Which is why they lobbied for the bill to be passed, right!
It'll be just like the FBI v Apple saga. "We need the courts and Congress to give us some very specific powers."
"Wow, thanks for doing that! We see people are pretty mad for legitimate reasons. Don't worry, we are not going to use those powers we asked for. We're only going to use it to go after BAD GUYS. Trust us!"
It seems to me that my internet connection is the same as a telephone connection. The telephone company cannot listen in on my calls to see if I mention "aspirin" then try to sell me aspirin. The same should go for my internet connection. The content should be completely private, including the metadata such as browsing history.
Even with that analogy, the telephone company can see which numbers you dial, and when. It can make inferences based on that. Did you call an escort service at night and an STD clinic in the morning? Do you regularly call televangelist donation hotline numbers? Do you get a lot of calls from recruiters? The phone company knows all of that stuff - it's one of the issues with the NSA's collection of "just metadata".
The answers should be yes and yes, for simple reasons - It's utterly unenforcible otherwise, and corporations need a significant amount of those inferences for normal operation. People in town A are calling people in town B a lot? Maybe they need a direct line or to upgrade their infrastructure to handle it.
Obviously, there's caveats; but for the most part those should be covered by other antidiscrimination laws, not telecom specific legislation. Telling that you call your rabbi once a week might give them clear signal that you're jewish, but they should be prevented from discriminating against you because you're jewish, and that should be enough reason to prevent them from fishing through their records to see who's a jew.
> ...but they should be prevented from discriminating against you because you're jewish
You can't have it both ways. Either a business can be regulated or it can't.
And why does it have to be the business itself only must be prevented from discrimination? It's certainly possible for a single employee to send likely names of Jews to hate groups, even if the business doesn't condone his behavior.
I'll admit; I am trying to have it both ways. The way I see it is - These things are very, very hard to find and prosecute. Therefore, we should spend the time finding and prosecuting only the most egregious offenses - And accept that since we'll never prosecute more minor offenses, they might as well be legal.
Seems easier to enforce than say, the SEC regulations against insider trading, and while I am sure most goes uncaught they still enforce it often and thoroughly.
Intent and outcome goes a long way to proving a case here.
I think this whole thing is being driven by Verizon and AT&T being jealous of FB, GOOG, and AMZN. The NASDAQ is setting records and these execs think they can get it on it (or appear to) and see the same results without customer backlash.
Isn't that still the case? I thought this bill would only let ISPs sell aggregated anonymized data. Something like: 60% of our customers use Google, 10% visit CNN.com, etc.
The difference is whether they sell those statistics (as market research) or whether they sell the ability to reach those groups (in which case they're hanging on to the de-anonymized data anyway)
I'm I the only person that thinks that Comcast is saying this as a way to calm people down now. Why did they not speak up before the vote. I suspect that within a few years, once the noise quiets, they'll have a thriving business doing just what they said they would not do.
Apparently, Thomas Jefferson once said, "Once a generation or so, we need a rebellion and the folks who participate should be punished, but not too harshly". I think he was getting at the point of how easily people take their freedoms for granted, and this apathy in turn takes away all the freedoms which were earned with great difficulty in the first place.
Maybe we have reached a point where we need to permit folks (immunity against legal action) to release internal data/documents of BigTech, provided it unequivocally proves that such public statements the companies make are false.
Nobody in the advertising space at least literally sells browsing histories. They usually sell inferred tags of which interest groups or demographics you fit into, selected from massive proprietary taxonomies. So in the literal sense of the word, Comcast can be both technically right and still do exactly what they always intended to do.
With respect, this sounds a little like when Snowden broke, and the NSA said "besides, it's just metadata."
Before I blocked ads, ads would follow me around. The information to do that was collected, and possibly sold, probably not by my ISP. It wasn't "my browser history," but it was as a result of my browsing activity.
This news has thrown around "your browsing history," which is at once sensationalist (because, as you point out, no one is selling that) and obfuscating, because someone is collecting and selling data that comes from browsing activity.
Ads following you around (retargeting) can sometimes be creepy, but no one had to buy and sell your browsing history to get there.
It is entirely a by-product of the fact that ad slots are auctioned off while a page loads, and when someone wins that auction, they can run JavaScript in your browser.
So if they cookie you on their website, then they get to run JavaScript from winning an ad auction on a different site, they can still see their cookies and know it is "you".
Not trying to downplay any privacy implications here, but ad networks and sites where ads are placed don't actually need any of your browsing history to make this work.
(I simplified this somewhat by ignoring the relationship between the actual advertisers and retargeting providers, but that is just more of an economies of scale/arbitrage thing.)
