I want a privacy first router. Does such a product exist?
Key features:
- I pay a subscription for maintenance (so I'm not the product) say $10/mo
- Automatically routes all traffic over a VPN.
- Smart VPN bypass for performance-sensitive traffic like streaming video and gaming
- Provides non-logging DNS service
- Automatic advertisement blocking
For VPN, DNS, and adblock I want the option to use servers & block lists maintained by the paid service, augment them with my own, or use my own exclusively. Bonus points for rotating requests between providers.
Does such a product exist? I think I could hack together something similar using DD-WRT[1], but I'm confident the maintenance hassle will eventually outweigh my desire for privacy. #shutupandtakemymoney
Sure, but there's a cost to exercise that right. Right now, the cost of protecting myself from my ISP is quite high. I need to maintain DNS and VPN settings for every device in my home... many of which are personal devices of other family members with little patience for such techno-babble.
I want a product that reduces the cost of exercising my right to privacy, and allows me to pay that cost with money instead of time.
You're right, of course, but a VPN at least lets you make sure that the service that can snoop on your data doesn't want to snoop on your data, because they know you'll just leave them for another, more privacy conscious, provider if they do.
VPN providers have incentive to compete with each other and commitment to user privacy is an important selling point. ISPs have zero commitment to privacy and almost no reason to compete since users have no choice.
You're right, of course, but a VPN at least lets you make sure that the service that can snoop on your data doesn't want to snoop on your data, because they know you'll just leave them for another, more privacy conscious, provider if they do.
Only if you can tell that they're doing so. If they create two companies with no apparent connections, how would you know that VPN company A was selling your data through Marketing company B?
We are now getting pretty far down the rabbit hole.
Is this possible in theory, if your packets go in all directions (IPs) encrypted, not sure how you reassemble, but in theory, would the information then be whitewashed? I guess I'm asking, is it possible in principle, can you leak no information (including metadata) from IPv4?
I don't agree with that analogy. The VPN takes away the ISP's snooping abilities, but gives snooping abilities to another company that wouldn't otherwise have it.
Privacy is weighed against public safety all the time. The question is at which point does it become unreasonable. Warrantless searches of American individuals just so happens to be where we, as Americans, draw the line.
On the other hand, don't mistake my assault on the technical validity of your sentence for disagreement with its intent. We should be outraged.
Shame on us for having allowed this to happen, and for the dangerous precendent it sets for local monopolies to sell your information.
This is a political problem. Technology like a VPN or alternative DNS is little more than a placebo. With the ISP as a permanent MitM, modern deep-packet inspection, etc, you are probably still leaking a lot of information.
Worse, you're only moving the problem to a different location. Even if you were able to hide your traffic from your local ISP, your VPN host or DNS service becomes your ISP de facto. Also, if any of your online accounts can be tied back to you on their own, you might not get a choice in the matter; the server's ISP can also sell information. What about TLS? Unfortunately far too many websites are only encrypted to CloudFlare.
However, the real reason that VPNs/etc are not a solution is that privacy shouldn't be limited to people with a technical background. Those of us that do understand the technology have a duty to help the people without that knowledge and experience.
> Worse, you're only moving the problem to a different location
I agree that's true from a technical perspective. However, the VPN provider has an economic incentive to compete on privacy. I would much rather just trust my local ISP, but at least I have a choice in VPN providers.
> privacy shouldn't be limited to people with a technical background
Absolutely. That's why I want this as a product that Just Works instead of my own hacked-up implementation.
Excellent point. In the US you likely only have a small number of ISPs you can choose from, but there are huge number of VPN/PaaS/HaaS providers out there that you can route your traffic through. Surely some will compete on privacy.
> Those of us that do understand the technology have a duty to help the people without that knowledge and experience.
No, we don't. The fact that the "common people" don't value privacy enough led to this whole situation. Those that do value privacy, can pay for it with their money (or their time to learn).
I agree with this! I think, should people value their privacy and want to use VPNs then we can teach them about such matters but merely us trying to convince them should not be our problem.
I think the problem is not that most people don't value privacy, it's that most are unaware of the privacy issues that affect them, or have been misled to believe that the cost of having the websites and services that they rely on (facebook, gmail, etc.) is necessarily tied to giving up privacy.
This isn't a new problem. We "know" the common people don't care because all attempts at scandalizing this in the media, for years, have not found much resonance.
If people didn't care about privacy, companies wouldn't be so opposed to regulations requiring them to get consent before selling personal information. Advertisers wouldn't disguise targeting to avoid creeping people out. Uber wouldn't have deleted a blog post mapping one-night stands. Republicans wouldn't have had any reason to spin this bill as being about which agency should have authority.
People do more to protect their privacy when they know it's being violated, understand the impact, and believe they can do something about it.
Some people care about privacy. Most probably may even care about it to some degree, but not to the degree where they sacrifice their convenience for it.
Again, the media has done its best to scandalize the very real privacy concerns with companies like Google and Facebook. Did it hurt their success with the unwashed masses?
If privacy was really such a big deal, why would Uber write that blog post in the first place? Sure, enough people complained online to get it pulled, but that's not representative.
To wake people up, we'd need a real "story" here, like somebody getting fired over googling something relatively innocent.
Finally, if advertisers really try to disguise targeting, they're doing a terrible job at it. Just try turning adblock off for a moment to see for yourself. Yes, even the common folk thinks targeting is creepy, but at the end of the day they don't care that much.
I disagree that the media has done anywhere near its best to bring privacy issues to people's attention. At the same time, many stories that do get published offer lots of vague scares and no practical suggestions, which fuels people's sense that there's nothing they can do.
I don't know many people who have stopped using Facebook. I do know a lot of people who don't post things they would've 5 years ago.
Uber miscalculated, simple as that.
For targeting, I'm talking more about direct advertising. I think most people know by now that the sites they visit don't directly control the ads they see. Seeing the same ads everywhere is annoying but doesn't prove anything. A company you've never given your email address sending you offers for only items you looked at is creepy.
> - Smart VPN bypass for performance-sensitive traffic like streaming video and gaming
It is highly error-prone to maintain (or expect a company to maintain) essentially a large filter list. In the end you'll end up with a product that gives you neither privacy nor performance. For a real world example, try using a smart dns. They suck at dns on its own. And they have to keep up with the cat and mouse of content sellers blocking them. You'll end up with pretty much the same situation with your smart vpn solution. You'll never know reliably what's going over which route (unless you are making the list), debugging will be a nightmare, and you'll have leaks all over.
For the nerds among us this shouldn't be too hard. A Virtual Private Server can be rented for a few dollars a month. I have seen examples that charge less than $4 for unlimited bandwidth.
