Silicon Valley needs new laws, accept that, and make the fight about ensuring those laws aren’t burdensome, anticompetitive, and downright stupid. If you spend your energy trying to make those laws not happen at all, they’ll be done to us and not with us. It’s time to accept that a significant (more than 65%) of people want regulations in the tech space, and calmly, patiently explain what kinds of regulations can be helpful and which would be disastrous. Accept that it will be a matter of compromise (at best) and that means no one will be entirely happy.
right but things like privacy and security are aimed at the entirety of companies that have an online presence. For instance like laws around privacy requirements affect all major companies not just tech companies.
I need the protection. We don't need to go and start creating huge regulatory bodies around various industries, pitting one against the other. Make it so my information can't be captured -- or it can't be shared. Or make it so that keeping any information of mine past 30 days is a felony.
Then no matter who the businesses are, people can sue them and owners can go to jail.
Instead of trying to figure out exactly where the tech is right now, and how things might change? Bullshit. Protect me. With enough protections, the rest of it will work itself out.
That’s one position, and you should strenuously fight to see it represented in Congress. By the same token you should accept that it’s almost certainly not going to work out that way, but it might be possible to reach a compromise with your points as central tenants. The argument that regulation should focus on areas where individual protections could fail, and the bulk of legislation should address privacy and data protection is a good idea.
Having said that, try to avoid phrases like, “the rest will work itself out,” which will turn off virtuallly everyone who doesn’t think exactly like you. Remember that this is now an issue the public at large is very interested in, and shape your words for public consumption.
I think the problem is the roll back of net neutrality for ISPs and at the same time calling for regulation on content providers. It doesn't seem like these interests are protecting the citizens.
Anyhow, I do agree we should be protecting peoples right to privacy and unfettered access to the internet.
You're right, of course, but as scottie_m points out, the main issue here is one around messaging.
The enemy of getting this fixed is complexity. Once we start targeting individual companies, types of internet connections, or hardware devices? We've lost. It's all over.
It's not these things don't need fixing, it's that we have about ten words or so to put into a slogan. That slogan needs to be repeated over and over again. I am a firm believer in Net Neutrality -- but that's not the right slogan to march under. If we get Net Neutrality and everything else stays the same, it's a complete loss.
By shifting the focus to each user, we can talk more directly about benefits. And by making penalties perhaps draconian, we can leave the management of the complexities to the vendors, where it belongs, instead of the public debate, where the lawyers win.
Privacy and anonymity are much bigger fish to fry than whether YouTube costs more than Instagram. If we could come up with a simple slogan to cover both of them, sign me up. Otherwise? We gotta stop everybody from putting telemetry on every detail of our lives.
Before the 60s in the U.S., there was pervasive and deeply-held racism, but most people didn't see it, even those who wanted to be morally superior to everybody else. (See the movie "The Help"). Many times I think of what that issue is for us. What will we look back on in 50 years as being barbaric and evil? What is our current equivalent to the Civil Rights campaigns?
It's storing tracking data about the minute parts of people's lives. We will either morally overcome this or we will enter a new Dark Ages. There's no middle ground. Here. Here is the moral battle.
It's not just the Net Neutrality rules, along with Obama era Net Neutrality rules that were set to be put in place, there were security and privacy rules that ISPs also overturned. If we simply regulate the content providers, we won't get privacy on the internet and we'll also reward ISPs for their lobbying and manipulation.
ISPs don't need to collect our data to provide service, yet they do. Content providers don't need to track us, yet they do. They both need to be addressed, or as you say, "we've lost." So, Privacy Now! Or some better clarion call.
I think people are understandably wary of new regulations, namely because:
* The US isn't immune at all to regulatory capture [0]
* It's highly likely there are already existing regulations and laws that cover this but merely aren't being enforced (in which case, why would these new regulations be enforced either?)
* ISPs undoubtedly have a huge conflict of interest here
Which isn't to say that new laws are always a bad idea, more that they should be a measured response and not a knee-jerk reaction spawned by bad actors.
It's also far easier to point out badly crafted and/or ill-intentioned law proposals than it is to create effective and fair legislation, but both are necessary for the process to move forward.
That is, I think many people would agree with you (one need only read the comments on any of the threads about Equifax), but think this is basically an untenable place to start from.
Every single regulation starts from an "untenable place", almost by definition. What happens in every industry is "abuse" -> "collective realization that there's a problem" -> "close the hole that allowed the abuse to happen". Self-regulation is only a solution if the industry at large addresses the concerns early and acts in good faith. That did not and is currently not happening with SV and data privacy.
The fact that FB can't give a straight answer, and it has to be dragged out with revelations of increasing scale, is a big part of why public sentiment favors more external regulation.
> Every single regulation starts from an "untenable place", almost by definition.
I guess I'd disagree with that. Many environmental regulations are highly defensible, for example, especially when they arise in light of new evidence.
I could also be wrong, but I don't believe most environmental regulations are proposed by powerful, monopolistic competitors of oil companies (which is a big part of what makes this proposed regulation untenable).
> Self-regulation is only a solution if the industry at large addresses the concerns early and acts in good faith
I don't think anyone's really proposing this as an alternative. The point's more that repealing a bad law is significantly harder than creating it in the first place, so it makes sense to be diligent.
Environmental regulations are a great example because large parts of the US population are in communities tied to industries that were eventually saddled with environmental regulations. Many of those people believe that the regulations are part of why their industries declined. For them, the environmental regulations are not highly defensible.
Similarly in tech, many of the people arguing against regulations are economically incentivized to minimize the regulations. FB knew exactly what they were doing, third party developers at the time sounded the alarm [1] about how FB's API structure guaranteed that abuse would happen. What we're seeing now is the digital equivalent of BP Deepwater, where people warned about the safety before the incident and no one cared.
> Environmental regulations are a great example because large parts of the US population are in communities tied to industries that were eventually saddled with environmental regulations.
I don't think that makes those regulations un-defensible. It just means there are tradeoffs.
Maybe we're just disagreeing about what the word "defensible" means in this context.
> Similarly in tech, many of the people arguing against regulations are economically incentivized to minimize the regulations
Except in this particular instance, the people arguing FOR regulations are economically incentivized to maximize the regulations. That's what makes this particular proposal untenable.
Outside of the renewable energy industry, the people pushing for environmental regulations don't have much economic incentive to do so (other than some very trivial ones, like that the economy will suffer if the planet declines).
Can we please lump the data leaks of Equifax and the like in with the need for these new laws that shift user data from something companies are mining to something they are protecting and disclosing?
ISPs are going to have a hard time competing with the data gathered by Google Analytics and similar services given the accelerating push towards most sites being encrypted. If DNS encryption becomes more prevalent (edit: and users start taking advantage of privacy-conscious DNS providers outside of the control of their ISPs), they'll have an even harder time still.
<User> connected to <IP> and transferred <this much data> at <date/time> just isn't that valuable compared to the highly detailed usage and interaction data gathered by GA and similar services. Even if you ignore the DNS point and add "<User> looked up <hostname>" to the above, it still doesn't come close to what GA/etc are able to collect.
Edit: Why the downvotes? Isn't this supposed to be a site full of technically skilled people (many of whom work in "ad tech") who should know that what I said is accurate? Would any of the downvoters care to explain themselves instead of using downvotes as an "I don't like this post" button? This site is starting to feel more and more like Reddit.
Because it doesn't make sense. Why would they ISPs care that you are encrypting your dns requests in transit? The vast majority of people still use whatever DNS servers their ISPs tell them to use. So the ISP controls the other side of the encrypted communication, making the encryption useless for preventing them from reading it.
I specifically said "If DNS encryption becomes more prevalent". Obviously this point becomes null if the user is using the ISP's own DNS servers. I guess I should have said, "If DNS encryption becomes more prevalent and users start taking advantage of privacy-conscious third party DNS providers".
You've also chosen one very specific part of my post and used it to attempt to claim the entire post doesn't make sense. What about the rest? Even if you ignore the entire DNS-related portion of my post, there's no way you can claim that ISPs are able to access anywhere near as much data as GA/etc when users are mostly accessing encrypted sites.