Not an adtech guy... do they actually buy ad slots just hoping that they manage to get someone they can retarget? Or do they know who you are pre-auction so they can bid higher? Just shooting from the hip I would guess the latter is more likely, which means the ad networks would have to have a list of user id, page/product pairs, which sounds a lot like your web history to me.
They know when they bid. The easiest way to think of it is that they check your cookies and have a few milliseconds to decide how much to bid. Whoever wins pays and gets the slot.
They aren't using your web history specifically, because it's actually pretty hard to do a good job inferring things about you in the few milliseconds you have to make a bid. Instead, there are multi-billion dollar companies including Google and Facebook who do the intetpreting for you and sort of offer a taxonomy of audience groups for you to choose from.
So the cookie check at bid time is usually asking one of these middlemen data processing companies for their read on you, which is derived from your browsing history or your Facebook post contents or even what you write in Gmail.
Only thing I'd add is that there are many heuristics for deciding how valuable you are as a pair of eyes. Retargeting is about getting an ad to follow you around the internet. But there's also geographical and demographic targeting, which depends on the advertiser having a hypothesis about which target audience is worth engaging.
There is plenty of material online explaining how all of this works, but you will have a lot of trouble finding primary sources from the companies themselves because they hide it behind "contact us for more information" gateways.
That said, here are a few terms to search as a starting point:
* Ad exchange
* Real time bidding
* Search retargeting
* Data management platform
* Demand side platform
Here are some product names:
* Doubleclick Bid Manager
* Google tag manager
* Google AdX
* Adobe Media Optimizer
And some companies to look up:
* AppNexus
* Bluekai
* Excelate
* Celtra
Finally, I'd set up your own AdWords and Facebook advertiser accounts to play around.
The only thing I would add is that it's more than just browsing data. The data the ISPs sell might get cross-corellated with online purchase histories, search terms, etc.
Right now your "data persona" is mostly obfuscated by market fragmentation and the fact that advertisers wouldn't know what to do with all of the data if they had it. As someone on the "inside", the AI push scares me because it will make actually reconciling all of the disparate data sources both feasible and profitable.
What is more, this is EXACTLY what Verizon said that it would do in the article!
So the way that this works is that you submit a request to Verizon asking about an IP address, Verizon sends it back to you, and then you decide whether to bid on the ad in a marketplace.
The problem arises when some shyster sends a request to Verizon asking, "Does this household both hit Christian sites and gay porn?" Gets a yes, serves an ad for a seminar "to use the power of God to drive homosexuality out of someone close to you", and triggers a very bad conversation between a closeted gay teenager and his very conservative parents...
Selling users' browsing history is like selling the golden goose. It's more rational for corporations to sell ads that are targeted based on the browsing history (akin to selling eggs from the goose, one at a time).
IIRC, AT&T basically has said they MITM all their fiber optic customers to insert ads and track browsing history.
It's not really aggregate data in the sense that any records about you are still individually separated. You're not anonymized by getting mixed into a bigger pool of data points.
The usual rule is that the buyer won't get your records by name but will know more or less where you live, how old you are, political leanings, hobbies and interests, etc.
So you have some anonymized ID number or set of cookies attached to you. However, if you think about it, from the perspective of the advertiser your name is one of the less valuable things about you.
So... you might be anonymous by name, but the name thing is a bit of a red herring.
Considering how capable de-anonymizing capabilities are even a few years ago [1], it doesn't matter if it's "personal" or aggregated, unless great pains [2] are taken to prevent that.
Comcast selling any data is a concern, I will continue to assume my information is being collected and act as best as I can to prevent that (VPN, poisoning my dataflow,etc).
I honestly can't come to a guess. On one hand, making the data anonymous would explain the interest in crazy fingerprinting methods and why companies that do that aren't very well known. On the other hand, I have no strong evidence to support the idea that an ISP would anonymize data given their history of activity in the name of profits and in spite of customer satisfaction.
They've all been selling data for years and this goes into exchanges for the primary use-case of marketing.
The data may not say John Doe, but it's tied to John Doe's device. You can already identify that a user saw an ad on their laptop at home and showed up at a physical location because the mobile device is tied to the laptop and the mobile device spits out GPS data.
So yeah, they might not sell data that says this is John Doe, but it's John Doe and we know where he lives, where he travels, when he travels, etc.
Why do they need to sell browsing histories?
There are numerous way to profit without actually selling history:
1) Come buy our trueTarget analytic service - add a keyword search and out comes the name of every one interested in say "Evening college" (Comcast also has the address on file obviously)
2) Political observers - This Zipcode has the most mentions for "Climate change hoax"
3) Porn/Medical/<other potentially embarrassing stuff> : Too many services here -
None of this sells individual browsing history yet which of these would be certainly illegal?
This is a complete red herring to distract from the Republicans completely disgraceful sell out to big business.
If not illegal which of these would be ok under "we do not see your browsing history"?
