What about traffic passing through the US in relation to services provided outside the country such as consumers in the EU? Won't make this development weaken Privacy Shield even further?
The US House of Representatives has just approved a "congressional disapproval" vote of privacy rules, which gives your ISP the right to sell your internet history to the highest bidder. The measure passed by 215 votes to 205. This follows the same vote in the Senate last week. Just prior to the vote, a White House spokesman …
Tuesday 28th March 2017 21:16 GMT Doctor Syntax
Wednesday 29th March 2017 18:50 GMT BillG
Re: Oxymoron alert.
Does anyone not believe that ISPs are selling your info anyway?
The Google Rule: Once a company has your private information, they will ignore laws and EULAs and sell it anyway.
This should be a Ferengi Rule of Acquisition.
That's been proven again and again. Doesn't make it right. Me, I'm looking to use a VPN from home from now on.
Wednesday 29th March 2017 07:23 GMT Lee D
It's always been the case under EU data protection that your data can't safely pass through the US anyway. This is why Facebook et al set up EU data centres and refuse requests from US authorities to just pass on information.
The Internet, from your ISP onwards, is still - and always has been - an untrusted connection. If you're transmitting things in plain-text through it, even to next-door, then you're at risk of your traffic being snooped and need to protect, encrypt, VPN, etc.
This won't make any difference to that.
However, I do love the irony of all those years of having US people accuse the UK of playing "Big Brother" when in reality they are years ahead of us in that regard.
Tuesday 28th March 2017 19:59 GMT frank ly
You are what you read
"... whether you have any medical conditions; and so on ..."
Any time I read about or hear about some medical condition, I read about it on Wikipedia (and other sites) and follow any interesting looking links. If a similar law passes in the UK, they'll send a medical SWAT team round to my house to seal it off and isolate me.
It may be time to start using a VPN more often. The Opera browser has a free one built in to it.
Note: My ISP (Virgin Media), along with others I'm sure, has the ability to inject their own tab into my browser session to show me anything they want. They have used this technique in the past to nag me about selecting a service option. I would not be surprised if the ISPs themselves started injecting adverts into their customer's browsers in this and other ways.
Tuesday 28th March 2017 20:15 GMT Chris 244
Tuesday 28th March 2017 20:22 GMT Anonymous Coward
Re: You are what you read
If a similar law passes in the UK, they'll send a medical SWAT team round to my house to seal it off and isolate me.
Don't forget under RIPA and DRIPA, GCHQ already have access to this. As we've repeatedly seen this additional hay doesn't help them find the needles. My wife works in child and adult safeguarding, and the sort of things she searches on from our home computer, well, you don't want to know, and you REALLY wouldn't choose to have logged. But after some years in this difficult line of work, we've not had any knocks at the door.
Which either means they're (a) clever enough to properly discriminate different types of search, or (b) they're utterly swamped, and utterly hopeless. My money is on b.
Wednesday 29th March 2017 06:59 GMT Anonymous Coward
Re: You are what you read
"Which either means they're (a) clever enough to properly discriminate different types of search, or (b) they're utterly swamped, and utterly hopeless. My money is on b."
It's option C - you are known about but are not important enough to the authorities to threaten or jail you. Yet.
Tuesday 28th March 2017 20:21 GMT Oh Homer
Tuesday 28th March 2017 20:22 GMT Dwarf
And they claim to be the land of the free
I can see fun to be had here - go to a neighbours, borrow their wireless and search for lots of random things, then see what the marketeers make of that. The real people who buy the Internet connection then get lots of random and probably inappropriate things marketed to them. This then causes awkward conversations when people try to explain the marketing offers to their other halves ..
Same for the kids browsing when the parents get things marketed to them or vice-versa.
Like many things with a trump badge, its really not thought through is it
Tuesday 28th March 2017 22:13 GMT JetSetJim
Re: And they claim to be the land of the free
On a similar note, but unrelated to ISPs, a friend of mine outlined a prank where a group of people injected white text with strange phrases into their emails to a friend's Gmail account. The target was somewhat puzzled by the subsequent appearance of numerous adverts for goat-related products after this
Wednesday 29th March 2017 01:48 GMT Mark 85
Re: And they claim to be the land of the free
You raise an interesting point. How granular will this be? House level? Computer level? We have 4 computers networked via router. So when this data gets pasted to the marketers (and probably miscreants, etc. via "purchase of the data" which computer will get tagged? All?
