Does Your ISP Care About Protecting Your Privacy?
from the seems-like-a-marketing-opportunity dept
We recently wrote about how Swedish ISP Bahnhof had announced plans to use a VPN to encrypt all traffic running over its network, thus making any log files it was required to store under data retention rules useless. Slashdot points us to the news that ISP Review, over in the UK, has asked a bunch of UK ISPs their thoughts on encrypting all traffic, and questioning whether they would do the same to protect user privacy.The answers are pretty interesting. None of them seem interested going as far as VPNing all traffic, with some suggesting that it's just too expensive. One ISP, AAISP, says that there's a better solution than VPN, which is to just switch to a carrier grade NAT, for which there are no requirements to log those sessions. IDNet suggested that it might consider making such a service "opt-in," since some people might want it, but it creates other downsides that not all customers appreciate. The one response that struck me as questionable was from Entanet, who seemed to indicate that the only reason to encrypt traffic was if you were doing something wrong:
As a responsible communications provider, we don't advocate any steps to proactively create the ability to avoid the identification of parties who are deliberately committing acts of data piracy.The focus is not to "avoid identification" of people involved in "piracy," but to provide privacy in general. Given just how many examples we've seen of governments spying on users' data habits with very little legitimate purpose, it seems like an ISP that actually protects its users privacy should be seen as a good thing.
It makes me wonder if we'll start to see more ISPs like Bahnhof pop up, with a focus on promoting the fact that they protect your privacy. In an age when so many people flipped out about Google's WiFi sniffing, you would think that these same people would celebrate ISPs that automatically encrypt traffic, as that would solve such problems. Yet, instead, it seems like the very same people are suggesting that such encryption is only for bad purposes.
Of course, here in the US, there are almost no choices among ISPs, and the ones that are available all have strong and close relationships with the government (hi, AT&T!), so it's not like they have any interest in protecting customer privacy. Though, this also explains why there's nothing serious in any US-based broadband plan around increasing competition. If there were real competition, perhaps some providers would look at better ways to protect user privacy. So, as long as the government can keep competition limited to a few entities who rely on the government, the government knows it can always get the info it wants, no matter how dubious the legal rationale.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data retention, digital economy act, encryption, ipred, privacy, vpns
Reader Comments
Subscribe: RSS
View by: Time | Thread
There is plenty of tap dancing around the issue here, but for the most part the people who want encryption or other methods to hide themselves online aren't doing it to protect their personal info, but to allow themselves to continue to do questionable or illegal things online. They want to think that they can continue to be absolutely anonymous, that they can break the law with impunity. It just isn't going to happen.
Can you really suggest some reasons why people would want a VPN or encrypted service for normal web use? Don't say personal privacy, as too many of them spew their guts all over facebook, twitter, and the like.
[ link to this | view in thread ]
and some people do not give full personal info with the sites you have said, simply because they are scared of people intruding their personal liberty and property much so, privacy yeah...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
It is also pretty darn ironic that you posted anonymously. Put your money where your mouth is and post your home address, email, and phone number.
[ link to this | view in thread ]
Then you have people who want to work from home. If they don't work in a company that runs their own VPN, sensitive data is going over the wire that can put businesses at risk.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Why are you hiding your real name? What've you got to hide?
By your own logic, you must be breaking the law.
I, on the other hand, like privacy.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
A VPN could keep trade secrets secret. Suppose you're a beta tester for Microsoft. MSFT might want you to download the beta of Windows 2012 via a VPN to keep those Dirty Pirates away from it.
If you're a CEO, and you're keeping costs low by outsourcing IT or other "knowledge work", you want a VPN in place to protect your invaluable Intellectual Property from pirates and competitors. In fact, you may have a duty to do this so that shareholder's value doesn't decrease.
I certainly want to do on-line banking via encryption. Putting all that stuff in plain text is madness. That goes for dealing with credit card companies via TCP/IP, too. Now that I think about it, if I traded on the stock market, I'd want all that info encrypted as well.
How about dealing with pharmacies? Do you want everyone to know you take Xanax or Prozac? Or that you're undergoing Estrogen therapy for prostate cancer? That's a good reason to want VPNs with your pharmacy right there.
How about filing taxes on line? Communication with your lawyer about a civil suit you're filing against the Pirate Bay, or some trademark-infringing pirate importer of handbags or other fashion materials?
What about salary negotiations when you change employers? Or when you're negotiating with a potential rockstar employee? Do you want all that out in public?
I'm not reaching with any of these. They all happen every single day.
[ link to this | view in thread ]
Re: Re:
I post "anonymously" here, but anonymous isn't at all anonymous, as techdirt has my ip address, my browser type, my OS information, and so on sent to them with every page I request. I am not anonymous in any real sense, I am only "un-named".
