voted for this and every Dem voted against. I get so sick of the false equivalency BS people spout off to sound smart and edgy.
And yet when an opportunity for real change happens, both parties dig in and fight back.
It is in their interests for us to think there is meaningful difference between them, and I'm confident that many dems and republicans do earnestly believe there are differences between them and the other party.
But the differences are _so small_.
If one party wants to pass legislation that does X, and the other wants legislation that does Y, there is _no one_ advocating for all the myriad unspoken options.
My wife used to be a kindergarten teacher. One of her classroom management strategies was to try to give her students options. She'd say "would you like to do X or Y right now?"
Of course, she only gave options that she already approved.
So, for the "powers that be", the real power is deciding what bills go up for a vote. What happens in the actual vote is trivial compared to the power that comes with killing a bill before it hits the floor, or passing other legislation in omnibus spending bills.
I maintain that they work together to screw us all over for their own benefit, and to keep the corporate spigot flowing.
This vote was completely Republican, it was ALL GOP. You really should read about it if you honestly don't know this. However, it's of my opinion that you are knowingly spreading false information.
Wrong. This argument is intellectually lazy, and serves only to let you feel smugly superior to others. I suggest that such comments be flagged in the future.
"That may be the case, but that’s an easily solvable problem."
So, how is that problem solved? I can't see what VPN companies are really doing inside their stack. They might very well be logging everything and I have no way to find out other than to "trust them" - so there's no real market mechanism to choose a VPN provider which doesn't log anything.
I suppose it could be in the contract.. so does VPN contracts have a clause like that, and how is it enforced?
A VPS provider would be very unlikely to sell that sort of information. If they were caught capturing traffic, I doubt many businesses would want to use their services.
Some of the tiny VPS providers accept $12-20 up front for a year of service and might disappear before the year is out, but it isn't a big deal because they are so cheap.
I imagine they wouldn't know how to monetize the data, but if the market matures, there could easily be the same people behind buying data from Comcast-sized ISPs, creating tiny VPS and VPN providers that don't get any meaningful scrutiny in practice.
If you're serious about your privacy, the first thing you'd want to do would be to use a reputable VPS provider. $60/yr for a DigitalOcean droplet isn't terribly expensive.
A VPN that sells your information and eventually, inevitably is caught, will lose their entire business. Meanwhile they can make a perfectly good profit just... providing the desired service. There are also people who take the time to investigate these various services, and you can do some work to find one that meets standards you deem to be acceptable.
There isn't going to be a perfect solution here, but the issues with VPN's are really not the issues you raise. My concerns are: Google and other major sites endlessly pestering VPN users with CAPTCHA requests, or the government actually making them illegal. Your concerns are largely answered by researching which product you're willing to buy, not unlike all other similar decisions in life.
This argument, applied to any industry, is so tired by now.
Yes, a VPN company caught selling info would crash and burn. The invisible hand would ensure this, etc etc. But only if they got caught, and even then it's not like there would be any actual legal punishment (outside of a lawsuit if they were contractually obligated to not sell the info, I guess). And if selling that info meant double the profits, I doubt the owners who were willing to lie to their customers would feel all that bad or embarrassed. They'd probably also be shameless enough to re-brand.
And all that is ignoring the fact that with VPNs privacy becomes a privilege only to people who can a.) afford it and b.) understand how to use it. And finding a VPN that won't sell your info on the side requires the time and know-how to research it, not to mention even considering that a VPN might sell your info requires interacting with news orgs or people who might bring this concept up.
Chalk this up as another "HN readers don't realize most people don't read HN", color me surprised.
Except that those "most people" are the ones who are directly responsible for electing the current crop of leaders who have put us in this position, so I'm running a bit low on universal love and compassion, sue me. Moreover this is, as others have pointed out, not a new loss of privacy, just a new monetization of the existing loss of privacy.
So yes, there are better solutions involving the law, but unfortunately the innocent lambs you're defending are the ones calling us nerds and buying IoT junk!
Those "most people" also elected the bunch that put the law there in the first place. But it wasn't a campaign issue for either side, so it seems silly to bring up. This is a consumer protection / rights issue and the best way to handle it is clearly through policy, the free market won't do well for the vast majority of people especially in the ISP industry.
Their competitors that sell info will be cheaper, so there's a good chance that the trustworthy ones will be pushed out of business. Then you're left with only cheaters, but you won't know that at the time. You'll only find out that everyone is cheating long after your info has been sold.
Someone could make a program that inspects the packets on your local network. If they're encrypted then the connection is safe. They could then start a register of VPNs and rate them.
This is just the start though, you'd also have to guard against common keys and other various gotchas.
Also, another idea is VPN providers might start seeing it as a business opportunity to provide robust, secure connections and advertise how they work. These claims could easily be verified.
Just a start, I'm not an expert in networking, but it seems fairly doable. Obviously MITM is always possible if you're not connecting via ssl.
Also, this could be the impetus for further decentralizing the internet, although who knows how far that's out. The centralization of the internet might have taken things too far and killed the golden goose by abusing their position, incentivizing an acceleration of full decentralization, like with IPFS and their ilk.
I don't understand. The VPN connection is decrypted at some point when it goes to public internet, and that server is in control of the VPN provider (or so I've thought). They could log the requests at that point. Even if you only use HTTPS, the VPN provider can at least log what servers you're making requests to, and DNS requests too I suppose, even if they can't figure out what HTTP route you're requesting.
At least until they overturn the net neutrality rules, too, and then the ISPs will be able to throttle VPN services to make them unusable. Or perhaps they'll ask them to pay more for the "fast line", and VPNs may get too expensive for most people.
Technical solutions are the way to solve this sort of problem without policy. A protocol that obfuscates your traffic, along with an unpredictable IP for the provider, would make the DPI required to throttle VPN connections very difficult and expensive.
Everybody is right. It doesn't have to be either-or.
You can select a paid VPN service that helps protect you from specific adversaries. You can roll your own VPN on your own VPS that helps protect you in some use cases.
You can, and should, advocate for good privacy policy.
This article is saying, basically, that the tendency of ISPs to try to monetize user data is a natural consequence of capitalism, and trying to curb that tendency with legislation is ineffectual compared to the real solutions (fight monopolies, and everyone use a VPN).
I don't buy it. Roughly the same argument could be made about virtually any regulation. "Corporations are incentivized to pollute, so there's no point trying to stop them. Buy a water filter." "People will always try to get heroin, so there's no point in restricting it. Get some naloxone." Damn near every regulation is an attempt to counteract some profit-motivated tendency which is the unfortunate consequence of capitalism. And as regulations go, user data is a lot easier to regulate than drugs or pollution.
"Just get a VPN" might be good advice for individuals, but it is emphatically not the society-wide solution to data privacy. We can and should continue to fight for good legislation that protects us.
I think you missed the authors real point. The selling of data isn't the policy you need to fight. The monopoly power of ISP's is the problem you must push back on. The author has rightly pointed out that regulating your way to your goal is not a solution. He is advocating for a free market solution which is much more robust then one that hinges on the right people being in power for all eternity.
Completely agree. Monopolies are the problem. Capitalism is a delicate system and, unregulated, it leads to monopolies. That's why capitalism needs regulation -- not to pick winners, but to ensure healthy competition. This is something Republicans seem to be willfully obtuse about. Capitalism without regulation is like a football game without referees.
Yes, ISP monopolies are still a problem w.r.t. price and quality of service. But VPNs stop the ability of ISPs to snoop on and sell your data, which -- in a perfect world with ISP competition -- market forces would prevent. So VPNs can take the place of market forces for one of the bad things that arise with ISP monopolies, namely the one that the House just enabled yesterday.
VPNs do that so long as ISPs don't inhibit, block, deprioritize, or charge extra for traffic that isn't over known protocols that they can mine for salable data; which, given that the same political actors that oppose the FCCs Privacy Report and Order also oppose the Open Internet Report and Order that prohibits that action means that VPNs may not long be an effective mitigation of the policy problem, because of an intimately linked policy problem.
There are a lot of factors leading to the current lack of competition in most markets, but I'm not convinced that a monopoly is an entirely natural market condition in this instance. If it were, providers wouldn't demand franchise agreements before entering markets.
Government regulation contributes much to the cost of investing in infrastructure and starting an ISP business in most areas. I think it would be interesting to see what would happen if that cost could be brought down.
This is I think where the voting public gets played by both sides. On the "free market" side people are told all regulation is bad, just let the market operate. Which ignores that some regulation is needed to keep a level playing field. Then on the other side we are told we need to strictly regulate to control for safety and shared resources, but both sides just impose regulation that benefit established firms and sell out consumers.
> ... but both sides just impose regulation that benefit established firms and sell out consumers.
Can't agree more. Corporatist rent-seeking is the fundamental problem with our political economy and/or society. But both sides keep talking past each other (as they are incentivized to do).
Tangent, thanks. This is the phrase I was trying to conjure to mind earlier today in a discussion about the very topic of this thread. Ended up taking a long, exhaustive and context-laden road to get to my point; after which I had already lost an audience but so it goes.
> Which ignores that some regulation is needed to keep a level playing field.
Think about the original purpose of the FCC. Some regulation is required to make the services work at all. With a completely deregulated system, your microwave would disrupt cell-phone service for blocks. Your computer power supply might do the same thing. And Verizon phones would probably intentionally interfere with AT&T phones.
Low-frequency spectrum is a public resource, full stop.
Regulations destroy competition. Sometimes that's a sacrifice you want to make - do you want an unregulated drug market or would you reduce the number participants with burdensome regulations? - but I don't think you can regulate your way to competition. Or to lower prices.