Install VPN software on the server and become your own VPN provider. On your home router you can setup a point-to-point VPN connection and you're done - all traffic encrypted and bypassing your local telco.
I assume that network-providers are not included in this legislation though...
Mind divulging on some VPS providers? The one I've been looking at closely is https://www.vultr.com/
Their $2.50/month plan fits me well as my monthly traffic across all my devices (and home) is roughly 100GB. Pair that with https://github.com/trailofbits/algo and it's a reasonable setup.
There is one issue that your traffic is typically flagged as originating from a VPS provider and you might end up getting denied or have to do annoying challenges.
I use a service called Cloak[1], and I'm super happy with it. I'm getting 75MB/s down over my Wifi while VPNd through their service. I often forget that it is on because it _just works_. I have no affiliation with them, I just think they make a good product.
I seriously doubt you're getting 75 MEGABYTES down over Wifi. Did you mean 75 Megabits (Mb)? There is a major difference between Mb and MB. 75 MB would be equal to 600 Mb per second.
:eyeroll: Sure, and MIT managed to transmit data wirelessly at 1 Tb/s one time. But we're talking about the real world and regular consumer hardware here.
I was mulling over a service like this. Was thinking I'd set it up roughly like so:
1. Create Terraform / Ansible scripting to boot up fresh DigitalOcean droplets with OpenVPN and encrypted DNS / pi-hole to strip out ads.
2. Bulk purchase cheap dynamic DNS domains (or just generate sub domains on command and hit some kind of load balancer).
3. Create scripting to shuffle the various VPN boxes every x time (each night, week, whatever).
I'm not an expert, so I might be missing things here. But I'd pay for that, and I think all you'd have to do as a client is put OpenVPN client on your router and point it to whatever static domain you're assigned by the service.
EDIT: I also figured I'd donate some % of proceeds to OpenVPN / Pi-Hole.
You should try a the NetAidKit. We use them a lot for high risk human rights defenders travelling to various places. It works with VPN and Tor. Has wifi bridging, is portable etc.
Someone posted on a similar thread yesterday or the day about something that would fit the bill for you. I'll see if I can find it.
Off the top of my head, I think they sold a router, mostly pre-configured with ddwrt, that you plugged in your info for PrivateInternetAccess and used them as the VPN. Could be wrong though.
The website mentions an interesting solution to the streaming media problem: "Keep your existing router and run both networks simultaneously. Connect to your Easy VPN Router when you need safety"
So basically I could have the performance-sensitive devices hook up to the existing router, then use Easy VPN as the main access point for everything else. That's probably a lot more maintainable than trying to choose what goes over the VPN dynamically.
An app that enables you to use your home router as a gateway could solve this problem.
I had an idea called 'Home Gateway' awhile back, but i do not have the business acumen and lack part of the technical know-how to complete such a task.
I am a strong advocate for privacy, please understand that before you continue reading this. I don't want ISPs to sell my browsing history, and I am continually disappointed in the Republican opposition to net neutrality and online privacy. I'm even working on an open source project involving cryptography and secret protection, so I have skin in the game.
However, this headline is patently false, right? Congress didn't sell anything. They removed protections that were put into place late last year and hadn't gone into effect as far as I know.
Just because companies are legally capable of selling your browsing data doesn't mean that they absolutely will. As far as I know, my browsing history hasn't been sold by my ISP yet, and the regulations that were rolled back were not the reason why this is true.
Maybe I'm just posting because I like being a contrarian, but I do expect a more sober-minded commentary on this site than I've been getting on some recent news items.
If you're interested in the FCC's response, here is a primary source[0]. I don't buy most of it - I know that this is a lot of spin doctoring, particularly that second paragraph. But it provides insight to how the FCC is viewing this, something I haven't seen a lot of in this coverage.
Here[1] is some coverage from 2015 on the FCC/FTC issue that the third paragraph in that presser talks about. Also worth noting is this HN thread[2] from two years ago, where the top comment is a thoughtful critique of putting the hopes of an open Internet in the hands of a bureaucracy. People didn't agree, but that's the sort of commentary that keeps me coming back to Hacker News.
AT&T had a program in place ("Internet Preferences") where they offered a $29/mo discount on their gigapower FTTH offering to customers who allowed them to inspect traffic for the purpose of ad targeting, including sending you offers by e-mail related to your browsing.
They defaulted you in to the program, hid its terms in fine print, and made it difficult to sign up for service w/o accepting the program.
Now, they did away with this program late last year and started giving everyone the discounted price. It's not clear why they did so: maybe it was the upcoming FCC regulations; maybe it wasn't making enough money; maybe it was competition from Google Fiber.
With Google Fiber going away and the FCC regulations being rolled back, I'll guess we'll see whether the program comes back.
But regardless, at least one major ISP was willing to inspect its customers' browsing data and use it for ad targeting. It would be great if this were solved by the market via customer backlash, but I don't see that happening. Sadly, I think most customers just don't care. People are willing to tolerate a lot to save money.
However, this headline is patently false, right? Congress didn't sell anything. They removed protections that were put into place late last year and hadn't gone into effect as far as I know.
It's nearly impossible to find even one constituent who wrote to their Congresspeople asking for this law to be axed. It was a handful of lawmakers in Congress who accepted bribes, payments[1], and other kinds of lobbying from telecoms to push this through... that is the definition of "selling". And yes, the votes did happen almost exactly down party lines.
The headline was taken directly from the NYT article, and it is indeed accurate. That HN changed it to appease ??? is really disconcerting.
I see where your argument is coming from. Lobbyists give money to politicians who push legislation that favors lobbyists. In a sense that could be construed as a 'sale'.
But if we accept that premise, even in that case the only thing that was sold was the potential to infringe on privacy, not privacy itself.
Congressional Republicans don't own my privacy.
They can certainly make it easier for me to protect my privacy and have possibly made it harder after this vote, but they never owned it.
Yes, I don't think you should take the headline that literally - there's a touch of abstraction there. More literally, Congressional Republicans sold telcos a convenient legal avenue to violate your privacy. They didn't "possibly" make it harder... they added a massive new burden to your life if you care about your privacy. Read the other comments in this thread -- see how complex and incomplete the countermeasures seem to be, even for techies?
There are many ways the government protects your privacy such that you don't have to worry about it in X scenario. The Republicans sold one of those protections and added a new scenario to the list of things you have to worry about. The headline is pretty appropriate in context.
I find it dishonest for an article to say that corporations donated to a candidate, when they actually mean that a corporation donated to a PAC or that employees donated to a candidate. It creates an extremely misleading picture. Telecoms are major employers in places like Tennessee (which Blackburn represents). AT&T alone has 5,600 employees in Tennessee (more than Twitter has employees total). It's no surprise telecom employees donate to her.