The only good outcome will be for this to backfire spectacularly with privacy protections that limit ISPs just as much as the tech companies.
The ISPs are already playing a dangerous game. Unlike their buddies at the FCC, congress is elected, and with enough popular pressure (and midterms coming up), they can be persuaded to do the right thing.
Techdirt really doesn't live up to its name. When that site isn't actively avoiding major stories that make Silicon Valley megacorps look bad, they're busily defending the Surveillance Valley business model outright.
The "ISPs are bad, therefore Silicon Valley should be allowed to continue running roughshod over users' privacy" narrative is really idiotic. It tries to present this as a situation where we have a choice of either regulating ISPs, or regulating privacy-invading Silicon Valley surveillance corporations, but not both.
Edit: I just read the full article, and yes maybe my assumption wasn't charitable. That said, I had just got done reading this article where Mike Masnick encourages us to continue giving the benefit of the doubt to someone who has repeatedly violated trust for more than a decade, which left me assuming it would just be more of the same.
Most of what I've read on techdirt over the past couple years seems to represent a bad faith effort to frame the current situation as "ISPs vs. Silicon Valley and the users", where the reality of the situation is "ISPs and Silicon Valley vs. the users" (and there's a recent situation in California where the ISPs teamed up with Silicon Valley to prove that point). It's hard to give the benefit of the doubt to that site at this point.
..and I say this as someone who used to be a big fan of that site. It's disappointing.
The people who make up the tech industry been a huge proponent of regulating all sorts of things at all scales, from individual actions to small businesses to large corporations.
The use of the FB/CA "scandal" to promote knee jerk legislation that burdens the tech industry is just tech being on the receiving end of something they have no qualms about advocating for when it happens to a different industry.
This is a bit like the old adage about noticing how bad news reporting is in areas you're an expert, but then just blindly swallowing all other news. In this case it's regulation rather than news coverage.
Silicon Valley brought this to itself. I used to warn of this before, too, that they can't continue to do "evil stuff" and expect to have people's backing when the governments will come after them to regulate them for whatever reason. But they continued because they saw that nobody leaves them over the crap they pull so they thought there must be no consequences to their anti-consumer moves.
The only downside I see is that governments will use this excuse to bring more censorship and anti-encryption laws, too, and I hate that Silicon Valley companies put is in a position where we have to either put up with their crap or side with governments and get some bad internet laws passed.
But right now, I think it's time to rein in on the Silicon Valley companies over their abuse of user data. Then we can deal with the abuse of user data by ISPs, data brokers, and everyone else. Ideally, this would be solved with a GDPR-like law, so that even ISPs "lose" in this scenario, and the consumers win. If we're lucky we may be able to stave off the government from trying to put an anti-encryption bill into the whole thing.
That's like what the game industry went through in the early 90s. When Mortal Kombat and the like were generating controversy and getting the attention of regulators, the industry proactively created the ESRB.
In that particular instance they had a clear playbook to follow, which was the film industry. I don't know there's quite as direct a parallel between game content and user data sharing / selling as there was between game content and film content.
There's a big difference though. "The video game industry" wasn't really in the business of creating video games that offended cultural norms. It had a subcomponent of that industry that did it, sure, but even that subcomponent would have survived by making different games with regulation.
There is a lot of Silicon Valley right now whose core business is doing the things that are very likely to be regulated out of existence.
So I'd say self-regulation isn't an option at this point, as "self-regulation" is asking Facebook to return to unprofitability with no prospect of profit in the future, the destruction of huge swathes of the ad industry, any number of other companies based around data mining and selling and abusing information asymmetries... there's no way the wolves are going to self-regulate themselves into dogs.
I mean, if people are deterred by regulation from making apps that don't respect people's data and privacy, I'd consider that a win. For far, far too long, the ethos has been to not worry or care about your users; to not protect their privacy, and to just vacuum up all their data so you can sell it. I'll be more than happy to see those days go away.
If you don't regulate you allow bad players to keep doing bad things.
If you do regulate you force bad players to work harder to keep doing bad things.
I understand that regulation has negative side effects and unintended consequences. But truly free markets lead to child labor and depressed worker wages. It's impossible to craft perfect regulations, but it's implausible to assume "everything will just sort itself out if we let the free market be completely free" since that has literally never happened on a broad scale.
The ISPs are in an all out attack on competitors like Facebook/Google/Netflix/others. ISPs bought their way into the market with the ISP privacy protections being removed [1][2] and net neutrality being killed rather than innovating. The privacy protections being removed helped lessen the FCC grip on privacy and helped their case, with legislators not the people, to remove FCC net neutrality protections.
It is obvious everywhere that massive PR pushes are going on and astroturfing to a heavy degree everywhere ISP competitors on the advertising/privacy/data space are.
Instead of innovating their way in with products people want and improving their networks so people pay more, the ISPs are trying to win this via bribing for legislation and mud slinging. They bought their way in with the ISP privacy protections being removed under the FCC to the FTC because they have more leverage there.
It is sad ISPs have resorted to this instead of innovating and creating products people want by improving them rather than trying to slow down competitors via bribing and lobbying.
ISPs were once a beacon of innovation bringing in broadband, now they are in the milking it phase.
Late 90s/early 2000s when there were tons of smaller isps offering a variety of solutions. This was back when operating a CLEC was a viable option before the incumbents found a way to fix that issue.
I really miss these days. Sure the internet speeds were painfully slow, but I knew my ISP. I could go have lunch with them. I could borrow compute resources during slow times.
I think when the cable companies started monopolizing the internet and the web because commercialized, that's when we lost a lot of computing's early "innocence".
I'm sure someone will say I'm romanticizing that period, but darnit, just let me.
For a while, the best and cheapest ISP in Montreal was a beauty products company. They had a shit ton of modems in a back store and a very good admin I guess.
You're aware the ISPs don't generally do any of the research and development of telecommunication equipment? They just put their stamp on modem they rent you. The "ISP innovation" line has always been pure propaganda.
I’d rather have 10 ISPs competing but NOT innovating than one ISP bent on innovating. Innovation, to an ISP, means: ads, data collection, pushing their own content; basically everything except being a dumb pipe that gets bits from elsewhere into my home.
That's a really interesting point. If ISPs reinvested some of their revenue into networking research (or even more applied /R&D work), it would go a long way towards both advancing our field and improving their general reputations.
Networking is not my area of expertise, so it's possible that some do this already. I guess I always assumed that ISPs had research departments whose members would be involved in drafting network-related RFCs and publishing papers, but maybe that's left to Cisco et al.
The interesting thing is that a huge focus appears to be cost-sensitive. As last mile operators, they have relatively low profit-per-customer (compared to a backhaul operator) with which to build each final physical network link.
Hence crazy stuff like "fiber to the box and short-run copper standard to the house".
I find it ironic that two classes of monopolies (ISPs and Big Web) are being discussed here with diametrically opposed recommendations.
For ISPs, the council is that they should be regulated (e.g. net neutrality, data privacy).
For Facebook, Google, et al. the council is that they shouldn't be regulated (e.g. EU GDPR).
I have yet to see a cogent argument justifying that difference. My suspicion is that it ultimately falls down to "ISPs are unpopular, web companies are popular."
When it comes down to it, regulation promoting consumer privacy, price and TOS transparency, and access by new entrants to the market is almost always beneficial... to the consumer.
Because let's not kid ourselves that Facebook or Google are fundamentally different than someone who owns the last mile of your network connectivity.
Their current behavior might be (mostly) benevolent, but the centralization they've engineered means if they want to maximize monetization tomorrow...
To expand on the other user, most of the negative gdpr commentary I've seen here has been that it either doesn't do enough, is confusing or vague, or will further entrench the big guys. None of those are particularly "we shouldn't regulate the big guys", but more of a "I have specific issues with this regulation".
I expect that there would be some similar sentiment if we were discussing a specific piece of isp regulating legislation.
I was kind of surprised. My impression was that there was usually at least one highly voted comment stating (essentially), "Any regulation will harm startups, so there should be no regulation."
Admittedly, there are other, pro viewpoints expressed, but my takeaway is that there's a sizable libertarian contingent which would rather absolutely have freedom in action than freedom in opportunity.