I'm going to object to the "more or less what the tool user intends it to". Our economy and political system is chockfull with examples of unintended consequences. Both majority parties are guilting of this.
It's worth pointing out that this is nonsense. In virtually every other developed country in the world regulation has actually increased competition between ISPs. The result has been internet service that is dramatically better, faster and cheaper than what is available to most Americans. It's worth taking a very close look at France[1] and South Korea[2] in particular.
Or you can continue to believe complete fucking nonsense like "regulations destroy competition" and plod ahead with crappy internet while the few monopoly ISPs that exist hoover up virtually all your personal data.
It is the regulation that created the monopolies. Local cable companies and telcos have legal monopolies in many areas by way of franchise agreements with municipalities.
Monopolies don't last in a free market. Someone hungrier will eventually come in and undercut the incumbent.
That was most certainly not the author's main point; he only mentioned it briefly, and he didn't mention a way to fight monopolies. To be sure, when the "Make Network Monopolies Not Exist Somehow Act of 20xx" is up for a vote, I'll probably be for it. But that's not what this article is about.
I depend on many things that hinge on the right people being in power for all eternity, and so do you.
We've seen what the wrong people in power do. Mussolini, Stalin and his gulags, Pol Pot and his genocides, Kim Jong-il, Slobodan Milošević. This isn't a statement about the current US President, but we depend on having right (enough) people in power in a lot more ways than this one policy decision.
So, on the one hand we can have effective legislation right now over reasonably well-defined privacy concerns.
On the other hand, we can work for a decade to introduce regulation over the hard-to-define concept of an ISP monopoly, and then spend more decades going through the inevitable break-up and re-conglomeration of these entities under different forms, like we had with the telcos through the last half of the 20th century. In 50 years we may have a landscape that resembles that of the current cellular carriers: three or four large players in most metro areas, fewer rural options, and little real choice among them in terms of QoS or T&C. I suppose this would represent a slight improvement over the status quo?
This is the problem with so many free-market proposals, they would have you off tilting at windmills instead of directly addressing a fairly straightforward problem.
> [...] stop relying on governments for self-protection that you can handle yourself. If it’s not the current administration that will repeal our protections, it will be the next one. And what then?
The whole point of a democratic government is to protect the interest of the majority of their citizens, and the selling of personal personal data is clearly against the interest of most Americans. In a democracy the tool we have to protect our interests is the law. Unfortunately this tool sometimes is also used by small but powerful actors for their own purposes, colliding with the will of the majority. That's exactly when we have to fight back to keep the government democratic.
VPNs can be used as a temporary workaround by some people, but it's definitively not a good permanent fix for this constant invasion of privacy that many corporations in the US are so willing to attain. Even if you think you have a perfect technical solution (GNUnet? Tor? I2P?) the next administration can simply say that solution is unlawful, and what then? The fact is, sometimes we have to demand our government to do the right thing, and this now is one of those times.
It's evident from previous examples that it's a significant increment from legalizing a bad practice, that is anyway going to be done by law enforcement and other government organs, and by stealth even if it was illegal, to making software or protocols contraband.
This argument is the central one in the article, and it's really weird, because it could be seemingly applied to any government regulation, or, indeed, any useful service provided by the government.
Once you notice that, the whole piece is basically just ancap apologetics.
You are right indeed if we abandon the law as a tool to protect ourselves and decide to go it alone not only will this surely leave the confused majority in the dust unprotected it provides no protection against future encroachment. Whats to stop them from banning consumer vpns or requiring registration and some sort of key escrow system whereby the key to your vpn is held by the government, your isp, and eventually your competitors/hackers after they steal it.
> The whole point of a democratic government is to protect the interest of the majority of their citizens
Is this the goal we strive for? There are lots of things that we don't want that could be largely couched in the language of "being in the interest of a majority of citizens". For example: Aggressive policing against petty theft, stop and frisk, prohibiting sales of off label unpackaged cigarettes; antiterrorism laws with intrusive cavity searches at every airport; fugitive slave laws...
There won't be a free market solution to land-based ISPs. After the government broke the telcos up, they just consolidated again. Now we have less than half-dozen large ISPs, and states are trying to ban local governments from creating co-ops! Maybe one or two entrants will come in (google Fiber, who stopped expanding), and only then, it will be from GOVERNMENT enforcing free use of easements.
Certain industries have a tendency to be monopolistic, or else have incredibly high barriers to entry. ISPs should be regulated to protect customer privacy. This is the equivalent of USPS, the public library, and the phone company selling your data to whoever wants it, and it's wrong.
While not 100% 'free market,' I think that turning things like last mile lines, etc in to a public utility (allowing many ISPs to hook into them), and abolishing local government-granted monopolies is the real solution here. While abolishing the government-grants of monopoly status is unquestionably free-market, turning the last-mile lines into a public utility is slightly less so. But this move would effectively force the playing field to level a bit.
If you wanted to make it slightly less "government-y," you could just establish rules that those running the last-mile lines, and those providing the connectivity must be separate entities (and not connected to each other like some "spin it off as a separate division of Comcast but they are still parts of / owned by the same company"-type deal) so that everyone gets a fair shake.
[ That said, I'm not in favour of letting the privacy war play out in the market, because I'm not 100% sure that the market wouldn't just settle into a state where everyone was doing something I don't like to some extent. ]
It's funny that you (and many others) say this because we had this from 1996 to roughly 2004. Unbundled last element, or linesharing, was a requirement of the Telecommunications Act of 1996.
Telcos loathed it and pitched many mighty fits and threw every (physical and metaphorical) wrench they could in front of their brand new competitors. But it worked, in spite of the problems[0]. The absolute best I ever had was in Southwestern Bell territory. Over a single copper circuit I could choose from TEN different ISPs. Speakeasy, Megapath, Covad Direct, August Net, and a handful more that I can't remember. In 2002, I paid Speakeasy $160/month for 10mbps symmetrical with 8 real IP addresses and no port blocking.
President Bush was elected and the telcos' complaints were given new life at the new FCC. The unbundling requirements were swiftly removed. Now, we have this.
0 - And don't get me wrong, the problems were legion. UNE-P didn't apply to cable providers nor the new-ish fiber optic last mile buildouts. Only ILECs were subject to it so competitive providers who had built physical plants got to skate by. And there were some legitimate complaints over the "profit margin" calculation (in quotes because what's a margin in the telco business, really?). But, damn, it did work for a brief time...
> It's funny that you (and many others) say this because we had this from 1996 to roughly 2004.
Oh, I know that. The US also had more "competition" in the ISP space nationally because all of the regional telephone companies and cable tv providers hadn't yet consolidated into the mega-corps we have now.
> Telcos loathed it and pitched many mighty fits and threw every (physical and metaphorical) wrench they could in front of their brand new competitors.
Separating (e.g.) AT&T from their last mile infrastructure (and placing barriers to them re-obtaining it) would go some of the way to preventing this. Someone operating the last mile infrastructure that is not also a direct competitor to their customers[1]. It's a conflict of interest that no law or regulation is going to properly resolve.
[edit: I should clarify this. No law or regulation is going to properly resolve the situation unless we remove the incentives for the last mile operator to find loopholes to screw their customers.]
[1] the ISPs connecting to people over the last mile infrastructure
The big problem with that unbundling scheme is that it made DSL less profitable than cable internet,which didn't have to be unbundled (because they aren't ILECs).
This is why in the USA the cable companies are the big ISP leaders and the telecoms are second fiddle.
Verizon only built Fios when they got clearance that they wouldn't have to share it.
The unbundling is a great way to make sure that legacy systems are fairly priced. It's a bad way build new systems.
It's worth pointing out that Verizon has abandoned Fios expansion. Most of their build-out was to low hanging fruit like new residential communities where they laid fiber instead of copper.
So there's no simple cause+effect here related to unbundling. And even with unbundling it's not like a company loses money; they just lose monopoly rents but are guaranteed some profit whether or not they have to share.
Really the issue is about opportunity cost and financing: Verizon would rather invest in endeavors with a higher return than what they'd get with copper or even fiber. That higher return is wireless.
But there's so much cash available, or at least there has been for the past 10 years, that theoretically somebody could have stepped in to invest in these projects. Google was tentatively one of those people--initially it was enough for them to break even--but it looks like the only entity capable of committing for the long haul will be a non-profit or government entity. More so as the era of freakishly low capital costs slowly comes to an end.
> The big problem with that unbundling scheme is that it made DSL less profitable than cable internet,which didn't have to be unbundled (because they aren't ILECs).
Don't forget the fact that it's 2017, and DSL sucks. 40mbit down and 10mbit up at best is what DSL providers tend to offer. DSL just isn't viable compared to cable.
I don't see why we should give up on breaking up monopolies/oligopolies just because they have a tendency to consolidate again. These solutions aren't meant to be permanent. They are meant to be regularly applied every couple of generations.
I disagree. I mean you make a good point, the monopoly power of ISPs is a problem. But even if you solve that, that doesn't mean you solve the privacy issue. You can have dozens of ISPs and even if half of them sell your data that's still a problem. And it simply won't be enough of a factor for the free market to correct.
And what if ISPs start banning VPNs in their TOS? What's the market based solution to that?
It seems odd to reject regulating against certain practices and reject the breakup of monopolies as well. Without a market that works properly many more specific practices are going to have to be banned. That's not an ideal situation. Monopolies are indeed the main problem here.
Also, VPNs seem to be under attack from governments, so I wouldn't rely that option being available forever either.
Right, and once everyone is used to life without internet let's go all the way back to a hunter-gatherer life so we're safe from extortionist practices made possible by other entrenched oligopolies that defeat market mechanisms.