No because those representatives didn't vote in a way that favors the companies that donated. If I bribe 10 politicians and 4 of them don't do what I want, does that that mean the other 6 who did are now above suspicion as well?
Voting in a way that favors a company that donates money to your political campaign creates at the very least an appearance of a conflict of interest. In those cases we should rightly be suspicious.
>I find it dishonest for an article to say that corporations donated to a candidate, when they actually mean that a corporation donated to a PAC
Do you find it dishonest when an article says a corporation donated to a candidate, when actually they mean that a corporation donated to a candidate's campaign?
A candidate only personally benefits from campaign donations insofar as they help them get reelected--the same way they benefit from PACs.
There isn't much distinction at this point because PACs routinely operate as extensions of campaigns, even though they are technically prohibited from coordinating. It doesn't stop them from doing things like winking and putting up random video clips with no audio on the campaign websites that PACs can just happen to download to make advertisements with.
>or that employees donated to a candidate
I agree that this is a little more misleading.
>AT&T alone has 5,600 employees in Tennessee
That's true, but my guess is that most of the money that was donated from employees of the telecom industry came from a much smaller number of high level employees donating near the maximum.
> No because those representatives didn't vote in a way that favors the companies that donated.
They certainly did. The Internet consists of server owners, content owners, and pipe owners. You can understand pretty much every political issue involving the Internet as a proxy war between these groups for advertising and media viewing dollars. Here, keeping pipe owners out of the advertising business directly benefits server owners.
If they take money from a company like Google that stands to benefit from more FCC regulation, I have a problem with that as well. I can dislike two things at the same time.
Allowing unlimited spending in the form of Super PACs just exacerbates your proxy war problem. In this case we have several companies with deep pockets that happen to be on the side of net neutrality, but their interests won't always align with the public's.
Don't have a moment to read your sources at the moment.
But weren't the protections only put into place last year because they weren't needed until then?
In other words, they were under the jurisdiction of the FTC previously, so this particular legislation a moot point, because the FTC could just say "hey, you can't do that. case closed."
Now because of the "common carrier exemption" I don't think that would hold up.
Funny enough, they talk about how the FCC handles data/privacy breaches, and how they came down really hard on a minor breach that affected a few cox subscribers, nothing with payment data or even any actual damages.
This seemingly means that the FTC takes privacy seriously. But congress won't let them.
If legal opinion is now that the FTC does not have the ability to regulate internet privacy, it is not the fault of congress, it is the fault of the 9th circuit's ruling ruling last year [1], which has effect over its area of jurisdiction.
Traditionally it is the FTC which regulates consumer privacy. The republican's position w.r.t. internet privacy is that regulating this is in the domain of the FTC, as has always been the case before [2][3][4].
They rolled back the FCC's privacy rules. They did not restore the FTC's privacy rules. Best to pay attention to the things they do rather than the things they say.
So the only thing I don't understand as far as the fuss about this is concerned -- everything I've read indicates that this is undoing a protection put in place late last year. So essentially we've gone back in time six months ago or so. If ISPs weren't selling our info then when they could have, why does it logically follow that we're now in some uncharted territory of ISPs selling personal info? Or is this simply blowing the situation out of proportion because Republicans did it?
> So the only thing I don't understand as far as the fuss about this is concerned -- everything I've read indicates that this is undoing a protection put in place late last year. So essentially we've gone back in time six months ago or so.
Sort of, but you've missed a key aspect. Yes, six months ago (or whenever) there was (possibly) no protection. However, that was a fairly recent development. Earlier, ISPs had been regulated by the FTC when it came to privacy.
As part of the implementation of its net neutrality order, the FCC changed its classification of ISPs from information services to common carriers. Last year a court ruled that the FTC did not have the authority to regulate common carriers.
The FCC's privacy rule was meant to step into the void left by the FTC losing jurisdiction.
There were some ISPs which were selling people's data prior to this order (Verizon was one, IIRC, and a few others were actively injecting ads and JS into non-TLS traffic), and many more were considering it.
Yes, we've "essentially" just gone back in time, but it's not a positive regression.
> Yes, we've "essentially" just gone back in time, but it's not a positive regression.
I agree, but with the way this thing has been reported you'd think we've gone back to the dark ages rather than where we were just prior to the election. I don't recall a lot of discussion on HN about which proxy to use because "OMG my ISP is going to sell my browsing history!!!" back then.
That's all I'm getting at. Wondering why the reaction to going back to the status quo of not long ago at all is seen as some assault on civil liberties.
> I don't recall a lot of discussion on HN about which proxy to use
When the articles about ISPs came up (as Verizon did, fairly frequently; though it was also as frequently buried), there was discussion about using VPNs. We're primarily technology users and creators; our first instincts are to find technological solutions to such problems.
Give this a week, and it will fade from the front pages as well. That doesn't mean it's not still important, or that we accept the new status quo as being right or correct.
> Wondering why the reaction to going back to the status quo
Because, IMO, that "status quo" was not a good place to be, and was getting worse. And is now likely to continue to get worse since we've regressed back to it.
We pride ourselves as Americans as being progressive - trying to make things more fair for everyone. Everyone should have a vote. Everyone should be able to express their thoughts without fear of censorship. Everyone should have the ability to rise above their station. Everyone should have a right to privacy. When our elected government take steps away from these ideals, people (rightly, IMO) complain that we're moving in the wrong direction.
The status quo was wrong, which is why we passed the law in the first place.
The difference, of course, is:
* [thing isn't thought about, so isn't made illegal - making it implicitly legal]
* Hey, this thing they're doing is bad - now that we know about it, we should make it illegal.
* Repeal: Hey, let them do this thing.
Your wondering why was just answered succinctly in the comment you posted your reply to:
> There were some ISPs which were selling people's data prior to this order (Verizon was one, IIRC, and a few others were actively injecting ads and JS into non-TLS traffic), and many more were considering it.
Personally, I'd like to see more competition in the ISP space. This bill may help by reducing barrier to entry, but the central problem remains that national carriers have lobbied the state to prevent competition at the municipal level.
Furthermore, this bill seems like a minor nuisance compared to the data collected by Facebook, Google, and the NSA.
So yes, I'd say this is being blown out of proportion. The Republicans aren't being evil, but they have much more to do before I'd consider them being good.
> Furthermore, this bill seems like a minor nuisance compared to the data collected by Facebook, Google, and the NSA.
This is the bullshit argument Republicans/ISPs are pushing that anyone technical should immediately realize as such. It's conflating two separate issues.