Are you suggesting that you represent all of the Michaels in the world? You are not any more well defined than I am (except perhaps the gmail or hotmail account you used to sign up here).
What you do in the privacy of your own home is, well, your private business. However, what you do online (which is outside of your home) isn't covered by the sort of expectation of privacy, it is no different from going to the store or walking down the street.
What you are suggesting is that we should all be covered with a chadri when we go out in public, our credit cards should have no information, and our cars should all be grey, with no name badges, no license plates, and no other identifiable material. That would make it about the same as encrypting your web connection.
[ link to this | view in thread ]
I would like to think
[ link to this | view in thread ]
[ link to this | view in thread ]
The email bounced.
Shiat.
[ link to this | view in thread ]
Re:
Hi. I'm an IT consultant that provides managed technology services to my customers. We manage our clients remotely, they work remotely, we offer a myriad of cloud-based services, and you're retarded.
Anything else?
[ link to this | view in thread ]
[ link to this | view in thread ]
Typo spotted
( http://www.bahnhof.se/ )
[ link to this | view in thread ]
Wrongfully watched
I was tailed by the FBI for a week back in the 1970's. I did absolutely nothing wrong. My job required me to make a delivery to the home of someone whose church had made a contribution to the American Indian Movement, and her husband was the treasurer of the church, so he had written the check as directed by his Pastor. Apparently visiting the house was enough to earn me the attention of the FBI.
Being spied on just runs against the grain of what Americans believe in (or used to believe in). It was a huge waste of federal resources to watch me for a week. Thinking back on the situation, I should probably write a letter of apology to the FBI agents who had to watch me; it must have been a very, very boring week.
[ link to this | view in thread ]
Re: Re: Re:
What is this I don't even
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
In the sense of convenient?
Or in the sense of "there are a few comments down there that I don't have an answer to" ?
eg Bruce Ediger and Dark Helmet
[ link to this | view in thread ]
Re: Re: Re:
Why? You cited examples in which one has to leave the house, but one does not have to leave the house to go online. What's the difference? What keeps your logic from applying to, say, a telephone conversation?
And are you really saying that there should be no privacy online at all? How will people conduct business if their business cannot be private? It is far easier to conduct comprehensive surveillance of a virtual world than a real one. If there is a guarantee of no privacy, doesn't that hugely diminish the medium's value for conducting business and personal affairs? Don't you think that the widespread growth and appeal of the medium of the internet has been precisely because it is unregulated and anonymous? If someone wants to, for example, research an area that their government or neighbors finds unseemly, they cannot do this if privacy does not exist. People have used the internet to communicate during revolutions, but if there is no privacy, their communications can be interrupted at the discretion of their government.
I can't understand your logic at all. You gave no reasons for your seemingly arbitrary distinctions, and resulted to outright hyperbole at the end.
[ link to this | view in thread ]
Re:
he be Shill'in :)
[ link to this | view in thread ]
Re: Re:
This is one kind of situation where you do NOT want anyone else to be able to know your identity.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
I do not claim that I want to expose my personal information. It is in my best interest that my posts here go unnamed. I have confidence that TechDirt will protect my information if they are able to.
You are the one that is saying "people who want encryption or other methods to hide themselves online aren't doing it to protect their personal info, but to allow themselves to continue to do questionable or illegal things online" indicating by your own actions that you are doing something illegal. Bummer.
I am not suggesting that we all go out covered in a chadri. I am suggesting that our government not force us not to. If someone wants to protect their personal life by purchasing in cash and hiding their face in public, they are free to do so. If they want to do the same online, they should also be free to do so. An ISP that is aware that many people want the ability to act freely without government snooping on the internet is a good thing. If you want to continue to use an ISP that will freely give out your personal information, that is perfectly ok with me as well.
This is about the government enacting laws that are taking away our ability to freely express ourselves. While some people may be comfortable expressing themselves openly - with their address attached (unlike you), some would rather express themselves anonymously even though they may not be acting illegally. Suppressing their speech in the name of trying to stop file sharing is just sad.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
Why would you need to use VPN overall for normal web use?
Think about it again and answer slowly. You might get it right next time!
[ link to this | view in thread ]
Re:
Would I be less anonymous if I signed my name, I dunno, "bob the builder"? Am I more or less anonymous than Daryll, Richard, or Michael?
Please.
The definition of deflection is not address the issues, and instead picking at the poster themselves. That is a horrible fail.
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
Then stop doing it.
[ link to this | view in thread ]
Re: Re: Re:
It's actually pretty fleshed out. I won't get into company stuff, since this isn't an advert, but everything from hosted email, hosted BES, hosted VPS servers, hosted SharePoint, Secure File Transfer, Spam blocking, etc. There's a lot, it all has to be secure, it all has to be encrypted, there's a TON of need for security through VPN, and that AC was indeed retarded....
[ link to this | view in thread ]
Re: Re: Re: Re:
Retard....