So Comcast spent over $1m[0] in donations and more on lobbying for this specific piece of legislation only to turn around and say they won't take advantage of it?
They've just released this statement today because everyone is so upset, they're going bide their time, wait for this to blow over and then quietly start selling more and more invasive customer information. You don't spend millions on a law you have no intention of utilising.
They bring up their "targeted ad network" which you can "opt out" of in the same blog post. I wonder what "nonsensitive" information they'll be providing their ad partners about you? And what is stopping Ad Partners from cross-referencing several ad networks?
Not to mention its a giant monopoly that has very little regulation that matters when you have no choice but to use them. Theres only a few outcomes this will play out to in my mind. Either things will get so bad theyll be split up and/or regulated as a public utility and such, or there will be some sort of big revolution / revolt / underground market (think tor, mesh networks, etc.), OR the populace will be made more docile than they are now big brother style until one of the first two options eventually comes to pass in the wheel of life.
I work for a small satellite ISP, ViaSat (d/b/a Exede). Part of my job is data security specifically for this type of information. We've had it in our privacy policy since Day 1 back in 2012 that we don't give or sell this data to anyone who doesn't actually need it, and certainly not to advertisers. One of the things that makes me proud to work here.
Did they promise not to analyze my browser history to figure out what kind of consumer I am, how much money I have, whether I have kids, etc, and then rent access to that information through a targeted ad delivery service?
Gonna guess no. This seems like an empty promise designed to fool people who just don't understand how "selling browser history" is actually implemented.
What they did not say is the how they will monetize the data. There is no "if", they are a business and they/their ilk just bought the reg/dereg to make their business more money. Full stop.
i was hoping all of this was a april fools joke but sadly its not. Obviously they will sell the acitivities. If you keep milk infront of a cat, she will obviously drink it. Guess we will have to turn to privacy guarding services like tor, purevpn and duckduckgo. I wonder which right will be removed next? We should buy their history to be put on display. Then they would know how it feels
I want it, in writing, as part of my contract (with spelled out liability and fiduciary damages), or the claim is not worth the bytes transmitted over the internet to make this statement.
"We do not sell our broadband customers’ individual web browsing history. We did not do it before the FCC’s rules were adopted, and we have no plans to do so."
He didn't say "we won't". He said "we aren't currently" which means "we're keeping the option open but we're trying to sound good right now".
Economics. The have a monopoly on this data. If they sell the raw data, they are necessarily equipping a competitor. Or they can sell the high level insights that will presumably have a larger profit margin.
A promise by a for-profit company is hilariously useless unless they bake it into a contract. The leadership have an obligation to shareholders to break promises if it improves profitability.
> The leadership have an obligation to shareholders to break promises if it improves profitability.
Officers of a corporation have a responsibility to act in good faith for the best interest of its members. But that can include acting in long-term best interests too.
Contrary to what you may believe, no one will indict Comcast leadership for not harvest and selling info.
Also, remember "good faith". E.g. MS shareholders can't indict leadership for Windows 8 ;)
Morality has naught to do with it. Economics dictate that shareholders will dump Comcast for more profitable companies if they feel Comcast is no longer attractive enough, or if comcast is able to generate additional revenue by selling ads, then reward by buying more and driving up its price
Like their data caps. A while ago I saw a progress bar on my account page. It had a caption: "For informational purposes only" and was a data usage bar out of ~300GB.
News picked this up and Comcast said: "No, we aren't doing data caps at this time".
Months later, they formally rolled out data caps of 300GB.
Even if they mean well, eventually a board member is going to wonder how to make the next $250M. Then this idea will come up. If it's not expressly forbidden, and it will boost the bottom line, eventually somebody will be compelled to do it. Fiduciary responsibility and all that.
... for now. Once the news cycle ends, Comcast will be one of the first companies to sell this information and make tons of money. Verizon is already there[1].
After many years of frustration and disgust, Ive been pretty happy with comcast in the last couple years. Reputation matters. Hopefully they keep it up.
Comcast also quotes grossly unrealistic bandwidth ratings on their service packages, and makes laughable claims about the availability of tech support and field techs. Comcast says all kinds of stuff.
Maybe those in control of ISPs realize that they have no individual protection from this practice, unlike other shady practices like inaccurate billing and poor customer service, and genuinely have no interest in doing so.
Update: I'm not asking sarcastically and my hope is obviously full of optimism.
Can someone explain to me why there is no Federal regulation requiring the ISP, and anyone else collecting data on us, to provide full disclosure to the customer whose data is being collected? Also, why are there no laws requiring an audit process on erroneous data?
In America, the credit reporting agencies are required to provide a free detailed report annually and there is a legally-mandated dispute process in place for false/erroneous data. Why don't we have the same protections/process for metadata collection?