I have to wonder why government regulation is to be avoided at all cost when it comes to consumer protection whilst the very existence of corporations, their property rights and hence markets themselves is owed entirely to government regulation.
I am very much in favor of using market mechanisms to solve as many problems as we can, because if and when markets work they solve a very complex coordination problem that is extremely hard to replace with planning. But to claim that markets can solve every problem including their own dysfunction is just logically nonsensical.
> The author has rightly pointed out that regulating your way to your goal is not a solution. He is advocating for a free market solution which is much more robust then one that hinges on the right people being in power for all eternity.
Then the author should go all out and suggest that the federal government completely deregulate all the spectrum from, say, 500 MHz to 1 GHz. We'll have lots of wireless providers, and none of them will work well because they'll all interfere with each other.
There's a variant that might work, though: force the licensees to operate on a wholesale basis only. No Internet, no voice, no SMS, no phone number, no streaming NFL games, purely connectivity to a wholesale backend provider that can provide whatever services they like using whatever peering, transit, CDN, etc relationships they want.
As a practical matter, it would probably work better to let the spectrum licensees provide voice and SMS, just because the protocols are so absurdly complicated that it might be very hard to get it to work wholesale.
(As an aside, public utility regulators could do the same thing for wired services. Let one provider supply every property in an area with a 10Gbps point-to-point fiber link to a nearby datacenter. Anyone else can lease space in the data center and cross-connect to residents' fibers.)
It's not only a free-market solution, it's also the solution that doesn't involve giving your ISP plaintext data and trusting them to do nothing wrong with it because the government said so.
> regulating your way to your goal is not a solution
Why not? Author didnt say much at all about this. What else is regulation for if not to keep certain things in check better than the free market/people/whatever can do?
Right. People forget that there is no such thing as a truly "free" market. Literally everything we consider a "market" has regulations, from contract enforcement to currency standardization to abolishing violence and theft as market forces.
This, and the original article, makes the assumption that your ISP continues to transfer your VPN encrypted bits with the same priority that it transfers your HTTP and HTTPS bits.
There's nothing that says this will be the case. It would be very simple to deprioritize VPN connections, and recommend an upgrade to their "business" ISP plan if you need your VPN connection prioritized.
They have no reason not to, and every reason to. Either way, they get more money out of your existing internet use. It would be a pyrrhic victory at best; they wouldn't be spying on you, but you're paying twice more for that "right".
Pure free market solutions are nearly always worthless by themselves there is always misaligned intensives in every transaction move complicated than selling a can of soup.
Where incentives are misaligned and/or the issue is a technical/complex and users are highly unlikely to vote with their dollars regulation is the only possible achieve success.
> He is advocating for a free market solution which is much more robust then one that hinges on the right people being in power for all eternity.
Unfortunately, in the real world, history teaches us that free markets will absolutely go to hell in a handbasket if the wrong people are in power even for a short time.
It's a lot easier to see many pollution problems and the harm often is more direct and quantifiable - with a privacy issue the harm is often abstract and harder to see.
I think privacy and pollution regulations can be good, but they need to be carefully tracked and aren't always effective.
The best solution for you is always to be a vigilant consumer. Something like this can be protected entirely by doing so. Pollution is harder to defend against. Using a VPN is a great strategy to mitigate these issues before they're allowed to happen to you.
I think what the author saying is incredibly valid and the pollution example doesn't exactly equate.
Ideally, you wouldn't rely on trust, i.e. Policy, you would rely on math. As far as we know, judging from the Wikileaks releases, encryption still works.
With pollution, it is a policy issue, because there's no mathematical way to prevent polluters. So we have to negotiate amongst lawmakers, regular people, and corporations.
I think what the author is saying here is that we shouldn't bet our privacy and safety on who is in charge, as we are always one flick of the pen away from losing those protections. I think this is especially the case when there is a mathematical solution to the problem, that doesn't require trust. Obviously, having math and policy would be an added bonus.
Pollution and privacy are just two examples of cases where we use regulatory laws to curb the natural tendency of for-profit corporations successfully. That the regulations are implemented differently isn't very relevant; they're both regulations that a) shouldn't be relied on according to the article's rationale, but b) have proven effective in the real world.
> I think what the author is saying here is that we shouldn't bet our privacy and safety on who is in charge, as we are always one flick of the pen away from losing those protections.
Yes, and what I'm saying is that the same is true of every other regulation, which is why it's not a compelling argument against this one. You may have noticed that the same Congress currently gutting privacy protections is also gutting air quality protections...
Sorry, I'm not sure I totally follow your thesis. I think what you're trying to say is that the right thing to do is for privacy to be protected by the legal system, right? Then I think you're analogy to support that is how we have regulations around pollution.
So, on this point I agree. We should live in a world where lawmakers protect privacy and the environment, and the fact that they don't is disappointing and a short term (hopefully not long term) failure of government.
So far we are in agreement. In addition to that, I think what I'm trying to add is that VPNs are absolutely a way to mitigate the need for lawmakers to do the right thing, a concept in the abstract we all agree on but in reality proves to be very difficult. I'm not sure you're disagreeing with that point or if you think they're mutually exclusive, maybe you can clarify.
To go with your analogy about water filters being a substitution for having protection for keeping water clean. No, of course I don't think it's an effective substitute, but I'm still going to filter my water in addition to demanding that adequate protection is put in place.
So hopefully we are in agreement on that point as well, as they're not mutually exclusive.
But the overall, larger point to be made is we should just always do what we can. So voting is one thing, among other avenues within the process of government, however I'm also going to use a VPN, because, damn it, it works.
One last thing I'd like to say from another comment that I wrote somewhere else in here is that hopefully this will be an impetus for full decentralization the internet further, because an ideal solution would be to make it logistically intractable to snoop. A distributed internet, similar to how it was originally envisioned.
We're not really disagreeing much. I think that VPNs are a fine and effective solution for the problem "I want to keep my data private and I'm willing to pay for it" but not for the problem "I think corporations selling peoples' private information is bad and we as a society should try to stop it." I don't think VPNs are a realistic solution to that, and I think regulation is, and I think the author of the article would disagree with both of those assertions.
I find the outrage rather interesting. Google and Facebook are basically everywhere sniffing as much data as they can. I actually don't mind if another party starts collecting the data as well. Go nuts.
Google is already toying with the idea of creating VPNs for consumers. In the case of the pixel it's legit because they allow you to opt-in to VPNing to google servers on untrusted WIFI connections. The irony is that now google has even more data on you.
Once your VPN exits, you can still get MitMed/injected on non-TLS resources, so what is the VPN really doing for you? The only thing the VPN does is control which party will spy on you.
You can easily avoid facebook by not registering there and blocking requests to their servers from other sites. Similarly with google, though you can't use Chrome and Android in that case.
There is no easy and free way to avoid your ISP spying on you.
Maybe I don't understand DNS well enough, but I assume all the tech sites that recommend everyone change their DNS servers to google's 8.8.8.8 or 8.8.4.4 understand that Google is heavily data mining and monetizing every lookup.
And the FCC has never attempted to regulate that level of privacy.
So they don't track personally-identifiable information directly; it's certainly possible you could de-anonymize someone from their dataset, but most of what they do track is on their end (what machine handled the request, how quickly, etc.)
The thing is, let's say Google reneged on their promises and started violating privacy on 8.8.8.8 - would it be up to the FCC to enforce that or the FTC to enforce it as fraudulent behavior?
Very good question. It could be handled similarly to the fiasco of google's street view cars 'hacking' poorly protected wireless routers. They got a pretty serious smack on the wrist for that.
We are all engineers and can understand the concept of a patch versus a refactor. Yes, a refactor may be harder, but there is never an excuse to rely indefinitely on a patch; that's how you get burned with technical debt.
The government needs to change to be more responsive to the people and not constantly sell them out at the flick of a pen. Yes, use a VPN! But don't buy the message that there isn't more that can be done. There is, and many people are working tirelessly to see it through. Don't ignore or devalue their efforts to make a better system for people.
I think the key difference is selling one person's internet history mostly only affects that person's privacy. The environment on the other hand is a common good, and any damage to it hurts everyone. Similarly, someone taking heroin doesn't only hurt themselves, they are likely to hurt people around them as well.
Buying water filters doesn't do anything to the polluting party. They can just keep polluting.
On the other hand, using a VPN makes your data worthless. It allows you to directly hit back at the companies trying to monetize your data. It's entirely different that just avoiding the problem.
Only techies will be setting up VPNs. What about the vast majority of everyone else who don't understand what is happening when they connect to the internet?
Considering the whole point of selling user data is that advertisers want to profile you, using a VPN just lets the ISPs tell the advertisers "this guy is a techie, send him ads for computer stuff".
I didn't say that privacy and pollution were similar in any way except that the line of reasoning presented in the article would apply to regulations policing both of them (and many others, and is hence over-broad).
Your comparison is nonsensical. Pollution is a violation of a shared resource, and can even be an aggression to someone's property. Even the most libertarian minded individual will make a case against it, see for instance Rothbard[1]. Selling user supplied data to advertisers is exactly what Google and Facebook do. The problem is that there is a monopoly in the ISP business. You can use Searx, Startpage, DDG, or other privacy-focused solutions instead of Google directly, and Facebook is really superfluous, if you don't want don't use it, or just create a fake profile. When it comes to ISPs you don't really have a choice if they all decide to turtle up and do the same (the freer the market the greater the incentive to one of them to turn or for another to start in business by answering to the demand for a more private browsing experience, even if locally at a certain city at first).