I can choose whether or not to use Google and Facebook, and indeed willingly "agree" to their TOS when I log on. But to even get to those providers, I need to go through an ISP. As someone in rural America, I don't have a choice in ISPs, and even in a lot of cities where you have "choice," they all share the same privacy-invading practices. That's the point of the rules passed by the FCC: protecting us, the consumers who are subject to the whims of anti-competitive corporations that have access to large swaths of our personal data.
Agree with you on Facebook and Google. There's a choice, and at least there is no law preventing competition/disruption. Not the case with the NSA, but that's a tangent.
The root issue is the national providers lobbying the state to prevent competition at the municipal level. Granting more power to the FCC does not solve that problem. Rather, it would only serve to lock in the existing monopolies and further centralize control with the state/corporate nexus.
The state preventing the market from functioning is not a valid reason to introduce more state intervention. In my view, competition will protect the consumer better than regulation in the long run.
Absolutely, competition will protect the consumer best. But we need that competition first :)
In the meantime, it seems logical to take some steps to limit the damage that our currently monopolistic telcos can do and give someone power to enforce a rule that: "(1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services, (2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information, (3) adopts data security and breach notification requirements, (4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and (5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider's right to use a customer's confidential information." [0]
I mean seriously, considering the current landscape, does that seem like unreasonable overreach? Is anyone going to go out of business with rules like that?
The summary does sound reasonable on the surface. But read the whole whopping 73 pages. The regulations hurt small ISPs much more than national carriers.
For example, there's a Mom & Pop cellular-based ISP that serves my small mountain community. They could certainly be put out of business by this type of regulation after they pay for lawyers, IT services, training staff on new operations, etc. -- and heaven forbid they get audited by the FCC.
Maybe if the regulations only applied to national carriers, then you could argue this wouldn't hamper competition. That'd be something I could support.
The actual regulations are about 3 pages, 2 if you respect your customers' privacy. The previous 70 pages include historical context, rationale, explanation of related regulations, even an overview of the OSI model.
The FCC gave small providers a one-year extension and other concessions. And, as they pointed out, small providers generally collect less customer information and use it more narrowly.
You think that regulation is the relevant barrier to entry to being an ISP? Not the cost of running lines or anti-competitive practices by rivals?
Please, this just means no protection for an environment where, right now, we have no competition to move to when our ISP decides to do something shitty.
I've had an ISP willing to put 2km of copper wire to get my 15$ / month fee. (Not in the US.) I don't think the cost of wires is significant anywhere in the US either.
You may live in a country where the government subsidizes the laying of communications infrastructure. Laying fiber or even just coaxial cable is extremely expensive.
No, the whole reason we have great internet is that it took the government a long time to find out about it. The company had two 20-somethings spread the wire on existing poles :)
The FTC was preventing them, until it was decided that it was outside their purview. The FCC took over, but that's just been reversed. Now no one is preventing it.
I don't get your point, even if no one does do it, why repeal the protection? It's effort and time wasted just to create a potential for something bad to happen.
Even if you think this will never be abused, I don't see how it's being blown out of proportion, this is still bad.
> I don't see how it's being blown out of proportion
Really? Where was all the hyperventilating about the status quo on HN prior to when the protection was put in place? That's all I'm getting at, the reaction to being back in the dark ages of late 2016 seems a bit overblown in my opinion.
Because why the push to undo something if they weren't planning to do it, or weren't already? I know Verizon has an opt in program for it where they gave you deals and free data.
Can't argue with that, but again, the status quo for many, many years was that your ISP could have done this, but didn't. And the next time there's a changing of the guard the protections will be put back in place, so I can't see how ISPs are going to bet on selling this information as a viable long-term business strategy.
> And the next time there's a changing of the guard the protections will be put back in place, so I can't see how ISPs are going to bet on selling this information as a viable long-term business strategy.
Nope:
> The bill not only gives cable companies and wireless providers free rein to do what they like with your browsing history, shopping habits, your location and other information gleaned from your online activity, but it would also prevent the Federal Communications Commission from ever again establishing similar consumer privacy protections.
Also, a lot of things are broken. Voices are raised when something bad is actively done, not when something good isn't actively being done.
Do you get the difference? I am dismayed that the healthcare system is currently bad and has been bad for generations. Is it smarter to kick up a fuzz randomly out of nowhere, or to do it when there's legislation being made on it, in either direction?
I'm not giving them a free pass, I'd prefer the protections to be in place. But I'm just putting the situation in perspective. My observation is just that I'm perplexed about the amount of "sky is falling" reactions here when you couldn't find a peep about "which VPN do I use to keep my ISP from selling my data" on HN say, a year ago.
I would argue that the full impact of what is possible wasn't very visible until certain companies got caught doing MITM advertising injections and other questionable tactics (eg Verizon; Googling suggests HN started noticing them and others circa 2014 or so).
As far as "simply blowing the situation out of proportion because Republicans did it", it has been pretty obvious that Republicans have been aligned with the telco / big cable companies (as opposed to content companies) for a while. Maybe some are surprised and shocked, but personally I have no problem with this action highlighting that there are differences between current political parties beyond the usual social politics and political memes.
Things have changed, though. Many ISPs are also cable TV providers. Netflix is now at 98m paid subscribers (worldwide), with cable footprint at 94 million (US). Somewhat apples to oranges numbers there, but also:
> And the next time there's a changing of the guard the protections will be put back in place, so I can't see how ISPs are going to bet on selling this information as a viable long-term business strategy.
I wouldn't bet on it. All the discussion about politics and policy leave out the fact that the GOP now controls 33 state assemblies. 1 more power grab, they will be able it invoke it. They won't have the 38 needed to ram through changes without opposition, but there's a good chance they will attempt to put in legal guards against the Democrats from undoing their policies.
Tom Wheeler, former FCC chairman and cable/wireless lobbyist, fails to charitably address why his opponents did what they did. To Republicans and opponents of his FCC chairmanship, this was about regulatory authority, not "selling your data to ISPs". They believe the FTC, not the FCC, should be the main privacy regulator as it has in the past. They also contend that ISPs are already disallowed from scooping and selling data without consent, and that the FCC already has authority to prosecute, via sections 201, 202 and 222 of the Communications Act.
> They believe the FTC, not the FCC, should be the main privacy regulator as it has in the past.
If they believed that, they would pass legislation to correct the law on which the court relied striking down FTC regulatory authority in this area and allow the FTC to actually do that; not doing that when reversing the FCC rules which mirrored the FTC rules which were struck down demonstrates that that is a pretext, not a genuine motivation.