The difference, if you want an honest answer, is that many HN denizens have worked or are currently working for Google or FB, or they hope that their startups will eventually be acquired by one of them. When Comcast gets in the game of providing exits for numerous startups, then we may start to see a shift in HN sentiment.
> I have yet to see a cogent argument justifying that difference. My suspicion is that it ultimately falls down to "ISPs are unpopular, web companies are popular."
To paraphrase a (disputed) John Steinback quote, "HNers see themselves as temporarily embarrassed founders of the next Google or Facebook". There's vicariousness to the support, in addition to those with actual employment links past, present, or future (hopefully).
Given the conversation is regarding the US, the difference is obvious.
Users choose to use Facebook, Google, Apple, Amazon, Microsoft or whichever "Big Web" services they want.
However, many people in US have absolutely zero choice regarding their ISP, because ISPs have monopolies in the regions they serve, there's no competition. It's inherently not a free market.
You can choose to post on Facebook. But you don't choose to be tracked by Facebook or Google - that happens whether you want it or not. I don't think people are as much worried about what they explicitly share as about what information gets collected without their knowledge.
I'd argue the opposite. Users can't not choose to use Facebook.
Even if you have never had a Facebook account, even if you have never touched a smartphone in your entire life, even if you intentionally try to eradicate Facebook from your life -- Facebook still has a profile on you, full of data about you, from other people in your life who do use Facebook.
Facebook isn't Facebook.com. Facebook is basically a modern day Equifax, that just happens to run a few apps on the side.
In general it's near impossible to stop third-parties collecting information about you. I'm by no means advocating such business practices! However, someone can always ask your friends for your phone number or home address; if your friends are stupid enough to give it up. You do however have some degree of control here, choose your friends, and choose what you reveal to them.
However, your ISPs have the capability to control what you see and do, and potentially snoop on your activity, including private information that you'd never reveal to a friend. You can't say "Hey, that's not cool, I'll use a provider that doesn't do that", because in your area such a provider may simply not exist.
I recognize not associating with anyone who uses Facebook is impractical; however ISPs have the potential to do so much more damage than Facebook (even if they're not doing so right now).
I'd argue that the really sneaky play here, and this applies to both network-effect web companies and ISPs, is data.
Which is why ISPs fought privacy provisions so vehemently.
ISPs control the last mile, so they're technically free to use DPI, packet injection, etc.
But web companies control the application layer and have much more finely grained ability to instrument and track users (in their experiences or others').
And I'll lay a bet down right now that the killer app of the future is going to be predictive or ml-enabled experiences. Experiences that simply can't be created without the right data, at scale.
And handing all that to scaled web companies without encouraging disruption via market regulation? That terrifies the hell out of me.
Not mostly because I care about being tracked or my data, but because of what kind of market and world "data winner take all" produces in 10-20 years.
ISPs sell a commodity. I have yet to see a popular commodity supplier - steel companies, oil companies, coal companies, insurance companies, big retail stores... All have been vilified.
Agreed, you might even say ISPs/networks are a utility now, though ISPs seem to not think that.
The difference here is that the ISP utility/commodity is not only a local monopoly with false competition but they are trying to leverage that trusted position to sell you other things and wants to be an ad network with your private data.
Your oil/steel/water company isn't trying to get you to sign up to HBO or some discounted bundle, build an ad network from your data or limiting how much or which way you can use your oil/steel/water.
ISPs could rapidly expand their network and build products people want on top of it leveraging that new capability separate from the ISP on web/mobile/media and compete in the street rather than leveraging their trusted position, but they won't because they are in the bribing/milking it/monopoly laziness phase not the competitive innovative phase.
ISPs resemble those companies that innovated, got top market position then just turned to metrics not continuing to innovate, more like Microsoft around 2006 than Amazon today.
ISPs know they're a commodity, which is why everything they're doing is a struggle to avoid that trap.
I guess I look at ISPs as acting in their own best interest rather than out of malice.
Essentially every initiative they've tried for the last few decades comes straight from HBR [1]. They aren't bad ideas, they're just almost all anti-consumer.
And their options for innovation are limited (as publicly traded companies). The thing we (HN) would like ("faster internet for cheaper") is the most expensive for them to build.
So naturally they gravitate towards VOIP or mobile content, because those things produce better ROI.
The only way we'd get the ISPs we want is if they were prohibited from being anything other than utilities. Although the irony there is that they'd likely find it difficult to access the necessary capital to build super fast networks. (Or in other words, the blood tracking money subsidizes faster internet connections)
> they are trying to leverage that trusted position to sell you other things
Which is what everybody is doing. Doesn't Amazon try to sell you Prime or Amazon Video or Prime Now or Echo or whatever else they have? Doesn't Facebook try to sell you advertising and promotion services? Doesn't Whole Foods, being just bought by Amazon, now try to sell you grocery delivery service by Amazon? Don't thousand of organizations have branded credit cards, branded insurance policies, branded merchandise, etc.?
Cross-sells are as old as commerce itself. I don't see anything evil in that. What's wrong in offering you a deal? If you don't want it, you don't buy it.
> Your oil/steel/water company isn't trying to get you to sign up to HBO or some discounted bundle
Water company regularly sends me insurance solicitations. Gas companies have affiliate networks with all kinds of cross-sells. I don't buy steel beams so no idea what's up there :)
> they won't because they are in the bribing/milking it/monopoly laziness phase not the competitive innovative phase
Wait, so you're complaining about ISPs offering you various "other things" for sale and at the same time you're complaining they are not offering you enough various other things for sale?
BTW, how you easy do you imagine for ISPs to innovate if they'd be tightly regulated on what they can charge, who they can charge and which traffic they can price in which way - based on fixing the current model of doing ISP business?
To innovate, you need to try various things - sometimes crazy things, sometimes wrong things, sometimes wildly unusual and controversial things. But any unusual move by ISP is commonly seen as yet another step in the evil plot of oppressing their customers - how you expect to see innovation in this space with such approach? If every new website would be considered only as a plot to steal your private data and your money - how many e-commerce startups could survive in such an environment? What if the government would crack a whip anytime somebody builds an unusual site or charges customers using a novel pricing scheme?
> I have yet to see a cogent argument justifying that difference. My suspicion is that it ultimately falls down to "ISPs are unpopular, web companies are popular."
A cogent argument: ISPs are your gateway to the internet you can't route around and web/mobile/content companies are built on top and can be routed around.
ISPs could build products people want instead of regulatory capturing their way into the game. ISPs aren't innovating through products, they are lobbying, bribing and legislating their way in. They should go more the direction of Hulu like Comcast did rather than trying to slow down innovation, nothing is stopping ISPs from building web/mobile properties that people want to use rather than fighting against them. ISPs should spend more money on expanding networks not data caps, slow lanes and lobbying to retain their local monopolies. ISPs should get out of the business if they don't want to be neutral networks who protect private data as the steward of your gateway to the network, they want to be content companies and ad/data collectors.
ISPs should basically be focused on what their customers want, like web companies have to do to compete, rather than what the company wants solely. Being local monopolies has gone to their head and they are abusing the position/trust.
Noone but the ISPs wanted their ISP selling their private data, removing neutral network protections, adding data caps, slowing down expansions, adding slow lanes for milking it. Google Fiber is an ISP, they should also be neutral and not selling data. ISPs are the gatway to the network and privacy is important as well as innovations to allow new types of web/mobile/media companies, right now they are trying to limit that.
When ISPs are focused again on being a neutral network that protects your trust and provides competitive speeds with the world, then they will be liked again.
Web companies aren't innocent but they aren't your gateway to the network.
Ultimately, all large companies have turned predatory in the US. We are against bullying but not by large corps apparently.
What is more respectable, innovative products that you want to use or products you are forced to use through authority and mini monopolies? You'll find your answer.
> ISPs are your gateway to the internet you can't route around and web/mobile/content companies are built on top and can be routed around.
We disagree on a core premise then. I contend that at scale, web companies can't be routed around.
At minimum, when I have to run blacklist filters to avoid my third party web traffic ending up logged on Google or Facebook servers, something is wrong.
When the majority of new tech is being acquhired and integrated into existing platforms (e.g. WhatsApp & Google Docs), something is wrong.