Oh the fun and games are starting....
Thursday 30th March 2017 15:24 GMT Grunchy
Tuesday 28th March 2017 20:46 GMT YARR
Is it April 1st yet?
What a ridiculous law! If this had been in the headlines sooner there would have been time to co-ordinate a legal protest in the public interest. I can't see how anyone representing the public could have passed such an obtrusive law - our internet history should be considered private information except what you choose to share.
What's to stop someone buying this data and publishing it for all to see? If everyone could see their neighbour's internet history that would surely wake people up to demand their privacy. Any ISP that promises not to share your internet history without charging a premium will corner the market. But I guess not everyone has a choice of ISP.
Tuesday 28th March 2017 21:00 GMT Adrian 4
Wednesday 29th March 2017 04:51 GMT Anonymous Coward
Wednesday 29th March 2017 15:41 GMT JLV
Ah, thanks for enlightening us. I was expecting some kind of rant from Breitbart, but it's all very clear.
The gist, cited about 3-4 times, just in case you were wondering how the heck your lawmakers were looking after your interests:
>The FCC will soon return broadband privacy policing to the Federal Trade Commission, where it belongs, like all online privacy.
So, this is NOT about Americans' privacy getting sold out at all. It's about fixing a regrettable bureaucratic turf war.
The FTC, rather than the FCC, will now soon step in and prevent ISPs from selling on your browser history for no discernible purpose other than making some extra $$$. Poor ISP companies, spending all that dosh wining and dining pols, just to have re-lobby all over again at the FTC.
Thanks for clearing that up.
Wednesday 29th March 2017 20:18 GMT tiln
Thursday 30th March 2017 05:45 GMT JLV
> Did you seriously read and now you are quoting a Breitbart article?
I originally downvoted him, but the bit about his mostly agreeing with El Reg clued me in that he's likely just quoting Breibart.
Which is very appropriate, IMHO. It pays to understand what kinda Doublespeak is being used to sell something which has _no_ tangible benefits to the affected people at all.
If you take The Wall, or The Muslim Ban, then though misguided, they at least pander to the prejudices of the core Trump supporters. Ditto increased police snoopiness laws.
Did those Trump supporters realize Washington was going to allow large telecoms (often monopolistic in rural areas) increased leeway to invade their privacy, without upside whatsoever? I guess they didn't and with helpful newsites like Breitbart they are still dupes.
Wednesday 29th March 2017 16:06 GMT vir
From El Reg:
"How are consumers protected? According to Flake, by not having their ability to receive information about "innovative and cost-saving product offerings" limited."
You can't make this stuff up.
Now, do you think that the legislators who voted for this will finally confront the depth of their moral vacuity when:
a) the inevitable hack occurs
b) the inappropriate/embarassing ad pops up on the home computer
c) what's that? I can't hear you from behind this pile of money
Tuesday 28th March 2017 21:21 GMT DougS
Perfect example of conservatives' foolish anti-regulation fetish
Since too much regulation is bad, which is a quite reasonable position to take, by extension they decided all regulation is bad. Because some providers governed by different regulations didn't have to protect your privacy, the solution was seen as "remove privacy protections from all providers". The option of "impose privacy protections equally for all providers" didn't occur to them, because it would mean adding regulation, which is automatically bad.
If there was a lot of competition amongst ISPs this wouldn't really matter, you could choose one that makes a commitment not to sell your information. Unfortunately most people have only two choices, their cable provider and telco provider, and in some cases the second choice is pretty slow so it is effectively a monopoly in their area. What's their choice if they want to preserve privacy, go back to sending paper letters like some kind of a wild animal?
More competition will come once fixed wireless broadband arrives, but not really. You'll have AT&T (who already sells internet service in some areas) or Verizon (ditto) that don't really add much to the selection. This would be a good opportunity for a lesser player like Sprint, but I wonder if there's enough of a market for privacy protection that people would switch over it?
I think most people are ignorant of it, or have resigned themselves that it isn't a battle worth fighting, so they carry their Google spy-phone with them everywhere they go, talk in front of their Amazon spy at home, meaning that selling them spy-free internet service wouldn't be easy.
Tuesday 28th March 2017 21:47 GMT alain williams
Tuesday 28th March 2017 22:04 GMT JCDenton
""American consumers should not have to be lawyers or engineers to figure out if their information is protected," Pai recently told Democratic lawmakers."