> they would pass legislation to correct the law on which the court relied striking down FTC regulatory authority in this area
The FCC rule is being struck down using the Congressional Review Act [1]. CRA provides "an expedited legislative process" [2]. Giving the FTC authority in this area would require passing a real law. (That said, I agree with you regrind the explanation of motive.)
> The FCC rule is being struck down using the Congressional Review Act [1]. CRA provides "an expedited legislative process" [2]. Giving the FTC authority in this area would require passing a real law.
Right. But if the real basis of reversing the FCC action is not that the substance is wrong but the regulator is wrong, then you'd expect the fix to the law to allow the FTC to regulate to, at a minimum, be introduced first and highlighted in the debate over reversing the FCC action. (And, in fact, regular laws can be expedited as well, as was demonstrated procedurally with the AHCA, even if the votes were never there to follow through on the expedited process that was set up.)
It's not clear to me how the CRA actually makes anything faster in this case. The "real law" approach would only need a simple law, which surely could be drafted quickly. Both a "real law" and a CRA action require the same simple majority in the House and Senate, which they have.
CRA actions can't be filibustered, regular legislation can. OTOH, while Democrats might filibuster repeal of the FCC action if they could, I can't imagine a clear positive grant of regulatory mandate to the FTC on this issue would be opposed by Democrats, so if that were really the majority's concern, I don't see how the procedural distinction between CRA action and regular legislation would be a real issue.
A better analogy would be FedEx selling your incoming and outgoing addresses and package weights to third parties, not necessarily the contents of your packages.
You forgot "and changed". Injected ads, injected JavaScript, replaced ads... This has been occurring, and without protections against it, it will continue to occur.
More like your landlord selling the keys to your apartment, but you still have the key to a series of safes inside. Everyone can get a lot of your stuff and probably watch you poop, but hopefully those safes are built well enough to keep everyone out of your valuables.
im conflicted about this. hate to hand over millions to ISP's just to prove a point. I'd rather put the money towards starting a competing anonymized ISP.
The fact that this law has passed raises an interesting question: can a private citizen request and receive any and all information from a government entity about the users of that government's various assets? For instance:
1. Detailed data on the number, character, weight, etc. of every car that passes on a government road. (cameras record license plates, traffic videos exist, weigh stations are sometimes required for trucks, etc.)
2. Power companies bill the owning address for every power meter connected to the grid - therefore it should be possible to compile detailed historical data on power use. (watt-hours used, at least in monthly time-slices, possibly with geo-locating data, etc.)
3. Same as above for water use.
It seems to me that if the government is going to make it legal for a provider of services that run on government owned property (telephone/internet lines, which if not in all cases outright owned by the federal government, ARE deeply regulated by it), then why not all the databases concerning all gov. property?
If engineers would refuse to implement privacy invasions, they wouldn't happen.
Do you work for Comcast, Verizon, AT&T, Time-Warner, CenturyLink, Charter, Cox, Frontier? Don't implement these things. Don't do deep packet inspection, don't log things that shouldn't be logged, don't put in MITM proxies and don't insert cookies in traffic that your customers expected to have unmolested. Explain your decision, and explain it to your coworkers.
Some of you will lose your jobs. I'm sorry. However, you're in high demand. And maybe you can make a difference.
> If engineers would refuse to implement privacy invasions, they wouldn't happen.
That'll never work, as long as it's just a personal ethical thing. There's always someone who would rather take the money.
Now, if there was a professional organization or union with some teeth, which could enforce some kind of ethical code, then maybe "engineers" could do something about stuff like this. I'm not sure how it would work in detail, but it might involve pickets/walkouts of entire organizations engaged in unethical projects or expelling members who work on them in a way that negatively affects their future job prospects.
> That'll never work, as long as it's just a personal ethical thing. There's always someone who would rather take the money.
Sure, but "I was just following orders because someone else was gonna" isn't going to win any ethical arguments. The point is the tech worker that implements these things is complicit, whether it's the database system for a list of Muslims or privacy invasion.
Additionally, the sentiment is that tech workers can easily get another job, so "just following orders to pay the rent/mortgage" doesn't hold up either.
To use an extreme example, if my work gave me a gun and tell me to go shoot a particular somebody, I'm going to refuse to do it (and tell the police). I'm sure they could find a murderer-for-hire, but I'm still not gonna be the one to pull the trigger.
>That'll never work, as long as it's just a personal ethical thing. There's always someone who would rather take the money.
So true
>Now, if there was a professional organization or union with some teeth, which could enforce some kind of ethical code, then maybe "engineers" could do something about stuff like this.
That won't work either. A few years ago most of the "programmers/developers/computer scientists" I worked with (we weren't pretending to be engineers yet), all had C-S degrees (either C-S undergrad or math/physics undergrad with C-S masters+). And by and large these people were usually members of the ACM or IEEE.
Now with the rise of the "self tough (software) engineer", these professional organizations are weaker than ever before. My cube make is not only likely to be a boot camp graduate, they are likely to not know what the ACM is, never mind any ethical standards its has and of course have no concern for being kicked out.
Now I am not saying all this is good or bad, democratization of technology has pros and cons. But its a shift that makes depending on professional orgs more worthless than ever before. (some of this is also coast vs inland US, the west coast as always had more self-tough vs academia tought programmers).
> And by and large these people were usually members of the ACM or IEEE.
> But its a shift that makes depending on professional orgs more worthless than ever before.
I don't think those organizations have ever had any "teeth" in any space, let alone the professional one. I don't think anything like what I'm talking about had ever existed for programmers. I'm thinking of something like more like a Bar Association (like for lawyers) with regulatory/licensing powers or a union with labor-market power. I admit, both are unlikely to arise anytime soon.
> Some states require membership in the state's bar association to practice law there. Such an organization is called a mandatory, integrated, or unified bar,[3][4] and is a type of government-granted monopoly.
> Disbarment is the removal of a lawyer from a bar association or the practice of law, thus revoking his or her law license or admission to practice law. Disbarment is usually a punishment for unethical or criminal conduct. Procedures vary depending on the law society.
> Generally disbarment is imposed as a sanction for conduct indicating that an attorney is not fit to practice law, willfully disregarding the interests of a client, or engaging in fraud which impedes the administration of justice.
It's a repeal of the regulation put in place by the FCC last year October prohibiting ISPs (such as Verizon, AT&T) to sell their customers' data. This shows how strong the lobbyist groups are if this very recent item was taken on this quickly -- which makes sense if you think about that it's a $156+ billion industry in the US alone.
The regulation from last October required to ask for expressive consent to sell the following:
- Precise geo-location
- Children’s information
- Health Information
- Financial Information
- Social Security Numbers (wait, they actually sold those?!)