[1] "The eruption of Mt. St. Helens should have alerted everyone to the ever-present processes of natural pollution (...) In sum, no one has a right to clean air, but one does have a right to not have his air invaded by pollutants generated by an aggressor (...) such aggression may take the form of pollution of someone else's air, including his owned effective airspace, injury against his person, or a nuisance interfering with his possession or use of his land (...) this is the case, provided that (...) while visible pollutants or noxious odors are per se aggression, in the case of invisible and insensible pollutants the plaintiff must prove actual harm; the burden of proof of such aggression rests upon the plaintiff; the plaintiff must prove strict causality from the actions of the defendant to the victimization of the plaintiff; the plaintiff must prove such causality and aggression beyond a reasonable doubt; and there is no vicarious liability, but only liability for those who actually commit the deed." https://mises.org/library/law-property-rights-and-air-pollut...
Rothbard's approach to pollution in many cases does reduce down to "tough...buy a filter if you want clean air/water", due to his requirement that the plaintiff prove strict causality, and in the case of invisible pollutants prove actual harm.
When you find, for example, your crops damaged by acid rain, that acid rain can have been caused by pollutants releases hundreds or even thousands of miles away, from hundreds of sources.
Who do you sue? It's generally not going to be possible to prove that the pollution emitted by any particular source ended up in the rain that fell on your crops.
I didn't say pollution and privacy were identical, or even similar. My whole point was that the fact that the author's argument would apply to almost any type of regulation is proof that it's over-broad.
As far I am aware Google doesn't operates as a data broker ("We do not sell your personal information to anyone." - https://privacy.google.com/how-ads-work.html), so comparing what Google does with ISPs selling PII associated with traffic to any third-party is in my opinion, no offense, a bit absurd. Not trying to defend Google neither: I don't support the way they use user's data, which is why I use DuckDuckGo, but I don't think this comparison (which was used by the Republicans) is valid.
That just means that Google is vertically integrated the advertising value chain.
And while the law would probably let the ISPs sell your actual web history, in the past ISPs never went anywhere near that far. They more or less did what Facebook and Google do with their data.
You're absolutely right that a broad regulatory solution would be a good thing - but we shouldn't ignore a technical solution when it's available. By analogy, we have pretty good regulations about the contents of your home not being stolen. But you should still lock your doors when you leave.
The article didn't use the term, but it's basically arguing there are such things as natural monopolies, and that ISPs are examples of them.
Fighting monopolies is an argument for more aggressive application of competition law, to break up monopolies, and disallow anti-competitive conglomeration. But again the article doesn't bring up anti-trust.
The article also doesn't account for the fact that an ISP, without net neutrality regulation, can block or throttle or charge extra, for VPN usage.
Allow me to followup in support: I work for a private VPN company (that coincidentally used to be a dial-up ISP), and the owner/leadership is very active in lobbying state and federal legislatures to pass privacy-oriented legislation. In other words: someone who's worked for decades on both sides of the issue acknowledges that legislation is the best solution.
I am trying to understand here, what more information ISPs can get other than they have access now? Does this policy let them do man middle attack? Can they access my SSL internet data too?
Speaking about pollution, we should definitely create a way to pollute web traffic. When the enemy has heat-seeking technology, we have to start using chaff/ECM.
VPNs are a tool, but it's easier for users to install a plugin that pollutes their data than to enable VPN.
... wait, there's an incentive for corporations to pollute? I think 'The Tragedy of the Commons' is a better explanation for that, but I see what you're driving at.
Basically, I set up SSH on a server somewhere (I actually have many), and a local SSH key (I don't use passwords with SSH). The SSH server can be a cloud server or a physical one; it doesn't matter. Then, I create an alias in my .zshrc or .bashrc configuration file to easily create a tunnel to that server, like this:
alias <alias_name>="ssh -D 8080 -f -C -q -N <username>@<host>"
Then, I go into my network settings and create a local SOCKS 5 proxy that points to the port I'm tunneling through (8080 in this case). Once I've done this, everything between me and the remote server is encrypted, and it appears that I'm browsing from the remote location. This works well for services that are not available in my country, as long as I can set up a server in the country I want to appear to be coming from.
If you want to keep the SSH tunnel open all the time, you can use autossh, like this:
The problem with VPN services, at least when used to circumvent regional restrictions, is that a lot of other people do the same thing, and the VPN provider ends up getting blocked. I've never had that problem when using SSH.
Also, with SSH, I own both the client and server, and setting it up is extremely easy. Setting up a VPN, when you do own both client and server, takes more effort, I think.
Politically, it means that people who should be getting angry about reduced privacy are "comfortable" with the fact they can work around it, while a new generation grows up with fewer and fewer expectations of what privacy means. It's short term protection in return for normalization of anti-private behaviours and long term damage.
But I also have a problem with it technically:
Issue: You don't trust ISPs to not sell browsing history.
Solution? Provision a virtual server, set-up a VPN and tunnel.
But your server still has a service provider. It might not be literally tied to your billing information but that was never going to be anyway.
You've shifted which ISP gets to sell the data from "home provider" to "virtual server provider", but there is still browsing data isn't there and it's just as valuable from a private single-use VPN as it is from your home connection.
There are no foolproof security solutions, only varying degrees of who you trust with what. There are many VPN providers who claim to keep no logs on user activity. If their claims are true, that is a better option than Comcast or AT&T since the VPN provider with no logs has no data to sell or share.
Those VPN providers need to get their internet connection somewhere and if you terminate your VPN inside USA (which you'll have to - to get decent speeds and pings), you'll just move the point of data collection.
Sure but if you have a VPN from a provider with enough customers I and use TLS to connect to websites, associating the browsing activity to a particular customer is difficult even for their ISP. Some of it could be traced back by traffic analysis, but it's at least more obscured than if you are using TLS from your own connection without a VPN.
> But your server still has a service provider. It might not be literally tied to your billing information but that was never going to be anyway.
The idea is to use a VPN provider that keeps no logs and runs many concurrent connections NAT'd behind the same public IP address. That way your traffic is mixed in with everyone else's who's using the service and provides you with an additional layer of anonymity.
That would be one way. In the VPN provider scenario if the ISP can snoop on both the incoming and outgoing traffic that can correlate the two by analyzing the timing and packet sizes. This is how Tor can be defeated as well but it's much simpler to do to a VPN service since they prioritize speed over privacy more than Tor.
This could be as simple as connecting the dots between you logging into your ISP account to pay your bill via the VPN.
This is one specific way in which a VPN is a poor solution to protecting privacy. It means the user has to constantly be on guard to which traffic should go over the VPN and which should not. Even one single slip up could negate all the benefits you think you are getting.
Edit: This reply should have been a couple levels higher, addressing the general tracking discussion rather than NATs specifically.
Assuming it's possible to make it easy to companies to become VPN providers, and since the problem is trust, shouldn't a service from a trusted non-profit be good ? one that must share any financial information, as some non-profits do ?
I think that actually increases your exposure, as a monthly snapshot will likely be as good as any other month's snapshot and just as damaging (or not) if it got out. If all providers sell your data, that means that purchasers of aggregated data will always have up to the date info anyhow.
I would say the "better" solution would be to find a provider with a good reputation and stick with them, and leave them in a heartbeat if it appears that they've sold your data. It gives them an incentive to continue behaving well through referrals and recurring revenue.
In the US most folks only have a handful of service providers to choose from. There are a huge number of VPN/PaaS/HaaS providers you can choose from, it shouldn't be hard to find one that respects your privacy.
The iPhone has a built-in VPN client. I've only used it (the IKEv1 client, specifically) to access stuff on my home network, but I have no reason to think that it doesn't respect the routes that the server offers.
There sorta is. Install the OpenVPN app, load your ovpn config, and connect. After you do that, there will be a VPN option on the homepage of your settings that will use the connection automatically and will keep you connected when switching networks.
Source: Figured it out over the weekend and have been pleased by it for the past few days.
Pretty much. You use OpenVPN Connect (https://itunes.apple.com/us/app/openvpn-connect/id590379981?...) and set up openvpn on a VPS somewhere. The only exceptions are a few things like Facetime and Apple's push service, which are given special routing treatment by iOS—they skip the VPN.
Not a solution, rather a workaround. VPNs reduce performance, and they aren't free either. The idea of privacy abusers is to to tax those who value it.
Couldn't disagree more with this article.
VPN is a solution to a policy problem until policy makers forbid VPN to enforce their core idea in the first place. (e.g. see United Arab Emirates for some restrictions of VPN use)
Didn't you read the "Big Book of Internet Rules"? All you have to do is say the words "Virtual Private Network" 3-times-fast in the bathroom mirror of The Courthouse, with the lights off. The judge is then required to let you go and drop any pending charges. Those are the rules!
That's right folks: the overwhelming power of the state to enact actual policy that can impact millions of lives? It crumbles before the power of my 1ghz Atom router. It has AES-NI, after all. That's, like, impossible to beat.
So I was a call-in on NPR today (http://www.wbur.org/onpoint/2017/03/29/internet-privacy-cong...) that discussed the ISP privacy issue. I brought up the crowd funding initiatives to buy Republican's info as well as the Democrat's unwillingness to make use of this issue. The call-ins were unanimously against what the congress did.
edit:
Here's the GofundMe trying to raise money to buy their Internet history. Something tells me this dude is going to run off with the money though
These "jokes" are already getting incredibly stale and silly. I don't get it at all. A provider is not just going to let you come in, even with say a billion USD, and buy X individual's data. That's not how it would work at all, this is not just like some sort of self-checkout to get someone's data.
And even if it was remotely like that, I can guarantee you that the providers will go to lengths to make sure they didn't just lobby millions (speculating, of course) to get this through and then throw the same congress members under the bus that they lobbied to and then hand out their data to get them in trouble with the public.