So...the solution is to just remove all protections? Oh how fast America has fallen. Not even 4 months now...
"Sen. John Cornyn (R-Texas) argued today that the privacy rules "hurt job creators and stifle economic growth." Cornyn also said the FCC's privacy rulemaking involves the "government picking winners and losers," and was among the "harmful rules and regulations put forward by the Obama administration at the last moment.""
Stifle economic growth? You mean prevent monopolies from making buckets of money while limiting their customer's privacy. Welcome to Trumpmerica.
Wednesday 29th March 2017 09:46 GMT LDS
""hurt job creators and stifle economic growth."
They now have a template document with those line to justify everything. Actually, it's easy money from cheap sources that ""hurt job creators and stifle economic growth". Look at countries living out of raw materials - very little need to innovate and create more industries and (better) jobs. It's no surprise many of the most innovative countries are those were resources are or became scarce.
ISPs that makes a lot of money by reselling user data will have *less* incentives to find other source of revenues. Just sit there, people will use the Internet and money will come in. You can even ask money to those who don't want to be tracked - so earn money without actually doing anything and even saving resources.
Anyway, if you look for a job you have now coal mines to work in... and because "all regulations are wrong", I wouldn't bet about the safety rules there...
Tuesday 28th March 2017 22:22 GMT Mark 85
So in a house with 3 or 4 people with computers... will it be fine tuned to the individual computer or to the "house"? This could be bad news for some folks if someone starts getting ads based on someone else's browsing preferences.
On the other hand, I suppose I could create much mayhem by using the neighbors WiFil....
Wednesday 29th March 2017 07:48 GMT Aristotles slow and dimwitted horse
I assume if all of your home PCs or devices connect to the internet through the central router provided by your ISP then your ISP would see all traffic from those devices aggregated via the WAN IP and stock DNS addresses that your router has. I'm not sure they would be able to get "per device" granularity - but I'm sure someone more knowledgeable would be able to answer that better.
My advice... ditch the stock ISP router if you can, or at the very least put it into "modem only" mode as you can with Virgin Media ones, and replace it (or stick it behind the B/B modem) with a SOHO one that has enough horsepower and an OpenVPN client baked in - such as the ASUS RT-AC88.
Then configure your router with a paid for VPN service so that everything that goes out of your network is encrypted and only talks to the VPN providers DNS.
Wednesday 29th March 2017 12:24 GMT phuzz
Wednesday 29th March 2017 13:13 GMT swampdog
This vm superhub is reliable(*) in modem mode..
Cable Modem: EuroDOCSIS 3.0 Compliant
Boot Code Version: PSPU-Boot 126.96.36.1991
Software Version: V1.01.11
Hardware Version: 1.03
(*) Caveat. The only thing plugged into it is a physical cable going to all my own kit internally - ie: dns/dhcp/wireless is all done internally.
Tuesday 28th March 2017 22:23 GMT Marketing Hack
And its a forgone conclusion that Trump will sign this.
I guess I can somewhat respect that this will create competition of a sort for Facebook and Google on the ads/browsing data sales side, but basically now you will have a bunch of companies that you have your online history and need to be watched like a hawk.
Tuesday 28th March 2017 22:31 GMT jimbot
Tuesday 28th March 2017 23:05 GMT Anonymous Coward
Useful article! ... But avoid DuckDuckGo
They're too cosy with Yahoo. Instead try EU based Startpage.com. The problem is Yahoo has a giant credibility problem from bending over to US snoops without a fight, and covering up hacks of every single user / account multiple times over. Plus, it'll be worse when Verizon buys them because Verizon pioneered 'Injecting Perma-Cookies to Track Mobile Customers'.
Tuesday 28th March 2017 23:28 GMT Claptrap314
Tuesday 28th March 2017 23:39 GMT Getmo
You like traffic?
This kind of shit makes me want to stand up a Tor exit node in my house. Come get some.
F U congress, enjoy your unemployment next season.
My ISP, and possibly friends & family's ISPs will be getting some stern phone calls for me to unload on. They'll soon know who they're truly beholden to.
Wednesday 29th March 2017 00:55 GMT Robert Carnegie
Thursday 30th March 2017 17:07 GMT Fruit and Nutcase
Re: www'congresspersons-browser-histories.com (if only)
"Campaigners seek 'to sell US politicians' browsing data'"
"This GoFundMe [campaign] will pay to purchase the data of Donald Trump and every congressperson who voted for SJR34, and to make it publicly available."