- Web Browsing History
- App Usage History
- The content of communication
With the new regulation, passing all of these information on is fair game again. Which is absolute fucking shocking!
Btw, for anyone interested, I wrote a blog post about the implications of the new regulation for ISPs when it was first passed -- just make sure to read it as the opposite of what I wrote: https://blog.datawallet.io/broad-band-providers-take-a-hit-b...
Internet Provisers -- that's Google and Facebook, right?
On a more serious note, people need to understand that every domain you visit, every query you search, every digital conversation you have, every number you call, every movie you watch or book you read, everything you buy, unless you take active measures to mask your identity that record is being retained by as many different people that can get their hands on it as possible.
Let's be clear about what this bill is potentially changing -- not who is collecting the data but who can monetize it.
Frankly, a bill that allows monetization of data already collected is not about privacy it's about deregulation. As long as the data is retained, privacy is already lost.
I actually really like this bill because it exposes, well, how exposed we all are online. The more people understand how much tracking is going on, the more likely we can garner the will, the market, the demand for technological solutions which actually protect privacy rather than regulating monetization.
More likely people will, without ever understanding any of this, become agitated and then over time... nothing they recognize will happen, nothing they can see will change. It will be even harder to get their attention next time...
Unless someone can point out why it's not what it's cracked up to be? Seems like a rather easy-to-setup solution, somewhere between straight up paying a service and rolling everything yourself (I do pay PIA, but I've found that, not infrequently, my speeds are drastically throttled. I'll be actively downloading a file while connected at 400kb/s, cancel the download, disconnect from them, restart the same file, and be at 10mbit/s. I have no doubt some of that is due to the nature of the VPN, but I can't imagine all of it is. But, I'm not not a network engineer.)
My concern is that if you connect to a VPN server in the US that your traffic will still be sold because the VPN provider technically also an ISP. I could be wrong though.
At least consumers still have https going for them I suppose? Or maybe ISPs are now more motivated to man-in-the-middle those connections to get to the data, under the guise of security or something?
They can still correlate traffic going to specific IPs, DNS requests, and SNI information (since it's not encrypted, because the remote server needs to know what certificate to use). There's plenty of data to choose from.
I don't believe SSL alone would protect you since ISPs would still have access to the DNS lookups, the fully qualified domain name of the server (which is sent in cleartext for SNI), and IP addresses for the person browsing, so there's still plenty of "meta-data" for them to sell.
Maybe if you use a third party DNS service, but then you need to trust them.
Yea that was my main question during this. What can we do. I thought https made this near impossible unless they MITM it, which would be difficult no? Or is it easy?
This is all the more reason we need to start encrypting all communication. All my hand built services (home bots, etc) need to start using tls for everything.
Three problems here. First being that the ISP is a permanent MITM. Second is that TLS will not protect the hostnames, which are sent in the clear so that servers can identify the correct certificate for a given connection. Likewise, DNS is not encrypted (though companies like OpenDNS do provide alternatives here).
Regarding the MITM, more specifically i meant able to compromise HTTPS. If i sit between you and your https site, can i read all of your traffic?
I know very little about the nitty gritty of HTTPS, so forgive my ignorance, but i thought the most i could do was try to pass off a custom key (ie, spoof the key authority), but then the signing done from the https site (say, https://google.com) wouldn't be valid based on my bad key.
How common is it to read full https data if you're a MITM?
It's not likely that they would attempt active attacks to decrypt your TLS web traffic. I'd assume they won't be able to read the full contents of those sessions.
STARTTLS on mail is a slightly different story, though I'm going to assume that most of the established compaines are smart enough fo avoid email snooping.
You might, however, be surprised at how much you give away via the metadata associated with your web browsing.
You don't need to compromise HTTPS. You need to get your cert onto the trusted list on the device. "As part of the setup for Comcast-Super-PlanTM please run this script" is enough to let your ISP terminate the SSL connection and restart it so they can read content. In the worst case, they can pay a company like Lenovo to stick their certs on devices on day 1.
I am curious whether any companies are concerned about this for employees who work from home. Can ISPs resell business espionage to the highest bidder? Not all employers are savvy enough to provide and require VPNs.
The article's main argument is that the ISPs are selling something that doesn't belong to them, but to the consumer.
I don't like the idea of my personal information being sold, but how could you state this as fact? Shouldn't it be up to the consumer to choose to do business with a company that sells your personal info vs a company that does not?
I have a single altenative ISP that offers over 15 mbs, there is no fiber in my area. I live in New York. not the city, and I do not live 'upstate'.
as the above pointed out to your comment, it is very difficult to chane ISP's I am not happy with mine and I do not have an alternative. my unhappiness came way before this bill.
Ideally, that may be true (though whether people realize the value of their online data is unclear) - however the market for internet service is far from perfect. Over half of Americans only have one choice in broadband providers (at 25Mpbs), and just under 15% have more than two to chose from (at any speed)[1]. The cost of entering the broadband market and laying last mile cables is simply too high for there to be meaningful competition in much of the US. Hopefully, a policy like dig once[2] will eventually create real competition in ISP market, but until then the largely monopolistic ISP industry cannot go unchecked.
"For decades, in both Republican and Democratic administrations, federal rules have protected the privacy of the information in a telephone call. In 2016, the F.C.C., which I led as chairman under President Barack Obama, extended those same protections to the internet."
Regional monopolies are tolerated and the companies benefit tremendously from legislation and regulations that make it near impossible for meaningful competition to exist. Ideologically, the "harmful regulation" rhetoric is incredibly hypocritical.
Which is to say: most consumers have no choice among providers. That fact is a result of government action. If companies would tolerate legislation that would encourage increased competition in exchange for the right to sell consumer information, then you would be right. Of course, that isn't what happened here.
> Shouldn't it be up to the consumer to choose to do business with a company that sells your personal info vs a company that does not?
Ideally, yes. But there's a lack of competition in the ISP industry, due to either government-granted monopolies or plain old high fixed costs, which create a barrier to entry.
Though, the historically low interest rate environment should minimize this "barrier to entry" issue.
Time to roll up our sleeves and get to work. I've watched the tech community battle back many times: PGP, SCO Unix vs Linux, WebStandards.org, etc.
How do we fight this using software? Remember that many of the innovations came from single individuals. Is there a way to have a fully private, fast communication between two computers when we know everything we do is being saved and analyzed? Because that's all the Internet really is, whether one of those computers is a web server and the other a browser or any other infinite combination.
Concur with your recommendations. Would throw some caution on the OpenDNS recommendation, though. They're U.S. based and owned by Cisco. Depending on your threat model, this may or may not be desirable.