However, they can do what everyone else does; buy anonymized data for the area person X lives in. They can then use countless techniques (that have been demonstrated repeatedly) to de-anonymize the data and find out about person X.
What I'm getting at is even if they did try to use the method you described, I highly doubt they would even include that data of those congress members. I bet they blacklist users in situations like this. They are not just going to give that sort of thing out via a sell. Even if they law ALLOWS them, doesn't mean they sell to anyone with money.
All-in-all, I think if you donate any money towards these crowdfunding initiatives, you might as well burn that money because it's not going to get people the info they think they are going to get. ¯\_(ツ)_/¯
Now you are being over-optimistic about ISPs' sophistication. If I wanted data to target white renters, I can get it as long as I don't do it wearing a klan hood. A data set encompassing legislators is for the most part a data set of lawyers with some special characteristics. It could be a subset of data you can buy, or it could be assembled as a mosaic.
Just getting a VPN is like a teacher telling a bullied student to "just ignore and move away". Sounds great in theory, but really doesn't work for everyone in the real world. Some day, when wireless solutions get really good, or the cable monopolies are broken, pro-privacy will be a selling point.
This article is really bad. On the one hand it says government is unreliable and therefore it's hopeless to regulate. Then it immediately argues we need to break the ISP monopolies (which is true.) But why are there monopolies? It is because the ISPs collude not because there is regulation stopping new ISPs. Google and Verizon both dipped their toes in and gave up on providing wired access to the home.
The only way to break the monopolies is with government regulation forcing them to share the lines, because running the lines is the very costly part that stops new ISPs from competing.
How do I do know what VPN to trust? I guess getting my own server and provisioning everything myself is the answer? I'm sure that'll work fine for average Joe.
>Other articles have argued that VPNs are not a solution to a policy problem, because you can’t necessarily trust a VPN provider, or some VPN providers don’t encrypt your data properly. That may be the case, but that’s an easily solvable problem. And there are no monopolies on VPNs. This is something that a market economy can solve in a year.
It has been a few years since my Econ 101 class, but I suggest the author Google "market for lemons". Users have no way to verify the intentions of VPN providers as there is natural information asymmetry. Trust is not an issue that market economies have come up with a good solution to fix. The solution we often use ironically enough happens to be policy and regulation. So maybe this is a policy problem.
The market has come up with a great solution to some trust problems, like Underwriter's Laboratory. A group of experts certify any device that will have their stamp of approval.
There could be an identical service for privacy/internet tech. There isn't, but I'd trust an "Internet Underwriter Laboratory" group way, WAY more than a group of politicians.
Which is a regulatory solution. I don't know the specific history of UL, but the most common way these type of agencies are created is by the government or from within the industry out of fear of government regulation.
Read over UL's history [0]. It was started by a private individual, and is a for-profit company with huge reach and sets safety standards for devices in many, many industries.
So, while I can't speak to how these things _normally_ come about, this is a compelling example of self-regulation entirely outside of the scope of the government.
"Companies selling your data is nothing new—Facebook and Google have been doing it for decades."
Is there any evidence for this? I'm pretty sure that in the case of Google, at least, it's a flat-out lie. In fact, they state in massive letters: "We do not sell your personal information to anyone." (https://privacy.google.com/how-ads-work.html) Who would they even sell it to? They're at an advantage having that data themselves.
I'm not sure what "pimping out" means if not "selling".
Google runs the ad network, so they don't have to sell or "pimp out" personal data to advertisers. They use it themselves to make sure the ads are being seen by the people the advertisers want them to be seen by.
Google doesn't sell an indexed list of users and their interests: you can't buy the data and then use it how you want.
But, yes, pimping it out was just hyperbole for renting it for particular, well-defined purposes. But even that doesn't convey the fact that advertisers never have full access to the underlying data itself. They can specify the market demographics desired and google or any other ad network delivers the matching eyeballs.
Completely agree. All we need now is for a major player to step up and say "here's our VPN cloud and it's free to use and we guarantee it's encrypted and won't keep logs. From now on, all our devices will use it by default unless you opt out." I imagine meetings are already being held at Apple to discuss this.
Correct me if I'm wrong, but aren't ISP already monetizing on my data by the fact that I _literally pay them for their data services_? So no: an ISP going "I want a piece of that behavioural profiling ads money" is most absolutely not reasonable.
If you want to be in the ad business, stop being an ISP and go into the ad business, but if you're providing a service and that service is internet-for-pay, and we pay you the money you have said it costs to use your service, then it is not reasonable for you to complain that there is more money to be had, and you want all of it.
Uh. No but cell tower negotiation over LTE isn't using TCP/IP which is all the VPN has power over. Or am I really confused? The LTE radio is totally independent of internet protocols and can be tracked by cell providers since I must connect to their tower.
Instead of using a VPN I think I'm just going to create a script that randomly requests various websites 24/7. So don't cut off the signal to your ISP just drown it in a lot of meaningless noise
It's not a solution for one simple reason: policymakers can create a "policy" that simply makes them illegal. They don't have to defeat them on technological grounds.
272 comments
[ 2.8 ms ] story [ 285 ms ] threadhttps://pbs.twimg.com/media/CeqLfB5WIAAPZZh.jpg https://www.wired.com/how-wired-is-going-to-handle-ad-blocki...
However, either they've removed it or uBlock is currently winning the blocker blocker fight since I actually can read that article (I hadn't tried.)
I've heard I can just "disable IPv6" on my Mac, but I don't know the full implications of this. If anyone has any input I'd appreciate this, because then I would use a VPN all the time.
EDIT Sorry I meant to type VPN not VPS, stupid typo.
EDIT: And the full implications of disabling IPv6 are approximately nothing.
It sounds like you're in the UK - I'm a US person, if I give you my traffic, what will courts say about my expectation of privacy?
I already operate https://smsprivacy.org/ which is essentially a VPN for SMS.
I don't have any way to prove I'm not logging your traffic, but I am a big believer in privacy and promise not to. If you don't trust me, you don't have to use it.
The same way you know any VPN company isn't. You just have to take their word for it.
Why is the word of a fly-by-night VPN provider any better than a HN poster?
I can think of a few off the top of my head that do:
* Linode
* Vultr
* Tilaa
* DigitalOcean.
https://www.perfect-privacy.com/vpn-with-ipv6-support/
What I'd really like is a vpn that gives me an ipv4 address and an ipv6/64 so I can have my router do the vpn and route my whole network through a vpn by only configuring one computer.
Any sites you use that are exclusively available only via IPv6 will stop working, but due to slow adoption of IPv6, that list of exceptions is quite small. IPv6 adoption is big in China, but even then the major services themselves are available over IPv4. (Weibo.com doesn't even advertise an IPv6 AAAA DNS record, so the things I read about IPv6 adoption in China may be overstated.)
There are, of course, exceptions. There are a number of intentionally ipv6-only test sites like https://ipv6.google.com that won't work. Things like Google.com which are available over both IPv4 and IPv6 will degrade gracefully if you turn off IPv6 on your mac, and just connect over IPv4.
It's disgusting, and I'm disgusted (_yet again_) by the mercenary Republican Party. They are declaring war on me and my loved ones and the vast majority of our fellow Americans and anyone else unfortunate to have to use an internet connection in the US (and live under the rest of their insane policies).
For the record, I signed up for a personal VPN two weeks ago because this anti-consumer outcome was assured with the current party in power in the US.
I found this comparison matrix[1] which provided me the info I needed to identify a few services to compare. I'm really just looking to keep my ISP from snooping on my traffic, so my criteria are pretty limited and I just wanted something quick. I don't plan to watch Netflix with it for example, which might have pushed me to a service that would allow me to select specific servers for traffic egress.
I have no complaints
[0]https://www.privateinternetaccess.com
>I don't plan to watch Netflix with it for example, which might have pushed me to a service that would allow me to select specific servers for traffic egress.
PIA has servers in many different countries that you could switch to, does that not that fulfill this?
Stop this BS. The democratic party has done pretty much similar bad things that violate our privacy. Are you just good at selectively ignoring things? This is really the fact that every US govt is not for personal data privacy. You have to just accept it (if you are an american).
It's also a good concrete issue to use in understanding that while arguments like "Democrats Do Bad Stuff Too So IDK Apathy" may be persuasive to some people in justifying not voting, it's ultimately not true. If this issue matters to you, there was a ballot box solution to preventing it. Not enough people used it.
If this recent attack on privacy is something both sides support (as you seem to claim), why did the Obama administration set out those rules? And why did the Democrats in Congress not vote for this repeal?
Don't bring that weak Whataboutism here.
If when given the option you don't use services that keep your data private, why is this a big deal to you when yet another service you use sells your data? If you want privacy you either need to shop for services that provider it, or like this article states, take measure to ensure some level of privacy.
Its a "has power" vs "doesn't have power" split.
The Democrats are just as culpable as Republicans. Don't give either party a pass.
A Democratic president put these protections in place.
He expanded the powers of the NSA because he could, or had to, or whatever. I struggle to imagine that he then turned around and used the FCC to push meaningful reform along for his citizens.
I think the burden of proof is on you to show that his track record with government spying should be ignored when thinking about his track record with FCC/consumer protections.
The vote count sure looked like it to me.
https://www.govtrack.us/congress/votes/115-2017/h202#admin_p...
Yea 215 (Republican 215, Democrat 0) Nay 205 (Republican 15, Democrat 190)
On actually contentious issues, like CISPA and the like, the votes split almost exactly down donation lines as opposed to party lines.
Regardless, even if the split is supposedly true what do you think is the real problem? The current republican gang or the influence and power the rich wield? Even if you replaced every single politician you hated with the wave of a magic wand the powers that be would still find ways to influence the new group.