Wednesday 29th March 2017 03:26 GMT Anonymous Coward
Re. You like traffic
Sounds like a solar powered mesh network that routes traffic via deniable encryption would be handy.
If it also has the ability to switch the band to IR instead of RF this would be handy, not least so all the nodes in the network can route data directly without the normal overheads.
Wednesday 29th March 2017 07:16 GMT Anonymous Coward
Wednesday 29th March 2017 07:29 GMT Potemkine
Wednesday 29th March 2017 07:38 GMT Aristotles slow and dimwitted horse
If anyone one is interested...
...and looking for a VPN service. I did a lot of research and ended up with AirVPN as they came top of my list when addressing privacy concerns. I'm not paid by them or anything - just a recommendation as I know this is a hot topic at the moment.
Agree with El Reg on this one - avoid any free VPNs or free VPN browser "plug-ins" as you need to be asking how they are funding that "free" usage.
For search - use Disconnect or Startpage. Firefox also has some great blockers to prevent sites tracking you - ABP, Privacy Badger and UBlock as starters for 10.
Wednesday 29th March 2017 08:16 GMT StephenTompsett
Don't buy from intrusive adverts!
If people resisted purchasing from intrusive and the 'targeted' or 'tailored' content. The advertisers would stop wasting their money on it. Unfortunately just like SPAM it only needs a few suckers to make the annoyance to the majority of users worth it to the marketing agencies.
Wednesday 29th March 2017 08:49 GMT John70
Wednesday 29th March 2017 12:32 GMT 2+2=5
Agreed. Most fun might be a variation on those bullshit-bingo generators from a few years back. Start with a list of pharmaceutical companies, then a list of their drugs and lastly a list of a few hundred medical conditions. Then issue searches for random combinations of the three.
Wednesday 29th March 2017 08:59 GMT Kevin Johnston
to that plug-in/whatever which sent random search requests while you were browsing (or 24x7 if you were feeling nasty) to mess with any tracking?
Even if there was half a dozen people on the same router, the real data would be swamped with garbage running something like that and the ISPs would soon give up.
Wednesday 29th March 2017 11:47 GMT creepy gecko
Re: Whatever happened
TrackMeNot is an add-on for Firefox (not sure if it works on other browsers, as I've not tried).
It runs in the background doing random searches to various search engines. You've control over the search engines, frequency of searches, and to some extent what the searches are for. You can add search engines, and change the sources of the search criteria.
It's certainly not perfect, but it helps muddy the waters for the ISPs.
Wednesday 29th March 2017 09:02 GMT Quotes
TalkTalk ISP Privacy Invading Bot
I am not sure if this is still active but TalkTalk have a privacy invading bot. When you make a visit to a web page the URL is passed to the Bot, and then the Bot visits the same page, presumably to scrape the content. I noticed this when I spotted double-hits in my web server logs.
In response I have blocked the following IPs so they can no longer access my server. For this reason, I don’t see them visit any more, and that is why I am unsure if they are still active. I assume they are.
Note: TalkTalk employs a Chinese contractor to do this for them - huaweisymantec
The scenario in the US reminds me of the gold old days of Phorm intercepting UK traffic.
Wednesday 29th March 2017 09:31 GMT Quotes
TalkTalk ISP Privacy Invading Bot - still active
https://www.abuseipdb.com/check/188.8.131.52 - This IP address has been reported a total of 58 times. 184.108.40.206 was first reported on 26 Sep 2015. The most recent report was 17 hours ago.
However it looks like the IPs starting with 62.24.* are the ones to be concerned about. Ignore the others.
Wednesday 29th March 2017 10:02 GMT Cuddles
Wednesday 29th March 2017 10:21 GMT Anonymous Coward
Wednesday 29th March 2017 11:56 GMT creepy gecko
Re: So which VPN folks?
Here's one selection of "Best VPNs"...
If you do a search you'll find lots of different lists, but you'll notice some of the same VPN providers cropping up time after time. That might point you in the right direction.
Wednesday 29th March 2017 14:01 GMT Michael Jarve
Phorm is the new norm in Trump's America.