[ link to this | view in thread ]
Re: Re: Re:
Because I bloody want to and in a democratic country you need a good reason to make something illegal. Legal is the default position for everything not something you need to justify in any way.
If you really must have a scenario because you don't live in a democracy and need it to accept your argument is much like a broken pencil try this:
Imagine I run my small business from home providing web services from that are hosted on servers elsewhere. I create a secure VPN connection to my servers as a default because that is my primary usage and how I manage and provide the services I sell. Because of the high license price for the security devices and software I use on my servers I can not afford the same level of protection for my home connection, also split tunneling a VPN connection is not ideal from a security point of view. Therefore I use my remote connection as a proxy server for my general browsing to avoid viruses and other malware. Of course that server may well be hosted in a foreign county and all my local ISP gets to see is the constant stream of encrypted traffic.
So will the response be:
A/ Discounting off-hand a legitimate VPN use as invalid like all the others mentioned as you are clearly the expert on VPN
B/ An ad-hom attack
C/ Ignoring it
D/ Picking a minor semantic argument
E/ Deliberately mis-interpreting some part and arguing that
F/ Other?
Check all that apply.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
Of course, the real solution here is simply to increase competition to the point where VPN is added in order to be competitive with the other guy, rather than having 10 major players who all collude to provide minimal service at (compared to the rest of the world) exorbitant prices.
That said, if everyone (and I do mean EVERYONE) would just run TOR, this problem wouldn't happen. I mean both a TOR client AND server, mind you. Everyone just using the client would only serve to slow it down. That said, if every single user on the internet ran both a TOR server and client, nobody would see any meaningful decrease in speed, and yet 100% of all ISP access logs would be useless since your actual data is never originating from your own IP address. Much like TPB is practically impregnable because it doesn't break any laws itself (it hosts links, not the content) this would be immune to all forms of disclosure. All use of TOR is anonymous (no login, etc) and the main TOR coordination servers that tell the actual traffic-passing servers how to interconnect serve the same function as TPB, and like TPB, none of the actual user data ever crosses the servers owned or operated by the TOR project itself.
Anyhow, until a legal solution is found, there are other options. One solution is to simply rent a shell somewhere with decent bandwidth that's not on US soil or subject to US law, and tunnel everything over SSH or encrypted SOCKS. This can be done for $10/month or even less! As an alternative, setup a VPN network with a few close friends (10+ people preferably) and all agree to rotate proxying through your friends once a day. This can be automated with a good script. Another option which is easier to get past legally, but provides a "plausible deniability" argument is to setup a windows box somewhere in your house, make sure it has a known security hole, then go to the coffee shop down the street and exploit your own system. Then, if you have a static IP at home, you can do whatever you want through it, and if you are ever caught, you can make a 100% believable argument that a random hacker did all the things they're accusing you of - and there's nothing they can do to disprove it. Of course, all of these things are countermeasures to prevent a potential case against you from succeeding in court - no force known to man can prevent ANYONE from filing a lawsuit against you for ANY reason. The law will let you countersue them later, but at that point your attorney has already handed you a bill you can't afford.
So...this will help, but the real solutions still lies in congress.
[ link to this | view in thread ]
Re: Re: Re: Re:
My simple solution was to say that every request is like a note on a piece of paper. You hand it to your neighbor, and tell him "it's for bob across town". Your neighbor next to you does the same to his neighbor, and so on until it gets to bob. Then bob replies, and the process reverses - but sometimes not with all the same people involved.
All of that transit is pretty much public. It isn't quite as open as all that, but there are a lot of people involved in your net usage.
You can enter into a private place to do business. If both of you agree, you can use a secure connection to do what you need to do. But most people tend to surf in the open. Even with all sorts of security, your browser is still spewing all sorts of information about you in every packet, from IP to OS to a whole host of other things.
In a public place, when someone chooses to hide their face and sneak around, they look suspicious. Expecting ISPs to help you sneak around is sort of crazy. They are in the business of providing a connection, nothing more. They really should be responsible, just as the phone companies are, to report who was on what line at what time (with a warrant or court order).
If they are helping you to hide your traffic, they may be crossing the line to "aiding and abetting" copyright violations. If it is a selling point for people to use the service, you have to wonder, at least a bit.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
PERSONAL PRIVACY.
Firstly, saying that there is a visible trend among SOME members of the civilized world who utilize the internet for one of its million legitimate uses, use it to "spew their guts out" for the whole world to see, is not to say that all of us do. Or that there might not be some things that we want to share, like pictures of our grandkids or our opinions on some topics, and others that we might not want to share.
Second, the internet is an insanely powerful tool for doing GOOD things that governments and other powerful people might not like: the political action in Egypt, and in other parts of the world, has been incredibly supported by the internet and similar technology. Do you really see NO benefit in encryption as a means to help protect people with unpopular political or other views take action and avoid persecution?