We should tackle the systemic problems first as a whole nation, then hopefully the issue of removing those that wish themselves our master will be much easier.
[0] https://www.opensecrets.org/industries/totals.php?cycle=2016...
But combined, their views represent only a narrow slice of the political spectrum.
Both parties have their own flavor of expanding the powers of the government, while no one in office is advocating reduction of government power.
Sure, the republicans occasionally give lip service to the idea, but they're all the same as the dems.
I guess I'm a bit fed up being told "pick a party that represents you" and finding absolutely zero options who don't make me feel dirty or stupid.
I maintain that both parties are the same, neither is capable of delivering real change. (A perfect example is the last US presidential election. Trump and Hillary? FFS.)
Not everyone is interested in across-the-board reduction of government power. I understand it appears to be your view, but you need to be careful to treat that as another political position, not as a global constant.
>I maintain that both parties are the same, neither is capable of delivering real change
I think it's a naive fallacy to have the base goal being some nebulous thing called "real change". When things like Obamacare and gay marriage and raising the minimum wage and protecting the environment, like Obama did and Clinton would have worked for, can't be called "real change" because they aren't the perfect solution some liberals/libertarians would want belies a privilege in not being a member of the classes that these things really affect, which coincidentally are not classes often represented well in the tech industry or on tech boards like this one.
I am too quick to elevate my political _opinion_ to that of fact, and in doing so, commit the exact same mistake that drives me bonkers when other people do it.
Also, my own use of "real change", as soon as I read your comment, made me hang my head in shame. "Real Change(TM)" is just a stand in for "something that I think should be done, and until it's done, nothing else matters!"
It's related, I suspect, to the "no true scotsman" fallacy.
So, you're right. I worded that entire comment poorly.
This is one of the reasons I enjoy dipping into the HN comments now and again - I sometimes get really high-value feedback like this.
So thank you, /u/mejari, for taking the time to comment what you did. It's a good gift. :)
It kinda depends on what you mean by "across-the-board reduction of government power." I do believe that everyone is interested in peace. And justice. And creativity. And hope. And being able to relax and do what they want.
And even if government isn't in opposition to these things in every case, empire certainly is. And people recognize that.
So yes, deprecating the American Empire is something that enjoys very broad support; certain aspects enjoy consensus.
While 'No Empire' seems to be a Good Thing, in general, if the question was instead, "Which country should lead the global Empire if not America?" I wonder what the survey results would be.
That is (by way of the Median Voter Theorem) a consequence of the two-party system, which is (by way of Duverger's law) a consequence of winner-takes-all or first-past-the-post (and not proportional) voting, I'd say.
https://en.wikipedia.org/wiki/Median_voter_theorem
https://en.wikipedia.org/wiki/Two-party_system
https://en.wikipedia.org/wiki/Duverger%27s_law
https://en.wikipedia.org/wiki/First-past-the-post_voting
Congress is completely corrupt. They don't write legislation, k-street does. They don't read legislation they pass. When confronted, they waffle about benefits to corporations being beneficial to their constituents. Almost all are in violation of their oath.
After much deliberation I think reprent.us has it right, the only way for us to take of this issue is for a new rallying cry to elect third-parties and indepedents to take away the majorities of both parties. (which is also how we get an independent or third-party elected president by taking the 270 votes away from both parties and the vote goes to the house).
We need to stop letting people push the farcicle duverger's law as if it's irrefutable fact, because it's not.
It is in their interests for us to think there is meaningful difference between them, and I'm confident that many dems and republicans do earnestly believe there are differences between them and the other party.
But the differences are _so small_.
If one party wants to pass legislation that does X, and the other wants legislation that does Y, there is _no one_ advocating for all the myriad unspoken options.
My wife used to be a kindergarten teacher. One of her classroom management strategies was to try to give her students options. She'd say "would you like to do X or Y right now?"
Of course, she only gave options that she already approved.
So, for the "powers that be", the real power is deciding what bills go up for a vote. What happens in the actual vote is trivial compared to the power that comes with killing a bill before it hits the floor, or passing other legislation in omnibus spending bills.
I maintain that they work together to screw us all over for their own benefit, and to keep the corporate spigot flowing.
http://www.vox.com/new-money/2017/3/28/15089396/house-republ...
So, how is that problem solved? I can't see what VPN companies are really doing inside their stack. They might very well be logging everything and I have no way to find out other than to "trust them" - so there's no real market mechanism to choose a VPN provider which doesn't log anything.
I suppose it could be in the contract.. so does VPN contracts have a clause like that, and how is it enforced?
You can always run your own VPN. Buy a cheap VPS, and set up OpenVPN to route traffic through it.
I ask because, I use a cheap VPS for a VPN, but wonder if it actually accomplishes anything.
I imagine they wouldn't know how to monetize the data, but if the market matures, there could easily be the same people behind buying data from Comcast-sized ISPs, creating tiny VPS and VPN providers that don't get any meaningful scrutiny in practice.
A VPN that sells your information and eventually, inevitably is caught, will lose their entire business. Meanwhile they can make a perfectly good profit just... providing the desired service. There are also people who take the time to investigate these various services, and you can do some work to find one that meets standards you deem to be acceptable.
There isn't going to be a perfect solution here, but the issues with VPN's are really not the issues you raise. My concerns are: Google and other major sites endlessly pestering VPN users with CAPTCHA requests, or the government actually making them illegal. Your concerns are largely answered by researching which product you're willing to buy, not unlike all other similar decisions in life.
Yes, a VPN company caught selling info would crash and burn. The invisible hand would ensure this, etc etc. But only if they got caught, and even then it's not like there would be any actual legal punishment (outside of a lawsuit if they were contractually obligated to not sell the info, I guess). And if selling that info meant double the profits, I doubt the owners who were willing to lie to their customers would feel all that bad or embarrassed. They'd probably also be shameless enough to re-brand.
And all that is ignoring the fact that with VPNs privacy becomes a privilege only to people who can a.) afford it and b.) understand how to use it. And finding a VPN that won't sell your info on the side requires the time and know-how to research it, not to mention even considering that a VPN might sell your info requires interacting with news orgs or people who might bring this concept up.
Chalk this up as another "HN readers don't realize most people don't read HN", color me surprised.
So yes, there are better solutions involving the law, but unfortunately the innocent lambs you're defending are the ones calling us nerds and buying IoT junk!
This is just the start though, you'd also have to guard against common keys and other various gotchas.
Also, another idea is VPN providers might start seeing it as a business opportunity to provide robust, secure connections and advertise how they work. These claims could easily be verified.
Just a start, I'm not an expert in networking, but it seems fairly doable. Obviously MITM is always possible if you're not connecting via ssl.
Also, this could be the impetus for further decentralizing the internet, although who knows how far that's out. The centralization of the internet might have taken things too far and killed the golden goose by abusing their position, incentivizing an acceleration of full decentralization, like with IPFS and their ilk.
How do you solve the problem without policy then?
You can select a paid VPN service that helps protect you from specific adversaries. You can roll your own VPN on your own VPS that helps protect you in some use cases.
You can, and should, advocate for good privacy policy.
This article is saying, basically, that the tendency of ISPs to try to monetize user data is a natural consequence of capitalism, and trying to curb that tendency with legislation is ineffectual compared to the real solutions (fight monopolies, and everyone use a VPN).
I don't buy it. Roughly the same argument could be made about virtually any regulation. "Corporations are incentivized to pollute, so there's no point trying to stop them. Buy a water filter." "People will always try to get heroin, so there's no point in restricting it. Get some naloxone." Damn near every regulation is an attempt to counteract some profit-motivated tendency which is the unfortunate consequence of capitalism. And as regulations go, user data is a lot easier to regulate than drugs or pollution.
"Just get a VPN" might be good advice for individuals, but it is emphatically not the society-wide solution to data privacy. We can and should continue to fight for good legislation that protects us.
VPNs are a strategy for mitigating an individual's exposure—leaving the monopoly of the ISP intact.
https://arstechnica.com/business/2014/04/one-big-reason-we-l...
https://motherboard.vice.com/en_us/article/the-fcc-cant-help...
https://consumerist.com/2015/05/26/why-your-cable-company-do...
Government regulation contributes much to the cost of investing in infrastructure and starting an ISP business in most areas. I think it would be interesting to see what would happen if that cost could be brought down.
Can't agree more. Corporatist rent-seeking is the fundamental problem with our political economy and/or society. But both sides keep talking past each other (as they are incentivized to do).
Tangent, thanks. This is the phrase I was trying to conjure to mind earlier today in a discussion about the very topic of this thread. Ended up taking a long, exhaustive and context-laden road to get to my point; after which I had already lost an audience but so it goes.
For the interested: https://www.wikiwand.com/en/Rent-seeking
Think about the original purpose of the FCC. Some regulation is required to make the services work at all. With a completely deregulated system, your microwave would disrupt cell-phone service for blocks. Your computer power supply might do the same thing. And Verizon phones would probably intentionally interfere with AT&T phones.
Low-frequency spectrum is a public resource, full stop.
Anti-cartel ones do the latter. Many properly made regulations are not easier to adhere to by big vs small agents.
Regulation is a tool, and it does more or less what the tool user intends it to.
It's worth pointing out that this is nonsense. In virtually every other developed country in the world regulation has actually increased competition between ISPs. The result has been internet service that is dramatically better, faster and cheaper than what is available to most Americans. It's worth taking a very close look at France[1] and South Korea[2] in particular.
Or you can continue to believe complete fucking nonsense like "regulations destroy competition" and plod ahead with crappy internet while the few monopoly ISPs that exist hoover up virtually all your personal data.
[1] http://www.newyorker.com/news/daily-comment/we-need-real-com...