I've seen this coming for a while. Time was that something like this would have created such outcry, investigations and new regulations, even by republicans. Not no more. Indeed, it's been given the government's personal stamp of approval. As has been pointed out before, people may choose to use GMail, The Face Book, etc. but here in the US, where broaband monopolies are not only allowed, but encouraged, we're forced to use their services or do without. I can choose an alternative to GMail, but many in the US, even in large metro areas, cannot choose a (reasonable) alternative to Comcast or AT&T. So, all we can do is tilt at windmills and give up any notion of online privacy. As of now, I personally can't wait to serve our new monitization overlords.
Wednesday 5th April 2017 12:28 GMT dephormation.org.uk
Re: Phorm is the new norm in Trump's America.
When Nebuad attempted to do the same as Phorm in the US, it did result in an outcry and congressional hearings.
You might recall this;-
"Just because I belong to an ISP, doesn't give you the right to track me. If I want to be tracked it should be affirmative... it really should be opt in. Why do I have to opt out. Why should the burden be on the American consumer?" said Bart Stupak.
Now, as I understand it, you have no option at all.
Quite apart from the personal intrusion, it also affects the other party to the communication. It is automated industrial espionage / intellectual property theft that will strip hard working law abiding content creators of their business.
The current vacuum of political opposition in the US (and the UK) is truly terrifying.
Wednesday 29th March 2017 14:05 GMT Am I Paranoid Enough?
My 10 year old grandsons' take on situation in US.
The school bully is punching the crap out of his victim.
A rich kid moans that because the bully is doing his thing, the victim can't get to do his homework now, so he won't get good grades and go to college and rule the world.
Teacher says well hit him harder than the school bully until he does your homework.
If he doesn't do your homework then, we'll suspend him until he does.
Because that's what the new laws say.
The teacher adds, don't worry you won't get into trouble because the new law will protect you and they've made the law so it can't ever be changed again.
Seems to apply here too. Enough Said.
Wednesday 29th March 2017 18:32 GMT Anonymous Coward
The real reason -- No court order to spy on any one in USA
I wondered why.
Perhaps, 1) shift the powers from google and facebook to SP (comcast, AT&T, etc) who were renegaded to dumb pipe vendors, 2) favoring SP lobby, 3) etc..... None of these made any sense -- not against privacy concerns of everyone, republicans, democrats, independents, tea party, coffee party, whatever.
Then it occurred to me that this is the BEST and EASIEST to spy on anyone WITHOUT a court order.
My conjecture and no evidence to back this up. But I believe this reason makes most sense.
Wednesday 29th March 2017 20:26 GMT tiln
Wednesday 29th March 2017 22:46 GMT Crazy Operations Guy
Not the advertisers I'm concerned about
I am worried that the Administration is going to start buying, from the ISPs, lists of people going to certain websites, such as those for immigration / civil rights lawyers, mosques / temples, news sites that disagree with the administration, or pretty much any other website that the president disagrees with.
At the very least, I predict that the Twitter Twat will buy all the information he can about celebrities that disagree with him just to run smear campaigns (and using tax-payer money to do it).
Thursday 30th March 2017 02:16 GMT Lion
Over several years of ISPs collecting and selling PI, everyone will eventually be profiled. Phones, gaming systems, TVs, computers and IOT devices slurping it all up. Politicians have these devices too, so their browsing history and life style choices will be stored and available to whomever wants to exploit it.. Tit for tat as they say.
I would not be surprised if future ISP service agreements state that you can not use any tools or services that prevent them from their legal access to customer data. . VPNs may face legal challenges. This was raised by a poster elsewhere and I think they have a point, so I decided to repeat it.
Thursday 30th March 2017 06:30 GMT FuzzyPicture
This is a job for the FTC not the FCC
The FCC's rules were an overreach and not in line with the FCC's charter.
Customer privacy rules belong to the FTC. If you have a problem, write them a letter. We don't need two separate govt entities doing the same job, growing the gov, wasting tax money and frustrating the businesses wondering who has the whip. Just reducing over-regulation, dont-cha-know.
Thursday 30th March 2017 13:32 GMT Anonymous Coward
Still surprised by this: "A virtual private network is an alternative that will work for lots of people, especially if your work has a VPN service that you can use for free. This again will cut off your ISP's ability to see what you are doing.". Because it fails to add: This will, of course, allow your employer to see everything you do and particularly: If your work happens to use an internet appliance it can see through your https traffic.