Comments on: The Greatest Threat to Privacy Part II: Why I Worry More About ISPs Than Google http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html The Law, the Universe, and Everything Sun, 22 Nov 2009 12:47:09 -0700 http://wordpress.org/?v=2.8.3 hourly 1 By: GATOR http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html/comment-page-1#comment-47322 GATOR Sat, 13 Sep 2008 18:02:35 +0000 http://www.solove.org/archives/2008/09/the-greatest-threat-to-privacy-part-ii-why-i-worry-more-about-isps-than-google.html#comment-47322 Paul: i agree as to the difference between nebuad-isp network issues and google type, but what about: 1) what is at&t planning? http://www.alleyinsider.com/2008/8/at-t-to-congress-google-spies-on-web-surfing-so-we-will-too "AT&T (T) says it hasn't yet started systematically tracking Web users, but it will in the near future." 2) there has been much discussion about isp as a whole, but i think you should develop "models" to separate the levels of what is being done. I would think the "nebuad-isp model" would be classified as the highest level of privacy breach. 3) what about the websites that are downline from "nebuad-isp model" that would be receiving "the goods" that nebuad aka fair eagle obtained when they know the source of how they were obtained. what are the privacy legal issues there? Paul:

i agree as to the difference between nebuad-isp network issues and google type, but what about:

1) what is at&t planning?

http://www.alleyinsider.com/2008/8/at-t-to-congress-google-spies-on-web-surfing-so-we-will-too

“AT&T (T) says it hasn’t yet started systematically tracking Web users, but it will in the near future.”

2) there has been much discussion about isp as a whole, but i think you should develop “models” to separate the levels of what is being done. I would think the “nebuad-isp model” would be classified as the highest level of privacy breach.

3) what about the websites that are downline from “nebuad-isp model” that would be receiving “the goods” that nebuad aka fair eagle obtained when they know the source of how they were obtained. what are the privacy legal issues there?

]]> By: Logical Extremes http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html/comment-page-1#comment-47321 Logical Extremes Sat, 13 Sep 2008 01:06:04 +0000 http://www.solove.org/archives/2008/09/the-greatest-threat-to-privacy-part-ii-why-i-worry-more-about-isps-than-google.html#comment-47321 Forgot to mention (perhaps obvious) in my second point that clearing cookies regularly is also essential. Ideally, cookies should be cleared in conjunction with IP address change, so that there is no overlap that allows one to be correlated to the other. Forgot to mention (perhaps obvious) in my second point that clearing cookies regularly is also essential. Ideally, cookies should be cleared in conjunction with IP address change, so that there is no overlap that allows one to be correlated to the other.

]]> By: Logical Extremes http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html/comment-page-1#comment-47320 Logical Extremes Fri, 12 Sep 2008 23:45:12 +0000 http://www.solove.org/archives/2008/09/the-greatest-threat-to-privacy-part-ii-why-i-worry-more-about-isps-than-google.html#comment-47320 Paul, I'd add to your rebuttal list: - It's possible to block ad servers altogether, so even web bugs and iframes get defeated. - As long as you change your IP address regularly and do your searches without being logged in (use another browser or use Google Chrome incognito mode, for example), no cumulative dossier can be collected by a service provider out beyond your ISP. Paul, I’d add to your rebuttal list:

- It’s possible to block ad servers altogether, so even web bugs and iframes get defeated.

- As long as you change your IP address regularly and do your searches without being logged in (use another browser or use Google Chrome incognito mode, for example), no cumulative dossier can be collected by a service provider out beyond your ISP.

]]> By: Paul Ohm http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html/comment-page-1#comment-47319 Paul Ohm Fri, 12 Sep 2008 22:08:11 +0000 http://www.solove.org/archives/2008/09/the-greatest-threat-to-privacy-part-ii-why-i-worry-more-about-isps-than-google.html#comment-47319 Yes, the Doubleclick acquisition has increased Google's "view" considerably, but it is still less than the ISPs. First, even if it is true that Doubleclick has deals with "most" popular websites, as you say, it does not have deals with all of the popular ones and probably with few of the unpopular ones. Millions (billions?) of sites visited by users every day have no deals with DoubleClick. Second, I confess that I haven't looked closely at how DoubleClick uses third-party cookies (or other things like web bugs) in four of five years, but as I understand things, when DoubleClick shows an ad and receives a third-party cookie, it learns only the URL of the site visited. As I understand it (please correct me if I am wrong), third-parties don't even get the content of the GET or POST queries that led to the page (unless that information is stuffed into the ad href.) In contrast, ISPs have access to _all_ of the content in the entire session. Header, payload, non-content, content, everything. Third, DoubleClick doesn't give Google access to non-web traffic like e-mail, IM, or VoIP. Fourth, it is easier to block third-party cookies than it is to opt-out of ISP surveillance. Finally, I am only saying that ISPs pose a greater threat to privacy than Google/DoubleClick. I am not saying that Google/DoubleClick poses a low threat to privacy. Yes, the Doubleclick acquisition has increased Google’s “view” considerably, but it is still less than the ISPs.

First, even if it is true that Doubleclick has deals with “most” popular websites, as you say, it does not have deals with all of the popular ones and probably with few of the unpopular ones. Millions (billions?) of sites visited by users every day have no deals with DoubleClick.

Second, I confess that I haven’t looked closely at how DoubleClick uses third-party cookies (or other things like web bugs) in four of five years, but as I understand things, when DoubleClick shows an ad and receives a third-party cookie, it learns only the URL of the site visited. As I understand it (please correct me if I am wrong), third-parties don’t even get the content of the GET or POST queries that led to the page (unless that information is stuffed into the ad href.) In contrast, ISPs have access to _all_ of the content in the entire session. Header, payload, non-content, content, everything.

Third, DoubleClick doesn’t give Google access to non-web traffic like e-mail, IM, or VoIP.

Fourth, it is easier to block third-party cookies than it is to opt-out of ISP surveillance.

Finally, I am only saying that ISPs pose a greater threat to privacy than Google/DoubleClick. I am not saying that Google/DoubleClick poses a low threat to privacy.

]]> By: anonymous http://www.concurringopinions.com/archives/2008/09/the_greatest_th.html/comment-page-1#comment-47318 anonymous Fri, 12 Sep 2008 21:50:01 +0000 http://www.solove.org/archives/2008/09/the-greatest-threat-to-privacy-part-ii-why-i-worry-more-about-isps-than-google.html#comment-47318 Now that Google owns DoubleClick, they CAN track you on most of the popular websites. Now that Google owns DoubleClick, they CAN track you on most of the popular websites.

]]>