[2] http://www.idgconnect.com/abstract/8960/why-does-south-korea...
Monopolies don't last in a free market. Someone hungrier will eventually come in and undercut the incumbent.
We've seen what the wrong people in power do. Mussolini, Stalin and his gulags, Pol Pot and his genocides, Kim Jong-il, Slobodan Milošević. This isn't a statement about the current US President, but we depend on having right (enough) people in power in a lot more ways than this one policy decision.
On the other hand, we can work for a decade to introduce regulation over the hard-to-define concept of an ISP monopoly, and then spend more decades going through the inevitable break-up and re-conglomeration of these entities under different forms, like we had with the telcos through the last half of the 20th century. In 50 years we may have a landscape that resembles that of the current cellular carriers: three or four large players in most metro areas, fewer rural options, and little real choice among them in terms of QoS or T&C. I suppose this would represent a slight improvement over the status quo?
This is the problem with so many free-market proposals, they would have you off tilting at windmills instead of directly addressing a fairly straightforward problem.
> [...] stop relying on governments for self-protection that you can handle yourself. If it’s not the current administration that will repeal our protections, it will be the next one. And what then?
The whole point of a democratic government is to protect the interest of the majority of their citizens, and the selling of personal personal data is clearly against the interest of most Americans. In a democracy the tool we have to protect our interests is the law. Unfortunately this tool sometimes is also used by small but powerful actors for their own purposes, colliding with the will of the majority. That's exactly when we have to fight back to keep the government democratic.
VPNs can be used as a temporary workaround by some people, but it's definitively not a good permanent fix for this constant invasion of privacy that many corporations in the US are so willing to attain. Even if you think you have a perfect technical solution (GNUnet? Tor? I2P?) the next administration can simply say that solution is unlawful, and what then? The fact is, sometimes we have to demand our government to do the right thing, and this now is one of those times.
Once you notice that, the whole piece is basically just ancap apologetics.
Is this the goal we strive for? There are lots of things that we don't want that could be largely couched in the language of "being in the interest of a majority of citizens". For example: Aggressive policing against petty theft, stop and frisk, prohibiting sales of off label unpackaged cigarettes; antiterrorism laws with intrusive cavity searches at every airport; fugitive slave laws...
Certain industries have a tendency to be monopolistic, or else have incredibly high barriers to entry. ISPs should be regulated to protect customer privacy. This is the equivalent of USPS, the public library, and the phone company selling your data to whoever wants it, and it's wrong.
If you wanted to make it slightly less "government-y," you could just establish rules that those running the last-mile lines, and those providing the connectivity must be separate entities (and not connected to each other like some "spin it off as a separate division of Comcast but they are still parts of / owned by the same company"-type deal) so that everyone gets a fair shake.
[ That said, I'm not in favour of letting the privacy war play out in the market, because I'm not 100% sure that the market wouldn't just settle into a state where everyone was doing something I don't like to some extent. ]
Telcos loathed it and pitched many mighty fits and threw every (physical and metaphorical) wrench they could in front of their brand new competitors. But it worked, in spite of the problems[0]. The absolute best I ever had was in Southwestern Bell territory. Over a single copper circuit I could choose from TEN different ISPs. Speakeasy, Megapath, Covad Direct, August Net, and a handful more that I can't remember. In 2002, I paid Speakeasy $160/month for 10mbps symmetrical with 8 real IP addresses and no port blocking.
President Bush was elected and the telcos' complaints were given new life at the new FCC. The unbundling requirements were swiftly removed. Now, we have this.
0 - And don't get me wrong, the problems were legion. UNE-P didn't apply to cable providers nor the new-ish fiber optic last mile buildouts. Only ILECs were subject to it so competitive providers who had built physical plants got to skate by. And there were some legitimate complaints over the "profit margin" calculation (in quotes because what's a margin in the telco business, really?). But, damn, it did work for a brief time...
Oh, I know that. The US also had more "competition" in the ISP space nationally because all of the regional telephone companies and cable tv providers hadn't yet consolidated into the mega-corps we have now.
> Telcos loathed it and pitched many mighty fits and threw every (physical and metaphorical) wrench they could in front of their brand new competitors.
Separating (e.g.) AT&T from their last mile infrastructure (and placing barriers to them re-obtaining it) would go some of the way to preventing this. Someone operating the last mile infrastructure that is not also a direct competitor to their customers[1]. It's a conflict of interest that no law or regulation is going to properly resolve.
[edit: I should clarify this. No law or regulation is going to properly resolve the situation unless we remove the incentives for the last mile operator to find loopholes to screw their customers.]
[1] the ISPs connecting to people over the last mile infrastructure
This is why in the USA the cable companies are the big ISP leaders and the telecoms are second fiddle.
Verizon only built Fios when they got clearance that they wouldn't have to share it.
The unbundling is a great way to make sure that legacy systems are fairly priced. It's a bad way build new systems.
So there's no simple cause+effect here related to unbundling. And even with unbundling it's not like a company loses money; they just lose monopoly rents but are guaranteed some profit whether or not they have to share.
Really the issue is about opportunity cost and financing: Verizon would rather invest in endeavors with a higher return than what they'd get with copper or even fiber. That higher return is wireless.
But there's so much cash available, or at least there has been for the past 10 years, that theoretically somebody could have stepped in to invest in these projects. Google was tentatively one of those people--initially it was enough for them to break even--but it looks like the only entity capable of committing for the long haul will be a non-profit or government entity. More so as the era of freakishly low capital costs slowly comes to an end.
Don't forget the fact that it's 2017, and DSL sucks. 40mbit down and 10mbit up at best is what DSL providers tend to offer. DSL just isn't viable compared to cable.
It seems odd to reject regulating against certain practices and reject the breakup of monopolies as well. Without a market that works properly many more specific practices are going to have to be banned. That's not an ideal situation. Monopolies are indeed the main problem here.
Also, VPNs seem to be under attack from governments, so I wouldn't rely that option being available forever either.
I have to wonder why government regulation is to be avoided at all cost when it comes to consumer protection whilst the very existence of corporations, their property rights and hence markets themselves is owed entirely to government regulation.
I am very much in favor of using market mechanisms to solve as many problems as we can, because if and when markets work they solve a very complex coordination problem that is extremely hard to replace with planning. But to claim that markets can solve every problem including their own dysfunction is just logically nonsensical.
Then the author should go all out and suggest that the federal government completely deregulate all the spectrum from, say, 500 MHz to 1 GHz. We'll have lots of wireless providers, and none of them will work well because they'll all interfere with each other.
There's a variant that might work, though: force the licensees to operate on a wholesale basis only. No Internet, no voice, no SMS, no phone number, no streaming NFL games, purely connectivity to a wholesale backend provider that can provide whatever services they like using whatever peering, transit, CDN, etc relationships they want.
As a practical matter, it would probably work better to let the spectrum licensees provide voice and SMS, just because the protocols are so absurdly complicated that it might be very hard to get it to work wholesale.
(As an aside, public utility regulators could do the same thing for wired services. Let one provider supply every property in an area with a 10Gbps point-to-point fiber link to a nearby datacenter. Anyone else can lease space in the data center and cross-connect to residents' fibers.)
Why not? Author didnt say much at all about this. What else is regulation for if not to keep certain things in check better than the free market/people/whatever can do?
There's nothing that says this will be the case. It would be very simple to deprioritize VPN connections, and recommend an upgrade to their "business" ISP plan if you need your VPN connection prioritized.
They have no reason not to, and every reason to. Either way, they get more money out of your existing internet use. It would be a pyrrhic victory at best; they wouldn't be spying on you, but you're paying twice more for that "right".
Where incentives are misaligned and/or the issue is a technical/complex and users are highly unlikely to vote with their dollars regulation is the only possible achieve success.
Unfortunately, in the real world, history teaches us that free markets will absolutely go to hell in a handbasket if the wrong people are in power even for a short time.
So much for ivory tower "free market" idealism.
I think privacy and pollution regulations can be good, but they need to be carefully tracked and aren't always effective.
The best solution for you is always to be a vigilant consumer. Something like this can be protected entirely by doing so. Pollution is harder to defend against. Using a VPN is a great strategy to mitigate these issues before they're allowed to happen to you.
Ideally, you wouldn't rely on trust, i.e. Policy, you would rely on math. As far as we know, judging from the Wikileaks releases, encryption still works.
With pollution, it is a policy issue, because there's no mathematical way to prevent polluters. So we have to negotiate amongst lawmakers, regular people, and corporations.
I think what the author is saying here is that we shouldn't bet our privacy and safety on who is in charge, as we are always one flick of the pen away from losing those protections. I think this is especially the case when there is a mathematical solution to the problem, that doesn't require trust. Obviously, having math and policy would be an added bonus.
> I think what the author is saying here is that we shouldn't bet our privacy and safety on who is in charge, as we are always one flick of the pen away from losing those protections.
Yes, and what I'm saying is that the same is true of every other regulation, which is why it's not a compelling argument against this one. You may have noticed that the same Congress currently gutting privacy protections is also gutting air quality protections...
So, on this point I agree. We should live in a world where lawmakers protect privacy and the environment, and the fact that they don't is disappointing and a short term (hopefully not long term) failure of government.
So far we are in agreement. In addition to that, I think what I'm trying to add is that VPNs are absolutely a way to mitigate the need for lawmakers to do the right thing, a concept in the abstract we all agree on but in reality proves to be very difficult. I'm not sure you're disagreeing with that point or if you think they're mutually exclusive, maybe you can clarify.
To go with your analogy about water filters being a substitution for having protection for keeping water clean. No, of course I don't think it's an effective substitute, but I'm still going to filter my water in addition to demanding that adequate protection is put in place.