Your conclusion sums up my thoughts as well.
> What is more respectable, innovative products that you want to use or products you are forced to use through authority and mini monopolies?
> At minimum, when I have to run blacklist filters to avoid my third party web traffic ending up logged on Google or Facebook servers
But you just admitted you can route around them. Let me know when you route around your ISP.
Your line of thinking is basically the ISP narrative of "Hey web companies are doing lots of bad stuff, why can't we? And why can't we do so without building any product or anything anyone wants?"
ISPs could build or help fund products that protect your data from Facebook/Google etc more easily, and those will pop up independently. But ISPs don't actually want to protect your data, they lobbied to get access to it without innovating or building products, they just want your data not them, it is a dangerous game that could really backfire on them.
Just wait til ISPs want to sell you VPNs... for [insert random marketing benefit like 'security', 'privacy', 'discounts', 'no data cap', 'cheaper' that hides throttling competitors and allows them to install an app on your devices to do whatever they want including scraping, which many people will fall for due to abused instilled trust from their privileged network gateway position they bribed to attain]
No doubt. Extrapolating down the current trajectory, probably dovetailed with law enforcement concerns, there's no way that doesn't happen.
Encryption moots all the additional value they're trying to create.
That's essentially their play with mobile-accessible first party content players. Make it easy / mandate it, and people will happily walk into the walled garden where they can be watched.
Also, if you already use a VPN I'd say you already don't trust your ISP but you want them to have more power?
My evil genius side tells me that ISPs have already been developing VPN clients and probably own many third party ones through shell corps and obscuring/finagling ownership offshore even. In the last few years some have really taken off and gotten lots of funding and advertising and fit this model, I won't name names but I have my conjecture suspicions on a handfuls of them.
Sketchy or poser VPN clients can say they don't keep logs but they can easily transfer it off to the ISPs which they are now LEGALLY allowed to sell off and share.
Because VPN clients are apps installed on devices (mobile/desktop/tablets etc) they can basically do anything to get that data including scraping destinations and content from unencrypted browsers and apps once the handshake is complete and decrypted.
You are thinking naively or aren't thinking predatory or evil enough to think like ISP bullies yet. ISPs didn't bribe and lobby HARD for over a decade removing privacy protections and neutrality of networks just to be blocked by encrypted transmissions.
ISPs have also been very friendly to surveillance overreaches, they probably cut deals for using that data and since there are so few and your gateway it is easy. [1][2].
I'd like to note that I never said ISPs shouldn't be regulated. Simply that modern ISPs and large network-effect web companies share many characteristics, so calling for one to be regulated and the other not (whichever way it goes) seems odd.
As for the specific point, in my threat model ISPs aren't competent or rewarded enough to poison VPN clients.
Comcast may be anti-user, but I don't think it's NSA-capable.
My overarching belief is that there are technical solutions to network adversaries. There are fewer (and sometimes no) technical solutions to application adversaries, when I desire to use the service. (And see my previous comments about some large services approaching unavoidable status)
> As for the specific point, in my threat model ISPs aren't competent or rewarded enough to poison VPN clients.
Your ISP will know popular VPNs and will definitely get in the VPN client/app game.
> Comcast may be anti-user, but I don't think it's NSA-capable. My overarching belief is that there are technical solutions to network adversaries.
You have much more trust for your ISP than most in tech.
> There are fewer (and sometimes no) technical solutions to application adversaries, when I desire to use the service.
You can use or not use the services at the app layer full stop.
Meanwhile your lack of trust for the app layer being market regulated eventhough the the application layer is more easily blocked and competitive seems biased towards ISPs.
Yet you don't seem to mind if ISPs are in reselling your private data that you PAY them to secure, and lobbied to get that additionally entering the VPN game, which they are just not publicly yet.
It is a strange position to take if you are being objective about it, that the network is more easily secured than something that runs on the network. I completely disagree and we'll just have to agree to disagree. ISPs have no reason to earn your trust and they have no competitive threats to keep them honest. There can be a #deletefacebook movement because it is possible, there can't be a #deleteyourisp movement because you simply cannot, that is why they are bullies to the customer.
ISPs will also be the brownshirts that implement the government firewall that is coming due to insane overreach by authority. ISPs can't wait to further their monopolies buddying up to the authority [1]. Definitely not going to be able to route around that one, 'for your safety'.
ISPs want the whole internet to be like hotel wifi.
I find it ironic that two classes of monopolies (ISPs and Big Web) are being discussed here with diametrically opposed recommendations.
Technically, "Big web" would be perhaps a structural oligopoly [1] or you could say the market has monopolistic competition[2]. they're protected by the network effect, they provide unique products that are hard to duplicate. They are not actual monopolies as economists define them (and not really monopolies in the popular understanding either).
But ISPs are straight, government-granted monopolies [3]. Such companies have essentially one incentive, be good at influencing regulators and legislators.
Glibly equating these market structures distorts the situation.
As to why ISPs should be regulated in the name of neutrality and privacy? Well, they already are highly regulated. They are creations of regulation. The public damn well should get something out of that regulation, especially, the regulation is all about ameliorating the abusive situation their (actual, not pseudo) monopoly position invites.
Why should they be regulated? They provide a popular, non-essential product for free. What threat are we protecting the consumer from in the name of this regulation? Consumers are free to visit any competitor site with identical ease of accessibility and competitors have very few barriers to entry (though this trend is slowly changing, e.g. in wireless land where a lack of net-netruality has enabled cell phone providers to harm competition by offering free data-transfer for partnered services like Spotify. A start-up will never be able to compete because their potential customers will pay streaming data fees to use their service or pay nothing to stick with the established incumbent.
> Consumers are free to visit any competitor site with identical ease of accessibility and competitors have very few barriers to entry
I would strongly disagree with this characterization of the market.
From joe_the_user's link [1] on oligopolies, every item under Barriers to Entry: Artificial Barriers applies to large, network-effect web companies.
Google Takeout is probably the guiding light on fighting this, but were Google no longer in a dominant market position I'm not confident it would remain a corporate emphasis.
... Ironically, this same debate (regulating ISP vs edge provider) just came up in Zuckerberg's Senate questioning.
the contention is that they are obviously different in kind, and the difference in kind makes it fairly obvious why we would want regulation for ISPs prima facea, but not content companies like Facebook and Netflix. The government does not protect Netflix's status as a media platform any more than they protect Blockbuster.
ISPs are more akin to power companies, which provide vital infrastructure in virtue of government fiat.
You're using Netflix as a straw man for your argument. Facebook isn't a content company, Netflix is not yet vertically integrated, and it makes less than 1/7th of Facebook's profits.
I've also never stated that ISPs shouldn't be regulated.
In fact, I'd prefer they both be regulated in order to promote open access to the market and more disruption.
So I ask again, why would we not want to regulate structural oligopolies?
"good for the consumer" is sufficient reason for regulating government granted monopolies, within reason. In general it is NOT sufficient justification to regulate a company in the free market. The bar for regulation in general is substantially higher, at least in the United States. There is a bar, of course (environmental regulation preventing dumping waste or emitting carcinogenic fumes, for example) and we will likely spend millions of person hours over the next decade figuring out where it is for large content companies (which Facebook is), but saying "it's good in both cases, therefore we should regulate both types of companies" is not correct (which was your argument).
Which is to say, regulation might be justified in a less free-market oriented country, like France, on equivalent grounds, but there is a substantive moral and legal distinction to be made in the minds of many who enjoy a free market economy.
And no, Netflix is not a straw man. My argument applies just as well to Facebook, StackOverflow, Ebay (which is regulated as a commerce platform), Google, Amazon, etc., as it does to Home Depot, Walmart, etc. etc.
So your contention is that structural oligopolies (or markets with monopolistic competition) should not be regulated?
That's nowhere in my argument. I merely pointed that government grant monopolies pretty much automatically should be regulated since they are virtually extensions of government fiat already ("we" give Comcast etc a monopoly on placement on phone poles and similar stuff, we should get something for that) and that this situation isn't comparable to monopolistic competition.