Yes VPN is a good answer here, but another idea to make the data they collect and sell less useful would be something like https://github.com/WhiteBeachStudios/cyberflare to hide your real usage habits among a bunch of artificially generated traffic.
CyberFlare looks interesting, thank you for sharing. If anyone knows of similar tools or a guide on using CyberFlare I would greatly appreciate the information.
Encrypted VPN that doesn't keep records (I like NordVPN, but have had good experiences with others like IPV and PIA), uMatrix, uBlock Origin, and don't forget to turn on your user agent spoofing options.
That's where a decent router that can support your VPN comes in. Look, I grant you this is not perfect, and there is no perfect enduser solution, but if you want to stop the bleeding, that's how.
VPN is a solution but requires trust in VPN provider. OpenVPN on a VPS can help. Also, consider DNS traffic can leak information, but I've not read of a fool proof way to fully protect DNS queries.
I use a VPN, but I have to turn it on for each device. Is there a good way to set up my router to automatically push all traffic through a VPN? I'd probably need to make exceptions for stuff like video traffic.
You can install Tomato (http://www.polarcloud.com/tomato) on a compatible router. It has a bunch of options for routing all/some/groups of devices through various VPN's. This might be a feature in newer stock router firmware too.
One idea that I have been running through my head for awhile is a Tor like onion router that could be funded by a special cryptocurrency. This would mean each relay would get some amount of money for passing a packet on to the next relay. Ultimately this would solve two problems with Tor: speed (as it is paid there would likely be more relays with faster connection) and issues with spam (DOS over the network would cost a lot more.) Obviously it would suffer from some anonymity issues that would need to be solved as you are paying and it could be traced. I don't know if this idea would solve the issue in this case but I figured I would mention it.
Might be an ignorant question, but could individual websites do more to prevent an ISP from seeing your activity on the site?
I know HTTPS should be able to help (?), but ISPs can still see the domain you're visiting and get metadata on the encrypted traffic, which can be revealing.
Are there architectural or tech stack decisions a company could make that would basically lock an ISP from knowing anything except the root domains you visited?
What I want is a way to tie my own VPN to something like my Apple id and have it auto configured anytime I move to a different device. Right maintaining VPN clients on a range of devices is a pretty big hassle. I'm not saying I want Apple to run vpn services, I just want an easy way to manage vpn configurations on personal devices.
I really doubt it. First, the Constitution places limits on the government; not so much on contractual agreements between private parties. What you and Comcast agree to just has to avoid depriving you of basic human rights (i.e., you can't sell yourself into slavery).
Even ignoring that, you give up most constitutional privacy claims if you start disclosing the information to third parties. The ISP is a permanent and necessary third party here. If you tell your ISP that you want to go to ihaveherpes.com or whatever (by asking them to route your traffic there), then I'm not sure you have any claim to privacy as it pertains to a conversation between you and the herpes people. You willingly gave the ISP the information.
That's why we need legal protections like the prior FCC rules. Because by necessity, you need something above any bare constitutional protection.
I use PIA (https://www.privateinternetaccess.com/) and don't have any complaints. They have apps for every OS, servers all over the place, and don't log anything. If you search around you can find a deal for 2 years for $60.
> Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”.
> Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (81 Fed. Reg. 87274 (December 2, 2016)), and such rule shall have no force or effect.
S.J.Res. 34: A joint resolution providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services”.
The Hacker News mods should comment why this post has been 'bumped' from the top spot and why it's title is no longer the original title of the article.
A moderator replaced the original title (which was absolutely as linkbait as they come) with a representative phrase from the article. This topic has been discussed extensively already, so this article received many user flags as well as the standard penalty for follow-on posts.
For example was on the front page for less than 2 minutes before disappearing with zero discussion nor reasoning. Even though it contains extremely Hacker News friendly analysis and discussion.
HN needs to come clean, is the no politics rule continuing? Or are the politics of the moderators or the "politics deemed appropriate" going to continue to rule?
> HN needs to come clean, is the no politics rule continuing? Or are the politics of the moderators or the "politics deemed appropriate" going to continue to rule?
You're not asking this question fairly or charitably, but that story wasn't touched by moderators. The detailed mechanics of the site are not completely transparent for obvious reasons. On the flip side, we're happy to explain when the community has specific questions. The best way to ask those is via email at hn@ycombinator.com.
I get you'd like to avoid spammers, bots and etc, but its not at all fair to claim you're not playing politics.
> but that story wasn't touched by moderators.
Is uncharitable as it gets. I cannot verify it. Based on 3163 days of intuition I can see "ahh yes sometimes stories get unfairly flagged automatically" but I can I also see that 1) Its political 2) It discusses a YC company in a not so appealing light.
I'll take your word on it here that nobody touched it, but I honestly see stories disappearing every day whenever they so much as negatively glance at YC/Investments or Politics that benefit YC and YC Investments. (Many former YC companies will more than likely benefit from being able to purchase our browsing history, for example.)
Let me try to allay your concerns. The story you linked to was penalized automatically. There's no moderator penalty on it. No moderator may even have seen it.
It's common—standard, in fact—for politically committed HN users to believe that the site is secretly aligned against their politics. That's mostly not because it is; it's because humans typically perceive their side to be at a disadvantage. I wrote about this here: https://news.ycombinator.com/item?id=13932041, with links to plenty more.
You'll notice I said "mostly". That's because I have no way of guaranteeing that our own biases (which, being human, we have) don't affect moderation. I can't even guarantee that to myself. But we do work hard at it and have a lot of practice. If you know of any large community on the internet where that's more true than it is here, I'd like to see it.
Lack of bias is never perceived as 'lack of bias'; it's perceived as strong bias in favor of the opposing side, in proportion to the strength of one's own views. That's unfortunate for us, but it's how the human nature cookie crumbles.
Can you verify any of the above? Not fully, nor could you with more data. A quantum of trust is necessary for a community to function. If we say we didn't moderate a story and someone doesn't believe us (meaning, among other things, that they think we'd be dumb enough to lie), I doubt there's much we can do.
If you still have concerns, feel free to send them to hn@ycombinator.com.
Thanks for the detailed followup. I will admit that I have been less than charitable.
If this https://news.ycombinator.com/item?id=13108404 had never happened I would have far fewer concerns. Since that week I've been keeping an eye on all posts that vanish from the front page or get severely punished and politics seems to get the axe more than not. Again this is N=1 and not a "study" and contains all of my biases.
Sorry for being disgruntled. I overreacted to what I perceived to be a policy that has continued for over a week.