So hopefully we are in agreement on that point as well, as they're not mutually exclusive.
But the overall, larger point to be made is we should just always do what we can. So voting is one thing, among other avenues within the process of government, however I'm also going to use a VPN, because, damn it, it works.
One last thing I'd like to say from another comment that I wrote somewhere else in here is that hopefully this will be an impetus for full decentralization the internet further, because an ideal solution would be to make it logistically intractable to snoop. A distributed internet, similar to how it was originally envisioned.
Google is already toying with the idea of creating VPNs for consumers. In the case of the pixel it's legit because they allow you to opt-in to VPNing to google servers on untrusted WIFI connections. The irony is that now google has even more data on you. Once your VPN exits, you can still get MitMed/injected on non-TLS resources, so what is the VPN really doing for you? The only thing the VPN does is control which party will spy on you.
The blind lead the blind I guess.
And the FCC has never attempted to regulate that level of privacy.
https://developers.google.com/speed/public-dns/privacy
So they don't track personally-identifiable information directly; it's certainly possible you could de-anonymize someone from their dataset, but most of what they do track is on their end (what machine handled the request, how quickly, etc.)
https://epic.org/privacy/streetview/
We are all engineers and can understand the concept of a patch versus a refactor. Yes, a refactor may be harder, but there is never an excuse to rely indefinitely on a patch; that's how you get burned with technical debt.
The government needs to change to be more responsive to the people and not constantly sell them out at the flick of a pen. Yes, use a VPN! But don't buy the message that there isn't more that can be done. There is, and many people are working tirelessly to see it through. Don't ignore or devalue their efforts to make a better system for people.
Buying water filters doesn't do anything to the polluting party. They can just keep polluting.
On the other hand, using a VPN makes your data worthless. It allows you to directly hit back at the companies trying to monetize your data. It's entirely different that just avoiding the problem.
It's not a long term solution.
[1] "The eruption of Mt. St. Helens should have alerted everyone to the ever-present processes of natural pollution (...) In sum, no one has a right to clean air, but one does have a right to not have his air invaded by pollutants generated by an aggressor (...) such aggression may take the form of pollution of someone else's air, including his owned effective airspace, injury against his person, or a nuisance interfering with his possession or use of his land (...) this is the case, provided that (...) while visible pollutants or noxious odors are per se aggression, in the case of invisible and insensible pollutants the plaintiff must prove actual harm; the burden of proof of such aggression rests upon the plaintiff; the plaintiff must prove strict causality from the actions of the defendant to the victimization of the plaintiff; the plaintiff must prove such causality and aggression beyond a reasonable doubt; and there is no vicarious liability, but only liability for those who actually commit the deed." https://mises.org/library/law-property-rights-and-air-pollut...
When you find, for example, your crops damaged by acid rain, that acid rain can have been caused by pollutants releases hundreds or even thousands of miles away, from hundreds of sources.
Who do you sue? It's generally not going to be possible to prove that the pollution emitted by any particular source ended up in the rain that fell on your crops.
Isn't "user privacy" is a collective noun that describes a shared resource? I.e., Tor's anonymity pool.
And while the law would probably let the ISPs sell your actual web history, in the past ISPs never went anywhere near that far. They more or less did what Facebook and Google do with their data.
Fighting monopolies is an argument for more aggressive application of competition law, to break up monopolies, and disallow anti-competitive conglomeration. But again the article doesn't bring up anti-trust.
The article also doesn't account for the fact that an ISP, without net neutrality regulation, can block or throttle or charge extra, for VPN usage.
https://www.goldenfrog.com/blog/category/policy
VPNs are a tool, but it's easier for users to install a plugin that pollutes their data than to enable VPN.
https://addons.mozilla.org/en-US/firefox/addon/random-agent-...
I think this ignores article too much about what is actually at risk, regardless of whether a VPN is a viable solution for some.
Basically, I set up SSH on a server somewhere (I actually have many), and a local SSH key (I don't use passwords with SSH). The SSH server can be a cloud server or a physical one; it doesn't matter. Then, I create an alias in my .zshrc or .bashrc configuration file to easily create a tunnel to that server, like this:
alias <alias_name>="ssh -D 8080 -f -C -q -N <username>@<host>"
Then, I go into my network settings and create a local SOCKS 5 proxy that points to the port I'm tunneling through (8080 in this case). Once I've done this, everything between me and the remote server is encrypted, and it appears that I'm browsing from the remote location. This works well for services that are not available in my country, as long as I can set up a server in the country I want to appear to be coming from.
If you want to keep the SSH tunnel open all the time, you can use autossh, like this:
autossh -M 20000 -p <port> -D 8088 -f -C -q -N <username>@<host>
[0] https://github.com/hwdsl2/setup-ipsec-vpn
Also, with SSH, I own both the client and server, and setting it up is extremely easy. Setting up a VPN, when you do own both client and server, takes more effort, I think.
Politically, it means that people who should be getting angry about reduced privacy are "comfortable" with the fact they can work around it, while a new generation grows up with fewer and fewer expectations of what privacy means. It's short term protection in return for normalization of anti-private behaviours and long term damage.
But I also have a problem with it technically:
Issue: You don't trust ISPs to not sell browsing history.
Solution? Provision a virtual server, set-up a VPN and tunnel.
But your server still has a service provider. It might not be literally tied to your billing information but that was never going to be anyway.
You've shifted which ISP gets to sell the data from "home provider" to "virtual server provider", but there is still browsing data isn't there and it's just as valuable from a private single-use VPN as it is from your home connection.
* edited for spelling error
The idea is to use a VPN provider that keeps no logs and runs many concurrent connections NAT'd behind the same public IP address. That way your traffic is mixed in with everyone else's who's using the service and provides you with an additional layer of anonymity.
You might also not realize just how shady and willing to sell you out many of these VPN services are. They tend to be un-audited, un-regulated.
This is one specific way in which a VPN is a poor solution to protecting privacy. It means the user has to constantly be on guard to which traffic should go over the VPN and which should not. Even one single slip up could negate all the benefits you think you are getting.
Edit: This reply should have been a couple levels higher, addressing the general tracking discussion rather than NATs specifically.
I would say the "better" solution would be to find a provider with a good reputation and stick with them, and leave them in a heartbeat if it appears that they've sold your data. It gives them an incentive to continue behaving well through referrals and recurring revenue.
If it isn't possible, anyone can explain why?
I don't have and iDevice so I don't know for sure, why do you think this'd be a problem? Or am I misunderstanding your question?
Source: Figured it out over the weekend and have been pleased by it for the past few days.
That's right folks: the overwhelming power of the state to enact actual policy that can impact millions of lives? It crumbles before the power of my 1ghz Atom router. It has AES-NI, after all. That's, like, impossible to beat.
edit: Here's the GofundMe trying to raise money to buy their Internet history. Something tells me this dude is going to run off with the money though
http://resistancereport.com/resistance/crowdfunding-lawmaker...
And even if it was remotely like that, I can guarantee you that the providers will go to lengths to make sure they didn't just lobby millions (speculating, of course) to get this through and then throw the same congress members under the bus that they lobbied to and then hand out their data to get them in trouble with the public.
However, they can do what everyone else does; buy anonymized data for the area person X lives in. They can then use countless techniques (that have been demonstrated repeatedly) to de-anonymize the data and find out about person X.
This is what UK members of parliament did with a very similar bill, where they exempted themselves from the law itself: https://www.independent.co.uk/life-style/gadgets-and-tech/ne...
All-in-all, I think if you donate any money towards these crowdfunding initiatives, you might as well burn that money because it's not going to get people the info they think they are going to get. ¯\_(ツ)_/¯
The only way to break the monopolies is with government regulation forcing them to share the lines, because running the lines is the very costly part that stops new ISPs from competing.
http://f1x-2.deviantart.com/art/Robo-President-K3n3-DY-IV-62...
It has been a few years since my Econ 101 class, but I suggest the author Google "market for lemons". Users have no way to verify the intentions of VPN providers as there is natural information asymmetry. Trust is not an issue that market economies have come up with a good solution to fix. The solution we often use ironically enough happens to be policy and regulation. So maybe this is a policy problem.
https://en.wikipedia.org/wiki/UL_(safety_organization)
There could be an identical service for privacy/internet tech. There isn't, but I'd trust an "Internet Underwriter Laboratory" group way, WAY more than a group of politicians.
So, while I can't speak to how these things _normally_ come about, this is a compelling example of self-regulation entirely outside of the scope of the government.
[0] https://en.wikipedia.org/wiki/UL_(safety_organization)#Histo...
Is there any evidence for this? I'm pretty sure that in the case of Google, at least, it's a flat-out lie. In fact, they state in massive letters: "We do not sell your personal information to anyone." (https://privacy.google.com/how-ads-work.html) Who would they even sell it to? They're at an advantage having that data themselves.
Google runs the ad network, so they don't have to sell or "pimp out" personal data to advertisers. They use it themselves to make sure the ads are being seen by the people the advertisers want them to be seen by.
But, yes, pimping it out was just hyperbole for renting it for particular, well-defined purposes. But even that doesn't convey the fact that advertisers never have full access to the underlying data itself. They can specify the market demographics desired and google or any other ad network delivers the matching eyeballs.
Expect more of FB's "internet.org" and Google's wifi balloons.
Very sad that Google Fiber isn't viable anymore.
If you want to be in the ad business, stop being an ISP and go into the ad business, but if you're providing a service and that service is internet-for-pay, and we pay you the money you have said it costs to use your service, then it is not reasonable for you to complain that there is more money to be had, and you want all of it.
And maybe. I don't control the carrier firmware.