If you're curious, I think actual private companies should be regulated when their actions involve negative externalities [1] in their production process - chemical companies should not be able to dump toxins into rivers, broadly greenhouse gases should be limited, etc.
One might argue that Facebook selling people's data to the highest bidder is another kind of negative externality. I would argue that a better outcome is consumer education, gradually people learn whatever they post online has a significant risk of being public. Similarly, it's better for people to learn not to be manipulated by simple schemes than to imagine a firewall against the manipulations of evil people. Just consider that a firewall against manipulations of evil people would let in the manipulation of "good people", right? Perhaps that's the whole idea.
> we" give Comcast etc a monopoly on placement on phone poles and similar stuff, we should get something for that) and that this situation isn't comparable to monopolistic competition.
Comcast doesn’t have a monopoly on placing things on utility poles. Poles are mostly owned by power companies or the local phone company, and those entities are required to lease pole space to everyone at non-discriminatory rates.
> But ISPs are straight, government-granted monopolies [3]. Such companies have essentially one incentive, be good at influencing regulators and legislators.
Except they aren’t and haven’t been since the 1994 cable act made granting monopoly franchises illegal.
So long as you acknowledge that's an intuitive opinion on your part, sure.
I'd be perfectly happy to see regulation around Facebook and Google's use of data they've ALREADY COLLECTED under agreement.
An ISP is looking to manipulate willy-nilly (that is, in whichever direction the financial outlook looks best from their perspective). This is more concerning to me for what should be obvious reason.
I don't have a Facebook, and don't use Google except for email and occasionally.
ISPs action impact all users. Facebook and Google mostly impacts the idiots that signed up with them.
> I have yet to see a cogent argument justifying that difference. My suspicion is that it ultimately falls down to "ISPs are unpopular, web companies are popular."
The natural, physical costs to creating an ISP creates a ready parallel to other, established natural monopolies. Electrical and water suppliers spring readily to mind.
Big Web companies do not have the same natural barriers to entry, which suggests that other models may be available.
"Net neutrality" is a line in the sand, not a goal. Actual net neutrality would make their ToS clauses regarding webservers on consumer connections, invalid. IF they did allow this, people could have better choices to route around Google, Amazon, etc. Business class connections can be advertised where not available within a certain mileage of service. This harms the middle classes' ability to offset costs using assets by restricting business models that distribute compute power such as European companies that use compute to heat water. Fears of malicious activity and spam are already covered under other laws such as the can spam act and CFAA.
-- The ISPs created their own problems --
A webserver can exist without a public good but not publicly without the ISP. The ISPs require many layers of PUBLIC easements and PUBLIC airwaves. Both use water and electricity. Electricity in 1931-1934 was spoken of in a similar way, notably by Hoover(Against). The ISP is a foundation, the requested server is the roof. Satellite ISPs harm the rights of landlords with an FTC exemption for sat dishes https://www.fcc.gov/consumers/guides/installing-consumer-own... .
ISPs propagated due to https://en.wikipedia.org/wiki/Carterfone , yet now setup cable modems in a similar way. In 1996 people warned about this after the ISPs abused the NSF as a tier 1 network, never paying their bills. Then around 2000, Lessig released "The End of End to End" and everyone crapped on him and the ISPs said that would never happen. It did.
The point is that in terms of timeframe, scope of utilized public resources, and tiers of broken promises... they aren't comparable but both should be regulated for different reasons. An ISP fighting muni broadband is horrible and Google pretending to be a newspaper is also horrible. These however are not the same things or even the same layer of things.
I think most people are fine with the GDPR applying to large companies.
The biggest contention with the GDPR is it applying to small companies, because the amount of work to comply with it costs a lot. And the penalties being scaled in a way that only makes sense to large tech companies.
TBH, small under 10 engineer companies are are rarely privacy threats. And Sue's maid service who uses excel spreadsheets to track their business is not a privacy risk either.
No, I am not fine with this. I don't care if a company has 10 engineers or 50 (hi WhatsApp) or 10,000. The number of engineers has no relation to how many users are exposed to privacy risk.
After all, one single developer can make a popular app that reaches millions. (If you want an example, the Muslim Pro app has over 40 million downloads and is made by a team of less than 5).
IF there is a war between ISPs and social networks maybe we get some benefits like the practices of ISPs and social networks getting more public for the regular person.
And to worsen the legal system doesn't come to rescue. Infact they joined hand with business and created a bible size EULA with legal jargon, which end-user have to accept and move forward.
This article feels so slanted it's unreadable. Conceding that Facebook and Google probably actually do need to be regulated happens near the very bottom of the article; until then you'd be forgiven for thinking that the ISPs made all their concerns about those companies up.
115 comments
[ 2.9 ms ] story [ 158 ms ] threadI need the protection. We don't need to go and start creating huge regulatory bodies around various industries, pitting one against the other. Make it so my information can't be captured -- or it can't be shared. Or make it so that keeping any information of mine past 30 days is a felony.
Then no matter who the businesses are, people can sue them and owners can go to jail.
Instead of trying to figure out exactly where the tech is right now, and how things might change? Bullshit. Protect me. With enough protections, the rest of it will work itself out.
Having said that, try to avoid phrases like, “the rest will work itself out,” which will turn off virtuallly everyone who doesn’t think exactly like you. Remember that this is now an issue the public at large is very interested in, and shape your words for public consumption.
Anyhow, I do agree we should be protecting peoples right to privacy and unfettered access to the internet.
The enemy of getting this fixed is complexity. Once we start targeting individual companies, types of internet connections, or hardware devices? We've lost. It's all over.
It's not these things don't need fixing, it's that we have about ten words or so to put into a slogan. That slogan needs to be repeated over and over again. I am a firm believer in Net Neutrality -- but that's not the right slogan to march under. If we get Net Neutrality and everything else stays the same, it's a complete loss.
By shifting the focus to each user, we can talk more directly about benefits. And by making penalties perhaps draconian, we can leave the management of the complexities to the vendors, where it belongs, instead of the public debate, where the lawyers win.
Privacy and anonymity are much bigger fish to fry than whether YouTube costs more than Instagram. If we could come up with a simple slogan to cover both of them, sign me up. Otherwise? We gotta stop everybody from putting telemetry on every detail of our lives.
Before the 60s in the U.S., there was pervasive and deeply-held racism, but most people didn't see it, even those who wanted to be morally superior to everybody else. (See the movie "The Help"). Many times I think of what that issue is for us. What will we look back on in 50 years as being barbaric and evil? What is our current equivalent to the Civil Rights campaigns?
It's storing tracking data about the minute parts of people's lives. We will either morally overcome this or we will enter a new Dark Ages. There's no middle ground. Here. Here is the moral battle.
ISPs don't need to collect our data to provide service, yet they do. Content providers don't need to track us, yet they do. They both need to be addressed, or as you say, "we've lost." So, Privacy Now! Or some better clarion call.
https://arstechnica.com/tech-policy/2017/10/verizon-asks-fcc...
https://arstechnica.com/tech-policy/2017/04/trumps-signature...
* The US isn't immune at all to regulatory capture [0]
* It's highly likely there are already existing regulations and laws that cover this but merely aren't being enforced (in which case, why would these new regulations be enforced either?)
* ISPs undoubtedly have a huge conflict of interest here
Which isn't to say that new laws are always a bad idea, more that they should be a measured response and not a knee-jerk reaction spawned by bad actors.
It's also far easier to point out badly crafted and/or ill-intentioned law proposals than it is to create effective and fair legislation, but both are necessary for the process to move forward.
That is, I think many people would agree with you (one need only read the comments on any of the threads about Equifax), but think this is basically an untenable place to start from.
0: https://en.wikipedia.org/wiki/Regulatory_capture#United_Stat...
The fact that FB can't give a straight answer, and it has to be dragged out with revelations of increasing scale, is a big part of why public sentiment favors more external regulation.
I guess I'd disagree with that. Many environmental regulations are highly defensible, for example, especially when they arise in light of new evidence.
I could also be wrong, but I don't believe most environmental regulations are proposed by powerful, monopolistic competitors of oil companies (which is a big part of what makes this proposed regulation untenable).