Third, your whole argument is basically equivalent to the, incredibly misguided, argument against the Fifth Amendment. "I know I don't have a warrant, but why don't you submit to a search anyway, if you have nothing to hide?" The moment you agree to that rationale, then they have the right to infringe upon your time and your property (intellectual and digital or physical), looking for things you've done wrong. If you're "innocent," they're not going to find clues pointing them in the direction of someone else (assuming you weren't a victim), all they could possibly find is things YOU did wrong, and can be punished for, that you didn't know about. Sorry, but considering the ridiculously bloated and officious nature of legal systems, this third reason alone is enough for me to be baffled at your casual abdication of personal privacy.
[ link to this | view in thread ]
Re:
the implications amuse.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
If I'm having a medical session online I have no expectancy for privacy?
If I'm telecommuting the company have no expectancy of privacy.
[ link to this | view in thread ]
Re: Re: Re:
Dont Talk to Police
Even if you don't have nothing to hide you gain nothing from exposing yourself, enforcement agents don't care about that, their work is to provide anything that can hang you and they will go at it at all the angles that they can, so anything can be used against you, that is why we have laws against unreasonable searches because there is a allure for those with the power to abuse it, it costs them nothing and they rarely see adverse consequences for doing so, do you want to make it easier for people who work without moral codes to go after you?
Enforcement agents have their careers defined by the number of people they get guilty or otherwise, they are not measured by the quality of their work, they are measure by number of things they can prove or appear to prove, they don't think about the consequences it will have on your life, they are in fact a hostile force against the public and should be treated as such.
[ link to this | view in thread ]
Re:
I'm not inclined to expose myself to authorities, because I know something bad will happen, at some point they will find something to claim they are in the right and punish me, so I will do everything in my power to not make that job easy.
Even though I know that I need laws and I need some rules for me to be able to live in peace with others, but I'm not going to have my life ruined because of a mistake or my own ignorance of the law either.
The use of the stick to make things legitimate has a price and that is public trust that is the first thing that goes out the window.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
BTW, nice to see you resorting to the old "If you've done nothing wrong, you've got nothing to worry about" strawman that has been credibly debunked a hundred times. After all this time is that all you've got in the locker? (besides a pin-up of Mike that you kiss every day and you know it!).
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re:
Dude, you're a complete joke. Come back when you can maintain a stance for longer than one thread.
[ link to this | view in thread ]
Re: Re:
Ah, but are those people saying that privacy is evil? Nope. You are. They're not saying they're evil. You're saying they (and yourself) are evil.
[ link to this | view in thread ]
The Role of the ISP in fighting crime
[ link to this | view in thread ]
Re: Re: Re:
I didn't know people like you existed on this planet. Are you seriously trying to compare "going out" to privacy violations? do you show everyone your ID as you buy preparation H or lube? do you scream your conversations on your cell and put your wife/gf on speaker so that everyone in the store can see you have problems in the bedroom due to erectile dysfunction?
I know you crave to be controlled or are a very gullible person but please, try harder next time you attempt to exemplify your flawed logic.
[ link to this | view in thread ]
Hide your data from your ISP
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Using a VPN
[ link to this | view in thread ]
Hooray for Entanet Promoting Pornography!
Shame we can't have ISP's with this kind of honesty here in the US.
I guess pornography makes up a big part of internet traffic and of course, more internet traffic means more business for an ISP.
On the superduke.net forum Mr Farnden, known as df_vtr, has been keen to show his passion for KTM motorcycles, introduce himself as Entanet Head of Marketing as well as express his love of young ladies, with tattoos and false breasts. He even went as far as sharing his huge private collection of images on the forum.
Well done Mr Farnden, I admire your honesty, bravery and hope other ISP's will take note.
[ link to this | view in thread ]
ISPA Awards 2019 Nomination - Internet Villain Award - Entanet
Congratulations CityFibre Entanet!
After careful consideration we have decided to nominate CityFibre Enatnet's Head of Marketing for the 2019 ISPA Internet Villain Award.
Having uploaded hundreds of explicit pornographic images to our favourite motorcycle website and openly commenting on his sexual preferences, Mr Darren Farnden (aka DazF) has clearly displayed a complete lack of consideration or respect for any women or children visiting the website.
Mr Farnden also displayed a complete disregard for the reputation of Cityfibre Entanet or respect for his colleagues by using the same website to boast about his job title and post a link to Entanet's website.
Considering Mr Farnden's position, we're sure you'll agree his behaviour is shocking and inappropriate. Having tarnished the reputation of the industry he truly deserves the title of 2019 ISPA Internet Villain.
We look forward with anticipation to the ISPA Awards in July. On behalf of myself and the ladies at WMCC UK, we wish you the very best of luck.
[ link to this | view in thread ]