• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Invading Subscriber Privacy (ISP) – Daily Security Byte

March 24, 2017 By Corey Nachreiner

Yesterday, the U.S. Senate voted to remove a broadband provider rule that prevents internet service providers (ISP) from selling your personally identifiable information (PII) to advertisers without your explicit consent. If this ruling also passes the House, ISPs will be able to sell your browsing habits, and other personal information, at their whim. Many have pointed out the serious privacy implications of this change, and suggest ISP should now stand for “invading subscriber privacy.” Beyond the privacy risks, I also argue that this change puts your security at risk. Watch today’s video to hear more about this vote, my opinions about it, and what you can do to get involved.

Episode Runtime: 4:10

Direct YouTube Link: https://www.youtube.com/watch?v=oOwjEcr02dU

EPISODE REFERENCES:

  • U.S. Senate votes to allow ISPs to sell your data to advertisers – Ars Technica
  • EFF’s take on Senate putting profits over privacy – EFF
  • Malvertising still a significant threat – Infosec Island

Corey Nachreiner, CISSP (@SecAdept)

Share This:

Related

Filed Under: Security Bytes Tagged With: Infosec news

Comments

  1. Kristy says

    March 29, 2017 at 10:01 am

    With all due respect for the great WG Security Guru, online privacy is a myth. I applaud this undoing of an 11th hour Obama regulation that HAS NOT YET TAKEN AFFECT. Nothing has changed and only levels the playing field and prevents the FCC from making similar future regulations that maybe you WON’T like. Never let our defenses down on security, whether or not a law is passed by government. Think of all the tracking Google does. Who has come down on them? Google has a powerful monopoly and are useful to governments (including now censoring free speech), whereas others aren’t so much.

    Reply
    • Corey Nachreiner says

      March 29, 2017 at 4:18 pm

      Heh… I won’t claim “great” but thanks for the honorific…

      In many ways, I do agree with you that some of privacy is dead, and there is NO doubt that many sites/apps like Google and Facebook do already track many of the things you do, and some tracking cookies can extend their view into what you do well beyond their own site. However, I do differ with your opinion on ISPs specifically. Here’s why:

      1) Facebook, Google, other are somewhat limited in what they can track of your browsing habits. They don’t see everything you do. Yes, there are certain Ad cookies that do “follow you around” and give more data to these entities, but there are easy technical ways to disable them if you really want (another benefit of script blockers, among other things). However, EVERYTHING you do goes through your ISP. They can see every DNS query, and frankly, every packet if they wanted to. The scope of privacy loss is greater with an ISP, IMHO.
      2) ISP are unavoidable. Facebook, Gmail, and Google are avoidable. If you are someone that is concerned with your privacy, you do NOT have to use them. On the other hand, you require and ISP to get to the Internet. In many some countries/states, you also have very few choices, so it’s harder to find other options.
      3) You already pay for an ISP. This service is monetized directly, but us giving them money. Facebook, Gmail, and Google search are free because you are making the choice to give up some privacy in order to use that free service. Unless ISPs are going to give us access for free, this behavior is not acceptable.

      In any case, even though I too think most of the world has already given up way more of their privacy than they know, I don’t believe this should be an acceptable status quo. We can continue to do things to get it back. I personally think having ISPs be common carriers, and have to live up to more rigorous customer privacy rules makes perfect sense.

      That said, thanks for your reply. I really like to hear others well thought out opinions. I think this kind of debate is crucial for society to come to the right answers, what ever that answer may be. Really appreciate your thoughts.

      Reply
      • Kristy says

        March 30, 2017 at 8:30 am

        Thank you, and you of course mentioned things I hadn’t thought of; however, wouldn’t our Watchguard VPN protect from ISP snooping our traffic other than seeing the destination and receiving ips?

        If that is true, I guess my point is that there are things that can be done to protect ourselves from ISPs as well as from Google and FB and Twitter and so why would there be a law to discriminate between one provider and another if only to allow a monopoly to continue? I do get your point about not paying for free services and giving up privacy, but that still doesn’t sit well. Online ads should be no different than TV ads or newspaper ads or billboards that do not track. When did that become so acceptable to us and do they have to do that as a search engine? If so why? True, I don’t have a FB account, but I do use Google. Trying out Duck Duck Go.

        How could our Watchguard firewall be configured to provide that level of encryption for all our users’ traffic like those using the VPN enjoy or perhaps a browser recommendation?

        As a WG customer for years, I’d like to use this opportunity to say how pleased I am with your products and also the tutorials you provide.

        Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use