> Self-regulation is only a solution if the industry at large addresses the concerns early and acts in good faith
I don't think anyone's really proposing this as an alternative. The point's more that repealing a bad law is significantly harder than creating it in the first place, so it makes sense to be diligent.
Similarly in tech, many of the people arguing against regulations are economically incentivized to minimize the regulations. FB knew exactly what they were doing, third party developers at the time sounded the alarm [1] about how FB's API structure guaranteed that abuse would happen. What we're seeing now is the digital equivalent of BP Deepwater, where people warned about the safety before the incident and no one cared.
[1] https://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-...
I don't think that makes those regulations un-defensible. It just means there are tradeoffs.
Maybe we're just disagreeing about what the word "defensible" means in this context.
> Similarly in tech, many of the people arguing against regulations are economically incentivized to minimize the regulations
Except in this particular instance, the people arguing FOR regulations are economically incentivized to maximize the regulations. That's what makes this particular proposal untenable.
Outside of the renewable energy industry, the people pushing for environmental regulations don't have much economic incentive to do so (other than some very trivial ones, like that the economy will suffer if the planet declines).
Legislation not passed by a suitably large majority should automatically come with a 10yr sunset provision.
<User> connected to <IP> and transferred <this much data> at <date/time> just isn't that valuable compared to the highly detailed usage and interaction data gathered by GA and similar services. Even if you ignore the DNS point and add "<User> looked up <hostname>" to the above, it still doesn't come close to what GA/etc are able to collect.
Edit: Why the downvotes? Isn't this supposed to be a site full of technically skilled people (many of whom work in "ad tech") who should know that what I said is accurate? Would any of the downvoters care to explain themselves instead of using downvotes as an "I don't like this post" button? This site is starting to feel more and more like Reddit.
You've also chosen one very specific part of my post and used it to attempt to claim the entire post doesn't make sense. What about the rest? Even if you ignore the entire DNS-related portion of my post, there's no way you can claim that ISPs are able to access anywhere near as much data as GA/etc when users are mostly accessing encrypted sites.
The ISPs are already playing a dangerous game. Unlike their buddies at the FCC, congress is elected, and with enough popular pressure (and midterms coming up), they can be persuaded to do the right thing.
It's worth raising a question -- do the executives at AT&T/Comcast/Mediacom/Verizon really think that the public is on their side?
The "ISPs are bad, therefore Silicon Valley should be allowed to continue running roughshod over users' privacy" narrative is really idiotic. It tries to present this as a situation where we have a choice of either regulating ISPs, or regulating privacy-invading Silicon Valley surveillance corporations, but not both.
Edit: I just read the full article, and yes maybe my assumption wasn't charitable. That said, I had just got done reading this article where Mike Masnick encourages us to continue giving the benefit of the doubt to someone who has repeatedly violated trust for more than a decade, which left me assuming it would just be more of the same.
https://www.techdirt.com/articles/20180408/22400539590/faceb...
Maybe read the article next time and not make such a low-effort comment.
..and I say this as someone who used to be a big fan of that site. It's disappointing.
The use of the FB/CA "scandal" to promote knee jerk legislation that burdens the tech industry is just tech being on the receiving end of something they have no qualms about advocating for when it happens to a different industry.
The only downside I see is that governments will use this excuse to bring more censorship and anti-encryption laws, too, and I hate that Silicon Valley companies put is in a position where we have to either put up with their crap or side with governments and get some bad internet laws passed.
But right now, I think it's time to rein in on the Silicon Valley companies over their abuse of user data. Then we can deal with the abuse of user data by ISPs, data brokers, and everyone else. Ideally, this would be solved with a GDPR-like law, so that even ISPs "lose" in this scenario, and the consumers win. If we're lucky we may be able to stave off the government from trying to put an anti-encryption bill into the whole thing.
There is a lot of Silicon Valley right now whose core business is doing the things that are very likely to be regulated out of existence.
So I'd say self-regulation isn't an option at this point, as "self-regulation" is asking Facebook to return to unprofitability with no prospect of profit in the future, the destruction of huge swathes of the ad industry, any number of other companies based around data mining and selling and abusing information asymmetries... there's no way the wolves are going to self-regulate themselves into dogs.
I am not afraid of regulation but its an annoying burden to keep big players big, and small players non-existent.
Most people do not have the money or motivation I have, and those people lose out because of regulations.
Never let a good tragedy go to waste.
If you do regulate you force bad players to work harder to keep doing bad things.
I understand that regulation has negative side effects and unintended consequences. But truly free markets lead to child labor and depressed worker wages. It's impossible to craft perfect regulations, but it's implausible to assume "everything will just sort itself out if we let the free market be completely free" since that has literally never happened on a broad scale.
It is obvious everywhere that massive PR pushes are going on and astroturfing to a heavy degree everywhere ISP competitors on the advertising/privacy/data space are.
Instead of innovating their way in with products people want and improving their networks so people pay more, the ISPs are trying to win this via bribing for legislation and mud slinging. They bought their way in with the ISP privacy protections being removed under the FCC to the FTC because they have more leverage there.
It is sad ISPs have resorted to this instead of innovating and creating products people want by improving them rather than trying to slow down competitors via bribing and lobbying.
ISPs were once a beacon of innovation bringing in broadband, now they are in the milking it phase.
[1] https://eff.org/deeplinks/2017/03/five-creepy-things-your-is...
[2] https://www.flake.senate.gov/public/index.cfm/2017/3/op-ed-f...
I don't remember this time period. Any examples?
I think when the cable companies started monopolizing the internet and the web because commercialized, that's when we lost a lot of computing's early "innocence".
I'm sure someone will say I'm romanticizing that period, but darnit, just let me.
ISPs are actively holding back on innovation / expansion and that causes less innovation in the US competitively.
> FCC report finds almost no broadband competition at 100Mbps speeds [1][2].
> Even at 25Mbps, 43 percent of the US had zero ISPs or just one [1][2].
[1] https://arstechnica.com/information-technology/2018/02/fcc-r...
[2] https://transition.fcc.gov/Daily_Releases/Daily_Business/201...
And TV, and Print.
Facebook/Google could have had their cake and eat it too.
It all can be tied back to when they decided to go all-in with Hillary and got the lefty content auditors.
Networking is not my area of expertise, so it's possible that some do this already. I guess I always assumed that ISPs had research departments whose members would be involved in drafting network-related RFCs and publishing papers, but maybe that's left to Cisco et al.
The interesting thing is that a huge focus appears to be cost-sensitive. As last mile operators, they have relatively low profit-per-customer (compared to a backhaul operator) with which to build each final physical network link.
Hence crazy stuff like "fiber to the box and short-run copper standard to the house".
https://en.m.wikipedia.org/wiki/CableLabs
https://www.cablelabs.com/about-cablelabs/member-companies/
For ISPs, the council is that they should be regulated (e.g. net neutrality, data privacy).
For Facebook, Google, et al. the council is that they shouldn't be regulated (e.g. EU GDPR).
I have yet to see a cogent argument justifying that difference. My suspicion is that it ultimately falls down to "ISPs are unpopular, web companies are popular."
When it comes down to it, regulation promoting consumer privacy, price and TOS transparency, and access by new entrants to the market is almost always beneficial... to the consumer.
Because let's not kid ourselves that Facebook or Google are fundamentally different than someone who owns the last mile of your network connectivity.
Their current behavior might be (mostly) benevolent, but the centralization they've engineered means if they want to maximize monetization tomorrow...
GDPR is regulation, so I'm not sure what you're getting at here.
I expect that there would be some similar sentiment if we were discussing a specific piece of isp regulating legislation.
Admittedly, there are other, pro viewpoints expressed, but my takeaway is that there's a sizable libertarian contingent which would rather absolutely have freedom in action than freedom in opportunity.
Which seems... short-sighted.
You're asking questions like you're writing headlines for a clickbait rag.
To paraphrase a (disputed) John Steinback quote, "HNers see themselves as temporarily embarrassed founders of the next Google or Facebook". There's vicariousness to the support, in addition to those with actual employment links past, present, or future (hopefully).
Users choose to use Facebook, Google, Apple, Amazon, Microsoft or whichever "Big Web" services they want.