Instead of expecting data-collecting companies to police themselves, we must insist on regulation requiring free, full disclosure of all data collected and a legal process to have false/erroneous data collection challenged and removed.
The biggest danger is not that they collect this information, but that there is no AUDIT PROCESS to correct false information.
I'm not really sure what answer you're looking for here. The basic answer is that the system is corrupt and the interests of big corporations are heard much louder than the interests of individual constituents who don't have as many dollars to throw around capitol hill.
The reality is: privacy is no longer possible in a connected world. So, rather than worrying about collection/privacy. Maybe, the best use of our energy is best-spent trying to pass laws that standardize disclosure to the customer and the mandating of an audit process...?
Privacy is completely and entirely possible. It's not good for corporations, and they literally own the US Congress, so that affects everyone else in the world.
Reading through all the comments, it seems they could play with the wording and sell aggregate data.
The end result of all this is that the data is sold to some company that is either the end company or some intermediate company.
From that you get some creepy ad emailed, physically mailed, or you get a call on your cell phone about Solar panels and a trip to the Bahamas.
It would ideal to have a list of the end company that delivers this creep so consumers as a group to make an informed choice if they wish to do business with companies taking part in this.
This whole debacle is an incredible opportunity for any small ISP upstart. It's a shame that it's so difficult to build an ISP in the current market due to federal and state regulations that the big telecoms lobbied for.
If people had alternatives which touted privacy, security, speed, price, and had the right network backbone there would be a deluge of customers migrating away from Comcast, AT&T, Verizon, etc.
Not of its made a public utility or whatever, infrastructure seized or whatever it is they would need to do to like what was done with telephone lines. Unless you are referring to the current state of affairs.
I'm referring to the idea of a "small ISP upstart". A public utility approach is an entirely different thing with different problems. The physical infrastructure is still expensive.
Very few sites have everything on a CDN, and that's not really possible for a large class of websites. So they can get IP addresses for web servers, which with reverse DNS they can get the domain name. They can also analyze the number of incoming versus outgoing packets to make certain inferences, like being able to tell whether you're watching a video on Facebook or upload one. That last one isn't that useful for advertising or anything, though, and requires TCP sessionization, which is tricky to scale, so I doubt they would do that.
Well currently name resolutions are not encrypted and I don't think it is technically possible to encrypt them, so we definitely aren't good. Asking everyone to route through a CDN is a bit impractical as well.
> If name resolutions were encrypted, we would be good, or ?
No, HTTPS Server Name Identification[1] means that domain names are still sent in the clear so that multiple HTTPS sites can have one IP address.
They can also see how much data goes is transmitted to which site, when, and for how long, which lets them infer all sorts of other information about your activity
Its too late for talk like that. I've shown my friends and family how to use a VPN, and explained why it is so important. Eventually I'll roll one myself that we all use. And maybe, just maybe we can all put an end to this evil if we each act rationally.
Charitable interpretation: Comcast thinks that being the one ISP not to sell your browser history will be a market differentiator.
Uncharitable interpretation: Comcast is a content provider in addition to an ISP. Their interest is in using the data themselves rather than selling it.
I know I should be cynical, but as a Comcast customer I appreciate the gesture. These days I'll take what I can get, and if private companies are the only ones to even half heartedly act in the benefit of ordinary people so be it.
This is super pedantic, but it can be confusing to call Comcast a "private company", which implies they are privately owned (which they are not, they are NASDAQ:CMCSA). The proper term is a "private sector" company. Minor nomenclature nitpick, just trying to keep everyone informed and make sure that the terms "Privately Owned" and "Private Sector" don't get conflated.
Assuming every site is using https I'm not sure how they would be able to make money off of this with web based advertising since you can't inject ads. Does anyone know how else they could make money?
Good old fashioned junk mail, background check services, and consumer research?
Even if they keep their literal word and don't sell your actual history, and you use SSL so they can't see specific content, they can certainly make money by identifying traffic profiles by domains/times/frequencies/etc.
When people started complaining about internet privacy.
But remember, the Chief Human Resources Officer historically isn't on the side of employees. I'm of the view point that the CPO (*) isn't on the side of consumers. But it looks good to have one.
uneducated people here. obama pushed the flawed rule in just before leaving office just to evoke this type hysteria. the way things are now is how they have been forever.
How many times do we need to be fooled? We've seen enough of corporations behaving badly and doing the exact opposite of what they claim. What reasons do we have to believe they are telling the truth?
It'll be just like the FBI v Apple saga. "We need the courts and Congress to give us some very specific powers."
"Wow, thanks for doing that! We see people are pretty mad for legitimate reasons. Don't worry, we are not going to use those powers we asked for. We're only going to use it to go after BAD GUYS. Trust us!"