I did one google search and found https://www.theverge.com/2017/3/29/15100620/congress-fcc-isp... and is fully sourced by generally reputable data. I'd be just as pissed if Democrats sold us down the river, which I am about Obamacare several years ago.
Why was the title of this post changed retroactively on HN ? The article is an op-ed with the title "How the Republicans Sold Your Privacy to Internet Providers".
What part of saying privacy/security comes at cost is trolling? It does. Whether you pay money directly or for lost access to features like persistent geolocation, using closed source internet-connect applications, etc, etc.
The Supreme Court recognized on multiple occasions that we have a right to privacy. In this specific instance, protecting privacy comes at no cost to an ISP, as they simply do not collect or sell your data. They literally have to do nothing, as setting up the systems to collect and opening the channels to sell takes work. This nothnig more than money grab.
> The Supreme Court recognized on multiple occasions that we have a right to privacy.
The right to privacy... from the government, not private businesses.
There are privacy regulations which affect private business such as HIPAA. But these are not 'rights'.
And just because they are regulated doesn't mean they are effective at the intended or worth the significant costs of implementation - which is the critique here. So unlike government where the risks are a certainty (because we give the state a monopoly on violence and other powers), the risks of private companies selling data are not nearly in the same league, regardless if you believe regulations are the way to go.
I personally would like to be able to invest money so we don't have to worry about ISPs selling data. TLS/VPNs are a solved problem. Same with the opportunity to use adblockers... ad companies collect as much data and that is entirely unregulated. No one seems to care. We just say 'use an ad-blocker'... a private solution. 'Do not track' regulations were a total failure.
The first part you're correct about, so no argument there.
The second part sounds like a "private, free market" solution, which has had, at best, limited results. What's to prevent an ISP from simply prohibiting customers from using a VPN? If Netflix and Hulu can do this, why not Spectrum or Comcast? Your claims about ad-blocking can be used against you since there are companies that will prohibit you from using an ad blocker.
This is exacerbated by the fact that in many areas, there is only one ISP available, so there is no free market. Additionally, these companies will use any means to slow down or stop competition, so that's not an option. In this case, the government is the only organization that can effectively regulate these companies.
There is no right to online privacy. Full stop. If you'd like for an ISP to provide you with an additional benefit, there is nothing stopping you from writing them and asking to pay a premium for them to not track/sell your information.
They have a right to offer you a price, and you have a right to accept or deny their offer. You also have a right to cancel their service and switch to a provider who satisfies you as a consumer.
Clearly, government ordained rights is the only way to stop data from being sold to evil marketing companies! To believe other viable options exist is crazy, you must be a troll! /s
That's how partisan worldviews work, my ideology is good, to believe otherwise is unfathomable / malicious / the agenda of a conspiratorial paid shill. There's some great literature on this subject, the left is particularly susceptible as their worldview tends to start from a smug all-knowing-esque position. But the right is hardly immune to this either.
45% of the top websites online have TLS by default and growing. Most home internet is shared among various people and most valuable data (ie, identifying data) is almost always encrypted these days. I can't imagine it's very valuable as it is and clearly the value is diminishing as privacy activists like myself push for TLS adoption and better OS defaults.
Yet despite previous ISP privacy laws, there's still a massive billion dollar marketing data industry collected from ads, rewards cards, credit card usage, etc, etc. This is like creating a huge fuss about a fly while a jumbo jet gets let through.
> Clearly, government ordained rights is the only way to stop data from being sold to evil marketing companies! To believe other viable options exist is crazy, you must be a troll
You're from Canada, so your government has implemented strong privacy laws. What you may miss out on is that the usual response to this involves either individual responsibility or a free market solution.
The problem with both of these is that ISPs in the United States are powerful, and in many cases, hold either monopolies or non-competing duopolies is a region. There is no "free market" solution. Claims there are ignore the reality that ISPs will use any means necessary to slow of halt competition. Google Fiber is an example of that. Individual responsibility would require everyone to set up VPNS. For some people, that is beyond their means or their capability. It also is, as I said, an arms race. An organization can detect if you're using a VPN and either throttle or ban you from their service. If you live in one of those areas with a monopoly, you're of luck.
I have yet to see either logic or reason in your posts. However, using a fresh account with a username clearly meant to incite is not exactly a subtle tactic.
Unfortunately, this does not answer my original question. Please provide me the constitutional amendment that grants individuals the right to privacy while using the internet.
> Oh how nice of Tom Wheeler to play the good-guy now. It took a lot of public outcry for him to change his tune about Net Neutrality.
That's wrong. He was for net neutrality from day one at the FCC.
You are probably thinking of the first net neutrality rule he proposed, which would have allowed for paid fast lanes, and interpreting that as somehow not being for net neutrality.
When he proposed that rule that was about the strongest net neutrality rule possible without reclassifying ISPs as common carriers. Reclassification was a very risky approach, with probably at least an order of magnitude more chance of not surviving. He did state that he was open to that approach, if the comments on the first proposal indicated that there was enough support for reclassification.
> You are probably thinking of the first net neutrality rule he proposed, which would have allowed for paid fast lanes
That was the second; the first he got passed did not, but it was struck down by the courts for exceeding the power the FCC had without Title II reclassification. The draft of the replacement might have allowed paid prioritization (it was clearly not intended to, but it was limited because it attempted to stay within the boundaries of what would pass muster without Title II reclassification.) The final replacement order opted for Title reclassification, and was not only stronger than the draft, but stronger in many ways that the 2010 order it replaced.
Wheeler was always on the side of net neutrality, and in fact his actions in favor of it are one of the main reasons the issue became well known.
> Oh how nice of Tom Wheeler to play the good-guy now. It took a lot of public outcry for him to change his tune about Net Neutrality.
Tom Wheeler was the driving force behind all of the FCC net neutrality efforts, including early case-by-case actions, the 2010 Open Internet Order and the 2015 Open Internet Order. The idea that he was somehow an opponent of net neutrality mostly comes from ab unfair set of hit pieces in popular outlets (including, notably, Jon Oliver's Last Week Tonight) based around some groups (legitimate) concerns that the first public draft of the 2015 order (written to address the court decision striking down the 2010 order) was an insufficiently strong instrument.
We need to laud people who change their positions for the better, not continue to becry them. It's harder for people to admit they are wrong than be right in the first place.
Key features:
For VPN, DNS, and adblock I want the option to use servers & block lists maintained by the paid service, augment them with my own, or use my own exclusively. Bonus points for rotating requests between providers.Does such a product exist? I think I could hack together something similar using DD-WRT[1], but I'm confident the maintenance hassle will eventually outweigh my desire for privacy. #shutupandtakemymoney
[1] http://www.dd-wrt.com/site/index