However, many people in US have absolutely zero choice regarding their ISP, because ISPs have monopolies in the regions they serve, there's no competition. It's inherently not a free market.
I'd argue the opposite. Users can't not choose to use Facebook.
Even if you have never had a Facebook account, even if you have never touched a smartphone in your entire life, even if you intentionally try to eradicate Facebook from your life -- Facebook still has a profile on you, full of data about you, from other people in your life who do use Facebook.
Facebook isn't Facebook.com. Facebook is basically a modern day Equifax, that just happens to run a few apps on the side.
However, your ISPs have the capability to control what you see and do, and potentially snoop on your activity, including private information that you'd never reveal to a friend. You can't say "Hey, that's not cool, I'll use a provider that doesn't do that", because in your area such a provider may simply not exist.
I recognize not associating with anyone who uses Facebook is impractical; however ISPs have the potential to do so much more damage than Facebook (even if they're not doing so right now).
Which is why ISPs fought privacy provisions so vehemently.
ISPs control the last mile, so they're technically free to use DPI, packet injection, etc.
But web companies control the application layer and have much more finely grained ability to instrument and track users (in their experiences or others').
And I'll lay a bet down right now that the killer app of the future is going to be predictive or ml-enabled experiences. Experiences that simply can't be created without the right data, at scale.
And handing all that to scaled web companies without encouraging disruption via market regulation? That terrifies the hell out of me.
Not mostly because I care about being tracked or my data, but because of what kind of market and world "data winner take all" produces in 10-20 years.
Agreed, you might even say ISPs/networks are a utility now, though ISPs seem to not think that.
The difference here is that the ISP utility/commodity is not only a local monopoly with false competition but they are trying to leverage that trusted position to sell you other things and wants to be an ad network with your private data.
Your oil/steel/water company isn't trying to get you to sign up to HBO or some discounted bundle, build an ad network from your data or limiting how much or which way you can use your oil/steel/water.
ISPs could rapidly expand their network and build products people want on top of it leveraging that new capability separate from the ISP on web/mobile/media and compete in the street rather than leveraging their trusted position, but they won't because they are in the bribing/milking it/monopoly laziness phase not the competitive innovative phase.
ISPs resemble those companies that innovated, got top market position then just turned to metrics not continuing to innovate, more like Microsoft around 2006 than Amazon today.
I guess I look at ISPs as acting in their own best interest rather than out of malice.
Essentially every initiative they've tried for the last few decades comes straight from HBR [1]. They aren't bad ideas, they're just almost all anti-consumer.
And their options for innovation are limited (as publicly traded companies). The thing we (HN) would like ("faster internet for cheaper") is the most expensive for them to build.
So naturally they gravitate towards VOIP or mobile content, because those things produce better ROI.
The only way we'd get the ISPs we want is if they were prohibited from being anything other than utilities. Although the irony there is that they'd likely find it difficult to access the necessary capital to build super fast networks. (Or in other words, the blood tracking money subsidizes faster internet connections)
[1] https://hbr.org/2007/12/how-to-avoid-the-commodity-tra
Which is what everybody is doing. Doesn't Amazon try to sell you Prime or Amazon Video or Prime Now or Echo or whatever else they have? Doesn't Facebook try to sell you advertising and promotion services? Doesn't Whole Foods, being just bought by Amazon, now try to sell you grocery delivery service by Amazon? Don't thousand of organizations have branded credit cards, branded insurance policies, branded merchandise, etc.?
Cross-sells are as old as commerce itself. I don't see anything evil in that. What's wrong in offering you a deal? If you don't want it, you don't buy it.
> Your oil/steel/water company isn't trying to get you to sign up to HBO or some discounted bundle
Water company regularly sends me insurance solicitations. Gas companies have affiliate networks with all kinds of cross-sells. I don't buy steel beams so no idea what's up there :)
> they won't because they are in the bribing/milking it/monopoly laziness phase not the competitive innovative phase
Wait, so you're complaining about ISPs offering you various "other things" for sale and at the same time you're complaining they are not offering you enough various other things for sale?
BTW, how you easy do you imagine for ISPs to innovate if they'd be tightly regulated on what they can charge, who they can charge and which traffic they can price in which way - based on fixing the current model of doing ISP business?
To innovate, you need to try various things - sometimes crazy things, sometimes wrong things, sometimes wildly unusual and controversial things. But any unusual move by ISP is commonly seen as yet another step in the evil plot of oppressing their customers - how you expect to see innovation in this space with such approach? If every new website would be considered only as a plot to steal your private data and your money - how many e-commerce startups could survive in such an environment? What if the government would crack a whip anytime somebody builds an unusual site or charges customers using a novel pricing scheme?
A cogent argument: ISPs are your gateway to the internet you can't route around and web/mobile/content companies are built on top and can be routed around.
ISPs could build products people want instead of regulatory capturing their way into the game. ISPs aren't innovating through products, they are lobbying, bribing and legislating their way in. They should go more the direction of Hulu like Comcast did rather than trying to slow down innovation, nothing is stopping ISPs from building web/mobile properties that people want to use rather than fighting against them. ISPs should spend more money on expanding networks not data caps, slow lanes and lobbying to retain their local monopolies. ISPs should get out of the business if they don't want to be neutral networks who protect private data as the steward of your gateway to the network, they want to be content companies and ad/data collectors.
ISPs should basically be focused on what their customers want, like web companies have to do to compete, rather than what the company wants solely. Being local monopolies has gone to their head and they are abusing the position/trust.
Noone but the ISPs wanted their ISP selling their private data, removing neutral network protections, adding data caps, slowing down expansions, adding slow lanes for milking it. Google Fiber is an ISP, they should also be neutral and not selling data. ISPs are the gatway to the network and privacy is important as well as innovations to allow new types of web/mobile/media companies, right now they are trying to limit that.
When ISPs are focused again on being a neutral network that protects your trust and provides competitive speeds with the world, then they will be liked again.
Web companies aren't innocent but they aren't your gateway to the network.
Ultimately, all large companies have turned predatory in the US. We are against bullying but not by large corps apparently.
What is more respectable, innovative products that you want to use or products you are forced to use through authority and mini monopolies? You'll find your answer.
We disagree on a core premise then. I contend that at scale, web companies can't be routed around.
At minimum, when I have to run blacklist filters to avoid my third party web traffic ending up logged on Google or Facebook servers, something is wrong.
When the majority of new tech is being acquhired and integrated into existing platforms (e.g. WhatsApp & Google Docs), something is wrong.
Your conclusion sums up my thoughts as well.
> What is more respectable, innovative products that you want to use or products you are forced to use through authority and mini monopolies?
But you just admitted you can route around them. Let me know when you route around your ISP.
Your line of thinking is basically the ISP narrative of "Hey web companies are doing lots of bad stuff, why can't we? And why can't we do so without building any product or anything anyone wants?"
ISPs could build or help fund products that protect your data from Facebook/Google etc more easily, and those will pop up independently. But ISPs don't actually want to protect your data, they lobbied to get access to it without innovating or building products, they just want your data not them, it is a dangerous game that could really backfire on them.
Right now?
I can VPN to Switzerland. And I can use a TLS encrypted channel to most of the Internet.
Until ISPs start banning / slow laning encryption or mandating ISP-controlled computers, hostile network links are a solved problem.
Encryption moots all the additional value they're trying to create.
That's essentially their play with mobile-accessible first party content players. Make it easy / mandate it, and people will happily walk into the walled garden where they can be watched.
My evil genius side tells me that ISPs have already been developing VPN clients and probably own many third party ones through shell corps and obscuring/finagling ownership offshore even. In the last few years some have really taken off and gotten lots of funding and advertising and fit this model, I won't name names but I have my conjecture suspicions on a handfuls of them.
Sketchy or poser VPN clients can say they don't keep logs but they can easily transfer it off to the ISPs which they are now LEGALLY allowed to sell off and share.
Because VPN clients are apps installed on devices (mobile/desktop/tablets etc) they can basically do anything to get that data including scraping destinations and content from unencrypted browsers and apps once the handshake is complete and decrypted.
You are thinking naively or aren't thinking predatory or evil enough to think like ISP bullies yet. ISPs didn't bribe and lobby HARD for over a decade removing privacy protections and neutrality of networks just to be blocked by encrypted transmissions.
ISPs have also been very friendly to surveillance overreaches, they probably cut deals for using that data and since there are so few and your gateway it is easy. [1][2].
[1] https://en.wikipedia.org/wiki/Room_641A
[2] https://www.wired.com/2013/06/nsa-whistleblower-klein/
As for the specific point, in my threat model ISPs aren't competent or rewarded enough to poison VPN clients.
Comcast may be anti-user, but I don't think it's NSA-capable.
My overarching belief is that there are technical solutions to network adversaries. There are fewer (and sometimes no) technical solutions to application adversaries, when I desire to use the service. (And see my previous comments about some large services approaching unavoidable status)
Your ISP will know popular VPNs and will definitely get in the VPN client/app game.
> Comcast may be anti-user, but I don't think it's NSA-capable. My overarching belief is that there are technical solutions to network adversaries.
You have much more trust for your ISP than most in tech.
> There are fewer (and sometimes no) technical solutions to application adversaries, when I desire to use the service.
You can use or not use the services at the app layer full stop.
Meanwhile your lack of trust for the app layer being market regulated eventhough the the application layer is more easily blocked and competitive seems biased towards ISPs.
Yet you don't seem to mind if ISPs are in reselling your private data that you PAY them to secure, and lobbied to get that additionally entering the VPN game, which they are just not publicly yet.
It is a strange position to take if you are being objective about it, that the network is more easily secured than something that runs on the network. I completely disagree and we'll just have to agree to disagree. ISPs have no reason to earn your trust and they have no competitive threats to keep them honest. There can be a #deletefacebook movement because it is possible, there can't be a #deleteyourisp movement because you simply cannot, that is why they are bullies to the customer.
ISPs will also be the brownshirts that implement the government firewall that is coming due to insane overreach by authority. ISPs can't wait to further their monopolies buddying up to the authority [1]. Definitely not going to be able to route around that one, 'for your safety'.
ISPs want the whole internet to be like hotel wifi.
[1] https://www.wired.com/2017/04/internet-censorship-is-advanci...
Technically, "Big web" would be perhaps a structural oligopoly [1] or you could say the market has monopolistic competition[2]. they're protected by the network effect, they provide unique products that are hard to duplicate. They are not actual monopolies as economists define them (and not really monopolies in the popular understanding either).
But ISPs are straight, government-granted monopolies [3]. Such companies have essentially one incentive, be good at influencing regulators and legislators.
Glibly equating these market structures distorts the situation.
As to why ISPs should be regulated in the name of neutrality and privacy? Well, they already are highly regulated. They are creations of regulation. The public damn well should get something out of that regulation, especially, the regulation is all about ameliorating the abusive situation their (actual, not pseudo) monopoly position invites.
[1] http://www.economicsonline.co.uk/Business_economics/Oligopol... [2] https://en.wikipedia.org/wiki/Monopolistic_competition [3] https://en.wikipedia.org/wiki/Government-granted_monopoly
I'd be curious to know why.
I would strongly disagree with this characterization of the market.
From joe_the_user's link [1] on oligopolies, every item under Barriers to Entry: Artificial Barriers applies to large, network-effect web companies.
Google Takeout is probably the guiding light on fighting this, but were Google no longer in a dominant market position I'm not confident it would remain a corporate emphasis.
... Ironically, this same debate (regulating ISP vs edge provider) just came up in Zuckerberg's Senate questioning.
ISPs are more akin to power companies, which provide vital infrastructure in virtue of government fiat.
I've also never stated that ISPs shouldn't be regulated.
In fact, I'd prefer they both be regulated in order to promote open access to the market and more disruption.
So I ask again, why would we not want to regulate structural oligopolies?
Which is to say, regulation might be justified in a less free-market oriented country, like France, on equivalent grounds, but there is a substantive moral and legal distinction to be made in the minds of many who enjoy a free market economy.
And no, Netflix is not a straw man. My argument applies just as well to Facebook, StackOverflow, Ebay (which is regulated as a commerce platform), Google, Amazon, etc., as it does to Home Depot, Walmart, etc. etc.
We default in these cases to not regulating.
That's nowhere in my argument. I merely pointed that government grant monopolies pretty much automatically should be regulated since they are virtually extensions of government fiat already ("we" give Comcast etc a monopoly on placement on phone poles and similar stuff, we should get something for that) and that this situation isn't comparable to monopolistic competition.
If you're curious, I think actual private companies should be regulated when their actions involve negative externalities [1] in their production process - chemical companies should not be able to dump toxins into rivers, broadly greenhouse gases should be limited, etc.
One might argue that Facebook selling people's data to the highest bidder is another kind of negative externality. I would argue that a better outcome is consumer education, gradually people learn whatever they post online has a significant risk of being public. Similarly, it's better for people to learn not to be manipulated by simple schemes than to imagine a firewall against the manipulations of evil people. Just consider that a firewall against manipulations of evil people would let in the manipulation of "good people", right? Perhaps that's the whole idea.
[1] https://en.wikipedia.org/wiki/Externality
Comcast doesn’t have a monopoly on placing things on utility poles. Poles are mostly owned by power companies or the local phone company, and those entities are required to lease pole space to everyone at non-discriminatory rates.
Except they aren’t and haven’t been since the 1994 cable act made granting monopoly franchises illegal.
I'd be perfectly happy to see regulation around Facebook and Google's use of data they've ALREADY COLLECTED under agreement.
An ISP is looking to manipulate willy-nilly (that is, in whichever direction the financial outlook looks best from their perspective). This is more concerning to me for what should be obvious reason.
I don't have a Facebook, and don't use Google except for email and occasionally.
ISPs action impact all users. Facebook and Google mostly impacts the idiots that signed up with them.
The natural, physical costs to creating an ISP creates a ready parallel to other, established natural monopolies. Electrical and water suppliers spring readily to mind.
Big Web companies do not have the same natural barriers to entry, which suggests that other models may be available.
"Net neutrality" is a line in the sand, not a goal. Actual net neutrality would make their ToS clauses regarding webservers on consumer connections, invalid. IF they did allow this, people could have better choices to route around Google, Amazon, etc. Business class connections can be advertised where not available within a certain mileage of service. This harms the middle classes' ability to offset costs using assets by restricting business models that distribute compute power such as European companies that use compute to heat water. Fears of malicious activity and spam are already covered under other laws such as the can spam act and CFAA.
-- The ISPs created their own problems --
A webserver can exist without a public good but not publicly without the ISP. The ISPs require many layers of PUBLIC easements and PUBLIC airwaves. Both use water and electricity. Electricity in 1931-1934 was spoken of in a similar way, notably by Hoover(Against). The ISP is a foundation, the requested server is the roof. Satellite ISPs harm the rights of landlords with an FTC exemption for sat dishes https://www.fcc.gov/consumers/guides/installing-consumer-own... .
ISPs propagated due to https://en.wikipedia.org/wiki/Carterfone , yet now setup cable modems in a similar way. In 1996 people warned about this after the ISPs abused the NSF as a tier 1 network, never paying their bills. Then around 2000, Lessig released "The End of End to End" and everyone crapped on him and the ISPs said that would never happen. It did.
The point is that in terms of timeframe, scope of utilized public resources, and tiers of broken promises... they aren't comparable but both should be regulated for different reasons. An ISP fighting muni broadband is horrible and Google pretending to be a newspaper is also horrible. These however are not the same things or even the same layer of things.
The biggest contention with the GDPR is it applying to small companies, because the amount of work to comply with it costs a lot. And the penalties being scaled in a way that only makes sense to large tech companies.
TBH, small under 10 engineer companies are are rarely privacy threats. And Sue's maid service who uses excel spreadsheets to track their business is not a privacy risk either.
After all, one single developer can make a popular app that reaches millions. (If you want an example, the Muslim Pro app has over 40 million downloads and is made by a team of less than 5).
Possibly google fb et all ought to start lobbying for LLU and for full competion in the local loop.
They deserve crappy new laws.
I support people's privacy - from all-of-the-above.
https://news.ycombinator.com/newsguidelines.html